|
| From: | address@hidden |
| Subject: | Re: [lwip-devel] TCP FIN problem. |
| Date: | Fri, 03 Oct 2008 16:48:46 +0200 |
| User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Kieran Mansley wrote:
If I remember correctly, when receiving a new SYN on a listen_pcb, a tcp_pcb is allocated and the accept callback function pointer is copied into this new pcb. The actual call to the callback is then done using this new tcp_pcb, not the original listen_pcb. In C++, this could be solve by derving from the TCP_PCB_COMMON, but that's not possible here...Slightly confused, debugging further...I'd bet that there's a difference between "struct tcp_pcb" and "struct tcp_pcb_listen" on a 64 bit build that means casting between them isn't valid. This is deliberately OK on a 32 bit build, but perhaps the structure fields get a different layout with padding on a 64 bit build, and so when the accept field in the pcb is referenced (after the cast in tcp_accept() to struct tcp_pcb_listen) it's writing to the rcv_nxt field.Yeah, there's a bug here - the tcp_accept field isn't in the TCP_PCB_COMMON stuff, and so accessing it via a cast is wrong. I'm not sure why we need it at all in the case of a connected PCB to be honest.
While this seems relatively easy to fix in this special case, it might still be a problem in the rest of the stack: the method of defining common parts in PCBs is used throughout the protocols, where it could lead to different structure layout as well.
Simon
| [Prev in Thread] | Current Thread | [Next in Thread] |