From: Patrick McHardy <kaber@trash.net>
To: jlt_lk@shamrock.dyndns.org
Cc: linux-kernel@vger.kernel.org, linux-net@vger.kernel.org,
netfilter@lists.netfilter.org
Subject: Re: 2.6.17rc1 PANIC related to IP masquerading
Date: Wed, 12 Apr 2006 17:41:44 +0200 [thread overview]
Message-ID: <443D1FB8.6020504@trash.net> (raw)
In-Reply-To: <20060412152703.GD3405@ranger.ah.taprogge.wh>
[-- Attachment #1: Type: text/plain, Size: 336 bytes --]
jlt_lk@shamrock.dyndns.org wrote:
> Kernel 2.6.17-rc1 panics as soon as IP packets are forwarded using the
> below config. ICMP packets seem to be forwarded fine.
>
> A photograph of the panic can be found at:
> http://shamrock.dyndns.org/~ln/kernel/2.6.17rc1_panic.jpg .
This is already fixed in Linus' current tree by this patch.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1138 bytes --]
commit 8bf4b8a1083694d5aac292f92705ddd3aec29be6
tree a8bbf0bb32b7e286659eae12326c54671430560f
parent 67644726317a8274be4a3d0ef85b9ccebaa90304
author Herbert Xu <herbert@gondor.apana.org.au> Wed, 05 Apr 2006 02:51:05 -0700
committer David S. Miller <davem@sunset.davemloft.net> Mon, 10 Apr 2006 12:25:22 -0700
[IPSEC]: Check x->encap before dereferencing it
We need to dereference x->encap before dereferencing it for encap_type.
If it's absent then the encap_type is zero.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/xfrm4_input.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index e1b8f4b..7a0b952 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -90,7 +90,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb,
if (unlikely(x->km.state != XFRM_STATE_VALID))
goto drop_unlock;
- if (x->encap->encap_type != encap_type)
+ if ((x->encap ? x->encap->encap_type : 0) != encap_type)
goto drop_unlock;
if (x->props.replay_window && xfrm_replay_check(x, seq))
prev parent reply other threads:[~2006-04-12 15:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-12 15:27 2.6.17rc1 PANIC related to IP masquerading jlt_lk
2006-04-12 15:41 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=443D1FB8.6020504@trash.net \
--to=kaber@trash.net \
--cc=jlt_lk@shamrock.dyndns.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.