Networking defect for ARM’bsp in tcp_input().

ray xr at
Mon Jul 3 16:13:48 UTC 2006

I think this defect may need investigated for a better solution.
The tcp_input() do not work in ARM¡¯s bsp.
The defect first araised in Bai¡¯s mail:
, which seems to be a data align problems for 32 bit data (ti->ti_next).
Chris quickly give a patch, PR 1098, using packing technology in gcc.
This patch works for that defect. Bug in the function tcp_input(), another data in ti struct, ti->ti_len is still wrong

339  off = ti->ti_off << 2;
340  if (off < sizeof (struct tcphdr) || off > tlen) {
341 ¡­¡­

In fact off = ti->ti_off << 2; does not get the data needed.
The assembly code for off = ti->ti_off << 2 is

.text:200179A0                 LDRB    R3, [R9,#0x20] ; read the ti_off
                                                      ; 0x50 for example
.text:200179A4                 AND     R3, R3, #0xF  ; get the lower bits, 0
                                                      ; but should be 5!
.text:200179A8                 MOV     R5, R3,LSL#2  ; offset here is ZERO

;below , judge wether off is right
.text:200179AC                 CMP     R5, R4
.text:200179B0                 MOVLE   R2, #0
.text:200179B4                 MOVGT   R2, #1
.text:200179B8                 CMP     R5, #0x13
.text:200179BC                 ORRLS   R2, R2, #1
.text:200179C0                 CMP     R2, #0

The ti_off define is:

 u_int th_x2:4,  /* (unused) */
  th_off:4;  /* data offset */
 u_int th_off:4,  /* data offset */
  th_x2:4;  /* (unused) */

Seems we get the unused data instead of th_off.

Thanks & Best Regards !

More information about the users mailing list