[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.
|
From: |
Tao Wu |
|
Subject: |
[Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond. |
|
Date: |
Thu, 20 Apr 2017 13:27:45 -0700 |
This bug was introduced by https://github.com/qemu/qemu/commit/98c6305
And then we 'fix' it in
https://github.com/qemu/qemu/commit/27d92e
Actually I believe the root cause was that we sent out a RST packet with
wrong length and then get ignored by OS.
Signed-off-by: Tao Wu <address@hidden>
---
slirp/tcp_subr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index ed16e1807f..dc8b4bbb50 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -204,7 +204,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct
mbuf *m,
m->m_len -= sizeof(struct tcpiphdr) - sizeof(struct tcphdr)
- sizeof(struct ip);
ip = mtod(m, struct ip *);
- ip->ip_len = tlen;
+ ip->ip_len = m->m_len;
ip->ip_dst = tcpiph_save.ti_dst;
ip->ip_src = tcpiph_save.ti_src;
ip->ip_p = tcpiph_save.ti_pr;
@@ -224,7 +224,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct
mbuf *m,
m->m_len -= sizeof(struct tcpiphdr) - sizeof(struct tcphdr)
- sizeof(struct ip6);
ip6 = mtod(m, struct ip6 *);
- ip6->ip_pl = tlen;
+ ip6->ip_pl = tcpiph_save.ti_len;
ip6->ip_dst = tcpiph_save.ti_dst6;
ip6->ip_src = tcpiph_save.ti_src6;
ip6->ip_nh = tcpiph_save.ti_nh6;
--
2.12.2.816.g2cccc81164-goog
- [Qemu-devel] [PATCH] Fix wrong length in IP header in tcp_respond.,
Tao Wu <=