1      Problem Description

The field reports show that xxx panel will lockup and then reboot while doing security port scan by nmap.

2      Root Cause

After analysis, this problem happens at all panel versions, standalone/networking panel, and happens at other scanning tools (e.g. Tenable Nessus).

The investigation shows that, the problem was caused by unaligned data access during TCP timestamps option parsing in Linux kernel. The reason can be summarized below:

1)    The ARMv5 or earlier MCU (likes xxx MCU S3C44B0X ARM7TDMI is belong to ARMv4T), who had limited abilities to access memory that was not aligned on a word (four byte) boundary. According to S3C44B0 datasheet (see page 89 Address Alignment), the MCU is going to ABORT mode which cause the system crash.

2)    In Linux TCP option parsing, the handling did not consider the data unaligned in timestamp option, but TCP options are not guaranteed to be aligned at all.

According to the Linux debug output information when TCP package with timestamps options: The timestamps hold address (register: R8) is 0x0DB074E2, which is not multiple 4(word), the Linux kernel error information is: Unhandled fault: alignment exception (13).

1)    TCP package by nmap

2)    Linux debug output

 

3      Solution

The solution is get word value byte one byte when the address is unaligned, which is come from official Linux kernel patch (see appendix). The change is only applied for TCP/IP option parsing and without side effect. The solution had been successfully verified by prototype.

4      Appendix

The patch is come from Linux official, the link is https://archive.org/details/git-history-of-linux.

 

 

TCP/IP option data aligement issue cause system broken的更多相关文章

  1. TCP/IP OPTION字段

    0x01 简介 TCP头部和IPV4头部除了固定的20字节外,都设置了 OPTION 字段用于存储自定义的数据,因为TCP头部和IPV4的报文长度字段均为4字节,所表示的最大值为15, 乘4,报文头部 ...

  2. [转] TCP/IP原理、基础以及在Linux上的实现

    导言:本篇作为理论基础,将向我们讲述TCP/IP的基本原理以及重要的协议细节,并在此基础上介绍了TCP/IP在LINUX上的实现. OSI参考模型及TCP/IP参考模型 OSI模型(open syst ...

  3. TCP/IP协议族基本知识

    常见的网络拓扑 两台主机通信的过程:应用进程产生消息,经由主机的 TCP/IP 协议栈发送到局域网(LAN),最后经过广域网(目前最大的广域网的因特网)中的网络设备(路由器)传给目的主机所在的局域网( ...

  4. Direct hosting of SMB over TCP/IP

    http://support.microsoft.com/kb/204279 System TipThis article applies to a different version of Wind ...

  5. TCP/IP Four Layer Protocol Format Learning

    相关学习资料 tcp-ip详解卷1:协议.pdf 目录 . 引言 . 应用层 . 传输层 . 网络层 0. 引言 协议中的网络字节序问题 在学习协议格式之前,有一点必须明白,否则我们在观察抓包数据的时 ...

  6. 计算机网络及TCP/IP知识点(全面,慢慢看)

    TCP/IP网络知识点总结 一.总述 1.定义:计算机网络是一些互相连接的.自治的计算机的集合.因特网是网络的网络. 2.分类: 根据作用范围分类: 广域网 WAN (Wide Area Networ ...

  7. LINUX 中的 TCP/IP协议 参数详解

    Ipsysctl tutorial 1.0.4 Prev Chapter 3. IPv4 variable reference Next https://www.frozentux.net/ipsys ...

  8. TCP/IP网络知识点总结

    学完了计算机网络是时候整理一篇总结了,温故知新.注意:这篇博客很长长长(2.5万字+50图). TCP/IP网络知识点总结 一.总述 1.定义:计算机网络是一些互相连接的.自治的计算机的集合.因特网是 ...

  9. Introduction Sockets to Programming in C using TCP/IP

    Introduction Computer Network: hosts, routers, communication channels Hosts run applications Routers ...

随机推荐

  1. android 自定义命名空间 http://schemas.android.com/apk/res-auto

    XML中用 xmlns="http://schemas.android.com/apk/res-auto" 获取自定义属性值: public static String NAMES ...

  2. requery.js使用姿势

    最近在看requerjs,现在来总结下自己的收获,有不对的地方,望大家指正! 1.首先介绍下requirejs,引用中文官网http://www.requirejs.cn的一句话,requirejs是 ...

  3. Linux:Apache安装与启动

    Apache安装与启动 1.查看是否安装:rpm -qa| grep httpd2.挂载系统 mount /dev/cdrom /mnt/cdrom3.进入软件包 cd /mnt/cdrom/Pack ...

  4. shell脚本实例-nginx日志分析

    统计2018/8/6 PV量 grep "06/Aug/2018" access.log|wc -l 统计当天8:00 到9:00的PV awk '$4>="[06 ...

  5. prinft he sprintf

    四.printf函数 printf函数返回一个格式化后的字符串. 语法:printf(format,arg1,arg2,arg++) 参数 format 是转换的格式,以百分比符号 (“%”) 开始到 ...

  6. Java学习笔记13(equals()方法;toString()方法)

    equals()方法: equals方法是Object类中的方法:Object是所有类的祖宗,所以所有类都有equals()方法: boolean equals(Object obj); equals ...

  7. memset memcpy

    memset与memcpy的用法: void *memset(void *s,int c,size_t n)总的作用:将已开辟内存空间 s 的首 n 个字节的值设为值 cmemset可以方便的清空一个 ...

  8. Go Storm Is Coming!

    goland---http://idea.youbbs.org .................................................................... ...

  9. vue mapbox 地图 demo

    执行以下命令: npm install --save mapbox-gl// cnpm install --save mapbox-gl <template> <div style= ...

  10. Spring Boot 揭秘与实战(二) 数据存储篇 - MySQL

    文章目录 1. 环境依赖 2. 数据源3. 脚本初始化 2.1. 方案一 使用 Spring Boot 默认配置 2.2. 方案二 手动创建 4. 使用JdbcTemplate操作5. 总结 4.1. ...