On 2013/03/08 09:32, Eric W. Biederman wrote: > Gao feng <gaofeng@xxxxxxxxxxxxxx> writes: > >> On 2013/03/07 19:50, Alexey Dobriyan wrote: >>> Lots of netns changes! >>> >>> I can't verify right now, but unless I'm not mistaken, >>> every L4 protocol conversion is buggy/oopsable/remotely ddosable >>> because per-netns stuff is initialized after protocol is hooked into >>> master dispatcher. >>> >> >> Doesn't we do register_pernet_subsys before we register hooks and l4proto? >> Sorry I don't quite understand what you mean. :( > >>> See c296bb4d5d417d466c9bcc8afef68a3db5449a64. > > The registration in the referenced commit has register_pernet_subsys > happening after nf_ct_l4_proto_register. The unregistration is also > happening in that order so something seems fishy. If there is > an ordering dependency between the two unregistration should happen > in the opposite order of registration. > Yes, we have the incorrect order when registering l4proto_sctp/gre/dccp/udplite. > However, I don't know the code well enough to know if it is a problem or > not. > Had better to fix this problem, Since the l4proto may access the memory before register_pernet_subsys allocates it. Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
