Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a

From: Richard Bouska (risaat_private)
Date: Thu Jul 22 1999 - 13:54:42 PDT

Next message: linux-securityat_private: "[linux-security] [RHSA-1999:022-01] New Samba packages available"

Previous message: Matt Dunn: "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

diff -ur ../vger-990630/linux/net/ipv4/route.c linux/net/ipv4/route.c
--- ../vger-990630/linux/net/ipv4/route.c       Wed Jun 30 22:22:32 1999
+++ linux/net/ipv4/route.c      Tue Jul 13 17:00:52 1999
@@ -957,7 +957,7 @@

        if (rt->key.iif == 0)
                src = rt->rt_src;
-       else if (fib_lookup(&rt->key, &res) == 0)
+       else if (fib_lookup(&rt->key, &res) == 0 && res.type != RTN_NAT)
                src = FIB_RES_PREFSRC(res);
        else
                src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
RT_SCOPE_UNIVERSE);




Andrej Todosic writes:
 >
 > Correction :
 >
 > this happens only when going through the NAt code.
 >
 > I just tested and only time when it crashes is when one of the ends is in
 > NAT
 > ( i haven tested with both endss in NAT but thats rare to find anyways )
 >
 > so to resume:
 >
 > kernel 2.2.10
 > ip utility
 > ipchains
 > one of the networks is NAT-ed
 >
 > ping -R a NAT ed ip from a real ip ( it has to go through the fw )
 > or ping -R  a real ip from a NATed one
 > fw has to be below hop 9 on this road otherwise it doesnt work.
 >
 > Result : complete kernel panic
 >
 >
 > my ip nat rules are rather simple .
 > so i belive anyone should be able to reproduce the problem.
 >
 >
 >
 > comments ?
 > fixes ?
 >
 >
 >
 >
 > -----Original Message-----
 > From: Andrej Todosic [mailto:atodosicat_private]
 > Sent: Thursday, July 22, 1999 10:04 AM
 > To: linux-kernelat_private
 > Subject: ping -R causes kernel panic on a forwarding machine ( 2.2.5 and
 > 2 .2.10)
 >
 >
 >
 > hello ,
 >
 > i belive this is an old problem since this is not the first time i heard
 > about it.
 >
 > ping ing with ping -R from through a firewall machine make the firewall go
 > into kernel panic
 > tried to kill idle task
 > not syncing
 >
 > etc. etc.
 >
 > does anyone know a fix for the problem ?
 >
 > or a set of rules that will fix the problem ?
 >
 > i believe ping -R works only on about nine hops... what bothers me
 > is that nine hops can be a lot of subnets :(
 >
 >
 > Thanks for any help
 >
 >
 >
 >
 >
 >
 > -
 > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
 > the body of a message to majordomoat_private
 > Please read the FAQ at http://www.tux.org/lkml/
 >
 > -
 > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
 > the body of a message to majordomoat_private
 > Please read the FAQ at http://www.tux.org/lkml/

Next message: linux-securityat_private: "[linux-security] [RHSA-1999:022-01] New Samba packages available"
Previous message: Matt Dunn: "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:13 PDT