I found the problem in the netfilter code. In the file ipt_TOS.c the
following code is wrong;
if(!nskb)
return NF_DROP;
*pskb = nskb; <---this should be down 1 line
kfree_skb(*pksb); <-- pointer is freed here
iph = (*pksb)->nh.iph; <-- freed pointer is used here.
The following patch fixes the problem.
--- ipt_TOS.c.orig Mon Dec 17 00:33:50 2001
+++ ipt_TOS.c Mon Dec 17 00:34:18 2001
@@ -27,8 +27,8 @@
struct sk_buff *nskb = skb_copy(*pskb, GFP_ATOMIC);
if (!nskb)
return NF_DROP;
- *pskb = nskb;
kfree_skb(*pskb);
+ *pskb = nskb;
iph = (*pskb)->nh.iph;
}
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
On Mon, Dec 17, 2001 at 01:07:52AM -0500, Edward Killips wrote:
> I found the problem in the netfilter code. In the file ipt_TOS.c the
> following code is wrong;
Thanks for pointing out this issue. According to DaveM, this fix has already
been submitted to Marcelo for Kernel inclusion.
--
Live long and prosper
- Harald Welte / [email protected] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)