From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: netdev@oss.sgi.com,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
david@davidcoulson.net
Subject: Re: skb_checksum_help
Date: Mon, 24 Jan 2005 05:46:39 +0100 [thread overview]
Message-ID: <41F47DAF.5050806@trash.net> (raw)
In-Reply-To: <20050123202715.281ac87c.davem@davemloft.net>
David S. Miller wrote:
>Yes. This backtrace is very strange. Let me take this
>chance to get on my podium and re-express my distaste
>for x86's inaccurate backtraces. They make debugging so
>difficult. It's time for some dwarf2 unwind table support
>the kernel x86 backtracer and a way to enable it during the
>build.
>
>My current guess is that this is some successful exploit
>of some as-yet-unknown issue in netfilter's fragmentation
>handling. But that's just a guess. If some code underruns
>skb->data somehow while unfragging/refragging, that's a sure
>fire way to corrupt things such as the skb->ip_summed field.
>
That's what I suspect too. There is still the possibility of skbs
"jumping" through the stack between ip_defrag callers, the same
problem that caused the crashes on conntrack module unload fixed
by Olaf Kirch some time ago. This could theoretically cause skbs
from PRE_ROUTING to show up in POST_ROUTING and continue from
there on if NAT is used. Perhaps we should add a "user"-argument
to ip_defrag and keep fragment queues private to a single user.
Regards
Patrick
next prev parent reply other threads:[~2005-01-24 4:46 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <41F432BD.3000300@davidcoulson.net>
2005-01-24 0:32 ` skb_checksum_help Thomas Graf
2005-01-24 0:49 ` skb_checksum_help Patrick McHardy
2005-01-24 0:53 ` skb_checksum_help Thomas Graf
2005-01-24 1:31 ` skb_checksum_help Herbert Xu
2005-01-24 4:27 ` skb_checksum_help David S. Miller
2005-01-24 4:38 ` skb_checksum_help David S. Miller
2005-01-24 4:46 ` Patrick McHardy [this message]
2005-01-24 4:56 ` skb_checksum_help Herbert Xu
2005-01-24 5:07 ` skb_checksum_help Patrick McHardy
2005-01-24 12:22 ` skb_checksum_help Thomas Graf
2005-01-24 13:09 ` skb_checksum_help Patrick McHardy
2005-01-24 14:49 ` skb_checksum_help David Coulson
2005-01-24 12:16 ` skb_checksum_help Thomas Graf
2005-01-24 14:51 ` skb_checksum_help David Coulson
2005-01-24 15:15 ` skb_checksum_help Thomas Graf
2005-01-24 15:27 ` skb_checksum_help David Coulson
2005-01-24 22:54 ` skb_checksum_help Herbert Xu
2005-01-24 23:45 ` skb_checksum_help Thomas Graf
2005-01-25 0:07 ` skb_checksum_help Herbert Xu
2005-01-25 0:40 ` skb_checksum_help David S. Miller
2005-01-25 1:45 ` skb_checksum_help Thomas Graf
2005-01-25 1:48 ` skb_checksum_help Herbert Xu
2005-01-25 1:59 ` skb_checksum_help David Coulson
2005-01-25 2:07 ` skb_checksum_help Herbert Xu
2005-01-25 2:01 ` skb_checksum_help Thomas Graf
2005-01-25 2:03 ` skb_checksum_help David S. Miller
2005-01-25 2:24 ` skb_checksum_help Thomas Graf
2005-01-25 3:43 ` skb_checksum_help David S. Miller
2005-01-25 12:05 ` skb_checksum_help David Coulson
2005-01-25 14:33 ` skb_checksum_help Thomas Graf
2005-01-25 20:36 ` skb_checksum_help Thomas Graf
2005-01-25 20:48 ` skb_checksum_help Ben Greear
2005-01-25 21:15 ` skb_checksum_help Thomas Graf
2005-01-25 22:14 ` skb_checksum_help Ben Greear
2005-01-25 23:31 ` skb_checksum_help David S. Miller
2005-01-25 23:30 ` skb_checksum_help David S. Miller
2005-01-25 20:50 ` skb_checksum_help David S. Miller
2005-01-25 2:02 ` skb_checksum_help David S. Miller
2005-01-25 2:14 ` skb_checksum_help Herbert Xu
2005-01-25 11:23 ` skb_checksum_help Herbert Xu
2005-01-25 20:46 ` skb_checksum_help David S. Miller
2005-01-25 2:15 ` skb_checksum_help Patrick McHardy
2005-01-25 14:16 ` skb_checksum_help David Coulson
2005-01-24 1:31 ` skb_checksum_help David Coulson
2005-01-24 12:31 ` skb_checksum_help Thomas Graf
2005-01-24 14:25 ` skb_checksum_help David Coulson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41F47DAF.5050806@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=david@davidcoulson.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@oss.sgi.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.