/* * netsniff-ng - the packet sniffing beast * Copyright 2009, 2010 Daniel Borkmann. * Subject to the GPL, version 2. */ #include #include /* for ntohs() */ #include "proto.h" #include "protos.h" #include "dissector_eth.h" #include "pkt_buff.h" #include "built_in.h" struct arphdr { uint16_t ar_hrd; /* format of hardware address */ uint16_t ar_pro; /* format of protocol address */ uint8_t ar_hln; /* length of hardware address */ uint8_t ar_pln; /* length of protocol address */ uint16_t ar_op; /* ARP opcode (command) */ uint8_t ar_sha[6]; /* sender hardware address */ uint8_t ar_sip[4]; /* sender IP address */ uint8_t ar_tha[6]; /* target hardware address */ uint8_t ar_tip[4]; /* target IP address */ } __packed; #define ARPHRD_ETHER 1 #define ARPHRD_IEEE802 6 #define ARPHRD_ARCNET 7 #define ARPHRD_ATM 16 #define ARPHRD_ATM2 19 #define ARPHRD_SERIAL 20 #define ARPHRD_ATM3 21 #define ARPHRD_IEEE1394 24 #define ARPOP_REQUEST 1 /* ARP request */ #define ARPOP_REPLY 2 /* ARP reply */ #define ARPOP_RREQUEST 3 /* RARP request */ #define ARPOP_RREPLY 4 /* RARP reply */ #define ARPOP_InREQUEST 8 /* InARP request */ #define ARPOP_InREPLY 9 /* InARP reply */ #define ARPOP_NAK 10 /* (ATM)ARP NAK */ static void arp(struct pkt_buff *pkt) { char *hrd; char *pro; char *opcode; struct arphdr *arp = (struct arphdr *) pkt_pull(pkt, sizeof(*arp)); if (arp == NULL) return; switch (ntohs(arp->ar_hrd)) { case ARPHRD_ETHER: hrd = "Ethernet"; break; case ARPHRD_IEEE802: hrd = "IEEE 802"; break; case ARPHRD_ARCNET: hrd = "ARCNET"; break; case ARPHRD_ATM: case ARPHRD_ATM2: case ARPHRD_ATM3: hrd = "ATM"; break; case ARPHRD_SERIAL: hrd = "Serial Line"; break; case ARPHRD_IEEE1394: hrd = "IEEE 1394.1995"; break; default: hrd = "Unknown"; break; } pro = lookup_ether_type(ntohs(arp->ar_pro)); if (pro == NULL) pro = "Unknown"; switch (ntohs(arp->ar_op)) { case ARPOP_REQUEST: opcode = "ARP request"; break; case ARPOP_REPLY: opcode = "ARP reply"; break; case ARPOP_RREQUEST: opcode = "RARP request"; break; case ARPOP_RREPLY: opcode = "RARP reply"; break; case ARPOP_InREQUEST: opcode = "InARP request"; break; case ARPOP_InREPLY: opcode = "InARP reply"; break; case ARPOP_NAK: opcode = "(ATM) ARP NAK"; break; default: opcode = "Unknown"; break; }; tprintf(" [ ARP "); tprintf("Format HA (%u => %s), ", ntohs(arp->ar_hrd), hrd); tprintf("Format Proto (0x%.4x => %s), ", ntohs(arp->ar_pro), pro); tprintf("HA Len (%u), ", arp->ar_hln); tprintf("Proto Len (%u), ", arp->ar_pln); tprintf("Opcode (%u => %s)", ntohs(arp->ar_op), opcode); tprintf(" ]\n"); } static void arp_less(struct pkt_buff *pkt) { char *opcode = NULL; struct arphdr *arp = (struct arphdr *) pkt_pull(pkt, sizeof(*arp)); if (arp == NULL) return; switch (ntohs(arp->ar_op)) { case ARPOP_REQUEST: opcode = "ARP request"; break; case ARPOP_REPLY: opcode = "ARP reply"; break; case ARPOP_RREQUEST: opcode = "RARP request"; break; case ARPOP_RREPLY: opcode = "RARP reply"; break; case ARPOP_InREQUEST: opcode = "InARP request"; break; case ARPOP_InREPLY: opcode = "InARP reply"; break; case ARPOP_NAK: opcode = "(ATM) ARP NAK"; break; default: opcode = "Unknown"; break; }; tprintf(" Op %s", opcode); } struct protocol arp_ops = { .key = 0x0806, .print_full = arp, .print_less = arp_less, }; >space:mode:
authorRobert Shearman <rshearma@brocade.com>2017-01-24 16:26:48 +0000
committerDavid S. Miller <davem@davemloft.net>2017-01-24 16:21:36 -0500
commit85c814016ce3b371016c2c054a905fa2492f5a65 (patch)
treec9c7eb5576834cae05dba40e82ca84a7772b7a51
parent88ff7334f25909802140e690c0e16433e485b0a0 (diff)
lwtunnel: Fix oops on state free after encap module unload
When attempting to free lwtunnel state after the module for the encap has been unloaded an oops occurs: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: lwtstate_free+0x18/0x40 [..] task: ffff88003e372380 task.stack: ffffc900001fc000 RIP: 0010:lwtstate_free+0x18/0x40 RSP: 0018:ffff88003fd83e88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88002bbb3380 RCX: ffff88000c91a300 [..] Call Trace: <IRQ> free_fib_info_rcu+0x195/0x1a0 ? rt_fibinfo_free+0x50/0x50 rcu_process_callbacks+0x2d3/0x850 ? rcu_process_callbacks+0x296/0x850 __do_softirq+0xe4/0x4cb irq_exit+0xb0/0xc0 smp_apic_timer_interrupt+0x3d/0x50 apic_timer_interrupt+0x93/0xa0 [..] Code: e8 6e c6 fc ff 89 d8 5b 5d c3 bb de ff ff ff eb f4 66 90 66 66 66 66 90 55 48 89 e5 53 0f b7 07 48 89 fb 48 8b 04 c5 00 81 d5 81 <48> 8b 40 08 48 85 c0 74 13 ff d0 48 8d 7b 20 be 20 00 00 00 e8 The problem is after the module for the encap can be unloaded the corresponding ops is removed and is thus NULL here. Modules implementing lwtunnel ops should not be allowed to unload while there is state alive using those ops, so grab the module reference for the ops on creating lwtunnel state and of course release the reference when freeing the state. Fixes: 1104d9ba443a ("lwtunnel: Add destroy state operation") Signed-off-by: Robert Shearman <rshearma@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat