lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 7 Jan 2014 15:09:38 +0100
From:	Jesper Dangaard Brouer <brouer@...hat.com>
To:	Norbert van Bolhuis <nvbolhuis@...valley.nl>
Cc:	Jesper Dangaard Brouer <brouer@...hat.com>,
	Daniel Borkmann <dborkman@...hat.com>, netdev@...r.kernel.org,
	David Miller <davem@...emloft.net>, uaca@...mni.uv.es
Subject: Re: single process receives own frames due to PACKET_MMAP


On Tue, 07 Jan 2014 14:16:03 +0100
Norbert van Bolhuis <nvbolhuis@...valley.nl> wrote:
> On 01/07/14 11:06, Jesper Dangaard Brouer wrote:
> > On Tue, 07 Jan 2014 10:32:01 +0100
> > Daniel Borkmann<dborkman@...hat.com>  wrote:
> >
> >> On 01/06/2014 11:58 PM, Norbert van Bolhuis wrote:
> >>>
[...]
> >>
> >>> I'd say it makes no sense to make the same process receive its
> >>> own transmitted frames on that same interface (unless its lo).
> >
> > Have you setup:
> >   ring->s_ll.sll_protocol = 0
> >
> > This is what I did in trafgen to avoid this problem.
> >
> > See line 55 in netsniff-ng/ring.c:
> >   https://github.com/borkmann/netsniff-ng/blob/c3602a995b21e8133c7f4fd1fb1e7e21b6a844f1/ring.c#L55
> >
> > Commit:
> >   https://github.com/borkmann/netsniff-ng/commit/c3602a995b21e8133c7f4fd1fb1e7e21b6a844f1
> >
> 
> 
> No I did not do that, I was checking my code against netsniff-ng-0.5.8-rc4.
> 
> But I just tried it, I believe I do the same as netsniff-ng-0.5.8-rc5, but it doesn't
> work for me. Maybe because I have an old FC14 system (kernel 2.6.35.14-106.fc14.x86_64).
> 
> So I tried to see whether netsniff-ng-0.5.8-rc5/trafgen still makes the
> kernel call packet_rcv() on my FC14 system. So I build and run it, but I'm not sure
> how to (easily) check that.

The easiest way is to:
  cat /proc/net/ptype
And look if someone registered a proto handler/function: packet_rcv (or tpacket_rcv).

The more exact method is, to run "perf record -a -g" and then look (at
the result with "perf report") for a lock contention, and "expand" the
spin_lock and see if packet_rcv() is calling this spin lock.


> In anyway, Wireshark does capture the trafgen generated
> frames, does that say anything ?

Be careful not to start a wireshark/tcpdump, at the sametime, as this
will slow you down.
 
> In the future, I can at least use PACKET_QDISC_BYPASS as a "workaround".

And in the future with PACKET_QDISC_BYPASS, your wireshark will not
catch these packets, remember that.

-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Sr. Network Kernel Developer at Red Hat
  Author of http://www.iptv-analyzer.org
  LinkedIn: http://www.linkedin.com/in/brouer
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