From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Peter Tirsek <peter@tirsek.com>
Cc: netfilter-devel@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Subject: Re: [PATCH] netfilter: xt_socket: Fix broken IPv6 handling
Date: Tue, 25 Apr 2017 11:08:03 +0200 [thread overview]
Message-ID: <20170425090803.GA2930@salvia> (raw)
In-Reply-To: <alpine.LNX.2.00.1704181234010.5224@wolfie.lan.tirsek.com>
On Tue, Apr 18, 2017 at 12:39:58PM -0500, Peter Tirsek wrote:
> Commit 834184b1f3a4 ("netfilter: defrag: only register defrag
> functionality if needed") used the outdated XT_SOCKET_HAVE_IPV6 macro
> which was removed earlier in commit 8db4c5be88f6 ("netfilter: move
> socket lookup infrastructure to nf_socket_ipv{4,6}.c"). With that macro
> never being defined, the xt_socket match emits an "Unknown family 10"
> warning when used with IPv6:
>
> WARNING: CPU: 0 PID: 1377 at net/netfilter/xt_socket.c:160 socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> Unknown family 10
> Modules linked in: xt_socket nf_socket_ipv4 nf_socket_ipv6 nf_defrag_ipv4 [...]
> CPU: 0 PID: 1377 Comm: ip6tables-resto Not tainted 4.10.10 #1
> Hardware name: [...]
> Call Trace:
> ? __warn+0xe7/0x100
> ? socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> ? socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> ? warn_slowpath_fmt+0x39/0x40
> ? socket_mt_enable_defrag+0x47/0x50 [xt_socket]
> ? socket_mt_v2_check+0x12/0x40 [xt_socket]
> ? xt_check_match+0x6b/0x1a0 [x_tables]
> ? xt_find_match+0x93/0xd0 [x_tables]
> ? xt_request_find_match+0x20/0x80 [x_tables]
> ? translate_table+0x48e/0x870 [ip6_tables]
> ? translate_table+0x577/0x870 [ip6_tables]
> ? walk_component+0x3a/0x200
> ? kmalloc_order+0x1d/0x50
> ? do_ip6t_set_ctl+0x181/0x490 [ip6_tables]
> ? filename_lookup+0xa5/0x120
> ? nf_setsockopt+0x3a/0x60
> ? ipv6_setsockopt+0xb0/0xc0
> ? sock_common_setsockopt+0x23/0x30
> ? SyS_socketcall+0x41d/0x630
> ? vfs_read+0xfa/0x120
> ? do_fast_syscall_32+0x7a/0x110
> ? entry_SYSENTER_32+0x47/0x71
>
> This patch brings the conditional back in line with how the rest of the
> file handles IPv6.
Applied, thanks.
prev parent reply other threads:[~2017-04-25 9:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-18 17:39 [PATCH] netfilter: xt_socket: Fix broken IPv6 handling Peter Tirsek
2017-04-19 16:02 ` Florian Westphal
2017-04-25 9:08 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170425090803.GA2930@salvia \
--to=pablo@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=peter@tirsek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).