forked from Minki/linux
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says: ==================== The following patchset contains three Netfilter fixes, they are: * Fix conntrack helper re-assignment after NAT mangling if only if the same helper is attached to the conntrack again, from Florian Westphal. * Don't allow the creation of conntrack entries via ctnetlink if the original and reply tuples are missing, from Florian Westphal. * Fix broken sysctl interface in nf_ct_reasm while adding netns support to it, from Michal Kubecek. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
306dbf9e55
@ -97,9 +97,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
|
||||
if (table == NULL)
|
||||
goto err_alloc;
|
||||
|
||||
table[0].data = &net->ipv6.frags.high_thresh;
|
||||
table[1].data = &net->ipv6.frags.low_thresh;
|
||||
table[2].data = &net->ipv6.frags.timeout;
|
||||
table[0].data = &net->nf_frag.frags.timeout;
|
||||
table[1].data = &net->nf_frag.frags.low_thresh;
|
||||
table[2].data = &net->nf_frag.frags.high_thresh;
|
||||
}
|
||||
|
||||
hdr = register_net_sysctl(net, "net/netfilter", table);
|
||||
|
@ -236,7 +236,9 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
|
||||
/* We only allow helper re-assignment of the same sort since
|
||||
* we cannot reallocate the helper extension area.
|
||||
*/
|
||||
if (help->helper != helper) {
|
||||
struct nf_conntrack_helper *tmp = rcu_dereference(help->helper);
|
||||
|
||||
if (tmp && tmp->help != helper->help) {
|
||||
RCU_INIT_POINTER(help->helper, NULL);
|
||||
goto out;
|
||||
}
|
||||
|
@ -1705,6 +1705,9 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
|
||||
if (nlh->nlmsg_flags & NLM_F_CREATE) {
|
||||
enum ip_conntrack_events events;
|
||||
|
||||
if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY])
|
||||
return -EINVAL;
|
||||
|
||||
ct = ctnetlink_create_conntrack(net, zone, cda, &otuple,
|
||||
&rtuple, u3);
|
||||
if (IS_ERR(ct))
|
||||
|
Loading…
Reference in New Issue
Block a user