From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: netdev@oss.sgi.com,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
david@davidcoulson.net
Subject: Re: skb_checksum_help
Date: Mon, 24 Jan 2005 05:46:39 +0100 [thread overview]
Message-ID: <41F47DAF.5050806@trash.net> (raw)
In-Reply-To: <20050123202715.281ac87c.davem@davemloft.net>
David S. Miller wrote:
>Yes. This backtrace is very strange. Let me take this
>chance to get on my podium and re-express my distaste
>for x86's inaccurate backtraces. They make debugging so
>difficult. It's time for some dwarf2 unwind table support
>the kernel x86 backtracer and a way to enable it during the
>build.
>
>My current guess is that this is some successful exploit
>of some as-yet-unknown issue in netfilter's fragmentation
>handling. But that's just a guess. If some code underruns
>skb->data somehow while unfragging/refragging, that's a sure
>fire way to corrupt things such as the skb->ip_summed field.
>
That's what I suspect too. There is still the possibility of skbs
"jumping" through the stack between ip_defrag callers, the same
problem that caused the crashes on conntrack module unload fixed
by Olaf Kirch some time ago. This could theoretically cause skbs
from PRE_ROUTING to show up in POST_ROUTING and continue from
there on if NAT is used. Perhaps we should add a "user"-argument
to ip_defrag and keep fragment queues private to a single user.
Regards
Patrick
next prev parent reply other threads:[~2005-01-24 4:46 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <41F432BD.3000300@davidcoulson.net>
2005-01-24 0:32 ` skb_checksum_help Thomas Graf
2005-01-24 0:49 ` skb_checksum_help Patrick McHardy
2005-01-24 0:53 ` skb_checksum_help Thomas Graf
2005-01-24 1:31 ` skb_checksum_help Herbert Xu
2005-01-24 4:27 ` skb_checksum_help David S. Miller
2005-01-24 4:38 ` skb_checksum_help David S. Miller
2005-01-24 4:46 ` Patrick McHardy [this message]
2005-01-24 4:56 ` skb_checksum_help Herbert Xu
2005-01-24 5:07 ` skb_checksum_help Patrick McHardy
2005-01-24 12:22 ` skb_checksum_help Thomas Graf
2005-01-24 13:09 ` skb_checksum_help Patrick McHardy
2005-01-24 14:49 ` skb_checksum_help David Coulson
2005-01-24 12:16 ` skb_checksum_help Thomas Graf
2005-01-24 14:51 ` skb_checksum_help David Coulson
2005-01-24 15:15 ` skb_checksum_help Thomas Graf
2005-01-24 15:27 ` skb_checksum_help David Coulson
2005-01-24 22:54 ` skb_checksum_help Herbert Xu
2005-01-24 23:45 ` skb_checksum_help Thomas Graf
2005-01-25 0:07 ` skb_checksum_help Herbert Xu
2005-01-25 0:40 ` skb_checksum_help David S. Miller
2005-01-25 1:45 ` skb_checksum_help Thomas Graf
2005-01-25 1:48 ` skb_checksum_help Herbert Xu
2005-01-25 1:59 ` skb_checksum_help David Coulson
2005-01-25 2:07 ` skb_checksum_help Herbert Xu
2005-01-25 2:01 ` skb_checksum_help Thomas Graf
2005-01-25 2:03 ` skb_checksum_help David S. Miller
2005-01-25 2:24 ` skb_checksum_help Thomas Graf
2005-01-25 3:43 ` skb_checksum_help David S. Miller
2005-01-25 12:05 ` skb_checksum_help David Coulson
2005-01-25 14:33 ` skb_checksum_help Thomas Graf
2005-01-25 20:36 ` skb_checksum_help Thomas Graf
2005-01-25 20:48 ` skb_checksum_help Ben Greear
2005-01-25 21:15 ` skb_checksum_help Thomas Graf
2005-01-25 22:14 ` skb_checksum_help Ben Greear
2005-01-25 23:31 ` skb_checksum_help David S. Miller
2005-01-25 23:30 ` skb_checksum_help David S. Miller
2005-01-25 20:50 ` skb_checksum_help David S. Miller
2005-01-25 2:02 ` skb_checksum_help David S. Miller
2005-01-25 2:14 ` skb_checksum_help Herbert Xu
2005-01-25 11:23 ` skb_checksum_help Herbert Xu
2005-01-25 20:46 ` skb_checksum_help David S. Miller
2005-01-25 2:15 ` skb_checksum_help Patrick McHardy
2005-01-25 14:16 ` skb_checksum_help David Coulson
2005-01-24 1:31 ` skb_checksum_help David Coulson
2005-01-24 12:31 ` skb_checksum_help Thomas Graf
2005-01-24 14:25 ` skb_checksum_help David Coulson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41F47DAF.5050806@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=david@davidcoulson.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@oss.sgi.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).