There is an issue reported by Volker Diels-Grabsch and Boleyn Su.
A segmentation fault occurs when executing the following command:
(sleep 0.1; ssh -p 22000 127.0.0.1) & passt -f -t 22000:22
It's caused by commit 78da088f7bab ("tcp: unify payload and flags
l2 frames array"). Fix it by storing the owner connections of flags
frames into tcp_frame_conns[] array.
Reported-by: Volker Diels-Grabsch
Reported-by: Boleyn Su
Suggested-by: David Gibson
Fixes: 78da088f7bab ("tcp: unify payload and flags l2 frames array")
Signed-off-by: Yumei Huang
---
tcp_buf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tcp_buf.c b/tcp_buf.c
index bc898de..d351c20 100644
--- a/tcp_buf.c
+++ b/tcp_buf.c
@@ -209,13 +209,14 @@ int tcp_buf_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags)
if (ret <= 0)
return ret;
- tcp_payload_used++;
+ tcp_frame_conns[tcp_payload_used++] = conn;
l4len = optlen + sizeof(struct tcphdr);
iov[TCP_IOV_PAYLOAD].iov_len = l4len;
tcp_l2_buf_fill_headers(conn, iov, NULL, seq, false);
if (flags & DUP_ACK) {
struct iovec *dup_iov = tcp_l2_iov[tcp_payload_used++];
+ tcp_frame_conns[tcp_payload_used - 1] = conn;
memcpy(dup_iov[TCP_IOV_TAP].iov_base, iov[TCP_IOV_TAP].iov_base,
iov[TCP_IOV_TAP].iov_len);
--
2.47.0