linux.git/net/ipv6/netfilter, branch v3.0-rc2 Linux kernel source tree Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6 2011-05-11T18:26:58+00:00 David S. Miller davem@davemloft.net 2011-05-11T18:26:15+00:00 3c709f8fb43e07a0403bba4a8ca7ba00ab874994 Conflicts: drivers/net/benet/be_main.c 
Conflicts:
	drivers/net/benet/be_main.c
netfilter: IPv6: initialize TOS field in REJECT target module 2011-05-10T07:55:44+00:00 Fernando Luis Vazquez Cao fernando@oss.ntt.co.jp 2011-05-10T07:55:44+00:00 4319cc0cf5bb894b7368008cdf6dd20eb8868018 The IPv6 header is not zeroed out in alloc_skb so we must initialize it properly unless we want to see IPv6 packets with random TOS fields floating around. The current implementation resets the flow label but this could be changed if deemed necessary. We stumbled upon this issue when trying to apply a mangle rule to the RST packet generated by the REJECT target module. Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
The IPv6 header is not zeroed out in alloc_skb so we must initialize
it properly unless we want to see IPv6 packets with random TOS fields
floating around. The current implementation resets the flow label
but this could be changed if deemed necessary.

We stumbled upon this issue when trying to apply a mangle rule to
the RST packet generated by the REJECT target module.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2011-04-19T18:24:06+00:00 David S. Miller davem@davemloft.net 2011-04-19T18:24:06+00:00 4805347c1eb12cfe79f42a12a5442ee01590a9c0 






netfilter: ip6table_mangle: Fix set-but-unused variables.
2011-04-18T00:06:15+00:00

David S. Miller
davem@davemloft.net

2011-04-18T00:06:15+00:00

b169f6db40605d0907458d1ff78ceac2b194a44f

The variable 'flowlabel' is set but unused in ip6t_mangle_out().

The intention here was to compare this key to the header value after
mangling, and trigger a route lookup on mismatch.

Make it so.

Signed-off-by: David S. Miller <davem@davemloft.net>





The variable 'flowlabel' is set but unused in ip6t_mangle_out().

The intention here was to compare this key to the header value after
mangling, and trigger a route lookup on mismatch.

Make it so.

Signed-off-by: David S. Miller <davem@davemloft.net>







netfilter: ip6_tables: Fix set-but-unused variables.
2011-04-18T00:04:48+00:00

David S. Miller
davem@davemloft.net

2011-04-18T00:04:48+00:00

f3c85dd560f26ceae1351e6f83e83f1322761ead

The variable 'target' is set but unused in compat_copy_entry_from_user().

Just kill it off.

Signed-off-by: David S. Miller <davem@davemloft.net>





The variable 'target' is set but unused in compat_copy_entry_from_user().

Just kill it off.

Signed-off-by: David S. Miller <davem@davemloft.net>







netfilter: get rid of atomic ops in fast path
2011-04-04T15:04:03+00:00

Eric Dumazet
eric.dumazet@gmail.com

2011-04-04T15:04:03+00:00

7f5c6d4f665bb57a19a34ce1fb16cc708c04f219

We currently use a percpu spinlock to 'protect' rule bytes/packets
counters, after various attempts to use RCU instead.

Lately we added a seqlock so that get_counters() can run without
blocking BH or 'writers'. But we really only need the seqcount in it.

Spinlock itself is only locked by the current/owner cpu, so we can
remove it completely.

This cleanups api, using correct 'writer' vs 'reader' semantic.

At replace time, the get_counters() call makes sure all cpus are done
using the old table.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>





We currently use a percpu spinlock to 'protect' rule bytes/packets
counters, after various attempts to use RCU instead.

Lately we added a seqlock so that get_counters() can run without
blocking BH or 'writers'. But we really only need the seqcount in it.

Spinlock itself is only locked by the current/owner cpu, so we can
remove it completely.

This cleanups api, using correct 'writer' vs 'reader' semantic.

At replace time, the get_counters() call makes sure all cpus are done
using the old table.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>







Fix common misspellings
2011-03-31T14:26:23+00:00

Lucas De Marchi
lucas.demarchi@profusion.mobi

2011-03-31T01:57:33+00:00

25985edcedea6396277003854657b5f3cb31a628

Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>





Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>







netfilter: xtables: fix reentrancy
2011-03-20T14:40:06+00:00

Eric Dumazet
eric.dumazet@gmail.com

2011-03-20T14:40:06+00:00

db856674ac69e31946e56085239757cca3f7655f

commit f3c5c1bfd4308 (make ip_tables reentrant) introduced a race in
handling the stackptr restore, at the end of ipt_do_table()

We should do it before the call to xt_info_rdunlock_bh(), or we allow
cpu preemption and another cpu overwrites stackptr of original one.

A second fix is to change the underflow test to check the origptr value
instead of 0 to detect underflow, or else we allow a jump from different
hooks.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>





commit f3c5c1bfd4308 (make ip_tables reentrant) introduced a race in
handling the stackptr restore, at the end of ipt_do_table()

We should do it before the call to xt_info_rdunlock_bh(), or we allow
cpu preemption and another cpu overwrites stackptr of original one.

A second fix is to change the underflow test to check the origptr value
instead of 0 to detect underflow, or else we allow a jump from different
hooks.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>







Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
2011-03-15T20:03:27+00:00

David S. Miller
davem@davemloft.net

2011-03-15T20:03:27+00:00

31111c26d976ca0f298312f08e44cdb078005b03

Conflicts:
	Documentation/feature-removal-schedule.txt





Conflicts:
	Documentation/feature-removal-schedule.txt







ipv6: netfilter: ip6_tables: fix infoleak to userspace
2011-03-15T12:37:13+00:00

Vasiliy Kulikov
segoon@openwall.com

2011-03-15T12:37:13+00:00

6a8ab060779779de8aea92ce3337ca348f973f54

Structures ip6t_replace, compat_ip6t_replace, and xt_get_revision are
copied from userspace.  Fields of these structs that are
zero-terminated strings are not checked.  When they are used as argument
to a format string containing "%s" in request_module(), some sensitive
information is leaked to userspace via argument of spawned modprobe
process.

The first bug was introduced before the git epoch;  the second was
introduced in 3bc3fe5e (v2.6.25-rc1);  the third is introduced by
6b7d31fc (v2.6.15-rc1).  To trigger the bug one should have
CAP_NET_ADMIN.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>





Structures ip6t_replace, compat_ip6t_replace, and xt_get_revision are
copied from userspace.  Fields of these structs that are
zero-terminated strings are not checked.  When they are used as argument
to a format string containing "%s" in request_module(), some sensitive
information is leaked to userspace via argument of spawned modprobe
process.

The first bug was introduced before the git epoch;  the second was
introduced in 3bc3fe5e (v2.6.25-rc1);  the third is introduced by
6b7d31fc (v2.6.15-rc1).  To trigger the bug one should have
CAP_NET_ADMIN.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>