mirror of
https://github.com/servalproject/serval-dna.git
synced 2024-12-18 20:57:56 +00:00
Believe I have found and stemmed the memory corruption bug, although
the trigger (poor packet header decoding/address extraction) remains.
This commit is contained in:
gardners
parent
b0680bd6e0
commit
b6ce25ab24
9
Makefile
9
Makefile
@ -9,17 +9,18 @@ OBJS= dna.o server.o client.o peers.o ciphers.o responses.o packetformats.o data
|
||||
overlay_packetformats.o overlay_abbreviations.o
|
||||
|
||||
HDRS= Makefile mphlr.h
|
||||
LDFLAGS= -L/Developer/SDKs/MacOSX10.6.sdk/usr/lib
|
||||
CFLAGS= -I/Developer/SDKs/MacOSX10.6.sdk/usr/include
|
||||
#LDFLAGS= -L/Developer/SDKs/MacOSX10.6.sdk/usr/lib
|
||||
#CFLAGS= -I/Developer/SDKs/MacOSX10.6.sdk/usr/include
|
||||
#LDFLAGS= -L/opt/local/lib -lefence
|
||||
DEFS= -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DHAVE_LIBC=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDIO_H=1 -DHAVE_ERRNO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRINGS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STRING_H=1 -DHAVE_ARPA_INET_H=1 -DHAVE_SYS_SOCKET_H=1 -DHAVE_SYS_MMAN_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_POLL_H=1 -DHAVE_NETDB_H=1 -DHAVE_NETINET_IN_H=1 -DHAVE_IFADDRS_H=1
|
||||
|
||||
all: serval.c dna
|
||||
|
||||
%.o: %.c $(HDRS)
|
||||
$(CC) $(CFLAGS) $(DEFS) -Os -g -Wall -c $<
|
||||
$(CC) $(CFLAGS) $(DEFS) -g -Wall -c $<
|
||||
|
||||
dna: $(OBJS)
|
||||
$(CC) $(CFLAGS) -Os -g -Wall -o dna $(OBJS) $(LDFLAGS)
|
||||
$(CC) $(CFLAGS) -g -Wall -o dna $(OBJS) $(LDFLAGS)
|
||||
|
||||
serval.c: $(SRCS) $(HDRS)
|
||||
cat mphlr.h > serval.c
|
||||
|
||||
2
mphlr.h
2
mphlr.h
@ -393,7 +393,7 @@ typedef struct overlay_frame {
|
||||
int source_address_status;
|
||||
|
||||
/* Frame content from destination address onwards */
|
||||
unsigned int bytecount;
|
||||
int bytecount;
|
||||
unsigned char *bytes;
|
||||
|
||||
/* Actual payload */
|
||||
|
||||
@ -350,6 +350,7 @@ int overlay_abbreviate_expand_address(int interface,unsigned char *in,int *inofs
|
||||
overlay_abbreviate_set_most_recent_address(&out[*ofs]);
|
||||
return r;
|
||||
case OA_CODE_PREFIX11: case OA_CODE_PREFIX11_INDEX1: case OA_CODE_PREFIX11_INDEX2: /* 11-byte prefix */
|
||||
bytes=0;
|
||||
if (in[*inofs]==OA_CODE_PREFIX11_INDEX1) bytes=1;
|
||||
if (in[*inofs]==OA_CODE_PREFIX11_INDEX2) bytes=2;
|
||||
r=overlay_abbreviate_cache_lookup(&in[(*inofs)+1],out,ofs,11,bytes);
|
||||
@ -400,6 +401,7 @@ int overlay_abbreviate_remember_index(int index_byte_count,unsigned char *sid_to
|
||||
fprintf(stderr,"We need to remember that the sender #%d has assigned index #%d to the following:\n [%s]\n",
|
||||
overlay_abbreviate_current_sender_id,index,sid);
|
||||
|
||||
/* This is not the cause of the segmentation fault */
|
||||
bcopy(sid_to_remember,overlay_neighbours[overlay_abbreviate_current_sender_id].one_byte_index_address_prefixes[index],OVERLAY_SENDER_PREFIX_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
@ -428,13 +430,15 @@ int overlay_abbreviate_cache_lookup(unsigned char *in,unsigned char *out,int *of
|
||||
}
|
||||
|
||||
/* XXX We should implement associativity in the address cache so that we can spot
|
||||
colliding prefixes and ask the sender to resolve them for us */
|
||||
colliding prefixes and ask the sender to resolve them for us, or better yet dynamically
|
||||
size the prefix length based on whether any given short prefix has collided */
|
||||
|
||||
/* It is here, so let's return it */
|
||||
fprintf(stderr,"I think I looked up the following: ");
|
||||
for(i=0;i<SID_SIZE;i++) fprintf(stderr,"%02x",cache->sids[index].b[i]);
|
||||
fprintf(stderr,"\n");
|
||||
|
||||
fprintf(stderr,"Copying cache entry to %p[%d]\n",out,*ofs);
|
||||
bcopy(&cache->sids[index].b[0],&out[(*ofs)],SID_SIZE);
|
||||
(*ofs)+=SID_SIZE;
|
||||
if (index_bytes) {
|
||||
|
||||
@ -485,7 +485,8 @@ int overlay_stuff_packet_from_queue(int i,overlay_buffer *e,int q,long long now,
|
||||
|
||||
/* XXX Uses hardcoded freshness threshold, when it should get it from the queue */
|
||||
if (now>((*p)->enqueued_at+overlay_tx[q].latencyTarget)) {
|
||||
/* Stale, so remove from queue */
|
||||
/* Stale, so remove from queue.
