summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* [NETFILTER]: Fix NAT PMTUD problemsPatrick McHardy2006-02-191-9/+9
| | | | | | | | | | | | | | | ICMP errors are only SNATed when their source matches the source of the connection they are related to, otherwise the source address is not changed. This creates problems with ICMP frag. required messages originating from a router behind the NAT, if private IPs are used the packet has a good change of getting dropped on the path to its destination. Always NAT ICMP errors similar to the original connection. Based on report by Al Viro. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Fix policy double putPatrick McHardy2006-02-191-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The policy is put once immediately and once at the error label, which results in the following Oops: kernel BUG at net/xfrm/xfrm_policy.c:250! invalid opcode: 0000 [#2] PREEMPT [...] CPU: 0 EIP: 0060:[<c028caf7>] Not tainted VLI EFLAGS: 00210246 (2.6.16-rc3 #39) EIP is at __xfrm_policy_destroy+0xf/0x46 eax: d49f2000 ebx: d49f2000 ecx: f74bd880 edx: f74bd280 esi: d49f2000 edi: 00000001 ebp: cd506dcc esp: cd506dc8 ds: 007b es: 007b ss: 0068 Process ssh (pid: 31970, threadinfo=cd506000 task=cfb04a70) Stack: <0>cd506000 cd506e34 c028e92b ebde7280 cd506e58 cd506ec0 f74bd280 00000000 00000214 0000000a 0000000a 00000000 00000002 f7ae6000 00000000 cd506e58 cd506e14 c0299e36 f74bd280 e873fe00 c02943fd cd506ec0 ebde7280 f271f440 Call Trace: [<c0103a44>] show_stack_log_lvl+0xaa/0xb5 [<c0103b75>] show_registers+0x126/0x18c [<c0103e68>] die+0x14e/0x1db [<c02b6809>] do_trap+0x7c/0x96 [<c0104237>] do_invalid_op+0x89/0x93 [<c01035af>] error_code+0x4f/0x54 [<c028e92b>] xfrm_lookup+0x349/0x3c2 [<c02b0b0d>] ip6_datagram_connect+0x317/0x452 [<c0281749>] inet_dgram_connect+0x49/0x54 [<c02404d2>] sys_connect+0x51/0x68 [<c0240928>] sys_socketcall+0x6f/0x166 [<c0102aa1>] syscall_call+0x7/0xb Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: Fix TCP/UDP HW checksum handling for IPv6 packetYasuyuki Kozakai2006-02-152-2/+6
| | | | | | | | | | | If skb->ip_summed is CHECKSUM_HW here, skb->csum includes checksum of actual IPv6 header and extension headers. Then such excess checksum must be subtruct when nf_conntrack calculates TCP/UDP checksum with pseudo IPv6 header. Spotted by Ben Skeggs. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: attach conntrack to locally generated ICMPv6 errorYasuyuki Kozakai2006-02-151-0/+6
| | | | | | | | | | Locally generated ICMPv6 errors should be associated with the conntrack of the original packet. Since the conntrack entry may not be in the hash tables (for the first packet), it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECTYasuyuki Kozakai2006-02-151-0/+2
| | | | | | | | | | TCP RSTs generated by the REJECT target should be associated with the conntrack of the original TCP packet. Since the conntrack entry is usually not is the hash tables, it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: move registration of __nf_ct_attachYasuyuki Kozakai2006-02-152-5/+5
| | | | | | | | | Move registration of __nf_ct_attach to nf_conntrack_core to make it usable for IPv6 connection tracking as well. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: x_tables: fix dependencies of conntrack related modulesYasuyuki Kozakai2006-02-151-3/+3
| | | | | | | | | | | NF_CONNTRACK_MARK is bool and depends on NF_CONNTRACK which is tristate. If a variable depends on NF_CONNTRACK_MARK and doesn't take care about NF_CONNTRACK, it can be y even if NF_CONNTRACK isn't y. NF_CT_ACCT have same issue, too. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Fix SNAT-related crash in xfrm4_output_finishPatrick McHardy2006-02-154-11/+24
| | | | | | | | | | | | | | | When a packet matching an IPsec policy is SNATed so it doesn't match any policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish crash because of a NULL pointer dereference. This patch directs these packets to the original output path instead. Since the packets have already passed the POST_ROUTING hook, but need to start at the beginning of the original output path which includes another POST_ROUTING invocation, a flag is added to the IPCB to indicate that the packet was rerouted and doesn't need to pass the POST_ROUTING hook again. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: Fix deadlock in br_stp_disable_bridgeAdrian Drzewiecki2006-02-151-2/+2
| | | | | | | | | | Looks like somebody forgot to use the _bh spin_lock variant. We ran into a deadlock where br->hello_timer expired while br_stp_disable_br() walked br->port_list. Signed-off-by: Adrian Drzewiecki <z@drze.net> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix xfrm lookup after SNATPatrick McHardy2006-02-152-3/+44
| | | | | | | | | | | | | | | | | | | | To find out if a packet needs to be handled by IPsec after SNAT, packets are currently rerouted in POST_ROUTING and a new xfrm lookup is done. This breaks SNAT of non-unicast packets to non-local addresses because the packet is routed as incoming packet and no neighbour entry is bound to the dst_entry. In general, it seems to be a bad idea to replace the dst_entry after the packet was already sent to the output routine because its state might not match what's expected. This patch changes the xfrm lookup in POST_ROUTING to re-use the original dst_entry without routing the packet again. This means no policy routing can be used for transport mode transforms (which keep the original route) when packets are SNATed to match the policy, but it looks like the best we can do for now. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Revert skb_copy_datagram_iovec() recursion elimination.David S. Miller2006-02-131-28/+53
| | | | | | | | | | | | | Revert the following changeset: bc8dfcb93970ad7139c976356bfc99d7e251deaf Recursive SKB frag lists are really possible and disallowing them breaks things. Noticed by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Fix strange IPsec freeze.Herbert Xu2006-02-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem discovered and initial patch by Olaf Kirch: there's a problem with IPsec that has been bugging some of our users for the last couple of kernel revs. Every now and then, IPsec will freeze the machine completely. This is with openswan user land, and with kernels up to and including 2.6.16-rc2. I managed to debug this a little, and what happens is that we end up looping in xfrm_lookup, and never get out. With a bit of debug printks added, I can this happening: ip_route_output_flow calls xfrm_lookup xfrm_find_bundle returns NULL (apparently we're in the middle of negotiating a new SA or something) We therefore call xfrm_tmpl_resolve. This returns EAGAIN We go to sleep, waiting for a policy update. Then we loop back to the top Apparently, the dst_orig that was passed into xfrm_lookup has been dropped from the routing table (obsolete=2) This leads to the endless loop, because we now create a new bundle, check the new bundle and find it's stale (stale_bundle -> xfrm_bundle_ok -> dst_check() return 0) People have been testing with the patch below, which seems to fix the problem partially. They still see connection hangs however (things only clear up when they start a new ping or new ssh). So the patch is obvsiouly not sufficient, and something else seems to go wrong. I'm grateful for any hints you may have... I suggest that we simply bail out always. If the dst decides to die on us later on, the packet will be dropped anyway. So there is no great urgency to retry here. Once we have the proper resolution queueing, we can then do the retry again. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Olaf Kirch <okir@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] Don't store dst_entry for RAW socketNicolas DICHTEL2006-02-131-4/+1
| | | | | Signed-off-by: Nicolas DICHTEL <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK] genetlink: Fix bugs spotted by Andrew Morton.Jamal Hadi Salim2006-02-131-7/+4
| | | | | | | | | | | | | | | | | | | - panic() doesn't return. - Don't forget to unlock on genl_register_family() error path - genl_rcv_msg() is called via pointer so there's no point in declaring it `inline'. Notes: genl_ctrl_event() ignores the genlmsg_multicast() return value. lots of things ignore the genl_ctrl_event() return value. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: Better fix for netfilter missing symbol has_bridge_parentStephen Hemminger2006-02-131-2/+2
| | | | | | | | Horms patch was the best of the three fixes. Dave, already applied Harald's version, so this patch converts that to the better one. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] Fix Kconfig menu level for x_tablesHarald Welte2006-02-131-2/+2
| | | | | | | | The new x_tables related Kconfig options appear at the wrong menu level without this patch. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6David S. Miller2006-02-132-6/+17
|\
| * [Bluetooth] Fix NULL pointer dereferences of the HCI socketMarcel Holtmann2006-02-131-2/+8
| | | | | | | | | | | | | | | | | | This patch fixes the two NULL pointer dereferences found by the sfuzz tool from Ilja van Sprundel. The first one was a call of getsockname() for an unbound socket and the second was calling accept() while this operation isn't implemented for the HCI socket interface. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
| * [Bluetooth] Reduce L2CAP MTU for RFCOMM connectionsMarcel Holtmann2006-02-131-4/+9
| | | | | | | | | | | | | | | | | | This patch reduces the default L2CAP MTU for all RFCOMM connections from 1024 to 1013 to improve the interoperability with some broken RFCOMM implementations. To make this more flexible the L2CAP MTU becomes also a module parameter and so it can changed at runtime. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* | [P8023]: Fix tainting of kernel.Dave Jones2006-02-131-0/+2
| | | | | | | | | | | | | | | | Missing license tag. I've assumed this is GPL. (It could also use a MODULE_AUTHOR) Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV4] ICMP: Invert default for invalid icmp msgs sysctlDave Jones2006-02-131-1/+1
| | | | | | | | | | | | | | | | | | | | isic can trigger these msgs to be spewed at a very high rate. There's already a sysctl to turn them off. Given these messages aren't useful for most people, this patch disables them by default. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [ATM]: Ratelimit atmsvc failure messagesDave Jones2006-02-131-1/+2
|/ | | | | | | This seems to be trivial to trigger. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] netfilter: fix build error due to missing has_bridge_parent macroJesper Juhl2006-02-121-1/+1
| | | | | | | | | | | net/bridge/br_netfilter.c: In function `br_nf_post_routing': net/bridge/br_netfilter.c:808: warning: implicit declaration of function `has_bridge_parent' Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: Harald Welte <laforge@netfilter.org> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [BRIDGE]: fix error handling for add interface to bridgeStephen Hemminger2006-02-093-73/+59
| | | | | | | | | Refactor how the bridge code interacts with kobject system. It should still use kobjects even if not using sysfs. Fix the error unwind handling in br_add_if. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: netfilter handle RCU during removalStephen Hemminger2006-02-091-15/+38
| | | | | | | | | | | Bridge netfilter code needs to handle the case where device is removed from bridge while packet in process. In these cases the bridge_parent can become null while processing. This should fix: http://bugzilla.kernel.org/show_bug.cgi?id=5803 Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: fix for RCU and deadlock on device removalStephen Hemminger2006-02-094-30/+41
| | | | | | | | | Change Bridge receive path to correctly handle RCU removal of device from bridge. Also fixes deadlock between carrier_check and del_nbp. This replaces the previous deleted flag fix. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: rcvbuf lock when tcp_moderate_rcvbuf enabledJohn Heffner2006-02-091-1/+2
| | | | | | | The rcvbuf lock should probably be honored here. Signed-off-by: John Heffner <jheffner@psc.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IRDA]: out of range array access David Binderman2006-02-091-1/+1
| | | | | | | | This patch fixes an out of range array access in irnet_irda.c. Author: David Binderman <dcb314@hotmail.com> Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IRDA]: Set proper IrLAP device address lengthSamuel Ortiz2006-02-091-2/+2
| | | | | | | | This patch set IrDA's addr_len properly, i.e to 4 bytes, the size of the IrLAP device address. Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: illegal use of pid in rtnetlinkAlexey Kuznetsov2006-02-093-3/+3
| | | | | | | | | | When a netlink message is not related to a netlink socket, it is issued by kernel socket with pid 0. Netlink "pid" has nothing to do with current->pid. I called it incorrectly, if it was named "port", the confusion would be avoided. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Fix a severe bugAlexey Kuznetsov2006-02-091-3/+4
| | | | | | | | | | | | | | | | | | | | | | netlink overrun was broken while improvement of netlink. Destination socket is used in the place where it was meant to be source socket, so that now overrun is never sent to user netlink sockets, when it should be, and it even can be set on kernel socket, which results in complete deadlock of rtnetlink. Suggested fix is to restore status quo passing source socket as additional argument to netlink_attachskb(). A little explanation: overrun is set on a socket, when it failed to receive some message and sender of this messages does not or even have no way to handle this error. This happens in two cases: 1. when kernel sends something. Kernel never retransmits and cannot wait for buffer space. 2. when user sends a broadcast and the message was not delivered to some recipients. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Address autoconfiguration does not work after device down/up cycleKristian Slavov2006-02-081-0/+3
| | | | | | | | | | | | | | | | If you set network interface down and up again, the IPv6 address autoconfiguration does not work. 'ip addr' shows that the link-local address is in tentative state. We don't even react to periodical router advertisements. During NETDEV_DOWN we clear IF_READY, and we don't set it back in NETDEV_UP. While starting to perform DAD on the link-local address, we notice that the device is not in IF_READY, and we abort autoconfiguration process (which would eventually send router solicitations). Acked-by: Juha-Matti Tapio <jmtapio@verkkotelakka.net> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] net/ipv6/mcast.c NULL noise removalAl Viro2006-02-071-1/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [PATCH] ipv4 NULL noise removalAl Viro2006-02-071-1/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [PATCH] remove bogus asm/bug.h includes.Al Viro2006-02-075-5/+0
| | | | | | | A bunch of asm/bug.h includes are both not needed (since it will get pulled anyway) and bogus (since they are done too early). Removed. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2006-02-0517-37/+85
|\
| * [NETFILTER]: Fix check whether dst_entry needs to be released after NATPatrick McHardy2006-02-041-2/+2
