serial line (rick at seismo) ip fix
Ron Stanonik
stanonik at nprdc.arpa
Wed Sep 25 01:21:12 AEST 1985
We encountered a situation where serial line ip code (from rick at seismo)
would crash our system (vax 780 running 4.2bsd). Due to some changes
in the host at the other end of the line (and perhaps aided by some
noise on the line), we began receiving characters, but no FRAME_END.
The slip code exhausted the pool of mbufs by allocating them all for
the incoming characters, and we crashed, twice a day. We finally tracked
down the problem on the other host, but to protect ourselves we now
drop packets whose length exceeds SLMTU (1500).
Ron Stanonik
stanonik at nprdc.arpa
RCS file: RCS/if_sl.c,v
retrieving revision 1.1
diff -c -r1.1 if_sl.c
*** /tmp/,RCSt1004251 Tue Sep 24 07:43:02 1985
--- if_sl.c Tue Sep 24 07:41:03 1985
***************
*** 53,58
struct tty *sc_ttyp; /* pointer to tty structure */
int sc_ttyspeed; /* baud rate of line */
int sc_len; /* length of buffer remaining */
struct mbuf *sc_m; /* head of mbuf chain */
struct mbuf *sc_mt; /* tail of mbuf chain */
u_char *sc_mp; /* pointer to next available buffer char */
--- 53,59 -----
struct tty *sc_ttyp; /* pointer to tty structure */
int sc_ttyspeed; /* baud rate of line */
int sc_len; /* length of buffer remaining */
+ int sc_plen; /* packet length, <= SLMTU */
struct mbuf *sc_m; /* head of mbuf chain */
struct mbuf *sc_mt; /* tail of mbuf chain */
u_char *sc_mp; /* pointer to next available buffer char */
***************
*** 63,69
#define TRANS_FRAME_END 0334 /* transposed frame end */
#define TRANS_FRAME_ESCAPE 0335 /* transposed frame esc */
! #define SLTU 1500
int sloutput(), slioctl();
--- 64,70 -----
#define TRANS_FRAME_END 0334 /* transposed frame end */
#define TRANS_FRAME_ESCAPE 0335 /* transposed frame esc */
! #define SLMTU 1500
int sloutput(), slioctl();
***************
*** 105,111
sc->sc_ttyp = tp;
sc->sc_if.if_unit = nsl;
sc->sc_if.if_name = "sl";
! sc->sc_if.if_mtu = SLTU;
sc->sc_if.if_output = sloutput;
sc->sc_if.if_ioctl = slioctl;
sc->sc_if.if_flags = IFF_POINTOPOINT;
--- 106,112 -----
sc->sc_ttyp = tp;
sc->sc_if.if_unit = nsl;
sc->sc_if.if_name = "sl";
! sc->sc_if.if_mtu = SLMTU;
sc->sc_if.if_output = sloutput;
sc->sc_if.if_ioctl = slioctl;
sc->sc_if.if_flags = IFF_POINTOPOINT;
***************
*** 284,289
splx(s);
sc->sc_mt = 0;
sc->sc_len = 0;
return;
case FRAME_ESCAPE:
sc->sc_escaped = 1;
--- 285,291 -----
splx(s);
sc->sc_mt = 0;
sc->sc_len = 0;
+ sc->sc_plen = 0;
return;
case FRAME_ESCAPE:
sc->sc_escaped = 1;
***************
*** 290,295
return;
}
}
if (sc->sc_len <= 0){ /* have to get more buffer space */
struct mbuf *mm;
MGET(mm,M_DONTWAIT, MT_DATA);
--- 292,305 -----
return;
}
}
+ if (sc->sc_plen >= SLMTU) {
+ m_freem(sc->sc_m);
+ sc->sc_mt = 0;
+ sc->sc_len = 0;
+ sc->sc_plen = 0;
+ sc->sc_if.if_ierrors++;
+ return;
+ }
if (sc->sc_len <= 0){ /* have to get more buffer space */
struct mbuf *mm;
MGET(mm,M_DONTWAIT, MT_DATA);
***************
*** 297,302
m_freem(sc->sc_m);
sc->sc_mt = 0;
sc->sc_len = 0;
sc->sc_if.if_collisions++;
return;
}
--- 307,313 -----
m_freem(sc->sc_m);
sc->sc_mt = 0;
sc->sc_len = 0;
+ sc->sc_plen = 0;
sc->sc_if.if_collisions++;
return;
}
***************
*** 312,317
*sc->sc_mp++ = c;
sc->sc_len--;
}
/*
--- 323,329 -----
*sc->sc_mp++ = c;
sc->sc_len--;
+ sc->sc_plen++;
}
/*
More information about the Comp.unix.wizards
mailing list