HIPL

mobility is broken

Bug #789327 reported by Miika Komu on 2011-05-27

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	HIPL	Fix Released	High	Unassigned

Bug Description

I tested hard IPv6-only handovers. After base exchange, I delete and add a new IPv6 address and this occurs at the other host:

debug(hipd/input.c:565@hip_receive_control_packet): HIP association state ESTABLISHED
debug(hipd/input.c:573@hip_receive_control_packet): handle relay to failed, continue the bex handler
debug(modules/update/hipd/update.c:190@hip_check_update_freshne: previous incoming update id=0
debug(modules/update/hipd/update.c:192@hip_check_update_freshne: previous outgoing update id=4294967295
debug(modules/update/hipd/update.c:198@hip_check_update_freshne: SEQ parameter found with Update ID 1.
debug(hipd/input.c:144@hip_verify_packet_hmac_general): hip_verify_packet_hmac() invoked.
debug(hipd/input.c:111@hip_verify_hmac): HMAC data0x3B111011000000002001001911ACE3AF236711A41A3636EC20010015E1568A783226DBAAF2FFED060041000C00000090E5A9B875E5A9B87500C10048000104000000000000000000000000000000FFFFC0A800A500010400000000003FFE000000000000000000000000000800010400000000002001000053AA064C08BB20A5AD4A59A7000000000181000400000001
debug(lib/core/crypto.c:378@hip_write_hmac): HMAC key:0xF9352844AE24C972EE121CFAC915C858884C8656
debug(lib/core/crypto.c:379@hip_write_hmac): HMAC in:0x3B111011000000002001001911ACE3AF236711A41A3636EC20010015E1568A783226DBAAF2FFED060041000C00000090E5A9B875E5A9B87500C10048000104000000000000000000000000000000FFFFC0A800A500010400000000003FFE000000000000000000000000000800010400000000002001000053AA064C08BB20A5AD4A59A7000000000181000400000001
debug(lib/core/crypto.c:380@hip_write_hmac): HMAC out:0x2451F4234BBF62433DC4C8445BBE51B45BBBEFAD
debug(hipd/input.c:117@hip_verify_hmac): HMAC0x2451F4234BBF62433DC4C8445BBE51B45BBBEFAD
debug(modules/update/hipd/update_param_handling.c:343@hip_handl: LOCATOR has 3 address(es), loc param len=80
debug(modules/update/hipd/update_param_handling.c:350@hip_handl: hip_get_state_item returned localstate: 0x675290
debug(modules/update/hipd/update_param_handling.c:363@hip_handl: Comparing: 3ffe:0000:0000:0000:0000:0000:0000:0008
debug(lib/core/debug.c:741@hip_print_hit): to : NULL

Program received signal SIGSEGV, Segmentation fault.
0x000000000043cc9e in ipv6_addr_cmp (a1=0x7fffffffea30, a2=0x0) at lib/core/prefix.c:391
391 return memcmp(a1, a2, sizeof(struct in6_addr));
(gdb) bt
#0 0x000000000043cc9e in ipv6_addr_cmp (a1=0x7fffffffea30, a2=0x0) at lib/core/prefix.c:391
#1 0x0000000000428b14 in hip_handle_locator_parameter (packet_type=<value optimised out>, ha_state=<value optimised out>, ctx=0x7fffffffea20)
at modules/update/hipd/update_param_handling.c:366
#2 0x00000000004217ad in hip_run_handle_functions (packet_type=<value optimised out>, ha_state=5, ctx=0x7fffffffea20) at hipd/pkt_handling.c:161
#3 0x000000000041937a in hip_receive_control_packet (ctx=0x7fffffffea20) at hipd/input.c:577
#4 0x0000000000411ed1 in hip_handle_raw_input_v6 (ctx=0x7fffffffea20) at hipd/hip_socket.c:76
#5 0x0000000000411734 in hip_run_socket_handles (read_fdset=0x7fffffffe990, ctx=0x7fffffffea20) at hipd/hip_socket.c:307
#6 0x00000000004124f9 in hipd_main (argc=<value optimised out>, argv=<value optimised out>) at hipd/hipd.c:403
#7 main (argc=<value optimised out>, argv=<value optimised out>) at hipd/hipd.c:464

Related branches

lp:~stefan.goetz-deactivatedaccount/hipl/mobility-bug (Merged)

lp:hipl

Miika Komu (miika-iki) on 2011-05-27

Changed in hipl:
importance:	Undecided → High

Revision history for this message

Miika Komu (miika-iki) wrote on 2011-05-29:

Stefan's patch in 5938 causes the crash. I tested with the previous version and it works even though handover takes a long time (one minute). Also, tested with the latest trunk (5947) with Stefan's patch, but still crashes so I think the bug is about something else.

