linux/net
Pablo Neira Ayuso cba85b532e netfilter: fix export secctx error handling
In 1ae4de0cdf, the secctx was exported
via the /proc/net/netfilter/nf_conntrack and ctnetlink interfaces
instead of the secmark.

That patch introduced the use of security_secid_to_secctx() which may
return a non-zero value on error.

In one of my setups, I have NF_CONNTRACK_SECMARK enabled but no
security modules. Thus, security_secid_to_secctx() returns a negative
value that results in the breakage of the /proc and `conntrack -L'
outputs. To fix this, we skip the inclusion of secctx if the
aforementioned function fails.

This patch also fixes the dynamic netlink message size calculation
if security_secid_to_secctx() returns an error, since its logic is
also wrong.

This problem exists in Linux kernel >= 2.6.37.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-01-06 11:25:00 -08:00
..
9p net/9p/protocol.c: Remove duplicated macros. 2010-12-08 09:56:28 -08:00
802 net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
8021q 8021q: vlan device is lockless do not transfer real_num_{tx|rx}_queues 2010-11-28 10:47:19 -08:00
appletalk
atm net: kill unused macros 2010-12-19 21:59:35 -08:00
ax25 net: ax25: fix information leak to userland 2010-11-10 10:14:33 -08:00
batman-adv batman-adv: Return hna count on local buffer fill 2010-12-20 10:32:03 -08:00
bluetooth Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6 2011-01-04 14:25:28 -05:00
bridge Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-01-04 11:57:25 -08:00
caif Net: caif: Makefile: Remove deprecated items 2010-11-22 08:16:09 -08:00
can Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-01-04 11:57:25 -08:00
ceph Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
core net: add POLLPRI to sock_def_readable() 2011-01-06 10:54:29 -08:00
dcb dcb: use after free in dcb_flushapp() 2011-01-06 11:16:54 -08:00
dccp dccp: remove unused macros 2010-12-10 12:49:23 +01:00
decnet net: Abstract default MTU metric calculation behind an accessor. 2010-12-14 13:01:14 -08:00
dns_resolver Net: dns_resolver: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:10 -08:00
dsa phylib: available for any speed ethernet 2010-08-11 23:03:50 -07:00
econet Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
ethernet net: return operator cleanup 2010-09-23 14:33:39 -07:00
ieee802154 net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
ipv4 netfilter: fix export secctx error handling 2011-01-06 11:25:00 -08:00
ipv6 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-20 13:24:14 -08:00
ipx BKL: introduce CONFIG_BKL. 2010-10-21 15:44:13 +02:00
irda Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
iucv [S390] cleanup lowcore access from external interrupts 2010-10-25 16:10:19 +02:00
key net: return operator cleanup 2010-09-23 14:33:39 -07:00
l2tp Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
lapb Net: lapb: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
llc net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
mac80211 mac80211: remove stray extern 2011-01-05 16:07:12 -05:00
netfilter netfilter: fix export secctx error handling 2011-01-06 11:25:00 -08:00
netlabel net: kill unused macros 2010-12-19 21:59:35 -08:00
netlink netlink: fix netlink_change_ngroups() 2010-10-24 16:25:39 -07:00
netrom
packet net: Use skb_checksum_start_offset() 2010-12-16 14:43:14 -08:00
phonet Net: phonet: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
rds Net: rds: Makefile: Remove deprecated items 2010-11-22 08:16:15 -08:00
rfkill rfkill: remove dead code 2010-11-15 13:24:06 -05:00
rose Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-27 01:03:03 -07:00
rxrpc Net: rxrpc: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:15 -08:00
sched net_sched: pfifo_head_drop problem 2011-01-05 13:39:17 -08:00
sctp Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
sunrpc Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
tipc tipc: update log.h re-include protection to reflect new name 2011-01-01 14:56:18 -08:00
unix af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks. 2011-01-05 15:38:53 -08:00
wanrouter Net: wanrouter: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:16 -08:00
wimax
wireless cfg80211: fix transposition of words in printk 2011-01-04 14:43:01 -05:00
x25 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
xfrm Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
Kconfig net: Add batman-adv meshing protocol 2010-12-16 13:44:24 -08:00
Makefile net: Add batman-adv meshing protocol 2010-12-16 13:44:24 -08:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
sysctl_net.c
TUNABLE