linux-stable.git/net/ipv4, branch linux-2.6.12.y Linux kernel stable tree [PATCH] Fix DST leak in icmp_push_reply() 2005-08-29T16:55:12+00:00 Patrick McHardy kaber@trash.net 2005-08-18T18:59:37+00:00 3ad543d4783e47b413300715d790b5ad652567ff Based upon a bug report and initial patch by Ollie Wild. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: "David S. Miller" <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> 
Based upon a bug report and initial patch by
Ollie Wild.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] Restrict socket policy loading to CAP_NET_ADMIN - CAN-2005-2555 2005-08-29T16:55:11+00:00 Herbert Xu herbert@gondor.apana.org.au 2005-08-06T20:33:15+00:00 332b8bee402fe1076e50d08dfa535a9f0a349cba The interface needs much redesigning if we wish to allow normal users to do this in some way. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: "David S. Miller" <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> 
The interface needs much redesigning if we wish to allow
normal users to do this in some way.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] Wait until all references to ip_conntrack_untracked are dropped on unload 2005-08-05T07:04:20+00:00 Patrick McHardy kaber@trash.net 2005-07-22T07:35:51+00:00 1541b785b9c11b639ba5f60f4c5de5bff235f7d8 [NETFILTER]: Wait until all references to ip_conntrack_untracked are dropped on unload Fixes a crash when unloading ip_conntrack. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
[NETFILTER]: Wait until all references to ip_conntrack_untracked are dropped on unload

Fixes a crash when unloading ip_conntrack.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Fix potential memory corruption in NAT code (aka memory NAT) 2005-08-05T07:04:19+00:00 Patrick McHardy kaber@trash.net 2005-07-22T07:35:43+00:00 634823cdc51b1cacba504b29d6de9a25e1ee41af [NETFILTER]: Fix potential memory corruption in NAT code (aka memory NAT) The portptr pointing to the port in the conntrack tuple is declared static, which could result in memory corruption when two packets of the same protocol are NATed at the same time and one conntrack goes away. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
[NETFILTER]: Fix potential memory corruption in NAT code (aka memory NAT)

The portptr pointing to the port in the conntrack tuple is declared static,
which could result in memory corruption when two packets of the same
protocol are NATed at the same time and one conntrack goes away.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] revert nf_reset change 2005-07-15T21:15:24+00:00 Patrick McHardy kaber@trash.net 2005-07-12T11:58:27+00:00 08cfcb785b7163a62c01632dbe9f0650a9754e62 [NETFILTER]: Revert nf_reset change Revert the nf_reset change that caused so much trouble, drop conntrack references manually before packets are queued to packet sockets. Adapted for 2.6.12 by Daniel Drake <dsd@gentoo.org> Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
[NETFILTER]: Revert nf_reset change

Revert the nf_reset change that caused so much trouble, drop conntrack
references manually before packets are queued to packet sockets.

Adapted for 2.6.12 by Daniel Drake <dsd@gentoo.org>

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[NETFILTER]: ipt_recent: last_pkts is an array of "unsigned long" not "u_int32_t" 2005-06-16T03:51:14+00:00 David S. Miller davem@davemloft.net 2005-06-16T03:51:14+00:00 bcfff0b471a60df350338bcd727fc9b8a6aa54b2 This fixes various crashes on 64-bit when using this module. Based upon a patch by Juergen Kreileder <jk@blackdown.de>. Signed-off-by: David S. Miller <davem@davemloft.net> ACKed-by: Patrick McHardy <kaber@trash.net> 
This fixes various crashes on 64-bit when using this module.

Based upon a patch by Juergen Kreileder <jk@blackdown.de>.

Signed-off-by: David S. Miller <davem@davemloft.net>
ACKed-by: Patrick McHardy <kaber@trash.net>
[NETFILTER]: Advance seq-file position in exp_next_seq() 2005-06-14T01:27:13+00:00 Patrick McHardy kaber@trash.net 2005-06-14T01:27:13+00:00 a96aca88ac71f75e566981b554da44bfd0d111e8 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: Sysctl configurable icmp error source address. 2005-06-13T22:19:03+00:00 J. Simonetti jeroen@simonetti.nl 2005-06-13T22:19:03+00:00 1c2fb7f93cb20621772bf304f3dba0849942e5db This patch alows you to change the source address of icmp error messages. It applies cleanly to 2.6.11.11 and retains the default behaviour. In the old (default) behaviour icmp error messages are sent with the ip of the exiting interface. The new behaviour (when the sysctl variable is toggled on), it will send the message with the ip of the interface that received the packet that caused the icmp error. This is the behaviour network administrators will expect from a router. It makes debugging complicated network layouts much easier. Also, all 'vendor routers' I know of have the later behaviour. Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch alows you to change the source address of icmp error
messages. It applies cleanly to 2.6.11.11 and retains the default
behaviour.

In the old (default) behaviour icmp error messages are sent with the ip
of the exiting interface.

The new behaviour (when the sysctl variable is toggled on), it will send
the message with the ip of the interface that received the packet that
caused the icmp error. This is the behaviour network administrators will
expect from a router. It makes debugging complicated network layouts
much easier. Also, all 'vendor routers' I know of have the later
behaviour.

Signed-off-by: David S. Miller <davem@davemloft.net>
[SCTP] Add support for ip_nonlocal_bind sysctl & IP_FREEBIND socket option 2005-06-13T22:12:33+00:00 Neil Horman nhorman@redhat.com 2005-06-13T22:12:33+00:00 cdac4e07748934e37e415437055ed591aed9eb21 Signed-off-by: Neil Horman <nhorman@redhat.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Neil Horman <nhorman@redhat.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13T21:29:06+00:00 Randy Dunlap rdunlap@xenotime.net 2005-06-13T21:29:06+00:00 6efd8455cff1979dd081daaa1ce3d3f1764863dc Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: David S. Miller <davem@davemloft.net>