RE: Socket filter detaches early
RE: Socket filter detaches early
- Subject: RE: Socket filter detaches early
- From: "Christopher Vitale" <email@hidden>
- Date: Mon, 31 Oct 2005 14:09:58 -0500
- Thread-topic: Socket filter detaches early
Title: RE: Socket filter detaches early
Hello,
I think I see the problem. The function sflt_unuse is called pretty aggressively throughout the kernel socket code. It checks to see if anyone has called detach on the filter by &ing SFEF_DETACH against sfe_flags.
When a filter_entry is attached to a socket in kpi_socketfilter.c the MALLOC call does not set the M_ZERO flag. The entry pointer is not bzero'ed. The sfe_flags variable is not set.
I believe that random data in sfe_flags is triggering the early detach.
This satisfiies the criteria of the bug:
1.) I'm allowed to attach to a socket.
2.) The detachment does not interfer with the overall connection.
3.) Early detachment is sporadic.
Unfortunately, if correct, socketfilters thus far on Tiger can not be relied upon.
I've already updated radar.
vitale
-----Original Message-----
From: darwin-kernel-bounces+cvitale=email@hidden on behalf of Christopher Vitale
Sent: Fri 10/28/2005 2:27 PM
To: Darwin Kernel List
Subject: Socket filter detaches early
Hello,
A 10.4.2 socketfilter I wrote for my G4 PowerBook appears to miss some
outgoing conns. I assumed I was doing something wrong. When I ran the same
tests against the tcplognke example code I see the same type of errors.
The test:
#!/bin/sh
LIMIT=500
a=1
while [ "$a" -le $LIMIT ]
do
curl dual_G4_connected_to_my_switch
let "a+=1"
done
It appears that something was attached to the socket, but the connect_out
was never recorded.
12 OUTCON 1.1.1.1:49853 1.1.1.5:80 2 1811 1 157 503 15243 0.010357
13 OUTCON 1.1.1.1:49854 1.1.1.5:80 2 1811 1 157 503 15244 0.005605
14 NONE 0.0.0.0:0 0.0.0.0:0 0 0 0 0 503 15245 0.000039
15 OUTCON 1.1.1.1:49856 1.1.1.5:80 2 1811 1 157 503 15246 0.005621
The fourteenth entry should have been 1.1.1.1:49855. There were 39 NONE
occurrences when I ran through 500 conns. The pid always looks good and the
duration is always very tiny. Looks like the filter is detaching before
connect_out is called.
When I set my script to call curl X times, I always see X new entries in
apache's access_log. I looked around uipc_socket* and the kpi_socketfilter
files, but I didn't notice any obvious bugs. Also ran tethereal on other
runs and saw these missing connections.
These connections are created and destroyed in lockstep, so this should be a
very easy test.
Has anyone else noticed similar behavior? I've already filed a bug on radar.
vitale
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden