davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1cde64365b
kernel-ark/net/netfilter
History
Pablo Neira Ayuso 1cde64365b [NETFILTER]: ctnetlink: Fix expectaction mask dumping 
The expectation mask has some particularities that requires a different
handling. The protocol number fields can be set to non-valid protocols,
ie. l3num is set to 0xFFFF. Since that protocol does not exist, the mask
tuple will not be dumped. Moreover, this results in a kernel panic when
nf_conntrack accesses the array of protocol handlers, that is PF_MAX (0x1F)
long.

This patch introduces the function ctnetlink_exp_dump_mask, that correctly
dumps the expectation mask. Such function uses the l3num value from the
expectation tuple that is a valid layer 3 protocol number. The value of the
l3num mask isn't dumped since it is meaningless from the userspace side.

Thanks to Yasuyuki Kozakai and Patrick McHardy for the feedback.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-03-22 13:54:15 -08:00
..
core.c
Kconfig [NETFILTER]: Fix Kconfig typos 2006-03-22 13:53:48 -08:00
Makefile [NETFILTER]: x_tables: replace IPv4/IPv6 policy match by address family independant version 2006-03-20 18:03:40 -08:00
nf_conntrack_core.c [NET]: sem2mutex part 2 2006-03-20 22:35:41 -08:00
nf_conntrack_ftp.c [NETFILTER] nf_conntrack: clean up to reduce size of 'struct nf_conn' 2006-03-20 17:56:32 -08:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netlink.c [NETFILTER]: ctnetlink: Fix expectaction mask dumping 2006-03-22 13:54:15 -08:00
nf_conntrack_proto_generic.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
nf_conntrack_proto_sctp.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
nf_conntrack_proto_tcp.c [NETFILTER]: nf_conntrack: Fix TCP/UDP HW checksum handling for IPv6 packet 2006-02-15 15:25:18 -08:00
nf_conntrack_proto_udp.c [NETFILTER]: nf_conntrack: Fix TCP/UDP HW checksum handling for IPv6 packet 2006-02-15 15:25:18 -08:00
nf_conntrack_standalone.c [NETFILTER] nf_conntrack: clean up to reduce size of 'struct nf_conn' 2006-03-20 17:56:32 -08:00
nf_internals.h
nf_log.c
nf_queue.c [NETFILTER]: nf_queue: fix end-of-list check 2006-02-27 13:03:55 -08:00
nf_sockopt.c [NET]: Identation & other cleanups related to compat_[gs]etsockopt cset 2006-03-20 22:48:35 -08:00
nfnetlink_log.c [NETFILTER] nfnetlink_log: add sequence numbers for log events 2006-03-20 17:15:11 -08:00
nfnetlink_queue.c [NETFILTER]: nfnetlink_queue: fix possible NULL-ptr dereference 2006-03-12 20:39:35 -08:00
nfnetlink.c [NETFILTER]: ctnetlink: avoid unneccessary event message generation 2006-03-20 18:03:59 -08:00
x_tables.c [NETFILTER]: xt_tables: add centralized error checking 2006-03-20 17:59:06 -08:00
xt_CLASSIFY.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_comment.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_connbytes.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_connmark.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_CONNMARK.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_conntrack.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_dccp.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_helper.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_length.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_limit.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_mac.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_mark.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_MARK.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_NFQUEUE.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_NOTRACK.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_physdev.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_pkttype.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_policy.c [NETFILTER]: x_tables: replace IPv4/IPv6 policy match by address family independant version 2006-03-20 18:03:40 -08:00
xt_realm.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_sctp.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_state.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_string.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_tcpmss.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00
xt_tcpudp.c [NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions 2006-03-20 18:02:56 -08:00