Hi,
I am doing a Ruby binding for libnids library
(http://libnids.sourceforge.net)
Libnids uses callback functions which are triggered on packet capture.
Now apparently my binding is working fine, but it is crashing after
capturing for around 5-10 minutes.
Crash looks like this:
[DATA] 192.168.0.49:52071 → 63.245.209.21:80 [SEND: 474] [RECV: 0]
[NEW CONNECTION] 192.168.0.49:55510 → 213.150.45.196:80
examples/tcp.rb:12: [BUG] Segmentation fault
ruby 1.8.4 (2005-12-24) [i686-linux]
A gdb backtrace looks like this:
#0 0xb7d20941 in kill () from /lib/libc.so.6
#1 0xb7d206e5 in raise () from /lib/libc.so.6
#2 0xb7d21a66 in abort () from /lib/libc.so.6
#3 0xb7e9a5dc in rb_bug () from /usr/lib/libruby18.so.1.8
#4 0xb7ebac79 in rb_gc_mark () from /usr/lib/libruby18.so.1.8
#5 0xb7eba862 in rb_mark_tbl () from /usr/lib/libruby18.so.1.8
#6 0xb7f00b6f in st_foreach () from /usr/lib/libruby18.so.1.8
#7 0xb7eba89f in rb_mark_tbl () from /usr/lib/libruby18.so.1.8
#8 0xb7ebab8b in rb_gc_mark () from /usr/lib/libruby18.so.1.8
#9 0xb7eba7a9 in rb_source_filename () from /usr/lib/libruby18.so.1.8
#10 0xb7ebb844 in rb_gc_mark_frame () from /usr/lib/libruby18.so.1.8
#11 0xb7eba3c3 in rb_newobj () from /usr/lib/libruby18.so.1.8
#12 0xb7f00c69 in st_foreach () from /usr/lib/libruby18.so.1.8
#13 0xb7f00cdf in st_foreach () from /usr/lib/libruby18.so.1.8
#14 0xb7f00d71 in rb_str_new () from /usr/lib/libruby18.so.1.8
#15 0xb7f00db3 in rb_str_new2 () from /usr/lib/libruby18.so.1.8
#16 0xb7ecf750 in rb_fix2str () from /usr/lib/libruby18.so.1.8
#17 0xb7ecf7ef in rb_fix2str () from /usr/lib/libruby18.so.1.8
#18 0xb7eb46f3 in rb_throw () from /usr/lib/libruby18.so.1.8
#19 0xb7ea7918 in rb_with_disable_interrupt () from
/usr/lib/libruby18.so.1.8
#20 0xb7ea8214 in rb_with_disable_interrupt () from
/usr/lib/libruby18.so.1.8
#21 0xb7ea854a in rb_apply () from /usr/lib/libruby18.so.1.8
#22 0x000000a1 in ?? ()
#23 0x00000c51 in ?? ()
#24 0x00000000 in ?? ()
Crash occurs on the following extension code:
static void libnids_internal_register_tcp(struct tcp_stream *ts, void
**param)
{
VALUE client_data;
VALUE client_data_offset;
VALUE client_data_len;
VALUE client_data_new_len;
VALUE client_state;
VALUE server_data;
VALUE server_data_offset;
VALUE server_data_len;
VALUE server_data_new_len;
VALUE server_state;
VALUE nids_state;
VALUE src_addr;
VALUE dst_addr;
VALUE src_port;
VALUE dst_port;
VALUE hash;
DEBUG_PRINT(“TCP callback triggered”);
if(rb_object_tcp_cb == (VALUE) NULL) {
DEBUG_PRINT(“TCP callback method not set”);
return;
}
src_addr = rb_str_new2((char*)inet_ntoa(((struct
in_addr)&(ts->addr.saddr))));
dst_addr = rb_str_new2((char*)inet_ntoa(((struct
in_addr)&(ts->addr.daddr))));
src_port = INT2FIX(ts->addr.source);
dst_port = INT2FIX(ts->addr.dest);
client_data = rb_str_new2(“”);
server_data = rb_str_new2(“”);
client_data_offset = INT2FIX(0);
client_data_len = INT2FIX(0);
client_data_new_len = INT2FIX(0);
server_data_offset = INT2FIX(0);
server_data_len = INT2FIX(0);
server_data_new_len = INT2FIX(0);
nids_state = INT2FIX(ts->nids_state);
switch(ts->nids_state) {
case NIDS_JUST_EST:
ts->client.collect++;
ts->server.collect++;
break;
case NIDS_DATA:
client_data = rb_str_cat(client_data, ts->client.data,
ts->client.count);
client_data_offset = INT2FIX(ts->client.offset);
client_data_len = INT2FIX(ts->client.count);
client_data_new_len = INT2FIX(ts->client.count_new);
server_data = rb_str_cat(server_data, ts->server.data,
ts->server.count);
server_data_offset = INT2FIX(ts->server.offset);
server_data_len = INT2FIX(ts->server.count);
server_data_new_len = INT2FIX(ts->server.count_new);
break;
default:
DEBUG_PRINT("Unknown nids state from TCP callback");
return;
}
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2(“saddress”), src_addr);
rb_hash_aset(hash, rb_str_new2(“daddress”), dst_addr);
rb_hash_aset(hash, rb_str_new2(“sport”), src_port);
rb_hash_aset(hash, rb_str_new2(“dport”), dst_port);
rb_hash_aset(hash, rb_str_new2(“nids_state”), nids_state);
rb_hash_aset(hash, rb_str_new2(“client_state”), client_state);
rb_hash_aset(hash, rb_str_new2(“client_data”), client_data);
rb_hash_aset(hash, rb_str_new2(“client_data_offset”),
client_data_offset);
rb_hash_aset(hash, rb_str_new2(“client_data_len”), client_data_len);
rb_hash_aset(hash, rb_str_new2(“client_data_new_len”),
client_data_new_len);
rb_hash_aset(hash, rb_str_new2(“server_state”), server_state);
rb_hash_aset(hash, rb_str_new2(“server_data”), server_data);
rb_hash_aset(hash, rb_str_new2(“server_data_offset”),
server_data_offset);
rb_hash_aset(hash, rb_str_new2(“server_data_len”), server_data_len);
rb_hash_aset(hash, rb_str_new2(“server_data_new_len”),
server_data_new_len);
rb_funcall(rb_cObject, rb_intern(“send”),
2,
rb_object_tcp_cb,
hash);
//DEBUG_PRINT(“Invoking garbage collector”);
//rb_funcall(rb_mGC, rb_intern(“start”), 0);
return;
}
Amazingly if I uncomment the last two lines in the above function and
let the garbage collector to run then ruby is aborted immediately with
the following result:
compaq ruby-libnids # ruby examples/tcp.rb
[NEW CONNECTION] 192.168.0.49:54346 → 216.239.63.19:443
[DATA] 192.168.0.49:54346 → 216.239.63.19:443 [SEND: 120] [RECV: 0]
examples/tcp.rb:22: [BUG] rb_gc_mark(): unknown data type
0x2f(0x8078b28) non object
ruby 1.8.4 (2005-12-24) [i686-linux]
Aborted
I am quite new to ruby extension development, so I think I might be
doing something wrong.
Some pointers will be useful.
Thanks,
abhisek