davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16ec3d4fbb
kernel-ark/net
History
Joe Stringer 16ec3d4fbb openvswitch: Fix cached ct with helper. 
When using conntrack helpers from OVS, a common configuration is to
perform a lookup without specifying a helper, then go through a
firewalling policy, only to decide to attach a helper afterwards.

In this case, the initial lookup will cause a ct entry to be attached to
the skb, then the later commit with helper should attach the helper and
confirm the connection. However, the helper attachment has been missing.
If the user has enabled automatic helper attachment, then this issue
will be masked as it will be applied in init_conntrack(). It is also
masked if the action is executed from ovs_packet_cmd_execute() as that
will construct a fresh skb.

This patch fixes the issue by making an explicit call to try to assign
the helper if there is a discrepancy between the action's helper and the
current skb->nfct.

Fixes: cae3a26275 ("openvswitch: Allow attaching helpers to ct action")
Signed-off-by: Joe Stringer <joe@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-11 15:14:56 -04:00
..
6lowpan 6lowpan: iphc: fix SAM/DAM bit comment 2016-03-10 19:51:29 +01:00
9p net/9p: convert to new CQ API 2016-03-10 20:54:09 -05:00
802
8021q vlan: propagate gso_max_segs 2016-03-17 21:05:01 -04:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm
ax25 ax25: add link layer header validation function 2016-03-09 22:13:01 -05:00
batman-adv batman-adv: Fix reference counting of hardif_neigh_node object for neigh_node 2016-04-29 19:46:11 +08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
bridge bridge: fix igmp / mld query parsing 2016-05-06 12:55:13 -04:00
caif net: caif: fix misleading indentation 2016-03-14 13:09:50 -04:00
can
ceph libceph: make authorizer destruction independent of ceph_auth_client 2016-04-25 20:54:13 +02:00
core Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2016-05-04 16:35:31 -04:00
dcb
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-03-17 21:06:40 -04:00
decnet decnet: Do not build routes to devices without decnet private data. 2016-04-10 23:01:30 -04:00
dns_resolver
dsa net: dsa: refine netdev event notifier 2016-03-14 16:05:32 -04:00
ethernet eth: Pull header from first fragment via eth_get_headlen 2016-02-24 13:58:05 -05:00
hsr
ieee802154 ieee802154: 6lowpan: fix return of netdev notifier 2016-02-23 20:29:40 +01:00
ipv4 tcp: refresh skb timestamp at retransmit time 2016-05-10 15:58:41 -04:00
ipv6 net: ipv6: tcp reset, icmp need to consider L3 domain 2016-05-06 15:49:07 -04:00
ipx
irda Merge 4.5-rc4 into tty-next 2016-02-14 14:36:04 -08:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-01-19 14:21:08 -05:00
kcm kcm: Add receive message timeout 2016-03-09 16:36:15 -05:00
key
l2tp net: l2tp: fix reversed udp6 checksum flags 2016-05-01 19:32:16 -04:00
l3mdev net: l3mdev: address selection should only consider devices in L3 domain 2016-02-26 14:22:26 -05:00
lapb
llc net: fix infoleak in llc 2016-05-04 16:18:48 -04:00
mac80211 mac80211: fix statistics leak if dev_alloc_name() fails 2016-04-27 10:06:58 +02:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls mpls: find_outdev: check for err ptr in addition to NULL check 2016-04-08 12:43:20 -04:00
netfilter netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter 2016-05-05 16:47:08 +02:00
netlabel netlabel: do not initialise statics to NULL 2016-03-07 11:08:26 -05:00
netlink netlink: don't send NETLINK_URELEASE for unbound sockets 2016-04-10 23:32:23 -04:00
netrom
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
openvswitch openvswitch: Fix cached ct with helper. 2016-05-11 15:14:56 -04:00
packet packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface 2016-04-14 00:46:39 -04:00
phonet sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
rds RDS: TCP: Synchronize accept() and connect() paths on t_conn_lock. 2016-05-03 16:03:44 -04:00
rfkill Here's another round of updates for -next: 2016-03-01 17:03:27 -05:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
sched net sched: ife action fix late binding 2016-05-10 23:50:15 -04:00
sctp sctp: avoid refreshing heartbeat timer too often 2016-04-10 22:22:34 -04:00
sunrpc Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-04-14 18:15:40 -07:00
switchdev switchdev: Adding complete operation to deferred switchdev ops 2016-04-24 14:23:32 -04:00
tipc tipc: only process unicast on intended node 2016-05-01 21:03:30 -04:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
vmw_vsock VSOCK: do not disconnect socket when peer has shutdown SEND only 2016-05-05 23:31:29 -04:00
wimax
wireless nl80211: check netlink protocol in socket release notification 2016-04-12 15:39:06 +02:00
x25 net: fix a kernel infoleak in x25 module 2016-05-09 22:45:33 -04:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2016-05-04 16:35:31 -04:00
compat.c
Kconfig Make DST_CACHE a silent config option 2016-03-21 22:56:38 -04:00
Makefile kcm: Kernel Connection Multiplexor module 2016-03-09 16:36:14 -05:00
socket.c net: Fix use after free in the recvmmsg exit path 2016-03-14 12:41:49 -04:00
sysctl_net.c