netdev
[Top] [All Lists]

[PATCH] Prevent crash on ip_conntrack removal

To: netdev@xxxxxxxxxxx
Subject: [PATCH] Prevent crash on ip_conntrack removal
From: Olaf Kirch <okir@xxxxxxx>
Date: Wed, 18 Aug 2004 11:13:52 +0200
Cc: netfilter-devel@xxxxxxxxxxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6i
Hi,

here's a patch that keeps us from crashing on removal of ip_conntrack.
This problem came up during IBM's testing of SLES.
I'm not sure if this issue has been submitted already.

Problem description courtesy of David Stevens:

        It appears that conntrack, when loaded, is queueing the fragments
        for reassembly pre-routing (ie, when skb->dst is 0) and giving
        the fully reassembled packet to the pre-routing code which will
        set skb->dst before using it.

        IP without conntrack does the queueing of fragments and reassembly
        post-routing, so skb->dst in that case is set for all fragments
        and the reassembled packet.

        In the failure scenario, it appears that conntrack has queued
        some of the fragments (w/ skb->dst=0, esp. in the offset=0 first
        fragment) and then the conntrack module is removed. Arrival
        of a fragment afterward will queue and reassemble the entire
        packet post-routing, but the first frag still has skb->dst 0,
        so it'll blow up

To fix this, the patch below simply drops such skbs. A different fix
could be to change the conntrack module to flush out all unassembled
fragments when unloaded; an alternative patch for this is attached as
well (this one is completely untested).

Cheers
Olaf
-- 
Olaf Kirch     |  The Hardware Gods hate me.
okir@xxxxxxx   |
---------------+ 

Attachment: netfilter-unload-crash
Description: Text document

Attachment: conntrack-flush-fragments
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>