[Xorp-hackers] Xorp FEA crash

Ben Greear greearb at candelatech.com
Fri Jul 18 12:14:30 PDT 2008 

Pavlin Radoslavov wrote:
> Ben,
> 
> Given that we are very close to the 1.5 release, I need to be able
> to replicate myself the crash (and to verify that the fix takes care
> of that crash), hence please send me the following info:
> 
>   * OS and kernel version
>   * the top-level config.h that is auto-generated after running ./configure
>   * the XORP config

I'm compiling on FC5-32-bit but with kernel headers from FC8 (so that
greater than 255 routing tables work, etc).  I'm running this on an FC8
system, with patched kernel to support multiple multicast tables
and some extra virtual interface support and other assorted hacks.

And, xorp is patched fairly extensively as well.  What I mean to imply
is that it may be impossible for you to reproduce this, but per my explanation
below, I think you can verify the bug by code inspection.

The config.h is attached.

I don't recall the exact config I was using to test this, but it
I am pretty sure it had IPv6 OSPF enabled and OSPFv4 enabled.  I
was enabling multicast as well at some point.  (It would have to
be sending IPv6 pkts to hit this error case.)

However, I think it will take some luck to reproduce this since I
believe the reason it happens is that the cmsg struct must have non-zero
values in it that are NOT initialized properly when you do two CMSG_NXTHDR
calls in a row.

I ran this for days before I hit the problem, but of course a customer
trying out our beta hit it immediately.

If you want to leave this out until after 1.5 that is fine with
me, but if you look at the Linux CMSG_NXTHDR implementation (at least on Linux),
and if you assume that both the #ifdefs are false in the code I was
patching, you can see how this bug can happen.

Thanks,
Ben


> 
> Thanks,
> Pavlin


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: config.h
Type: text/x-chdr
Size: 25469 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-hackers/attachments/20080718/06592b23/attachment.bin

More information about the Xorp-hackers mailing list