lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Mar 2009 22:53:14 +0100
From:	"Jorge Boncompte [DTI2]" <jorge@...2.net>
To:	jarkao2@...il.com
CC:	netdev@...r.kernel.org
Subject: Re: [PATCHv2] netns: oops in ip_frag_reasm incrementing stats

Jarek Poplawski escribió:
> Jorge Boncompte [DTI2] wrote, On 03/16/2009 01:09 PM:
> 
>> dev can be NULL on ip_frag_reasm for skb's coming from RAW sockets.
>>
>> Quagga's OSPFD sends fragmented packets on a RAW socket, when netfilter
>> conntrack reassembles them on the OUTPUT path you hit this code path.
>>
>> Changes from v1:
>>    - Fixed description
>>
>> Signed-off-by: Jorge Boncompte [DTI2] <jorge@...2.net>
>> ---
>> net/ipv4/ip_fragment.c |   14 +++++++-------
>> 1 files changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
>> index 6659ac0..8f150d5 100644
>> --- a/net/ipv4/ip_fragment.c
>> +++ b/net/ipv4/ip_fragment.c
> 
> ...
> 
>> -static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
>> +static int ip_frag_reasm(struct net *net, struct ipq *qp, struct sk_buff *prev,
>> 			 struct net_device *dev)
>> {
>> 	struct iphdr *iph;
>> @@ -548,7 +548,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
>> 	iph = ip_hdr(head);
>> 	iph->frag_off = 0;
>> 	iph->tot_len = htons(len);
>> -	IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMOKS);
>> +	IP_INC_STATS_BH(net, IPSTATS_MIB_REASMOKS);
> 
> 
> I didn't check this but isn't something like this possible here too?:
> 
> static inline int ip_frag_too_far(struct ipq *qp)
> {
> 	...
>         net = container_of(qp->q.net, struct net, ipv4.frags);
>         IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
> 

	Yes, it seems so. I did not noticed how the rest of the code accessed
the net pointer, sorry.
	Do you want to send a patch yourself or should I do it?

	Regards,

	Jorge
-- 
==============================================================
Jorge Boncompte - Ingenieria y Gestion de RED
DTI2 - Desarrollo de la Tecnologia de las Comunicaciones
--------------------------------------------------------------
C/ Abogado Enriquez Barrios, 5   14004 CORDOBA (SPAIN)
Tlf: +34 957 761395 / FAX: +34 957 450380
==============================================================
- Sin pistachos no hay Rock & Roll...
- Without wicker a basket cannot be made.
==============================================================

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