In the TT_RESPONSE packet, the number of carried entries is not correctly set. This leads to a wrong interpretation of the packet payload on the receiver side causing random entries to be added to the global translation table. Therefore the latter gets always corrupted, triggering a table recovery all the time.
Signed-off-by: Antonio Quartulli ordex@autistici.org --- translation-table.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/translation-table.c b/translation-table.c index 2d2cfc1..1867336 100644 --- a/translation-table.c +++ b/translation-table.c @@ -1054,7 +1054,6 @@ static struct sk_buff *tt_response_fill_table(uint16_t tt_len, uint8_t ttvn, tt_response = (struct tt_query_packet *)skb_put(skb, tt_query_size + tt_len); tt_response->ttvn = ttvn; - tt_response->tt_data = htons(tt_tot);
tt_change = (struct tt_change *)(skb->data + tt_query_size); tt_count = 0; @@ -1080,6 +1079,10 @@ static struct sk_buff *tt_response_fill_table(uint16_t tt_len, uint8_t ttvn, } rcu_read_unlock();
+ /* store in the message the number of entries we have successfully + * copied */ + tt_response->tt_data = htons(tt_count); + out: return skb; }