| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170313173942.GB26782@breakpoint.cc>
Date: Mon, 13 Mar 2017 18:39:42 +0100
From: Florian Westphal <fw@...len.de>
To: Dan Streetman <dan.streetman@...onical.com>
Cc: David Miller <davem@...emloft.net>, fw@...len.de,
eric.dumazet@...il.com, lkml@...ene.org, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org
Subject: Re: ip_rcv_finish() NULL pointer kernel panic
Dan Streetman <dan.streetman@...onical.com> wrote:
> > But I have to say that this netfilter bridging fake dst has caused
> > several dozen bugs over the years, it is fundamentally a serious
> > problem in and of itself. It provides DST facilities by hand, in a
> > static object, without using any of the usual methods for creating and
> > facilitating dst objects.
> >
> > Therefore every time someone makes an adjustment to common dst code,
> > this turd (and yes, it _is_ a turd) breaks. Every single time.
> >
> > So in the long term, instead of polishing this turd, let's get rid of
> > it.
>
> I'm getting reports of this bug as well; is anyone working on removing
> the bridge fake dst?
I don't see how we can ever remove it (unless we remove the
call-iptables feature of course).
Powered by blists - more mailing lists