On Tue, May 30, 2017 at 11:38:12AM +0200, Florian Westphal wrote:
> Quoting Joe Stringer:
> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> namespace, destroys that namespace then unloads the FTP helper module,
> then the kernel will crash.
>
> Events that lead to the
Pablo Neira Ayuso writes:
> Hi!
>
> On Tue, Jun 13, 2017 at 09:35:20AM -0700, Cong Wang wrote:
>> On Mon, Jun 12, 2017 at 11:16 PM, Florian Westphal wrote:
>> > Cong Wang wrote:
>> >> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
>> >> > Joe described it nicely, problem is that after
Hi!
On Tue, Jun 13, 2017 at 09:35:20AM -0700, Cong Wang wrote:
> On Mon, Jun 12, 2017 at 11:16 PM, Florian Westphal wrote:
> > Cong Wang wrote:
> >> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
> >> > Joe described it nicely, problem is that after unload we may have
> >> > conntracks
On Tue, Jun 13, 2017 at 11:07 AM, Florian Westphal wrote:
> Historically it wasn't needed because we just clear out the helper area
> in the affected conntracks (i.e, future packets are not inspected by
> the helper anymore).
>
> When conntracks were made per-netns this problem was added as we're
On 13 June 2017 at 11:07, Florian Westphal wrote:
> Cong Wang wrote:
>> On Mon, Jun 12, 2017 at 11:16 PM, Florian Westphal wrote:
>> > Cong Wang wrote:
>> >> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
>> >> > Joe described it nicely, problem is that after unload we may have
>> >>
Cong Wang wrote:
> On Mon, Jun 12, 2017 at 11:16 PM, Florian Westphal wrote:
> > Cong Wang wrote:
> >> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
> >> > Joe described it nicely, problem is that after unload we may have
> >> > conntracks that still have a nf_conn_help extension atta
On Mon, Jun 12, 2017 at 11:16 PM, Florian Westphal wrote:
> Cong Wang wrote:
>> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
>> > Joe described it nicely, problem is that after unload we may have
>> > conntracks that still have a nf_conn_help extension attached that
>> > has a pointer
Cong Wang wrote:
> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
> > Joe described it nicely, problem is that after unload we may have
> > conntracks that still have a nf_conn_help extension attached that
> > has a pointer to a structure that resided in the (unloaded) module.
>
> Why n
On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote:
> Joe described it nicely, problem is that after unload we may have
> conntracks that still have a nf_conn_help extension attached that
> has a pointer to a structure that resided in the (unloaded) module.
Why not hold a refcnt for its modul
On Wed, May 31, 2017 at 01:13:32PM -0500, Eric W. Biederman wrote:
> Florian Westphal writes:
>
> > Quoting Joe Stringer:
> > If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> > namespace, destroys that namespace then unloads the FTP helper module,
> > then the kernel
David Laight wrote:
> From: Florian Westphal
> > Sent: 30 May 2017 10:38
> >
> > Quoting Joe Stringer:
> > If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> > namespace, destroys that namespace then unloads the FTP helper module,
> > then the kernel will crash.
> >
>
From: Florian Westphal
> Sent: 30 May 2017 10:38
>
> Quoting Joe Stringer:
> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> namespace, destroys that namespace then unloads the FTP helper module,
> then the kernel will crash.
>
> Events that lead to the crash:
> 1. c
Eric W. Biederman wrote:
> Florian Westphal writes:
>
> > Quoting Joe Stringer:
> > If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> > namespace, destroys that namespace then unloads the FTP helper module,
> > then the kernel will crash.
> >
> > Events that lead to t
On 31 May 2017 at 11:13, Eric W. Biederman wrote:
> Florian Westphal writes:
>
>> Quoting Joe Stringer:
>> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
>> namespace, destroys that namespace then unloads the FTP helper module,
>> then the kernel will crash.
>>
>> Eve
Florian Westphal writes:
> Quoting Joe Stringer:
> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> namespace, destroys that namespace then unloads the FTP helper module,
> then the kernel will crash.
>
> Events that lead to the crash:
> 1. conntrack is created with f
David Miller writes:
> From: Florian Westphal
> Date: Tue, 30 May 2017 11:38:12 +0200
>
>> Quoting Joe Stringer:
>> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
>> namespace, destroys that namespace then unloads the FTP helper module,
>> then the kernel will crash.
From: Florian Westphal
Date: Tue, 30 May 2017 11:38:12 +0200
> Quoting Joe Stringer:
> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> namespace, destroys that namespace then unloads the FTP helper module,
> then the kernel will crash.
>
> Events that lead to the cr
Quoting Joe Stringer:
If a user loads nf_conntrack_ftp, sends FTP traffic through a network
namespace, destroys that namespace then unloads the FTP helper module,
then the kernel will crash.
Events that lead to the crash:
1. conntrack is created with ftp helper in netns x
2. This netns is de
18 matches
Mail list logo
