segfault in nfct_conntrack_compare() at libnetfilter

To:	netfilter@lists.netfilter.org
Subject:	segfault in nfct_conntrack_compare() at libnetfilter_conntrack.c:933
From:	Alan Ezust <alan.ezust@presinet.com>
Date:	Fri, 24 Nov 2006 14:25:35 -0800
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization:	Presinet, Inc
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	KMail/1.9.5

I'm using ../libnetfilter_conntrack-0.0.31, conntrack 1.00beta2, and 
libnfnetlink(svn). Building against kernel 2.6.16.29.

For some reason, I'm getting a segfault in nfct_conntrack_compare. It seems as 
if the memory pointed to by ct1 is invalid, the first time that the compare 
is called. Has anyone else seen this? 

This happens (the segfault) when I do conntrack -L or conntrack -E (After the 
first event has arrived). 

(gdb) [ezust@pocky] /home/ezust/presinet/projects/conntrack-vanilla> sudo gdb
GNU gdb 6.5-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
Using host libthread_db library "/lib/tls/libthread_db.so.1".
Breakpoint 1 at 0x804a0ad: file conntrack.c, line 606.
main (argc=2, argv=0xbfeb7424) at conntrack.c:606
606         unsigned int command = 0, options = 0;

Program received signal SIGSEGV, Segmentation fault.
0xb7f85731 in nfct_conntrack_compare (ct1=0x15f24, ct2=0xbfeb5138, 
cmp=0xb7fb8ff4) at libnetfilter_conntrack.c:933
933             int cop1 = ct1->tuple[NFCT_DIR_ORIGINAL].protonum;
(gdb) list
928                     if (l3proto && !l3proto->compare(ct1, ct2, l3flags))
929                             return 0;
930             }
931
932             if (l4flags) {
933             int cop1 = ct1->tuple[NFCT_DIR_ORIGINAL].protonum;
934             int cop2 = ct2->tuple[NFCT_DIR_ORIGINAL].protonum;
935                     if (cop1 != 0 &&  cop2 != 0 && cop1 != cop2)
936                 return 0;
937             int crp1 = ct1->tuple[NFCT_DIR_REPLY].protonum;
(gdb) ct1
Undefined command: "ct1".  Try "help".
(gdb) p ct1
$1 = (struct nfct_conntrack *) 0x15f24
(gdb) p *ct1
Cannot access memory at address 0x15f24
(gdb) p ct1
$2 = (struct nfct_conntrack *) 0x15f24
(gdb) p ct2
$3 = (struct nfct_conntrack *) 0xbfeb5138
(gdb) p *ct2
$4 = {tuple = {{src = {v4 = 520161802, v6 = {520161802, 0, 0, 0}}, dst = {v4 = 
4278258186, v6 = {4278258186, 0, 0, 0}}, l3protonum = 2 '\002', protonum = 
17 '\021',
      l4src = {all = 35328, tcp = {port = 35328}, udp = {port = 35328}, icmp = 
{type = 0 '\0', code = 138 '\212', id = 0}, sctp = {port = 35328}}, l4dst = {
        all = 35328, tcp = {port = 35328}, udp = {port = 35328}, icmp = {type 
= 0 '\0', code = 138 '\212', id = 0}, sctp = {port = 35328}}}, {src = {v4 = 
4278258186,
        v6 = {4278258186, 0, 0, 0}}, dst = {v4 = 520161802, v6 = {520161802, 
0, 0, 0}}, l3protonum = 2 '\002', protonum = 17 '\021', l4src = {all = 35328, 
tcp = {
          port = 35328}, udp = {port = 35328}, icmp = {type = 0 '\0', code = 
138 '\212', id = 0}, sctp = {port = 35328}}, l4dst = {all = 35328, tcp = 
{port = 35328},
        udp = {port = 35328}, icmp = {type = 0 '\0', code = 138 '\212', id = 
0}, sctp = {port = 35328}}}}, timeout = 21, mark = 0, status = 8, use = 1, id 
= 354,
  protoinfo = {tcp = {state = 0 '\0'}}, counters = {{packets = 1, bytes = 
257}, {packets = 0, bytes = 0}}, nat = {min_ip = 0, max_ip = 0, l4min = {all 
= 0, tcp = {
        port = 0}, udp = {port = 0}, icmp = {type = 0 '\0', code = 0 '\0', id 
= 0}, sctp = {port = 0}}, l4max = {all = 0, tcp = {port = 0}, udp = {port = 
0}, icmp = {
        type = 0 '\0', code = 0 '\0', id = 0}, sctp = {port = 0}}}}
(gdb) p *ct1
Cannot access memory at address 0x15f24
(gdb) where
#0  0xb7f85731 in nfct_conntrack_compare (ct1=0x15f24, ct2=0xbfeb5138, 
cmp=0xb7fb8ff4) at libnetfilter_conntrack.c:933
#1  0xb7f84ebd in nfct_default_conntrack_display (arg=0xbfeb5138, flags=253, 
type=2, data=0xb7fb8ff4) at libnetfilter_conntrack.c:721
#2  0xb7f8492f in nfct_conntrack_netlink_handler (cth=0x804e148, 
nlh=0xbfeb526c, arg=0x0) at libnetfilter_conntrack.c:579
#3  0xb7f8355c in callback_handler (nladdr=0xbfeb726c, n=0xbfeb526c, 
arg=0x804e148) at libnetfilter_conntrack.c:75
#4  0xb7e48734 in nfnl_listen (nfnlh=0x804e008, handler=0xb7f834b4 
<callback_handler>, jarg=0x804e148) at libnfnetlink.c:491
#5  0xb7f8601a in __nfct_dump_conntrack_table (cth=0x804e148, zero=0, 
family=2) at libnetfilter_conntrack.c:1110
#6  0xb7f86047 in nfct_dump_conntrack_table (cth=0x804e148, family=2) at 
libnetfilter_conntrack.c:1115
#7  0x0804adc3 in main (argc=2, argv=0xbfeb7424) at conntrack.c:882

-- 
Alan Ezust            www.presinet.com
Presinet, inc         alan.ezust@presinet.com
           Victoria, BC, Canada

pgpZjM6cuM6LQ.pgp
Description: PGP signature

<Prev in Thread]	Current Thread	[Next in Thread>
segfault in nfct_conntrack_compare() at libnetfilter_conntrack.c:933, Alan Ezust <=

Previous by Date:	Re: How to measure CPU usage of netfilter, Yakov Lerner
Next by Date:	iptables MAC problem, alok pathak
Previous by Thread:	Where to get SIP conntrack and nat for pre-2.6.18 kernel?, Andrew Kraslavsky
Next by Thread:	iptables MAC problem, alok pathak
Indexes:	[Date] [Thread] [Top] [All Lists]

segfault in nfct_conntrack_compare() at libnetfilter_conntrack.c:933