[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-users] Fragmented Ping of Death
From: |
RC Buchanan |
Subject: |
[lwip-users] Fragmented Ping of Death |
Date: |
Wed, 19 May 2021 15:09:10 -0500 |
User-agent: |
Evolution 3.30.5-1.1 |
Hello -
I'm working on a LwIP/FreeRTOS/Cortex-M7 system which has been
generally very solid, but noticed I'm crashing the processor with a 5
fragment ping ("ping 192.168.1.112 -s 5913 -c 1"). If there are 4 or
fewer fragments, it works fine ("ping 192.168.1.112 -s 5912 -i 0.1").
I was poking around in the debugger and it's telling me that the crash
is happening in around in "ip_reass_free_complete_datagram"...
As I understand it, this function ought to be cleaning up the fragments
of the ping, but it appears to be freeing the wrong datagram. When I
set a breakpoint on ip_reass_free_complete_datagram and run:
> (gdb) x /32xb ipr->p->payload
I see data for an ARP request that my PC sent 5 seconds after the
original ping. It seems like this is what's triggering the crash, since
the logic is treating this payload as a struct and trying to extract
the "next_pbuf" from it.
I'm running STABLE-2_1_2_RELEASE, but I see the same with the latest
checkout of master.
Any advice on how to proceed here would be very much appreciated!
Thanks,
Robert
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-users] Fragmented Ping of Death,
RC Buchanan <=