Hi,
here's a patch that keeps us from crashing on removal of ip_conntrack.
This problem came up during IBM's testing of SLES.
I'm not sure if this issue has been submitted already.
Problem description courtesy of David Stevens:
It appears that conntrack, when loaded, is queueing the fragments
for reassembly pre-routing (ie, when skb->dst is 0) and giving
the fully reassembled packet to the pre-routing code which will
set skb->dst before using it.
IP without conntrack does the queueing of fragments and reassembly
post-routing, so skb->dst in that case is set for all fragments
and the reassembled packet.
In the failure scenario, it appears that conntrack has queued
some of the fragments (w/ skb->dst=0, esp. in the offset=0 first
fragment) and then the conntrack module is removed. Arrival
of a fragment afterward will queue and reassemble the entire
packet post-routing, but the first frag still has skb->dst 0,
so it'll blow up
To fix this, the patch below simply drops such skbs. A different fix
could be to change the conntrack module to flush out all unassembled
fragments when unloaded; an alternative patch for this is attached as
well (this one is completely untested).
Cheers
Olaf
--
Olaf Kirch | The Hardware Gods hate me.
okir@xxxxxxx |
---------------+
netfilter-unload-crash
Description: Text document
conntrack-flush-fragments
Description: Text document
|