Red Bear OS 3101345fe6 review: NDP state corruption fix, port double-free fix, observer limits
CRITICAL/MEDIUM BUGS FIXED:

1. ethernet.rs send_ndp_solicit: state corruption via recursive call
   The function destructured self.ndp_state by value (target, tries,
   silent_until) at the start and wrote back at the end. But between
   destructuring and writing back, self.drop_waiting_packets_v6(target)
   could recursively call self.send_ndp_solicit(Instant::ZERO) for a
   different target. The recursive call updated self.ndp_state with the
   new target's state. When control returned to the original frame, the
   original write-back clobbered the recursive call's state, silently
   losing neighbor discovery for the new target.
   Fix: use scoped pattern matches to read target/tries/silent_until
   from the live state right before they are needed, so the recursive
   call's writes are preserved. This matches the pattern used by
   send_arp (which uses ref mut and is correct).

2. scheme/socket.rs on_close: port double-free
   close_file() was called before the refcount check, so the port was
   released on every close. For a dup'd socket, the second close
   tried to release the port again — double-free.
   Fix: compute the new refcount first, only call close_file and
   remove from socket_set when the count reaches 0 (last reference).

3. scheme/tcp.rs new_socket: port + socket leak on connect failure
   If get_port() succeeded but connect() later failed, the port was
   claimed and the socket was added to socket_set, but new_socket
   returned Err. The caller (open_inner) did not insert the file
   handle, so on_close was never called. Both the port and the socket
   slot leaked.
   Fix: when connect() fails, release the auto-allocated port before
   returning. Explicit user-provided ports are still released by
   on_close when the last file is dropped (preserves the existing
   on_close-based release).

4. observer.rs capture: per-packet size limit not enforced
   Vec::with_capacity only pre-allocates; extend_from_slice copies the
   full packet. The intended per-packet limit (MAX_CAPTURE_BYTES /
   max_packets = 256 bytes) was being bypassed, allowing a single
   1500-byte packet to consume the full capture buffer.
   Fix: truncate to per_packet_limit before extending.

5. observer.rs capture: short packets bypassed filter
   Packets < 20 bytes returned true (capture anyway) regardless of
   the user's filter. A filter like 'tcp port 80' would capture all
   short packets, including non-TCP.
   Fix: return false (no match) for short packets. Filter semantics
   are now consistent: if a packet can't be matched, it's not captured.

All 29 existing tests still pass.
2026-07-09 00:42:46 +03:00
2026-07-09 00:34:40 +03:00

Base

Repository containing various system daemons, that are considered fundamental for the OS.

You can see what each component does in the following list:

  • audiod : Daemon used to process the sound drivers audio
  • bootstrap : First code that the kernel executes, responsible for spawning the init daemon
  • daemon : Redox daemon library
  • drivers
  • init : Daemon used to start most system components and programs
  • initfs : Filesystem with the necessary system components to run RedoxFS
  • ipcd : Daemon used for inter-process communication
  • logd : Daemon used to log system components and daemons
  • netstack : Daemon used for networking
  • ptyd : Daemon used for pseudo-terminal
  • ramfs : RAM filesystem
  • randd : Daemon used for random number generation
  • zerod : Daemon used to discard all writes and fill read buffers with zero

How To Contribute

To learn how to contribute you need to read the following document:

If you want to contribute to drivers read its README

Development

To learn how to do development with these system components inside the Redox build system you need to read the Build System and Coding and Building pages.

How To Build

It is recommended to build this system component via the Redox build system, you can learn how to do it on the Building Redox page.

To build and test outside the build system, install redoxer then use check.sh script to build or test:

  • ./check.sh - Check build for x86_64
  • ./check.sh --arch=ARCH - Check build for specific ARCH (aarch64, i586, riscv64gc)
  • ./check.sh --all - Check build for all ARCH
  • ./check.sh --test - Check the base system boots up on x86_64

You can also use make install to inspect the content on ./sysroot, or make test-gui to test booting with orbital interactively.

S
Description
RedBear Operating System, based on RedoxOS. Licenced under MIT license.
https://redbearos.org
Readme MIT 17 GiB
Languages
Rust 99.6%
Linker Script 0.2%
Makefile 0.1%
Shell 0.1%