On Mon, Jan 24, 2005 at 04:15:10PM +0100, Thomas Graf wrote:
>
> After inspecting your iptables rule set I think it is a general UDP DNAT
> problem under some circumstances. Some defragmentation weirdness in
> prerouting might be invovled. It would definitely help to have a dump
> of a complete ip fragments sequence causing this bug but I can't tell
> what exactly is the cause just now so yes it might be a good idea to
> limit the dump to the above subnet and hope the dodgy traffic comes
> from the same subnet again.
OK, I think I've found the problem. It's a totally innocuous bug
in ip_fragment/ip6_fragment. When we're in the fast path and use
the pre-existing frag_list skb's, we forgot to clear ip_summed.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
However, the problem that Patrick identified is very serious and
we should fix that as a matter of urgency.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
p
Description: Text document
|