Re: Re: [PATCH] netfilter: ipv4: fix NULL dereference

On Fri, Mar 25, 2016 at 02:38:15PM +0800, Liping Zhang wrote: > At 2016-03-25 04:22:05, "Pablo Neira Ayuso" wrote: > > > >Could you also pass net as parameter to synproxy_send_server_syn() ? > > > >par->net provides this from synproxy_tg4(). > > Not pass the net but replace

Re: [PATCH] netfilter: ipv4: fix NULL dereference

At 2016-03-25 04:22:05, "Pablo Neira Ayuso" wrote: > >Could you also pass net as parameter to synproxy_send_server_syn() ? > >par->net provides this from synproxy_tg4(). Not pass the net but replace the first parameter 'snet' with 'net' seems better? snet is only used in

Re: [PATCH] netfilter: ipv4: fix NULL dereference

On Wed, Mar 23, 2016 at 10:27:30PM +0800, Liping Zhang wrote: > diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c > b/net/ipv4/netfilter/ipt_SYNPROXY.c > index 7b8fbb3..6b4f501 100644 > --- a/net/ipv4/netfilter/ipt_SYNPROXY.c > +++ b/net/ipv4/netfilter/ipt_SYNPROXY.c > @@ -18,10 +18,10 @@ >

Re: [PATCH] netfilter: ipv4: fix NULL dereference

On Thu, Mar 24, 2016 at 10:00:02AM +0200, Nikolay Borisov wrote: > I've been running production kernels in production with those changes > and so far I haven't observed a single crash resulting from this. > Furthermore, I believe that all the call sites of synproxy_build_ip > should have the skb

Re: [PATCH] netfilter: ipv4: fix NULL dereference

On 03/24/2016 10:25 AM, 张李平 wrote: > At 2016-03-24 16:00:02, "Nikolay Borisov" wrote: >> I've been running production kernels in production with those changes >> and so far I haven't observed a single crash resulting from this. > > Did you run the test with the CONFIG_NET_NS

Re: [PATCH] netfilter: ipv4: fix NULL dereference

I've been running production kernels in production with those changes and so far I haven't observed a single crash resulting from this. Furthermore, I believe that all the call sites of synproxy_build_ip should have the skb associated with a valid tcp socket, which must have originated from a