Hello,
Today I have been plaing with the conntrackd utility and noticed it is
very easy to trigger a kernel oops just by:
conntrackd -d
conntrackd -n
conntrackd -c
conntrackd -c
The oops is here: http://bugzilla.kernel.org/attachment.cgi?id=16414
I was trying to fix it with:
--- nf_nat_core.c 2008-06-06 19:55:25.000000000 +0200
+++ nf_nat_core.c 2008-05-07 01:22:34.000000000 +0200
@@ -153,7 +153,7 @@
read_lock_bh(&nf_nat_lock);
hlist_for_each_entry(nat, n, &bysource[h], bysource) {
ct = nat->ct;
- if (ct && same_src(ct, tuple)) {
+ if (same_src(ct, tuple)) {
/* Copy source part from reply tuple. */
nf_ct_invert_tuplepr(result,
&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
However and I'm not able to find how nat->ct may become NULL in here and
unfortutunatelly this patch does not help too much as with above fix I get
a different Oops: http://bugzilla.kernel.org/attachment.cgi?id=16415
(gdb) l *nf_nat_setup_info+0x223
0x783e30de is in nf_nat_setup_info (net/ipv4/netfilter/nf_nat_core.c:154).
149 struct nf_conn_nat *nat;
150 struct nf_conn *ct;
151 struct hlist_node *n;
152
153 read_lock_bh(&nf_nat_lock);
154 hlist_for_each_entry(nat, n, &bysource[h], bysource) { <- here
155 ct = nat->ct;
156 if (ct && same_src(ct, tuple)) {
157 /* Copy source part from reply tuple. */
158 nf_ct_invert_tuplepr(result,
All accesses to bysource seem to be protected by the lock_bh so I have no
concept where to dig next. :( Any idea?
Best regards,
Krzysztof Olędzki
