[Oisf-devel] Mybe a BUG of codes of dealing udp fragment
Victor Julien
victor at inliniac.net
Fri Aug 24 09:04:42 UTC 2012
On 05/24/2012 04:19 PM, iswalker wrote:
> In code of decode-ipv4.c/DecodeIPv4 function:
>
> /* If a fragment, pass off for re-assembly. */
> if (unlikely(IPV4_GET_IPOFFSET(p) > 0 || IPV4_GET_MF(p) == 1)) {
> Packet *rp = Defrag(tv, dtv, NULL, p);
> if (rp != NULL) {
> /* Got re-assembled packet, re-run through decoder. */
> DecodeIPV4(tv, dtv, rp, (void *)rp->ip4h,
> IPV4_GET_IPLEN(rp), pq);
> PacketEnqueue(pq, rp);
> }
> /*added by iswalker*/
> if (IPV4_GET_IPOFFSET(p) ==0 &&IPV4_GET_MF(p) == 1
> &&IPV4_GET_IPPROTO(p)==IPPROTO_UDP ) {
> DecodeUDP(tv, dtv, p, pkt + IPV4_GET_HLEN(p),
> IPV4_GET_IPLEN(p) -
> IPV4_GET_HLEN(p), pq);
> }
> /*end*/
> return;
> }
> Problem:if the packet is an udp ,and the packet is the first
> fragment(offset ===0 and MF is 1),the ip_payload contain the compete udp
> header,which we should decode complete,or we will not define some
> signature including fragment info and udp header info.
If we decode an incomplete UDP segment the decoder will reject it, so
I'm not sure this would work.
More importantly, I don't see why we wouldn't just wait with decoding
until we have the reassembled packet.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list