[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 2/2] slirp: Fix packet expiration
|
From: |
Jan Kiszka |
|
Subject: |
[Qemu-devel] [PATCH 2/2] slirp: Fix packet expiration |
|
Date: |
Wed, 28 Sep 2011 13:12:12 +0200 |
From: Thomas Huth <address@hidden>
The two new variables "arp_requested" and "expiration_date" in the mbuf
structure have been added after the variable-sized "m_dat_" array. The
variables have to be added before the m_dat_ array instead.
Without this patch, the expiration_date gets clobbered by code that
accesses the m_dat_ array.
I experienced this problem with the code in slirp/tftp.c: The
tftp_send_data() function created a new packet with the m_get()
function (which fills-in a default expiration_date value). Then the
TFTP code cleared the data section of the packet, which accidentially
also cleared the expiration_date. This zeroed expiration_date then
finally causes the packet to be discarded during if_start(), so that
TFTP packets were not transmitted anymore.
[Jan: added comment as suggested by Fabien ]
CC: Fabien Chouteau <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Signed-off-by: Jan Kiszka <address@hidden>
---
slirp/mbuf.h | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/slirp/mbuf.h b/slirp/mbuf.h
index 55170e5..0708840 100644
--- a/slirp/mbuf.h
+++ b/slirp/mbuf.h
@@ -82,12 +82,13 @@ struct m_hdr {
struct mbuf {
struct m_hdr m_hdr;
Slirp *slirp;
+ bool arp_requested;
+ uint64_t expiration_date;
+ /* start of dynamic buffer area, must be last element */
union M_dat {
char m_dat_[1]; /* ANSI don't like 0 sized arrays */
char *m_ext_;
} M_dat;
- bool arp_requested;
- uint64_t expiration_date;
};
#define m_next m_hdr.mh_next
--
1.7.3.4