Code Monkey home page Code Monkey logo

Comments (4)

krizhanovsky avatar krizhanovsky commented on August 10, 2024

What exactly does "the code that passes the fragments to the parser is broken" mean?

from tempesta.

keshonok avatar keshonok commented on August 10, 2024

There was incorrect threatment of SKB's paged fragments. Please see the patch linked above.

from tempesta.

krizhanovsky avatar krizhanovsky commented on August 10, 2024

The patch (a461f6b) is right and I'll apply it. However, motivation of the patch and how does it fix the problem is unclear.

skb_frag_address is defined in include/linux/skbuff.h as

    static inline void *skb_frag_address(const skb_frag_t *frag)
    {
            return page_address(skb_frag_page(frag)) + frag->page_offset;
    }

While kmap_atomic is basically just page_address(page) (see include/linux/highmem.h). So the patch fixes only the case when frag->page_offset != 0.

Please, recheck the bug with the new master branch and provide better explanation how the patch fixes the problem and/or provide test which reproduces the problem and shows that the problem is gone after the patch.

from tempesta.

keshonok avatar keshonok commented on August 10, 2024

In short: yes, that is correct, the patch fixes the problem only when frag->page_offset != 0.

The patch makes things clearer, cleaner, and shorter, doing the same thing without a chance of making this kind of a bug by using the function that exists specifically for that purpose. As intended, the function takes care of that specific case as well. That was the motivation for this patch, besides making the actual fix for the bug.

I was able to reproduce the problem each and every time by sending an HTTP request over an ethernet link. No specific test is necessary, just need to make sure the skb with received packet consists of multiple parts/fragments. Note that it can be a function of a network driver. Today's network drivers often put IP and MAC headers in the linear part of an skb, and put the rest of packet's data in the fragmented parts. When an skb with the received packet is moved up the network stack, the protocol headers (such as TCP header) are pulled to the linear part of an skb from fragmented parts, and that may (and does) change an offset into a fragmented part that had some data pulled from it.

Current master branch includes this fix. This issue should be closed.

from tempesta.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.