summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2014-04-30 13:32:08 +0200
committerTobias Klauser <tklauser@distanz.ch>2014-04-30 13:32:08 +0200
commitf4821f92614bafaaee01721b3a5ffc29fe2f5365 (patch)
tree87b71ab410183ad1497e7cf6798aa7b3dc72dba3
parent190dc7879a1a8813f2332ee7b39b743a49ac2771 (diff)
ring: Consistently use size_t to specify ring size
The mm_len member of struct ring is of type size_t, but in the code paths leading to set it, unsigned int is used. In circumstances where unsigned int is 32 bit and size_t is 64 bit, this could lead to an integer overflow, which causes an improper ring size being mmap()'ed in mmap_ring_generic(). In order to prevent this, consistently use size_t to store the ring size, since this is also what mmap() takes as its `length' parameter. This now allows to specify ring sizes larger than 4 GiB for both netsniff-ng and trafgen (fixes #90). Reported-by: Jon Schipp <jonschipp@gmail.com> Reported-by: Michał Purzyński <michalpurzynski1@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
-rw-r--r--netsniff-ng.c12
-rw-r--r--ring.h2
-rw-r--r--ring_rx.c4
-rw-r--r--ring_rx.h4
-rw-r--r--ring_tx.c4
-rw-r--r--ring_tx.h4
-rw-r--r--trafgen.c6
7 files changed, 21 insertions, 15 deletions
diff --git a/netsniff-ng.c b/netsniff-ng.c
index ab3d53f..a994299 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -55,7 +55,8 @@ enum dump_mode {
struct ctx {
char *device_in, *device_out, *device_trans, *filter, *prefix;
int cpu, rfraw, dump, print_mode, dump_dir, packet_type, verbose;
- unsigned long kpull, dump_interval, reserve_size, tx_bytes, tx_packets;
+ unsigned long kpull, dump_interval, tx_bytes, tx_packets;
+ size_t reserve_size;
bool randomize, promiscuous, enforce, jumbo, dump_bpf;
enum pcap_ops_groups pcap; enum dump_mode dump_mode;
uid_t uid; gid_t gid; uint32_t link_type, magic;
@@ -170,7 +171,8 @@ static void pcap_to_xmit(struct ctx *ctx)
{
uint8_t *out = NULL;
int irq, ifindex, fd = 0, ret;
- unsigned int size, it = 0;
+ size_t size;
+ unsigned int it = 0;
unsigned long trunced = 0;
struct ring tx_ring;
struct frame_map *hdr;
@@ -344,7 +346,8 @@ static void receive_to_xmit(struct ctx *ctx)
short ifflags = 0;
uint8_t *in, *out;
int rx_sock, ifindex_in, ifindex_out, ret;
- unsigned int size_in, size_out, it_in = 0, it_out = 0;
+ size_t size_in, size_out;
+ unsigned int it_in = 0, it_out = 0;
unsigned long frame_count = 0;
struct frame_map *hdr_in, *hdr_out;
struct ring tx_ring, rx_ring;
@@ -879,7 +882,8 @@ static void recv_only_or_dump(struct ctx *ctx)
{
short ifflags = 0;
int sock, irq, ifindex, fd = 0, ret;
- unsigned int size, it = 0;
+ size_t size;
+ unsigned int it = 0;
struct ring rx_ring;
struct pollfd rx_poll;
struct sock_fprog bpf_ops;
diff --git a/ring.h b/ring.h
index d3ccc04..acf5d59 100644
--- a/ring.h
+++ b/ring.h
@@ -67,7 +67,7 @@ static inline void next_rnd_slot(unsigned int *it, struct ring *ring)
*it = rand() % ring->layout.tp_frame_nr;
}
-static inline unsigned int ring_size(char *ifname, unsigned int size)
+static inline size_t ring_size(char *ifname, size_t size)
{
if (size > 0)
return size;
diff --git a/ring_rx.c b/ring_rx.c
index 59cafd3..c42c353 100644
--- a/ring_rx.c
+++ b/ring_rx.c
@@ -40,7 +40,7 @@ void destroy_rx_ring(int sock, struct ring *ring)
panic("Cannot destroy the RX_RING: %s!\n", strerror(errno));
