From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:36313)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1S2163-0002Ah-Pj
	for qemu-devel@nongnu.org; Mon, 27 Feb 2012 08:58:41 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1S215w-0000mx-Hx
	for qemu-devel@nongnu.org; Mon, 27 Feb 2012 08:58:35 -0500
Received: from thoth.sbs.de ([192.35.17.2]:33067)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1S215u-0000mE-R2
	for qemu-devel@nongnu.org; Mon, 27 Feb 2012 08:58:28 -0500
Message-ID: <4F4B8BEF.7010500@siemens.com>
Date: Mon, 27 Feb 2012 14:58:07 +0100
From: Jan Kiszka <jan.kiszka@siemens.com>
MIME-Version: 1.0
References: <1330043012-30556-1-git-send-email-david@gibson.dropbear.id.au>
	<1330043012-30556-3-git-send-email-david@gibson.dropbear.id.au>
In-Reply-To: <1330043012-30556-3-git-send-email-david@gibson.dropbear.id.au>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 2/6] slirp: Fix assertion failure on
	rejected DHCP requests
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "anthony@codemonkey.ws" <anthony@codemonkey.ws>

On 2012-02-24 01:23, David Gibson wrote:
> The guest network stack might DHCPREQUEST an address that the slirp built
> in dhcp server can't let it have - for example if the guest has an old
> leases file from another network configuration.  In this case the dhcp
> server should and does reject the request and prepares to send a DHCPNAK
> to the client.
> 
> However, in this case the daddr variable in bootp_reply() is set to
> 0.0.0.0.  Shortly afterwards, it unconditionally attempts to pre-insert the
> new client address into the ARP table.  This causes an assertion failure in
> arp_address_add() because of the 0.0.0.0 address.
> 
> According to RFC2131, DHCPNAK messages for clients on the same subnet
> must be sent to the broadcast address (S3.2, subpoint 2).
> 
> Cc: Jan Kiszka <jan.kiszka@siemens.com>
> 
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Thanks, applied to the slirp queue.

Jan

> ---
>  slirp/bootp.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/slirp/bootp.c b/slirp/bootp.c
> index efd1fe7..64eac7d 100644
> --- a/slirp/bootp.c
> +++ b/slirp/bootp.c
> @@ -200,7 +200,8 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
>              daddr.sin_addr = preq_addr;
>              memcpy(bc->macaddr, client_ethaddr, ETH_ALEN);
>          } else {
> -            daddr.sin_addr.s_addr = 0;
> +            /* DHCPNAKs should be sent to broadcast */
> +            daddr.sin_addr.s_addr = 0xffffffff;
>          }
>      } else {
>          bc = find_addr(slirp, &daddr.sin_addr, bp->bp_hwaddr);

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux