Description of problem:
when sending fragmented packets over multicast sockets, if the
IP_MULTICAST_LOOP option is enabled, each skbuff is cloned and
fragmented. The accounting for the sockets SNDBUF is preformed on
each fragment, but after the frame is transmitted the kfree_skb call
fails to preform the reverse accounting, since the cloned skbuffs are
not freed, only the top level skbuff representing the entire frame.
Only after the socket is read from, clearing the received skbuff from
the receive queue, is the reverse accounting preformed. This can lead
to inacurate sndbuf values, and if the socket is not read from often
enough, the user process using the socket can block indefinately on a
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1) Remove iptables modules from the system (iptables can prematurely
free buffers to prevent queue backlog).
2) build and run the attached testcase (multicast_test.C). Specify
when running a large packet size (I've been using 10000 bytes) so as
to incur fragmenting. Also specify that IP_MUTLICAST_LOOP should be
set, and that the reader thread should never read.
After a few packets, the call to sendto will block forever, waiting
for available memory in the SNDBUF buffer. This will not be made
available until the socket is read from
Socket sends only block until frames are transmitted, at which point
memory should be available in the send buffer.
Created attachment 101749 [details]
C++ test case to demonstrate sendto blocking failure
Created attachment 101751 [details]
patch to adjust socket buffer accounting.
This patch corrects this issue by moving socket layer accounting to the top
level skbuff. By doing this all SNDBUF memory is released on the freeing of
the top level skbuff, which allows individual fragments to be cloned without
affecting the accounting. I also checked, and this problem seems to present in
the 2.6 kernel as well, so this patch should probably be pushed there.
A fix for this problem has just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-20.1.EL).
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.