| | | | | | | | | | | | | | | | | | After DNAT the original dst_entry needs to be released if present so the packet doesn't skip input routing with its new address. The current check for DNAT in ip_nat_in is reversed and checks for SNAT. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: Prepare {ipt,ip6t}_policy match for x_tables unificationPatrick McHardy2006-02-042-5/+8
| | | | | | | | | | | | | | | | | | | | The IPv4 and IPv6 version of the policy match are identical besides address comparison and the data structure used for userspace communication. Unify the data structures to break compatiblity now (before it is released), so we can port it to x_tables in 2.6.17. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: Fix ip6t_policy address matchingPatrick McHardy2006-02-041-2/+3
| | | | | | | | | | | | | | | | | | | | Fix two bugs in ip6t_policy address matching: - misorder arguments to ip6_masked_addrcmp, mask must be the second argument - inversion incorrectly applied to the entire expression instead of just the address comparison Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: Check policy length in policy match strict modePatrick McHardy2006-02-042-2/+2
| | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: Fix possible overflow in netfilters do_replace()Kirill Korotaev2006-02-044-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | netfilter's do_replace() can overflow on addition within SMP_ALIGN() and/or on multiplication by NR_CPUS, resulting in a buffer overflow on the copy_from_user(). In practice, the overflow on addition is triggerable on all systems, whereas the multiplication one might require much physical memory to be present due to the check above. Either is sufficient to overwrite arbitrary amounts of kernel memory. I really hate adding the same check to all 4 versions of do_replace(), but the code is duplicate... Found by Solar Designer during security audit of OpenVZ.org Signed-Off-By: Kirill Korotaev <dev@openvz.org> Signed-Off-By: Solar Designer <solar@openwall.com> Signed-off-by: Patrck McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: nf_conntrack: fix incorrect memset() size in FTP helperSamir Bellabes2006-02-041-2/+0
| | | | | | | | | | | | | | | | | | | | This memset() is executing with a bad size. According to Yasuyuki Kozakai, this memset() can be deleted, as 'ftp' is declared in global area. Signed-off-by: Samir Bellabes <sbellabes@mandriva.com> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: Fix missing src port initialization in tftp expectation maskPatrick McHardy2006-02-041-0/+1
| | | | | | | | | | | | | | Reported by David Ahern <dahern@avaya.com>, netfilter bugzilla #426. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: nfnetlink_queue: fix packet marking over netlinkPatrick McHardy2006-02-041-1/+2
| | | | | | | | | | | | | | The packet marked is the netlink skb, not the queued skb. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_logPatrick McHardy2006-02-043-18/+28
| | | | | | | | | | | | | | | | The skb allocated is always of size nlbufsize, even if that is smaller than the size needed for the current packet. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: ULOG/nfnetlink_log: Use better default value for 'nlbufsiz'Holger Eitzenberger2006-02-043-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Performance tests showed that ULOG may fail on heavy loaded systems because of failed order-N allocations (N >= 1). The default value of 4096 is not optimal in the sense that it actually allocates _two_ contigous physical pages. Reasoning: ULOG uses alloc_skb(), which adds another ~300 bytes for skb_shared_info. This patch sets the default value to NLMSG_GOODSIZE and adds some documentation at the top. Signed-off-by: Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: nf_conntrack: check address family when finding protocol moduleYasuyuki Kozakai2006-02-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | __nf_conntrack_{l3}proto_find() doesn't check the passed protocol family, then it's possible to touch out of the array which has only AF_MAX items. Spotted by Pablo Neira Ayuso. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: ctnetlink: add MODULE_ALIAS for expectation subsystemPablo Neira Ayuso2006-02-042-0/+2
| | | | | | | | | | | | | | | | Add load-on-demand support for expectation request. eg. conntrack -L expect Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: ctnetlink: Fix subsystem used for expectation eventsMarcus Sundberg2006-02-042-2/+2
| | | | | | | | | | | | | | | | | | The ctnetlink expectation events should use the NFNL_SUBSYS_CTNETLINK_EXP subsystem, not NFNL_SUBSYS_CTNETLINK. Signed-off-by: Marcus Sundberg <marcus@ingate.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [ICMP]: Fix extra dst release when ip_options_echo failsHerbert Xu2006-02-041-1/+1
| | | | | | | | | | | | | | | | | | | | When two ip_route_output_key lookups in icmp_send were combined I forgot to change the error path for ip_options_echo to not drop the dst reference since it now sits before the dst lookup. To fix it we simply jump past the ip_rt_put call. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud