linux/net
Florian Westphal a4e6a1031e netfilter: conntrack: add clash resolution for reverse collisions
Given existing entry:
ORIGIN: a:b -> c:d
REPLY:  c:d -> a:b

And colliding entry:
ORIGIN: c:d -> a:b
REPLY:  a:b -> c:d

The colliding ct (and the associated skb) get dropped on insert.
Permit this by checking if the colliding entry matches the reply
direction.

Happens when both ends send packets at same time, both requests are picked
up as NEW, rather than NEW for the 'first' and 'ESTABLISHED' for the
second packet.

This is an esoteric condition, as ruleset must permit NEW connections
in either direction and both peers must already have a bidirectional
traffic flow at the time conntrack gets enabled.

Allow the 'reverse' skb to pass and assign the existing (clashing)
entry.

While at it, also drop the extra 'dying' check, this is already
tested earlier by the calling function.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2024-09-26 13:01:54 +02:00
..
6lowpan ipv6: eliminate ndisc_ops_is_useropt() 2024-08-12 17:23:57 -07:00
9p Two fixes headed to stable trees: 2024-05-29 09:25:15 -07:00
802
8021q netdev_features: remove NETIF_F_ALL_FCOE 2024-09-03 11:36:43 +02:00
appletalk Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
atm atm: clean up a put_user() calls 2024-06-14 19:08:50 -07:00
ax25 ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() 2024-06-01 15:49:42 -07:00
batman-adv netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local 2024-09-03 11:36:43 +02:00
bluetooth Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL 2024-09-10 13:07:24 -04:00
bpf bpf-next-for-netdev 2024-07-09 17:01:46 +02:00
bridge netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish() 2024-09-09 14:14:52 +01:00
caif net: caif: remove unused name 2024-09-12 20:29:04 -07:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
ceph libceph: fix crush_choose_firstn() kernel-doc warnings 2024-07-11 16:33:07 +02:00
core net: fib_rules: Enable DSCP selector usage 2024-09-13 21:15:45 -07:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-06-27 12:14:11 -07:00
devlink devlink: Constify the 'table_ops' parameter of devl_dpipe_table_register() 2024-06-05 10:24:57 +01:00
dns_resolver
dsa net: dsa: microchip: update tag_ksz masks for KSZ9477 family 2024-09-10 17:27:56 -07:00
ethernet netkit: Fix pkt_type override upon netkit pass verdict 2024-05-25 10:48:57 -07:00
ethtool net: ethtool: phy: Don't set the context dev pointer for unfiltered DUMP 2024-09-13 21:40:12 -07:00
handshake net/handshake: use sockfd_put() helper 2024-08-27 16:09:25 -07:00
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-12 17:11:24 -07:00
ieee802154 netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local 2024-09-03 11:36:43 +02:00
ife
ipv4 ipv4: fib_rules: Add DSCP selector support 2024-09-13 21:15:44 -07:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
iucv s390/iucv: Fix vargs handling in iucv_alloc_device() 2024-08-22 13:09:20 -07:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-19 18:36:12 -07:00
key
l2tp l2tp: remove unneeded null check in l2tp_v2_session_get_next 2024-09-04 16:39:32 -07:00
l3mdev
lapb
llc llc: Constify struct llc_sap_state_trans 2024-07-15 08:51:19 -07:00
mac80211 wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() 2024-09-09 11:45:06 +02:00
mac802154 net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() 2024-06-03 11:20:56 +02:00
mctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-08-22 17:06:18 -07:00
mpls net: mpls: delete redundant judgment statements 2024-08-23 14:27:46 +01:00
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-12 17:11:24 -07:00
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-06-01 16:21:44 -07:00
netfilter netfilter: conntrack: add clash resolution for reverse collisions 2024-09-26 13:01:54 +02:00
netlabel netlabel: fix RCU annotation for IPv4 options on socket creation 2024-05-13 14:58:12 -07:00
netlink net: netlink: Remove the dump_cb_mutex field from struct netlink_sock 2024-08-26 10:35:16 +01:00
netrom net/netrom: prefer strscpy over strcpy 2024-08-29 12:33:07 -07:00
nfc Quite smaller than usual. Notably it includes the fix for the unix 2024-05-23 12:49:37 -07:00
nsh
openvswitch netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local 2024-09-03 11:36:43 +02:00
packet net: add support for skbs with unreadable frags 2024-09-11 20:44:31 -07:00
phonet sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
psample net: psample: fix flag being set in wrong skb 2024-07-11 18:11:31 -07:00
qrtr net: qrtr: ns: Ignore ENODEV failures in ns 2024-06-14 13:17:21 +02:00
rds net: rds: add option for GCOV profiling 2024-08-09 13:18:46 +01:00
rfkill wifi: rfkill: Correct parameter type for rfkill_set_hw_state_reason() 2024-08-27 10:28:55 +02:00
rose net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
rxrpc rxrpc: Remove unused function declarations 2024-08-02 17:17:34 -07:00
sched sch_cake: constify inverse square root cache 2024-09-10 18:31:52 -07:00
sctp sctp: Unmask upper DSCP bits in sctp_v4_get_dst() 2024-09-09 14:14:53 +01:00
smc net/smc: add sysctl for smc_limit_hs 2024-09-10 12:11:04 +02:00
strparser
sunrpc rpcrdma: Trace connection registration and unregistration 2024-08-19 11:50:41 -04:00
switchdev net: bridge: switchdev: Improve error message for port_obj_add/del functions 2024-05-08 12:19:12 +01:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
tls net: tls: wait for async completion on last message 2024-09-06 18:20:55 -07:00
unix af_unix: Don't return OOB skb in manage_oob(). 2024-09-09 17:14:27 -07:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-08-15 17:18:52 -07:00
wireless wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors 2024-09-09 11:43:21 +02:00
x25 net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
xfrm ipsec-next-2024-09-10 2024-09-10 19:00:47 -07:00
compat.c
devres.c
Kconfig memory-provider: disable building dmabuf mp on !CONFIG_PAGE_POOL 2024-09-13 11:41:45 -07:00
Kconfig.debug
Makefile
socket.c net-timestamp: introduce SOF_TIMESTAMPING_OPT_RX_FILTER flag 2024-09-10 16:55:23 -07:00
sysctl_net.c sysctl: Remove check for sentinel element in ctl_table arrays 2024-06-13 10:50:52 +02:00