Re: re L4 conntracking netns conversion

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gao feng <gaofeng@cn.fujitsu.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	netdev <netdev@vger.kernel.org>,
	netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: re L4 conntracking netns conversion
Date: Fri, 08 Mar 2013 09:56:29 +0800	[thread overview]
Message-ID: <5139454D.70706@cn.fujitsu.com> (raw)
In-Reply-To: <87sj46ptgc.fsf@xmission.com>

On 2013/03/08 09:32, Eric W. Biederman wrote:
> Gao feng <gaofeng@cn.fujitsu.com> writes:
> 
>> On 2013/03/07 19:50, Alexey Dobriyan wrote:
>>> Lots of netns changes!
>>>
>>> I can't verify right now, but unless I'm not mistaken,
>>> every L4 protocol conversion is buggy/oopsable/remotely ddosable
>>> because per-netns stuff is initialized after protocol is hooked into
>>> master dispatcher.
>>>
>>
>> Doesn't we do register_pernet_subsys before we register hooks and l4proto?
>> Sorry I don't quite understand what you mean. :(
> 
>>> See c296bb4d5d417d466c9bcc8afef68a3db5449a64.
> 
> The registration in the referenced commit has register_pernet_subsys
> happening after nf_ct_l4_proto_register.  The unregistration is also
> happening in that order so something seems fishy.  If there is
> an ordering dependency between the two unregistration should happen
> in the opposite order of registration.
> 

Yes, we have the incorrect order when registering l4proto_sctp/gre/dccp/udplite.

> However, I don't know the code well enough to know if it is a problem or
> not.
> 

Had better to fix this problem, Since the l4proto may access the memory before
register_pernet_subsys allocates it.

Thanks

     prev parent reply	other threads:[~2013-03-08  1:56 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-07 11:50 re L4 conntracking netns conversion Alexey Dobriyan
2013-03-08  1:01 ` Gao feng
2013-03-08  1:32   ` Eric W. Biederman
2013-03-08  1:56     ` Gao feng [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5139454D.70706@cn.fujitsu.com \
    --to=gaofeng@cn.fujitsu.com \
    --cc=adobriyan@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.