Re: Unable to handle kernel NULL pointer dereference at virtual address 00000000 after conntrack -I

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira <pablo@eurodev.net>
To: Krzysztof Oledzki <olenf@ans.pl>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Unable to handle kernel NULL pointer dereference at virtual address 00000000 after conntrack -I
Date: Fri, 04 Nov 2005 19:12:48 +0100	[thread overview]
Message-ID: <436BA4A0.5040204@eurodev.net> (raw)
In-Reply-To: <Pine.LNX.4.63.0511032122210.17993@bizon.gios.gov.pl>

Krzysztof Oledzki wrote:
> On Thu, 3 Nov 2005, Pablo Neira wrote:
> 
>> Krzysztof Oledzki wrote:
>>
>>> # conntrack -I --orig-src 1.2.3.4 --orig-dst 1.2.3.5 --reply-src 2.3.4.5
>>> --reply-dst 2.3.4.5 -p tcp --orig-port-src 1 --orig-port-dst 2
>>> --reply-port-src 3 --reply-port-dst 4 -t 32323 -u ASSURED
>>
>>
>> --state option is missing: Unfortunately conntrack forgot to check it
>> that such parameter was missing and ctnetlink didn't do that check
>> either. That's why it resulted in an oops :(
>>
>> I've just applied a patch for conntrack, refresh your working copy. So
>> you won't be able to reproduce that oops anymore.
>>
>> Anyway I'll send a patch for ctnetlink, that checking must be done in
>> kernel space as well.
> 
> Thank you. When are you going to release the 1.0 version? How much time
> I have left for testing? ;)

Good question. I wanted to do it before 2.6.14, but it seems that time
run up. So my proposed alternative is doing it as soon as there are no
known bugs in ctnetlink, I don't want people complaining about crashing
kernels because of this stuff *sigh*. And of course, once there are no
complains about conntrack/libnetfilter_conntrack for some days at the
same time.

-- 
Pablo

next prev parent reply	other threads:[~2005-11-04 18:12 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-03 13:14 Unable to handle kernel NULL pointer dereference at virtual address 00000000 after conntrack -I Krzysztof Oledzki
2005-11-03 19:55 ` Pablo Neira
2005-11-03 20:23   ` Krzysztof Oledzki
2005-11-04 18:12     ` Pablo Neira [this message]
2005-11-06  0:05   ` Krzysztof Oledzki
2005-11-06  2:30     ` Krzysztof Oledzki
2005-11-06  2:57       ` Pablo Neira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=436BA4A0.5040204@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=olenf@ans.pl \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.