From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org,
akpm@linux-foundation.org, torvalds@linux-foundation.org,
stable-review@kernel.org
Cc: Patrick McHardy <kaber@trash.net>
Subject: [25/39] ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery
Date: Tue, 05 Jan 2010 12:02:21 -0800 [thread overview]
Message-ID: <20100105200302.217724949@mini.kroah.org> (raw)
In-Reply-To: <20100105195007.GA23952@kroah.com>
2.6.31-stable review patch. If anyone has any objections, please let us know.
------------------
From: Patrick McHardy <kaber@trash.net>
commit 0b5ccb2ee250136dd7385b1c7da28417d0d4d32d upstream.
Currently the same reassembly queue might be used for packets reassembled
by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
as well as local delivery. This can cause "packet jumps" when the fragment
completing a reassembled packet is queued from a different position in the
stack than the previous ones.
Add a "user" identifier to the reassembly queue key to seperate the queues
of each caller, similar to what we do for IPv4.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/net/ipv6.h | 7 +++++++
include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 2 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 13 +++++++++++--
net/ipv6/netfilter/nf_conntrack_reasm.c | 7 ++++---
net/ipv6/reassembly.c | 5 ++++-
5 files changed, 27 insertions(+), 7 deletions(-)
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -354,8 +354,15 @@ static inline int ipv6_prefix_equal(cons
struct inet_frag_queue;
+enum ip6_defrag_users {
+ IP6_DEFRAG_LOCAL_DELIVER,
+ IP6_DEFRAG_CONNTRACK_IN,
+ IP6_DEFRAG_CONNTRACK_OUT,
+};
+
struct ip6_create_arg {
__be32 id;
+ u32 user;
struct in6_addr *src;
struct in6_addr *dst;
};
--- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
@@ -9,7 +9,7 @@ extern struct nf_conntrack_l4proto nf_co
extern int nf_ct_frag6_init(void);
extern void nf_ct_frag6_cleanup(void);
-extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb);
+extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user);
extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
struct net_device *in,
struct net_device *out,
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -183,6 +183,16 @@ out:
return nf_conntrack_confirm(skb);
}
+static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
+ struct sk_buff *skb)
+{
+ if (hooknum == NF_INET_PRE_ROUTING)
+ return IP6_DEFRAG_CONNTRACK_IN;
+ else
+ return IP6_DEFRAG_CONNTRACK_OUT;
+
+}
+
static unsigned int ipv6_defrag(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
@@ -195,8 +205,7 @@ static unsigned int ipv6_defrag(unsigned
if (skb->nfct)
return NF_ACCEPT;
- reasm = nf_ct_frag6_gather(skb);
-
+ reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(hooknum, skb));
/* queued */
if (reasm == NULL)
return NF_STOLEN;
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -170,13 +170,14 @@ out:
/* Creation primitives. */
static __inline__ struct nf_ct_frag6_queue *
-fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst)
+fq_find(__be32 id, u32 user, struct in6_addr *src, struct in6_addr *dst)
{
struct inet_frag_queue *q;
struct ip6_create_arg arg;
unsigned int hash;
arg.id = id;
+ arg.user = user;
arg.src = src;
arg.dst = dst;
@@ -561,7 +562,7 @@ find_prev_fhdr(struct sk_buff *skb, u8 *
return 0;
}
-struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
+struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user)
{
struct sk_buff *clone;
struct net_device *dev = skb->dev;
@@ -607,7 +608,7 @@ struct sk_buff *nf_ct_frag6_gather(struc
if (atomic_read(&nf_init_frags.mem) > nf_init_frags.high_thresh)
nf_ct_frag6_evictor();
- fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr);
+ fq = fq_find(fhdr->identification, user, &hdr->saddr, &hdr->daddr);
if (fq == NULL) {
pr_debug("Can't find and can't create new queue\n");
goto ret_orig;
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -72,6 +72,7 @@ struct frag_queue
struct inet_frag_queue q;
__be32 id; /* fragment id */
+ u32 user;
struct in6_addr saddr;
struct in6_addr daddr;
@@ -141,7 +142,7 @@ int ip6_frag_match(struct inet_frag_queu
struct ip6_create_arg *arg = a;
fq = container_of(q, struct frag_queue, q);
- return (fq->id == arg->id &&
+ return (fq->id == arg->id && fq->user == arg->user &&
ipv6_addr_equal(&fq->saddr, arg->src) &&
ipv6_addr_equal(&fq->daddr, arg->dst));
}
@@ -163,6 +164,7 @@ void ip6_frag_init(struct inet_frag_queu
struct ip6_create_arg *arg = a;
fq->id = arg->id;
+ fq->user = arg->user;
ipv6_addr_copy(&fq->saddr, arg->src);
ipv6_addr_copy(&fq->daddr, arg->dst);
}
@@ -244,6 +246,7 @@ fq_find(struct net *net, __be32 id, stru
unsigned int hash;
arg.id = id;
+ arg.user = IP6_DEFRAG_LOCAL_DELIVER;
arg.src = src;
arg.dst = dst;
next prev parent reply other threads:[~2010-01-05 20:09 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-05 19:50 [00/10] 2.6.27.43 stable review Greg KH
