1      Problem Description

The field reports show that xxx panel will lockup and then reboot while doing security port scan by nmap.

2      Root Cause

After analysis, this problem happens at all panel versions, standalone/networking panel, and happens at other scanning tools (e.g. Tenable Nessus).

The investigation shows that, the problem was caused by unaligned data access during TCP timestamps option parsing in Linux kernel. The reason can be summarized below:

1)    The ARMv5 or earlier MCU (likes xxx MCU S3C44B0X ARM7TDMI is belong to ARMv4T), who had limited abilities to access memory that was not aligned on a word (four byte) boundary. According to S3C44B0 datasheet (see page 89 Address Alignment), the MCU is going to ABORT mode which cause the system crash.

2)    In Linux TCP option parsing, the handling did not consider the data unaligned in timestamp option, but TCP options are not guaranteed to be aligned at all.

According to the Linux debug output information when TCP package with timestamps options: The timestamps hold address (register: R8) is 0x0DB074E2, which is not multiple 4(word), the Linux kernel error information is: Unhandled fault: alignment exception (13).

1)    TCP package by nmap

2)    Linux debug output

 

3      Solution

The solution is get word value byte one byte when the address is unaligned, which is come from official Linux kernel patch (see appendix). The change is only applied for TCP/IP option parsing and without side effect. The solution had been successfully verified by prototype.

4      Appendix

The patch is come from Linux official, the link is https://archive.org/details/git-history-of-linux.

 

 

TCP/IP option data aligement issue cause system broken的更多相关文章

  1. TCP/IP OPTION字段

    0x01 简介 TCP头部和IPV4头部除了固定的20字节外,都设置了 OPTION 字段用于存储自定义的数据,因为TCP头部和IPV4的报文长度字段均为4字节,所表示的最大值为15, 乘4,报文头部 ...

  2. [转] TCP/IP原理、基础以及在Linux上的实现

    导言:本篇作为理论基础,将向我们讲述TCP/IP的基本原理以及重要的协议细节,并在此基础上介绍了TCP/IP在LINUX上的实现. OSI参考模型及TCP/IP参考模型 OSI模型(open syst ...

  3. TCP/IP协议族基本知识

    常见的网络拓扑 两台主机通信的过程:应用进程产生消息,经由主机的 TCP/IP 协议栈发送到局域网(LAN),最后经过广域网(目前最大的广域网的因特网)中的网络设备(路由器)传给目的主机所在的局域网( ...

  4. Direct hosting of SMB over TCP/IP

    http://support.microsoft.com/kb/204279 System TipThis article applies to a different version of Wind ...

  5. TCP/IP Four Layer Protocol Format Learning

    相关学习资料 tcp-ip详解卷1:协议.pdf 目录 . 引言 . 应用层 . 传输层 . 网络层 0. 引言 协议中的网络字节序问题 在学习协议格式之前,有一点必须明白,否则我们在观察抓包数据的时 ...

  6. 计算机网络及TCP/IP知识点(全面,慢慢看)

    TCP/IP网络知识点总结 一.总述 1.定义:计算机网络是一些互相连接的.自治的计算机的集合.因特网是网络的网络. 2.分类: 根据作用范围分类: 广域网 WAN (Wide Area Networ ...

  7. LINUX 中的 TCP/IP协议 参数详解

    Ipsysctl tutorial 1.0.4 Prev Chapter 3. IPv4 variable reference Next https://www.frozentux.net/ipsys ...

  8. TCP/IP网络知识点总结

    学完了计算机网络是时候整理一篇总结了,温故知新.注意:这篇博客很长长长(2.5万字+50图). TCP/IP网络知识点总结 一.总述 1.定义:计算机网络是一些互相连接的.自治的计算机的集合.因特网是 ...

  9. Introduction Sockets to Programming in C using TCP/IP

    Introduction Computer Network: hosts, routers, communication channels Hosts run applications Routers ...

随机推荐

  1. ROS tab键补全操作出现错误

    ros tab键补全操作出现错误如下: $ roslaunch sp[rospack] Warning: error while crawling /home/hemudu: boost::files ...

  2. GTX使用(更新中)

    1.XILINX GTX介绍GTX是Virtex系列 FPGA上的低功耗吉比特收发器,在V6芯片上GTX工作带宽范围是750Mb/s到6.6Gb/s,支持收发双向,且收发双向独立.GTX接收和发送方向 ...

  3. 数字签名-MD5

    MD5是信息摘要的意思,报文产生摘要是唯一的(1:1),而且是单向的(通过摘要反推不出源报文) java中的java.security.MessageDigest类,参考MessageDigest的功 ...

  4. spring有关jar包的作用

    参考的是spring官网spring4.3版本. 链接:https://docs.spring.io/spring/docs/4.3.19.RELEASE/spring-framework-refer ...

  5. CodeForces - 631C (截取法)

    C. Report time limit per test 2 seconds memory limit per test 256 megabytes input standard input out ...

  6. Ubantu-Nginx部署

    nginx+uwsgi+django部署流程   当我们在用django开发的web项目时,开发测试过程中用到的是django自带的测试服务器,由于其安全及稳定等性能方面的局限性,django官方并不 ...

  7. JAVA AES加密解密

    import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java ...

  8. Python 爬虫工具 —— fake_useragent

    服务器为避免爬虫工具无休止的请求,以减轻负载,会对 user agent 进行校验,即判断某一 user-agent 是否不断地进行请求.可采用如下方式进行绕过服务器的校验. UserAgent_Li ...

  9. pytorch统计模型参数量

    用resnet50 来举例子 print("resnet50 have {} paramerters in total".format(sum(x.numel() for x in ...

  10. 【CSP】最大的矩形

    问题描述 试题编号: 201312-3 试题名称: 最大的矩形 时间限制: 1.0s 内存限制: 256.0MB 问题描述: 问题描述 在横轴上放了n个相邻的矩形,每个矩形的宽度是1,而第i(1 ≤ ...