[lwip-devel] [bug #11400] ARP multi-packet-queue modifies TCP unsent/una

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #11400] ARP multi-packet-queue modifies TCP unsent/una

From:	Simon Goldschmidt
Subject:	[lwip-devel] [bug #11400] ARP multi-packet-queue modifies TCP unsent/unacked segment packet pbuf chain into packet queue
Date:	Fri, 23 Mar 2007 07:51:11 +0000
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

Follow-up Comment #21, bug #11400 (project lwip):

Re comment #20

1. About copying REF pbufs: That was not _my_ idea, it's the way it was for a
long time now, using pbuf_take(). If we wouldn't need this, things would get
easier. I didn't look into this direction, yet. At least udp sockets send
their data using PBUF_REFs without asking the user. This is normally no
problem since the only delay for sending out UDP datagrams is the network
hardware (-> AND arp queueing).

>I do not see a way for a PBUF_REF to get sent to the ARP layer from TCP.

I'm not sure what you're saying with this. You mean TCP layer does not
'create' PBUF_REFs and send them to ARP layer?

2.
>"that's the way it's solved right now (in CVS HEAD)"
etharp.c version 1.102 (2 weeks old) enqueues structs etharp_q_entry (taken
from a new memp-pool) instead of enqueueing the pbufs directly. In this way,
the pbufs are not changed.

3. The memory leak I'm implying comes if the head of the pbuf is a PBUF_REF.
Then, pbuf_take() will change this pbuf into PBUF_POOL or _RAM which later
(through pbuf_ref) has a refcount of 2, although only ARP knows about it. So
after ARP frees it, it will be left with a refcount of 1, although it's
unreferenced. (At the same time, the PBUF_REF was freed but it's still
referenced by an upper layer.)

Now I don't know if this ever happens, since the first pbuf in a packet (the
IP-header) would be a REF type (probably does not happen?). But then it
should be taken care of (for the future) by checking it.

4. (todo:) The ARP_QUEUEING as it is only references the first pbuf in a
queue since pbuf_ref() only calls ref++ for the first pbuf in a queue -> the
others could be freed before sending.

SO: as long as we could say PBUF_REF types are still valid later, we could
throw away the pbuf_copy/pbuf_take code and simply call pbuf_ref() for the
whole queue. But at least regarding UDP sockets, I think we can't. And since
we mustn't delete pbufs in given to us since they are probably referenced by
others, the only solution I see is to make a copy of the whole packet if it
contains a PBUF_REF.

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?11400>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #11400] ARP multi-packet-queue modifies TCP unsent/unacked segment packet pbuf chain into packet queue, (continued)

Prev by Date: [lwip-devel] [bug #19347] netif_add & tcpip_init problem
Next by Date: [lwip-devel] [bug #18782] the default PBUF_POOL_BUFSIZE value should be changed
Previous by thread: [lwip-devel] [bug #11400] ARP multi-packet-queue modifies TCP unsent/unacked segment packet pbuf chain into packet queue
Next by thread: [lwip-devel] [bug #11400] ARP multi-packet-queue modifies TCP unsent/unacked segment packet pbuf chain into packet queue
Index(es):
- Date
- Thread