hi Question about construct the sk_buff

lx lxlenovostar at gmail.com
Sun Sep 28 02:34:32 EDT 2014


hi all:
   I fix it. I make a error with:
###############################
                        skb_reset_tail_pointer(skb);
send_skb->end = skb->tail + len + NUM;
kmemcheck_annotate_bitfield(skb, flags1);
kmemcheck_annotate_bitfield(skb, flags2);

//send_skb->ip_summed = CHECKSUM_PARTIAL;
 struct skb_shared_info *shinfo;
shinfo = skb_shinfo(skb);
atomic_set(&shinfo->dataref, 2);
shinfo->nr_frags  = 0;
shinfo->gso_size = 0;
shinfo->gso_segs = 0;
shinfo->gso_type = 0;
shinfo->ip6_frag_id = 0;
shinfo->tx_flags.flags = 0;
skb_frag_list_init(skb);
###############################

I should use send_skb instead of skb.



2014-09-25 17:58 GMT+08:00 lx <lxlenovostar at gmail.com>:

> hi all:
>       I have a mmap memory area, so I don't want to use alloc_skb(). I use
> this way:
> 1. use kmem_cache_alloc_node() for sk_buff struct.
> 2. the mmap memory area of "mmap_buf" for data area of packet.
>
>
> the codes is:
>
> alloc data memory area:
> ###############################################################
> mmap_buf  = vmalloc(mmap_size);
> printk("vmalloc mmap_buf=%p  mmap_size=%ld\n", (void *)mmap_buf,
> mmap_size);
> if (!mmap_buf ) {
> printk("vmalloc failed!\n");
> return -1;
> }
> for (i = 0; i < mmap_size; i += PAGE_SIZE) {
> SetPageReserved(vmalloc_to_page(mmap_buf + i));
> }
> ###############################################################
> I will mmap the "mmap_buf" area, in this way:
> ###############################################################
> while (size > 0) {
> pfn = vmalloc_to_pfn(ptmp);
> if ((ret = remap_pfn_range(vma, start, pfn, PAGE_SIZE, PAGE_SHARED)) < 0) {
> return ret;
> }
> start += PAGE_SIZE;
> ptmp += PAGE_SIZE;
> size -= PAGE_SIZE;
> }
> ###############################################################
>
> construct packet
> ################################################################
> /*
> * send packet
> */
> spin_lock(&lock);
> int eth_len, udph_len, iph_len, len;
> eth_len = sizeof(struct ethhdr);
> iph_len = sizeof(struct iphdr);
> udph_len  = sizeof(struct udphdr);
> len = eth_len + iph_len + udph_len;
>  /*
>  * build a new sk_buff
>  */
> struct sk_buff *send_skb = kmem_cache_alloc_node(skbuff_head_cache,
> GFP_ATOMIC & ~__GFP_DMA, NUMA_NO_NODE);
>  if (!send_skb) {
> return NF_DROP;
> }
>  memset(send_skb, 0, offsetof(struct sk_buff, tail));
> atomic_set(&send_skb->users, 2);
> send_skb->head = mmap_buf + 1024;
> send_skb->data = mmap_buf + 1024;
> skb_reset_tail_pointer(skb);
> send_skb->end = skb->tail + len + NUM;
> kmemcheck_annotate_bitfield(skb, flags1);
> kmemcheck_annotate_bitfield(skb, flags2);
>
> //send_skb->ip_summed = CHECKSUM_PARTIAL;
>  struct skb_shared_info *shinfo;
> shinfo = skb_shinfo(skb);
> atomic_set(&shinfo->dataref, 2);
> shinfo->nr_frags  = 0;
> shinfo->gso_size = 0;
> shinfo->gso_segs = 0;
> shinfo->gso_type = 0;
> shinfo->ip6_frag_id = 0;
> shinfo->tx_flags.flags = 0;
> skb_frag_list_init(skb);
> memset(&shinfo->hwtstamps, 0, sizeof(shinfo->hwtstamps));
>
> printk("mmap_buf + 1024 is %p\n", mmap_buf + 1024);
> skb_reserve(send_skb, len);
> printk("data %p, len is %d\n", send_skb->data, len);
> skb_push(send_skb, sizeof(struct udphdr));
> printk("udp data %p\n", send_skb->data);
> skb_reset_transport_header(send_skb);
>  /*
>   * just instead of copy datas.
>   */
