[U-Boot] [PATCH 1/3] net: defragment IP packets

Robin Getz rgetz at blackfin.uclinux.org
Fri Jul 31 17:14:06 CEST 2009 

On Fri 31 Jul 2009 10:02, Alessandro Rubini pondered:
> >> Is the target replying to all pings? 
> > 
> > Yes. And I can see the same in wireshark.
> 
> Ah. I see. Strange...
> 
> >> > What is missing in the reassembly code (that is described in RFC815) 
> >> > is the timer. (quote from the RFC):
> >> > --------------
> >> > The  final  part  of  the  algorithm  is  some  sort of timer based
> >> > mechanism which decrements the time to  live  field  of  each 
> >> > partially reassembled  datagram,  so that incomplete datagrams 
> >> > which have outlived their usefulness can be detected and deleted.
> >> > --------------
> >> 
> >> But I reassemble one packet only, so I don't need to timeout
> >> partly-filled packets to recover memory. 
> > 
> > But it is for the state that you described - the user cntr-C a current 
> > transfer, and the reassembly algorithm doesn't know to throw away a
> > partially  accepted packet, when things are cancelled...
> 
> No, it's not like that. 

Are you sure? That is how it is on my network/tftp server.

Maybe we are talking about different things.

What I'm talking about is:
 - start a tftp file transfer.
 - CNTR-C it, causing a partial reassembly to done.
 - start a new transfer.

All I did was add this to the start of NetLoop() to ensure that things are OK.

#ifdef CONFIG_IP_DEFRAG
memset(pkt_buff, 0, IP_HDR_SIZE_NO_UDP);
#endif


> The old instance of the TFTP server resends the last packet of the 
> aborted xfer, 

I don't see how this can happen. the tftp server gets a request for a block of 
2048 bytes (for example) - and whacks out all 2048 bytes at once, and waits 
for the ACK.

If the ACK never comes - it doesn't send the packet again. The client times 
out, and the client needs to send another ACK of the last block before it.

What tftp server are you using?

imhotep:/home/rgetz # /usr/sbin/in.tftpd -V
tftp-hpa 0.43, with remap, with tcpwrappers

> while the new server sends the new 
> packet. Both packets are new, they just come as intermixed fragments.
> And none survives as there is only one reassembly buffer. 

The only way this should happen - is a real attack - sending malformed packets 
to the U-Boot system while it is downloading things on the net - which I 
agree with your comments below - is outside the scope of what we are talking 
about.

As a minimal test - since we are only talking about tftp and nfs (so far) - if 
we did not attempt to assemble packets which are not coming from the 
serverip, that might be an OK thing to do...

if (NetReadIP(&ip->ip_src) != NetServerIP)

> Or something 
> like that, but both are fresh fragmented packets, no timeout would solve
> this sporadic problem.

I still don't understand the use case. The server should only be sending 
packets in response to an ACK. The packets should be the entire UDP block 
size. the server should never mix packets.

> It seems to me that if we want a secure defagment system (one that can
> be use to net-boot production systems in hostile networks), it's
> going to be too complex.  It could work well, however, as a faster
> tool for the interactive developer.

I don't want something that is secure - security is beyond tftp's ability. For 
that -- you need to boot an OS and use https or sftp. All I'm asking for is 
something robust... :)

-Robin

More information about the U-Boot mailing list