OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f81074f861
linux/net/ipv4/netfilter
History
Patrick McHardy 8fa9ff6849 netfilter: fix crashes in bridge netfilter caused by fragment jumps 
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.

Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805

Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-12-15 16:59:59 +01:00
..
arp_tables.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
arpt_mangle.c
arptable_filter.c
ip_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
ip_tables.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_addrtype.c
ipt_ah.c
ipt_CLUSTERIP.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ecn.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ECN.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
ipt_LOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_MASQUERADE.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_NETMAP.c
ipt_REDIRECT.c
ipt_REJECT.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ULOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
iptable_filter.c
iptable_mangle.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
iptable_raw.c
iptable_security.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
Kconfig
Makefile
nf_conntrack_l3proto_ipv4_compat.c
nf_conntrack_l3proto_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
nf_conntrack_proto_icmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
nf_defrag_ipv4.c netfilter: fix crashes in bridge netfilter caused by fragment jumps 2009-12-15 16:59:59 +01:00
nf_nat_amanda.c
nf_nat_core.c
nf_nat_ftp.c
nf_nat_h323.c
nf_nat_helper.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-12-03 13:23:12 -08:00
nf_nat_irc.c
nf_nat_pptp.c
nf_nat_proto_common.c
nf_nat_proto_dccp.c
nf_nat_proto_gre.c
nf_nat_proto_icmp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_rule.c
nf_nat_sip.c
nf_nat_snmp_basic.c
nf_nat_standalone.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
nf_nat_tftp.c