linux/net/netfilter/ipvs, branch v3.6

ipvs: fix error return code

2012-08-30T01:27:19Z

Initialize return variable before exiting on an error path. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // ( if@p1 (\(ret < 0\|ret != 0\)) { ... return ret; } | ret@p1 = 0 ) ... when != ret = e1 when != &ret *if(...) { ... when != ret = e2 when forall return ret; } // Signed-off-by: Julia Lawall Acked-by: Simon Horman Signed-off-by: Pablo Neira Ayuso

ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)

2012-08-16T04:36:31Z

If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is not set, __ip_vs_get_timeouts() does not fully initialize the structure that gets copied to userland and that for leaks up to 12 bytes of kernel stack. Add an explicit memset(0) before passing the structure to __ip_vs_get_timeouts() to avoid the info leak. Signed-off-by: Mathias Krause Cc: Wensong Zhang Cc: Simon Horman Cc: Julian Anastasov Signed-off-by: David S. Miller

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2012-07-19T18:17:30Z

Conflicts: drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c

net: Pass optional SKB and SK arguments to dst_ops->{update_pmtu,redirect}()

2012-07-17T10:29:28Z

This will be used so that we can compose a full flow key. Even though we have a route in this context, we need more. In the future the routes will be without destination address, source address, etc. keying. One ipv4 route will cover entire subnets, etc. In this environment we have to have a way to possess persistent storage for redirects and PMTU information. This persistent storage will exist in the FIB tables, and that's why we'll need to be able to rebuild a full lookup flow key here. Using that flow key will do a fib_lookup() and create/update the persistent entry. Signed-off-by: David S. Miller

ipvs: fix oops in ip_vs_dst_event on rmmod

2012-07-17T10:00:58Z

After commit 39f618b4fd95ae243d940ec64c961009c74e3333 (3.4) "ipvs: reset ipvs pointer in netns" we can oops in ip_vs_dst_event on rmmod ip_vs because ip_vs_control_cleanup is called after the ipvs_core_ops subsys is unregistered and net->ipvs is NULL. Fix it by exiting early from ip_vs_dst_event if ipvs is NULL. It is safe because all services and dests for the net are already freed. Signed-off-by: Julian Anastasov Signed-off-by: Simon Horman Signed-off-by: Pablo Neira Ayuso

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2012-07-05T10:44:25Z

netfilter: ipvs: fix dst leak in __ip_vs_addr_is_local_v6

2012-06-25T10:07:09Z

After call to ip6_route_output() we must release dst or we leak it. Also should test dst->error, as ip6_route_output() never returns NULL. Use boolean while we are at it. Signed-off-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso

Merge branch 'master' of git://1984.lsi.us.es/net-next

2012-06-11T19:56:14Z

netfilter: ipvs: switch hook PFs to nfproto

2012-06-07T12:58:43Z

This patch is a cleanup. Use NFPROTO_* for consistency with other netfilter code. Signed-off-by: Alban Crequy Reviewed-by: Javier Martinez Canillas Reviewed-by: Vincent Sanders Signed-off-by: Pablo Neira Ayuso

net: use consume_skb() in place of kfree_skb()

2012-06-04T15:27:40Z

Remove some dropwatch/drop_monitor false positives. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller