From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Peter Tirsek <peter@tirsek.com>
Cc: netfilter-devel@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Subject: Re: [PATCH] netfilter: xt_socket: Fix broken IPv6 handling
Date: Tue, 25 Apr 2017 11:08:03 +0200 [thread overview]
Message-ID: <20170425090803.GA2930@salvia> (raw)
In-Reply-To: <alpine.LNX.2.00.1704181234010.5224@wolfie.lan.tirsek.com>
On Tue, Apr 18, 2017 at 12:39:58PM -0500, Peter Tirsek wrote:
> Commit 834184b1f3a4 ("netfilter: defrag: only register defrag
> functionality if needed") used the outdated XT_SOCKET_HAVE_IPV6 macro
> which was removed earlier in commit 8db4c5be88f6 ("netfilter: move
> socket lookup infrastructure to nf_socket_ipv{4,6}.c"). With that macro
> never being defined, the xt_socket match emits an "Unknown family 10"
> warning when used with IPv6:
>
> WARNING: CPU: 0 PID: 1377 at net/netfilter/xt_socket.c:160 socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> Unknown family 10
> Modules linked in: xt_socket nf_socket_ipv4 nf_socket_ipv6 nf_defrag_ipv4 [...]
> CPU: 0 PID: 1377 Comm: ip6tables-resto Not tainted 4.10.10 #1
> Hardware name: [...]
> Call Trace:
> ? __warn+0xe7/0x100
> ? socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> ? socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> ? warn_slowpath_fmt+0x39/0x40
> ? socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> ? socket_mt_v2_check+0x12/0x40 [xt_socket]
> ? xt_check_match+0x6b/0x1a0 [x_tables]
> ? xt_find_match+0x93/0xd0 [x_tables]
> ? xt_request_find_match+0x20/0x80 [x_tables]
> ? translate_table+0x48e/0x870 [ip6_tables]
> ? translate_table+0x577/0x870 [ip6_tables]
> ? walk_component+0x3a/0x200
> ? kmalloc_order+0x1d/0x50
> ? do_ip6t_set_ctl+0x181/0x490 [ip6_tables]
> ? filename_lookup+0xa5/0x120
> ? nf_setsockopt+0x3a/0x60
> ? ipv6_setsockopt+0xb0/0xc0
> ? sock_common_setsockopt+0x23/0x30
> ? SyS_socketcall+0x41d/0x630
> ? vfs_read+0xfa/0x120
> ? do_fast_syscall_32+0x7a/0x110
> ? entry_SYSENTER_32+0x47/0x71
>
> This patch brings the conditional back in line with how the rest of the
> file handles IPv6.
Applied, thanks.
prev parent reply other threads:[~2017-04-25 9:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-18 17:39 [PATCH] netfilter: xt_socket: Fix broken IPv6 handling Peter Tirsek
2017-04-19 16:02 ` Florian Westphal
2017-04-25 9:08 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170425090803.GA2930@salvia \
--to=pablo@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=peter@tirsek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.