Commit Graph

733 Commits

Author SHA1 Message Date
logwang 7f92df961d Fix #114: An out of bounds of memory in netinet/libalias/alias_sctp.c.
Run with valgrind, and found this:
==2228== Invalid write of size 8
==2228==    at 0x4E05DA: AliasSctpInit (alias_sctp.c:641)
==2228==    by 0x4DE565: LibAliasInit (alias_db.c:2503)
==2228==    by 0x4E9B3B: nat44_config (ip_fw_nat.c:505)
==2228==    by 0x4E9E91: nat44_cfg (ip_fw_nat.c:599)
==2228==    by 0x4F1719: ipfw_ctl3 (ip_fw_sockopt.c:3666)
==2228==    by 0x4B9954: rip_ctloutput (raw_ip.c:659)
==2228==    by 0x447E11: sosetopt (uipc_socket.c:2505)
==2228==    by 0x44BF4D: kern_setsockopt (uipc_syscalls.c:1407)
==2228==    by 0x409F08: ff_setsockopt (ff_syscall_wrapper.c:412)
==2228==    by 0x5277AA: handle_ipfw_msg (ff_dpdk_if.c:1146)
==2228==    by 0x52788C: handle_msg (ff_dpdk_if.c:1196)
==2228==    by 0x5289B8: process_msg_ring (ff_dpdk_if.c:1213)
==2228==  Address 0x60779b0 is 4,800 bytes inside a block of size 4,802
alloc'd
==2228==    at 0x4C2ABBD: malloc (vg_replace_malloc.c:296)
==2228==    by 0x509F15: ff_malloc (ff_host_interface.c:89)
==2228==    by 0x4053BE: malloc (ff_glue.c:1021)
==2228==    by 0x4E054E: AliasSctpInit (alias_sctp.c:632)
==2228==    by 0x4DE565: LibAliasInit (alias_db.c:2503)
==2228==    by 0x4E9B3B: nat44_config (ip_fw_nat.c:505)
==2228==    by 0x4E9E91: nat44_cfg (ip_fw_nat.c:599)
==2228==    by 0x4F1719: ipfw_ctl3 (ip_fw_sockopt.c:3666)
==2228==    by 0x4B9954: rip_ctloutput (raw_ip.c:659)
==2228==    by 0x447E11: sosetopt (uipc_socket.c:2505)
==2228==    by 0x44BF4D: kern_setsockopt (uipc_syscalls.c:1407)
==2228==    by 0x409F08: ff_setsockopt (ff_syscall_wrapper.c:412)
==2228==

The error line is:
`la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct
sctpTimerQ));`

Since SN_TIMER_QUEUE_SIZE is defined as SN_MAX_TIMER+2, and sn_calloc is
defined as sn_malloc(x * n) if _SYS_MALLOC_H_ is defined, the size of
calloced memory will be wrong, because the macro will be expanded to
sizeof(struct sctpTimerQ)*SN_MAX_TIMER+2.

