[ovs-dev] [PATCH] conntrack: Fix ct-clean thread crash bug
Darrell Ball
dball at vmware.com
Thu Aug 24 20:09:07 UTC 2017
On 8/24/17, 11:03 AM, "Darrell Ball" <dball at vmware.com> wrote:
Thanks for testing.
I’ll look at in detail and get back to you today.
Darrell
On 8/24/17, 3:36 AM, "ovs-dev-bounces at openvswitch.org on behalf of huanglili" <ovs-dev-bounces at openvswitch.org on behalf of huanglili.huang at huawei.com> wrote:
From: Lili Huang <huanglili.huang at huawei.com>
Conn should be removed from the list before freed.
This crash will be triggered when a established flow do ct(nat)
again, like
"ip,actions=ct(table=1)
table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2
table=1,in_port=2,ip,ct_state=+est,actions=1
table=1,in_port=1,ip,ct_state=+est,actions=2"
Signed-off-by: Lili Huang <huanglili.huang at huawei.com>
---
lib/conntrack.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 1c0e023..dd73e1a 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -779,6 +779,8 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
ct, nc, conn_for_un_nat_copy);
if (!nat_res) {
+ ovs_list_remove(&nc->exp_node);
+ ctx->conn = NULL;
goto nat_res_exhaustion;
}
Hi Lily
Does the below alternative work for you ?
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 1c0e023..4918aaf 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -805,6 +805,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
* against with firewall rules or a separate firewall.
* Also using zone partitioning can limit DoS impact. */
nat_res_exhaustion:
+ ovs_list_remove(&nc->exp_node);
delete_conn(nc);
/* conn_for_un_nat_copy is a local variable in process_one; this
* memset() serves to document that conn_for_un_nat_copy is from
Thank you
Darrell
--
1.8.3.1
_______________________________________________
dev mailing list
dev at openvswitch.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=SFTrBlBXqEC4qsGMh3ikI8j9tYy0Wbb5Vt9FXlMqNDI&s=d9q2ZnEz8iZ2cJuZ5tAFpEMdeP45pFBeL_FmBSjyCv4&e=
More information about the dev
mailing list