Add ION-DTN host integration: memory allocators, BIB source fix, and WriteBTSD realloc#137
Open
iondev33 wants to merge 5 commits intoNASA-AMMOS:mainfrom
Open
Add ION-DTN host integration: memory allocators, BIB source fix, and WriteBTSD realloc#137iondev33 wants to merge 5 commits intoNASA-AMMOS:mainfrom
iondev33 wants to merge 5 commits intoNASA-AMMOS:mainfrom
Conversation
added 4 commits
February 19, 2026 17:28
This commit fixes a critical memory corruption issue when BSL is integrated
with ION-DTN. The problem occurred because BSL was calling free() on memory
that ION allocated using BSL_CALLOC(), causing munmap_chunk() errors.
Changes:
- Add bool block_numbers_owned field to BSL_PrimaryBlock_t structure
This follows the same ownership pattern as BSL_Data_t.owned
- Modify BSL_PrimaryBlock_deinit() to check ownership before freeing
Only calls BSL_FREE() on block_numbers if BSL owns the memory
- Update BSL mock BPA to set ownership flag after allocation
Ensures BSL-allocated memory is properly tracked
- Fix policy configuration file (policy_provider_test.json):
* Change location from "clin" to "appin" for source role policies
* Fix JSON keys: "src_eid"/"dst_eid" -> "src"/"dest"
* Add EID patterns: "ipn:2.*" and "ipn:3.*" for test scenarios
This fix resolves the crash in ION's bpsec-all-multinode-test.bsl test
where bundles with security blocks would fail with memory corruption errors.
Related ION changes (in ion-ios-dev repository):
- bpv7/bsl/bsl.c sets block_numbers_owned = true after BSL_CALLOC calls
Tested-by: Running bpsec-all-multinode-test.bsl without crashes
- Add ionpatch.h/c for ION memory allocator wrappers - Add ION_INTEGRATION build flag and CMake support - Remove block_numbers_owned field (simplified to unconditional free) - Add macro guards for CHKVOID/CHKNULL to avoid conflicts with ION - Add build-for-ion.sh convenience script
When BSL creates a new BIB security block at the source node, it must store the created block number in the security operation structure so that the security context execution function can retrieve the block metadata. BSL_ExecBCBSource already had this assignment, but BSL_ExecBIBSource was missing it.
…MOS#2) Bug NASA-AMMOS#2: BSL_BundleCtx_WriteBTSD must call realloc callback before write Problem: - BSL_BundleCtx_WriteBTSD was calling the write callback directly without first ensuring the BTSD buffer was large enough - When ION creates extension blocks, they start with length=1 (placeholder) - BSL then attempted to write 82 bytes into the 1-byte buffer - This caused the ION realloc callback to be called during write, but write had already started with insufficient buffer space Root Cause: - BSL_BundleCtx_WriteBTSD (lines 131-137) immediately called: return HostDescriptorTable.block_write_btsd_fn(bundle, block_num, btsd_len); - No buffer size check or realloc call before writing - The write callback would fail when attempting to write beyond allocated space Fix: - Added realloc call before write in BSL_BundleCtx_WriteBTSD (lines 138-148) - Check if realloc callback is registered and btsd_len > 0 - Call block_realloc_btsd_fn to expand buffer to needed size - Return NULL if realloc fails (with error logging) - Only proceed to write if realloc succeeds Code: /* Ensure the BTSD buffer is large enough before writing */ if (btsd_len > 0 && HostDescriptorTable.block_realloc_btsd_fn) { int realloc_result = HostDescriptorTable.block_realloc_btsd_fn(bundle, block_num, btsd_len); if (realloc_result != 0) { BSL_LOG_ERR("Failed to realloc BTSD buffer: block=%llu size=%zu result=%d", (unsigned long long)block_num, btsd_len, realloc_result); return NULL; } } Impact: - BSL now properly expands BTSD buffers before writing - BCB encryption can now write full encrypted payloads - BIB can write full HMAC signatures - This is part of a series of fixes enabling BSL BCB encryption in ION Related ION integration fixes (separate ION commits): - Bug NASA-AMMOS#3: Fix SDR violation in ion_bsl_ReallocBTSD - Bug NASA-AMMOS#4: Add payload block special handling in ion_bsl_ReallocBTSD Test: ION tests/bpsec/bpsec-all-multinode-test.bsl Status: BSL operations now succeed with this fix WIP: bpsec/bpsec-all-multinode-test.bsl not yet passing.
