Linux kernel source tree https://git.amat.us/linux/atom/net/ipv6/netfilter?h=v3.2.38 2011-11-23T21:07:00Z 2011-11-23T21:07:00Z David S. Miller davem@davemloft.net 2011-11-23T21:07:00Z urn:sha1:46a246c4dff9f248913e791b69f2336cd8d4ec41 Distributions are using this in their default scripts, so don't hide them behind the advanced setting. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-11-01T08:19:49Z Joe Perches joe@perches.com 2011-08-29T21:17:25Z urn:sha1:0a9ee81349d90c6c85831f38118bf569c60a4d51 Site specific OOM messages are duplications of a generic MM out of memory message and aren't really useful, so just delete them. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2011-10-19T07:10:46Z Eric Dumazet eric.dumazet@gmail.com 2011-10-18T21:00:24Z urn:sha1:9e903e085262ffbf1fc44a17ac06058aca03524a To ease skb->truesize sanitization, its better to be able to localize all references to skb frags size. Define accessors : skb_frag_size() to fetch frag size, and skb_frag_size_{set|add|sub}() to manipulate it. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-08-30T13:01:20Z Florian Westphal fw@strlen.de 2011-08-30T13:01:20Z urn:sha1:c6675233f9015d3c0460c8aab53ed9b99d915c64 A userspace listener may send (bogus) NF_STOLEN verdict, which causes skb leak. This problem was previously fixed via 64507fdbc29c3a622180378210ecea8659b14e40 (netfilter: nf_queue: fix NF_STOLEN skb leak) but this had to be reverted because NF_STOLEN can also be returned by a netfilter hook when iterating the rules in nf_reinject. Reject userspace NF_STOLEN verdict, as suggested by Michal Miroslaw. This is complementary to commit fad54440438a7c231a6ae347738423cbabc936d9 (netfilter: avoid double free in nf_reinject). Cc: Julian Anastasov <ja@ssi.bg> Cc: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 2011-07-29T14:38:49Z Jesper Juhl jj@chaosbits.net 2011-07-29T14:38:49Z urn:sha1:91c66c6893a3e2bb8a88a30cb76007d5d49d32c9 ipq_build_packet_message() in net/ipv4/netfilter/ip_queue.c and net/ipv6/netfilter/ip6_queue.c contain a small potential mem leak as far as I can tell. We allocate memory for 'skb' with alloc_skb() annd then call nlh = NLMSG_PUT(skb, 0, 0, IPQM_PACKET, size - sizeof(*nlh)); NLMSG_PUT is a macro NLMSG_PUT(skb, pid, seq, type, len) \ NLMSG_NEW(skb, pid, seq, type, len, 0) that expands to NLMSG_NEW, which is also a macro which expands to: NLMSG_NEW(skb, pid, seq, type, len, flags) \ ({ if (unlikely(skb_tailroom(skb) < (int)NLMSG_SPACE(len))) \ goto nlmsg_failure; \ __nlmsg_put(skb, pid, seq, type, len, flags); }) If we take the true branch of the 'if' statement and 'goto nlmsg_failure', then we'll, at that point, return from ipq_build_packet_message() without having assigned 'skb' to anything and we'll leak the memory we allocated for it when it goes out of scope. Fix this by placing a 'kfree(skb)' at 'nlmsg_failure'. I admit that I do not know how likely this to actually happen or even if there's something that guarantees that it will never happen - I'm not that familiar with this code, but if that is so, I've not been able to spot it. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Patrick McHardy <kaber@trash.net> 2011-06-16T15:27:04Z Nicolas Cavallari cavallar@lri.fr 2011-06-16T15:27:04Z urn:sha1:2c38de4c1f8da799bdca0e4bb40ca13f2174d3e8 By default, when broadcast or multicast packet are sent from a local application, they are sent to the interface then looped by the kernel to other local applications, going throught netfilter hooks in the process. These looped packet have their MAC header removed from the skb by the kernel looping code. This confuse various netfilter's netlink queue, netlink log and the legacy ip_queue, because they try to extract a hardware address from these packets, but extracts a part of the IP header instead. This patch prevent NFQUEUE, NFLOG and ip_QUEUE to include a MAC header if there is none in the packet. Signed-off-by: Nicolas Cavallari <cavallar@lri.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> 2011-06-05T23:37:16Z Dave Jones davej@redhat.com 2011-05-28T00:36:51Z urn:sha1:d232b8dded624af3e346b13807a591c63b601c44 Netlink message lengths can't be negative, so use unsigned variables. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2011-06-05T23:37:02Z Pablo Neira Ayuso pablo@netfilter.org 2011-06-02T13:08:45Z urn:sha1:88ed01d17b44bc2bed4ad4835d3b1099bff3dd71 This patch fixes a refcount leak of ct objects that may occur if l4proto->error() assigns one conntrack object to one skbuff. In that case, we have to skip further processing in nf_conntrack_in(). With this patch, we can also fix wrong return values (-NF_ACCEPT) for special cases in ICMP[v6] that should not bump the invalid/error statistic counters. Reported-by: Zoltan Menyhart <Zoltan.Menyhart@bull.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2011-06-05T23:35:10Z Eric Dumazet eric.dumazet@gmail.com 2011-05-19T13:44:27Z urn:sha1:fb04883371f2cb7867d24783e7d590036dc9b548 Following error is raised (and other similar ones) : net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’: net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’ not in enumerated type ‘enum ip_conntrack_info’ gcc barfs on adding two enum values and getting a not enumerated result : case IP_CT_RELATED+IP_CT_IS_REPLY: Add missing enum values Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: David Miller <davem@davemloft.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2011-05-11T18:26:58Z David S. Miller davem@davemloft.net 2011-05-11T18:26:15Z urn:sha1:3c709f8fb43e07a0403bba4a8ca7ba00ab874994 Conflicts: drivers/net/benet/be_main.c