From: Patrick McHardy <kaber@trash.net>
To: Harald Welte <laforge@gnumonks.org>
Cc: Costa Tsaousis <costa@tsaousis.gr>, netfilter-devel@lists.netfilter.org
Subject: Re: Corruption on mangle/INPUT when MARKing packets
Date: Mon, 06 Jan 2003 17:26:55 +0100 [thread overview]
Message-ID: <3E19AE4F.5020908@trash.net> (raw)
In-Reply-To: <20030106125230.GE9467@sunbeam.de.gnumonks.org>
Harald Welte wrote:
>On Sat, Jan 04, 2003 at 03:47:21AM +0200, Costa Tsaousis wrote:
>
>
>
>>During a few experiments I made I believe I have found a bug in
>>iptables.
>>
>>To reproduce the bug, type:
>>
>># /etc/init.d/iptables stop
>># iptables -t mangle -A INPUT -p icmp -j MARK --set-mark 1
>>
>>Now, this host will be unpingable.
>>
>>
>
>
>This is really strange. I can perfectly reproduce the bug, but I cannot
>see how this happens. the whole net/ipv4/icmp.c code doesn't do
>anything with the nfmark of the original skb.
>
>I'll have to investigate this further. Stay tuned.
>
>Thanks for reporting the bug...
>
I think the problem lies within ip_route_me_harder. It is called on
mangled packets in the INPUT chain
and changes skb->dst with new route after setting key.src = 0 if it's
not a local address.
icmp_reply uses skb->dst to determine destination address: daddr =
ipc.addr = rt->rt_src;
These log messages show i'm probably right:
PREROUTING IN=eth0 OUT= MAC=00:e0:7d:74:ab:cd:00:e0:7d:74:ab:cc:08:00
SRC=192.168.0.1 DST=192.168.0.23 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=ICMP TYPE=8 CODE=0 ID=39444 SEQ=0
INPUT IN=eth0 OUT= MAC=00:e0:7d:74:ab:cd:00:e0:7d:74:ab:cc:08:00
SRC=192.168.0.1 DST=192.168.0.23 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=ICMP TYPE=8 CODE=0 ID=39444 SEQ=0
OUTPUT IN= OUT=lo SRC=192.168.0.23 DST=192.168.0.23 LEN=84 TOS=0x00
PREC=0x00 TTL=64 ID=17880 PROTO=ICMP TYPE=0 CODE=0 ID=39444 SEQ=0
^^^^ note SRC and DST are both the local ip
POSTROUTING IN= OUT=lo SRC=192.168.0.23 DST=192.168.0.23 LEN=84 TOS=0x00
PREC=0x00 TTL=64 ID=17880 PROTO=ICMP TYPE=0 CODE=0 ID=39444 SEQ=0
PREROUTING IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00
SRC=192.168.0.23 DST=192.168.0.23 LEN=84 TOS=0x00 PREC=0x00 TTL=64
ID=17880 PROTO=ICMP TYPE=0 CODE=0 ID=39444 SEQ=0
INPUT IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00
SRC=192.168.0.23 DST=192.168.0.23 LEN=84 TOS=0x00 PREC=0x00 TTL=64
ID=17880 PROTO=ICMP TYPE=0 CODE=0 ID=39444 SEQ=0
Regards,
Patrick
next prev parent reply other threads:[~2003-01-06 16:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-04 1:47 Corruption on mangle/INPUT when MARKing packets Costa Tsaousis
2003-01-06 12:52 ` Harald Welte
2003-01-06 13:13 ` Costa Tsaousis
2003-01-06 16:26 ` Patrick McHardy [this message]
2003-01-08 17:07 ` Harald Welte
2003-01-08 18:23 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E19AE4F.5020908@trash.net \
--to=kaber@trash.net \
--cc=costa@tsaousis.gr \
--cc=laforge@gnumonks.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.