* ip_packet_match causing kernel crash (?)
@ 2003-07-02 0:10 dwu
2003-07-20 18:35 ` Martin Josefsson
0 siblings, 1 reply; 2+ messages in thread
From: dwu @ 2003-07-02 0:10 UTC (permalink / raw)
To: netfilter-devel
Hi,
I'm seeing a kernel crash in the netfilter section of the kernel and is trying
to get some help in tracking down the problem.
In my test environment, I see that the crash occurs if there is a mismatch
between the ip address in the iptables entry and the incoming packet, when the
function ip_packet_match from the file ip_tables.c returns 0.
Analysing the code in ip_tables.c, in the function ipt_do_table, if the
ip_packet_match return 0, then it looks at the next ipt_entry (see the code
around line 384). It looks to me as if there is no way for the loop to get out
of the "do { ... } while (!hotdrop)" loop if ip_packet_match always return 0
(?) Is this causing the kernel crash in my test environment.
Any comments would be greatly appreciated.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ip_packet_match causing kernel crash (?)
2003-07-02 0:10 ip_packet_match causing kernel crash (?) dwu
@ 2003-07-20 18:35 ` Martin Josefsson
0 siblings, 0 replies; 2+ messages in thread
From: Martin Josefsson @ 2003-07-20 18:35 UTC (permalink / raw)
To: dwu; +Cc: Netfilter-devel
On Wed, 2003-07-02 at 02:10, dwu@zipworld.com.au wrote:
> Hi,
>
> I'm seeing a kernel crash in the netfilter section of the kernel and is trying
> to get some help in tracking down the problem.
>
> In my test environment, I see that the crash occurs if there is a mismatch
> between the ip address in the iptables entry and the incoming packet, when the
> function ip_packet_match from the file ip_tables.c returns 0.
>
> Analysing the code in ip_tables.c, in the function ipt_do_table, if the
> ip_packet_match return 0, then it looks at the next ipt_entry (see the code
> around line 384). It looks to me as if there is no way for the loop to get out
> of the "do { ... } while (!hotdrop)" loop if ip_packet_match always return 0
> (?) Is this causing the kernel crash in my test environment.
There's always a rule at the end that matches all packets, the default
policy.
--
/Martin
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-20 18:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-02 0:10 ip_packet_match causing kernel crash (?) dwu
2003-07-20 18:35 ` Martin Josefsson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.