From: Lili Huang <[email protected]> Conn should be removed from the list before freed.
This crash will be triggered when a established flow do ct(nat) again, like "ip,actions=ct(table=1) table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2 table=1,in_port=2,ip,ct_state=+est,actions=1 table=1,in_port=1,ip,ct_state=+est,actions=2" Signed-off-by: Lili Huang <[email protected]> --- lib/conntrack.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/conntrack.c b/lib/conntrack.c index 1c0e023..4918aaf 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -805,6 +805,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, * against with firewall rules or a separate firewall. * Also using zone partitioning can limit DoS impact. */ nat_res_exhaustion: + ovs_list_remove(&nc->exp_node); delete_conn(nc); /* conn_for_un_nat_copy is a local variable in process_one; this * memset() serves to document that conn_for_un_nat_copy is from -- 1.8.3.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
