redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net
History
Florian Westphal 1321a6af30 netfilter: nft_xfrm: use state family, not hook one 
Eyal says:
  doesn't the use of nft_pf(pkt) in this context limit the matching of
  encapsulated packets to the same family?

  IIUC when an e.g. IPv6-in-IPv4 packet is matched, the nft_pf(pkt) will
  be the decapsulated packet family - IPv6 - whereas the state may be
  IPv4. So this check would not allow matching the 'underlay' address in
  such cases.

  I know this was a limitation in xt_policy. but is this intentional in
  this matcher? or is it possible to use state->props.family when
  validating the match instead of nft_pf(pkt)?

Userspace already tells us which address family it expects to match, so
we can just use the real state family rather than the hook family.
so change it as suggested above.

Reported-by: Eyal Birger <eyal.birger@gmail.com>
Suggested-by: Eyal Birger <eyal.birger@gmail.com>
Fixes: 6c47260250 ("netfilter: nf_tables: add xfrm expression")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-10-16 10:01:49 +02:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-07-06 12:32:12 +02:00
9p Pull request for inclusion in 4.19, take two 2018-08-17 17:27:58 -07:00
802
8021q net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
appletalk Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
ax25 ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
batman-adv Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-09-25 10:35:29 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-03 21:00:17 -07:00
bpf bpf: extend cgroup bpf core to allow multiple cgroup storage types 2018-10-01 16:18:32 +02:00
bpfilter net: bpfilter: Fix type cast and pointer warnings 2018-10-05 11:51:06 -07:00
bridge net/bridge: Update br_mdb_dump for strict data checking 2018-10-08 10:39:05 -07:00
caif net: caif: remove redundant null check on frontpkt 2018-09-17 18:49:57 -07:00
can Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
ceph crush: fix using plain integer as NULL warning 2018-08-13 17:55:44 +02:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-10-08 23:42:44 -07:00
dcb net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
dccp inet: make sure to grab rcu_read_lock before using ireq->ireq_opt 2018-10-02 15:52:12 -07:00
decnet decnet: Remove unnecessary check for dev->name 2018-09-21 19:48:36 -07:00
dns_resolver dns: Allow the dns resolver to retrieve a server set 2018-10-04 09:40:52 -07:00
dsa net: dsa: remove redundant null pointer check before put_device 2018-09-17 08:20:11 -07:00
ethernet net: Convert GRO SKB handling to list_head. 2018-06-26 11:33:04 +09:00
hsr
ieee802154 net/ipfrag: let ip[6]frag_high_thresh in ns be higher than in init_net 2018-09-21 19:45:52 -07:00
ife net: sched: ife: check on metadata length 2018-04-22 21:12:00 -04:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-10-08 21:28:55 -07:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-10-08 21:28:55 -07:00
iucv net/af_iucv: locate IUCV header via skb_network_header() 2018-09-26 09:56:07 -07:00
kcm Revert "kcm: remove any offset before parsing messages" 2018-09-17 18:43:42 -07:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2018-07-27 09:33:37 -07:00
l2tp l2tp: fix unused function warning 2018-08-13 20:45:49 -07:00
l3mdev
lapb
llc llc: avoid blocking in llc_sap_close() 2018-09-13 09:04:58 -07:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-06 14:43:42 -07:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-08-06 11:21:37 +02:00
mpls net: Update netconf dump handlers for strict data checking 2018-10-08 10:39:05 -07:00
ncsi net/ncsi: Add NCSI OEM command support 2018-10-05 14:54:47 -07:00
netfilter netfilter: nft_xfrm: use state family, not hook one 2018-10-16 10:01:49 +02:00
netlabel netlabel: check for IPV4MASK in addrinfo_get 2018-09-21 18:58:34 -07:00
netlink netlink: Add new socket option to enable strict checking on dumps 2018-10-08 10:39:04 -07:00
netrom Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
nfc Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-09-25 10:35:29 -07:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-10-08 21:28:55 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-06 14:43:42 -07:00
phonet Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
psample
qrtr net: qrtr: Reset the node and port ID of broadcast messages 2018-07-05 20:20:03 +09:00
rds Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-09-25 10:35:29 -07:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-09-04 21:33:03 -07:00
rose Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
rxrpc rxrpc: Allow the reply time to be obtained on a client call 2018-10-04 09:54:29 +01:00
sched net: Add extack to nlmsg_parse 2018-10-08 10:39:04 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-03 21:00:17 -07:00
smc smc: generic netlink family should be __ro_after_init 2018-09-20 07:49:55 -07:00
strparser strparser: remove redundant variable 'rd_desc' 2018-08-01 10:00:06 -07:00
sunrpc NFS client updates for Linux 4.19 2018-08-23 16:03:58 -07:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-03 21:00:17 -07:00
tls tls: Add support for inplace records encryption 2018-10-02 23:03:47 -07:00
unix af_unix: ensure POLLOUT on remote close() for connected dgram socket 2018-08-03 16:44:19 -07:00
vmw_vsock vsock: split dwork to avoid reinitializations 2018-08-07 12:39:13 -07:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-06 14:43:42 -07:00
x25 x25: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
xdp xsk: proper AF_XDP socket teardown ordering 2018-10-08 10:09:22 +02:00
xfrm net: Add extack to nlmsg_parse 2018-10-08 10:39:04 -07:00
compat.c net: avoid unnecessary sock_flag() check when enable timestamp 2018-08-06 10:42:48 -07:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
socket.c socket: Tighten no-error check in bind() 2018-10-05 14:34:45 -07:00
sysctl_net.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00