linux.git/net/netfilter, branch v2.6.19 Linux kernel source tree [NETFILTER]: conntrack: fix refcount leak when finding expectation 2006-11-29T04:59:37+00:00 Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2006-11-27T18:26:46+00:00 2e47c264a2e6ea24c27b4987607222202818c1f4 All users of __{ip,nf}_conntrack_expect_find() don't expect that it increments the reference count of expectation. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
All users of __{ip,nf}_conntrack_expect_find() don't expect that
it increments the reference count of expectation.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: ctnetlink: fix reference count leak 2006-11-29T04:59:36+00:00 Patrick McHardy kaber@trash.net 2006-11-27T18:26:25+00:00 c537b75a3ba9f5d2569f313742cd379dff6ceb70 When NFA_NEST exceeds the skb size the protocol reference is leaked. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
When NFA_NEST exceeds the skb size the protocol reference is leaked.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack: fix the race on assign helper to new conntrack 2006-11-29T04:59:35+00:00 Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2006-11-27T18:25:59+00:00 22e7410b760b9c1777839fdd10382c60df8cbda2 The found helper cannot be assigned to conntrack after unlocking nf_conntrack_lock. This tries to find helper to assign again. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
The found helper cannot be assigned to conntrack after unlocking
nf_conntrack_lock. This tries to find helper to assign again.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nfctnetlink: assign helper to newly created conntrack 2006-11-29T04:59:34+00:00 Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2006-11-27T18:25:32+00:00 dafc741cf23351a6f43895579a72ab8818ba00ae This fixes the bug which doesn't assign helper to newly created conntrack via nf_conntrack_netlink. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
This fixes the bug which doesn't assign helper to newly created
conntrack via nf_conntrack_netlink.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: Use pskb_trim in {ip,ip6,nfnetlink}_queue 2006-11-16T05:18:48+00:00 Patrick McHardy kaber@trash.net 2006-11-15T03:48:09+00:00 d8a585d78efdf191a64ca655136ac1e49fd27cf4 Based on patch by James D. Nurmi: I've got some code very dependant on nfnetlink_queue, and turned up a large number of warns coming from skb_trim. While it's quite possibly my code, having not seen it on older kernels made me a bit suspect. Anyhow, based on some googling I turned up this thread: http://lkml.org/lkml/2006/8/13/56 And believe the issue to be related, so attached is a small patch to the kernel -- not sure if this is completely correct, but for anyone else hitting the WARN_ON(1) in skbuff.h, it might be helpful.. Signed-off-by: James D. Nurmi <jdnurmi@gmail.com> Ported to ip6_queue and nfnetlink_queue and added return value checks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Based on patch by James D. Nurmi:

I've got some code very dependant on nfnetlink_queue, and turned up a
large number of warns coming from skb_trim.  While it's quite possibly
my code, having not seen it on older kernels made me a bit suspect.

Anyhow, based on some googling I turned up this thread:
http://lkml.org/lkml/2006/8/13/56

And believe the issue to be related, so attached is a small patch to
the kernel -- not sure if this is completely correct, but for anyone
else hitting the WARN_ON(1) in skbuff.h, it might be helpful..

Signed-off-by: James D. Nurmi <jdnurmi@gmail.com>

Ported to ip6_queue and nfnetlink_queue and added return value
checks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nfnetlink_log: fix byteorder of NFULA_SEQ_GLOBAL 2006-11-16T05:18:47+00:00 Patrick McHardy kaber@trash.net 2006-11-15T03:47:09+00:00 7fdeaf68a16f8102659cf1b30f57247d8ccbeef0 NFULA_SEQ_GLOBAL should be in network byteorder. Spotted by Al Viro. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
NFULA_SEQ_GLOBAL should be in network byteorder.

Spotted by Al Viro.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER] bug: skb->protocol is already net-endian 2006-11-05T22:11:29+00:00 Al Viro viro@zeniv.linux.org.uk 2006-11-03T08:59:17+00:00 febf0a431e42f5a1fdb2b763273700610552ddcc htons() is not needed (and no, it's not misspelled ntohs() - userland expects net-endian here). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
htons() is not needed (and no, it's not misspelled ntohs() -
userland expects net-endian here).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER] bug: nfulnl_msg_config_mode ->copy_range is 32bit 2006-11-05T22:11:28+00:00 Al Viro viro@zeniv.linux.org.uk 2006-11-03T08:58:41+00:00 d1208b999dd367b72168cc3c7f8d8d2c95143c67 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER] bug: NFULA_CFG_QTHRESH uses 32bit 2006-11-05T22:11:27+00:00 Al Viro viro@zeniv.linux.org.uk 2006-11-03T08:58:17+00:00 7ac00a24f379f8ab9d3c968fea3dc030a45956fd Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack: add missing unlock in get_next_corpse() 2006-10-30T23:24:46+00:00 Martin Josefsson gandalf@wlug.westbo.se 2006-10-30T23:13:58+00:00 c073e3fa8b7f9841aa6451885f135656d455f511 Add missing unlock in get_next_corpse() in nf_conntrack. It was missed during the removal of listhelp.h . Also remove an unneeded use of nf_ct_tuplehash_to_ctrack() in the same function. Should be applied before 2.6.19 is released. Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Add missing unlock in get_next_corpse() in nf_conntrack. It was missed
during the removal of listhelp.h . Also remove an unneeded use of
nf_ct_tuplehash_to_ctrack() in the same function.

Should be applied before 2.6.19 is released.

Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>