* [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
@ 2016-10-11 13:03 Liping Zhang
2016-10-11 21:06 ` Justin Piszcz
2016-10-29 19:04 ` Chris Caputo
0 siblings, 2 replies; 8+ messages in thread
From: Liping Zhang @ 2016-10-11 13:03 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, jpiszcz, ccaputo, vpai, Liping Zhang
From: Liping Zhang <liping.zhang@spreadtrum.com>
Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".
Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Reported-by: Chris Caputo <ccaputo@alt.net>
Tested-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
net/netfilter/xt_NFLOG.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 018eed7..8668a5c 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
li.u.ulog.copy_len = info->len;
li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold;
+ li.u.ulog.flags = 0;
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
--
2.5.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
@ 2016-10-11 14:26 Liping Zhang
2016-10-17 15:31 ` Pablo Neira Ayuso
0 siblings, 1 reply; 8+ messages in thread
From: Liping Zhang @ 2016-10-11 14:26 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, Liping Zhang
From: Liping Zhang <liping.zhang@spreadtrum.com>
Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".
Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Reported-by: Chris Caputo <ccaputo@alt.net>
Tested-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
Sorry to redeliver this patch, my mail server told me that it failed.
net/netfilter/xt_NFLOG.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 018eed7..8668a5c 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
li.u.ulog.copy_len = info->len;
li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold;
+ li.u.ulog.flags = 0;
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
--
2.5.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* RE: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-11 13:03 [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet Liping Zhang
@ 2016-10-11 21:06 ` Justin Piszcz
2016-10-29 19:04 ` Chris Caputo
1 sibling, 0 replies; 8+ messages in thread
From: Justin Piszcz @ 2016-10-11 21:06 UTC (permalink / raw)
To: 'Liping Zhang', pablo
Cc: netfilter-devel, ccaputo, vpai, 'Liping Zhang'
> -----Original Message-----
> From: Liping Zhang [mailto:zlpnobody@163.com]
> Sent: Tuesday, October 11, 2016 9:04 AM
> To: pablo@netfilter.org
> Cc: netfilter-devel@vger.kernel.org; jpiszcz@lucidpixels.com;
> ccaputo@alt.net; vpai@akamai.com; Liping Zhang
> Subject: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
>
> From: Liping Zhang <liping.zhang@spreadtrum.com>
>
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
>
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.
>
> Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate
> packets")
> Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
> Reported-by: Chris Caputo <ccaputo@alt.net>
> Tested-by: Chris Caputo <ccaputo@alt.net>
> Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
> ---
> net/netfilter/xt_NFLOG.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
> index 018eed7..8668a5c 100644
> --- a/net/netfilter/xt_NFLOG.c
> +++ b/net/netfilter/xt_NFLOG.c
> @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct
> xt_action_param *par)
> li.u.ulog.copy_len = info->len;
> li.u.ulog.group = info->group;
> li.u.ulog.qthreshold = info->threshold;
> + li.u.ulog.flags = 0;
>
> if (info->flags & XT_NFLOG_F_COPY_LEN)
> li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
> --
> 2.5.5
>
Hello,
Applied patch against 4.8.1-- good here as well!
Thanks,
Justin.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-11 14:26 Liping Zhang
@ 2016-10-17 15:31 ` Pablo Neira Ayuso
0 siblings, 0 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2016-10-17 15:31 UTC (permalink / raw)
To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang
On Tue, Oct 11, 2016 at 10:26:27PM +0800, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@spreadtrum.com>
>
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
>
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.
Applied and enqueued for -stable, thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-11 13:03 [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet Liping Zhang
2016-10-11 21:06 ` Justin Piszcz
@ 2016-10-29 19:04 ` Chris Caputo
2016-10-30 3:04 ` Liping Zhang
1 sibling, 1 reply; 8+ messages in thread
From: Chris Caputo @ 2016-10-29 19:04 UTC (permalink / raw)
To: pablo, Liping Zhang; +Cc: netfilter-devel, jpiszcz, vpai, Liping Zhang
Pablo,
Can we get this patch approved? It is definitely needed for the 4.8.x
tree and 4.9-rcX and mainline.
Thanks,
Chris
On Tue, 11 Oct 2016, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@spreadtrum.com>
>
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
>
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.