When ION is built with autotools/libtool, the compiled libraries
are placed in the .libs/ subdirectory of the build tree before
installation. Add ${ION_ROOT}/.libs to the find_library hints
so that in-tree builds can locate libici without requiring a
prior make install.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR enables BSL to be built and linked as part of the ION-DTN bundle protocol stack. It
adds an ION_INTEGRATION build option that redirects BSL's memory allocators
(BSL_MALLOC/BSL_CALLOC/BSL_REALLOC/BSL_FREE) to ION's shared working memory system, and
fixes two bugs discovered during end-to-end multinode testing with ION.
This is based on the work done initially by Scott Burleigh as identified in issue: #135 and expanded through debugging and testing process.
The changes in this PR will be required for ION 4.2.0-a.1 release which is integrated with BSL. Current a BSL fork with this branch is part of ION's submodule. ION automake system is updated to automatically build BSL with ION together. The ION 4.2.0-a.1 release is planned for mid-March release.
Changes
When built with -DION_INTEGRATION=ON, BSL uses ION's allocFromIonMemory() /
releaseToIonMemory() instead of the standard C allocator. This is required because ION
manages its own shared memory partition; mixing malloc/free with ION-allocated memory
causes munmap_chunk() crashes.
Files:
macros to ION wrappers
using ION's memory API. Note: ion_realloc copies to a new block because ION's memory
layout does not support in-place expansion
ION_INTEGRATION is defined
bsl_ionpatch static library, adds platform defines required by ION's platform.h
when ION_INTEGRATION is enabled
redefinition conflicts with ION's platform.h
With this change, all BSL heap allocations go through ION's memory manager, eliminating the
cross-allocator corruption that occurred when ION passed its own memory to BSL and BSL
later called free() on it.
BSL_ExecBIBSource was not storing the newly created BIB block number in
sec_oper->sec_block_num after calling BSL_BundleCtx_CreateBlock. The security context
execution function needs this value to retrieve the block's metadata (BTSD buffer).
BSL_ExecBCBSource already had this assignment; this fix brings BIB in line.
Without this fix, BIB source operations fail because the security context cannot locate the
block it needs to write the integrity signature into.
BSL_BundleCtx_WriteBTSD was calling the host's write callback without first ensuring the
BTSD buffer was large enough. When ION creates extension blocks, they start with a 1-byte
placeholder. BSL would then attempt to write the full security result (e.g., 82 bytes for a
BIB HMAC signature) into that 1-byte buffer.
The fix calls block_realloc_btsd_fn before block_write_btsd_fn to expand the buffer to the
needed size. If realloc fails, the function returns NULL with an error log.
Adds a NULL check before calling BSL_FREE(obj->block_numbers). With the ION memory
allocator integration, BSL_FREE routes to the correct allocator regardless of who allocated
the memory, so the previously added ownership-tracking field (block_numbers_owned) was
removed in favor of this simpler approach.
application ingress, not convergence layer ingress)
causing rules to not match any bundles)
Build & Test
Standard BSL build (no ION, unchanged behavior)
./build.sh
BSL build with ION integration
ION_ROOT=/path/to/ion ./build-for-ion.sh
Or manually:
./build.sh prep -DION_INTEGRATION=ON -DION_ROOT=/path/to/ion
./build.sh
Tested with ION's tests/bpsec/bpsec-all-multinode-test.bsl — 3-node topology (nodes 2, 3,
4) over LTP, 6 bundles with BIB+BCB, all tests passing.
Notes for reviewers
(block_numbers_owned) was a temporary fix that commit 3 (ION_INTEGRATION) superseded — the
net diff to BPSecLib_Public.h and mock_bpa/agent.c is zero. Consider squash-merging if a
cleaner history is preferred.
than attempting in-place expansion — ION's memory partition does not support that.
the same macro names.