netdev
[Top] [All Lists]

Re: [PATCH] Prevent crash on ip_conntrack removal

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Re: [PATCH] Prevent crash on ip_conntrack removal
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Sun, 22 Aug 2004 22:03:31 -0700
Cc: laforge@xxxxxxxxxxxxx, okir@xxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <41289859.2040803@trash.net>
References: <20040818091352.GB6507@suse.de> <20040819101159.GC3921@sunbeam.de.gnumonks.org> <20040819071846.2d0d6120.davem@redhat.com> <4124BF7E.7090304@trash.net> <20040819081428.5243e314.davem@redhat.com> <412765DC.30600@trash.net> <20040821221344.6dbc98ed.davem@redhat.com> <41289859.2040803@trash.net>
Sender: netdev-bounce@xxxxxxxxxxx
On Sun, 22 Aug 2004 14:58:01 +0200
Patrick McHardy <kaber@xxxxxxxxx> wrote:

> The first fragment (offset=0) is given to ip_defrag by conntrack
> at PRE_ROUTING, without a dst_entry. Then conntrack is unloaded.
> Further fragments are now queued in ip_local_deliver. When the
> packet is reassembled and "continues" its way from
> ip_local_deliver, it doesn't have a dst_entry.
> 
> The opposite way is of course also possible, packets queued in
> ip_local_deliver can jump and appear in the PRE_ROUTING hook
> when conntrack is loaded, but that way doesn't seem to cause
> problems.

Thanks for the explanation Patrick.

Let me brain storm on this on Monday (tomorrow).

<Prev in Thread] Current Thread [Next in Thread>