| 1 |
Hi, |
| 2 |
|
| 3 |
glibc 2.9 uses a different way to implement getaddrinfo() which |
| 4 |
triggers a race condition in most (if not all) Netfilter |
| 5 |
firewalls that use connection tracking. glibc does nothing wrong |
| 6 |
per se, it just triggers the condition. (technical details here: |
| 7 |
http://marc.info/?l=linux-netdev&m=123304473331445) |
| 8 |
|
| 9 |
Since glibc 2.9 fires off two udp packets (a query for the A |
| 10 |
record and one for the AAAA record), a race condition is |
| 11 |
triggered in Netfilter (see URL). This has been acknowledged by |
| 12 |
several people and I can reproduce it (relatively) reliably in |
| 13 |
our LAN with all Gentoo boxes that have 2.9. |
| 14 |
|
| 15 |
Why am I bringing this up here? Well, I figure that eventually, |
| 16 |
2.9 (or some other version with equivalent code) will become |
| 17 |
stable and we'll get lots of bug reports from people who run into |
| 18 |
this. Since they can not simply backdate to 2.7 for various |
| 19 |
reasons *and* they might be unable to fix a packetfilter (because |
| 20 |
it might not be their own), this might become very ugly. |
| 21 |
|
| 22 |
The Kernel/Netfilter devs (probably) are aware now of the issue |
| 23 |
since I mailed them - but it's not all that easy to fix. On top |
| 24 |
of that, even if it was fixed in (say) 2.6.28.3 and 2.6.29, this |
| 25 |
does not mean that it's deployed out there and it might be very |
| 26 |
hard for our users to get some firewall guy to update their |
| 27 |
kernel when this is perceived as glibc's or our fault (plus the |
| 28 |
widespread "ricer" cliché about Gentoo users; I've gotten an |
| 29 |
idiotic reply to that effect already). |
| 30 |
|
| 31 |
I don't have any experience with glibc upstream but pestering |
| 32 |
them about this out of the blue might only cause a flame war |
| 33 |
between kernel and glibc folks. Thus, I'm asking you, my fellow |
| 34 |
devs (and the glibc and kernel teams specifically), what you |
| 35 |
think is the best idea/course of action. |
| 36 |
|
| 37 |
Regards, |
| 38 |
Tobias |
| 39 |
(Blackb|rd) |
| 40 |
-- |
| 41 |
printk("Cool stuff's happening!\n") |
| 42 |
linux-2.4.3/fs/jffs/intrep.c |
Archives