netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Bug in ipv6_ifa_notify?

from [Herbert Xu] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
Subject: Bug in ipv6_ifa_notify?
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 8 Nov 2004 17:15:29 +1100
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040722i 
Hi:

I'm reviewing the changes between 2.6.8.1 and 2.6.9.  The following
change caught my eye:

# ChangeSet
#   2004/08/17 11:25:16+09:00 yoshfuji@xxxxxxxxxxxxxx
#   [IPV6] refer inet6 device via corresponding local route from address 
structure.

In particular, it changed the handling of RTM_NEWADDR in ipv6_ifa_notify.
Previously if you received duplicate RTM_NEWADDR notifications
ip6_rt_addr_add would allocate a new rt and then free it since
ip6_ins_rt would fail.

With the new code, it will call ip6_ins_rt on the *same* rt
again which will cause it to be dst_free'd.  I don't see any
way for this to lead to dst underflows yet, but it'll certainly
corrupt the routing table since dst_free modifies rt->u.next.

Now the question is is it possible to get dupliate RTM_NEWADDR
notifications?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Prism54-devel] Prism54 AP WPA using Hostap and WDS, Jouni Malinen
Next by Date:  [PATCH wireless-2.6 0/12] Host AP update, Jouni Malinen
Previous by Thread:  Re: [RFC] IPSEC failover and replay detection sequence numbers, Michael Richardson
Next by Thread:  Re: Bug in ipv6_ifa_notify?, Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]