And the memory will be out of bounds here.
```
/* Initialise circular timer Q*/
for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++)
    LIST_INIT(&la->sctpNatTimer.TimerQ[i]);
```
2017-12-05 15:32:10 +08:00
logwang 2aa28acdb3 Fix #114: An out of bounds of memory in netinet/libalias/alias_sctp.c.
Run with valgrind, and found this:
==2228== Invalid write of size 8
==2228==    at 0x4E05DA: AliasSctpInit (alias_sctp.c:641)
==2228==    by 0x4DE565: LibAliasInit (alias_db.c:2503)
==2228==    by 0x4E9B3B: nat44_config (ip_fw_nat.c:505)
==2228==    by 0x4E9E91: nat44_cfg (ip_fw_nat.c:599)
==2228==    by 0x4F1719: ipfw_ctl3 (ip_fw_sockopt.c:3666)
==2228==    by 0x4B9954: rip_ctloutput (raw_ip.c:659)
==2228==    by 0x447E11: sosetopt (uipc_socket.c:2505)
==2228==    by 0x44BF4D: kern_setsockopt (uipc_syscalls.c:1407)
==2228==    by 0x409F08: ff_setsockopt (ff_syscall_wrapper.c:412)
==2228==    by 0x5277AA: handle_ipfw_msg (ff_dpdk_if.c:1146)
==2228==    by 0x52788C: handle_msg (ff_dpdk_if.c:1196)
==2228==    by 0x5289B8: process_msg_ring (ff_dpdk_if.c:1213)
==2228==  Address 0x60779b0 is 4,800 bytes inside a block of size 4,802
alloc'd
==2228==    at 0x4C2ABBD: malloc (vg_replace_malloc.c:296)
==2228==    by 0x509F15: ff_malloc (ff_host_interface.c:89)
==2228==    by 0x4053BE: malloc (ff_glue.c:1021)
==2228==    by 0x4E054E: AliasSctpInit (alias_sctp.c:632)
==2228==    by 0x4DE565: LibAliasInit (alias_db.c:2503)
==2228==    by 0x4E9B3B: nat44_config (ip_fw_nat.c:505)
==2228==    by 0x4E9E91: nat44_cfg (ip_fw_nat.c:599)
==2228==    by 0x4F1719: ipfw_ctl3 (ip_fw_sockopt.c:3666)
==2228==    by 0x4B9954: rip_ctloutput (raw_ip.c:659)
==2228==    by 0x447E11: sosetopt (uipc_socket.c:2505)
==2228==    by 0x44BF4D: kern_setsockopt (uipc_syscalls.c:1407)
==2228==    by 0x409F08: ff_setsockopt (ff_syscall_wrapper.c:412)
==2228==

The error line is:
`la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct
sctpTimerQ));`

Since SN_TIMER_QUEUE_SIZE is defined as SN_MAX_TIMER+2, and sn_calloc is
defined as sn_malloc(x * n) if _SYS_MALLOC_H_ is defined, the size of
calloced memory will be wrong, because the macro will be expanded to
sizeof(struct sctpTimerQ)*SN_MAX_TIMER+2.

And the memory will be out of bounds here.
```
/* Initialise circular timer Q*/
for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++)
    LIST_INIT(&la->sctpNatTimer.TimerQ[i]);
```
2017-12-05 15:32:10 +08:00
logwang 48b700b73c Fix bug: incorrect usage of `rte_pktmbuf_clone` when dispatching arp packets.
Since f-stack uses `rte_pktmbuf_clone` to copy mbuf to other lcores when dispatching arp packets, but it doesn't real copy the packet data. The buf_addr of pktmbuf is pointed to the same address.

The arp response packet is generated with the same mbuf from the request
packet, it just swaps the src and dst address, so the copied mbufs will also be changed.

What we need is a deep copy function, and the arp packets are really small, so deep copy will not harm performance too much.

Fix #53 #111 #112.
2017-12-01 17:25:47 +08:00
logwang bc0ac4755a Fix bug: incorrect usage of `rte_pktmbuf_clone` when dispatching arp packets.
Since f-stack uses `rte_pktmbuf_clone` to copy mbuf to other lcores when dispatching arp packets, but it doesn't real copy the packet data. The buf_addr of pktmbuf is pointed to the same address.

The arp response packet is generated with the same mbuf from the request
packet, it just swaps the src and dst address, so the copied mbufs will also be changed.

What we need is a deep copy function, and the arp packets are really small, so deep copy will not harm performance too much.

Fix #53 #111 #112.
2017-12-01 17:25:47 +08:00
logwang aa3f528959 Configuration: optimize the description. 2017-12-01 16:53:57 +08:00
logwang ffdb15be57 Configuration: optimize the description. 2017-12-01 16:53:57 +08:00
logwang 8c317b2231 Fix #107: some invalid usages of kqueue in `ff_epoll`.
1.Both EVFILT_READ and EVFILT_WRITE are values but not flags. It needs to check whether it is equal but not to do logic and.

2.If the read direction of the socket has shutdown, then the filter also sets EV_EOF in `flags`, and returns the socket error (if any) in `fflags`.
2017-11-27 18:39:34 +08:00
logwang 112c74aa2e Fix #107: some invalid usages of kqueue in `ff_epoll`.
1.Both EVFILT_READ and EVFILT_WRITE are values but not flags. It needs to check whether it is equal but not to do logic and.

2.If the read direction of the socket has shutdown, then the filter also sets EV_EOF in `flags`, and returns the socket error (if any) in `fflags`.
2017-11-27 18:39:34 +08:00
logwang e76966dcf1 Roadmap: to support IPV6. 2017-11-27 14:03:46 +08:00
logwang 3c4a58ceba Roadmap: to support IPV6. 2017-11-27 14:03:46 +08:00
logwang c598cee34c
Merge pull request #103 from tigerjibo/master
ipfw: should init dpdk before all malloc
2017-11-21 14:57:35 +08:00
logwang 564e18ab25 Merge pull request #103 from tigerjibo/master
ipfw: should init dpdk before all malloc
2017-11-21 14:57:35 +08:00
Ji Bo 896dcc2b9a ipfw: should init dpdk before all malloc
Signed-off-by: Ji Bo <jibo@xdja.com>
2017-11-21 14:32:00 +08:00
Ji Bo 5e0cf829d9 ipfw: should init dpdk before all malloc
Signed-off-by: Ji Bo <jibo@xdja.com>
2017-11-21 14:32:00 +08:00
logwang 595de2db4b Release-1.11 tag. 2017-11-21 11:42:39 +08:00
logwang 4e73363e2c Release-1.11 tag. 2017-11-21 11:42:39 +08:00
logwang c7fe235229 Example: keep run when accept failed. 2017-11-21 11:42:09 +08:00
logwang 02610d5877 Example: keep run when accept failed. 2017-11-21 11:42:09 +08:00
logwang f17ba62bb6 Use general protocol header length in protocol filter. 2017-11-21 11:20:14 +08:00
logwang 49e481768a Use general protocol header length in protocol filter. 2017-11-21 11:20:14 +08:00
logwang 35a813994b Micro_thread: convert encoding of source files and remove chinese comments. 2017-11-20 22:39:00 +08:00
logwang 5ac59bc49a Micro_thread: convert encoding of source files and remove chinese comments. 2017-11-20 22:39:00 +08:00
logwang ef39c58b67 Fix #100: tcp anomaly when TSO is enabled.
1.Fix the wrong ip header length and tcp header length.
2.Recalculate the pseudo header checksum and set it to tcp header.
2017-11-20 17:07:10 +08:00
logwang 8cfa29232a Fix #100: tcp anomaly when TSO is enabled.
1.Fix the wrong ip header length and tcp header length.
2.Recalculate the pseudo header checksum and set it to tcp header.
2017-11-20 17:07:10 +08:00
logwang ee61971c95 Nginx: fix that worker may crash when reload or recv signals. 2017-11-20 17:06:02 +08:00
logwang b1bb619a90 Nginx: fix that worker may crash when reload or recv signals. 2017-11-20 17:06:02 +08:00
whl739 b37139ca32 Add tool: ipfw.
ipfw -- interface for firewall, packet scheduler, NAT and so on.

It is comprised of several components: the kernel firewall filter rule processor and its integrated packet accounting facility, the logging facility, NAT, a forward facility, a bridge facility, and an ipstealth facility.
Note that the `dummynet` traffic shaper is not merged.
2017-11-14 16:44:32 +08:00
whl739 127dd473af Add tool: ipfw.
ipfw -- interface for firewall, packet scheduler, NAT and so on.