> //send_skb->tail = send_skb->end;
>  udph = udp_hdr(send_skb);
> udph->source = dport;
> udph->dest = htons(ntohs(dport) + 1);
> udph->len = htons(udph_len);
> udph->check = 0;
> udph->check = csum_tcpudp_magic(daddr, in_aton(dest_addr), udph_len,
> IPPROTO_UDP, csum_partial(udph, udph_len, 0));
>  if (udph->check == 0)
> udph->check = CSUM_MANGLED_0;
>
> skb_push(send_skb, sizeof(struct iphdr));
> printk("ip data %p\n", send_skb->data);
> skb_reset_network_header(send_skb);
> send_iph = ip_hdr(send_skb);
>
> // iph->version = 4; iph->ihl = 5;
> put_unaligned(0x45, (unsigned char *)send_iph);
> send_iph->tos = 0;
> put_unaligned(htons(iph_len) + htons(udph_len), &(send_iph->tot_len));
> //send_iph->id       = htons(atomic_inc_return(&ip_ident));
> send_iph->id = 0;
> send_iph->frag_off = 0;
> send_iph->ttl = 64;
> send_iph->protocol = IPPROTO_UDP;
> send_iph->check = 0;
> put_unaligned(daddr, &(send_iph->saddr));
> put_unaligned(in_aton(dest_addr), &(send_iph->daddr));
> send_iph->check    = ip_fast_csum((unsigned char *)send_iph,
> send_iph->ihl);
>
> struct net_device *dev = skb->dev;
> eth = (struct ethhdr *)skb_push(send_skb, ETH_HLEN);
> printk("eth data %p\n", send_skb->data);
> skb_reset_mac_header(send_skb);
> send_skb->protocol = eth->h_proto = htons(ETH_P_IP);
> //printk("dev_addr is %p, len is %d", dev->dev_addr, ETH_ALEN);
> printk("h_source is %p, dev_addr is %p, len is %d", eth->h_source,
> dev->dev_addr, ETH_ALEN);
> memcpy(eth->h_source, dev->dev_addr, ETH_ALEN);
> u8 dst_mac[ETH_ALEN] = DST_MAC;
> memcpy(eth->h_dest, dst_mac, ETH_ALEN);
> send_skb->dev = dev;
> int result = dev_queue_xmit(send_skb);
> printk("result is %d\n", result);
> spin_unlock(&lock);
> ################################################################
>
> But I think construct packet is wrong, and Oops is:
> ################################################################
> <1>BUG: unable to handle kernel paging request at ffffeae38000b520
> <1>IP: [<ffffffff81170bab>] kfree+0x7b/0x320
> <4>PGD 0
> <4>Oops: 0000 [#1] SMP
> <4>last sysfs file: /sys/devices/system/cpu/online
> <4>CPU 0
> <4>Modules linked in: my_mmap(U) 8021q garp stp llc fuse vmhgfs(U)
> vsock(U) ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter
> ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state
> nf_conntrack ip6table_filter ip6_tables ipv6 uinput microcode ppdev
> vmware_balloon snd_ens1371 snd_rawmidi snd_ac97_codec ac97_bus snd_seq
> snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000
> parport_pc parport sg vmci(U) i2c_piix4 i2c_core shpchp ext4 jbd2 mbcache
> sd_mod crc_t10dif sr_mod cdrom mptspi mptscsih mptbase scsi_transport_spi
> pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last
> unloaded: my_mmap]
> <4>
> <4>Pid: 0, comm: swapper Tainted: G        W  ---------------
>  2.6.32-431.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX
> Desktop Reference Platform
> <4>RIP: 0010:[<ffffffff81170bab>]  [<ffffffff81170bab>] kfree+0x7b/0x320
> <4>RSP: 0018:ffff88000c4037c0  EFLAGS: 00010082
> <4>RAX: ffffeae38000b520 RBX: ffffc9000033c400 RCX: ffffc9000033c400
> <4>RDX: ffffea0000000000 RSI: ffff8800378585d8 RDI: ffffc9000033c400
> <4>RBP: ffff88000c403820 R08: ffff880037b36020 R09: 0000000000000000
> <4>R10: 0000000000000000 R11: ffff88000c40384c R12: ffffffff8144fc98
> <4>R13: 0000000000000286 R14: 0000000000000000 R15: ffffc9000033c400
> <4>FS:  0000000000000000(0000) GS:ffff88000c400000(0000)
