aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-02-15 18:10:22 -0500
committerDavid S. Miller <davem@davemloft.net>2006-02-15 18:10:22 -0500
commit48d5cad87c3a4998d0bda16ccfb5c60dfe4de5fb (patch)
treebfad91af72f4c522a44bab6133b540cda365d8c1 /include
parent5ecfbae093f0c37311e89b29bfc0c9d586eace87 (diff)
[XFRM]: Fix SNAT-related crash in xfrm4_output_finish
When a packet matching an IPsec policy is SNATed so it doesn't match any policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish crash because of a NULL pointer dereference. This patch directs these packets to the original output path instead. Since the packets have already passed the POST_ROUTING hook, but need to start at the beginning of the original output path which includes another POST_ROUTING invocation, a flag is added to the IPCB to indicate that the packet was rerouted and doesn't need to pass the POST_ROUTING hook again. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter.h19
-rw-r--r--include/net/ip.h1
-rw-r--r--include/net/xfrm.h1
3 files changed, 16 insertions, 5 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 4cf6088625c1..3ca3d9ee78a9 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -184,8 +184,11 @@ static inline int nf_hook_thresh(int pf, unsigned int hook,
184 struct sk_buff **pskb, 184 struct sk_buff **pskb,
185 struct net_device *indev, 185 struct net_device *indev,
186 struct net_device *outdev, 186 struct net_device *outdev,
187 int (*okfn)(struct sk_buff *), int thresh) 187 int (*okfn)(struct sk_buff *), int thresh,
188 int cond)
188{ 189{
190 if (!cond)
191 return 1;
189#ifndef CONFIG_NETFILTER_DEBUG 192#ifndef CONFIG_NETFILTER_DEBUG
190 if (list_empty(&nf_hooks[pf][hook])) 193 if (list_empty(&nf_hooks[pf][hook]))
191 return 1; 194 return 1;
@@ -197,7 +200,7 @@ static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb,
197 struct net_device *indev, struct net_device *outdev, 200 struct net_device *indev, struct net_device *outdev,
198 int (*okfn)(struct sk_buff *)) 201 int (*okfn)(struct sk_buff *))
199{ 202{
200 return nf_hook_thresh(pf, hook, pskb, indev, outdev, okfn, INT_MIN); 203 return nf_hook_thresh(pf, hook, pskb, indev, outdev, okfn, INT_MIN, 1);
201} 204}
202 205
203/* Activate hook; either okfn or kfree_skb called, unless a hook 206/* Activate hook; either okfn or kfree_skb called, unless a hook
@@ -224,7 +227,13 @@ static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb,
224 227
225#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ 228#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \
226({int __ret; \ 229({int __ret; \
227if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, thresh)) == 1)\ 230if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, thresh, 1)) == 1)\
231 __ret = (okfn)(skb); \
232__ret;})
233
234#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \
235({int __ret; \
236if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\
228 __ret = (okfn)(skb); \ 237 __ret = (okfn)(skb); \
229__ret;}) 238__ret;})
230 239
@@ -295,11 +304,13 @@ extern struct proc_dir_entry *proc_net_netfilter;
295 304
296#else /* !CONFIG_NETFILTER */ 305#else /* !CONFIG_NETFILTER */
297#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) 306#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb)
307#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb)
298static inline int nf_hook_thresh(int pf, unsigned int hook, 308static inline int nf_hook_thresh(int pf, unsigned int hook,
299 struct sk_buff **pskb, 309 struct sk_buff **pskb,
300 struct net_device *indev, 310 struct net_device *indev,
301 struct net_device *outdev, 311 struct net_device *outdev,
302 int (*okfn)(struct sk_buff *), int thresh) 312 int (*okfn)(struct sk_buff *), int thresh,
313 int cond)
303{ 314{
304 return okfn(*pskb); 315 return okfn(*pskb);
305} 316}
diff --git a/include/net/ip.h b/include/net/ip.h
index 8de0697b364c..fab3d5b3ab1c 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -41,6 +41,7 @@ struct inet_skb_parm
41#define IPSKB_XFRM_TUNNEL_SIZE 2 41#define IPSKB_XFRM_TUNNEL_SIZE 2
42#define IPSKB_XFRM_TRANSFORMED 4 42#define IPSKB_XFRM_TRANSFORMED 4
43#define IPSKB_FRAG_COMPLETE 8 43#define IPSKB_FRAG_COMPLETE 8
44#define IPSKB_REROUTED 16
44}; 45};
45 46
46struct ipcm_cookie 47struct ipcm_cookie
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index d09ca0e7d139..d6111a2f0a23 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -866,7 +866,6 @@ extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
866extern int xfrm_init_state(struct xfrm_state *x); 866extern int xfrm_init_state(struct xfrm_state *x);
867extern int xfrm4_rcv(struct sk_buff *skb); 867extern int xfrm4_rcv(struct sk_buff *skb);
868extern int xfrm4_output(struct sk_buff *skb); 868extern int xfrm4_output(struct sk_buff *skb);
869extern int xfrm4_output_finish(struct sk_buff *skb);
870extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler); 869extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
871extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler); 870extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
872extern int xfrm6_rcv_spi(struct sk_buff **pskb, u32 spi); 871extern int xfrm6_rcv_spi(struct sk_buff **pskb, u32 spi);