diff options
| author | Linus Torvalds <torvalds@woody.osdl.org> | 2006-11-29 00:28:14 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.osdl.org> | 2006-11-29 00:28:14 -0500 |
| commit | 1275361c407d17d56717cd706785a31c2353d696 (patch) | |
| tree | 8bb04a9fe67f844e84691e53829813ca65b981b4 | |
| parent | 4f404caf6791227754d67679d0b2350afc1ad522 (diff) | |
| parent | e81c73596704793e73e6dbb478f41686f15a4b34 (diff) | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Fix MAX_HEADER setting.
[NETFILTER]: ipt_REJECT: fix memory corruption
[NETFILTER]: conntrack: fix refcount leak when finding expectation
[NETFILTER]: ctnetlink: fix reference count leak
[NETFILTER]: nf_conntrack: fix the race on assign helper to new conntrack
[NETFILTER]: nfctnetlink: assign helper to newly created conntrack
| -rw-r--r-- | include/linux/netdevice.h | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_REJECT.c | 16 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 19 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 9 |
6 files changed, 35 insertions, 22 deletions
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 9264139bd8df..83b8c4f1d69d 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h | |||
| @@ -93,8 +93,10 @@ struct netpoll_info; | |||
| 93 | #endif | 93 | #endif |
| 94 | #endif | 94 | #endif |
| 95 | 95 | ||
| 96 | #if !defined(CONFIG_NET_IPIP) && \ | 96 | #if !defined(CONFIG_NET_IPIP) && !defined(CONFIG_NET_IPIP_MODULE) && \ |
| 97 | !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE) | 97 | !defined(CONFIG_NET_IPGRE) && !defined(CONFIG_NET_IPGRE_MODULE) && \ |
| 98 | !defined(CONFIG_IPV6_SIT) && !defined(CONFIG_IPV6_SIT_MODULE) && \ | ||
| 99 | !defined(CONFIG_IPV6_TUNNEL) && !defined(CONFIG_IPV6_TUNNEL_MODULE) | ||
| 98 | #define MAX_HEADER LL_MAX_HEADER | 100 | #define MAX_HEADER LL_MAX_HEADER |
| 99 | #else | 101 | #else |
| 100 | #define MAX_HEADER (LL_MAX_HEADER + 48) | 102 | #define MAX_HEADER (LL_MAX_HEADER + 48) |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 143c4668538b..8b848aa77bfc 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
| @@ -225,10 +225,8 @@ __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple) | |||
| 225 | struct ip_conntrack_expect *i; | 225 | struct ip_conntrack_expect *i; |
| 226 | 226 | ||
| 227 | list_for_each_entry(i, &ip_conntrack_expect_list, list) { | 227 | list_for_each_entry(i, &ip_conntrack_expect_list, list) { |
| 228 | if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) { | 228 | if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) |
| 229 | atomic_inc(&i->use); | ||
| 230 | return i; | 229 | return i; |
| 231 | } | ||
| 232 | } | 230 | } |
| 233 | return NULL; | 231 | return NULL; |
| 234 | } | 232 | } |
| @@ -241,6 +239,8 @@ ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple) | |||
| 241 | 239 | ||
| 242 | read_lock_bh(&ip_conntrack_lock); | 240 | read_lock_bh(&ip_conntrack_lock); |
| 243 | i = __ip_conntrack_expect_find(tuple); | 241 | i = __ip_conntrack_expect_find(tuple); |
| 242 | if (i) | ||
| 243 | atomic_inc(&i->use); | ||
| 244 | read_unlock_bh(&ip_conntrack_lock); | 244 | read_unlock_bh(&ip_conntrack_lock); |
| 245 | 245 | ||
| 246 | return i; | 246 | return i; |
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 262d0d44ec1b..55f0ae641081 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
| @@ -153,6 +153,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct) | |||
| 153 | return ret; | 153 | return ret; |
| 154 | 154 | ||
| 155 | nfattr_failure: | 155 | nfattr_failure: |
| 156 | ip_conntrack_proto_put(proto); | ||
| 156 | return -1; | 157 | return -1; |
| 157 | } | 158 | } |
| 158 | 159 | ||
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index ad0312d0e4fd..264763adc39b 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
| @@ -114,6 +114,14 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
| 114 | tcph->window = 0; | 114 | tcph->window = 0; |
| 115 | tcph->urg_ptr = 0; | 115 | tcph->urg_ptr = 0; |
| 116 | 116 | ||
| 117 | /* Adjust TCP checksum */ | ||
| 118 | tcph->check = 0; | ||
| 119 | tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr), | ||
| 120 | nskb->nh.iph->saddr, | ||
| 121 | nskb->nh.iph->daddr, | ||
| 122 | csum_partial((char *)tcph, | ||
| 123 | sizeof(struct tcphdr), 0)); | ||
| 124 | |||
| 117 | /* Set DF, id = 0 */ | 125 | /* Set DF, id = 0 */ |
| 118 | nskb->nh.iph->frag_off = htons(IP_DF); | 126 | nskb->nh.iph->frag_off = htons(IP_DF); |
| 119 | nskb->nh.iph->id = 0; | 127 | nskb->nh.iph->id = 0; |
| @@ -129,14 +137,8 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
| 129 | if (ip_route_me_harder(&nskb, addr_type)) | 137 | if (ip_route_me_harder(&nskb, addr_type)) |
| 130 | goto free_nskb; | 138 | goto free_nskb; |
| 131 | 139 | ||
| 132 | /* Adjust TCP checksum */ | ||
| 133 | nskb->ip_summed = CHECKSUM_NONE; | 140 | nskb->ip_summed = CHECKSUM_NONE; |
| 134 | tcph->check = 0; | 141 | |
| 135 | tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr), | ||
| 136 | nskb->nh.iph->saddr, | ||
| 137 | nskb->nh.iph->daddr, | ||
| 138 | csum_partial((char *)tcph, | ||
| 139 | sizeof(struct tcphdr), 0)); | ||
| 140 | /* Adjust IP TTL */ | 142 | /* Adjust IP TTL */ |
| 141 | nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT); | 143 | nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT); |
| 142 | 144 | ||
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 836541e509fe..de0567b1f422 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -469,10 +469,8 @@ __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple) | |||
| 469 | struct nf_conntrack_expect *i; | 469 | struct nf_conntrack_expect *i; |
| 470 | 470 | ||
| 471 | list_for_each_entry(i, &nf_conntrack_expect_list, list) { | 471 | list_for_each_entry(i, &nf_conntrack_expect_list, list) { |
| 472 | if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) { | 472 | if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) |
| 473 | atomic_inc(&i->use); | ||
| 474 | return i; | 473 | return i; |
| 475 | } | ||
| 476 | } | 474 | } |
| 477 | return NULL; | 475 | return NULL; |
| 478 | } | 476 | } |
| @@ -485,6 +483,8 @@ nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple) | |||
| 485 | 483 | ||
| 486 | read_lock_bh(&nf_conntrack_lock); | 484 | read_lock_bh(&nf_conntrack_lock); |
| 487 | i = __nf_conntrack_expect_find(tuple); | 485 | i = __nf_conntrack_expect_find(tuple); |
| 486 | if (i) | ||
| 487 | atomic_inc(&i->use); | ||
| 488 | read_unlock_bh(&nf_conntrack_lock); | 488 | read_unlock_bh(&nf_conntrack_lock); |
| 489 | 489 | ||
| 490 | return i; | 490 | return i; |
| @@ -893,12 +893,6 @@ __nf_conntrack_alloc(const struct nf_conntrack_tuple *orig, | |||
| 893 | 893 | ||
| 894 | memset(conntrack, 0, nf_ct_cache[features].size); | 894 | memset(conntrack, 0, nf_ct_cache[features].size); |
| 895 | conntrack->features = features; | 895 | conntrack->features = features; |
| 896 | if (helper) { | ||
| 897 | struct nf_conn_help *help = nfct_help(conntrack); | ||
| 898 | NF_CT_ASSERT(help); | ||
| 899 | help->helper = helper; | ||
| 900 | } | ||
| 901 | |||
| 902 | atomic_set(&conntrack->ct_general.use, 1); | 896 | atomic_set(&conntrack->ct_general.use, 1); |
| 903 | conntrack->ct_general.destroy = destroy_conntrack; | 897 | conntrack->ct_general.destroy = destroy_conntrack; |
| 904 | conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; | 898 | conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; |
| @@ -982,8 +976,13 @@ init_conntrack(const struct nf_conntrack_tuple *tuple, | |||
| 982 | #endif | 976 | #endif |
| 983 | nf_conntrack_get(&conntrack->master->ct_general); | 977 | nf_conntrack_get(&conntrack->master->ct_general); |
| 984 | NF_CT_STAT_INC(expect_new); | 978 | NF_CT_STAT_INC(expect_new); |
| 985 | } else | 979 | } else { |
| 980 | struct nf_conn_help *help = nfct_help(conntrack); | ||
| 981 | |||
| 982 | if (help) | ||
| 983 | help->helper = __nf_ct_helper_find(&repl_tuple); | ||
| 986 | NF_CT_STAT_INC(new); | 984 | NF_CT_STAT_INC(new); |
| 985 | } | ||
| 987 | 986 | ||
| 988 | /* Overload tuple linked list to put us in unconfirmed list. */ | 987 | /* Overload tuple linked list to put us in unconfirmed list. */ |
| 989 | list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed); | 988 | list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed); |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index bd0156a28ecd..ab67c2be2b5d 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -161,6 +161,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct) | |||
| 161 | return ret; | 161 | return ret; |
| 162 | 162 | ||
| 163 | nfattr_failure: | 163 | nfattr_failure: |
| 164 | nf_ct_proto_put(proto); | ||
| 164 | return -1; | 165 | return -1; |
| 165 | } | 166 | } |
| 166 | 167 | ||
| @@ -949,6 +950,7 @@ ctnetlink_create_conntrack(struct nfattr *cda[], | |||
| 949 | { | 950 | { |
| 950 | struct nf_conn *ct; | 951 | struct nf_conn *ct; |
| 951 | int err = -EINVAL; | 952 | int err = -EINVAL; |
| 953 | struct nf_conn_help *help; | ||
| 952 | 954 | ||
| 953 | ct = nf_conntrack_alloc(otuple, rtuple); | 955 | ct = nf_conntrack_alloc(otuple, rtuple); |
| 954 | if (ct == NULL || IS_ERR(ct)) | 956 | if (ct == NULL || IS_ERR(ct)) |
| @@ -976,9 +978,16 @@ ctnetlink_create_conntrack(struct nfattr *cda[], | |||
| 976 | ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); | 978 | ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); |
| 977 | #endif | 979 | #endif |
| 978 | 980 | ||
| 981 | help = nfct_help(ct); | ||
| 982 | if (help) | ||
| 983 | help->helper = nf_ct_helper_find_get(rtuple); | ||
| 984 | |||
| 979 | add_timer(&ct->timeout); | 985 | add_timer(&ct->timeout); |
| 980 | nf_conntrack_hash_insert(ct); | 986 | nf_conntrack_hash_insert(ct); |
| 981 | 987 | ||
| 988 | if (help && help->helper) | ||
| 989 | nf_ct_helper_put(help->helper); | ||
| 990 | |||
| 982 | return 0; | 991 | return 0; |
| 983 | 992 | ||
| 984 | err: | 993 | err: |