}
-void setup_rx_ring_layout(int sock, struct ring *ring, unsigned int size,
+void setup_rx_ring_layout(int sock, struct ring *ring, size_t size,
bool jumbo_support, bool v3)
{
fmemset(&ring->layout, 0, sizeof(ring->layout));
@@ -95,7 +95,7 @@ retry:
if (ret < 0)
panic("Cannot allocate RX_RING!\n");
- ring->mm_len = ring->layout.tp_block_size * ring->layout.tp_block_nr;
+ ring->mm_len = (size_t) ring->layout.tp_block_size * ring->layout.tp_block_nr;
if (verbose) {
if (!v3) {
diff --git a/ring_rx.h b/ring_rx.h
index 5057a30..1a60453 100644
--- a/ring_rx.h
+++ b/ring_rx.h
@@ -16,8 +16,8 @@ extern void create_rx_ring(int sock, struct ring *ring, int verbose);
extern void mmap_rx_ring(int sock, struct ring *ring);
extern void alloc_rx_ring_frames(int sock, struct ring *ring);
extern void bind_rx_ring(int sock, struct ring *ring, int ifindex);
-extern void setup_rx_ring_layout(int sock, struct ring *ring,
- unsigned int size, bool jumbo_support, bool v3);
+extern void setup_rx_ring_layout(int sock, struct ring *ring, size_t size,
+ bool jumbo_support, bool v3);
extern void sock_rx_net_stats(int sock, unsigned long seen);
static inline int user_may_pull_from_rx(struct tpacket2_hdr *hdr)
diff --git a/ring_tx.c b/ring_tx.c
index 17d5f26..ee47f3f 100644
--- a/ring_tx.c
+++ b/ring_tx.c
@@ -45,7 +45,7 @@ void destroy_tx_ring(int sock, struct ring *ring)
xfree(ring->frames);
}
-void setup_tx_ring_layout(int sock, struct ring *ring, unsigned int size,
+void setup_tx_ring_layout(int sock, struct ring *ring, size_t size,
bool jumbo_support)
{
fmemset(&ring->layout, 0, sizeof(ring->layout));
@@ -86,7 +86,7 @@ retry:
if (ret < 0)
panic("Cannot allocate TX_RING!\n");
- ring->mm_len = ring->layout.tp_block_size * ring->layout.tp_block_nr;
+ ring->mm_len = (size_t) ring->layout.tp_block_size * ring->layout.tp_block_nr;
if (verbose) {
printf("TX,V2: %.2Lf MiB, %u Frames, each %u Byte allocated\n",
diff --git a/ring_tx.h b/ring_tx.h
index ea99fc6..70dd401 100644
--- a/ring_tx.h
+++ b/ring_tx.h
@@ -19,8 +19,8 @@ extern void create_tx_ring(int sock, struct ring *ring, int verbose);
extern void mmap_tx_ring(int sock, struct ring *ring);
extern void alloc_tx_ring_frames(int sock, struct ring *ring);
extern void bind_tx_ring(int sock, struct ring *ring, int ifindex);
-extern void setup_tx_ring_layout(int sock, struct ring *ring,
- unsigned int size, bool jumbo_support);
+extern void setup_tx_ring_layout(int sock, struct ring *ring, size_t size,
+ bool jumbo_support);
extern void set_packet_loss_discard(int sock);
static inline int user_may_pull_from_tx(struct tpacket2_hdr *hdr)
diff --git a/trafgen.c b/trafgen.c
index 489ff53..43148b7 100644
--- a/trafgen.c
+++ b/trafgen.c
@@ -56,7 +56,8 @@
struct ctx {
bool rand, rfraw, jumbo_support, verbose, smoke_test, enforce, qdisc_path;
- unsigned long num, reserve_size;
+ size_t reserve_size;
+ unsigned long num;
unsigned int cpus;
uid_t uid; gid_t gid;
char *device, *device_trans, *rhost;
@@ -590,7 +591,8 @@ static void xmit_fastpath_or_die(struct ctx *ctx, int cpu, unsigned long orig_nu
int ifindex = device_ifindex(ctx->device);
uint8_t *out = NULL;
unsigned int it = 0;
- unsigned long num = 1, i = 0, size;
+ unsigned long num = 1, i = 0;
+ size_t size;
struct ring tx_ring;
struct frame_map *hdr;
struct timeval start, end, diff;