[lwip-devel] [bugs #2679] Data packet split on odd boundaries -> causes

lwip-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bugs #2679] Data packet split on odd boundaries -> causes

From:	Michael Anburaj
Subject:	[lwip-devel] [bugs #2679] Data packet split on odd boundaries -> causes exception
Date:	Tue, 18 Jan 2005 21:23:15 -0000
User-agent:	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
This is an automated notification sent by Savannah.
It relates to:
                bugs #2679, project lwIP - A Lightweight TCP/IP stack

==============================================================================
 LATEST MODIFICATIONS of bugs #2679:
==============================================================================

               Posted by: Michael Anburaj <michaelanburaj>
               Posted on: 2005-01-18 21:06 (GMT)
    _______________________________________________________

Follow-up Comment:
--Fix added--



Data packets split over Odd byte boundaries (issue discussed over
address@hidden around 28 Feb 2003).



Source: Current CVS source



Symptom: On processors (ARM, MIPS & like cores), which do not allow unaligned
access (or turned off to optimize data access), when odd byte packets are sent
to LwIP stack - The packet data alignment gets broken due to packet split on
odd byte boundaries, causes an unaligned access exception.



Detail description:



Lets say we want to send two packets:

Packet1 : Size 45 bytes

Packet2 : Size 300 bytes



netconn_write() is called twice consecutively for sending the above 2
packets. The netconn->pcb.tcp->snd_buf sets the buffer size limit for data to
be packed together for sending.







Packet1              Packet2



 --------            ----------------------------

|   45   |          |          300               |

 --------            ----------------------------



  |

  |

  | After 2 consecutive netconn_write() calls

  |

  V





Snd_buf (256 bytes)                   snd_buf (256

bytes)

 _________|________________            ____|_____ _ _ _

(                          )          (          



 -------- -----------------            ----------

|   45   +      211        |          |    89    |

 -------- -----------------            ----------



The second packet's remaining bytes (89 byte data - packet data starting on a
odd byte boundary) when sent to lwip_chksum() routine subsequently, which does
a 16 bit access - causes Alignment fault (memory access exception). This holds
true on all processor platforms that don't allow unaligned memory access.





Fix:

The fix I have proposed here evens the snd_buf. So, when a odd number of
bytes (N) packet is sent, N+1 byte space is assumed for snd_buf.



I have included the patch for the same along with this.



Email me back for more details on this.



Thanks,

-Michael (michaelanburaj at yahoo.com).


    _______________________________________________________

Additional Item Attachment:
File name: oddbyte.tar                    Size:10 KB
Fix (patch)
<http://savannah.nongnu.org/bugs/download.php?item_id=2679&amp;item_file_id=2078>

==============================================================================
 OVERVIEW of bugs #2679:
==============================================================================

URL:
  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=2679>

                 Summary: Data packet split on odd boundaries -> causes
exception
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: michaelanburaj
            Submitted on: Fri 02/28/2003 at 10:27
                Category: None
                Severity: 5 - Average
              Item Group: Crash Error
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open

    _______________________________________________________


Any processor with alignment error check turned on will suffer this issue. 



Lets say we want to send two packets:

Packet1 : Size 45 bytes

Packet2 : Size 300 bytes



netconn_write() is called twice consecutively for sending the above 2
packets. The netconn->pcb.tcp->snd_buf sets the buffer size limit for data to
be packed together for sending.







Packet1              Packet2



 --------            ----------------------------

|   45   |          |          300               |

 --------            ----------------------------



  |

  |

  | After 2 consecutive netconn_write() calls

  |

  V





buffer (256 bytes)                   buffer (256

bytes)

 _________|________________            ____|_____ _ _

(                          )          (          



 -------- -----------------            ----------

|   45   +      211        |          |    89    |

 -------- -----------------            ----------



The second packets 2nd half (89 byte data - packet data starting on an odd
byte boundary) when sent to lwip_chksum() routine, which does a 16 bit access
causes Alignment fault (memory access exception). This holds true on all
processor platforms that dont allow unaligned memory access.













