Re: [ovs-dev] [PATCH] conntrack: Fix ct-clean thread crash bug

[Huanglili (lee)]

Yes, it works fine to me.
And I will update the [PATCH v2].

Thanks for the advice.

-------------------------------------------------------------------------------------------------
On 8/24/17, 11:03 AM, "Darrell Ball" <db...@vmware.com> wrote:

    Thanks for testing.
    I’ll look at in detail and get back to you today.
    
    Darrell
    
    On 8/24/17, 3:36 AM, "ovs-dev-boun...@openvswitch.org on behalf of 
huanglili" <ovs-dev-boun...@openvswitch.org on behalf of 
huanglili.hu...@huawei.com> wrote:
    
        From: Lili Huang <huanglili.hu...@huawei.com>
        
        Conn should be removed from the list before freed.
        
        This crash will be triggered when a established flow do ct(nat)
        again, like
        "ip,actions=ct(table=1)
         table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2
         table=1,in_port=2,ip,ct_state=+est,actions=1
         table=1,in_port=1,ip,ct_state=+est,actions=2"
        
        Signed-off-by: Lili Huang <huanglili.hu...@huawei.com>
        ---
         lib/conntrack.c | 2 ++
         1 file changed, 2 insertions(+)
        
        diff --git a/lib/conntrack.c b/lib/conntrack.c
        index 1c0e023..dd73e1a 100644
        --- a/lib/conntrack.c
        +++ b/lib/conntrack.c
        @@ -779,6 +779,8 @@ conn_not_found(struct conntrack *ct, struct 
dp_packet *pkt,
                                            ct, nc, conn_for_un_nat_copy);
         
                         if (!nat_res) {
        +                    ovs_list_remove(&nc->exp_node);
        +                    ctx->conn = NULL;
                             goto nat_res_exhaustion;
                         }

Hi Lily

Does the below alternative work for you ?

diff --git a/lib/conntrack.c b/lib/conntrack.c index 1c0e023..4918aaf 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -805,6 +805,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
      * against with firewall rules or a separate firewall.
      * Also using zone partitioning can limit DoS impact. */
 nat_res_exhaustion:
+    ovs_list_remove(&nc->exp_node);
     delete_conn(nc);
     /* conn_for_un_nat_copy is a local variable in process_one; this
      * memset() serves to document that conn_for_un_nat_copy is from

Thank you
Darrell

         
        -- 
        1.8.3.1
        
        
        _______________________________________________
        dev mailing list
        d...@openvswitch.org
        
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=SFTrBlBXqEC4qsGMh3ikI8j9tYy0Wbb5Vt9FXlMqNDI&s=d9q2ZnEz8iZ2cJuZ5tAFpEMdeP45pFBeL_FmBSjyCv4&e=
 
        
    
    

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev