| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Feb 2009 10:32:42 +0100 From: Kristian Evensen <kristian.evensen@...il.com> To: netdev@...r.kernel.org Subject: Correct use of private socket queue and pskb_copy Hello, I am working on a TCP modification that requires private copies of the affected SKBs and the memory cannot safely be freed before ACK is received. To solve this, I have created a new queue in the sock-struct, intialized in sock_init_data and sk_clone, and then use the queue in the following order: * tcp_transmit_skb is called * If the skb shall be modified, creates a copy using pskb_copy * Modifies the skb and places the copy on "my" queue * ACK is received, kernel works through "my" queue and removes SKBs that can be removed. However, there is something I can't figure out and that stops this solution from working. After placing the copy of the SKB on the queue, after a while I see that its memory is modified. The sequence numbers change to corrupted values, next/prev-pointers break and so forth.My question is, does anyone have any idea on what modifies the memory or what I might have done wrong? As far as I can see, the queue is initialized correctly and I have not found anywhere in the code that modifies any of the affected areas of the copied SKB (code that is run after it is created). Thanks in advance for any help. -Kristian -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists