lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Mar 2009 23:05:26 +0100
From:	Jarek Poplawski <jarkao2@...il.com>
To:	"Jorge Boncompte [DTI2]" <jorge@...2.net>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCHv2] netns: oops in ip_frag_reasm incrementing stats

On Mon, Mar 16, 2009 at 10:53:14PM +0100, Jorge Boncompte [DTI2] wrote:
> Jarek Poplawski escribió:
>> Jorge Boncompte [DTI2] wrote, On 03/16/2009 01:09 PM:
>>
>>> dev can be NULL on ip_frag_reasm for skb's coming from RAW sockets.
>>>
>>> Quagga's OSPFD sends fragmented packets on a RAW socket, when netfilter
>>> conntrack reassembles them on the OUTPUT path you hit this code path.
>>>
>>> Changes from v1:
>>>    - Fixed description
>>>
>>> Signed-off-by: Jorge Boncompte [DTI2] <jorge@...2.net>
>>> ---
>>> net/ipv4/ip_fragment.c |   14 +++++++-------
>>> 1 files changed, 7 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
>>> index 6659ac0..8f150d5 100644
>>> --- a/net/ipv4/ip_fragment.c
>>> +++ b/net/ipv4/ip_fragment.c
>>
>> ...
>>
>>> -static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
>>> +static int ip_frag_reasm(struct net *net, struct ipq *qp, struct sk_buff *prev,
>>> 			 struct net_device *dev)
>>> {
>>> 	struct iphdr *iph;
>>> @@ -548,7 +548,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
>>> 	iph = ip_hdr(head);
>>> 	iph->frag_off = 0;
>>> 	iph->tot_len = htons(len);
>>> -	IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMOKS);
>>> +	IP_INC_STATS_BH(net, IPSTATS_MIB_REASMOKS);
>>
>>
>> I didn't check this but isn't something like this possible here too?:
>>
>> static inline int ip_frag_too_far(struct ipq *qp)
>> {
>> 	...
>>         net = container_of(qp->q.net, struct net, ipv4.frags);
>>         IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
>>
>
> 	Yes, it seems so. I did not noticed how the rest of the code accessed
> the net pointer, sorry.
> 	Do you want to send a patch yourself or should I do it?
>

You did the whole work so I hope you'll finish this (after checking
and maybe some testing)!

Regards,
Jarek P.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