[PATCH] ipchains bugs in 2.2/2.4/2.5 related to netlink calls

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Alexander Atanasov <alex@ssi.bg>
To: rusty@rustcorp.com.au, kuznet@ms2.inr.ac.ru
Cc: netfilter@lists.samba.org, netdev@oss.sgi.com
Subject: [PATCH] ipchains bugs in 2.2/2.4/2.5 related to netlink calls
Date: Fri, 24 May 2002 20:43:41 +0300 (EEST)	[thread overview]
Message-ID: <aeakoo$nph$2@main.gmane.org> (raw)

[-- Attachment #1: Type: TEXT/PLAIN, Size: 411 bytes --]

	Hi there!

oom-loop fixes error handling after a netlink failure - it does not do a
cleanup and it makes every next call to ip_fw_check to detect a
loop and drop the packet.

nlma fixes a call to netlink_broadcast with GFP_KERNEL ( passed to
skb_clone ) while we are in_interrupt() ( catched by a BUG() in
slab.c:1109 ).


2.4 patches apply to 2.5 too , tested on 2.5.15.

-- 
Best Regards,
Alexander Atanasov

[-- Attachment #2: Type: TEXT/PLAIN, Size: 315 bytes --]

--- net/ipv4/netfilter/ipchains_core.c.orig	Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c	Fri May 24 19:31:24 2002
@@ -723,6 +723,7 @@
 						      src_port, dst_port,
 						      count, tcpsyn)) {
 					ret = FW_BLOCK;
+					cleanup(chain, 0, slot);
 					goto out;
 				}
 				break;

[-- Attachment #3: Type: TEXT/PLAIN, Size: 448 bytes --]

--- net/ipv4/netfilter/ipchains_core.c.orig	Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c	Fri May 24 19:27:34 2002
@@ -549,7 +549,7 @@
 			strcpy(outskb->data+sizeof(__u32)*2, rif);
 			memcpy(outskb->data+sizeof(__u32)*2+IFNAMSIZ, ip,
 			       len-(sizeof(__u32)*2+IFNAMSIZ));
-			netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_KERNEL);
+			netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_ATOMIC);
 		}
 		else {
 #endif

[-- Attachment #4: Type: TEXT/PLAIN, Size: 279 bytes --]

--- net/ipv4/ip_fw.c.orig	Fri May 24 19:33:52 2002
+++ net/ipv4/ip_fw.c	Fri May 24 19:34:18 2002
@@ -747,6 +747,7 @@
 						      src_port, dst_port,
 						      count, tcpsyn)) {
 					ret = FW_BLOCK;
+					cleanup(chain, 0, slot);
 					goto out;
 				}
 				break;

                 reply	other threads:[~2002-05-24 17:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='aeakoo$nph$2@main.gmane.org' \
    --to=alex@ssi.bg \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=netdev@oss.sgi.com \
    --cc=netfilter@lists.samba.org \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox