[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
R: RE : [lwip-users] ip_reass stop
From: |
Bessone Danilo |
Subject: |
R: RE : [lwip-users] ip_reass stop |
Date: |
Wed, 30 Jan 2008 08:21:11 +0100 |
Hi
I think to have pinpointed a bug in the lwIP code that is the cause of a memory
fault when pinging with lengths greater than 1500.
This happens ONLY when lwIP is ported in a 32-bits environment (ARM920T in my
case).
The bug is in the pbuf_alloc() function (file pbuf.c) where I have found a
program inconsistency when pbuf_alloc() is called with the flag parameter set
to PBUF_POOL. In this case in the "case PBUF_POOL" statement there is an
incongruency between two instructions. The first is the following:
p->payload = MEM_ALIGN((void *)((u8_t *)p + (sizeof(struct pbuf) + offset)));
where - when MEM_ALIGNMENT = 4 and the value of "offset" is not a multiple of 4
- p->payload will be incremented by a certain quantity in order to obtain the
required alignment.
BUT, few lines later, the following instruction does not take into account the
above increment:
p->len = length > PBUF_POOL_BUFSIZE - offset? PBUF_POOL_BUFSIZE - offset:
length;
This is an error because the available memory has been reduced by the alignment
instruction. As consequence this instruction will set p->len with a value that
is greater than permitted and the program is allowed to write in a memory area
that does not belong to the allocated buffer. This can cause a program crash...
I have resolved this problem by inserting from the above first and the second
instructions the following line of code:
offset = (u8_t *)p->payload - ((u8_t *)p + sizeof(struct pbuf));
In this mode "offset" is incremented by the same quantity required for the
correct alignment of p->payload and - as consequence - p->len will be set to
the expected value.
Danilo Bessone
-----Messaggio originale-----
Da: address@hidden [mailto:address@hidden Per conto di Frédéric BERNON
Inviato: martedì 29 gennaio 2008 19.24
A: Mailing list for lwIP users
Oggetto: RE : [lwip-users] ip_reass stop
I don't have any problems with my target with "ping -l 65500". But I have high
values in my lwipopts.h to be able to receive large datagrams. Do you have try
to activate some traces to see where is the problem ?
====================================
Frédéric BERNON
HYMATOM SA
Chef de projet informatique
Microsoft Certified Professional
Tél. : +33 (0)4-67-87-61-10
Fax. : +33 (0)4-67-70-85-44
Email : address@hidden
Web Site : http://www.hymatom.fr
====================================
P Avant d'imprimer, penser à l'environnement
-----Message d'origine-----
De : address@hidden [mailto:address@hidden De la part de Valdemar
Envoyé : mardi 29 janvier 2008 15:28
À : Mailing list for lwIP users
Objet : [lwip-users] ip_reass stop
Hi
When trying to find out why my lwip-application suddenly stops receiving I
found that sending an UDP block of more than 1476 bytes to my application
caused a memory error. I got an abort in the function ip_reass at offset 0x308.
I get the same error when pinging with the same amount of bytes.
My application works fine when running in my small laboratory network, but when
it is put in my customers much bigger network it stops receiving after a while.
I guess my application receives something that makes it stop.
Would be much grateful for any ideas of what I can do to fix this.
Thanks
Germund Asp
Attached is my lwipopts file.
--------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons above and
may contain confidential information. If you have received the message in
error, be informed that any use of the content hereof is prohibited. Please
return it immediately to the sender and delete the message. Should you have any
questions, please contact us by replying to address@hidden
Thank you
www.telecomitalia.it
--------------------------------------------------------------------