1      Problem Description

The field reports show that xxx panel will lockup and then reboot while doing security port scan by nmap.

2      Root Cause

After analysis, this problem happens at all panel versions, standalone/networking panel, and happens at other scanning tools (e.g. Tenable Nessus).

The investigation shows that, the problem was caused by unaligned data access during TCP timestamps option parsing in Linux kernel. The reason can be summarized below:

1)    The ARMv5 or earlier MCU (likes xxx MCU S3C44B0X ARM7TDMI is belong to ARMv4T), who had limited abilities to access memory that was not aligned on a word (four byte) boundary. According to S3C44B0 datasheet (see page 89 Address Alignment), the MCU is going to ABORT mode which cause the system crash.

2)    In Linux TCP option parsing, the handling did not consider the data unaligned in timestamp option, but TCP options are not guaranteed to be aligned at all.

According to the Linux debug output information when TCP package with timestamps options: The timestamps hold address (register: R8) is 0x0DB074E2, which is not multiple 4(word), the Linux kernel error information is: Unhandled fault: alignment exception (13).

1)    TCP package by nmap

2)    Linux debug output

 

3      Solution

The solution is get word value byte one byte when the address is unaligned, which is come from official Linux kernel patch (see appendix). The change is only applied for TCP/IP option parsing and without side effect. The solution had been successfully verified by prototype.

4      Appendix

The patch is come from Linux official, the link is https://archive.org/details/git-history-of-linux.

 

 

TCP/IP option data aligement issue cause system broken的更多相关文章

  1. TCP/IP OPTION字段

    0x01 简介 TCP头部和IPV4头部除了固定的20字节外,都设置了 OPTION 字段用于存储自定义的数据,因为TCP头部和IPV4的报文长度字段均为4字节,所表示的最大值为15, 乘4,报文头部 ...

  2. [转] TCP/IP原理、基础以及在Linux上的实现

    导言:本篇作为理论基础,将向我们讲述TCP/IP的基本原理以及重要的协议细节,并在此基础上介绍了TCP/IP在LINUX上的实现. OSI参考模型及TCP/IP参考模型 OSI模型(open syst ...

  3. TCP/IP协议族基本知识

    常见的网络拓扑 两台主机通信的过程:应用进程产生消息,经由主机的 TCP/IP 协议栈发送到局域网(LAN),最后经过广域网(目前最大的广域网的因特网)中的网络设备(路由器)传给目的主机所在的局域网( ...

  4. Direct hosting of SMB over TCP/IP

    http://support.microsoft.com/kb/204279 System TipThis article applies to a different version of Wind ...

  5. TCP/IP Four Layer Protocol Format Learning

    相关学习资料 tcp-ip详解卷1:协议.pdf 目录 . 引言 . 应用层 . 传输层 . 网络层 0. 引言 协议中的网络字节序问题 在学习协议格式之前,有一点必须明白,否则我们在观察抓包数据的时 ...

  6. 计算机网络及TCP/IP知识点(全面,慢慢看)

    TCP/IP网络知识点总结 一.总述 1.定义:计算机网络是一些互相连接的.自治的计算机的集合.因特网是网络的网络. 2.分类: 根据作用范围分类: 广域网 WAN (Wide Area Networ ...

  7. LINUX 中的 TCP/IP协议 参数详解

    Ipsysctl tutorial 1.0.4 Prev Chapter 3. IPv4 variable reference Next https://www.frozentux.net/ipsys ...

  8. TCP/IP网络知识点总结

    学完了计算机网络是时候整理一篇总结了,温故知新.注意:这篇博客很长长长(2.5万字+50图). TCP/IP网络知识点总结 一.总述 1.定义:计算机网络是一些互相连接的.自治的计算机的集合.因特网是 ...

  9. Introduction Sockets to Programming in C using TCP/IP

    Introduction Computer Network: hosts, routers, communication channels Hosts run applications Routers ...

随机推荐

  1. Android system :led_class驱动

    一.代码: leds_4412.c #include <linux/kernel.h> #include <linux/module.h> #include <linux ...

  2. DOM&BOM

    文档对象模型(Document Object Model) 来源:文档对象模型(Document Object Model)的历史与20世纪90年代末Netscape Navigator和Micros ...

  3. UGUI动态绑定事件

    using System.Collections.Generic;using UnityEngine;using UnityEngine.EventSystems;using UnityEngine. ...

  4. day 32 子进程的开启 及其用法

    开启两种子进程的两种方式# # # 1 传统方式# from multiprocessing import Process# import time# def task(name):# print ( ...

  5. 框架:Spring IoC

    Spring篇 第二章.Spring IoC简介 一.基本概念 控制反转是一个比较抽象的概念,是Spring框架的核心,用来消减计算机程序的耦合问题. 依赖注入是IoC的另外一种说法,只是从不同的角度 ...

  6. http协议tcp协议ip协议三次握手四次挥手,为什么三次握手,为什么四次挥手,sockete套接字理解

    1.1 TCP是什么? TCP是Tranfer Control Protocol的简称,TCP协议是一种面向连接的.可靠的.基于字节流的运输层通信协议.通过TCP协议传输,得到的是一个顺序的无差错的数 ...

  7. outlook vba开发要点

    1.学学基础的VB语法 https://www.yiibai.com/vba/vba_programming_charts.html 2.找一个样例看看 VBA编程实现自动回复邮件 https://b ...

  8. python day03作业

  9. FZU 2273 Triangles 第八届福建省赛 (三角形面积交 有重边算相交)

    Problem Description This is a simple problem. Given two triangles A and B, you should determine they ...

  10. php-xdebug(安装)

    我虽然是前端人员,但是我也挺喜欢服务端语言的,我不是说完全不会服务端语言,主要是没有实践经验,实践经验不一样非要公司的项目,自己也可以去模仿一些项目,那也是实践的.所以就有了想法,自己写个项目,从后端 ...