qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.


From: Tao Wu
Subject: [Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.
Date: Thu, 20 Apr 2017 13:27:45 -0700

This bug was introduced by https://github.com/qemu/qemu/commit/98c6305
And then we 'fix' it in
https://github.com/qemu/qemu/commit/27d92e
Actually I believe the root cause was that we sent out a RST packet with
wrong length and then get ignored by OS.

Signed-off-by: Tao Wu <address@hidden>
---
 slirp/tcp_subr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index ed16e1807f..dc8b4bbb50 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -204,7 +204,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct 
mbuf *m,
            m->m_len  -= sizeof(struct tcpiphdr) - sizeof(struct tcphdr)
                                                 - sizeof(struct ip);
            ip = mtod(m, struct ip *);
-           ip->ip_len = tlen;
+           ip->ip_len = m->m_len;
            ip->ip_dst = tcpiph_save.ti_dst;
            ip->ip_src = tcpiph_save.ti_src;
            ip->ip_p = tcpiph_save.ti_pr;
@@ -224,7 +224,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct 
mbuf *m,
            m->m_len  -= sizeof(struct tcpiphdr) - sizeof(struct tcphdr)
                                                 - sizeof(struct ip6);
            ip6 = mtod(m, struct ip6 *);
-           ip6->ip_pl = tlen;
+           ip6->ip_pl = tcpiph_save.ti_len;
            ip6->ip_dst = tcpiph_save.ti_dst6;
            ip6->ip_src = tcpiph_save.ti_src6;
            ip6->ip_nh = tcpiph_save.ti_nh6;
-- 
2.12.2.816.g2cccc81164-goog




reply via email to

[Prev in Thread] Current Thread [Next in Thread]