On Mon, 2017-04-03 at 15:14 +0300, Denys Fedoryshchenko wrote:
> On 2017-04-03 15:09, Eric Dumazet wrote:
> > On Mon, 2017-04-03 at 11:10 +0300, Denys Fedoryshchenko wrote:
> >
> >> I modified patch a little as:
> >> if (th->doff * 4 < sizeof(_tcph)) {
> >> par->hotdrop = true;
> >>
On 2017-04-03 15:09, Eric Dumazet wrote:
On Mon, 2017-04-03 at 11:10 +0300, Denys Fedoryshchenko wrote:
I modified patch a little as:
if (th->doff * 4 < sizeof(_tcph)) {
par->hotdrop = true;
WARN_ON_ONCE(!tcpinfo->option);
return false;
}
And it did triggered WARN once at morning, and
On Mon, 2017-04-03 at 11:10 +0300, Denys Fedoryshchenko wrote:
> I modified patch a little as:
> if (th->doff * 4 < sizeof(_tcph)) {
> par->hotdrop = true;
> WARN_ON_ONCE(!tcpinfo->option);
> return false;
> }
>
> And it did triggered WARN once at morning, and didn't hit KASAN. I will
>
On 2017-04-02 20:26, Eric Dumazet wrote:
On Sun, 2017-04-02 at 10:14 -0700, Eric Dumazet wrote:
Could that be that netfilter does not abort earlier if TCP header is
completely wrong ?
Yes, I wonder if this patch would be better, unless we replicate the
th->doff sanity check in all netfilter
On Sun, 2017-04-02 at 10:14 -0700, Eric Dumazet wrote:
> Could that be that netfilter does not abort earlier if TCP header is
> completely wrong ?
>
Yes, I wonder if this patch would be better, unless we replicate the
th->doff sanity check in all netfilter modules dissecting TCP frames.
diff
On Sun, 2017-04-02 at 19:52 +0300, Denys Fedoryshchenko wrote:
> On 2017-04-02 15:32, Eric Dumazet wrote:
> > On Sun, 2017-04-02 at 15:25 +0300, Denys Fedoryshchenko wrote:
> >> > */
> >> I will add also WARN_ON_ONCE(tcp_hdrlen >= 15 * 4) before, for
> >> curiosity, if this condition are
On 2017-04-02 15:32, Eric Dumazet wrote:
On Sun, 2017-04-02 at 15:25 +0300, Denys Fedoryshchenko wrote:
> */
I will add also WARN_ON_ONCE(tcp_hdrlen >= 15 * 4) before, for
curiosity, if this condition are triggered. Is it fine like that?
Sure.
It didnt triggered WARN_ON, and with both
On Sun, 2017-04-02 at 15:25 +0300, Denys Fedoryshchenko wrote:
> > */
> I will add also WARN_ON_ONCE(tcp_hdrlen >= 15 * 4) before, for
> curiosity, if this condition are triggered. Is it fine like that?
Sure.
On 2017-04-02 15:19, Eric Dumazet wrote:
On Sun, 2017-04-02 at 04:54 -0700, Eric Dumazet wrote:
On Sun, 2017-04-02 at 13:45 +0200, Florian Westphal wrote:
> Eric Dumazet wrote:
> > - for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
optlen(opt,
On Sun, 2017-04-02 at 04:54 -0700, Eric Dumazet wrote:
> On Sun, 2017-04-02 at 13:45 +0200, Florian Westphal wrote:
> > Eric Dumazet wrote:
> > > - for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
> > > optlen(opt, i)) {
> > > + for (i = sizeof(struct
On Sun, 2017-04-02 at 13:45 +0200, Florian Westphal wrote:
> Eric Dumazet wrote:
> > - for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
> > optlen(opt, i)) {
> > + for (i = sizeof(struct tcphdr); i < tcp_hdrlen - TCPOLEN_MSS; i +=
> > optlen(opt,
On 2017-04-02 14:45, Florian Westphal wrote:
Eric Dumazet wrote:
- for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
optlen(opt, i)) {
+ for (i = sizeof(struct tcphdr); i < tcp_hdrlen - TCPOLEN_MSS; i +=
optlen(opt, i)) {
if (opt[i]
Eric Dumazet wrote:
> - for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
> optlen(opt, i)) {
> + for (i = sizeof(struct tcphdr); i < tcp_hdrlen - TCPOLEN_MSS; i +=
> optlen(opt, i)) {
> if (opt[i] == TCPOPT_MSS && opt[i+1] ==
On Sun, 2017-04-02 at 10:43 +0300, Denys Fedoryshchenko wrote:
> Repost, due being sleepy missed few important points.
>
> I am searching reasons of crashes for multiple conntrack enabled
> servers, usually they point to conntrack, but i suspect use after free
> might be somewhere else,
> so i
Repost, due being sleepy missed few important points.
I am searching reasons of crashes for multiple conntrack enabled
servers, usually they point to conntrack, but i suspect use after free
might be somewhere else,
so i tried to enable KASAN.
And seems i got something after few hours, and it
I am searching reasons of crashes for multiple NAT servers, and tried to
enable KASAN.
It seems i got something, and it looks very possible related to all
crashes, because on all that servers i have MSS.
[25181.855611]
==
16 matches
Mail list logo