Am 14.02.2011 12:44, schrieb Florian Westphal:
> Assigning a socket in timewait state to skb->sk can trigger
> kernel oops, e.g. in nfnetlink_log, which does:
>
> if (skb->sk) {
> read_lock_bh(&skb->sk->sk_callback_lock);
> if (skb->sk->sk_socket && skb->sk->sk_socket->file) ...
>
> in the timewait case, accessing sk->sk_callback_lock and sk->sk_socket
> is invalid.
>
> Either all of these spots will need to add a test for sk->sk_state != TCP_TIME_WAIT,
> or xt_TPROXY must not assign a timewait socket to skb->sk.
>
> This does the latter.
>
> If a TW socket is found, assign the tproxy nfmark, but skip the skb->sk assignment,
> thus mimicking behaviour of a '-m socket .. -j MARK/ACCEPT' re-routing rule.
>
> The 'SYN to TW socket' case is left unchanged -- we try to redirect to the
> listener socket.
>
> Cc: Balazs Scheidler <bazsi@xxxxxxxxxx>
> Cc: KOVACS Krisztian <hidden@xxxxxxxxxx>
> Signed-off-by: Florian Westphal <fwestphal@xxxxxxxxxx>
Looks fine to me. Balazs. Krisztian, any objections?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
