dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity
This repository has been archived on 2022-02-17. You can view files and clone it, but cannot push or open issues or pull requests.
linux-2.6/net/netfilter
History
Pablo Neira Ayuso a88e22adf5 netfilter: ctnetlink: fix creation of conntrack with helpers 
This patch fixes a bug that triggers an assertion if you create
a conntrack entry with a helper and netfilter debugging is enabled.
Basically, we hit the assertion because the confirmation flag is
set before the conntrack extensions are added. To fix this, we
move the extension addition before the aforementioned flag is
set.

This patch also removes the possibility of setting a helper for
existing conntracks. This operation would also trigger the
assertion since we are not allowed to add new extensions for
existing conntracks. We know noone that could benefit from
this operation sanely.

Thanks to Eric Dumazet for initial posting a preliminary patch
to address this issue.

Reported-by: David Ramblewski <David.Ramblewski@atosorigin.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
 		2010-02-19 14:24:39 +01:00
..
ipvs ipvs: SCTP Trasport Loadbalancing Support 2010-02-18 12:31:05 +01:00
Kconfig netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
Makefile netfilter: xtables: add CT target 2010-02-03 17:17:06 +01:00
core.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_acct.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_amanda.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
nf_conntrack_core.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_ecache.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_expect.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_extend.c netfilter: don't use INIT_RCU_HEAD() 2010-02-12 06:25:36 +01:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq() 2010-01-07 18:33:18 +01:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_h323_main.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_helper.c Merge branch 'master' of /repos/git/net-next-2.6 2010-02-10 14:17:10 +01:00
nf_conntrack_irc.c netfilter: fix endian bug in conntrack printks 2009-03-28 23:55:57 -07:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto 2008-04-14 11:15:52 +02:00
nf_conntrack_netbios_ns.c net: skb->rtable accessor 2009-06-03 02:51:02 -07:00
nf_conntrack_netlink.c netfilter: ctnetlink: fix creation of conntrack with helpers 2010-02-19 14:24:39 +01:00
nf_conntrack_pptp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_proto.c netfilter: ctnetlink: add callbacks to the per-proto nlattrs 2009-03-25 18:24:48 +01:00
nf_conntrack_proto_dccp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_generic.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack: split up IPCT_STATUS event 2010-02-03 13:48:53 +01:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack: split up IPCT_STATUS event 2010-02-03 13:48:53 +01:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_udplite.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_sane.c netfilter: nf_conntrack: connection tracking helper name persistent aliases 2008-11-17 16:01:42 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_standalone.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_tftp.c netfilter: nf_conntrack: connection tracking helper name persistent aliases 2008-11-17 16:01:42 +01:00
nf_internals.h netfilter: Use unsigned types for hooknum and pf vars 2008-10-08 11:35:00 +02:00
nf_log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6 2009-12-08 07:38:50 -08:00
nf_queue.c netfilter: queue: use NFPROTO_ for queue callsites 2009-05-08 10:30:46 +02:00
nf_sockopt.c net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
nf_tproxy_core.c net: Partially allow skb destructors to be used on receive path 2009-02-04 16:55:27 -08:00
nfnetlink.c netfilter: nfnetlink: netns support 2010-01-13 16:02:14 +01:00
nfnetlink_log.c netfilter: nfnetlink: netns support 2010-01-13 16:02:14 +01:00
nfnetlink_queue.c netfilter: don't use INIT_RCU_HEAD() 2010-02-12 06:25:36 +01:00
x_tables.c netfilter: CONFIG_COMPAT: allow delta to exceed 32767 2010-02-15 18:17:10 +01:00
xt_CLASSIFY.c netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08 11:35:19 +02:00