>
> Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
> Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
> Reported-by: Chris Caputo <ccaputo@alt.net>
> Tested-by: Chris Caputo <ccaputo@alt.net>
> Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
> ---
> net/netfilter/xt_NFLOG.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
> index 018eed7..8668a5c 100644
> --- a/net/netfilter/xt_NFLOG.c
> +++ b/net/netfilter/xt_NFLOG.c
> @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
> li.u.ulog.copy_len = info->len;
> li.u.ulog.group = info->group;
> li.u.ulog.qthreshold = info->threshold;
> + li.u.ulog.flags = 0;
>
> if (info->flags & XT_NFLOG_F_COPY_LEN)
> li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
> --
> 2.5.5
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-29 19:04 ` Chris Caputo
@ 2016-10-30 3:04 ` Liping Zhang
2016-10-30 3:20 ` Chris Caputo
0 siblings, 1 reply; 8+ messages in thread
From: Liping Zhang @ 2016-10-30 3:04 UTC (permalink / raw)
To: Chris Caputo
Cc: Pablo Neira Ayuso, Liping Zhang, Netfilter Developer Mailing List,
Justin Piszcz, Vishwanath Pai, Liping Zhang
2016-10-30 3:04 GMT+08:00 Chris Caputo <ccaputo@alt.net>:
> Pablo,
>
> Can we get this patch approved? It is definitely needed for the 4.8.x
> tree and 4.9-rcX and mainline.
>
> Thanks,
> Chris
>
Hi,
This patch was already applied, and was upstream to net.git:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888
I think you will see this patch in mainline soon.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-30 3:04 ` Liping Zhang
@ 2016-10-30 3:20 ` Chris Caputo
2016-11-09 8:32 ` Greg Kroah-Hartman
0 siblings, 1 reply; 8+ messages in thread
From: Chris Caputo @ 2016-10-30 3:20 UTC (permalink / raw)
To: Liping Zhang, Greg Kroah-Hartman
Cc: Pablo Neira Ayuso, Liping Zhang, Netfilter Developer Mailing List,
Justin Piszcz, Vishwanath Pai, Liping Zhang
On Sun, 30 Oct 2016, Liping Zhang wrote:
> 2016-10-30 3:04 GMT+08:00 Chris Caputo <ccaputo@alt.net>:
> > Can we get this patch approved? It is definitely needed for the 4.8.x
> > tree and 4.9-rcX and mainline.
>
> This patch was already applied, and was upstream to net.git:
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888
>
> I think you will see this patch in mainline soon.
Greg, any chance this could be picked up for 4.8.6? (apologies if I am
out of line)
Thanks,
Chris
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-30 3:20 ` Chris Caputo
@ 2016-11-09 8:32 ` Greg Kroah-Hartman
0 siblings, 0 replies; 8+ messages in thread
From: Greg Kroah-Hartman @ 2016-11-09 8:32 UTC (permalink / raw)
To: Chris Caputo
Cc: Liping Zhang, Pablo Neira Ayuso, Liping Zhang,
Netfilter Developer Mailing List, Justin Piszcz, Vishwanath Pai,
Liping Zhang
On Sun, Oct 30, 2016 at 03:20:25AM +0000, Chris Caputo wrote:
> On Sun, 30 Oct 2016, Liping Zhang wrote:
> > 2016-10-30 3:04 GMT+08:00 Chris Caputo <ccaputo@alt.net>:
> > > Can we get this patch approved? It is definitely needed for the 4.8.x
> > > tree and 4.9-rcX and mainline.
> >
> > This patch was already applied, and was upstream to net.git:
> > https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888
> >
> > I think you will see this patch in mainline soon.
>
> Greg, any chance this could be picked up for 4.8.6? (apologies if I am
> out of line)
Looks good, now queued up.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-11-09 8:32 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-11 13:03 [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet Liping Zhang
2016-10-11 21:06 ` Justin Piszcz
2016-10-29 19:04 ` Chris Caputo
2016-10-30 3:04 ` Liping Zhang
2016-10-30 3:20 ` Chris Caputo
2016-11-09 8:32 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2016-10-11 14:26 Liping Zhang
2016-10-17 15:31 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).