On 04/07/2012 08:58 AM, Florian Westphal wrote:
Serge, could you try this patch?

diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c
index 46b2831..acb5e8e 100644
--- a/extensions/xt_psd.c
+++ b/extensions/xt_psd.c
@@ -227,7 +227,7 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
  				goto out_match;

  			/* Remember the new port */
-			if (curr->count<  SCAN_MAX_COUNT) {
+			if (curr->count<  ARRAY_SIZE(curr->ports)) {
  				curr->ports[curr->count].number = dest_port;
  				curr->ports[curr->count].proto = proto;
  				curr->ports[curr->count].and_flags = tcp_flags;

The patch is applied. I'll monitor logs for about a week to make sure there are no more panics.

Thank you!
