>> Subject: Bug#500472: linux-image-2.6.26-1-openvz-amd64: NULL pointer >> dereference in tcp_v4_send_ack > > Thanks! It is a mainstream bug. Fixed patch was sent to [EMAIL PROTECTED]
The patch is there : http://www.spinics.net/lists/netdev/msg76471.html But it does not apply to 2.6.26 so I tried to backport it. Here is what I could come up with (clearly not understanding what I was doing, and taking into account the fact that a follow-up says ipv6 codepath is similar) : diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index ffe869a..fffc708 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -687,7 +687,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk, if (twsk) arg.bound_dev_if = twsk->tw_sk.tw_bound_dev_if; - ip_send_reply(dev_net(skb->dev)->ipv4.tcp_sock, skb, + ip_send_reply(dev_net(skb->dst->dev)->ipv4.tcp_sock, skb, &arg, arg.iov[0].iov_len); TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 40ea9c3..6d8e350 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1094,7 +1094,7 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw, struct tcphdr *th = tcp_hdr(skb), *t1; struct sk_buff *buff; struct flowi fl; - struct net *net = dev_net(skb->dev); + struct net *net = dev_net(skb->dst->dev); struct sock *ctl_sk = net->ipv6.tcp_sk; unsigned int tot_len = sizeof(struct tcphdr); __be32 *topt; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
