On Wed, Oct 03, 2012 at 05:22:53PM -0500, Miguel Alejandro González wrote:
> Hello
>
> I'm making a Netfilter module that depends on conntrack, it has come
> to my attention that a kernel panic occurs when a ICMP error packet
> embedded inside another ICMP error packet in the function icmp_error()
> in /ipv4/netfilter/nf_conntrack_proto_icmp.c
Can it be due to malformed packet? Do you have this patch in your kernel?
commit 07153c6ec074257ade76a461429b567cff2b3a1e
Author: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Date: Tue Apr 3 22:02:01 2012 +0200
netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
> Is the function not prepared to receive this kind of packets or is
> this a bug? Will a kernel panic also happen in icmpv6_error() in
> ipv6/netfilter/nf_conntrack_proto_icmpv6.c??
I need more information, please post the kernel backtrace.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
