The 'index' field in struct open_request is declared as __u8.
This field is used to cache the syn table hash bucket index of a openreq and
is set in tcp_v4_synq_add().
unsigned h = tcp_v4_synq_hash(req->af.v4_req.rmt_addr, req->rmt_port);
....
req->index = h;
The value that is set to this field can be any number between 0 and
TCP_SYNQ_HASH_SIZE(512). The assignment causes an incorrect type conversion
when the the openreq hashes to a value more than 255.
Looks like this field is only set, but not being read anywhere within TCP
currently, probably the reason why it was not noticed till now.
I came across this while working on a patch where i would like to use the index
field to get the syntable hash bucket index of the openreq instead of
recalculating the hash.
A simple patch to fix this is to change the type of index to __u16.
--- tcp.h.orig Thu Sep 6 16:46:57 2001
+++ tcp.h Thu Sep 6 16:47:32 2001
@@ -498,7 +498,7 @@
__u16 rmt_port;
__u16 mss;
__u8 retrans;
- __u8 index;
+ __u16 index;
__u16 snd_wscale : 4,
rcv_wscale : 4,
tstamp_ok : 1,
Thanks
Sridhar
|