TCPIP Updates – NET+OS 6.2
Last Updated: 10/18/06 Fix Count: 10
Title
ARP/Ping incorrectly discarding packets
Case: 1219140
Date Fixed: 10/18/06
Description
Unit failed to acquire IP address when using ARP/Ping method
to set an IP address in
the 169.254.x.x range.
Solution
Fixed the function ip_net_deliver() which was
discarding packets prematurely.
Title
Low Memory network conditions are slow to recover
Case: 1216183
Date fixed:
10/19/06
Description
During extreme network activity, the TCPIP stack enters a
low memory
condition, causing dropped packets,
and causing long delays in networking
applications. This is most apparent in wireless
applications.
Solution
Corrected defects in the TCPIP stack when entering low
memory conditions.
Title
Subnet masks may be set incorrectly
Case: 17746
Date Fixed: 01/20/06
Description
In some instances, TCP/IP stack processing related to subnet masks
might be incorrect. This could manifest itself by packets not being
routed correctly and/or an invalid subnet mask displayed at
OID 1.3.6.1.2.1.4.20.1.3 in a MIB browser.
Solution
Removed TCP/IP stack restrictions on subnets based on network classes.
Title
Sockets do not receive UDP broadcasts if bound to
anything except INADDR_ANY
Case: 17529
Date Fixed: 12/15/05
Description
Code was missing from the stack for handling UDP broadcast
messages.
UDP broadcast messages were handled correctly if the socket
was bound
to a specific IP address.
Solution
Code was added, to the TCP/IP stack to handle UPD broadcast
when the
socket is bound to a specific
address.
Title
Restarting ACE
Case: internal
Date Fixed: 11/04/05
Description
One should be able to call customizeStopAce(ifname) for all interfaces,
and then call customizeStartAce()
once to restart ACE..
Solution
Changed ace_initialize to do thread
and timer initialization only on a
1st call, and now we also create a mutex
for ACE callbacks only on a 1st
call of customizeAceCreateLock,
so cusomizeStartAce could be called more
than once.
Title
ACE Start/Stop Issues
Case: 1216183
Date Fixed: 11/04/05
Description
To implement os_sleep and os_wakeup functions, Fusion uses an event table,
with each entry consisting of an
event pointer, used as an argument of
os_sleep
and os_wakeup calls, and a ThreadX
event flag. These two entities
were not accessed in one atomic
operation, so the context switch could occur
in os_sleep
between resuming the thread, by getting an event flag, and clearing
the event pointer.
As the result, if two threads called os_wakeup
with the same pointer at the same
time, the second thread could set
an event flag after os_sleep had gotten an event
flag, but before it had cleared an
event pointer. After this an empty event
table
entry would have a set event flag
and some unrelated os_sleep, called later, would
wake up, without actually sleeping.
This created a problem for the ARP probe timer code that
called os_sleep and expected
to be woken up either by address
conflict event or by timeout, but instead os_sleep
returned without sleeping. Deleting
the ARP probe timer created a data corruption.
Solution
The fix guarantees that os_sleep
and os_wakeup functions access the Fusion event
pointer and the ThreadX
event flag in one atomic operation. The change has been
made in Fusion osdep.c
file.
Also fixed in this patch is a memory leak in aceCallbacks.c caused by not freeing
the ifname
from the previous customizeStartAce call.
Title
ACE Invalid Address problem
Case: 17079
Date Fixed: 10/11/05
Description
Registering an invalid address (e.g. 0.0.0.0) could put ACE
into an
infinite loop
Solution
Upon registering a bad address, customizeErrorHandler
is called with
ERROR-ACE-FAILURE and ERROR-SUBCODE-BAD-ACE-CONFIGURATION
Files
netos\src\bsp\platforms\*\aceCallbacks.c
Title
Method to flush ARP cache added
Case: 17258
Date Fixed: 07/26/05
Description
New feature added to flush the ARP cache.
Solution
Added naArpFlush();
Title
IGMPv3 Packet Processing Failures
Case: 15849
Date Fixed: 07/11/05
Description
Multicasts across routers are failing because IGMPv3 packets
are being
ignored.
Solution
IGMPv3 packet size is now ignored (IGMPv3 packets are longer
than v2) and
the packet is treated like a v2
packet.
Title
TCP/ICMP blind connection reset attack
Case: 16474
Date Fixed: 06/28/05
Description
TCP connections are reset under the blind ICMP destination
unreachable
attack. Reproducible with Retina Network Security
Scanner from eEye
Digital Security.
Solution
Added sequence number check into stack as suggested in
raft-gont-tcpm-icmp-attacks-03.txt.
Files: netos\lib\arm7\32b\ghs\libtcpip.a
netos\lib\arm9\32b\gnu\libtcpip.a
netos\lib\arm7\32b\ghs\libtcpip.a
netos\lib\arm9\32b\gnu\libtcpip.a
Special Instructions
- Unzip
the patch(es) to the
root of your NET+OS installation, for example C:\netos62_gnu\.
- Be
sure to install any patches listed under Dependencies below
- Rebuild
your application.
Patch Link: TCPIPUpdates_62
Dependencies
This patch also requires the
installation of the following patch(es):
ACEUpdates_62