ip_packet_match causing kernel crash (?)

ip_packet_match causing kernel crash (?)

[dwu]

Hi,

I'm seeing a kernel crash in the netfilter section of the kernel and is trying 
to get some help in tracking down the problem.

In my test environment, I see that the crash occurs if there is a mismatch 
between the ip address in the iptables entry and the incoming packet, when the 
function ip_packet_match from the file ip_tables.c returns 0.

Analysing the code in ip_tables.c, in the function ipt_do_table, if the 
ip_packet_match return 0, then it looks at the next ipt_entry (see the code 
around line 384). It looks to me as if there is no way for the loop to get out 
of the "do { ... } while (!hotdrop)" loop if ip_packet_match always return 0 
(?) Is this causing the kernel crash in my test environment.

Any comments would be greatly appreciated.

Thanks,
Daniel

Re: ip_packet_match causing kernel crash (?)

[Martin Josefsson]

On Wed, 2003-07-02 at 02:10, dwu@zipworld.com.au wrote:
> Hi,
> 
> I'm seeing a kernel crash in the netfilter section of the kernel and is trying 
> to get some help in tracking down the problem.
> 
> In my test environment, I see that the crash occurs if there is a mismatch 
> between the ip address in the iptables entry and the incoming packet, when the 
> function ip_packet_match from the file ip_tables.c returns 0.
> 
> Analysing the code in ip_tables.c, in the function ipt_do_table, if the 
> ip_packet_match return 0, then it looks at the next ipt_entry (see the code 
> around line 384). It looks to me as if there is no way for the loop to get out 
> of the "do { ... } while (!hotdrop)" loop if ip_packet_match always return 0 
> (?) Is this causing the kernel crash in my test environment.

There's always a rule at the end that matches all packets, the default
policy.

-- 
/Martin