[NETFILTER]: Clean NAT status bits on module unload

another patch which I think should go in 2.6.11, it fixes a crash when unloading, then reloading iptable_nat. ip_nat_core doesn't clear the status bits in struct ip_conntrack on module unload, but zeroes out the nat area. When the module is loaded again and a connection times out ip_nat_cleanup_conntrack tries to list_del the zeroed list-head and crashes. There are probably more conditions under which it can crash or cause other misbehaviour. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

[NETFILTER]: Clean NAT status bits on module unload
another patch which I think should go in 2.6.11, it fixes a crash when unloading, then reloading iptable_nat. ip_nat_core doesn't clear the status bits in struct ip_conntrack on module unload, but zeroes out the nat area. When the module is loaded again and a connection times out ip_nat_cleanup_conntrack tries to list_del the zeroed list-head and crashes. There are probably more conditions under which it can crash or cause other misbehaviour. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
8bd2cfd8 · Patrick McHardy · David S. Miller · 2ef9978c · 8bd2cfd8
Commit 8bd2cfd8 authored Feb 06, 2005 by Patrick McHardy Committed by David S. Miller Feb 06, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/ipv4/netfilter/ip_nat_core.c net/ipv4/netfilter/ip_nat_core.c +1 -0

No files found.
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -543,6 +543,7 @@ int __init ip_nat_init(void)
 static int clean_nat(struct ip_conntrack *i, void *data)
 {
 	memset(&i->nat, 0, sizeof(i->nat));
+	i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
 	return 0;
 }