xt_CONNMARK.c netfilter: xtables: remove xt_CONNMARK v0 2009-08-10 12:25:11 +02:00
xt_CONNSECMARK.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_CT.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
xt_DSCP.c netfilter: xtables: remove xt_TOS v0 2009-08-10 12:25:11 +02:00
xt_HL.c netfilter: Combine ipt_TTL and ip6t_HL source 2009-02-18 18:38:40 +01:00
xt_LED.c netfilter: x_tables: add LED trigger target 2009-02-20 10:55:14 +01:00
xt_MARK.c netfilter: xtables: remove xt_MARK v0, v1 2009-08-10 12:25:12 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module. 2008-11-04 14:21:08 +01:00
xt_NFQUEUE.c netfilter: xtables: do not grab random bytes at __init 2010-01-04 16:27:25 +01:00
xt_NOTRACK.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_RATEEST.c netfilter: xtables: do not grab random bytes at __init 2010-01-04 16:27:25 +01:00
xt_SECMARK.c netfilter: xtables: move extension arguments into compound structure (6/6) 2008-10-08 11:35:19 +02:00
xt_TCPMSS.c netfilter: xt_TCPMSS: SYN packets are allowed to contain data 2010-02-02 15:33:38 +01:00
xt_TCPOPTSTRIP.c netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08 11:35:19 +02:00
xt_TPROXY.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
xt_TRACE.c netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08 11:35:19 +02:00
xt_cluster.c netfilter: fix some sparse endianess warnings 2009-06-22 14:15:02 +02:00
xt_comment.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_connbytes.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_connlimit.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
xt_connmark.c netfilter: xtables: remove xt_connmark v0 2009-08-10 12:25:12 +02:00
xt_conntrack.c netfilter: xtables: fix conntrack match v1 ipt-save output 2009-11-23 10:43:57 +01:00
xt_dccp.c nf/dccp: merge errorpaths 2008-12-14 23:19:02 -08:00
xt_dscp.c netfilter: xtables: remove xt_TOS v0 2009-08-10 12:25:11 +02:00
xt_esp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_hashlimit.c xt_hashlimit: fix locking 2010-02-17 13:27:11 -08:00
xt_helper.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_hl.c netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
xt_iprange.c netfilter: xtables: remove xt_iprange v0 2009-08-10 13:09:44 +02:00
xt_length.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00
xt_limit.c netfilter: xtables: constify args in compat copying functions 2010-02-15 16:59:28 +01:00
xt_mac.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_mark.c netfilter: xtables: remove xt_mark v0 2009-08-10 13:09:45 +02:00
xt_multiport.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_osf.c netfilter: xt_osf: change %pi4 to %pI4 2010-01-11 11:55:36 +01:00
xt_owner.c netfilter: xtables: remove xt_owner v0 2009-08-10 13:32:30 +02:00
xt_physdev.c netfilter: factorize ifname_compare() 2009-03-25 17:31:52 +01:00
xt_pkttype.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_policy.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_quota.c netfilter: xt_quota: fix wrong return value (error case) 2009-08-23 19:09:23 -07:00
xt_rateest.c netfilter: xt_rateest: fix comparison with self 2009-06-22 14:17:12 +02:00
xt_realm.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_recent.c netfilter: xt_recent: inform user when hitcount is too large 2010-02-15 16:31:35 +01:00
xt_repldata.h netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
xt_sctp.c netfilter: xt_sctp: sctp chunk mapping doesn't work 2009-02-09 14:34:56 -08:00
xt_socket.c netfilter: xt_socket: make module available for INPUT chain 2009-10-29 15:35:10 +01:00
xt_state.c netfilter: xtables: move extension arguments into compound structure (3/6) 2008-10-08 11:35:19 +02:00
xt_statistic.c netfilter: xtables: avoid pointer to self 2009-03-16 15:35:29 +01:00
xt_string.c netfilter: xtables: move extension arguments into compound structure (3/6) 2008-10-08 11:35:19 +02:00
xt_tcpmss.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00
xt_tcpudp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_time.c netfilter 08/09: xt_time: print timezone for user information 2009-01-12 21:18:36 -08:00
xt_u32.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00