Hello!
> ipmr_get_route() is the trouble maker. If ipmr_cache_find() cannot
> find an entry, it tries to use the netlink SKB to send out an ipv4
> packet, completely mangling it, via ipmr_cache_unresolved().
It just adds dummy IP header to tail of this skb. Nothing illegal.
The skb is not sent o
From: Alexey Kuznetsov <[EMAIL PROTECTED]>
Date: Wed, 19 Apr 2006 03:52:22 +0400
> Actually, this weird case in inet_get_route() is the only place, where
> a dummy skb is used and it is needed mostly to resolve multicast routes.
> In this case this fake skb really passes through all the engine, ev
Hello!
> There is also the ARP code which passes an ARP packet through that
> would get dereferenced as an IP packet. Granted this shouldn't crash
> because nh is set properly.
And point to something which is not an IP header. So, iph->protocol
is something funny. :-)
It is plain luck that this
Hello!
> There is also the ARP code which passes an ARP packet through that
> would get dereferenced as an IP packet. Granted this shouldn't crash
> because nh is set properly.
And points to something which is not an IP header. So, iph->protocol
is something funny. :-)
It is plain luck that thi
On Wed, Apr 19, 2006 at 03:52:22AM +0400, Alexey Kuznetsov wrote:
>
> Actually, this weird case in inet_get_route() is the only place, where
There is also the ARP code which passes an ARP packet through that
would get dereferenced as an IP packet. Granted this shouldn't crash
because nh is set p
Hello!
> Looking at this again, the root of this problem is the IGMPv3
> patch which started using the skb->nh.iph->protocol as a key.
No, root is that this fake skb was not properly initialized.
It should, it should be a good real IP skb.
> In fact I'm unsure as to whether all the other users
On Tue, Apr 18, 2006 at 02:54:16PM -0700, David S. Miller wrote:
>
> There are other areas of the packet which are interpreted in various
> ways. For example, the martian source handling will dump the MAC
> directly from skb->mac.raw into the kernel logs.
That's scary. I think this stuff needs
From: Herbert Xu <[EMAIL PROTECTED]>
Date: Tue, 18 Apr 2006 16:54:48 +1000
> Looking at this again, the root of this problem is the IGMPv3
> patch which started using the skb->nh.iph->protocol as a key.
>
> So what we really should do is make the protocol an explicit parameter
> to the ip_route_i
Stephen Hemminger <[EMAIL PROTECTED]> wrote:
>
> --- linux-2.6.16.6.orig/net/ipv4/route.c
> +++ linux-2.6.16.6/net/ipv4/route.c
> @@ -2750,7 +2750,10 @@ int inet_rtm_getroute(struct sk_buff *in
>/* Reserve room for dummy headers, this skb can pass
> through good chunk of routing
From: Herbert Xu <[EMAIL PROTECTED]>
Date: Tue, 18 Apr 2006 12:28:48 +1000
> Stephen Hemminger <[EMAIL PROTECTED]> wrote:
> > + /* Bugfix: need to give ip_route_input enough of an IP header to
> > not gag. */
> > + skb->nh.iph->protocol = IPPROTO_ICMP;
>
> Do we really need this? Aft
On Mon, Apr 17, 2006 at 07:49:31PM -0700, Stephen Hemminger wrote:
>
> Not really, just that ip_check_mc looks at the proto for !IGMP. And maybe
> some tool like coverity or sparse would be smart enough to look for
> uninitialized data usage.
That's a good point.
Thanks Stephen,
--
Visit Openswa
On Tue, 18 Apr 2006 12:28:48 +1000
Herbert Xu <[EMAIL PROTECTED]> wrote:
> Hi Stephen:
>
> Stephen Hemminger <[EMAIL PROTECTED]> wrote:
> > This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
> > The bug is caused by ip_route_input dereferencing skb->nh.protocol of
> > the dummy skb passed
Hi Stephen:
Stephen Hemminger <[EMAIL PROTECTED]> wrote:
> This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
> The bug is caused by ip_route_input dereferencing skb->nh.protocol of
> the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing
> it). It only happens if the ro
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
The bug is caused by ip_route_input dereferencing skb->nh.protocol of
the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing
it). It only happens if the route requested is for a multicast IP
address.
Signed-off-by: Steph
14 matches
Mail list logo
