I have just got a very strange error while downloading a few (29) usenet
posts of about 1Mb in total.
The system was downloading flat out although there was no data being saved
Eventually pppd/pppoa3 died after about 40mins of this.
The only thing I can find that is suspicious is a CRC error just when
everything went crazy.
So I have had a look at some of the code.
In aal5_frame_from_atm_cells() there appears to be some confusion:
first there is the if(tmp > 0) { src = atm_cells + tmp; ... } and
then immediately after the if there is src=atm_cells;
This doesn't make sense to me :-)
The other thing that looks a bit worrying is:
in aal5_frame_dec we (effectively) pass in the "joined up" frame
and a pointer to the end of it.
We use ((frame[length-6]<<8) | frame[length-5]) to get the length
of the frame.
But..............
If the frame is corrupted but the CRC check has succeeded -
unlikely but not impossible - then real_length could be complete
rubbish.
IIRC, CRC-n checks are guaranteed to detect all n-1 bit errors
but, as I suspect most errors are due to a missing cell, most of our
errors are likely to be >31 bits.
(I see very few CRC errors and I think there is about a 1 in 2^32
chance of a bad frame passing the crc check if a cell is missing
so I don't think it is likely that this is what happened to me
today)
I think that, after the calculation of real_length there should be a
check that real_length<length && real_length+ATM_CELL_DATA_SIZE<length.
(There are probably constants of 2 or 8 needed in the above somewhere
I _think_ the correct values are:
if(real_length>length-8 || real_length<=length-8-ATM_CELL_DATA_SIZE)
return -1;
BICBW.)
Finally - a style thing :-)
pppoa3.c line 841.
pointers should not be cast to ints. ever!
length = sizeof lbuf - (unused_cells - lbuf);
is perfectly well defined on all systems as unused cells points into
the lbuf array and you won't get horrible problems when someone tries
to port to a platform where sizeof(unsigned char*) > sizeof(int)
Tim.
--
God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
and there was light.
http://tjw.hn.org/ http://www.locofungus.btinternet.co.uk/
Liste de diffusion modem ALCATEL SpeedTouch USB
Pour se d�sinscrire : mailto:[EMAIL PROTECTED]?subject=unsubscribe
