There is an issue reported by Volker Diels-Grabsch and Boleyn Su. A segmentation fault occurs when executing the following command: (sleep 0.1; ssh -p 22000 127.0.0.1) & passt -f -t 22000:22 It's caused by commit 78da088f7bab ("tcp: unify payload and flags l2 frames array"). Fix it by storing the owner connections of flags frames into tcp_frame_conns[] array. Reported-by: Volker Diels-Grabsch Reported-by: Boleyn Su Suggested-by: David Gibson Fixes: 78da088f7bab ("tcp: unify payload and flags l2 frames array") Signed-off-by: Yumei Huang --- tcp_buf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tcp_buf.c b/tcp_buf.c index bc898de..d351c20 100644 --- a/tcp_buf.c +++ b/tcp_buf.c @@ -209,13 +209,14 @@ int tcp_buf_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags) if (ret <= 0) return ret; - tcp_payload_used++; + tcp_frame_conns[tcp_payload_used++] = conn; l4len = optlen + sizeof(struct tcphdr); iov[TCP_IOV_PAYLOAD].iov_len = l4len; tcp_l2_buf_fill_headers(conn, iov, NULL, seq, false); if (flags & DUP_ACK) { struct iovec *dup_iov = tcp_l2_iov[tcp_payload_used++]; + tcp_frame_conns[tcp_payload_used - 1] = conn; memcpy(dup_iov[TCP_IOV_TAP].iov_base, iov[TCP_IOV_TAP].iov_base, iov[TCP_IOV_TAP].iov_len); -- 2.47.0