segfault in nfct_conntrack_compare() at libnetfilter_conntrack.c:933

Alan Ezust alan.ezust at presinet.com
Fri Nov 24 23:25:35 CET 2006


I'm using ../libnetfilter_conntrack-0.0.31, conntrack 1.00beta2, and 
libnfnetlink(svn). Building against kernel 2.6.16.29.

For some reason, I'm getting a segfault in nfct_conntrack_compare. It seems as 
if the memory pointed to by ct1 is invalid, the first time that the compare 
is called. Has anyone else seen this? 

This happens (the segfault) when I do conntrack -L or conntrack -E (After the 
first event has arrived). 

(gdb) [ezust at pocky] /home/ezust/presinet/projects/conntrack-vanilla> sudo gdb
GNU gdb 6.5-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
Using host libthread_db library "/lib/tls/libthread_db.so.1".
Breakpoint 1 at 0x804a0ad: file conntrack.c, line 606.
main (argc=2, argv=0xbfeb7424) at conntrack.c:606
606         unsigned int command = 0, options = 0;

Program received signal SIGSEGV, Segmentation fault.
0xb7f85731 in nfct_conntrack_compare (ct1=0x15f24, ct2=0xbfeb5138, 
cmp=0xb7fb8ff4) at libnetfilter_conntrack.c:933
933             int cop1 = ct1->tuple[NFCT_DIR_ORIGINAL].protonum;
(gdb) list
928                     if (l3proto && !l3proto->compare(ct1, ct2, l3flags))
929                             return 0;
930             }
931
932             if (l4flags) {
933             int cop1 = ct1->tuple[NFCT_DIR_ORIGINAL].protonum;
934             int cop2 = ct2->tuple[NFCT_DIR_ORIGINAL].protonum;
935                     if (cop1 != 0 &&  cop2 != 0 && cop1 != cop2)
936                 return 0;
937             int crp1 = ct1->tuple[NFCT_DIR_REPLY].protonum;
(gdb) ct1
Undefined command: "ct1".  Try "help".
(gdb) p ct1
$1 = (struct nfct_conntrack *) 0x15f24
(gdb) p *ct1
Cannot access memory at address 0x15f24
(gdb) p ct1
$2 = (struct nfct_conntrack *) 0x15f24
(gdb) p ct2
$3 = (struct nfct_conntrack *) 0xbfeb5138
(gdb) p *ct2
$4 = {tuple = {{src = {v4 = 520161802, v6 = {520161802, 0, 0, 0}}, dst = {v4 = 
4278258186, v6 = {4278258186, 0, 0, 0}}, l3protonum = 2 '\002', protonum = 
17 '\021',
      l4src = {all = 35328, tcp = {port = 35328}, udp = {port = 35328}, icmp = 
{type = 0 '\0', code = 138 '\212', id = 0}, sctp = {port = 35328}}, l4dst = {
        all = 35328, tcp = {port = 35328}, udp = {port = 35328}, icmp = {type 
= 0 '\0', code = 138 '\212', id = 0}, sctp = {port = 35328}}}, {src = {v4 = 
4278258186,
        v6 = {4278258186, 0, 0, 0}}, dst = {v4 = 520161802, v6 = {520161802, 
0, 0, 0}}, l3protonum = 2 '\002', protonum = 17 '\021', l4src = {all = 35328, 
tcp = {
          port = 35328}, udp = {port = 35328}, icmp = {type = 0 '\0', code = 
138 '\212', id = 0}, sctp = {port = 35328}}, l4dst = {all = 35328, tcp = 
{port = 35328},
        udp = {port = 35328}, icmp = {type = 0 '\0', code = 138 '\212', id = 
0}, sctp = {port = 35328}}}}, timeout = 21, mark = 0, status = 8, use = 1, id 
= 354,
  protoinfo = {tcp = {state = 0 '\0'}}, counters = {{packets = 1, bytes = 
257}, {packets = 0, bytes = 0}}, nat = {min_ip = 0, max_ip = 0, l4min = {all 
= 0, tcp = {
        port = 0}, udp = {port = 0}, icmp = {type = 0 '\0', code = 0 '\0', id 
= 0}, sctp = {port = 0}}, l4max = {all = 0, tcp = {port = 0}, udp = {port = 
0}, icmp = {
        type = 0 '\0', code = 0 '\0', id = 0}, sctp = {port = 0}}}}
(gdb) p *ct1
Cannot access memory at address 0x15f24
(gdb) where
#0  0xb7f85731 in nfct_conntrack_compare (ct1=0x15f24, ct2=0xbfeb5138, 
cmp=0xb7fb8ff4) at libnetfilter_conntrack.c:933
#1  0xb7f84ebd in nfct_default_conntrack_display (arg=0xbfeb5138, flags=253, 
type=2, data=0xb7fb8ff4) at libnetfilter_conntrack.c:721
#2  0xb7f8492f in nfct_conntrack_netlink_handler (cth=0x804e148, 
nlh=0xbfeb526c, arg=0x0) at libnetfilter_conntrack.c:579
#3  0xb7f8355c in callback_handler (nladdr=0xbfeb726c, n=0xbfeb526c, 
arg=0x804e148) at libnetfilter_conntrack.c:75
#4  0xb7e48734 in nfnl_listen (nfnlh=0x804e008, handler=0xb7f834b4 
<callback_handler>, jarg=0x804e148) at libnfnetlink.c:491
#5  0xb7f8601a in __nfct_dump_conntrack_table (cth=0x804e148, zero=0, 
family=2) at libnetfilter_conntrack.c:1110
#6  0xb7f86047 in nfct_dump_conntrack_table (cth=0x804e148, family=2) at 
libnetfilter_conntrack.c:1115
#7  0x0804adc3 in main (argc=2, argv=0xbfeb7424) at conntrack.c:882

-- 
Alan Ezust            www.presinet.com
Presinet, inc         alan.ezust at presinet.com
           Victoria, BC, Canada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20061125/f4060e57/attachment.pgp


More information about the netfilter mailing list