netfilter 00/02: netfilter -stable fixes

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* netfilter 00/02: netfilter -stable fixes
@ 2009-02-12  7:07 Patrick McHardy
  2009-02-12  7:07 ` netfilter 01/02: fix tuple inversion for Node information request Patrick McHardy
  2009-02-12  7:07 ` netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy
  0 siblings, 2 replies; 3+ messages in thread
From: Patrick McHardy @ 2009-02-12  7:07 UTC (permalink / raw)
  To: stable; +Cc: netdev, Patrick McHardy, netfilter-devel, davem

These patches against the last -stable version fix two netfilter bugs:

- IPv6 conntrack incorrectly created inverted tuples for Node
  Information Requests

- the sctp match doesn't work at all when matching on the entire
  chunkmap

Please apply, thanks.


 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |    4 ++--
 net/netfilter/xt_sctp.c                        |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Eric Leblond (1):
      netfilter: fix tuple inversion for Node information request

Qu Haoran (1):
      netfilter: xt_sctp: sctp chunk mapping doesn't work

^ permalink raw reply	[flat|nested] 3+ messages in thread

* netfilter 01/02: fix tuple inversion for Node information request
  2009-02-12  7:07 netfilter 00/02: netfilter -stable fixes Patrick McHardy
@ 2009-02-12  7:07 ` Patrick McHardy
  2009-02-12  7:07 ` netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy
  1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2009-02-12  7:07 UTC (permalink / raw)
  To: stable; +Cc: netdev, Patrick McHardy, netfilter-devel, davem

commit 796b5d184b4df1aae55894bf476959da83e25324
Author: Eric Leblond <eric@inl.fr>
Date:   Thu Feb 12 08:00:35 2009 +0100

    netfilter: fix tuple inversion for Node information request
    
    Upstream commit: a51f42f3c
    
    The patch fixes a typo in the inverse mapping of Node Information
    request. Following draft-ietf-ipngwg-icmp-name-lookups-09, "Querier"
    sends a type 139 (ICMPV6_NI_QUERY) packet to "Responder" which answer
    with a type 140 (ICMPV6_NI_REPLY) packet.
    
    Signed-off-by: Eric Leblond <eric@inl.fr>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 7cd13e5..15caac6 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -49,8 +49,8 @@ static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
 static const u_int8_t invmap[] = {
 	[ICMPV6_ECHO_REQUEST - 128]	= ICMPV6_ECHO_REPLY + 1,
 	[ICMPV6_ECHO_REPLY - 128]	= ICMPV6_ECHO_REQUEST + 1,
-	[ICMPV6_NI_QUERY - 128]		= ICMPV6_NI_QUERY + 1,
-	[ICMPV6_NI_REPLY - 128]		= ICMPV6_NI_REPLY +1
+	[ICMPV6_NI_QUERY - 128]		= ICMPV6_NI_REPLY + 1,
+	[ICMPV6_NI_REPLY - 128]		= ICMPV6_NI_QUERY +1
 };
 
 static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work
  2009-02-12  7:07 netfilter 00/02: netfilter -stable fixes Patrick McHardy
  2009-02-12  7:07 ` netfilter 01/02: fix tuple inversion for Node information request Patrick McHardy
@ 2009-02-12  7:07 ` Patrick McHardy
  1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2009-02-12  7:07 UTC (permalink / raw)
  To: stable; +Cc: netdev, Patrick McHardy, netfilter-devel, davem

commit f3568e644ddf628aab11ce2fc8341e4b12654e0f
Author: Qu Haoran <haoran.qu@6wind.com>
Date:   Thu Feb 12 08:03:46 2009 +0100

    netfilter: xt_sctp: sctp chunk mapping doesn't work
    
    Upstream commit: d4e2675a
    
    When user tries to map all chunks given in argument, kernel
    works on a copy of the chunkmap, but at the end it doesn't
    check the copy, but the orginal one.
    
    Signed-off-by: Qu Haoran <haoran.qu@6wind.com>
    Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index e223cb4..a189ada 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -105,7 +105,7 @@ match_packet(const struct sk_buff *skb,
 
 	switch (chunk_match_type) {
 	case SCTP_CHUNK_MATCH_ALL:
-		return SCTP_CHUNKMAP_IS_CLEAR(info->chunkmap);
+		return SCTP_CHUNKMAP_IS_CLEAR(chunkmapcopy);
 	case SCTP_CHUNK_MATCH_ANY:
 		return false;
 	case SCTP_CHUNK_MATCH_ONLY:

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-02-12  7:07 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-12  7:07 netfilter 00/02: netfilter -stable fixes Patrick McHardy
2009-02-12  7:07 ` netfilter 01/02: fix tuple inversion for Node information request Patrick McHardy
2009-02-12  7:07 ` netfilter 02/02: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).