It's possible that the sk came from early_demux. This will blow up every
time in the TCP_TIME_WAIT case in ip_local_out. No similar crashes exist
for masquerade or gateway because they do not use ip_local_out{,6}.
Signed-off-by: Alex Gartrell <agartrell@xxxxxx>
---
net/netfilter/ipvs/ip_vs_xmit.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index bf66a86..1db0ca7 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -521,6 +521,13 @@ static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb,
if (unlikely(cp->flags & IP_VS_CONN_F_NFCT))
ret = ip_vs_confirm_conntrack(skb);
if (ret == NF_ACCEPT) {
+ /* In this case, skb is associated with an old, receiving
+ * socket, which may be in TIME-WAIT and invalid for the
+ * forward path, so we orphan it.
+ */
+ if (skb->dev)
+ skb_orphan(skb);
+
nf_reset(skb);
skb_forward_csum(skb);
}
--
Alex Gartrell <agartrell@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
