Red Hat Bugzilla – Bug 155970
20050301 netfilter: fix crash on nat+icmp packets
Last modified: 2007-11-30 17:07:17 EST
"This patch fixes a kernel crashing bug when using NAT. The crash occurs in
the case when we send out a UDP packet to a closed port on another host,
with the UDP packet being SNATed. The remote host replies with an ICMP
port unreachable (type 3, code 3). We need to adjust the ICMP packet,
because the UDP packet was SNATed."
This may have security consequences.
Was fixed in 2.6.11 as part of
Rusty's patch is enormous, breaks the kABI of netfilter completely,
and we're still fixing fallout from that change in 2.6.12-rcX
But the patch in the netfilter posting is OK, simple, not
a kABI breaker, and correct. I'll try to cons up a clean
RHEL4 patch for davej, but no promises on getting to that
this week as I'm very busy with existing stuff and leave for
Chicago on Thursday afternoon.
Actually, the 2.6.9 based code we have in RHEL4 does not have
this bug. It references the IP header via skb->nh.iph which
is fine. Later code used a local variable to store the pointer,
which is what introduced the bug.
Therefore RHEL4 does not have this problem and we need do nothing.