> knlGS:0000000000000000
> <4>CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
> <4>CR2: ffffeae38000b520 CR3: 000000007bb47000 CR4: 00000000000007f0
> <4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> <4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> <4>Process swapper (pid: 0, threadinfo ffffffff81a00000, task
> ffffffff81a8d020)
> <4>Stack:
> <4> 3030303030303436 0000000000003082 3030303030303030 ffff88007d9e0ae0
> <4><d> 000000000000001d ffff88007a81d740 ffff88000c4168a8 ffff8800379b19c0
> <4><d> ffff8800379b19c0 ffff88007bb7b800 000000000000002a ffffc9000033c400
> <4>Call Trace:
> <4> <IRQ>
> <4> [<ffffffff8144fc98>] skb_release_data+0xd8/0x110
> <4> [<ffffffff8144f7ce>] __kfree_skb+0x1e/0xa0
> <4> [<ffffffff8144f88b>] consume_skb+0x3b/0x80
> <4> [<ffffffff814fadec>] packet_rcv+0x5c/0x440
> <4> [<ffffffff8145bb25>] dev_queue_xmit_nit+0x125/0x1a0
> <4> [<ffffffff81460346>] dev_hard_start_xmit+0x216/0x480
> <4> [<ffffffff8147bd0a>] sch_direct_xmit+0x15a/0x1c0
> <4> [<ffffffff81460858>] dev_queue_xmit+0x228/0x320
> <4> [<ffffffffa002a4b1>] hook_local_in+0x3e1/0x410 [my_mmap]
> <4> [<ffffffff8105a360>] ? check_preempt_wakeup+0x1c0/0x260
> <4> [<ffffffff814893a9>] nf_iterate+0x69/0xb0
> <4> [<ffffffff814938a0>] ? ip_rcv_finish+0x0/0x440
> <4> [<ffffffff81489566>] nf_hook_slow+0x76/0x120
> <4> [<ffffffff814938a0>] ? ip_rcv_finish+0x0/0x440
> <4> [<ffffffff81493f44>] ip_rcv+0x264/0x350
> <4> [<ffffffff8145b54b>] __netif_receive_skb+0x4ab/0x750
> <4> [<ffffffff8145f1b8>] netif_receive_skb+0x58/0x60
> <4> [<ffffffff8145f2c0>] napi_skb_finish+0x50/0x70
> <4> [<ffffffff81460a29>] napi_gro_receive+0x39/0x50
> <4> [<ffffffffa01b5a88>] e1000_receive_skb+0x58/0x90 [e1000]
> <4> [<ffffffffa01ba5b2>] e1000_clean_rx_irq+0x2b2/0x5e0 [e1000]
> <4> [<ffffffffa01b7cd1>] e1000_clean+0x1f1/0xa50 [e1000]
> <4> [<ffffffff81068ff5>] ? enqueue_entity+0x125/0x450
> <4> [<ffffffff81069384>] ? enqueue_task_fair+0x64/0x100
> <4> [<ffffffff81059216>] ? enqueue_task+0x66/0x80
> <4> [<ffffffff81460b43>] net_rx_action+0x103/0x2f0
> <4> [<ffffffff8107a8e1>] __do_softirq+0xc1/0x1e0
> <4> [<ffffffff8100c30c>] call_softirq+0x1c/0x30
> <4> [<ffffffff8100fa75>] do_softirq+0x65/0xa0
> <4> [<ffffffff8107a795>] irq_exit+0x85/0x90
> <4> [<ffffffff81530fe5>] do_IRQ+0x75/0xf0
> <4> [<ffffffff8100b9d3>] ret_from_intr+0x0/0x11
> <4> <EOI>
> <4> [<ffffffff8103eacb>] ? native_safe_halt+0xb/0x10
> <4> [<ffffffff810167bd>] default_idle+0x4d/0xb0
> <4> [<ffffffff81009fc6>] cpu_idle+0xb6/0x110
> <4> [<ffffffff8150cbea>] rest_init+0x7a/0x80
> <4> [<ffffffff81c26f8f>] start_kernel+0x424/0x430
> <4> [<ffffffff81c2633a>] x86_64_start_reservations+0x125/0x129
> <4> [<ffffffff81c26453>] x86_64_start_kernel+0x115/0x124
> <4>Code: 44 00 00 48 89 df e8 a5 e4 ed ff 48 c1 e8 0c 48 8d 14 c5 00 00 00
> 00 48 c1 e0 06 48 29 d0 48 ba 00 00 00 00 00 ea ff ff 48 01 d0 <48> 8b 10
> 66 85 d2 0f 88 1b 02 00 00 84 d2 0f 89 0d 02 00 00 4c
> <1>RIP  [<ffffffff81170bab>] kfree+0x7b/0x320
> <4> RSP <ffff88000c4037c0>
> <4>CR2: ffffeae38000b520
> ################################################################
>
> My kernel version is: 2.6.32-431.el6.x86_64
>
> I have confused with this question a long time.
> How to fix it ? Thank you.
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140928/45cf4ca3/attachment-0001.html 


More information about the Kernelnewbies mailing list