[B.A.T.M.A.N.] [PATCH] batman-adv-kernelland: Fix memory corruption bug
by Scott Raynel
Hi there,
I've been spending some time tracking down a bug that's been causing
memory corruption followed by random kernel panics. Thanks to the
kernel's slab memory debugger I tracked it down to a kfree in send.c
that was freeing a block of memory that had been written to past the
end of its allocation.
Turned out to be a simple typo, which I've fixed in the following
patch. When resizing the packet_buff struct in batman_if, the new
length was being updated but the old length was being used for the
kmalloc(), causing something later to think it had more memory
allocated to write to, hence writing past the end of the allocation.
Signed-off-by: Scott Raynel <scottraynel(a)gmail.com>
Index: send.c
===================================================================
--- send.c (revision 1105)
+++ send.c (working copy)
@@ -159,7 +159,7 @@
if ((hna_local_changed) && (batman_if->if_num == 0)) {
new_len = sizeof(struct batman_packet) + (num_hna * ETH_ALEN);
- new_buf = kmalloc(batman_if->pack_buff_len, GFP_ATOMIC);
+ new_buf = kmalloc(new_len, GFP_ATOMIC);
/* keep old buffer if kmalloc should fail */
if (new_buf) {
Cheers,
--
Scott Raynel
WAND Network Research Group
Department of Computer Science
University of Waikato
New Zealand
12 years, 2 months
[B.A.T.M.A.N.] Looking for batman-adv 0.1-alpha
by Tobias Gieseke
Hi,
I'm looking for Batman-advanced 0.1-alpha (compability version 1). We've
got some meshnodes III from a company called Saxnet and they seem to
work with this old version.. I can't find it in the repositories so
perhaps someone can tell me where to find it, or send it to me directly.
I need it for i386 architecture.
Is there a chance to get batman-adv running on open-wrt?
kind regards,
Tobi
12 years, 2 months
[B.A.T.M.A.N.] 0.3.1 rv1152 - some test results
by Chris W.
Hello,
thought I'd just let you know what I experienced when testing rv1152 on
an outdoor network with atheroses and broadcoms, olsr in parallel.
Interfaces are started with
ifconfig eth1:1 10.4.2.29 netmask 255.255.0.0 broadcast 10.4.255.255
The batman test area looks something like this:
http://preveli.gr/mesh/bat-228-2b.gif
-1- gateway:
a gw is started with batmand -s 10.4.2.50 -g 2mbit/256kbit eth1:1
the client 2.29 with batmand -s 10.4.2.50 -a 10.2.29.0/24 -r 2 ath0:1
When pinging the gateway through the client node or when accessing the
internet through the node it logs
Nov 26 22:52:04 (none) kern.err batmand[1287]: Error - got packet from
unknown client: 10.4.2.29 (virtual ip 10.2.29.136)
The tunnel itself is flickering, this happens with -r1,2,3 and -p
client log:
Gateway client - gateway (10.4.2.2) says: IP (169.254.0.1) is expired
Deleting default route via gate0 (table 68)
Adding default route to 10.4.2.2 (gw_flags: 40, tq: 178, gw_product: 0)
Error - couldn't create tunnel: old tunnel is still active
Adding default route to 10.4.2.2 (gw_flags: 40, tq: 179, gw_product: 0)
Gateway client - got IP (169.254.0.1) from gateway: 10.4.2.2
Adding default route via gate0 (table 68)
Gateway client - gateway (10.4.2.2) says: IP (169.254.0.1) is expired
Deleting default route via gate0 (table 68)
Adding default route to 10.4.2.2 (gw_flags: 40, tq: 181, gw_product: 0)
Gateway client - got IP (169.254.0.1) from gateway: 10.4.2.2
Adding default route via gate0 (table 68)
gateway log:
Gateway - assigned 169.254.0.1 to client: 10.4.2.29
Gateway - assigned 169.254.0.1 to client: 10.4.2.29
Gateway - assigned 169.254.0.1 to client: 10.4.2.29
-?- What is batgat for, does it disannounce a gateway which in fact is
down e.g due to dsl-failure ?
-2- together with olsrd.
All olsr nodes are on the subnet 192.168.x.x, all batman interfaces are
aliases except on fonera 2.29 which is batman only.
