Re: UDP bugs

Andi Kleen (ak@muc.de)
Sun, 13 Dec 1998 19:10:07 +0100


On Sun, Dec 13, 1998 at 07:02:33PM +0100, Alexey Kuznetsov wrote:
> Hello!
>
> > If the limit of 65507 Richard quoted is right then there is a off-by-one
> > bug somewhere - the limit should be 65508 for UDP (65536 - 20 bytes ip header
> > - 8 bytes UDP header) and 65516 for RAW sockets (and 65536 when IP_HDRINCL
> > is set). If the input limit is smaller this is a bug too.
> >
> > Right, my current theory is that we get into trouble somewhere where
> > we align some header object and add the alignment residue into the
> > total length, get confused, and toss the packet because we think it is
> > too big. Or it's a simple ">=" vs. ">" test off by one bug.
>
> Maximal size of valid IP frame is 65535 rather than 65536,
> hence maximal possible udp payload is 65507 and we are right.

Right (silly me!), but what about the input size limits Richard mentioned?
Is it possible that the reassembler has bugs in this regard?

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/