netfilter: SYNPROXY target: restrict to INPUT/FORWARD

Fix a crash in synproxy_send_tcp() when using the SYNPROXY target in the PREROUTING chain caused by missing routing information. Reported-by: Nicki P. <xastx@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2013-12-08 11:52:31 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-11 05:30:25 -0500
commit: f01b3926ee645974f549f4a6921268142047717c (patch)
tree: 1e09f1ac983c7b8f5a7d15cbf6b14a3cb6db2481 /net/ipv4
parent: 8afdd99a1315e759de04ad6e2344f0c5f17ecb1b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index f13bd91d9a56..a313c3fbeb46 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -423,6 +423,7 @@ static void synproxy_tg4_destroy(const struct xt_tgdtor_param *par)
 static struct xt_target synproxy_tg4_reg __read_mostly = {
        .name           = "SYNPROXY",
        .family         = NFPROTO_IPV4,
+        .hooks          = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD),
        .target         = synproxy_tg4,
        .targetsize     = sizeof(struct xt_synproxy_info),
        .checkentry     = synproxy_tg4_check,
author	Patrick McHardy <kaber@trash.net>	2013-12-08 11:52:31 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-11 05:30:25 -0500
commit	f01b3926ee645974f549f4a6921268142047717c (patch)
tree	1e09f1ac983c7b8f5a7d15cbf6b14a3cb6db2481 /net/ipv4
parent	8afdd99a1315e759de04ad6e2344f0c5f17ecb1b (diff)

diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c index f13bd91d9a56..a313c3fbeb46 100644 --- a/net/ipv4/netfilter/ipt_SYNPROXY.c +++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -423,6 +423,7 @@ static void synproxy_tg4_destroy(const struct xt_tgdtor_param *par)
423	static struct xt_target synproxy_tg4_reg __read_mostly = {	423	static struct xt_target synproxy_tg4_reg __read_mostly = {
424	.name = "SYNPROXY",	424	.name = "SYNPROXY",
425	.family = NFPROTO_IPV4,	425	.family = NFPROTO_IPV4,
		426	.hooks = (1 << NF_INET_LOCAL_IN) \| (1 << NF_INET_FORWARD),
426	.target = synproxy_tg4,	427	.target = synproxy_tg4,
427	.targetsize = sizeof(struct xt_synproxy_info),	428	.targetsize = sizeof(struct xt_synproxy_info),
428	.checkentry = synproxy_tg4_check,	429	.checkentry = synproxy_tg4_check,