From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org,
akpm@linux-foundation.org, torvalds@linux-foundation.org,
stable-review@kernel.org
Cc: Patrick McHardy <kaber@trash.net>
Subject: [25/39] ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery
Date: Tue, 05 Jan 2010 12:02:21 -0800 [thread overview]
Message-ID: <20100105200302.217724949@mini.kroah.org> (raw)
In-Reply-To: <20100105195007.GA23952@kroah.com>
2.6.31-stable review patch. If anyone has any objections, please let us know.
------------------
From: Patrick McHardy <kaber@trash.net>
commit 0b5ccb2ee250136dd7385b1c7da28417d0d4d32d upstream.
Currently the same reassembly queue might be used for packets reassembled
by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
as well as local delivery. This can cause "packet jumps" when the fragment
completing a reassembled packet is queued from a different position in the
stack than the previous ones.
Add a "user" identifier to the reassembly queue key to seperate the queues
of each caller, similar to what we do for IPv4.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/net/ipv6.h | 7 +++++++
include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 2 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 13 +++++++++++--
net/ipv6/netfilter/nf_conntrack_reasm.c | 7 ++++---
net/ipv6/reassembly.c | 5 ++++-
5 files changed, 27 insertions(+), 7 deletions(-)
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -354,8 +354,15 @@ static inline int ipv6_prefix_equal(cons
struct inet_frag_queue;
+enum ip6_defrag_users {
+ IP6_DEFRAG_LOCAL_DELIVER,
+ IP6_DEFRAG_CONNTRACK_IN,
+ IP6_DEFRAG_CONNTRACK_OUT,
+};
+
struct ip6_create_arg {
__be32 id;
+ u32 user;
struct in6_addr *src;
struct in6_addr *dst;
};
--- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
@@ -9,7 +9,7 @@ extern struct nf_conntrack_l4proto nf_co
extern int nf_ct_frag6_init(void);
extern void nf_ct_frag6_cleanup(void);
-extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb);
+extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user);
extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
struct net_device *in,
struct net_device *out,
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -183,6 +183,16 @@ out:
return nf_conntrack_confirm(skb);
}
+static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
+ struct sk_buff *skb)
+{
+ if (hooknum == NF_INET_PRE_ROUTING)
+ return IP6_DEFRAG_CONNTRACK_IN;
+ else
+ return IP6_DEFRAG_CONNTRACK_OUT;
+
+}
+
static unsigned int ipv6_defrag(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
@@ -195,8 +205,7 @@ static unsigned int ipv6_defrag(unsigned
if (skb->nfct)
return NF_ACCEPT;
- reasm = nf_ct_frag6_gather(skb);
-
+ reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(hooknum, skb));
/* queued */
if (reasm == NULL)
return NF_STOLEN;
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -170,13 +170,14 @@ out:
/* Creation primitives. */
static __inline__ struct nf_ct_frag6_queue *
-fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst)
+fq_find(__be32 id, u32 user, struct in6_addr *src, struct in6_addr *dst)
{
struct inet_frag_queue *q;
struct ip6_create_arg arg;
unsigned int hash;
arg.id = id;
+ arg.user = user;
arg.src = src;
arg.dst = dst;
@@ -561,7 +562,7 @@ find_prev_fhdr(struct sk_buff *skb, u8 *
return 0;
}
-struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
+struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user)
{
struct sk_buff *clone;
struct net_device *dev = skb->dev;
@@ -607,7 +608,7 @@ struct sk_buff *nf_ct_frag6_gather(struc
if (atomic_read(&nf_init_frags.mem) > nf_init_frags.high_thresh)
nf_ct_frag6_evictor();
- fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr);
+ fq = fq_find(fhdr->identification, user, &hdr->saddr, &hdr->daddr);
if (fq == NULL) {
pr_debug("Can't find and can't create new queue\n");
goto ret_orig;
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -72,6 +72,7 @@ struct frag_queue
struct inet_frag_queue q;
__be32 id; /* fragment id */
+ u32 user;
struct in6_addr saddr;
struct in6_addr daddr;
@@ -141,7 +142,7 @@ int ip6_frag_match(struct inet_frag_queu
struct ip6_create_arg *arg = a;
fq = container_of(q, struct frag_queue, q);
- return (fq->id == arg->id &&
+ return (fq->id == arg->id && fq->user == arg->user &&
ipv6_addr_equal(&fq->saddr, arg->src) &&
ipv6_addr_equal(&fq->daddr, arg->dst));
}
@@ -163,6 +164,7 @@ void ip6_frag_init(struct inet_frag_queu
struct ip6_create_arg *arg = a;
fq->id = arg->id;
+ fq->user = arg->user;
ipv6_addr_copy(&fq->saddr, arg->src);
ipv6_addr_copy(&fq->daddr, arg->dst);
}
@@ -244,6 +246,7 @@ fq_find(struct net *net, __be32 id, stru
unsigned int hash;
arg.id = id;
+ arg.user = IP6_DEFRAG_LOCAL_DELIVER;
arg.src = src;
arg.dst = dst;
next prev parent reply other threads:[~2010-01-05 20:09 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-05 19:50 [00/10] 2.6.27.43 stable review Greg KH
