Merge branch 'master' of git://1984.lsi.us.es/nf

Pablo Neira Ayuso says: ==================== The following batch contains Netfilter fixes for 3.8-rc1. They are a mixture of old bugs that have passed unnoticed (I'll pass these to stable) and more fresh ones from the previous merge window, they are: * Fix for MAC address in 6in4 tunnels via NFLOG that results in ulogd showing up wrong address, from Bob Hockney. * Fix a comment in nf_conntrack_ipv6, from Florent Fourcot. * Fix a leak an error path in ctnetlink while creating an expectation, from Jesper Juhl. * Fix missing ICMP time exceeded in the IPv6 defragmentation code, from Haibo Xi. * Fix inconsistent handling of routing changes in MASQUERADE for the new connections case, from Andrew Collins. * Fix a missing skb_reset_transport in ip[6]t_REJECT that leads to crashes in the ixgbe driver (since it seems to access the transport header with TSO enabled), from Mukund Jampala. * Recover obsoleted NOTRACK target by including it into the CT and spot a warning via printk about being obsoleted. Many people don't check the scheduled to be removal file under Documentation, so we follow some less agressive approach to kill this in a year or so. Spotted by Florian Westphal, patch from myself. * Fix race condition in xt_hashlimit that allows to create two or more entries, from myself. * Fix crash if the CT is used due to the recently added facilities to consult the dying and unconfirmed conntrack lists, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2012-12-28 17:24:14 -0500
committer: David S. Miller <davem@davemloft.net> 2012-12-28 17:28:17 -0500
commit: ac196f8c92948deb0fc9ae617f3a453c6d71fa69 (patch)
tree: f79d08264a3d6e8c49ab4f20c98e7885f71d4183 /net/ipv6
parent: 101e5c7470eb7f77ae87f966b9155f0dbb5b4698 (diff)
parent: 1310b955c804975651dca6c674ebfd1cb2b4c7ff (diff)
4 files changed, 17 insertions, 8 deletions
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index fd4fb34c51c7..029623dbd411 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -132,6 +132,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
        ip6h->saddr = oip6h->daddr;
        ip6h->daddr = oip6h->saddr;
+        skb_reset_transport_header(nskb);
        tcph = (struct tcphdr *)skb_put(nskb, sizeof(struct tcphdr));
        /* Truncate to length (no data) */
        tcph->doff = sizeof(struct tcphdr)/4;
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c
index 6c8ae24b85eb..e0e788d25b14 100644
--- a/net/ipv6/netfilter/ip6table_nat.c
+++ b/net/ipv6/netfilter/ip6table_nat.c
@@ -127,23 +127,28 @@ nf_nat_ipv6_fn(unsigned int hooknum,
                        ret = nf_nat_rule_find(skb, hooknum, in, out, ct);
                        if (ret != NF_ACCEPT)
                                return ret;
-                } else
+                } else {
                        pr_debug("Already setup manip %s for ct %p\n",
                                 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
                                 ct);
+                        if (nf_nat_oif_changed(hooknum, ctinfo, nat, out))
+                                goto oif_changed;
+                }
                break;
        default:
                /* ESTABLISHED */
                NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
                             ctinfo == IP_CT_ESTABLISHED_REPLY);
-                if (nf_nat_oif_changed(hooknum, ctinfo, nat, out)) {
+                if (nf_nat_oif_changed(hooknum, ctinfo, nat, out))
-                        nf_ct_kill_acct(ct, ctinfo, skb);
+                        goto oif_changed;
-                        return NF_DROP;
-                }
        }
        return nf_nat_packet(ct, ctinfo, hooknum, skb);
+oif_changed:
+        nf_ct_kill_acct(ct, ctinfo, skb);
+        return NF_DROP;
 }
 static unsigned int
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 00ee17c3e893..137e245860ab 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -81,8 +81,8 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
        }
        protoff = ipv6_skip_exthdr(skb, extoff, &nexthdr, &frag_off);
        /*
-         * (protoff == skb->len) mean that the packet doesn't have no data
+         * (protoff == skb->len) means the packet has not data, just
-         * except of IPv6 & ext headers. but it's tracked anyway. - YK
+         * IPv6 and possibly extensions headers, but it is tracked anyway
         */
        if (protoff < 0 || (frag_off & htons(~0x7)) != 0) {
                pr_debug("ip6_conntrack_core: can't find proto in pkt\n");
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 22c8ea951185..3dacecc99065 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -311,7 +311,10 @@ found:
        else
                fq->q.fragments = skb;
-        skb->dev = NULL;
+        if (skb->dev) {
+                fq->iif = skb->dev->ifindex;
+                skb->dev = NULL;
+        }
        fq->q.stamp = skb->tstamp;
        fq->q.meat += skb->len;
        if (payload_len > fq->q.max_size)
author	David S. Miller <davem@davemloft.net>	2012-12-28 17:24:14 -0500
committer	David S. Miller <davem@davemloft.net>	2012-12-28 17:28:17 -0500
commit	ac196f8c92948deb0fc9ae617f3a453c6d71fa69 (patch)
tree	f79d08264a3d6e8c49ab4f20c98e7885f71d4183 /net/ipv6
parent	101e5c7470eb7f77ae87f966b9155f0dbb5b4698 (diff)
parent	1310b955c804975651dca6c674ebfd1cb2b4c7ff (diff)