Commit e9d8faf9 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Disable BH while holding list spinlock in nf_conncount, from
   Taehee Yoo.

2) List corruption in nf_conncount, also from Taehee.

3) Fix race that results in leaving around an empty list node in
   nf_conncount, from Taehee Yoo.

4) Proper chain handling for inactive chains from the commit path,
   from Florian Westphal. This includes a selftest for this.

5) Do duplicate rule handles when replacing rules, also from Florian.

6) Remove net_exit path in xt_RATEEST that results in splat, from Taehee.

7) Possible use-after-free in nft_compat when releasing extensions.
   From Florian.

8) Memory leak in xt_hashlimit, from Taehee.

9) Call ip_vs_dst_notifier after ipv6_dev_notf, from Xin Long.

10) Fix cttimeout with udplite and gre, from Florian.

11) Preserve oif for IPv6 link-local generated traffic from mangle
    table, from Alin Nastac.

12) Missing error handling in masquerade notifiers, from Taehee Yoo.

13) Use mutex to protect registration/unregistration of masquerade
    extensions in order to prevent a race, from Taehee.

14) Incorrect condition check in tree_nodes_free(), also from Taehee.

15) Fix chain counter leak in rule replacement path, from Taehee.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents c7589401 ca089878

include/linux/netfilter/nf_conntrack_proto_gre.h

+13 −0
Original line number Diff line number Diff line
@@ -21,6 +21,19 @@ struct nf_ct_gre_keymap { 
	struct nf_conntrack_tuple tuple;

};



enum grep_conntrack {

	GRE_CT_UNREPLIED,

	GRE_CT_REPLIED,

	GRE_CT_MAX

};



struct netns_proto_gre {

	struct nf_proto_net	nf;

	rwlock_t		keymap_lock;

	struct list_head	keymap_list;

	unsigned int		gre_timeouts[GRE_CT_MAX];

};



/* add new tuple->key_reply pair to keymap */

int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir,

			 struct nf_conntrack_tuple *t);

include/net/netfilter/ipv4/nf_nat_masquerade.h

+1 −1
Original line number Diff line number Diff line
@@ -9,7 +9,7 @@ nf_nat_masquerade_ipv4(struct sk_buff *skb, unsigned int hooknum, 
		       const struct nf_nat_range2 *range,

		       const struct net_device *out);



void nf_nat_masquerade_ipv4_register_notifier(void);

int nf_nat_masquerade_ipv4_register_notifier(void);

void nf_nat_masquerade_ipv4_unregister_notifier(void);



#endif /*_NF_NAT_MASQUERADE_IPV4_H_ */

include/net/netfilter/ipv6/nf_nat_masquerade.h

+1 −1
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
unsigned int

nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range2 *range,

		       const struct net_device *out);

void nf_nat_masquerade_ipv6_register_notifier(void);

int nf_nat_masquerade_ipv6_register_notifier(void);

void nf_nat_masquerade_ipv6_unregister_notifier(void);



#endif /* _NF_NAT_MASQUERADE_IPV6_H_ */

net/ipv4/netfilter/ipt_MASQUERADE.c

+5 −2
Original line number Diff line number Diff line
@@ -81,9 +81,12 @@ static int __init masquerade_tg_init(void) 
	int ret;



	ret = xt_register_target(&masquerade_tg_reg);

	if (ret)

		return ret;



	if (ret == 0)

		nf_nat_masquerade_ipv4_register_notifier();

	ret = nf_nat_masquerade_ipv4_register_notifier();

	if (ret)

		xt_unregister_target(&masquerade_tg_reg);



	return ret;

}

net/ipv4/netfilter/nf_nat_masquerade_ipv4.c

+30 −8
Original line number Diff line number Diff line
@@ -147,28 +147,50 @@ static struct notifier_block masq_inet_notifier = { 
	.notifier_call	= masq_inet_event,

};



static atomic_t masquerade_notifier_refcount = ATOMIC_INIT(0);

static int masq_refcnt;

static DEFINE_MUTEX(masq_mutex);



void nf_nat_masquerade_ipv4_register_notifier(void)

int nf_nat_masquerade_ipv4_register_notifier(void)

{

	int ret = 0;



	mutex_lock(&masq_mutex);

	/* check if the notifier was already set */

	if (atomic_inc_return(&masquerade_notifier_refcount) > 1)

		return;

	if (++masq_refcnt > 1)

		goto out_unlock;



	/* Register for device down reports */

	register_netdevice_notifier(&masq_dev_notifier);

	ret = register_netdevice_notifier(&masq_dev_notifier);

	if (ret)

		goto err_dec;

	/* Register IP address change reports */

	register_inetaddr_notifier(&masq_inet_notifier);

	ret = register_inetaddr_notifier(&masq_inet_notifier);

	if (ret)

		goto err_unregister;



	mutex_unlock(&masq_mutex);

	return ret;



err_unregister:

	unregister_netdevice_notifier(&masq_dev_notifier);

err_dec:

	masq_refcnt--;

out_unlock:

	mutex_unlock(&masq_mutex);

	return ret;

}

EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv4_register_notifier);



void nf_nat_masquerade_ipv4_unregister_notifier(void)

{

	mutex_lock(&masq_mutex);

	/* check if the notifier still has clients */

	if (atomic_dec_return(&masquerade_notifier_refcount) > 0)

		return;

	if (--masq_refcnt > 0)

		goto out_unlock;



	unregister_netdevice_notifier(&masq_dev_notifier);

	unregister_inetaddr_notifier(&masq_inet_notifier);

out_unlock:

	mutex_unlock(&masq_mutex);

}

EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv4_unregister_notifier);

CRA Git | Maintained and supported by SUSTech CRA and CCSE