| To: | Patrick McHardy <kaber@xxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] Prevent crash on ip_conntrack removal |
| From: | David Stevens <dlstevens@xxxxxxxxxx> |
| Date: | Mon, 23 Aug 2004 14:18:24 -0700 |
| Cc: | "David S. Miller" <davem@xxxxxxxxxx>, laforge@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netdev-bounce@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, okir@xxxxxxx |
| In-reply-to: | <41289859.2040803@trash.net> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
BTW, since some of the frags (esp. the one that triggers the problem)
are added post-routing, a valid dst is available. It just isn't the first
frag in the particular scenario.
So, one solution would be to set skb->dst for the head (if NULL) based
on a non-null fragment skb->dst. I believe that would prevent the problem
case without dropping the fragment, since it'll be processed post-routing
only if one of the frags is.
When I was looking at it, I wondered if conntrack really has a need to
reassemble itself, though. Couldn't it let IP do the reassembling and
just ignore offset != 0 frags? The offset==0 frags will have enough
protocol header to identify by port (a requirement for ICMP). But I don't
know this code well enough to know if conntrack does actually need
to reassemble for some good reason. Superficially, I wouldn't think
there'd be a reason for it.
+-DLS
|
| Previous by Date: | [RFC/PATCH] Add support for setting net_device flags via RTM_SETLINK, Thomas Graf |
|---|---|
| Next by Date: | Re: [RFC/PATCH] Add support for setting net_device flags via RTM_SETLINK, Thomas Graf |
| Previous by Thread: | Re: [PATCH] Prevent crash on ip_conntrack removal, David S. Miller |
| Next by Thread: | Re: [PATCH] Prevent crash on ip_conntrack removal, Nivedita Singhvi |
| Indexes: | [Date] [Thread] [Top] [All Lists] |