It is comprised of several components: the kernel firewall filter rule processor and its integrated packet accounting facility, the logging facility, NAT, a forward facility, a bridge facility, and an ipstealth facility.
Note that the `dummynet` traffic shaper is not merged.
2017-11-14 16:44:32 +08:00
logwang 0b8e61ab4d Fix bug: dead loop when destroy a network interface. 2017-11-10 18:52:10 +08:00
logwang 0e1bd6da1b Fix bug: dead loop when destroy a network interface. 2017-11-10 18:52:10 +08:00
logwang 8966cc7c16
Merge pull request #98 from xujiaxuan/master
Fix bug: process input packets error if packet fragment
2017-11-10 14:41:09 +08:00
logwang 3bf83dd442 Merge pull request #98 from xujiaxuan/master
Fix bug: process input packets error if packet fragment
2017-11-10 14:41:09 +08:00
Xu Jiaxuan 4b3bcd46c0 Fix bug: process input packets error if packet fragment
modified:   lib/ff_dpdk_if.c
2017-11-10 13:58:32 +08:00
logwang eb5902d97d Api: add packet dispatch callback function register.
In some cases, for example, packets are forwarded to your server through
IP tunnel, and they will be received on fixed queues, since RSS doesn't support tunnels.So we need to dispatch them again.

With this commit, we can implement a dispatcher callback function and regist
it, packets retrieved from rx queue will be dispatched again according to
the dispatcher result.
2017-11-09 21:22:13 +08:00
logwang c855fce65e Configuration: set net.link.ether.inet.maxhold(number of packets to hold per ARP entry) to 5.
Since maxhold's default value is 1, it may not be enough for some
applicatins, so increase it to the value of
net.link.ether.inet.maxtries(ARP resolution attempts before returning
error).
2017-11-08 17:49:51 +08:00
logwang 555c848918 Ngctl: support interactive mode. 2017-11-01 18:53:07 +08:00
logwang 3b2bd0f641 Add tool: ngctl.
ngctl -- netgraph control utility.
The ngctl utility creates a new netgraph node of type socket which can be used to issue netgraph commands.
2017-11-01 17:38:22 +08:00
logwang bffb72754c Misc: make example in travis-ci and fix return value of `ff_connect`. 2017-10-31 11:08:04 +08:00
logwang a416aa0841 FreeBSD misc: add a macro to turn on NETGRAPH option and return error when call sleep 2017-10-27 18:08:44 +08:00
logwang c36e692a8e Use `KMOD_SRCS` to pass extra kernel module sourcs.
For example, if you have an extra FreeBSD kernel module, and want to
compile it into F-Stack, you can do it like this:
```
cd f-stack/lib
export "KMOD_SRCS=/your/kmod/path/a.c /your/kmod/path/b.c"
export "CONF_CFLAGS=-I/your/kmod/path"
make
```
2017-10-25 15:26:01 +08:00
logwang 20a9422e03 Fix bug: undefined refrence to `fueword`. 2017-10-25 15:16:28 +08:00
logwang a1fd9364a9 FreeBSD: add module netgraph. 2017-10-25 14:38:15 +08:00
logwang 20be49f608 Nginx: hijack `read` and `write`.
Since libssl calls `read` and `write` when SSL handshake, we must
hijack these two functions, so that the network IO can pass through
f-stack.
2017-09-26 17:00:20 +08:00
logwang b7d857a29d Merge pull request #80 from yuyang0/master
Fix #79: less arp ring.
2017-09-25 12:13:48 +08:00
YuYang 257bb980b4 less arp ring 2017-09-25 12:05:30 +08:00
logwang 1c388a5257 Update f-stack.conf of nginx.
Close #81.
2017-09-25 12:03:26 +08:00
logwang 85aab0a645 Optimize tx. 2017-09-22 17:35:50 +08:00
logwang 28b0198a41 Merge branch 'master' of https://github.com/F-Stack/f-stack 2017-09-21 15:06:12 +08:00
logwang 8755b2de54 Fix bug: freebsd sysctl config not work. 2017-09-21 15:03:05 +08:00
logwang 6dbdb4c147 Fix buf: freebsd sysctl config not work. 2017-09-21 14:57:01 +08:00