From b6ce25ab24c49cee42eee488db5aa7f07e26603f Mon Sep 17 00:00:00 2001 From: gardners Date: Wed, 7 Sep 2011 11:26:26 +0930 Subject: [PATCH] Believe I have found and stemmed the memory corruption bug, although the trigger (poor packet header decoding/address extraction) remains. --- Makefile | 9 +++++---- mphlr.h | 2 +- overlay_abbreviations.c | 6 +++++- overlay_interface.c | 5 +++-- overlay_packetformats.c | 8 ++++++++ overlay_payload.c | 2 +- overlay_route.c | 14 ++++++++++++-- 7 files changed, 35 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index c856fb65..f3dd2a2b 100644 --- a/Makefile +++ b/Makefile @@ -9,17 +9,18 @@ OBJS= dna.o server.o client.o peers.o ciphers.o responses.o packetformats.o data overlay_packetformats.o overlay_abbreviations.o HDRS= Makefile mphlr.h -LDFLAGS= -L/Developer/SDKs/MacOSX10.6.sdk/usr/lib -CFLAGS= -I/Developer/SDKs/MacOSX10.6.sdk/usr/include +#LDFLAGS= -L/Developer/SDKs/MacOSX10.6.sdk/usr/lib +#CFLAGS= -I/Developer/SDKs/MacOSX10.6.sdk/usr/include +#LDFLAGS= -L/opt/local/lib -lefence DEFS= -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DHAVE_LIBC=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDIO_H=1 -DHAVE_ERRNO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRINGS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STRING_H=1 -DHAVE_ARPA_INET_H=1 -DHAVE_SYS_SOCKET_H=1 -DHAVE_SYS_MMAN_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_POLL_H=1 -DHAVE_NETDB_H=1 -DHAVE_NETINET_IN_H=1 -DHAVE_IFADDRS_H=1 all: serval.c dna %.o: %.c $(HDRS) - $(CC) $(CFLAGS) $(DEFS) -Os -g -Wall -c $< + $(CC) $(CFLAGS) $(DEFS) -g -Wall -c $< dna: $(OBJS) - $(CC) $(CFLAGS) -Os -g -Wall -o dna $(OBJS) $(LDFLAGS) + $(CC) $(CFLAGS) -g -Wall -o dna $(OBJS) $(LDFLAGS) serval.c: $(SRCS) $(HDRS) cat mphlr.h > serval.c diff --git a/mphlr.h b/mphlr.h index 1a147eb7..b69a1956 100644 --- a/mphlr.h +++ b/mphlr.h @@ -393,7 +393,7 @@ typedef struct overlay_frame { int source_address_status; /* Frame content from destination address onwards */ - unsigned int bytecount; + int bytecount; unsigned char *bytes; /* Actual payload */ diff --git a/overlay_abbreviations.c b/overlay_abbreviations.c index 7f0658d4..c2db9aa2 100644 --- a/overlay_abbreviations.c +++ b/overlay_abbreviations.c @@ -350,6 +350,7 @@ int overlay_abbreviate_expand_address(int interface,unsigned char *in,int *inofs overlay_abbreviate_set_most_recent_address(&out[*ofs]); return r; case OA_CODE_PREFIX11: case OA_CODE_PREFIX11_INDEX1: case OA_CODE_PREFIX11_INDEX2: /* 11-byte prefix */ + bytes=0; if (in[*inofs]==OA_CODE_PREFIX11_INDEX1) bytes=1; if (in[*inofs]==OA_CODE_PREFIX11_INDEX2) bytes=2; r=overlay_abbreviate_cache_lookup(&in[(*inofs)+1],out,ofs,11,bytes); @@ -400,6 +401,7 @@ int overlay_abbreviate_remember_index(int index_byte_count,unsigned char *sid_to fprintf(stderr,"We need to remember that the sender #%d has assigned index #%d to the following:\n [%s]\n", overlay_abbreviate_current_sender_id,index,sid); + /* This is not the cause of the segmentation fault */ bcopy(sid_to_remember,overlay_neighbours[overlay_abbreviate_current_sender_id].one_byte_index_address_prefixes[index],OVERLAY_SENDER_PREFIX_LENGTH); return 0; } @@ -428,13 +430,15 @@ int overlay_abbreviate_cache_lookup(unsigned char *in,unsigned char *out,int *of } /* XXX We should implement associativity in the address cache so that we can spot - colliding prefixes and ask the sender to resolve them for us */ + colliding prefixes and ask the sender to