Hello list,
I don't know if this is a known issue already, but I haven't found any
documentation about it.
Issuing a 'nmap -sT -p 1-50000 127.0.0.1' for a few times on a 2.6.9
Linux kernel can cause the machine to freeze (nmap 3.75 on a 2.6.9
Gentoo box).
The problem seems to deal with the tcp_transmit_skb() function (in the
net/ipv4/tcp_output.c file), which introduces in the latest kernel the
following check:
BUG_ON(!tcp_skb_pcount(skb));
For what I understand, the tcp_skb_pcount() function counts how many TCP
packets are needed to send the buffered data. But sometimes, during a
nmap scan, this function returns zero, and the BUG_ON macro causes the
kernel to panic, as we see in the bug.h file:
#define BUG() do { \
printk("kernel BUG at %s:%d!\n", __FILE__, __LINE__); \
panic("BUG!"); \
} while (0)
...
#define BUG_ON(condition) do { if (unlikely((condition)!=0)) BUG(); }
while(0)
<disclaimer>
I am not a kernel guru, so I might have misinterpreted the issue.
</disclaimer> ;)
Regards
Alberto Revelli
Northern Fortress, Inc.
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Oct 26 2004
Intro
