[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CMSG_NXTHDR bug, returns NULL where there is data
From: |
Henrik Nordstrom |
Subject: |
CMSG_NXTHDR bug, returns NULL where there is data |
Date: |
Mon, 14 May 2001 17:22:24 +0200 |
libc version: RedHat glibc-2.1.3-22
os: RedHat 6.2
compiler: RedHat egcs-1.1.2-30
architecture: intel
kernel: Linux 2.4.4
While playing with how to read IP TTL and TOS values from the Linux
kernel I observed that CMSG_NXTHDR always returned NULL even if there
was more cmsghdr structures to be received from the message buffer.
Data received from the Linux-2.4.4 kernel:
struct msghdr {
msg_name = 0x0,
msg_namelen = 0,
msg_iov = 0xbffff154,
msg_iovlen = 1,
msg_control = 0xbffff168,
msg_controllen = 32,
msg_flags = 0
}
First cmsghdr in msg_control:
struct cmsghdr * 0xbffff168 = {
cmsg_len = 16,
cmsg_level = 0, /* SOL_IP */
cmsg_type = 2, /* IP_TTL */
__cmsg_data = 0xbffff174
}
Second cmsghdr in msg_control:
struct cmsghdr * 0cbffff178 = {
cmsg_len = 13,
cmsg_level = 0, /* SOL_IP */
cmsg_type = 1, /* IP_TOS */
__cmsg_data = 0xbffff184 ""
}
Example program showing this CMSG_NXTHDR problem:
(assumes 32-bit CPU)
#include <sys/socket.h>
#include <stdio.h>
int main(int argc, char **argv)
{
char cmsgbuf[32];
struct msghdr msg = {
msg_control: (void *)cmsgbuf,
msg_controllen: sizeof(cmsgbuf)
};
struct cmsghdr cmsg;
struct cmsghdr *pcmsg;
memset(cmsg, 0, sizeof(cmsg));
/* first message of 16 bytes */
cmsg.cmsg_len = 16;
memcpy(cmsgbuf, &cmsg, 16);
/* second message of 13 bytes + 3 bytes padding */
cmsg.cmsg_len = 13;
memcpy(cmsgbuf+16, &cmsg, 16);
pcmsg = CMSG_FIRSTHDR(&msg);
printf("CMSG_FIRSTHDR = %10p (should be %p)\n", pcmsg, cmsgbuf);
pcmsg = CMSG_NXTHDR(&msg, pcmsg);
printf("CMSG_NXTHDR = %10p (should be %p)\n", pcmsg,
cmsgbuf + 16);
}
--
Henrik Nordstrom
- CMSG_NXTHDR bug, returns NULL where there is data,
Henrik Nordstrom <=