[PATCH] tproxy: nf_tproxy_assign_sock() can handle tw sockets
in [Kernel]
|
Prev: 2.6.35-rc4 / X201 issues
Next: Bluetooth: hidp: Add support for hidraw HIDIOCGFEATURE and HIDIOCSFEATURE
From: Eric Dumazet on 9 Jul 2010 13:20 Le vendredi 09 juillet 2010 à 12:03 -0300, Felipe W Damasio a écrit : > Hi, > > 2010/7/8 Eric Dumazet <eric.dumazet(a)gmail.com>: > > Please try to reproduce a new report. > > > > It looks like a memory corruption, and it would be good to see if a > > common pattern is occurring. > > I'm trying..the thing is the freeze occured on the machine that sits > on a 200Mbps ISP in bridge-mode. Since the machine frooze, and the > whole ISP went down for a few minutes, I'm not allowed to run any > tests on it. > > I've setup the same scenario on a lab, but since last night been > unable to reproduce the bug. Maybe there's a clue on the this crash > below that can help me write some program to trigger the problem? > Reviewing tproxy stuff I spotted a problem in nf_tproxy_assign_sock() but I could not see how it could explain your crash. We can read uninitialized memory and trigger a fault in nf_tproxy_assign_sock(), not later in tcp_recvmsg()... David, Patrick, what do you think ? Thanks [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw sockets transparent field of a socket is either inet_twsk(sk)->tw_transparent for timewait sockets, or inet_sk(sk)->transparent for other sockets (TCP/UDP). Signed-off-by: Eric Dumazet <eric.dumazet(a)gmail.com> --- diff --git a/net/netfilter/nf_tproxy_core.c b/net/netfilter/nf_tproxy_core.c index 5490fc3..daab8c4 100644 --- a/net/netfilter/nf_tproxy_core.c +++ b/net/netfilter/nf_tproxy_core.c @@ -70,7 +70,11 @@ nf_tproxy_destructor(struct sk_buff *skb) int nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk) { - if (inet_sk(sk)->transparent) { + bool transparent = (sk->sk_state == TCP_TIME_WAIT) ? + inet_twsk(sk)->tw_transparent : + inet_sk(sk)->transparent; + + if (transparent) { skb_orphan(skb); skb->sk = sk; skb->destructor = nf_tproxy_destructor; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |