[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-tr] Token Ring Bug (Broadcast and Multicast address check)
Bug in net/802/tr.c function tr_type_trans
The IBM token ring specification labels the most significant bit zero
the reverse of the rest of the planet (I suppose they have good reason).
It then goes on to say bit zero in the destination address indicates
the address is an individual or group address. Hence we need to check
byte with 0x80 and not 1 when checking for a broadcast or multicast
This bug can be reproduced by setting an LAA of 4fffffffffff which is a
single node address on TR. We get neighbour table overflow messages
kernel and we cannot communicate with other nodes. The address
works fine however indicating we are checking the wrong bit.
< if(*trh->daddr & 1)
> if(*trh->daddr & 0x80)