From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Menyhart Zoltan <Zoltan.Menyhart@Bull.net>
Cc: Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>,
netfilter-core@lists.netfilter.org
Subject: Re: [netfilter-core] Cannot unload nf_conntrack
Date: Mon, 30 May 2011 18:43:17 +0200 [thread overview]
Message-ID: <4DE3C925.2070400@netfilter.org> (raw)
In-Reply-To: <4DE3B148.9020209@Bull.net>
On 30/05/11 17:01, Menyhart Zoltan wrote:
> Pablo Neira Ayuso wrote:
>
>> Please, would you give a try to this patch?
>>
>> Thanks!
>
> Have you got a patch for the 2.6.32, please, because this section does
> not apply:
>
> diff --git a/net/netfilter/nf_conntrack_core.c
> b/net/netfilter/nf_conntrack_core.c
> index 2e1c11f..9421fe4 100644
> --- a/net/netfilter/nf_conntrack_core.c
> +++ b/net/netfilter/nf_conntrack_core.c
> @@ -922,6 +922,9 @@ nf_conntrack_in(struct net *net, u_int8_t pf,
> unsigned int hooknum,
> ret = -ret;
> goto out;
> }
> + /* ICMP[v6] protocol trackers may assign one conntrack. */
> + if (skb->nfct)
> + goto out;
> }
>
> ct = resolve_normal_ct(net, tmpl, skb, dataoff, pf, protonum,
>
> Thanks,
Sorry, no patch for 2.6.32. But I appreciate if you can add that chuck
by yourself, it's quite easy:
785 if (l4proto->error != NULL) {
786 ret = l4proto->error(net, skb, dataoff, &ctinfo, pf,
hooknum);
787 if (ret <= 0) {
788 NF_CT_STAT_INC_ATOMIC(net, error);
789 NF_CT_STAT_INC_ATOMIC(net, invalid);
790 return -ret;
791 }
add it here.
792 }
And test it, of course.
next prev parent reply other threads:[~2011-05-30 16:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4DC0310F.3070004@bull.net>
[not found] ` <4DDF7152.3030405@netfilter.org>
2011-05-27 11:26 ` [netfilter-core] Cannot unload nf_conntrack Pablo Neira Ayuso
2011-05-30 15:01 ` Menyhart Zoltan
2011-05-30 16:43 ` Pablo Neira Ayuso [this message]
2011-05-31 7:27 ` Menyhart Zoltan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DE3C925.2070400@netfilter.org \
--to=pablo@netfilter.org \
--cc=Zoltan.Menyhart@Bull.net \
--cc=netfilter-core@lists.netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.