* [NETFILTER 00/04]: Netfilter -stable fixes
@ 2007-01-10 7:04 Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
Following are a few important netfilter patches for -stable, fixing
- a crash in nf_conntrack_ipv6 when handling fragments
- an incorrect numerical value for the TCP connection tracking
IP_CT_TCP_FLAG_CLOSE_INIT flag, causing various kinds of misbehaviour
- a regression in 2.6.19 when routing REJECT packets in the OUTPUT chain
- userspace compilation of arp_tables
All patches are either already in Linus' tree or queued in Dave's net-2.6 tree.
Please apply, thanks.
include/linux/netfilter/nf_conntrack_tcp.h | 2 +-
include/linux/netfilter_arp/arp_tables.h | 1 +
net/ipv4/netfilter.c | 7 +++++--
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 ++
4 files changed, 9 insertions(+), 3 deletions(-)
Bart De Schuymer:
[NETFILTER]: arp_tables: fix userspace compilation
Patrick McHardy:
[NETFILTER]: Fix routing of REJECT target generated packets in output chain
[NETFILTER]: nf_conntrack_ipv6: fix crash when handling fragments
[NETFILTER]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value
^ permalink raw reply [flat|nested] 5+ messages in thread
* [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: Fix routing of REJECT target generated packets in output chain
Packets generated by the REJECT target in the output chain have a local
destination address and a foreign source address. Make sure not to use
the foreign source address for the output route lookup.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 8d63ea0b410fed5a1d7493fa139592394ad01664
tree 859623f78e85fddaf314ba3d8b6a623fcda8d5bb
parent 1edb5a2de7a29144644794208eb63abbca419430
author Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:39 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:39 +0100
net/ipv4/netfilter.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index e2005c6..0147a18 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -15,16 +15,19 @@ int ip_route_me_harder(struct sk_buff **
struct flowi fl = {};
struct dst_entry *odst;
unsigned int hh_len;
+ unsigned int type;
+ type = inet_addr_type(iph->saddr);
if (addr_type == RTN_UNSPEC)
- addr_type = inet_addr_type(iph->saddr);
+ addr_type = type;
/* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
* packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
*/
if (addr_type == RTN_LOCAL) {
fl.nl_u.ip4_u.daddr = iph->daddr;
- fl.nl_u.ip4_u.saddr = iph->saddr;
+ if (type == RTN_LOCAL)
+ fl.nl_u.ip4_u.saddr = iph->saddr;
fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0;
#ifdef CONFIG_IP_ROUTE_FWMARK
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 04/04]: arp_tables: fix userspace compilation Patrick McHardy
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: nf_conntrack_ipv6: fix crash when handling fragments
When IPv6 connection tracking splits up a defragmented packet into
its original fragments, the packets are taken from a list and are
passed to the network stack with skb->next still set. This causes
dev_hard_start_xmit to treat them as GSO fragments, resulting in
a use after free when connection tracking handles the next fragment.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 19dd639a05e28a91962032bcb820437068023095
tree 163ff8250c4f4143fd6af3c43fe8df77f3970d10
parent 8d63ea0b410fed5a1d7493fa139592394ad01664
author Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:52 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:43:52 +0100
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index bf93c1e..7745caf 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -835,6 +835,8 @@ void nf_ct_frag6_output(unsigned int hoo
s->nfct_reasm = skb;
s2 = s->next;
+ s->next = NULL;
+
NF_HOOK_THRESH(PF_INET6, hooknum, s, in, out, okfn,
NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
s = s2;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 04/04]: arp_tables: fix userspace compilation Patrick McHardy
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value
IP_CT_TCP_FLAG_CLOSE_INIT is a flag and should have a value of 0x4 instead
of 0x3, which is IP_CT_TCP_FLAG_WINDOW_SCALE | IP_CT_TCP_FLAG_SACK_PERM.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit c209c563107b15f3c452266b5c2e5bd0fa75a470
tree 5523490f570660543e8866ab7add54a7694f749d
parent 19dd639a05e28a91962032bcb820437068023095
author Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:44:18 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:44:18 +0100
include/linux/netfilter/nf_conntrack_tcp.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index 6b01ba2..2f4e98b 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -25,7 +25,7 @@ #define IP_CT_TCP_FLAG_WINDOW_SCALE 0x0
#define IP_CT_TCP_FLAG_SACK_PERM 0x02
/* This sender sent FIN first */
-#define IP_CT_TCP_FLAG_CLOSE_INIT 0x03
+#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
#ifdef __KERNEL__
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [NETFILTER 04/04]: arp_tables: fix userspace compilation
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
` (2 preceding siblings ...)
2007-01-10 7:04 ` [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
@ 2007-01-10 7:04 ` Patrick McHardy
3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2007-01-10 7:04 UTC (permalink / raw)
To: stable; +Cc: netfilter-devel, Patrick McHardy, davem
[NETFILTER]: arp_tables: fix userspace compilation
The included patch translates arpt_counters to xt_counters, making
userspace arptables compile against recent kernels.
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 9c6b7b0317c24d820352a7dbb1c3ba1014419df3
tree 55ed35499dc2a34c6201732013f16e9300fbdf4f
parent c209c563107b15f3c452266b5c2e5bd0fa75a470
author Bart De Schuymer <bdschuym@pandora.be> Wed, 10 Jan 2007 05:44:34 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 10 Jan 2007 05:44:34 +0100
include/linux/netfilter_arp/arp_tables.h | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 0be2354..24c8786 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -190,6 +190,7 @@ struct arpt_replace
/* The argument to ARPT_SO_ADD_COUNTERS. */
#define arpt_counters_info xt_counters_info
+#define arpt_counters xt_counters
/* The argument to ARPT_SO_GET_ENTRIES. */
struct arpt_get_entries
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-01-10 7:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-10 7:04 [NETFILTER 00/04]: Netfilter -stable fixes Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 01/04]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 02/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 03/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
2007-01-10 7:04 ` [NETFILTER 04/04]: arp_tables: fix userspace compilation Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).