strange ip_reass issue on powerpc board, need help
nick.withers at anu.edu.au
Thu Oct 31 22:47:32 UTC 2013
On Thu, 2013-10-31 at 17:16 +0800, Rui Zhengxin wrote:
> Hi all,
> My board is MPC8309SOM, the uec network adapter driver is port from 8313 tsec, it works well.
MVME3100 here, with the MPC8540 and a tsec.
> Now I meet a strange ip_reass issue, it cause a crash.
> The condition is send a fragment packet with a non-zero ip_offset value but not set IP_MF flag.
Is that legal in the first place? You're talking about the "More
Fragments" flag, yeah? Shouldn't that *always* be set for packets in a
'Course if it ain't legal one still doesn't want to target to crash :-P
> It's very easy to make the fragment packet by ping the target board 65000 bytes after clearing PC's ARP table first.
What does clearing the ARP table here accomplish?
In any event, I haven't been able to crash mine, running RTEMS 4.11 from
the start of October.
> I trace the code, after call ip_reass, the mbuf chain may become not correct(ps: not everytime), the last mbuf's m_next pointer not set to NULL.
> When the upper layer discard the fragment by calling m_freem, the invalid ext_free function pointer cause crash.
> I don't know the reason why the mbuf chain is changed.
> If you have MPC8313 or other powerpc board, can you help me verify the issue? Very tks for you help.
Any other thoughts? My pings're of the form "sudo ping -s 65000 -i 0.25"
from a FreeBSD 9.2-STABLE host and aren't actually being responded to
above 25152 B of data.
I've also got pretty big mbuf (2 MiB) / mbuf cluster (4 MiB) buffers
configured, perhaps that's something to do with it?
> Thanks & Best regards,
> Rui Zhengxin
Hope that helps... It probably doesn't! :-(
Embedded Systems Programmer
Room 2.26, Building 57
Department of Nuclear Physics
Research School of Physics and Engineering
The Australian National University (CRICOS: 00120C)
eMail: nick.withers at anu.edu.au
Phone: +61 2 6125 2091
Mobile: +61 414 397 446
More information about the users