From a gateway node running olsrd in parallel the route to an announced
network drops out towards the internet, the node itself is reachable:
root@10.4.2.2:~# traceroute -n 10.4.2.29
traceroute to 10.4.2.29 (10.4.2.29), 30 hops max, 40 byte packets
1 10.4.2.95 13.918 ms 8.674 ms 4.966 ms
2 10.4.2.72 20.074 ms 6.971 ms 32.104 ms
3 10.4.2.29 41.365 ms 12.472 ms 33.477 ms
root@10.4.2.2:~# traceroute -n 10.2.29.1
traceroute to 10.2.29.1 (10.2.29.1), 30 hops max, 40 byte packets
1 * * *
2 62.103.x.x 46.254 ms 35.242 ms * (internet)
From another node (8.107) the host is pingable, but traceroute drops
out to the olsr-network
PING 10.4.2.29 (10.4.2.29): 56 data bytes
64 bytes from 10.4.2.29: seq=0 ttl=59 time=19.229 ms
64 bytes from 10.4.2.29: seq=1 ttl=59 time=14.573 ms
traceroute to 10.4.2.29 (10.4.2.29), 30 hops max, 38 byte packets
1 192.168.8.105 11.337 ms 2.999 ms 3.366 ms
2 192.168.8.106 9.791 ms 5.150 ms 5.598 ms
3 192.168.106.2 10.965 ms 5.981 ms 7.978 ms
4 192.168.2.95 36.130 ms 6.777 ms 8.472 ms
5 192.168.2.72 18.389 ms 20.188 ms 10.949 ms
6 * * *
7 * *
traceroute to 10.2.29.1 (10.2.29.1), 30 hops max, 38 byte packets
1 192.168.8.102 6.833 ms 5.335 ms 2.720 ms
2 192.168.8.106 17.269 ms 5.819 ms 8.960 ms
3 192.168.106.2 16.785 ms 6.966 ms 5.525 ms
4 * (internet)
As I tested this amoung three nanostations (8.105,106,107) all went fine
including traceroute to an announced subnet. Of these three only 8.106
has errors of the following kind - may this strange behaviour be an
endian issue ? 8.106 atheros is lan-connected to 2.2 wrt54g broadcom:
-3- previously announced networks are not deleted (8.106), the routing
table collects multiple entries for the same destination
Nov 26 23:18:42 Nano5-106 daemon.err batmand[574]: Error - can't add
throw route to 10.2.29.0/24 via 10.8.106.100 (table 65): File exists
Nov 26 23:18:42 Nano5-106 daemon.err batmand[574]: Error - can't add
route to 10.2.29.0/24 via 10.8.106.100 (table 65): File exists
Nov 26 23:18:47 Nano5-106 daemon.err batmand[574]: Error - can't add
throw route to 10.8.106.100/32 via 10.8.106.100 (table 65): File exists
Nov 26 23:18:47 Nano5-106 daemon.err batmand[574]: Error - can't add
route to 10.8.106.100/32 via 10.8.106.100 (table 65): File exists
root@Nano5-106:~# ip route show table 65
throw 10.5.30.100 proto static
10.5.30.100 via 10.4.8.105 dev ath0 proto static src 10.4.8.106
10.5.30.100 via 10.4.8.109 dev ath0 proto static src 10.4.8.106
10.5.30.100 via 10.4.8.102 dev ath0 proto static src 10.4.8.106
throw 10.2.50.0/24 proto static
10.2.50.0/24 via 10.8.106.100 dev eth0 proto static src 10.8.106.1
throw 10.2.29.0/24 proto static
10.2.29.0/24 via 10.4.8.102 dev ath0 proto static src 10.4.8.106
10.2.29.0/24 via 10.8.106.100 dev eth0 proto static src 10.8.106.1
10.2.29.0/24 via 10.4.8.105 dev ath0 proto static src 10.4.8.106
root@Nano5-106:~# ip rule
0: from all lookup local
6600: from all to 10.4.0.0/16 lookup 66
6601: from all to 10.8.106.0/24 lookup 66
6699: from all lookup 65
6700: from all to 10.4.0.0/16 lookup 67
6701: from all to 10.8.106.0/24 lookup 67
32766: from all lookup main
32767: from all lookup default
This happens on 2.29 as well but not on every node, 8.107,105,104 and
maybe others stay clear. It occurs on 8.109 which is lan-connected to
broadcom 5.30 (see the map).
Well, I'll keep on testing ;-)
Chris
12 years, 3 months
[B.A.T.M.A.N.] Intel CC warning smashing
by Sven Eckelmann
Hi,
I had a small discussion with Simon Wunderlich about r1166 and showed
him a output intels c compiler to proof that the current code compiles
"fine" with it. The output shows a big amount of warnings which were
more or less useful. I promised him to send some patches to the
mailinglist so more people can have a look at them and check if they
are somewhat helpful.
Best regards,
Sven Eckelmann
12 years, 3 months