好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 zzzznl 于 2024-5-21 02:48 编辑
系统版本:Linux version 3.10.0-1160.53.1.el7.x86_64(mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat4.8.5-44) (GCC) );
运行软件:lgateway,大致算协议转换类,GCC编译;
现象:向两个IP的连接用了同一个套接字句柄,即socket(2,1,0)返回值;
10:49:36~10 :49:42之间未发现其他socketfd4相关日志 ;
关闭套接字
问题:出现以上现象的原因、后果,及我认识中不对的地方;
两个连接同一套接字是否会由后建立的信息覆盖先建立的socket文件,导致前一连接要读写的内容,读写到后一连接中。例如我要在master1中写保持寄存器,实际会写到master17中。这种写入会立刻发生还是有什么触发条件;
或者在我没看到的地方加个ID,能使同一套接字管理IP不同的两个连接;
实际上,未发现这两个连接的其他日志,将近20分钟之后,应该写到master1的数,确实写到了master17里,这又是什么原理(为啥不是立即);
这种多线程连接的,(socket文件)是否会加锁,是否需要加锁;
我在Linux和网络方面都是小白,感觉自己基础太薄弱,大佬有合适的,原理讲的比较清楚的资料也请推荐下;
说明:软件是多线程的,个人理解每一个连接用一个线程对于ModbusTCP相关内容,sockaddr结构体地址的TCP连接建立成功(connect()返回值大于等于0)会出:[INFO]ModbusTCP Master%d: socketfd%d;
关闭套接字(close())前会出:[WARNING]ModbusTCP Master%d:socketfd%d,close!
套接字描述/句柄(socketfd后面的%d)为int socket(2,1,0)返回值;
Send err. Break!为CIP协议相关报警,因为CIP协议的其他日志需要debug版本记录,正常运行时就这一条日志。根据下一条文件错误,虽然没证据,但我理解是socketfd5的资源释放了,也就是之前就有CIP连接和master17共用socket文件;
硬件资源应该不紧张,I5-2400 CPU,就运行这一个应用程序,平时利用率不到1%,内存Memory: 3542912k/4708352k available (7796k kernel code, 624380kabsent, 541060k reserved, 5947k data, 1980k init);
伪代码(IDA):
[C++] 纯文本查看 复制代码 void __cdecl __noreturn modbus_tcp_master(char *a1)
{
pthread_t v1; // eax
int v2; // edx
int v3; // eax
int v4; // edx
int *v5; // eax
char *v6; // esi
int *v7; // eax
int v8; // [esp+0h] [ebp-C88h] BYREF
int v9; // [esp+4h] [ebp-C84h]
int v10; // [esp+8h] [ebp-C80h]
int v11; // [esp+Ch] [ebp-C7Ch]
char s[1032]; // [esp+18h] [ebp-C70h] BYREF
int v13; // [esp+420h] [ebp-868h] BYREF
char v14[4]; // [esp+424h] [ebp-864h]
int v15; // [esp+428h] [ebp-860h]
int v16; // [esp+42Ch] [ebp-85Ch]
int fd[2]; // [esp+C30h] [ebp-58h] BYREF
__int16 v18; // [esp+C3Ah] [ebp-4Eh]
unsigned __int16 v19; // [esp+C3Ch] [ebp-4Ch]
unsigned __int16 v20; // [esp+C3Eh] [ebp-4Ah]
int v21; // [esp+C40h] [ebp-48h]
int v22; // [esp+C44h] [ebp-44h]
char v23; // [esp+C4Bh] [ebp-3Dh]
int v24; // [esp+C4Ch] [ebp-3Ch]
int v25; // [esp+C50h] [ebp-38h]
__int16 v26; // [esp+C56h] [ebp-32h]
unsigned __int8 v27; // [esp+C59h] [ebp-2Fh]
unsigned __int8 v28; // [esp+C5Ah] [ebp-2Eh]
char v29; // [esp+C5Bh] [ebp-2Dh]
int v30; // [esp+C5Ch] [ebp-2Ch]
int v31; // [esp+C60h] [ebp-28h]
int v32; // [esp+C64h] [ebp-24h]
bool v33; // [esp+C6Ah] [ebp-1Eh]
char v34; // [esp+C6Bh] [ebp-1Dh]
int v35; // [esp+C6Ch] [ebp-1Ch]
v1 = pthread_self();
pthread_detach(v1);
v25 = (int)a1;
v35 = 0;
log_message(DebugMBTCP, 6, "ModbusTCP_master%d", a1 + 1);
if ( (int)a1 < 0 || v25 > 99 )
{
log_message(DebugMBTCP, 3, "ModbusTCP_master%d:ModbusTCPNO err!pthread_exit.", v25 + 1);
pthread_exit(0);
}
v24 = 0;
v34 = 0;
v33 = 1;
v33 = byte_82D2998[22316 * v25 + 3] != 0;
v23 = byte_82D2998[22316 * v25 + 2];
LABEL_161:
if ( !running )
{
byte_82D2998[22316 * v25 + 1] = 0;
