Project

General

Profile

Actions

Bug #14112

open

::arphdr incorrectly reports "unknown" protocol address

Added by Ryan Zezeski 22 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
mdb - modular debugger
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

While debugging a crash I noticed that ::arphdr is reporting bogus source/target protocol address values.

> fffffe08ff3f2a20::mblk
            ADDR FL TYPE    LEN   BLEN              RPTR             DBLK
fffffe08ff3f2a20 0  data    60    80    fffffe08ff427576 fffffe08ff427500

> fffffe08ff427576::print -t struct ether_header
struct ether_header {
    struct ether_addr ether_dhost = {
        ether_addr_t ether_addr_octet = [ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ]
    }
    struct ether_addr ether_shost = {
        ether_addr_t ether_addr_octet = [ 0x74, 0x8f, 0x3c, 0xb9, 0x11, 0x9c ]
    }
    ushort_t ether_type = 0x608
}

> (fffffe08ff427576 + 0t14)::arphdr
fffffe08ff427584: ar$hrd 1 (Ether)
                  ar$pro 800 (IP)
                  ar$op 1 (ares_op$REQUEST)
                  ar$sha 74:8f:3c:b9:11:9c
                  ar$spa (unknown)
                  ar$tha 00:00:00:00:00:00
                  ar$tpa (unknown)
> 

Notice the "unknown" SPA/TPA.

> ::sizeof struct arh_s
sizeof (struct arh_s) = 8

> (fffffe08ff427576 + 0t14 + 0t8)/naBBBBBB
0xfffffe08ff42758c:             
0xfffffe08ff42758c:             74      8f      3c      b9      11      9c      

> (fffffe08ff427576 + 0t14 + 0t8 + 0t6)/naVVVV  
0xfffffe08ff427592:             
0xfffffe08ff427592:             10      0       0       39      

> (fffffe08ff427576 + 0t14 + 0t8 + 0t6 + 0t4)/naBBBBBB
0xfffffe08ff427596:             
0xfffffe08ff427596:             0       0       0       0       0       0       

> (fffffe08ff427576 + 0t14 + 0t8 + 0t6 + 0t4 + 0t6)/naVVVV  
0xfffffe08ff42759c:             
0xfffffe08ff42759c:             10      0       0       206     

Printing the values manually shows it's actually a request from 10.0.0.39 for the hardware address of 10.0.0.206.

This looks to be a logic error in the mdb arp module (in function print_arp()):

    } else if (ptype == IP_ARP_PROTO_TYPE) {
        mdb_printf("%?s  ar$%cpa (unknown)\n", "", field_id);
    } else if (arh->arh_plen == sizeof (in_addr_t)) {
        (void) memcpy(&inaddr, buf + arh->arh_hlen, sizeof (inaddr));
        mdb_printf("%?s  ar$%cpa %I\n", "", field_id, inaddr);

It should be ptype != IP_ARP_PROTO_TYPE.

Along with this fix, it's worth considering the (very) old comment about moving this dcmd into the ip module (leftover from a very old putback in 2006).

/*
 * removed all the ace/arl related stuff. The only thing that remains
 * is code for dealing with ioctls and printing out arp header that
 * should probably be moved into the ip/mdb module.
 */

No data to display

Actions

Also available in: Atom PDF