On 28.07, Phil Sutter wrote: > Hi, > > When synproxy_send_server_ack() calls synproxy_send_tcp(), it passes > NULL as third parameter (struct nf_conntrack *nfct). And the first thing > synproxy_send_tcp() does, is dereference it: > > | struct net *net = nf_ct_net((struct nf_conn *)nfct); > > I could not find a commit leading to this breakage in the commit log, > which makes me doubt ip6t_SYNPROXY has ever worked at all. > > If you need one, I have a reproducer at hand. (Though I would want to > strip it down a bit first.) Just let me know.
Thanks, looks like I never tested this with netns enabled. Would you care to provide a patch? An easy fix seems to be to pass the synproxy_net struct to synproxy_send_tcp() and use nf_ct_net(snet->tmpl) instead. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
