netfilter 00/02: netfilter -stable fixes

All of lore.kernel.org
 help / color / mirror / Atom feed

* netfilter 00/02: netfilter -stable fixes
@ 2009-02-12  7:07 Patrick McHardy
  2009-02-12  7:07 ` netfilter 01/02: fix tuple inversion for Node information request Patrick McHardy
  2009-02-12  7:07 ` netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy
  0 siblings, 2 replies; 3+ messages in thread
From: Patrick McHardy @ 2009-02-12  7:07 UTC (permalink / raw)
  To: stable; +Cc: netdev, Patrick McHardy, netfilter-devel, davem

These patches against the last -stable version fix two netfilter bugs:

- IPv6 conntrack incorrectly created inverted tuples for Node
  Information Requests

- the sctp match doesn't work at all when matching on the entire
  chunkmap

Please apply, thanks.


 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |    4 ++--
 net/netfilter/xt_sctp.c                        |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Eric Leblond (1):
      netfilter: fix tuple inversion for Node information request

Qu Haoran (1):
      netfilter: xt_sctp: sctp chunk mapping doesn't work

^ permalink raw reply	[flat|nested] 3+ messages in thread

* netfilter 01/02: fix tuple inversion for Node information request
  2009-02-12  7:07 netfilter 00/02: netfilter -stable fixes Patrick McHardy
@ 2009-02-12  7:07 ` Patrick McHardy
  2009-02-12  7:07 ` netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy
  1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2009-02-12  7:07 UTC (permalink / raw)
  To: stable; +Cc: netdev, Patrick McHardy, netfilter-devel, davem

commit 796b5d184b4df1aae55894bf476959da83e25324
Author: Eric Leblond <eric@inl.fr>
Date:   Thu Feb 12 08:00:35 2009 +0100

    netfilter: fix tuple inversion for Node information request
    
    Upstream commit: a51f42f3c
    
    The patch fixes a typo in the inverse mapping of Node Information
    request. Following draft-ietf-ipngwg-icmp-name-lookups-09, "Querier"
    sends a type 139 (ICMPV6_NI_QUERY) packet to "Responder" which answer
    with a type 140 (ICMPV6_NI_REPLY) packet.
    
    Signed-off-by: Eric Leblond <eric@inl.fr>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 7cd13e5..15caac6 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -49,8 +49,8 @@ static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
 static const u_int8_t invmap[] = {
 	[ICMPV6_ECHO_REQUEST - 128]	= ICMPV6_ECHO_REPLY + 1,
 	[ICMPV6_ECHO_REPLY - 128]	= ICMPV6_ECHO_REQUEST + 1,
-	[ICMPV6_NI_QUERY - 128]		= ICMPV6_NI_QUERY + 1,
-	[ICMPV6_NI_REPLY - 128]		= ICMPV6_NI_REPLY +1
+	[ICMPV6_NI_QUERY - 128]		= ICMPV6_NI_REPLY + 1,
+	[ICMPV6_NI_REPLY - 128]		= ICMPV6_NI_QUERY +1
 };
 
 static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work
  2009-02-12  7:07 netfilter 00/02: netfilter -stable fixes Patrick McHardy
  2009-02-12  7:07 ` netfilter 01/02: fix tuple inversion for Node information request Patrick McHardy
@ 2009-02-12  7:07 ` Patrick McHardy
  1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2009-02-12  7:07 UTC (permalink / raw)
  To: stable; +Cc: netdev, Patrick McHardy, netfilter-devel, davem

commit f3568e644ddf628aab11ce2fc8341e4b12654e0f
Author: Qu Haoran <haoran.qu@6wind.com>
Date:   Thu Feb 12 08:03:46 2009 +0100

    netfilter: xt_sctp: sctp chunk mapping doesn't work
    
    Upstream commit: d4e2675a
    
    When user tries to map all chunks given in argument, kernel
    works on a copy of the chunkmap, but at the end it doesn't
    check the copy, but the orginal one.
    
    Signed-off-by: Qu Haoran <haoran.qu@6wind.com>
    Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index e223cb4..a189ada 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -105,7 +105,7 @@ match_packet(const struct sk_buff *skb,
 
 	switch (chunk_match_type) {
 	case SCTP_CHUNK_MATCH_ALL:
-		return SCTP_CHUNKMAP_IS_CLEAR(info->chunkmap);
+		return SCTP_CHUNKMAP_IS_CLEAR(chunkmapcopy);
 	case SCTP_CHUNK_MATCH_ANY:
 		return false;
 	case SCTP_CHUNK_MATCH_ONLY:

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-02-12  7:07 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-12  7:07 netfilter 00/02: netfilter -stable fixes Patrick McHardy
2009-02-12  7:07 ` netfilter 01/02: fix tuple inversion for Node information request Patrick McHardy
2009-02-12  7:07 ` netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.