From: "Martin Hundebøll" <martin@hundeboll.net>
To: The list for a Better Approach To Mobile Ad-hoc Networking
<b.a.t.m.a.n@lists.open-mesh.org>
Cc: Sven Eckelmann <sven@narfation.org>
Subject: Re: [B.A.T.M.A.N.] [PATCH] batman-adv: Unify fragment size calculation
Date: Mon, 29 Dec 2014 12:10:33 +0100 [thread overview]
Message-ID: <54A136A9.9020606@hundeboll.net> (raw)
In-Reply-To: <1417438784-20880-1-git-send-email-sven@narfation.org>
Acked-by: Martin Hundebøll <martin@hundeboll.net>
On 2014-12-01 13:59, Sven Eckelmann wrote:
> The fragmentation code was replaced in 9b3eab61754d74a93c9840c296013fe3b4a1b606
> ("batman-adv: Receive fragmented packets and merge") by an implementation which
> can handle up to 16 fragments of a packet. The packet is prepared for the split
> in fragments by the function batadv_frag_send_packet and the actual split is
> done by batadv_frag_create.
>
> Both functions calculate the size of a fragment themself. But their calculation
> differs because batadv_frag_send_packet also subtracts ETH_HLEN. Therefore,
> the check in batadv_frag_send_packet if a full fragment can be created may
> return true even when batadv_frag_create cannot create a full fragment.
>
> The function batadv_frag_create doesn't check the size of the skb before
> splitting it and therefore might try to create a larger fragment than the
> remaining buffer. This creates an integer underflow and an invalid len is given
> to skb_split.
>
> Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> fragmentation.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fragmentation.c b/fragmentation.c
> index 0ab228f..9e06457 100644
> --- a/fragmentation.c
> +++ b/fragmentation.c
> @@ -433,7 +433,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
> * fragments larger than BATADV_FRAG_MAX_FRAG_SIZE
> */
> mtu = min_t(unsigned, mtu, BATADV_FRAG_MAX_FRAG_SIZE);
> - max_fragment_size = (mtu - header_size - ETH_HLEN);
> + max_fragment_size = mtu - header_size;
> max_packet_size = max_fragment_size * BATADV_FRAG_MAX_FRAGMENTS;
>
> /* Don't even try to fragment, if we need more than 16 fragments */
>
--
Kind Regards,
Martin Hundebøll
Frederiks Allé 99A, 1.th
8000 Aarhus C
+45 61 65 54 61
martin@hundeboll.net
next prev parent reply other threads:[~2014-12-29 11:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-01 12:59 [B.A.T.M.A.N.] [PATCH] batman-adv: Unify fragment size calculation Sven Eckelmann
2014-12-29 11:10 ` Martin Hundebøll [this message]
2014-12-29 13:54 ` Marek Lindner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54A136A9.9020606@hundeboll.net \
--to=martin@hundeboll.net \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=sven@narfation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.