Another explanation (to give a better picture):



This issue happens well in advance within the LwIP code.



In an LwIP application, netconn_accept() returns 'netconn' structure upon
receiving new application data packet <HTTP> on a particular port.



The netconn->pcb.tcp->snd_buf variable is equal to 256 (no idea who sets this
number). Following this,  netconn_write() is called (to send out packets) & 
the value of netconn->pcb.tcp->snd_buf gradually reduces by the amount of
data sent out (in bytes). As I understand netconn->pcb.tcp->snd_buf sets
the limit of data sent in an instance within the loop inside
netconn_write().



Now lets consider that the application has the following data packets to be
sent out.



PACK1 : Size = 45 bytes long, &PACK1[0] = 0x00001000

PACK2 : Size = 300 bytes long, &PACK2[0] = 0x00002000



After the 1st netconn_write( .. PACK1 .. ), netconn->pcb.tcp->snd_buf =
256-45 = 211 <after PACK1 is processed>.



Then the application sends the second packet by calling netconn_write( ..
PACK2 .. ).



Within netconn_write()s loop, 211 bytes of PACK2 is 1st processed & then it
tries to process the remaining data (data staring at PACK2[211]).



This data packet starting at PACK2[211] is eventually sent to lwip_chksum(),
which access data within packet as half-words (16 bits). The very 1st access
will result in doing a 16-bit access at address (0x2000 + 211) <- this
address is not half-word aligned, so the processor aborts.



This was evident when running Adam's sample code (modified version) on a MIPS
4Kc (32 bit platform) processor board.

    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Tue 01/18/2005 at 21:06       By: Michael Anburaj <michaelanburaj>
--Fix added--



Data packets split over Odd byte boundaries (issue discussed over
address@hidden around 28 Feb 2003).



Source: Current CVS source



Symptom: On processors (ARM, MIPS & like cores), which do not allow unaligned
access (or turned off to optimize data access), when odd byte packets are sent
to LwIP stack - The packet data alignment gets broken due to packet split on
odd byte boundaries, causes an unaligned access exception.



Detail description:



Lets say we want to send two packets:

Packet1 : Size 45 bytes

Packet2 : Size 300 bytes



netconn_write() is called twice consecutively for sending the above 2
packets. The netconn->pcb.tcp->snd_buf sets the buffer size limit for data to
be packed together for sending.







Packet1              Packet2



 --------            ----------------------------

|   45   |          |          300               |

 --------            ----------------------------



  |

  |

  | After 2 consecutive netconn_write() calls

  |

  V





Snd_buf (256 bytes)                   snd_buf (256

bytes)

 _________|________________            ____|_____ _ _ _

(                          )          (          



 -------- -----------------            ----------

|   45   +      211        |          |    89    |

 -------- -----------------            ----------



The second packet's remaining bytes (89 byte data - packet data starting on a
odd byte boundary) when sent to lwip_chksum() routine subsequently, which does
a 16 bit access - causes Alignment fault (memory access exception). This holds
true on all processor platforms that don't allow unaligned memory access.





Fix:

The fix I have proposed here evens the snd_buf. So, when a odd number of
bytes (N) packet is sent, N+1 byte space is assumed for snd_buf.



I have included the patch for the same along with this.



Email me back for more details on this.



Thanks,

-Michael (michaelanburaj at yahoo.com).









    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 01/18/2005 at 21:06  Name: oddbyte.tar  Size: 10KB   By:
michaelanburaj
Fix (patch)
<http://savannah.nongnu.org/bugs/download.php?item_id=2679&item_file_id=2078>

==============================================================================

This item URL is:
  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=2679>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/
[Prev in Thread]
Current Thread
[Next in Thread]
[lwip-devel] [bugs #2679] Data packet split on odd boundaries -> causes exception, Michael Anburaj <=
Next by Date: [lwip-devel] [task #1548] uCOS-II multi-threaded BSD socket layer
Next by thread: [lwip-devel] [task #1548] uCOS-II multi-threaded BSD socket layer
Index(es):
- Date
- Thread