[PATCH] ipchains bugs in 2.2/2.4/2.5 related to netlink calls

[PATCH] ipchains bugs in 2.2/2.4/2.5 related to netlink calls

[Alexander Atanasov]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 411 bytes --]

	Hi there!

oom-loop fixes error handling after a netlink failure - it does not do a
cleanup and it makes every next call to ip_fw_check to detect a
loop and drop the packet.

nlma fixes a call to netlink_broadcast with GFP_KERNEL ( passed to
skb_clone ) while we are in_interrupt() ( catched by a BUG() in
slab.c:1109 ).


2.4 patches apply to 2.5 too , tested on 2.5.15.

-- 
Best Regards,
Alexander Atanasov

[-- Attachment #2: Type: TEXT/PLAIN, Size: 315 bytes --]

--- net/ipv4/netfilter/ipchains_core.c.orig	Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c	Fri May 24 19:31:24 2002
@@ -723,6 +723,7 @@
 						      src_port, dst_port,
 						      count, tcpsyn)) {
 					ret = FW_BLOCK;
+					cleanup(chain, 0, slot);
 					goto out;
 				}
 				break;

[-- Attachment #3: Type: TEXT/PLAIN, Size: 448 bytes --]

--- net/ipv4/netfilter/ipchains_core.c.orig	Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c	Fri May 24 19:27:34 2002
@@ -549,7 +549,7 @@
 			strcpy(outskb->data+sizeof(__u32)*2, rif);
 			memcpy(outskb->data+sizeof(__u32)*2+IFNAMSIZ, ip,
 			       len-(sizeof(__u32)*2+IFNAMSIZ));
-			netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_KERNEL);
+			netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_ATOMIC);
 		}
 		else {
 #endif

[-- Attachment #4: Type: TEXT/PLAIN, Size: 279 bytes --]

--- net/ipv4/ip_fw.c.orig	Fri May 24 19:33:52 2002
+++ net/ipv4/ip_fw.c	Fri May 24 19:34:18 2002
@@ -747,6 +747,7 @@
 						      src_port, dst_port,
 						      count, tcpsyn)) {
 					ret = FW_BLOCK;
+					cleanup(chain, 0, slot);
 					goto out;
 				}
 				break;

[PATCH] ipchains bugs in 2.2/2.4/2.5 related to netlink calls

[Alexander Atanasov]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 411 bytes --]

	Hi there!

oom-loop fixes error handling after a netlink failure - it does not do a
cleanup and it makes every next call to ip_fw_check to detect a
loop and drop the packet.

nlma fixes a call to netlink_broadcast with GFP_KERNEL ( passed to
skb_clone ) while we are in_interrupt() ( catched by a BUG() in
slab.c:1109 ).


2.4 patches apply to 2.5 too , tested on 2.5.15.

-- 
Best Regards,
Alexander Atanasov

[-- Attachment #2: Type: TEXT/PLAIN, Size: 315 bytes --]

--- net/ipv4/netfilter/ipchains_core.c.orig	Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c	Fri May 24 19:31:24 2002
@@ -723,6 +723,7 @@
 						      src_port, dst_port,
 						      count, tcpsyn)) {
 					ret = FW_BLOCK;
+					cleanup(chain, 0, slot);
 					goto out;
 				}
 				break;

[-- Attachment #3: Type: TEXT/PLAIN, Size: 448 bytes --]

--- net/ipv4/netfilter/ipchains_core.c.orig	Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c	Fri May 24 19:27:34 2002
@@ -549,7 +549,7 @@
 			strcpy(outskb->data+sizeof(__u32)*2, rif);
 			memcpy(outskb->data+sizeof(__u32)*2+IFNAMSIZ, ip,
 			       len-(sizeof(__u32)*2+IFNAMSIZ));
-			netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_KERNEL);
+			netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_ATOMIC);
 		}
 		else {
 #endif

[-- Attachment #4: Type: TEXT/PLAIN, Size: 279 bytes --]

--- net/ipv4/ip_fw.c.orig	Fri May 24 19:33:52 2002
+++ net/ipv4/ip_fw.c	Fri May 24 19:34:18 2002
@@ -747,6 +747,7 @@
 						      src_port, dst_port,
 						      count, tcpsyn)) {
 					ret = FW_BLOCK;
+					cleanup(chain, 0, slot);
 					goto out;
 				}
 				break;