linux/net/netfilter, branch v3.5 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.5 2012-07-17T10:00:58Z ipvs: fix oops in ip_vs_dst_event on rmmod 2012-07-17T10:00:58Z Julian Anastasov ja@ssi.bg 2012-07-07T17:30:11Z urn:sha1:283283c4da91adc44b03519f434ee1e7e91d6fdb After commit 39f618b4fd95ae243d940ec64c961009c74e3333 (3.4) "ipvs: reset ipvs pointer in netns" we can oops in ip_vs_dst_event on rmmod ip_vs because ip_vs_control_cleanup is called after the ipvs_core_ops subsys is unregistered and net->ipvs is NULL. Fix it by exiting early from ip_vs_dst_event if ipvs is NULL. It is safe because all services and dests for the net are already freed. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: ipset: timeout fixing bug broke SET target special timeout value 2012-07-09T08:53:04Z Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-06-29T09:42:28Z urn:sha1:a73f89a61f92b364f0b4a3be412b5b70553afc23 The patch "127f559 netfilter: ipset: fix timeout value overflow bug" broke the SET target when no timeout was specified. Reported-by: Jean-Philippe Menil <jean-philippe.menil@univ-nantes.fr> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nfnetlink: fix missing rcu_read_unlock in nfnetlink_rcv_msg 2012-06-29T11:04:16Z Tomasz Bursztyka tomasz.bursztyka@linux.intel.com 2012-06-28T02:57:49Z urn:sha1:4009e18851ea555959c6017d848983b3d60bf667 Bug added in commit 6b75e3e8d664a9a (netfilter: nfnetlink: add RCU in nfnetlink_rcv_msg()) Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: ipset: fix crash if IPSET_CMD_NONE command is sent 2012-06-29T11:04:04Z Tomasz Bursztyka tomasz.bursztyka@linux.intel.com 2012-06-28T02:57:48Z urn:sha1:d31f4d448f7671dc3e6a7a1c92a4c085a36058bb This patch fixes a crash if that ipset command is sent over nfnetlink. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: ipvs: fix dst leak in __ip_vs_addr_is_local_v6 2012-06-25T10:07:09Z Eric Dumazet edumazet@google.com 2012-06-24T21:58:23Z urn:sha1:c24584c028a62900ea6b541b312030f0feac93b8 After call to ip6_route_output() we must release dst or we leak it. Also should test dst->error, as ip6_route_output() never returns NULL. Use boolean while we are at it. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: ipset: fix interface comparision in hash-netiface sets 2012-06-25T10:03:21Z Florian Westphal fw@strlen.de 2012-06-17T09:56:46Z urn:sha1:ef5b6e127761667f78d99b7510a3876077fe9abe ifname_compare() assumes that skb->dev is zero-padded, e.g 'eth1\0\0\0\0\0...'. This isn't always the case. e1000 driver does strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1); in e1000_probe(), so once device is registered dev->name memory contains 'eth1\0:0:3\0\0\0' (or something like that), which makes eth1 compare fail. Use plain strcmp() instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: nf_ct_h323: fix bug in rtcp natting 2012-06-07T12:53:17Z Pablo Neira Ayuso pablo@netfilter.org 2012-06-04T11:31:04Z urn:sha1:d109e9af61a6d2fdf33dc615ab8b724a8e75a8a4 The nat_rtp_rtcp hook takes two separate parameters port and rtp_port. port is expected to be the real h245 address (found inside the packet). rtp_port is the even number closest to port (RTP ports are even and RTCP ports are odd). However currently, both port and rtp_port are having same value (both are rounded to nearest even numbers). This works well in case of openlogicalchannel with media (RTP/even) port. But in case of openlogicalchannel for media control (RTCP/odd) port, h245 address in the packet is wrongly modified to have an even port. I am attaching a pcap demonstrating the problem, for any further analysis. This behavior was introduced around v2.6.19 while rewriting the helper. Signed-off-by: Jagdish Motwani <jagdish.motwani@elitecore.com> Signed-off-by: Sanket Shah <sanket.shah@elitecore.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> netfilter: xt_HMARK: fix endianness and provide consistent hashing 2012-06-07T12:53:01Z Hans Schillstrom hans@schillstrom.com 2012-05-17T22:35:46Z urn:sha1:d1992b169d31f339dc5ea4e9f312567c8cf322a3 This patch addresses two issues: a) Fix usage of u32 and __be32 that causes endianess warnings via sparse. b) Ensure consistent hashing in a cluster that is composed of big and little endian systems. Thus, we obtain the same hash mark in an heterogeneous cluster. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Merge branch 'for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2012-05-23T00:37:47Z Linus Torvalds torvalds@linux-foundation.org 2012-05-23T00:37:47Z urn:sha1:f5c101892fbd3d2f6d2729bc7eb7b3f6c31dbddd Pull percpu updates from Tejun Heo: "Contains Alex Shi's three patches to remove percpu_xxx() which overlap with this_cpu_xxx(). There shouldn't be any functional change." * 'for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu: remove percpu_xxx() functions x86: replace percpu_xxx funcs with this_cpu_xxx net: replace percpu_xxx funcs with this_cpu_xxx or __this_cpu_xxx Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-17T02:17:37Z David S. Miller davem@davemloft.net 2012-05-17T02:17:37Z urn:sha1:028940342a906db8da014a7603a0deddc2c323dd