Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d8821091 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
The following patchset contains four fixes for Netfilter and one fix
for IPVS, they are:

* Fix data leak to user-space via getsockopt IP_VS_SO_GET_DESTS, from
  Dan Carpenter.

* Fix xt_TCPMSS if no TCP MSS is specified in syn packets, to avoid the
  violation of RFC879, from Phil Oester.

* Fix incomplete dump of objects via nfnetlink_acct and nfnetlink_cttimeout,
  from myself.

* Fix missing HW protocol in packets passed to user-space via NFQUEUE,
  from myself.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 40edeff6 a8241c63

net/netfilter/ipvs/ip_vs_ctl.c

+1 −0
Original line number Diff line number Diff line
@@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, 
		struct ip_vs_dest *dest;

		struct ip_vs_dest_entry entry;



		memset(&entry, 0, sizeof(entry));

		list_for_each_entry(dest, &svc->destinations, n_list) {

			if (count >= get->num_dests)

				break;

net/netfilter/nfnetlink_acct.c

+5 −2
Original line number Diff line number Diff line
@@ -149,9 +149,12 @@ nfnl_acct_dump(struct sk_buff *skb, struct netlink_callback *cb) 


	rcu_read_lock();

	list_for_each_entry_rcu(cur, &nfnl_acct_list, head) {

		if (last && cur != last)

		if (last) {

			if (cur != last)

				continue;



			last = NULL;

		}

		if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid,

				       cb->nlh->nlmsg_seq,

				       NFNL_MSG_TYPE(cb->nlh->nlmsg_type),

net/netfilter/nfnetlink_cttimeout.c

+5 −2
Original line number Diff line number Diff line
@@ -220,9 +220,12 @@ ctnl_timeout_dump(struct sk_buff *skb, struct netlink_callback *cb) 


	rcu_read_lock();

	list_for_each_entry_rcu(cur, &cttimeout_list, head) {

		if (last && cur != last)

		if (last) {

			if (cur != last)

				continue;



			last = NULL;

		}

		if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid,

					   cb->nlh->nlmsg_seq,

					   NFNL_MSG_TYPE(cb->nlh->nlmsg_type),

net/netfilter/nfnetlink_queue_core.c

+3 −3
Original line number Diff line number Diff line
@@ -637,9 +637,6 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) 
	if (queue->copy_mode == NFQNL_COPY_NONE)

		return -EINVAL;



	if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb))

		return __nfqnl_enqueue_packet(net, queue, entry);



	skb = entry->skb;



	switch (entry->pf) {
@@ -651,6 +648,9 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) 
		break;

	}



	if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb))

		return __nfqnl_enqueue_packet(net, queue, entry);



	nf_bridge_adjust_skb_data(skb);

	segs = skb_gso_segment(skb, 0);

	/* Does not use PTR_ERR to limit the number of error codes that can be

net/netfilter/xt_TCPMSS.c

+6 −0
Original line number Diff line number Diff line
@@ -125,6 +125,12 @@ tcpmss_mangle_packet(struct sk_buff *skb, 


	skb_put(skb, TCPOLEN_MSS);



	/* RFC 879 states that the default MSS is 536 without specific

	 * knowledge that the destination host is prepared to accept larger.

	 * Since no MSS was provided, we MUST NOT set a value > 536.

	 */

	newmss = min(newmss, (u16)536);



	opt = (u_int8_t *)tcph + sizeof(struct tcphdr);

	memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));