2010-01-05 19:47 ` [01/10] Libertas: fix buffer overflow in lbs_get_essid() Greg KH
2010-01-05 19:47 ` [02/10] pata_cmd64x: fix overclocking of UDMA0-2 modes Greg KH
2010-01-05 19:47 ` [03/10] sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer Greg KH
2010-01-05 19:47 ` [04/10] i2c/tsl2550: Fix lux value in extended mode Greg KH
2010-01-05 19:47 ` [05/10] ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery Greg KH
2010-01-05 19:47 ` [06/10] S390: dasd: support DIAG access for read-only devices Greg KH
2010-01-05 19:47 ` [07/10] x86/ptrace: make genregs[32]_get/set more robust Greg KH
2010-01-05 19:47 ` [08/10] rt2x00: Disable powersaving for rt61pci and rt2800pci Greg KH
2010-01-05 20:58 ` Gertjan van Wingerde
2010-01-05 21:21 ` Greg KH
2010-01-05 19:48 ` [09/10] generic_permission: MAY_OPEN is not write access Greg KH
2010-01-05 19:48 ` [10/10] Revert: KVM: MMU: do not free active mmu pages in free_mmu_pages() Greg KH
2010-01-05 20:01 ` [01/39] acerhdf: limit modalias matching to supported Greg KH
2010-01-05 20:01 ` [02/39] ASoC: Do not write to invalid registers on the wm9712 Greg KH
2010-01-05 20:01 ` [03/39] cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS referrals Greg KH
2010-01-05 20:02 ` [04/39] clockevents: Prevent clockevent_devices list corruption on cpu hotplug Greg KH
2010-01-05 20:02 ` [05/39] dma: at_hdmac: correct incompatible type for argument 1 of spin_lock_bh Greg KH
2010-01-05 20:02 ` [06/39] drivers/net/usb: Correct code taking the size of a pointer Greg KH
2010-01-05 20:02 ` [07/39] iwmc3200wifi: fix array out-of-boundary access Greg KH
2010-01-06 2:52 ` Zhu Yi
2010-01-06 18:01 ` Greg KH
2010-01-06 18:27 ` [stable] " Greg KH
2010-01-05 20:02 ` [08/39] Libertas: fix buffer overflow in lbs_get_essid() Greg KH
2010-01-05 20:02 ` [09/39] md: Fix unfortunate interaction with evms Greg KH
2010-01-05 20:02 ` [10/39] pata_cmd64x: fix overclocking of UDMA0-2 modes Greg KH
2010-01-05 20:02 ` [11/39] pata_hpt3x2n: fix clock turnaround Greg KH
2010-01-05 20:02 ` [12/39] SCSI: fc class: fix fc_transport_init error handling Greg KH
2010-01-05 20:02 ` [13/39] sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer Greg KH
2010-01-05 20:02 ` [14/39] USB: emi62: fix crash when trying to load EMI 6|2 firmware Greg KH
2010-01-05 20:02 ` [15/39] USB: Fix a bug on appledisplay.c regarding signedness Greg KH
2010-01-05 20:02 ` [16/39] USB: musb: gadget_ep0: avoid SetupEnd interrupt Greg KH
2010-01-05 20:02 ` [17/39] USB: option: support hi speed for modem Haier CE100 Greg KH
2010-01-05 20:02 ` [18/39] x86, cpuid: Add "volatile" to asm in native_cpuid() Greg KH
2010-01-05 20:02 ` [19/39] e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation failure Greg KH
2010-03-15 21:29 ` [Stable-review] " Stephen Hemminger
2010-03-15 21:32 ` David Miller
2010-03-15 21:36 ` Stephen Hemminger
2010-03-15 21:39 ` David Miller
2010-03-15 22:20 ` David Miller
2010-03-15 22:25 ` Stephen Hemminger
2010-01-05 20:02 ` [20/39] e100: Fix broken cbs accounting due to missing memset Greg KH
2010-01-05 20:02 ` [21/39] hostap: Revert a toxic part of the conversion to net_device_ops Greg KH
2010-01-05 20:02 ` [22/39] hwmon: (fschmd) Fix check on unsigned in watchdog_write() Greg KH
2010-01-05 20:02 ` [23/39] hwmon: (sht15) Off-by-one error in array index + incorrect constants Greg KH
2010-01-05 20:02 ` [24/39] i2c/tsl2550: Fix lux value in extended mode Greg KH
2010-01-05 20:02 ` Greg KH [this message]
2010-01-05 20:02 ` [26/39] S390: dasd: support DIAG access for read-only devices Greg KH
2010-01-05 20:02 ` [27/39] udf: Try harder when looking for VAT inode Greg KH
2010-01-05 20:02 ` [28/39] V4L/DVB (13596): ov511.c typo: lock => unlock Greg KH
2010-01-05 20:02 ` [29/39] x86/ptrace: make genregs[32]_get/set more robust Greg KH
2010-01-05 20:02 ` [30/39] XFS bug in log recover with quota (bugzilla id 855) Greg KH
2010-01-05 20:02 ` [31/39] generic_permission: MAY_OPEN is not write access Greg KH
2010-01-05 20:02 ` [32/39] rt2x00: Disable powersaving for rt61pci and rt2800pci Greg KH
2010-01-05 20:59 ` Gertjan van Wingerde
2010-01-05 21:21 ` Greg KH
2010-01-05 20:02 ` [33/39] memcg: avoid oom-killing innocent task in case of use_hierarchy Greg KH
2010-01-05 20:02 ` [34/39] Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P Greg KH
2010-01-05 20:02 ` [35/39] Add unlocked version of inode_add_bytes() function Greg KH
2010-01-05 20:02 ` [36/39] quota: decouple fs reserved space from quota reservation Greg KH
2010-01-05 20:02 ` [37/39] ext4: Convert to generic reserved quotas space management Greg KH
2010-01-05 20:02 ` [38/39] ext4: Fix potential quota deadlock Greg KH
2010-01-05 20:02 ` [39/39] ext4: fix sleep inside spinlock issue with quota and dealloc (#14739) Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100105200302.217724949@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox