aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-06-10 16:30:33 -0400
committerDavid S. Miller <davem@davemloft.net>2013-06-10 16:30:33 -0400
commitd88210910a34b3b5da71e13fc53859516104e232 (patch)
treedc8d9bd32c783edcb769de075f2af184409ad6f1
parent40edeff6e1c6f9a6f16536ae3375e3af9d648449 (diff)
parenta8241c63517ec0b900695daa9003cddc41c536a1 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== The following patchset contains four fixes for Netfilter and one fix for IPVS, they are: * Fix data leak to user-space via getsockopt IP_VS_SO_GET_DESTS, from Dan Carpenter. * Fix xt_TCPMSS if no TCP MSS is specified in syn packets, to avoid the violation of RFC879, from Phil Oester. * Fix incomplete dump of objects via nfnetlink_acct and nfnetlink_cttimeout, from myself. * Fix missing HW protocol in packets passed to user-space via NFQUEUE, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c1
-rw-r--r--net/netfilter/nfnetlink_acct.c7
-rw-r--r--net/netfilter/nfnetlink_cttimeout.c7
-rw-r--r--net/netfilter/nfnetlink_queue_core.c6
-rw-r--r--net/netfilter/xt_TCPMSS.c6
5 files changed, 20 insertions, 7 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 5b142fb16480..9e6c2a075a4c 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
2542 struct ip_vs_dest *dest; 2542 struct ip_vs_dest *dest;
2543 struct ip_vs_dest_entry entry; 2543 struct ip_vs_dest_entry entry;
2544 2544
2545 memset(&entry, 0, sizeof(entry));
2545 list_for_each_entry(dest, &svc->destinations, n_list) { 2546 list_for_each_entry(dest, &svc->destinations, n_list) {
2546 if (count >= get->num_dests) 2547 if (count >= get->num_dests)
2547 break; 2548 break;
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index dc3fd5d44464..c7b6d466a662 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -149,9 +149,12 @@ nfnl_acct_dump(struct sk_buff *skb, struct netlink_callback *cb)
149 149
150 rcu_read_lock(); 150 rcu_read_lock();
151 list_for_each_entry_rcu(cur, &nfnl_acct_list, head) { 151 list_for_each_entry_rcu(cur, &nfnl_acct_list, head) {
152 if (last && cur != last) 152 if (last) {
153 continue; 153 if (cur != last)
154 continue;
154 155
156 last = NULL;
157 }
155 if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid, 158 if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid,
156 cb->nlh->nlmsg_seq, 159 cb->nlh->nlmsg_seq,
157 NFNL_MSG_TYPE(cb->nlh->nlmsg_type), 160 NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index 701c88a20fea..65074dfb9383 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -220,9 +220,12 @@ ctnl_timeout_dump(struct sk_buff *skb, struct netlink_callback *cb)
220 220
221 rcu_read_lock(); 221 rcu_read_lock();
222 list_for_each_entry_rcu(cur, &cttimeout_list, head) { 222 list_for_each_entry_rcu(cur, &cttimeout_list, head) {
223 if (last && cur != last) 223 if (last) {
224 continue; 224 if (cur != last)
225 continue;
225 226
227 last = NULL;
228 }
226 if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid, 229 if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid,
227 cb->nlh->nlmsg_seq, 230 cb->nlh->nlmsg_seq,
228 NFNL_MSG_TYPE(cb->nlh->nlmsg_type), 231 NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 4e27fa035814..5352b2d2d5bf 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -637,9 +637,6 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
637 if (queue->copy_mode == NFQNL_COPY_NONE) 637 if (queue->copy_mode == NFQNL_COPY_NONE)
638 return -EINVAL; 638 return -EINVAL;
639 639
640 if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb))
641 return __nfqnl_enqueue_packet(net, queue, entry);
642
643 skb = entry->skb; 640 skb = entry->skb;
644 641
645 switch (entry->pf) { 642 switch (entry->pf) {
@@ -651,6 +648,9 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
651 break; 648 break;
652 } 649 }
653 650
651 if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb))
652 return __nfqnl_enqueue_packet(net, queue, entry);
653
654 nf_bridge_adjust_skb_data(skb); 654 nf_bridge_adjust_skb_data(skb);
655 segs = skb_gso_segment(skb, 0); 655 segs = skb_gso_segment(skb, 0);
656 /* Does not use PTR_ERR to limit the number of error codes that can be 656 /* Does not use PTR_ERR to limit the number of error codes that can be
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index a75240f0d42b..afaebc766933 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -125,6 +125,12 @@ tcpmss_mangle_packet(struct sk_buff *skb,
125 125
126 skb_put(skb, TCPOLEN_MSS); 126 skb_put(skb, TCPOLEN_MSS);
127 127
128 /* RFC 879 states that the default MSS is 536 without specific
129 * knowledge that the destination host is prepared to accept larger.
130 * Since no MSS was provided, we MUST NOT set a value > 536.
131 */
132 newmss = min(newmss, (u16)536);
133
128 opt = (u_int8_t *)tcph + sizeof(struct tcphdr); 134 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
129 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); 135 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
130 136