netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* kernel panic in icmp_error
@ 2012-10-03 22:22 Miguel Alejandro González
  2012-10-04  8:55 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Miguel Alejandro González @ 2012-10-03 22:22 UTC (permalink / raw)
  To: netfilter-devel

Hello

I'm making a Netfilter module that depends on conntrack, it has come
to my attention that a kernel panic occurs when a ICMP error packet
embedded inside another ICMP error packet in the function icmp_error()
in /ipv4/netfilter/nf_conntrack_proto_icmp.c

Is the function not prepared to receive this kind of packets or is
this a bug? Will a kernel panic also happen in icmpv6_error() in
ipv6/netfilter/nf_conntrack_proto_icmpv6.c??

Regards!

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: kernel panic in icmp_error
  2012-10-03 22:22 kernel panic in icmp_error Miguel Alejandro González
@ 2012-10-04  8:55 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2012-10-04  8:55 UTC (permalink / raw)
  To: Miguel Alejandro González; +Cc: netfilter-devel

On Wed, Oct 03, 2012 at 05:22:53PM -0500, Miguel Alejandro González wrote:
> Hello
> 
> I'm making a Netfilter module that depends on conntrack, it has come
> to my attention that a kernel panic occurs when a ICMP error packet
> embedded inside another ICMP error packet in the function icmp_error()
> in /ipv4/netfilter/nf_conntrack_proto_icmp.c

Can it be due to malformed packet? Do you have this patch in your kernel?

commit 07153c6ec074257ade76a461429b567cff2b3a1e
Author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date:   Tue Apr 3 22:02:01 2012 +0200

    netfilter: nf_ct_ipv4: packets with wrong ihl are invalid

> Is the function not prepared to receive this kind of packets or is
> this a bug? Will a kernel panic also happen in icmpv6_error() in
> ipv6/netfilter/nf_conntrack_proto_icmpv6.c??

I need more information, please post the kernel backtrace.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-10-04  8:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-03 22:22 kernel panic in icmp_error Miguel Alejandro González
2012-10-04  8:55 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).