Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 60d061e3 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter patches for your net tree:

1) Fix NULL pointer dereference from nf_nat_decode_session() if NAT is
   not loaded, from Prashant Bhole.

2) Fix socket extension module autoload.

3) Don't bogusly reject sets with the NFT_SET_EVAL flag set on from
   the dynset extension.

4) Fix races with nf_tables module removal and netns exit path,
   patches from Florian Westphal.

5) Don't hit BUG_ON if jumpstack goes too deep, instead hit
   WARN_ON_ONCE, from Taehee Yoo.

6) Another NULL pointer dereference from ctnetlink, again if NAT is
   not loaded, from Florian Westphal.

7) Fix x_tables match list corruption in xt_connmark module removal
   path, also from Florian.

8) nf_conncount doesn't properly deal with conntrack zones, hence
   garbage collector may get rid of entries in a different zone.
   From Yi-Hung Wei.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 57f230ab 21ba8847

include/linux/netfilter.h

+1 −1
Original line number Diff line number Diff line
@@ -345,7 +345,7 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) 


	rcu_read_lock();

	nat_hook = rcu_dereference(nf_nat_hook);

	if (nat_hook->decode_session)

	if (nat_hook && nat_hook->decode_session)

		nat_hook->decode_session(skb, fl);

	rcu_read_unlock();

#endif

include/net/netfilter/nf_conntrack_count.h

+2 −1
Original line number Diff line number Diff line
@@ -20,7 +20,8 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head, 
				 bool *addit);



bool nf_conncount_add(struct hlist_head *head,

		      const struct nf_conntrack_tuple *tuple);

		      const struct nf_conntrack_tuple *tuple,

		      const struct nf_conntrack_zone *zone);



void nf_conncount_cache_free(struct hlist_head *hhead);

include/uapi/linux/netfilter/nf_tables.h

+1 −1
Original line number Diff line number Diff line
@@ -266,7 +266,7 @@ enum nft_rule_compat_attributes { 
 * @NFT_SET_INTERVAL: set contains intervals

 * @NFT_SET_MAP: set is used as a dictionary

 * @NFT_SET_TIMEOUT: set uses timeouts

 * @NFT_SET_EVAL: set contains expressions for evaluation

 * @NFT_SET_EVAL: set can be updated from the evaluation path

 * @NFT_SET_OBJECT: set contains stateful objects

 */

enum nft_set_flags {

net/netfilter/nf_conncount.c

+9 −4
Original line number Diff line number Diff line
@@ -46,6 +46,7 @@ 
struct nf_conncount_tuple {

	struct hlist_node		node;

	struct nf_conntrack_tuple	tuple;

	struct nf_conntrack_zone	zone;

};



struct nf_conncount_rb {
@@ -80,7 +81,8 @@ static int key_diff(const u32 *a, const u32 *b, unsigned int klen) 
}



bool nf_conncount_add(struct hlist_head *head,

		      const struct nf_conntrack_tuple *tuple)

		      const struct nf_conntrack_tuple *tuple,

		      const struct nf_conntrack_zone *zone)

{

	struct nf_conncount_tuple *conn;
@@ -88,6 +90,7 @@ bool nf_conncount_add(struct hlist_head *head, 
	if (conn == NULL)

		return false;

	conn->tuple = *tuple;

	conn->zone = *zone;

	hlist_add_head(&conn->node, head);

	return true;

}
@@ -108,7 +111,7 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head, 


	/* check the saved connections */

	hlist_for_each_entry_safe(conn, n, head, node) {

		found = nf_conntrack_find_get(net, zone, &conn->tuple);

		found = nf_conntrack_find_get(net, &conn->zone, &conn->tuple);

		if (found == NULL) {

			hlist_del(&conn->node);

			kmem_cache_free(conncount_conn_cachep, conn);
@@ -117,7 +120,8 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head, 


		found_ct = nf_ct_tuplehash_to_ctrack(found);



		if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple)) {

		if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple) &&

		    nf_ct_zone_equal(found_ct, zone, zone->dir)) {

			/*

			 * Just to be sure we have it only once in the list.

			 * We should not see tuples twice unless someone hooks
@@ -196,7 +200,7 @@ count_tree(struct net *net, struct rb_root *root, 
			if (!addit)

				return count;



			if (!nf_conncount_add(&rbconn->hhead, tuple))

			if (!nf_conncount_add(&rbconn->hhead, tuple, zone))

				return 0; /* hotdrop */



			return count + 1;
@@ -238,6 +242,7 @@ count_tree(struct net *net, struct rb_root *root, 
	}



	conn->tuple = *tuple;

	conn->zone = *zone;

	memcpy(rbconn->key, key, sizeof(u32) * keylen);



	INIT_HLIST_HEAD(&rbconn->hhead);

net/netfilter/nf_conntrack_netlink.c

+2 −1
Original line number Diff line number Diff line
@@ -1446,7 +1446,8 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct, 
		}

		nfnl_lock(NFNL_SUBSYS_CTNETLINK);

		rcu_read_lock();

		if (nat_hook->parse_nat_setup)

		nat_hook = rcu_dereference(nf_nat_hook);

		if (nat_hook)

			return -EAGAIN;

#endif

		return -EOPNOTSUPP;