[PATCH] Re: serious problems with 0.1.11

Marc Boucher marc@mbsi.ca
Fri, 29 Oct 1999 12:15:40 -0400 

This is a multipart MIME message.

--==_Exmh_8311578780
Content-Type: text/plain; charset=us-ascii

> 
> Hi folks,
> 
>   Well, I compiled and installed 0.1.11 and when I loaded the modules,
> the kernel panicked.  I got a number of stack dumps, the last of which was
> an Oops: 0002.  I set the default runlevel to 1 and tried loading services
> by hand to see where it had problems, and it regularly bombs out around
> rpc.portmap or inetd (syslogd and klogd are the only daemons I load before
> these).  I also had it crash in runlevel 1 after I ping'd a box I have
> connecting through a serial port (this was before I even started any
> daemons).  All I had done was load iptables.o, ipt_tcp.o, ipt_udp.o,
> ipt_icmp.o, ip_nat_map_masquerade.o, and ip_nat_ftp.o.  I re-installed
> 0.1.10 and nothing goes wrong.
> I'm running kernel 2.3.21 on a Slackware 4.0 distribution.
> Am I the only one experiencing this?
> 
> Regards,
> 
> Adrian

The NAT code in 0.1.11 for interface matching may cause panics while
processing packets with a null skb->dev. The enclosed patch fixes the
problem.

Marc

1999-10-29  Marc Boucher <marc@mbsi.ca>

        * NAT/ip_nat_standalone.c (init_conntrack): Do not dereference
        skb->dev if NULL.
        * NAT/ip_nat_rule.c (lookup_cmp): Do not dereference
        ifname if NULL.


--==_Exmh_8311578780
Content-Type: application/x-patch ; name="netfilter-0.1.11-natdevbug.patch"
Content-Description: netfilter-0.1.11-natdevbug.patch
Content-Disposition: attachment; filename="netfilter-0.1.11-natdevbug.patch"

--- netfilter/NAT/ip_nat_standalone.c	1999/10/29 15:56:21	1.1
+++ netfilter/NAT/ip_nat_standalone.c	1999/10/29 15:58:59
@@ -63,7 +63,7 @@
 	/* Protects the NAT private region of the conntrack. */
 	MUST_BE_WRITE_LOCKED(&ip_nat_lock);
 	rule = __ip_nat_rule_get(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
-				 .tuple, skb->dev->name,
+				 .tuple, skb->dev ? skb->dev->name : NULL,
 				 hooknum);
 
 	/* If there's a rule which matches, set up the translation. */
--- netfilter/NAT/ip_nat_rule.c	1999/10/29 14:08:20	1.1
+++ netfilter/NAT/ip_nat_rule.c	1999/10/29 16:03:18
@@ -65,7 +65,7 @@
 			^ ((unsigned long *)&ptr->match.tuple)[i];
 	}
 	for (i = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
-		cmp |= (((unsigned long *)ifname)[i]
+		cmp |= ((ifname ? ((unsigned long *)ifname)[i] : 0)
 			& ((unsigned long *)&ptr->mask.ifname)[i])
 			^ ((unsigned long *)&ptr->match.ifname)[i];
 	}

--==_Exmh_8311578780--