Re: [PATCH] Prevent crash on ip

netdev

Re: [PATCH] Prevent crash on ip_conntrack removal

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Re: [PATCH] Prevent crash on ip_conntrack removal
From:	"David S. Miller" <davem@xxxxxxxxxx>
Date:	Sat, 21 Aug 2004 22:13:44 -0700
Cc:	laforge@xxxxxxxxxxxxx, okir@xxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<412765DC.30600@trash.net>
References:	<20040818091352.GB6507@suse.de> <20040819101159.GC3921@sunbeam.de.gnumonks.org> <20040819071846.2d0d6120.davem@redhat.com> <4124BF7E.7090304@trash.net> <20040819081428.5243e314.davem@redhat.com> <412765DC.30600@trash.net>
Sender:	netdev-bounce@xxxxxxxxxxx

On Sat, 21 Aug 2004 17:10:20 +0200
Patrick McHardy <kaber@xxxxxxxxx> wrote:

> David S. Miller wrote:
> 
> >I have a better idea.
> >
> >Instead of setting skb->dst to NULL, it should set it to some
> >NULL destination entry which just frees up the packets.  Then
> >no special case handling.  skb->dst==NULL packets should never
> >get into the fragment queue to begin with.
> >
> The problem is that conntrack unload can cause packets without a
> dst_entry to appear in ip_local_deliver, which is already after
> the call to dst_input.

How can it call ip_local_deliver() without a valid skb->dst?
That function is only invoked via skb->dst->input(skb) which
by implication means that skb->dst is non-NULL.

Actually there is a call via ip_mr_input() but that code also
has a precondition that skb->dst is non-NULL too.  I say this
due to the unchecked skb->dst accesses it makes early on.

Please explain.  I don't question that it happens, just show
me how :-)

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Prevent crash on ip_conntrack removal, Olaf Kirch Re: [PATCH] Prevent crash on ip_conntrack removal, Harald Welte Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller <= Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller Re: [PATCH] Prevent crash on ip_conntrack removal, David Stevens Re: [PATCH] Prevent crash on ip_conntrack removal, Nivedita Singhvi Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy Re: [PATCH] Prevent crash on ip_conntrack removal, David Stevens Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy

Previous by Date:	Re: 2.6.8-rc4-bk1 problem: unregister_netdevice: waiting for ppp0 to become free. Usage count = 1, Nuno Silva
Next by Date:	Re: [PATCH 2.6]: Mark some xfrm-functions/data static, David S. Miller
Previous by Thread:	Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy
Next by Thread:	Re: [PATCH] Prevent crash on ip_conntrack removal, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]