lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 20 Aug 2012 17:06:39 +0800
From:	Cong Wang <amwang@...hat.com>
To:	Michal Kubeček <mkubecek@...e.cz>
Cc:	netdev@...r.kernel.org, Herbert Xu <herbert@...dor.hengli.com.au>,
	"David S. Miller" <davem@...emloft.net>,
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
	Patrick McHardy <kaber@...sh.net>,
	Shan Wei <shanwei@...fujitsu.com>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	netfilter-devel@...r.kernel.org
Subject: Re: [RFC Patch net-next] ipv6: unify conntrack reassembly expire
 code with standard one

Hi, Michal!

On Fri, 2012-08-17 at 19:05 +0200, Michal Kubeček wrote:
> On Friday 17 of August 2012 16:02EN, Cong Wang wrote:
> > Two years ago, Shan Wei tried to fix this:
> > http://patchwork.ozlabs.org/patch/43905/
> > 
> ...
> >
> > As Herbert suggested, we could actually use the standard IPv6
> > reassembly code which follows RFC2460.
> 
> I tested the patch and I ran into a problem in this place in 
> ip6_expire_frag_queue():
> 
> >  	net = container_of(fq->q.net, struct net, ipv6.frags);
> 
> For frag queues coming from IPv6 conntrack, fq->q.net points to 
> nf_init_frags which is not embedded into struct net so that the 
> following device lookup leads to reading from an invalid address.
> The same problem has been discussed on the page linked above.
> 
> I didn't test with current net-next source but as far as I can tell, 
> this hasn't changed. Did I miss something?
> 

No, you don't miss anything. I missed that piece of code, you are right
that nf_init_frags is not actually embedded, so that container_of()
doesn't work. I think we probably can save the struct net pointer in
struct netns_frags during inet_frags_init_net(), so that container_of()
can be eliminated. 

Thanks for testing! I tried to test it too, but seems I can't trigger a
defragment. Any hints?

Thanks!

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