2010-01-05 19:47 ` [01/10] Libertas: fix buffer overflow in lbs_get_essid() Greg KH
2010-01-05 19:47 ` [02/10] pata_cmd64x: fix overclocking of UDMA0-2 modes Greg KH
2010-01-05 19:47 ` [03/10] sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer Greg KH
2010-01-05 19:47 ` [04/10] i2c/tsl2550: Fix lux value in extended mode Greg KH
2010-01-05 19:47 ` [05/10] ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery Greg KH
2010-01-05 19:47 ` [06/10] S390: dasd: support DIAG access for read-only devices Greg KH
2010-01-05 19:47 ` [07/10] x86/ptrace: make genregs[32]_get/set more robust Greg KH
2010-01-05 19:47 ` [08/10] rt2x00: Disable powersaving for rt61pci and rt2800pci Greg KH
2010-01-05 20:58 ` Gertjan van Wingerde
2010-01-05 21:21 ` Greg KH
2010-01-05 19:48 ` [09/10] generic_permission: MAY_OPEN is not write access Greg KH
2010-01-05 19:48 ` [10/10] Revert: KVM: MMU: do not free active mmu pages in free_mmu_pages() Greg KH
2010-01-05 20:01 ` [01/39] acerhdf: limit modalias matching to supported Greg KH
2010-01-05 20:01 ` [02/39] ASoC: Do not write to invalid registers on the wm9712 Greg KH
2010-01-05 20:01 ` [03/39] cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS referrals Greg KH
2010-01-05 20:02 ` [04/39] clockevents: Prevent clockevent_devices list corruption on cpu hotplug Greg KH
2010-01-05 20:02 ` [05/39] dma: at_hdmac: correct incompatible type for argument 1 of spin_lock_bh Greg KH
2010-01-05 20:02 ` [06/39] drivers/net/usb: Correct code taking the size of a pointer Greg KH
2010-01-05 20:02 ` [07/39] iwmc3200wifi: fix array out-of-boundary access Greg KH
2010-01-06 2:52 ` Zhu Yi
2010-01-06 18:01 ` Greg KH
2010-01-06 18:27 ` [stable] " Greg KH
2010-01-05 20:02 ` [08/39] Libertas: fix buffer overflow in lbs_get_essid() Greg KH
2010-01-05 20:02 ` [09/39] md: Fix unfortunate interaction with evms Greg KH
2010-01-05 20:02 ` [10/39] pata_cmd64x: fix overclocking of UDMA0-2 modes Greg KH
2010-01-05 20:02 ` [11/39] pata_hpt3x2n: fix clock turnaround Greg KH
2010-01-05 20:02 ` [12/39] SCSI: fc class: fix fc_transport_init error handling Greg KH
2010-01-05 20:02 ` [13/39] sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer Greg KH
2010-01-05 20:02 ` [14/39] USB: emi62: fix crash when trying to load EMI 6|2 firmware Greg KH
2010-01-05 20:02 ` [15/39] USB: Fix a bug on appledisplay.c regarding signedness Greg KH
2010-01-05 20:02 ` [16/39] USB: musb: gadget_ep0: avoid SetupEnd interrupt Greg KH
2010-01-05 20:02 ` [17/39] USB: option: support hi speed for modem Haier CE100 Greg KH
2010-01-05 20:02 ` [18/39] x86, cpuid: Add "volatile" to asm in native_cpuid() Greg KH
2010-01-05 20:02 ` [19/39] e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation failure Greg KH
2010-03-15 21:29 ` [Stable-review] " Stephen Hemminger
2010-03-15 21:32 ` David Miller
2010-03-15 21:36 ` Stephen Hemminger
2010-03-15 21:39 ` David Miller
2010-03-15 22:20 ` David Miller
2010-03-15 22:25 ` Stephen Hemminger
2010-01-05 20:02 ` [20/39] e100: Fix broken cbs accounting due to missing memset Greg KH
2010-01-05 20:02 ` [21/39] hostap: Revert a toxic part of the conversion to net_device_ops Greg KH
2010-01-05 20:02 ` [22/39] hwmon: (fschmd) Fix check on unsigned in watchdog_write() Greg KH
2010-01-05 20:02 ` [23/39] hwmon: (sht15) Off-by-one error in array index + incorrect constants Greg KH
2010-01-05 20:02 ` [24/39] i2c/tsl2550: Fix lux value in extended mode Greg KH
2010-01-05 20:02 ` Greg KH [this message]
2010-01-05 20:02 ` [26/39] S390: dasd: support DIAG access for read-only devices Greg KH
2010-01-05 20:02 ` [27/39] udf: Try harder when looking for VAT inode Greg KH
2010-01-05 20:02 ` [28/39] V4L/DVB (13596): ov511.c typo: lock => unlock Greg KH
2010-01-05 20:02 ` [29/39] x86/ptrace: make genregs[32]_get/set more robust Greg KH
2010-01-05 20:02 ` [30/39] XFS bug in log recover with quota (bugzilla id 855) Greg KH
2010-01-05 20:02 ` [31/39] generic_permission: MAY_OPEN is not write access Greg KH
2010-01-05 20:02 ` [32/39] rt2x00: Disable powersaving for rt61pci and rt2800pci Greg KH
2010-01-05 20:59 ` Gertjan van Wingerde
2010-01-05 21:21 ` Greg KH
2010-01-05 20:02 ` [33/39] memcg: avoid oom-killing innocent task in case of use_hierarchy Greg KH
2010-01-05 20:02 ` Greg KH
2010-01-05 20:02 ` [34/39] Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P Greg KH
2010-01-05 20:02 ` [35/39] Add unlocked version of inode_add_bytes() function Greg KH
2010-01-05 20:02 ` [36/39] quota: decouple fs reserved space from quota reservation Greg KH
2010-01-05 20:02 ` [37/39] ext4: Convert to generic reserved quotas space management Greg KH
2010-01-05 20:02 ` [38/39] ext4: Fix potential quota deadlock Greg KH
2010-01-05 20:02 ` [39/39] ext4: fix sleep inside spinlock issue with quota and dealloc (#14739) Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100105200302.217724949@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.