Menu
I have a Java reader application that reads from a multicast socket on a Linux 64-bit platform (2.6.18). The socket size has been set to 2 MB. When the reader cannot read fast enough the socket "overflows", i.e. packets are dropped from the buffer.
What I would like to know is how the Linux kernel drops packets out of the socket buffer. I assume that the socket buffer itself is a FIFO buffer. However, if it is full what happens? Will the next packet be discarded (and the buffer content does not change)? Or will the new packet replace an old packet in the buffer? If yes, which packet (the oldest?, the youngest?, a randomly chosen packet?)?
Thanks for any insight.
489
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
TCP sockets use buffering in the protocol stack. The stack itself implements flow control so that if the server's buffer is full, it will stop the client stack from sending more data. Your code will see this as a blocked call to send() . The buffer size can vary widely from a few kB to several MB.
There are mainly four methods to protect against buffer overflows: patch the kernel to prevent stack execution. You can use either: Exec-shield, OpenWall or PaX (included in the Grsecurity and Adamantix patches). fix the source code by using tools to find fragments of it that might introduce this vulnerability.
As the receive buffer becomes full, new data cannot be accepted from the network for this socket and must be dropped, which indicates a congestion event to the transmitting node.
When the buffer is full, incoming packets are discarded. Packets that are already in the buffer are not modified or replaced.
127
Just an addition to the answer by JS Bangs.
This is not the only place in the network stack where packets can be dropped. Socket receive buffer is high in the hierarchy and is specific to the user socket. One other place closer to hardware (at least in Linux) is the queue between the device driver and the NET_RX softirq (see netif_rx().) These drops will contribute to RX-DRP column in netstat -i output.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
