[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-tr] Token Ring Bug (Broadcast and Multicast address check)



Bug in net/802/tr.c function tr_type_trans

The IBM token ring specification labels the most significant bit zero
i.e.
the reverse of the rest of the planet (I suppose they have good reason).

It then goes on to say bit zero in the destination address indicates
whether
the address is an individual or group address. Hence we need to check
the
byte with 0x80 and not 1 when checking for a broadcast or multicast
address.

This bug can be reproduced by setting an LAA of 4fffffffffff which is a
valid
single node address on TR.  We get neighbour table overflow messages
from the
kernel and we cannot communicate with other nodes.  The address
4effffffffff
works fine however indicating we are checking the wrong bit.

>From
Tom Gallagher

Patch:-


193c193
<       if(*trh->daddr & 1)
---
>       if(*trh->daddr & 0x80)