Created
October 31, 2013 21:28
-
-
Save davepeck/7257524 to your computer and use it in GitHub Desktop.
Trying to track down what appears to be a Mavericks 10.9.0 kernel bug related to virtual networking. This code will repeatably cause a kernel panic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <string.h> | |
#include <fcntl.h> | |
#include <unistd.h> | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <sys/kern_control.h> | |
#include <sys/sys_domain.h> | |
#include <sys/ioctl.h> | |
#include <net/if_utun.h> | |
#include <errno.h> | |
#include <stdlib.h> | |
static int open_tunnel(u_int32_t unit); | |
int main(int argc, char **argv) | |
{ | |
u_int32_t unit = 0; // 0 means pick-your-own | |
int fd = -1; | |
do | |
{ | |
fd = open_tunnel(unit); | |
// sleep(1); | |
if ( fd > 0 ) | |
{ | |
close(fd); | |
} | |
} | |
while (fd > 0); | |
return 0; | |
} | |
static int open_tunnel(u_int32_t unit) | |
{ | |
struct sockaddr_ctl addr; | |
struct ctl_info info; | |
int fd = -1; | |
fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL); | |
/* get/set the id */ | |
bzero(&info, sizeof(info)); | |
strncpy(info.ctl_name, UTUN_CONTROL_NAME, strlen(UTUN_CONTROL_NAME)); | |
if(ioctl(fd, CTLIOCGINFO, &info) == -1) | |
perror("Error while setting options on kernel control: "); | |
addr.sc_len = sizeof(addr); | |
addr.sc_family = AF_SYSTEM; | |
addr.ss_sysaddr = AF_SYS_CONTROL; | |
addr.sc_id = info.ctl_id; | |
addr.sc_unit = unit; | |
if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) | |
{ | |
perror("Error attempting to connect to tun device: "); | |
} | |
else | |
{ | |
char ifname[10]; | |
socklen_t buflen = 10; | |
if(getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &buflen) == 0) | |
printf("Initialized interface %s\n", ifname); | |
else | |
perror("Error retrieving interface name: "); | |
} | |
return fd; | |
} |
Having a sleep()
in there (or a short poll()
) seems to save us from the kernel panic. So, a race condition of sorts. That said, I'm not done finding kernel bugs here -- next up will be stuffing data into the utun and watching the Mavericks kernel quickly run out of buffer.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This basically opens and closes utun devices repeatedly. After a few hundred to a few thousand closes, Mavericks will panic.