* [NETFILTER 00/04]: Netfilter -stable fixes
@ 2007-01-10 7:04 Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
Following are a few important netfilter patches for -stable, fixing
- a crash in nf_conntrack_ipv6 when handling fragments
- an incorrect numerical value for the TCP connection tracking
IP_CT_TCP_FLAG_CLOSE_INIT flag, causing various kinds of misbehaviour
- a regression in 2.6.19 when routing REJECT packets in the OUTPUT chain
- userspace compilation of arp_tables
All patches are either already in Linus' tree or queued in Dave's net-2.6 tree.
Please apply, thanks.
include/linux/netfilter/nf_conntrack_tcp.h | 2 +-
include/linux/netfilter_arp/arp_tables.h | 1 +
net/ipv4/netfilter.c | 7 +++++--
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 ++
4 files changed, 9 insertions(+), 3 deletions(-)
Bart De Schuymer:
[NETFILTER]: arp_tables: fix userspace compilation
Patrick McHardy:
[NETFILTER]: Fix routing of REJECT target generated packets in output chain
[NETFILTER]: nf_conntrack_ipv6: fix crash when handling fragments
[NETFILTER]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value
^ permalink raw reply [flat|nested] 5+ messages in thread
* [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: Fix routing of REJECT target generated packets in output chain
Packets generated by the REJECT target in the output chain have a local
destination address and a foreign source address. Make sure not to use
the foreign source address for the output route lookup.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 8d63ea0b410fed5a1d7493fa139592394ad01664
tree 859623f78e85fddaf314ba3d8b6a623fcda8d5bb
parent 1edb5a2de7a29144644794208eb63abbca419430
author Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:39 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:39 +0100
net/ipv4/netfilter.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index e2005c6..0147a18 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -15,16 +15,19 @@ int ip_route_me_harder(struct sk_buff **
struct flowi fl = {};
struct dst_entry *odst;
unsigned int hh_len;
+ unsigned int type;
+ type = inet_addr_type(iph->saddr);
if (addr_type == RTN_UNSPEC)
- addr_type = inet_addr_type(iph->saddr);
+ addr_type = type;
/* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
* packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
*/
if (addr_type == RTN_LOCAL) {
fl.nl_u.ip4_u.daddr = iph->daddr;
- fl.nl_u.ip4_u.saddr = iph->saddr;
+ if (type == RTN_LOCAL)
+ fl.nl_u.ip4_u.saddr = iph->saddr;
fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0;
#ifdef CONFIG_IP_ROUTE_FWMARK
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 04/04]: arp_tables: fix userspace compilation Patrick McHardy
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: nf_conntrack_ipv6: fix crash when handling fragments
When IPv6 connection tracking splits up a defragmented packet into
its original fragments, the packets are taken from a list and are
passed to the network stack with skb->next still set. This causes
dev_hard_start_xmit to treat them as GSO fragments, resulting in
a use after free when connection tracking handles the next fragment.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 19dd639a05e28a91962032bcb820437068023095
tree 163ff8250c4f4143fd6af3c43fe8df77f3970d10
parent 8d63ea0b410fed5a1d7493fa139592394ad01664
author Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:52 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:52 +0100
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index bf93c1e..7745caf 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -835,6 +835,8 @@ void nf_ct_frag6_output(unsigned int hoo
s->nfct_reasm = skb;
s2 = s->next;
+ s->next = NULL;
+
NF_HOOK_THRESH(PF_INET6, hooknum, s, in, out, okfn,
NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
s = s2;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 04/04]: arp_tables: fix userspace compilation Patrick McHardy
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value
IP_CT_TCP_FLAG_CLOSE_INIT is a flag and should have a value of 0x4 instead
of 0x3, which is IP_CT_TCP_FLAG_WINDOW_SCALE | IP_CT_TCP_FLAG_SACK_PERM.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit c209c563107b15f3c452266b5c2e5bd0fa75a470
tree 5523490f570660543e8866ab7add54a7694f749d
parent 19dd639a05e28a91962032bcb820437068023095
author Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:44:18 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:44:18 +0100
include/linux/netfilter/nf_conntrack_tcp.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index 6b01ba2..2f4e98b 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -25,7 +25,7 @@ #define IP_CT_TCP_FLAG_WINDOW_SCALE 0x0
#define IP_CT_TCP_FLAG_SACK_PERM 0x02
/* This sender sent FIN first */
-#define IP_CT_TCP_FLAG_CLOSE_INIT 0x03
+#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
#ifdef __KERNEL__
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [NETFILTER 04/04]: arp_tables: fix userspace compilation
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
` (2 preceding siblings ...)
2007-01-10 7:04 ` [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: arp_tables: fix userspace compilation
The included patch translates arpt_counters to xt_counters, making
userspace arptables compile against recent kernels.
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 9c6b7b0317c24d820352a7dbb1c3ba1014419df3
tree 55ed35499dc2a34c6201732013f16e9300fbdf4f
parent c209c563107b15f3c452266b5c2e5bd0fa75a470
author Bart De Schuymer <bdschuym@pandora.be> Wed, 10 Jan 2007 05:44:34 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:44:34 +0100
include/linux/netfilter_arp/arp_tables.h | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 0be2354..24c8786 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -190,6 +190,7 @@ struct arpt_replace
/* The argument to ARPT_SO_ADD_COUNTERS. */
#define arpt_counters_info xt_counters_info
+#define arpt_counters xt_counters
/* The argument to ARPT_SO_GET_ENTRIES. */
struct arpt_get_entries
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-01-10 7:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 04/04]: arp_tables: fix userspace compilation Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.