resolve them for us, or better yet dynamically + size the prefix length based on whether any given short prefix has collided */ /* It is here, so let's return it */ fprintf(stderr,"I think I looked up the following: "); for(i=0;isids[index].b[i]); fprintf(stderr,"\n"); + fprintf(stderr,"Copying cache entry to %p[%d]\n",out,*ofs); bcopy(&cache->sids[index].b[0],&out[(*ofs)],SID_SIZE); (*ofs)+=SID_SIZE; if (index_bytes) { diff --git a/overlay_interface.c b/overlay_interface.c index bd3a40aa..ff99327c 100644 --- a/overlay_interface.c +++ b/overlay_interface.c @@ -485,7 +485,8 @@ int overlay_stuff_packet_from_queue(int i,overlay_buffer *e,int q,long long now, /* XXX Uses hardcoded freshness threshold, when it should get it from the queue */ if (now>((*p)->enqueued_at+overlay_tx[q].latencyTarget)) { - /* Stale, so remove from queue */ + /* Stale, so remove from queue. + (NOT the cause of the 20110905 segfault) */ /* Get pointer to stale entry */ overlay_frame *stale=*p; @@ -505,7 +506,7 @@ int overlay_stuff_packet_from_queue(int i,overlay_buffer *e,int q,long long now, { /* XXX Filter for those which should be sent via this interface. To do that we need to know the nexthop, and the best route to the next hop. */ - + /* We keep trying to queue frames in case they will fit, as not all frames are of equal size. This means that lower bit-rate codecs will get higher priority, which is probably not all bad. The only hard limit is the maximum number of payloads we allow in a frame, which is diff --git a/overlay_packetformats.c b/overlay_packetformats.c index 9aec0400..3590f129 100644 --- a/overlay_packetformats.c +++ b/overlay_packetformats.c @@ -73,6 +73,10 @@ int packetOkOverlay(int interface,unsigned char *packet,int len,unsigned char *t int ofs; overlay_frame f; + f.payload=NULL; + f.bytes=NULL; + f.bytecount=0; + /* Skip magic bytes and version */ for(ofs=4;ofspayload->bytes,p->payload->length)) { fail++; WHY("could not append payload"); } - + /* XXX SIGN &/or ENCRYPT */ ob_free(headers); diff --git a/overlay_route.c b/overlay_route.c index f1966a22..9335c838 100644 --- a/overlay_route.c +++ b/overlay_route.c @@ -716,8 +716,16 @@ int overlay_route_recalc_neighbour_metrics(overlay_neighbour *n,long long now) /* Support interface tick speeds down to 1 per hour (well and truly slow enough to do 50KB/12 hours which is the minimum traffic rate on an expensive BGAN satellite link) */ if (interval<3600000) { - fprintf(stderr,"adding %dms\n",interval); - ms_observed[n->observations[i].sender_interface]+=interval; + fprintf(stderr,"adding %dms (interface %d '%s')\n",interval,n->observations[i].sender_interface, + overlay_interfaces[n->observations[i].sender_interface].name); + /* sender_interface is unsigned, so a single-sided test is sufficient for bounds checking */ + if (n->observations[i].sender_interfaceobservations[i].sender_interface]+=interval; + else + { + WHY("Invalid interface ID in observation"); + fprintf(stderr,"XXXXXXX adding %dms (interface %d)\n",interval,n->observations[i].sender_interface); + } } if (n->observations[i].time_ms>most_recent_observation) most_recent_observation=n->observations[i].time_ms; @@ -747,6 +755,8 @@ int overlay_route_recalc_neighbour_metrics(overlay_neighbour *n,long long now) n->scores[i]=score; if (debug>2&&score) fprintf(stderr,"Neighbour score on interface #%d = %d (observations for %dms)\n",i,score,ms_observed[i]); + if (score&&i) + fprintf(stderr,"WHOOP!\n"); } return 0;