diff options
author | David S. Miller <davem@davemloft.net> | 2013-06-10 16:30:33 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-06-10 16:30:33 -0400 |
commit | d88210910a34b3b5da71e13fc53859516104e232 (patch) | |
tree | dc8d9bd32c783edcb769de075f2af184409ad6f1 | |
parent | 40edeff6e1c6f9a6f16536ae3375e3af9d648449 (diff) | |
parent | a8241c63517ec0b900695daa9003cddc41c536a1 (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
The following patchset contains four fixes for Netfilter and one fix
for IPVS, they are:
* Fix data leak to user-space via getsockopt IP_VS_SO_GET_DESTS, from
Dan Carpenter.
* Fix xt_TCPMSS if no TCP MSS is specified in syn packets, to avoid the
violation of RFC879, from Phil Oester.
* Fix incomplete dump of objects via nfnetlink_acct and nfnetlink_cttimeout,
from myself.
* Fix missing HW protocol in packets passed to user-space via NFQUEUE,
from myself.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 1 | ||||
-rw-r--r-- | net/netfilter/nfnetlink_acct.c | 7 | ||||
-rw-r--r-- | net/netfilter/nfnetlink_cttimeout.c | 7 | ||||
-rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 6 | ||||
-rw-r--r-- | net/netfilter/xt_TCPMSS.c | 6 |
5 files changed, 20 insertions, 7 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 5b142fb16480..9e6c2a075a4c 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
@@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, | |||
2542 | struct ip_vs_dest *dest; | 2542 | struct ip_vs_dest *dest; |
2543 | struct ip_vs_dest_entry entry; | 2543 | struct ip_vs_dest_entry entry; |
2544 | 2544 | ||
2545 | memset(&entry, 0, sizeof(entry)); | ||
2545 | list_for_each_entry(dest, &svc->destinations, n_list) { | 2546 | list_for_each_entry(dest, &svc->destinations, n_list) { |
2546 | if (count >= get->num_dests) | 2547 | if (count >= get->num_dests) |
2547 | break; | 2548 | break; |
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index dc3fd5d44464..c7b6d466a662 100644 --- a/net/netfilter/nfnetlink_acct.c +++ b/net/netfilter/nfnetlink_acct.c | |||
@@ -149,9 +149,12 @@ nfnl_acct_dump(struct sk_buff *skb, struct netlink_callback *cb) | |||
149 | 149 | ||
150 | rcu_read_lock(); | 150 | rcu_read_lock(); |
151 | list_for_each_entry_rcu(cur, &nfnl_acct_list, head) { | 151 | list_for_each_entry_rcu(cur, &nfnl_acct_list, head) { |
152 | if (last && cur != last) | 152 | if (last) { |
153 | continue; | 153 | if (cur != last) |
154 | continue; | ||
154 | 155 | ||
156 | last = NULL; | ||
157 | } | ||
155 | if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid, | 158 | if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid, |
156 | cb->nlh->nlmsg_seq, | 159 | cb->nlh->nlmsg_seq, |
157 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), | 160 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), |
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c index 701c88a20fea..65074dfb9383 100644 --- a/net/netfilter/nfnetlink_cttimeout.c +++ b/net/netfilter/nfnetlink_cttimeout.c | |||
@@ -220,9 +220,12 @@ ctnl_timeout_dump(struct sk_buff *skb, struct netlink_callback *cb) | |||
220 | 220 | ||
221 | rcu_read_lock(); | 221 | rcu_read_lock(); |
222 | list_for_each_entry_rcu(cur, &cttimeout_list, head) { | 222 | list_for_each_entry_rcu(cur, &cttimeout_list, head) { |
223 | if (last && cur != last) | 223 | if (last) { |
224 | continue; | 224 | if (cur != last) |
225 | continue; | ||
225 | 226 | ||
227 | last = NULL; | ||
228 | } | ||
226 | if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid, | 229 | if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid, |
227 | cb->nlh->nlmsg_seq, | 230 | cb->nlh->nlmsg_seq, |
228 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), | 231 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), |
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index 4e27fa035814..5352b2d2d5bf 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c | |||
@@ -637,9 +637,6 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) | |||
637 | if (queue->copy_mode == NFQNL_COPY_NONE) | 637 | if (queue->copy_mode == NFQNL_COPY_NONE) |
638 | return -EINVAL; | 638 | return -EINVAL; |
639 | 639 | ||
640 | if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb)) | ||
641 | return __nfqnl_enqueue_packet(net, queue, entry); | ||
642 | |||
643 | skb = entry->skb; | 640 | skb = entry->skb; |
644 | 641 | ||
645 | switch (entry->pf) { | 642 | switch (entry->pf) { |
@@ -651,6 +648,9 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) | |||
651 | break; | 648 | break; |
652 | } | 649 | } |
653 | 650 | ||
651 | if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb)) | ||
652 | return __nfqnl_enqueue_packet(net, queue, entry); | ||
653 | |||
654 | nf_bridge_adjust_skb_data(skb); | 654 | nf_bridge_adjust_skb_data(skb); |
655 | segs = skb_gso_segment(skb, 0); | 655 | segs = skb_gso_segment(skb, 0); |
656 | /* Does not use PTR_ERR to limit the number of error codes that can be | 656 | /* Does not use PTR_ERR to limit the number of error codes that can be |
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index a75240f0d42b..afaebc766933 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
@@ -125,6 +125,12 @@ tcpmss_mangle_packet(struct sk_buff *skb, | |||
125 | 125 | ||
126 | skb_put(skb, TCPOLEN_MSS); | 126 | skb_put(skb, TCPOLEN_MSS); |
127 | 127 | ||
128 | /* RFC 879 states that the default MSS is 536 without specific | ||
129 | * knowledge that the destination host is prepared to accept larger. | ||
130 | * Since no MSS was provided, we MUST NOT set a value > 536. | ||
131 | */ | ||
132 | newmss = min(newmss, (u16)536); | ||
133 | |||
128 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); | 134 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); |
129 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); | 135 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); |
130 | 136 | ||