|
||||
(NOT the cause of the 20110905 segfault) */
|
||||
|
||||
/* Get pointer to stale entry */
|
||||
overlay_frame *stale=*p;
|
||||
@ -505,7 +506,7 @@ int overlay_stuff_packet_from_queue(int i,overlay_buffer *e,int q,long long now,
|
||||
{
|
||||
/* XXX Filter for those which should be sent via this interface.
|
||||
To do that we need to know the nexthop, and the best route to the next hop. */
|
||||
|
||||
|
||||
/* We keep trying to queue frames in case they will fit, as not all frames are of equal size.
|
||||
This means that lower bit-rate codecs will get higher priority, which is probably not all
|
||||
bad. The only hard limit is the maximum number of payloads we allow in a frame, which is
|
||||
|
||||
@ -73,6 +73,10 @@ int packetOkOverlay(int interface,unsigned char *packet,int len,unsigned char *t
|
||||
int ofs;
|
||||
overlay_frame f;
|
||||
|
||||
f.payload=NULL;
|
||||
f.bytes=NULL;
|
||||
f.bytecount=0;
|
||||
|
||||
/* Skip magic bytes and version */
|
||||
for(ofs=4;ofs<len;)
|
||||
{
|
||||
@ -138,6 +142,10 @@ int packetOkOverlay(int interface,unsigned char *packet,int len,unsigned char *t
|
||||
*/
|
||||
f.bytes=&packet[offset];
|
||||
f.bytecount=f.rfs-(offset-ofs);
|
||||
if (f.bytecount<0) {
|
||||
f.bytecount=0;
|
||||
WHY("negative residual byte count after extracting addresses from frame header");
|
||||
}
|
||||
|
||||
/* Finally process the frame */
|
||||
overlay_frame_process(interface,&f);
|
||||
|
||||
@ -118,7 +118,7 @@ int overlay_frame_package_fmt1(overlay_frame *p,overlay_buffer *b)
|
||||
{ fail++; WHY("could not append header"); }
|
||||
if (ob_append_bytes(b,p->payload->bytes,p->payload->length))
|
||||
{ fail++; WHY("could not append payload"); }
|
||||
|
||||
|
||||
/* XXX SIGN &/or ENCRYPT */
|
||||
|
||||
ob_free(headers);
|
||||
|
||||
@ -716,8 +716,16 @@ int overlay_route_recalc_neighbour_metrics(overlay_neighbour *n,long long now)
|
||||
/* Support interface tick speeds down to 1 per hour (well and truly slow enough to do
|
||||
50KB/12 hours which is the minimum traffic rate on an expensive BGAN satellite link) */
|
||||
if (interval<3600000) {
|
||||
fprintf(stderr,"adding %dms\n",interval);
|
||||
ms_observed[n->observations[i].sender_interface]+=interval;
|
||||
fprintf(stderr,"adding %dms (interface %d '%s')\n",interval,n->observations[i].sender_interface,
|
||||
overlay_interfaces[n->observations[i].sender_interface].name);
|
||||
/* sender_interface is unsigned, so a single-sided test is sufficient for bounds checking */
|
||||
if (n->observations[i].sender_interface<OVERLAY_MAX_INTERFACES)
|
||||
ms_observed[n->observations[i].sender_interface]+=interval;
|
||||
else
|
||||
{
|
||||
WHY("Invalid interface ID in observation");
|
||||
fprintf(stderr,"XXXXXXX adding %dms (interface %d)\n",interval,n->observations[i].sender_interface);
|
||||
}
|
||||
}
|
||||
|
||||
if (n->observations[i].time_ms>most_recent_observation) most_recent_observation=n->observations[i].time_ms;
|
||||
@ -747,6 +755,8 @@ int overlay_route_recalc_neighbour_metrics(overlay_neighbour *n,long long now)
|
||||
|
||||
n->scores[i]=score;
|
||||
if (debug>2&&score) fprintf(stderr,"Neighbour score on interface #%d = %d (observations for %dms)\n",i,score,ms_observed[i]);
|
||||
if (score&&i)
|
||||
fprintf(stderr,"WHOOP!\n");
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user