[ovs-dev] [PATCH v2] conntrack: Fix ct-clean thread crash bug
huanglili
huanglili.huang at huawei.com
Fri Aug 25 06:25:23 UTC 2017
From: Lili Huang <huanglili.huang at huawei.com>
Conn should be removed from the list before freed.
This crash will be triggered when a established flow do ct(nat)
again, like
"ip,actions=ct(table=1)
table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2
table=1,in_port=2,ip,ct_state=+est,actions=1
table=1,in_port=1,ip,ct_state=+est,actions=2"
Signed-off-by: Lili Huang <huanglili.huang at huawei.com>
---
lib/conntrack.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 1c0e023..4918aaf 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -805,6 +805,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
* against with firewall rules or a separate firewall.
* Also using zone partitioning can limit DoS impact. */
nat_res_exhaustion:
+ ovs_list_remove(&nc->exp_node);
delete_conn(nc);
/* conn_for_un_nat_copy is a local variable in process_one; this
* memset() serves to document that conn_for_un_nat_copy is from
--
1.8.3.1
More information about the dev
mailing list