Message ID | 20090228031618.GB28503@bombadil.infradead.org |
---|---|
State | Superseded, archived |
Delegated to: | David Miller |
Headers | show |
On Fri, Feb 27, 2009 at 10:16:18PM -0500, Kyle McMartin wrote: > This only seems to show up when CONFIG_NET_NS is enabled. (Reproduced on > git HEAD with that option on, doesn't occur with the option off.) > > I will confess complete ignorance to the network stack, but this patch > fixes things... ipv4 seems to have the same namespace support, but > increments the sock_net, not the twsk_net. > > I'll probably put this patch into Fedora, if only to prevent this from > being used as a local DoS by an unprivileged user. > > Signed-off-by: Kyle McMartin <kyle@redhat.com> > Any thoughts? This is a pretty serious issue... Granted we should probably just turn CONFIG_NET_NS off entirely, since it's underdocumented and should be explicitly labelled as experimental instead of just depending on it... regards, Kyle -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Kyle McMartin <kyle@infradead.org> Date: Mon, 2 Mar 2009 00:09:19 -0500 > On Fri, Feb 27, 2009 at 10:16:18PM -0500, Kyle McMartin wrote: > > This only seems to show up when CONFIG_NET_NS is enabled. (Reproduced on > > git HEAD with that option on, doesn't occur with the option off.) > > > > I will confess complete ignorance to the network stack, but this patch > > fixes things... ipv4 seems to have the same namespace support, but > > increments the sock_net, not the twsk_net. > > > > I'll probably put this patch into Fedora, if only to prevent this from > > being used as a local DoS by an unprivileged user. > > > > Signed-off-by: Kyle McMartin <kyle@redhat.com> > > > > Any thoughts? This is a pretty serious issue... Granted we should > probably just turn CONFIG_NET_NS off entirely, since it's > underdocumented and should be explicitly labelled as experimental > instead of just depending on it... It's in my queue, I just haven't gotten to it yet. Serious issue or not you have to be patient. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c index 8fe267f..1bcc343 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c @@ -258,11 +258,11 @@ unique: if (twp != NULL) { *twp = tw; - NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED); + NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED); } else if (tw != NULL) { /* Silly. Should hash-dance instead... */ inet_twsk_deschedule(tw, death_row); - NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED); + NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED); inet_twsk_put(tw); }