Hi,
You decrement/increment n_left_to_next/to_next twice in one iteration of the
loop, so you are writing out of bounds. Have a look at other nodes that do
packet copying like l2_flood.
/neale
From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Smith Beirvin via
lists.fd.io <gbeirvin=gmail....@lists.fd.io>
Date: Monday, 7 March 2022 at 04:02
To: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
Subject: [vpp-dev] Coredump occur when duplicate a packet at "interface-output"
arc. #vpp
Hi fellows:
I got a problem when duplicate a packet at "interface-output" arc, this
will trigger a coredump as below. while I can't find any issue for the sorce
code. So pls help me.
Coredump information;
Mar 7 02:54:24 localhost vnet[9542]: vlib_buffer_validate_alloc_free:367:
freeing known-free buffer 0x9f947
Mar 7 02:54:24 localhost vnet[9542]: received signal SIGABRT, PC 0x7f2b4330ce87
Mar 7 02:54:24 localhost vnet[9542]: #0 0x00007f2b44e5e914
unix_signal_handler + 0x2a4
Mar 7 02:54:24 localhost vnet[9542]: #1 0x00007f2b446f1980 0x7f2b446f1980
Mar 7 02:54:24 localhost vnet[9542]: #2 0x00007f2b4330ce87 gsignal + 0xc7
Mar 7 02:54:24 localhost vnet[9542]: #3 0x00007f2b4330e7f1 abort + 0x141
Mar 7 02:54:24 localhost vnet[9542]: #4 0x0000000000407263 0x407263
Mar 7 02:54:24 localhost vnet[9542]: #5 0x00007f2b441ed7f9 debugger + 0x9
Mar 7 02:54:24 localhost vnet[9542]: #6 0x00007f2b441ed577 _clib_error + 0x3b7
Mar 7 02:54:24 localhost vnet[9542]: #7 0x00007f2b44d6b4a7
vlib_buffer_validate_alloc_free + 0x117
Mar 7 02:54:24 localhost vnet[9542]: #8 0x00007f2afa231267
vlib_buffer_free_inline.constprop.9 + 0x1167
Mar 7 02:54:24 localhost vnet[9542]: #9 0x00007f2afa2328bb tap_inject_tx +
0x64b
Mar 7 02:54:24 localhost vnet[9542]: #10 0x00007f2b44dd9fd5 dispatch_node +
0x365
Mar 7 02:54:24 localhost vnet[9542]: #11 0x00007f2b44dda8a7
dispatch_pending_node + 0x3c7
Mar 7 02:54:24 localhost vnet[9542]: #12 0x00007f2b44dd4d01
vlib_main_or_worker_loop + 0xc51
Mar 7 02:54:24 localhost vnet[9542]: #13 0x00007f2b44dd6a4a vlib_main_loop +
0x1a
Mar 7 02:54:24 localhost vnet[9542]: #14 0x00007f2b44dd681f vlib_main + 0xacf
Source Code:
// decode
typedef enum
{
UDP_TCP_FAKE_OUT_NEXT_DROP,
UDP_TCP_FAKE_OUT_NEXT_INT_TX,
UDP_TCP_FAKE_OUT_N_NEXT,
} UDP_TCP_FAKE_OUT_NEXT_E;
always_inline uword
tcp_fake_out_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t
* frame, u8 is_ip4)
{
u32 n_left_from, *from, *to_next, next_index, matches;
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
next_index = node->cached_next_index;
matches = 0;
while (n_left_from > 0)
{
u32 n_left_to_next;
vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
while (n_left_from > 0 && n_left_to_next > 0 && n_left_to_next <= 256)
{
u32 next0;
vlib_buffer_t* b0;
u32 bi0;
bi0 = from[0];
b0 = vlib_get_buffer (vm, bi0);
vnet_feature_next (&next0, b0);
if (is_ip4)
{
u8 is_send_syn = 1;
if (is_send_syn && (1 < n_left_to_next))
{
u32 syn_bi = 0;
vlib_buffer_t* syn_b;
// syn_b = vlib_buffer_copy3(vm, b0, &syn_bi);
syn_b = vlib_buffer_copy(vm, b0);
// send syn ack
if (syn_b)
{
syn_bi = vlib_get_buffer_index(vm, syn_b);
to_next[0] = syn_bi;
to_next += 1;
n_left_to_next -= 1;
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next, bi0, next0);
printf("%s %d %s %s: tcp_fake track.\r\n",
__FUNCTION__, __LINE__, __DATE__, __TIME__);
}
else
{
printf("beirvin note %s %d: syn_b is NULL;\r\n",
__FUNCTION__, __LINE__);
}
}
}
to_next[0] = bi0;
from += 1;
to_next += 1;
n_left_from -= 1;
n_left_to_next -= 1;
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next, bi0, next0);
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
// vlib_node_increment_counter (vm, fast-vxlan-output.index,
FWABF_ERROR_MATCHED, matches);
return frame->n_vectors;
}
always_inline uword
tcp_fake_out_ipv4 (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t *
frame)
{
return tcp_fake_out_inline (vm, node, frame, 1);
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (tcp_fake_out_node) =
{
.function = tcp_fake_out_ipv4,
.name = "udp-tcp-fake-out",
/* Takes a vector of packets. */
.vector_size = sizeof (u32),
.type = VLIB_NODE_TYPE_INTERNAL,
.n_next_nodes = UDP_TCP_FAKE_OUT_N_NEXT,
.next_nodes = {
[UDP_TCP_FAKE_OUT_NEXT_DROP] = "error-drop",
[UDP_TCP_FAKE_OUT_NEXT_INT_TX] = "interface-tx",
},
//.format_buffer = format_tcp_fake_header,
//.format_trace = format_tcp_fake_trace,
};
VNET_FEATURE_INIT (tcp_fake_out_feat, static) =
{
.arc_name = "interface-output",
.node_name = "udp-tcp-fake-out",
.runs_before = VNET_FEATURES ("interface-tx"),
};
static_always_inline clib_error_t *
tcp_fake_init (vlib_main_t * vm)
{
tcp_fake_main_t * ufm = vnet_get_tcp_fake_main ();
ufm->enable = 0;
ufm->vm = vm;
ufm->enable_interfaces = NULL;
return 0;
}
VLIB_INIT_FUNCTION (tcp_fake_init);
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20965): https://lists.fd.io/g/vpp-dev/message/20965
Mute This Topic: https://lists.fd.io/mt/89604305/21656
Mute #vpp:https://lists.fd.io/g/vpp-dev/mutehashtag/vpp
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
