lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 10 Oct 2008 22:50:47 +0200
From:	"Nir Tzachar" <nir.tzachar@...il.com>
To:	linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org
Subject: Re: WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89 nf_nat_fn+0x33/0x155()

On Fri, Oct 10, 2008 at 10:49 PM, Nir Tzachar <nir.tzachar@...il.com> wrote:
> Patrick McHardy wrote:
>> Patrick McHardy wrote:
>>> Nir Tzachar wrote:
>>>> Hello.
>>>>
>>>> The following warning is reproducible with the code below on 2.6.25.6,
>>>> which uses sendmsg on a udp socket using two iovecs:
>>>>
>>>> ....
>>>> And I always get  the following warning twice:
>>>>
>>>> [ 6658.338116] ------------[ cut here ]------------
>>>> [ 6658.338121] WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89
>>>> nf_nat_fn+0x33/0x155()
>>>
>>> Thanks for the report. Does this patch fix it?
>>
>> Actually, this can't be it. Let me look again.
>
>>Found it - we lost an ifdef during the transition to nf_conntrack
>>guarding an exception from defragmentation on loopback input.
>
>>This patch should fix the warning.
>
>

Yes, the patch below fixes the problem.
10x.

> ["x" (text/plain)]
>
> diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c \
> b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 5a955c4..7eb0b61 100644
> --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
> +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
> @@ -150,10 +150,12 @@ static unsigned int
> ipv4_conntrack_defrag(unsigned int hooknum,
>                                          const struct net_device *out,
>                                          int (*okfn)(struct sk_buff *))
>  {
> +#if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE)
>        /* Previously seen (loopback)?  Ignore.  Do this before
>           fragment check. */
>        if (skb->nfct)
>                return NF_ACCEPT;
> +#endif
>
>        /* Gather fragments. */
>        if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