log_message(1, 4, "ModbusTCP Master%d:pthread_exit!", v25 + 1);
*((_BYTE *)&unk_82D2898 + 22316 * v25) = 0;
g_inputreg[(v25 >> 4) + 8] &= ~(unsigned __int16)(1 << (v25 & 0xF));
g_inputreg[(v25 >> 4) + 28] &= ~(unsigned __int16)(1 << (v25 & 0xF));
IEC104DeviceStatus(CS101_COT_SPONTANEOUS, ca, *((_DWORD *)&unk_82D2894 + 5579 * v25) | 0x10000, 0, 0);
pthread_exit(0);
}
*((_BYTE *)&unk_82D2898 + 22316 * v25) = 0;
g_inputreg[(v25 >> 4) + 8] &= ~(unsigned __int16)(1 << (v25 & 0xF));
g_inputreg[(v25 >> 4) + 28] &= ~(1 << (v25 & 0xF));
while ( running )
{
if ( byte_82D2998[22316 * v25 + 3] && v33 )
{
if ( byte_82D2998[22316 * v25 + 19] )
v33 = 0;
MBTCPClientInit((int)fd);
MBTCPSetTimeout(fd[0], 3);
log_message(
DebugMBTCP,
7,
"ModbusTCP Master%d: trying to connect slave IP1 to %s.",
v25 + 1,
(const char *)(22316 * v25 + 137177499));
if ( TCPClientConnect(fd[0], (char *)(22316 * v25 + 137177499), 0x1F6u) >= 0 )
break;
log_message(DebugMBTCP, 7, "ModbusTCP Master%d: connect err.", v25 + 1);
log_message(DebugMBTCP, 7, "ModbusTCP Master%d:socketfd=%d,close.", v25 + 1, fd[0]);
close(fd[0]);
}
if ( byte_82D2998[22316 * v25 + 19] && !v33 )
{
v33 = byte_82D2998[22316 * v25 + 3] != 0;
MBTCPClientInit((int)fd);
MBTCPSetTimeout(fd[0], 3);
log_message(
DebugMBTCP,
7,
"ModbusTCP Master%d: trying to connect slave IP2 to %s.\n",
v25 + 1,
(const char *)(22316 * v25 + 137177515));
if ( TCPClientConnect(fd[0], (char *)(22316 * v25 + 137177515), 502u) >= 0 )
break;
log_message(DebugMBTCP, 7, "ModbusTCP Master%d: connect err.", v25 + 1);
log_message(DebugMBTCP, 7, "ModbusTCP Master%d:socketfd=%d,close.", v25 + 1, fd[0]);
close(fd[0]);
}
usleep(3000000u);
}
*((_DWORD *)&unk_82D2890 + 5579 * v25) = fd[0];
log_message(1, 6, "ModbusTCP Master%d: socketfd%d", v25 + 1, fd[0]);
v22 = 0;
v32 = 0;
v31 = 0;
v30 = 0;
v34 = 0;
while ( 1 )
{
do
{
while ( 1 )
{
if ( !running )
goto LABEL_160;
if ( !v35 )
{
memset((void *)(22316 * v25 + 137177241), 0, 0xFFu);
v31 = 1;
v30 = 0;
}
while ( v35 <= 499 )
{
v29 = 0;
if ( byte_82D2998[22316 * v25 + 36 + 44 * v35] )
{
if ( byte_82D2998[22316 * v25 + 37 + 44 * v35] )
{
if ( byte_82D2998[22316 * v25 + 37 + 44 * v35] == 1
&& g_reg[*(_DWORD *)&byte_82D2998[22316 * v25 + 56 + 44 * v35]] )
{
v29 = 1;
}
else if ( byte_82D2998[22316 * v25 + 37 + 44 * v35] == 2
&& GETDiscretes(*(_DWORD *)&byte_82D2998[22316 * v25 + 56 + 44 * v35]) )
{
v29 = 1;
}
}
else
{
v29 = 1;
}
}
if ( v29 )
break;
++v35;
}
if ( v35 <= 499 )
break;
if ( v30 )
{
*((_BYTE *)&unk_82D2898 + 22316 * v25) = 1;
}
else if ( v34 > v23 )
{
*((_BYTE *)&unk_82D2898 + 22316 * v25) = 0;
}
v24 = (1 << (v25 & 0xF)) & (unsigned __int16)g_inputreg[(v25 >> 4) + 28];
if ( *((_BYTE *)&unk_82D2898 + 22316 * v25) )
v2 = (unsigned __int16)g_inputreg[(v25 >> 4) + 28] | (1 << (v25 & 0xF));
else
v2 = (unsigned __int16)g_inputreg[(v25 >> 4) + 28] & ~(1 << (v25 & 0xF));
