Changeset 16293 in vbox for trunk/src/VBox/Devices/Network/slirp

Timestamp:

Jan 28, 2009 6:19:18 AM (16 years ago)

Author:

vboxsync

Message:

NAT:ICMP: fixed the crash in case of communication via ICMP socket.

Location:

trunk/src/VBox/Devices/Network/slirp

Files:

• ip_icmp.c (modified) (6 diffs)
• socket.c (modified) (7 diffs)

trunk/src/VBox/Devices/Network/slirp/ip_icmp.c

@@ -189 +189 @@
                 {
                     found = 1;
+                    Log(("Have found %R[natsock]\n", icm->im_so));
                     break;
                 }
@@ -275 +276 @@
     icm = RTMemAlloc(sizeof(struct icmp_msg));
     icm->im_m = m;
+    icm->im_so = m->m_so;
     LIST_INSERT_HEAD(&pData->icmp_msg_head, icm, im_list);
     return 0;
@@ -371 +373 @@
                 if (pData->icmp_socket.s != -1)
                 {
+                    m->m_so = &pData->icmp_socket;
                     icmp_attach(pData, m);
                     ttl = ip->ip_ttl;
@@ -382 +385 @@
                               (struct sockaddr *)&addr, sizeof(addr)) == -1)
                     {
-                        DEBUG_MISC((dfd,"icmp_input udp sendto tx errno = %d-%s\n",
+                        Log((dfd,"icmp_input udp sendto tx errno = %d-%s\n",
                                     errno, strerror(errno)));
                         icmp_error(pData, m, ICMP_UNREACH,ICMP_UNREACH_NET, 0, strerror(errno));
@@ -403 +406 @@
                 pData->icmp_socket.so_icmp_id = icp->icmp_id;
                 pData->icmp_socket.so_icmp_seq = icp->icmp_seq;
+                m->m_so = &pData->icmp_socket;
                 memset(&ipopt, 0, sizeof(IP_OPTION_INFORMATION));
                 ipopt.Ttl = ip->ip_ttl;
-                status = ICMP_SEND_ECHO(pData->phEvents[VBOX_ICMP_EVENT_INDEX], notify_slirp, addr.sin_addr.s_addr, 
+                status = ICMP_SEND_ECHO(pData->phEvents[VBOX_ICMP_EVENT_INDEX], notify_slirp, addr.sin_addr.s_addr,
                                 icp->icmp_data, icmplen - ICMP_MINLEN, &ipopt);
                 if (status == 0 && (error = GetLastError()) != ERROR_IO_PENDING)
@@ -631 +635 @@
 }
 #if defined(RT_OS_WINDOWS) && !defined(VBOX_WITH_SIMPLIFIED_SLIRP_SYNC)
-static void WINAPI  
+static void WINAPI
 notify_slirp(void *ctx)
 {

trunk/src/VBox/Devices/Network/slirp/socket.c

@@ -72 +72 @@
 /*
  * remque and free a socket, clobber cache
- * VBOX_WITH_SLIRP_MT: before sofree queue should be locked, because 
- *      in sofree we don't know from which queue item beeing removed. 
+ * VBOX_WITH_SLIRP_MT: before sofree queue should be locked, because
+ *      in sofree we don't know from which queue item beeing removed.
  */
 void
@@ -467 +467 @@
         m->m_data += if_maxlinkhdr;
 #ifdef VBOX_WITH_SIMPLIFIED_SLIRP_SYNC
-        m->m_data += sizeof(struct udphdr) 
+        m->m_data += sizeof(struct udphdr)
                     + sizeof(struct ip); /*XXX: no options atm*/
 #endif
@@ -650 +650 @@
     }
 
-    SOCKET_LOCK_CREATE(so); 
+    SOCKET_LOCK_CREATE(so);
     SOCKET_LOCK(so);
     QSOCKET_LOCK(tcb);
@@ -816 +816 @@
     struct icmp_msg *icm;
     uint8_t proto;
+    int type = 0;
 
     ip = (struct ip *)buff;
@@ -829 +830 @@
     }
 
-    if (   icp->icmp_type == ICMP_TIMXCEED
-        || icp->icmp_type == ICMP_UNREACH)
+    type = icp->icmp_type;
+    if (   type == ICMP_TIMXCEED
+        || type == ICMP_UNREACH)
     {
         ip = &icp->icmp_ip;
@@ -878 +880 @@
 
     icp = (struct icmp *)((char *)ip + (ip->ip_hl << 2));
-    if (   icp->icmp_type == ICMP_TIMXCEED
-        || icp->icmp_type == ICMP_UNREACH)
+    type = icp->icmp_type;
+    if (   type == ICMP_TIMXCEED
+        || type == ICMP_UNREACH)
     {
         /* according RFC 793 error messages required copy of initial IP header + 64 bit */
@@ -892 +895 @@
     /* Don't call m_free here*/
 
-    if (   icp->icmp_type == ICMP_TIMXCEED
-        || icp->icmp_type == ICMP_UNREACH)
+    if (   type == ICMP_TIMXCEED
+        || type == ICMP_UNREACH)
     {
         icm->im_so->so_m = NULL;