Stefan Götz (stefan.goetz-deactivatedaccount) on 2011-05-30

Changed in hipl:
assignee:	nobody → Stefan Götz (stefan.goetz)
status:	New → Confirmed

Revision history for this message

Stefan Götz (stefan.goetz-deactivatedaccount) wrote on 2011-06-06: Re: [Bug 789327] Re: mobility is broken

Still working towards looking into and solving this bug, just as an update...

Revision history for this message

Stefan Götz (stefan.goetz-deactivatedaccount) wrote on 2011-06-07:

'hipconf manual-update' is sufficient to crash the peer.

Stefan Götz (stefan.goetz-deactivatedaccount) on 2011-06-08

Changed in hipl:
status:	Confirmed → In Progress

Revision history for this message

Stefan Götz (stefan.goetz-deactivatedaccount) wrote on 2011-06-09:

lp:~stefan.goetz/hipl/mobility-bug rev. 5957 prevents the described segmentation fault. From the commit message: Add missing initialization to 'peer_addr' variable. Revision 5938 erroneously removed code that was necessary to change the value of the peer_addr pointer to an actual peer address. This caused a NULL pointer access and segmentation fault when handling a locator parameter during an UPDATE message.

I tested the linked branch with two hosts and simulated mobility by:

1) running 'hipconf manual-update'
2) putting the network interface down and up again and
3) changing the IPv4 address of the network interface

None of the tests crash hipd. In tests 1) and 2), HIP connectivity is maintained.

I observe the following remaining issues which are, however, also present in trunk revision 5937, i.e., before this particular bug was introduced:

- In test 3) HIP connectivity is lost even though an UPDATE message is sent. Only after running 'hipconf manual-update' HIP connectivity is restored.

- pinging a HIT right after changing the IPv4 address of the network device fails with the error message 'connect: Invalid argument' for about 5 seconds after the address change.

- every UPDATE message triggers the following error on the responder: "error(modules/update/hipd/update_param_handling.c:289@hip_handl: ECHO_REQUEST parameter not found!"

I was not able to test IPv6 mobility because using 'hipconf add map' to associate a HIT with a link-local IPv6 address fails with the following hipd errors:

error(hipd/netdev.c:1412@hip_select_source_address): No address of the same family
error(hipd/hadb.c:613@hip_hadb_add_peer_info): Cannot find source address
error(hipd/hadb.c:663@hip_add_peer_map): Failed to insert peer map (-1)
error(hipd/user.c:296@hip_handle_user_msg): add peer mapping failed.

Can someone confirm these results? In particular that the linked branch fixes the described bug?

Cheers,
Stefan

Revision history for this message

Miika Komu (miika-iki) wrote on 2011-06-09:

Please merge the commit, I confirm that it does not crash hipd anymore.

Revision history for this message

Miika Komu (miika-iki) wrote on 2011-06-09:

Regarding to the mobility error, I receive it too. However, it will go after few retransmissions. I basically waited for couple of minutes - did you?

Needless to say, something is not right with the mobility code. I filed another bug report of this:

https://bugs.launchpad.net/hipl/+bug/795231

Feel free to comment there further.

Revision history for this message

Miika Komu (miika-iki) wrote on 2011-06-09:

Your "add map" problem occurs because you did not first add an IPv6 address (ip addr add 3ffe::123/64 eth0). I think the earlier add map problem was already fixed here:

https://bugs.launchpad.net/hipl/+bug/789306
Revno: 5949

Revision history for this message

Stefan Götz (stefan.goetz-deactivatedaccount) wrote on 2011-06-11:

Committed the above fix as revno 5965

Changed in hipl:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.