Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Fix UAF in set catch-all element, from Eric Dumazet. 2) Fix MAC mangling for multicast/loopback traffic in nfnetlink_queue and nfnetlink_log, from Ignacy Gawędzki. 3) Remove expired entries from ctnetlink dump path regardless the tuple direction, from Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
8ca4090fec
@ -1195,8 +1195,6 @@ restart:
|
||||
}
|
||||
hlist_nulls_for_each_entry(h, n, &nf_conntrack_hash[cb->args[0]],
|
||||
hnnode) {
|
||||
if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL)
|
||||
continue;
|
||||
ct = nf_ct_tuplehash_to_ctrack(h);
|
||||
if (nf_ct_is_expired(ct)) {
|
||||
if (i < ARRAY_SIZE(nf_ct_evict) &&
|
||||
@ -1208,6 +1206,9 @@ restart:
|
||||
if (!net_eq(net, nf_ct_net(ct)))
|
||||
continue;
|
||||
|
||||
if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL)
|
||||
continue;
|
||||
|
||||
if (cb->args[1]) {
|
||||
if (ct != last)
|
||||
continue;
|
||||
|
@ -4481,9 +4481,9 @@ struct nft_set_elem_catchall {
|
||||
static void nft_set_catchall_destroy(const struct nft_ctx *ctx,
|
||||
struct nft_set *set)
|
||||
{
|
||||
struct nft_set_elem_catchall *catchall;
|
||||
struct nft_set_elem_catchall *next, *catchall;
|
||||
|
||||
list_for_each_entry_rcu(catchall, &set->catchall_list, list) {
|
||||
list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {
|
||||
list_del_rcu(&catchall->list);
|
||||
nft_set_elem_destroy(set, catchall->elem, true);
|
||||
kfree_rcu(catchall);
|
||||
|
@ -556,7 +556,8 @@ __build_packet_message(struct nfnl_log_net *log,
|
||||
goto nla_put_failure;
|
||||
|
||||
if (indev && skb->dev &&
|
||||
skb->mac_header != skb->network_header) {
|
||||
skb_mac_header_was_set(skb) &&
|
||||
skb_mac_header_len(skb) != 0) {
|
||||
struct nfulnl_msg_packet_hw phw;
|
||||
int len;
|
||||
|
||||
|
@ -560,7 +560,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
|
||||
goto nla_put_failure;
|
||||
|
||||
if (indev && entskb->dev &&
|
||||
skb_mac_header_was_set(entskb)) {
|
||||
skb_mac_header_was_set(entskb) &&
|
||||
skb_mac_header_len(entskb) != 0) {
|
||||
struct nfqnl_msg_packet_hw phw;
|
||||
int len;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user