g_inputreg[(v25 >> 4) + 28] = v2;
v3 = (v25 >> 4) + 8;
if ( v31 )
v4 = (unsigned __int16)g_inputreg[v3] | (1 << (v25 & 0xF));
else
v4 = (unsigned __int16)g_inputreg[v3] & ~(1 << (v25 & 0xF));
g_inputreg[v3] = v4;
if ( v24 && !*((_BYTE *)&unk_82D2898 + 22316 * v25) || !v24 && *((_BYTE *)&unk_82D2898 + 22316 * v25) )
{
if ( *((_DWORD *)&unk_82D2894 + 5579 * v25) )
IEC104DeviceStatus(
CS101_COT_SPONTANEOUS,
ca,
*((_DWORD *)&unk_82D2894 + 5579 * v25) | 0x10000,
*((_BYTE *)&unk_82D2898 + 22316 * v25) != 0,
0);
}
if ( v34 > v23 )
{
log_message(1, 4, "modbus_tcp_master%d: cmdi=0,MBerr>%d,break!", v25 + 1, v23);
goto LABEL_160;
}
v35 = 0;
}
usleep(1000 * *((_DWORD *)&unk_82D2888 + 5579 * v25));
v21 = (unsigned __int8)byte_82D2998[22316 * v25 + 38 + 44 * v35];
v20 = *(_DWORD *)&byte_82D2998[22316 * v25 + 44 + 44 * v35];
v19 = *(_DWORD *)&byte_82D2998[22316 * v25 + 52 + 44 * v35];
v18 = *(_DWORD *)&byte_82D2998[22316 * v25 + 48 + 44 * v35];
v28 = 0;
v27 = 0;
v26 = 0;
fd[1] = 0;
}
while ( *(_BYTE *)(22316 * v25 + v21 + 137177241) == 1 );
memset(s, 0, sizeof(s));
switch ( byte_82D2998[22316 * v25 + 39 + 44 * v35] )
{
case 1:
v28 = v19 >> 3;
if ( (v19 & 7) != 0 )
++v28;
v27 = v28 >> 1;
if ( (v28 & 1) != 0 )
++v27;
if ( v20 + v27 > 15000 )
goto LABEL_135;
((void (__stdcall *)(int *))MBTCPReadCoils2)(&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( !v15 && *(int *)v14 > 0 )
goto LABEL_85;
v31 = 0;
if ( v34 <= v23 )
++v34;
goto LABEL_145;
case 2:
v28 = v19 >> 3;
if ( (v19 & 7) != 0 )
++v28;
v27 = v28 >> 1;
if ( (v28 & 1) != 0 )
++v27;
if ( v20 + v27 > 15000 )
goto LABEL_135;
MBTCPReadDecreteInputs2((int)&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( v15 || *(int *)v14 <= 0 )
{
v31 = 0;
if ( v34 <= v23 )
++v34;
}
else
{
LABEL_85:
v34 = 0;
v30 = 1;
swapreg((int)s, v27, (unsigned __int8)byte_82D2998[22316 * v25 + 40 + 44 * v35]);
memcpy(&g_reg[v20], s, 2 * v27);
}
goto LABEL_145;
case 3:
if ( v20 + v19 > 15000 )
goto LABEL_135;
((void (__stdcall *)(int *))MBTCPReadHoldingRegisters2)(&v13);
if ( v15 == -9 )
{
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
log_message(DebugMBTCP, 7, "MB_ERROR_TIMEOUT");
}
if ( !v15 && *(int *)v14 > 0 )
goto LABEL_64;
v31 = 0;
if ( v34 <= v23 )
++v34;
goto LABEL_145;
case 4:
if ( v20 + v19 > 15000 )
goto LABEL_135;
MBTCPReadInputRegisters2((int)&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( v15 || *(int *)v14 <= 0 )
{
v31 = 0;
if ( v34 <= v23 )
++v34;
}
else
{
LABEL_64:
v34 = 0;
v30 = 1;
swapreg((int)s, v19, (unsigned __int8)byte_82D2998[22316 * v25 + 40 + 44 * v35]);
memcpy(&g_reg[v20], s, 2 * v19);
}
goto LABEL_145;
case 5:
if ( v20 + 1 > 15000 )
goto LABEL_135;
memcpy(s, (const void *)(2 * v20 + 139408832), 2u);
swapreg((int)s, 1, (unsigned __int8)byte_82D2998[22316 * v25 + 40 + 44 * v35]);
if ( (s[0] & 1) != 0 )
v26 = -256;
MBTCPWriteSingleCoil2((int)&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( v15 || *(int *)v14 <= 0 )
{
v31 = 0;
if ( v34 <= v23 )
++v34;
}
else
{
v34 = 0;
v30 = 1;
}
goto LABEL_145;
case 6:
if ( v20 + 1 > 15000 )
goto LABEL_135;
memcpy(s, (const void *)(2 * v20 + 139408832), 2u);
swapreg((int)s, 1, (unsigned __int8)byte_82D2998[22316 * v25 + 40 + 44 * v35]);
MBTCPWriteSingleRegister2((int)&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( v15 || *(int *)v14 <= 0 )
{
v31 = 0;
if ( v34 <= v23 )
++v34;
}
else
{
v34 = 0;
v30 = 1;
}
goto LABEL_145;
case 0xF:
v28 = v19 >> 3;
if ( (v19 & 7) != 0 )
++v28;
v27 = v28 >> 1;
if ( (v28 & 1) != 0 )
++v27;
if ( v20 + v27 > 15000 )
goto LABEL_135;
memcpy(s, (const void *)(2 * v20 + 139408832), v28);
swapreg((int)s, v27, (unsigned __int8)byte_82D2998[22316 * v25 + 40 + 44 * v35]);
MBTCPWriteMultipleCoils2((int)&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( v15 || *(int *)v14 <= 0 )
{
v31 = 0;
if ( v34 <= v23 )
++v34;
}
else
{
v34 = 0;
v30 = 1;
}
goto LABEL_145;
case 0x10:
if ( v20 + v19 > 15000 )
{
LABEL_135:
log_message(DebugMBTCP, 7, "ModbusTCP Master%d:cmd reg err!", v25 + 1);
++v35;
}
else
{
memcpy(s, (const void *)(2 * v20 + 139408832), 2 * v19);
swapreg((int)s, v19, (unsigned __int8)byte_82D2998[22316 * v25 + 40 + 44 * v35]);
MBTCPWriteMultipleRegisters2((int)&v8);
v13 = v8;
*(_DWORD *)v14 = v9;
v15 = v10;
v16 = v11;
if ( v10 == -9 )
*(_BYTE *)(22316 * v25 + v21 + 137177241) = 1;
if ( v15 || *(int *)v14 <= 0 )
{
v31 = 0;
if ( v34 <= v23 )
++v34;
}
else
{
v34 = 0;
v30 = 1;
}
LABEL_145:
++v35;
if ( v15 )
log_message(DebugMBTCP, 7, "ret.adu_len = %d ,MB_OK = %d", *(_DWORD *)v14, v15);
if ( v34 > v23 )
{
log_message(1, 4, "modbus_tcp_master%d: MBerr>%d,break!", v25 + 1, v23);
goto LABEL_160;
}
if ( *(int *)v14 <= 0 )
{
if ( *(int *)v14 >= 0 || *__errno_location() != 11 && *__errno_location() != 11 && *__errno_location() != 4 )
{
v5 = __errno_location();
v6 = strerror(*v5);
v7 = __errno_location();
log_message(
1,
4,
"modbus_tcp_master%d:sendlen=%d,recvlen=%d,errno=%d:%s! break!",
v25 + 1,
v13,
*(_DWORD *)v14,
*v7,
v6);
LABEL_160:
log_message(1, 4, "ModbusTCP Master%d:socketfd%d,close!", v25 + 1, fd[0]);
close(fd[0]);
*((_BYTE *)&unk_82D2898 + 22316 * v25) = 0;
*((_DWORD *)&unk_82D2890 + 5579 * v25) = 0;
g_inputreg[(v25 >> 4) + 8] &= ~(unsigned __int16)(1 << (v25 & 0xF));
g_inputreg[(v25 >> 4) + 28] &= ~(unsigned __int16)(1 << (v25 & 0xF));
IEC104DeviceStatus(CS101_COT_SPONTANEOUS, ca, *((_DWORD *)&unk_82D2894 + 5579 * v25) | 0x10000, 0, 0);
goto LABEL_161;
}
log_message(DebugMBTCP, 7, "modbus_tcp_master%d: try!", v25 + 1);
if ( v23 <= ++v32 )
{
log_message(1, 4, "modbus_tcp_master%d: tryn,break!", v25 + 1);
goto LABEL_160;
}
}
else
{
v32 = 0;
}
}
break;
default:
goto LABEL_145;
}
}
}
|
|
发表于 2024-5-21 02:43
