Re: Yet another bridge netfilter crash

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Stephen Hemminger <shemminger@vyatta.com>, netdev@vger.kernel.org
Subject: Re: Yet another bridge netfilter crash
Date: Fri, 23 Jul 2010 17:17:42 +0200	[thread overview]
Message-ID: <4C49B296.10009@trash.net> (raw)
In-Reply-To: <20100723150041.GA7301@gondor.apana.org.au>

On 23.07.2010 17:00, Herbert Xu wrote:
> On Fri, Jul 23, 2010 at 04:18:46PM +0200, Patrick McHardy wrote:
>>
>> I think we've already fixed this by commit 8fa9ff6:
>>
> 
>> commit 8fa9ff6849bb86c59cc2ea9faadf3cb2d5223497
>> Author: Patrick McHardy <kaber@trash.net>
>> Date:   Tue Dec 15 16:59:59 2009 +0100
>>
>>     netfilter: fix crashes in bridge netfilter caused by fragment jumps
> 
> Thanks for the pointer Patrick.
> 
> Your memory is much better than mine, as I was in that thread too :)
> 
> BTW, do you have any plans on addressing the deeper issue of
> separating the connection tracking as well?

No concrete plans yet, but its something I'm definitely planning
to try at some point.

> There's also the matter of fragments jumping between bridges.

Conntrack zones can be used to avoid that, but that currently needs
manual configuration.

next prev parent reply	other threads:[~2010-07-23 15:17 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-23 13:42 Yet another bridge netfilter crash Herbert Xu
2010-07-23 14:18 ` Patrick McHardy
2010-07-23 15:00   ` Herbert Xu
2010-07-23 15:17     ` Patrick McHardy [this message]
2010-07-23 15:26       ` Herbert Xu
2010-08-04 16:30         ` Patrick McHardy
2010-08-04 16:41           ` Herbert Xu
2010-08-04 16:50             ` Patrick McHardy
2010-08-09 21:42               ` Herbert Xu
2010-08-09 22:39                 ` Changli Gao
2010-08-10 15:19                   ` Herbert Xu
2010-08-04 23:00           ` Changli Gao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C49B296.10009@trash.net \
    --to=kaber@trash.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=netdev@vger.kernel.org \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.