Bugtraq mailing list archives

Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)

From: risa () GSL KRALUPY CZ (Richard Bouska)
Date: Thu, 22 Jul 1999 22:54:42 +0200


diff -ur ../vger-990630/linux/net/ipv4/route.c linux/net/ipv4/route.c
--- ../vger-990630/linux/net/ipv4/route.c       Wed Jun 30 22:22:32 1999
+++ linux/net/ipv4/route.c      Tue Jul 13 17:00:52 1999
@@ -957,7 +957,7 @@

        if (rt->key.iif == 0)
                src = rt->rt_src;
-       else if (fib_lookup(&rt->key, &res) == 0)
+       else if (fib_lookup(&rt->key, &res) == 0 && res.type != RTN_NAT)
                src = FIB_RES_PREFSRC(res);
        else
                src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
RT_SCOPE_UNIVERSE);

Andrej Todosic writes:


Correction :

this happens only when going through the NAt code.

I just tested and only time when it crashes is when one of the ends is in
NAT
( i haven tested with both endss in NAT but thats rare to find anyways )

so to resume:

kernel 2.2.10
ip utility
ipchains
one of the networks is NAT-ed

ping -R a NAT ed ip from a real ip ( it has to go through the fw )
or ping -R  a real ip from a NATed one
fw has to be below hop 9 on this road otherwise it doesnt work.

Result : complete kernel panic


my ip nat rules are rather simple .
so i belive anyone should be able to reproduce the problem.



comments ?
fixes ?




-----Original Message-----
From: Andrej Todosic [mailto:atodosic () ubisoft qc ca]
Sent: Thursday, July 22, 1999 10:04 AM
To: linux-kernel () vger rutgers edu
Subject: ping -R causes kernel panic on a forwarding machine ( 2.2.5 and
2 .2.10)



hello ,

i belive this is an old problem since this is not the first time i heard
about it.

ping ing with ping -R from through a firewall machine make the firewall go
into kernel panic
tried to kill idle task
not syncing

etc. etc.

does anyone know a fix for the problem ?

or a set of rules that will fix the problem ?

i believe ping -R works only on about nine hops... what bothers me
is that nine hops can be a lot of subnets :(


Thanks for any help






-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo () vger rutgers edu
Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo () vger rutgers edu
Please read the FAQ at http://www.tux.org/lkml/

Current thread:

Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Andrej Todosic (Jul 22)
- Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Richard Bouska (Jul 22)
- Do these patches fix the rpc.cmsd hole? Tim Ramsey (Jul 22)
- L0pht Heavy Industries - AntiSniff Alex Yu (Jul 23)
- Trojan Horse Guard - Cassandra GOLD Release. Jonathan James (Jul 23)
- Troff dangerous. Pawel Wilk (Jul 23)
  - New way to pay in advance for ToorCon '99 in San Diego, California Ben (Jul 24)
  - Re: Troff dangerous. CyberPsychotic (Jul 25)
  - Re: Troff dangerous. Pavel Kankovsky (Jul 25)
    - Re: Troff dangerous. Warner Losh (Jul 27)
  - Re: Troff dangerous. Julian Squires (Aug 02)
    - Re: Troff dangerous. Olaf Kirch (Jul 26)

(Thread continues...)