Address UDP connect message endian issue #1415
Conversation
|
Here's the output running against the same server binary that shows the failed output in #1414. |
Accept big-endian and little-endian format for both legacy and new messages since the value is sent in host byte order.
mriswyth
force-pushed
the
udp_endian_issue
branch
from
087fa8b to
1bfed6c
Compare
|
see my pull request for a better solution. this commit here does not fix the wrong reply message. it just checks for both types on client side. so if you use it on a big endian host as server and the client is still a older version it will still fail. so both client and server side must use the correct endian type message which is little endian for historic reasons |
| #define UDP_CONNECT_MSG 0x36373839 // "6789" - legacy value was 123456789 | ||
| #define UDP_CONNECT_REPLY 0x39383736 // "9876" - legacy value was 987654321 | ||
| #define LEGACY_UDP_CONNECT_REPLY 987654321 // Old servers may still reply with legacy value | ||
| #define LEGACY_UDP_CONNECT_REPLY_ENDIAN 2976439866 // Old servers may still reply with legacy value |
There was a problem hiding this comment.
Per issue #1608, reverse Endian of UDP_CONNECT_REPLY should also be considered. therefore should also add:
#define UDP_CONNECT_REPLY_ENDIAN 0x36373839
| @@ -592,9 +592,9 @@ iperf_udp_connect(struct iperf_test *test) | |||
| printf("Connect received for Socket %d, sz=%d, buf=%x, i=%d, max_len_wait_for_reply=%d\n", s, sz, buf, i, max_len_wait_for_reply); | |||
| } | |||
| i += sz; | |||
| } while (buf != UDP_CONNECT_REPLY && buf != LEGACY_UDP_CONNECT_REPLY && i < max_len_wait_for_reply); | |||
| } while (buf != UDP_CONNECT_REPLY && buf != LEGACY_UDP_CONNECT_REPLY && buf != UDP_CONNECT_MSG && buf != LEGACY_UDP_CONNECT_REPLY_ENDIAN && i < max_len_wait_for_reply); | |||
There was a problem hiding this comment.
Check also for UDP_CONNECT_REPLY_ENDIAN.
|
|
||
| if (buf != UDP_CONNECT_REPLY && buf != LEGACY_UDP_CONNECT_REPLY) { | ||
| if (buf != UDP_CONNECT_REPLY && buf != LEGACY_UDP_CONNECT_REPLY && buf != UDP_CONNECT_MSG && buf != LEGACY_UDP_CONNECT_REPLY_ENDIAN) { |
There was a problem hiding this comment.
Check also for UDP_CONNECT_REPLY_ENDIAN.
There was a problem hiding this comment.
this is already covered by my pull request. but the iperf3 maintainer seem to ignore all pull requests and bug fixes since a long time. i fixed it in my own tree and i'm happy with it. every effort here is pointless. check my pull request. its a very simple solution and covers all problems mentioned here
There was a problem hiding this comment.
this is already covered by my pull request.
If I understand the pull request correctly, it only covers the endian case of LEGACY_UDP_CONNECT_REPLY but not the endian case of UDP_CONNECT_REPLY, which is what my suggested changes cover.
but the iperf3 maintainer seem to ignore all pull requests and bug fixes since a long time.
This may be because the iperf3 team was busy with releasing the multi-thread version. As this issue seems to be a major issue (that was caused because of my pull request ...) I hope that it (or a version of it) will be merged soon.
There was a problem hiding this comment.
yes but there is another pull request made by me which covers everything. i posted it many months ago. this one here is not from me and was also posted a long time ago
There was a problem hiding this comment.
The following is copied from the first comment in this PR...
Accept UDP connect message replies in little-endian or big-endian order.
There was discussion and concern about accepting two values in the original pull request #1260, this makes that problem worse. This is a solution that allows mixed-endian and mixed-version operations if the client is updated.
It's been over a year since I put this together so I really don't remember the specifics of what I found from the original change PR, but it was reasonable enough to make me try to limit this change. I work in an environment where updating the client is much more reasonable and frequent than updating the server. 3.12 is broken for mixed endian no matter what so something has to be updated. I was trying to limit the scope of damage that I was re-introducing that #1260 was attempting to fix. Since the author of #1260 is now part of the conversation I can assume he has a better handle on how many issues fixing everything will introduce.
If those concerns aren't real I also prefer a solution that addresses both client and server. That's an additional patch that I'm carrying on my product on top of this one since I'm unaware of ever having #1260 occur and cross-endian and version compatibility is important to me.
|
Thanks for the PR! I chose to merge a slightly simpler fix from PR #1468. |
---------------------
* Notable user-visible changes
* BREAKING CHANGE: iperf3's authentication features, when used with
OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel
timing attack. To address this flaw, a change has been made to the
padding applied to encrypted strings. This change is not backwards
compatible with older versions of iperf3 (before 3.17). To restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
* iperf3 no longer changes its current working directory in --daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
* A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of the
test) separated by newlines (#444, #923, #1098).
* UDP tests now work correctly between different endian hosts
(#1415).
* The --fq-rate parameter now works for --reverse tests (#1632, PR#1667).
* The statistics reporting interval is now available in the --json
start test object (#1663).
* A negative time test duration is now properly flagged as an error
(IS#1662 / PR#1666).
* Notable developer-visible changes
* Fixes have been made to better (unofficially) support builds on
Android (#1641 / #1651) and VxWorks (#1595).
* iperf3 now builds correctly on architectures without native
support for 64-bit atomic types, by linking with the libatomic
library (#1611).
---------------------
* Notable user-visible changes
* BREAKING CHANGE: iperf3's authentication features, when used with
OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel
timing attack. To address this flaw, a change has been made to the
padding applied to encrypted strings. This change is not backwards
compatible with older versions of iperf3 (before 3.17). To restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
* iperf3 no longer changes its current working directory in --daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
* A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of the
test) separated by newlines (#444, #923, #1098).
* UDP tests now work correctly between different endian hosts
(#1415).
* The --fq-rate parameter now works for --reverse tests (#1632, PR#1667).
* The statistics reporting interval is now available in the --json
start test object (#1663).
* A negative time test duration is now properly flagged as an error
(IS#1662 / PR#1666).
* Notable developer-visible changes
* Fixes have been made to better (unofficially) support builds on
Android (#1641 / #1651) and VxWorks (#1595).
* iperf3 now builds correctly on architectures without native
support for 64-bit atomic types, by linking with the libatomic
library (#1611).
Accept big-endian and little-endian format for both legacy and new messages since the value is sent in host byte order.
PLEASE NOTE the following text from the iperf3 license. Submitting a
pull request to the iperf3 repository constitutes "[making]
Enhancements available...publicly":
The complete iperf3 license is available in the
LICENSEfile in thetop directory of the iperf3 source tree.
Version of iperf3 (or development branch, such as
masteror3.1-STABLE) to which this pull request applies:masterIssues fixed (if any):
Mixed big-endian and little-endian UDP test fails #1414
Brief description of code changes (suitable for use as a commit message):
Accept UDP connect message replies in little-endian or big-endian order.
There was discussion and concern about accepting two values in the original pull request Ignore out of order packts during UDP connection in Reverse Mode #1260, this makes that problem worse. This is a solution that allows mixed-endian and mixed-version operations if the client is updated.