Read corrupted data from TCP socket on Ubuntu Linux
Please note, I already know about the streaming nature of TCP connections; my question is not related to those kinds of things. It rather about my suspicion of there being a bug in the Linux sockets implementation.
Update: Taking comments into account, I updated my code a little bit to check the return value of recv() not only to -1 but to any negative value. That was just in case. The results are the same.
I have a very simple TCP client/server application written in C. The full code of this project is available on github.
The client side runs multiple parallel threads, and each of threads does the following:
- Open socket
- Connect this socket to server
- Write 16 bytes of a predefined data pattern to the socket by pieces of random length
- Close socket
- Repeat steps 1 to 4 N times
static size_t send_ex(int fd, const uint8_t *buff, size_t len, bool by_frags)
{
if ( by_frags )
{
size_t chunk_len, pos;
size_t res;
for ( pos = 0; pos < len; )
{
chunk_len = (size_t) random();
chunk_len %= (len - pos);
chunk_len++;
res = send(fd, (const char *) &buff[pos], chunk_len, 0);
if ( res != chunk_len) {
return (size_t) -1;
}
pos += chunk_len;
}
return len;
}
return send(fd, buff, len, 0);
}
static void *connection_task(void *arg)
{
connection_ctx_t *ctx = (connection_ctx_t *) arg;
uint32_t buff[4] = {0xAA55AA55, 0x12345678, 0x12345678, 0x12345678};
int res, fd, i;
for ( i = 0; i < count; i++ )
{
fd = socket(AF_INET, SOCK_STREAM, 0);
if ( fd < 0 ) {
fprintf(stderr, "Can't create socket!\n");
break;
}
res = connect(fd, (struct sockaddr *) ctx->serveraddr, sizeof(struct sockaddr_in));
if ( res < 0 ) {
fprintf(stderr, "Connect failed!\n");
close(fd);
break;
}
res = send_ex(fd, (const char *) buff, sizeof(buff), frags);
if ( res != sizeof(buff) ) {
fprintf(stderr, "Send failed!\n");
close(fd);
break;
}
ctx->sent_packs++;
res = close(fd);
if ( res < 0 ) {
fprintf(stderr, "CLI: Close Failed!!\n");
}
msleep(delay);
}
return NULL;
}
The server side runs a thread on each incoming connection, that does the following:
- Read data from the connected socket until it has read all 16 bytes
- After reading at least the first 4 bytes, it is checked that these bytes are equal to a predefined pattern.
typedef struct client_ctx_s {
struct sockaddr_in addr;
int fd;
} client_ctx_t;
void *client_task(void *arg)
{
client_ctx_t *client = (client_ctx_t *) arg;
size_t free_space, pos;
ssize_t chunk_len;
uint32_t buff[4] = {0};
int res;
pos = 0;
while ( pos != sizeof(buff) )
{
free_space = sizeof(buff) - pos;
assert(pos < sizeof(buff));
chunk_len = recv(client->fd, &((uint8_t *) buff)[pos], free_space, 0);
if ( chunk_len <= 0 ) {
if ( chunk_len < 0 ) {
fprintf(stderr, "%s:%u: ERROR: recv failed (errno = %d; pos = %zu)!\n",
inet_ntoa(client->addr.sin_addr),
ntohs(client->addr.sin_port),
errno, pos);
}
else if ( pos && pos < sizeof(buff) ) {
fprintf(stderr, "%s:%u: ERROR: incomplete data block (pos = %zu)!\n",
inet_ntoa(client->addr.sin_addr),
ntohs(client->addr.sin_port),
pos);
}
goto out;
}
assert(chunk_len <= free_space);
pos += chunk_len;
if ( pos >= 4 && buff[0] != 0xAA55AA55) {
fprintf(stderr, "%s:%u: ERROR: data corrupted (%08x)!\n",
inet_ntoa(client->addr.sin_addr),
ntohs(client->addr.sin_port),
buff[0]);
}
}
fprintf(stdout, "%s:%u: %08x %08x %08x %08x\n",
inet_ntoa(client->addr.sin_addr),
ntohs(client->addr.sin_port),
buff[0], buff[1], buff[2], buff[3]);
out:
debug("Connection closed\n");
res = close(client->fd);
assert(res == 0);
free(client);
return NULL;
}
Issues that came up when a client runs one thousand of sending threads, and each of them repeats connect-send-disconnect one hundred times (./client -t 1000 -c 100 -d 0 -f):
- Loss of first bytes of pattern that was send.
- Total size of data that was readed from socket accordingly less that 16 bytes.
This behavior is repeatable both on local host and over a real network connection.
Examining the TCP flow of the corrupted data with Wireshark shows that:
- There is no issue on client side.
- Corrupted data corresponds data that carried with retransmitted segments of data.
I can't really believe this problem lies in the Linux TCP/IP implementation. Can anybody explain what is wrong with my code?
at first glance there is a similar problem here: https://wpbolt.com/syn-cookies-ate-my-dog-breaking-tcp-on-linux/
but in our case in wireshark see ack for all data packet. it still looks like a kernel bug.
To reproduce this error, it is not necessary to open a large number of TCP connections. 10 is enough.
This can be schematically reproduced as follows:
run server
...
listenfd = socket(...
res = bind(listenfd, ...
res = listen(listenfd, 1); !!! backlog set 1
wait user key press (need wait add socket to backlog queue)
start client
run 10 thread with:
fd = socket(...
z = setsockopt(fd, SOL_TCP, TCP_NODELAY, &one, sizeof(one));
connect(fd ...
for(int i=0;i<28;i++)
send(fd, &buff[i], 1, 0);
recv()
9 TCP streams enter in the backlog queue on the server side and begin re-sending SYN with increasing intervals.
at server side press enter, for unblock and
while(1)
select([listenfd, socketN])
listenfd: new connection
accept(...)
add to socketN
socketN: new data
recv()
As a result, the first bytes of data in several TCP connections will be lost. This behavior is observed on the Ubuntu 24.04 with kernel 6.10.2.
- Have anonymous structs and unions in C11 been incorrectly described?
- Reading the Device Status Report ANSI escape sequence reply
- What is the significance of caddr_t and when is it used?
- webkit_web_view_get_favicon always returns null and notify::favicon never fires
- Is there a way to determine if the representation of a pointer is 'linear' in C?
- Can't you use `,` operator to define a variable in a while loop's expression in C?
- Wrote a program to print prime numbers, How do I make it better?
- how to solve the error (expected identifier before'(' token) in C
- C - function inside struct
- Is lseek() O(1) complexity?
- Libpq: Receiving the value of a procedure's output parameter
- Macro definition to determine big endian or little endian machine?
- Cannot free result from g_date_time_format()
- memset_s(): What does the standard mean with this piece of text?
- How to initialize an global array to a struct?
- Is non-re-enterant issue comes only when we have multiple threads?
- Finding number of repeated elements in an array using C
- Detecting Endianness
- Will C Compiler Optimize Dereferencing in Loop?
- Why this c code below works fine? (C Basic, Buffer overflow test)
- "Trouble concatenating char values alongside int and float in C"
- Why does my Combo Box (WinAPI) not highlight/select its text?
- Exception thrown at 0x69F1454A (nvoglv32.dll) in Playground.exe: 0xC0000005: Access violation reading location 0x0A08D000
- Is it possible to wait a few seconds before printing a new line in C?
- FATAL: ThreadSanitizer: unexpected memory mapping when running on Linux Kernels 6.6+
- My tasmota firmware device failed after I made these changes
- Is there an alternative sleep function in C to milliseconds?
- How to make CPython report vectorcall as available only when it will actually help performance?
- What is lseek of a tty on macOS doing?
- Why is (void) 0 a no operation in C and C++?