Path: utzoo!attcan!uunet!munnari!otc!metro!basser!elecvax!cad!shand
From: shand@cad.jmrc.eecs.unsw.oz (Mark Shand)
Newsgroups: comp.bugs.4bsd
Subject: Bug in new release of 4.3BSD tcp/ip code (+FIX)
Keywords: socket tcp/ip bugs 4.3BSD
Message-ID: <286@whelk.cad.jmrc.eecs.unsw.oz>
Date: 21 Apr 88 06:27:18 GMT
Organization: JMRC, School of Electrical Engineering, UNSW, Australia
Lines: 29

There is a bug in the upgrade of 4.3BSD networking code that was
recently posted to comp.bugs.4bsd.ucb-fixes.  When an IP packet is
too large for an interface and must therefore be fragmented, some of
the fields of the IP header in the first packet are not converted to
network byte-order.

The fix is as follows:

*** /sys/netinet/ip_output.c.orig	Tue Apr 12 15:52:46 1988
--- /sys/netinet/ip_output.c	Thu Apr 21 13:16:16 1988
***************
*** 232,239 ****
  	 * and updating header, then send each fragment (in order).
  	 */
  	m_adj(m0, hlen + firstlen - ip->ip_len);
! 	ip->ip_len = hlen + firstlen;
! 	ip->ip_off |= IP_MF;
  	ip->ip_sum = 0;
  	ip->ip_sum = in_cksum(m0, hlen);
  sendorfree:
--- 232,239 ----
  	 * and updating header, then send each fragment (in order).
  	 */
  	m_adj(m0, hlen + firstlen - ip->ip_len);
! 	ip->ip_len = htons((u_short)(hlen + firstlen));
! 	ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
  	ip->ip_sum = 0;
  	ip->ip_sum = in_cksum(m0, hlen);
  sendorfree: