Skip to main content

C++ After a Long Time

We were facing a weird issue on our almost stable dns infrastructure. We use PDNS servers and our custom backend to serve DNS requests. So the PDNS server pipes the request to custom backend, the backend reads from the pipe and puts the result back in the pipe which is served back to the client by the server. This intro is not at all useful to the post. So please ignore it.
The problem started since Monday where randomly our PDNS backend started using 100% CPU and the PDNS server started crashing. The backend was written in C++ and the debugging started. The backend had no debug mode to start with (!). So we attached all backend processes to strace. Strace showed a particularly crafted DNS request put the backend in infinite loop. We couldn't get the whole request in the strace as it was bigger than default 32 bytes. We started strace with -s 5000 to capture 5000 bytes. Now the dns request is found. The domain name is 312 bytes long. A full domain should not exceed 253 characters ideally. Dig wont allow one to use 312 bytes long domain name. So this dns packet could be crafted.
As we got the input, we started debugging the code with gdb. What we found wierd was cin stops reading from pipe suddenly. The line cin was not waiting for input. We can imitate it by writing a code like

int main(){
  int n;
   while(true){
      cin>>n;
      count<<"got input";
   }
}

At any point when cin is waiting for 'n', if we enter a string cin sets an error flag and stops reading from the input buffer. So "got input" will be printed infinitely from the point n got a string instead of integer.
cin.clear() and cin.ignore() will come in rescue during this situation. This stack overflow link should give more details on this behaviour of C++. 

Comments

Post a Comment

Popular posts from this blog

How we have systematically improved the roads our packets travel to help data imports and exports flourish

This blog post is an account of how we have toiled over the years to improve the throughput of our interDC tunnels. I joined this company around 2012. We were scaling aggressively then. We quickly expanded to 4 DCs with a mixture of AWS and colocation. Our primary DC is connected to all these new DCs via IPSEC tunnels established from SRX. The SRX model we had, had an IPSEC throughput of 350Mbps. Around December 2015 we saturated the SRX. Buying SRX was an option on the table. Buying one with 2Gbps throughput would have cut the story short. The tech team didn't see it happening. I don't have an answer to the question, "Is it worth spending time in solving a problem if a solution is already available out of box?" This project helped us in improving our critical thinking and in experiencing the theoretical network fundamentals on live traffic, but also caused us quite a bit of fatigue due to management overhead. Cutting short the philosophy, lets jump to the story.

The server, me and the conversation

We were moving a project from AWS to our co-located DC. We have setup KVMs scheduled by Cloudstack for each of the component in the architecture. The KVMs used local storage. The VMs are provisioned with more than required resources because we have the opinion that in our DC scaling during peak load and then downscaling doesn't offer much benefits financially as we are anyways paying for the hardware in advance and its also powered on. Its going to be idle if not used. Now we found something interesting our latency in co-located DC was 2 times more than in AWS. The time for first byte at our load balancer in aws was 60ms average and at our DC was 112ms. We started our debugging mission, Mission Conquer-AWS. All the servers are newer Dell hardwares. So the initially intuition was virtualisation is causing the issue. Conversation with the Hypervisor We started with CPU optimisation, we started using the host-passthrough mode of CPU in libvirt so VMs dont see QEMU emulated CPUs,

Ptrace

Ptrace is a nice setup ( some people call dirty setup) on linux to debug running processes. This ptrace in sys/ptrace.h is used by strace and gdb. To trace a child process, the child process should call PTRACE_TRACEME. The kernel during each system call(or execution of each instruction) checks if the process is traced. If it is traced, it issues a SIGTRAP, the parent process if in wait() state, will get a signal. The parent issues a SIGSTOP to hold current state of child and can access the registers and memory of child using PEEKDATA and alter the values in register and memory using POKEDATA. Once the required job is done, parent will allow the child to run with a SIGCONT signal. Since one can access registers, the next instruction to be executed can be easily found using instruction pointer, this comes in handy when we need to set breakpoints while debugging. The entire code base can also be changed using ptrace. PTRACE_ATTACH attaches a running process. It does some hack to become