alistair23-linux

History

Josef Drexler 325fb5b4d2 netfilter: xt_recent: fix proc-file addition/removal of IPv4 addresses Fix regression introduded by commit `079aa88` (netfilter: xt_recent: IPv6 support): From http://bugzilla.kernel.org/show_bug.cgi?id=12753: Problem Description: An uninitialized buffer causes IPv4 addresses added manually (via the +IP command to the proc interface) to never match any packets. Similarly, the -IP command fails to remove IPv4 addresses. Details: In the function recent_entry_lookup, the xt_recent module does comparisons of the entire nf_inet_addr union value, both for IPv4 and IPv6 addresses. For addresses initialized from actual packets the remaining 12 bytes not occupied by the IPv4 are zeroed so this works correctly. However when setting the nf_inet_addr addr variable in the recent_mt_proc_write function, only the IPv4 bytes are initialized and the remaining 12 bytes contain garbage. Hence addresses added in this way never match any packets, unless these uninitialized 12 bytes happened to be zero by coincidence. Similarly, addresses cannot consistently be removed using the proc interface due to mismatch of the garbage bytes (although it will sometimes work to remove an address that was added manually). Reading the /proc/net/xt_recent/ entries hides this problem because this only uses the first 4 bytes when displaying IPv4 addresses. Steps to reproduce: $ iptables -I INPUT -m recent --rcheck -j LOG $ echo +169.254.156.239 > /proc/net/xt_recent/DEFAULT $ cat /proc/net/xt_recent/DEFAULT src=169.254.156.239 ttl: 0 last_seen: 119910 oldest_pkt: 1 119910 [At this point no packets from 169.254.156.239 are being logged.] $ iptables -I INPUT -s 169.254.156.239 -m recent --set $ cat /proc/net/xt_recent/DEFAULT src=169.254.156.239 ttl: 0 last_seen: 119910 oldest_pkt: 1 119910 src=169.254.156.239 ttl: 255 last_seen: 126184 oldest_pkt: 4 125434, 125684, 125934, 126184 [At this point, adding the address via an iptables rule, packets are being logged correctly.] $ echo -169.254.156.239 > /proc/net/xt_recent/DEFAULT $ cat /proc/net/xt_recent/DEFAULT src=169.254.156.239 ttl: 0 last_seen: 119910 oldest_pkt: 1 119910 src=169.254.156.239 ttl: 255 last_seen: 126992 oldest_pkt: 10 125434, 125684, 125934, 126184, 126434, 126684, 126934, 126991, 126991, 126992 $ echo -169.254.156.239 > /proc/net/xt_recent/DEFAULT $ cat /proc/net/xt_recent/DEFAULT src=169.254.156.239 ttl: 0 last_seen: 119910 oldest_pkt: 1 119910 src=169.254.156.239 ttl: 255 last_seen: 126992 oldest_pkt: 10 125434, 125684, 125934, 126184, 126434, 126684, 126934, 126991, 126991, 126992 [Removing the address via /proc interface failed evidently.] Possible solutions: - initialize the addr variable in recent_mt_proc_write - compare only 4 bytes for IPv4 addresses in recent_entry_lookup Signed-off-by: Patrick McHardy <kaber@trash.net>		2009-02-24 14:53:12 +01:00
..
9p	9p: fix endian issues [attempt 3]	2009-02-06 22:07:41 -08:00
802
8021q	vlan: Export symbols as non GPL symbols.	2009-01-26 12:37:53 -08:00
appletalk	appletalk: convert aarp to net_device_ops	2009-01-07 17:21:44 -08:00
atm	netdevice: Kill netdev->priv	2008-12-08 01:14:16 -08:00
ax25	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2008-12-28 12:49:40 -08:00
bluetooth	bluetooth: driver API update	2009-01-07 17:23:17 -08:00
bridge	bridge: Fix LRO crash with tun	2009-02-09 15:07:18 -08:00
can	can: fix slowpath issue in hrtimer callback function	2009-01-14 21:06:55 -08:00
core	net: Kill skb_truesize_check(), it only catches false-positives.	2009-02-17 21:24:05 -08:00
dcb	DCB: fix kfree(skb)	2009-01-04 17:29:21 -08:00
dccp	dccp ccid-3: Fix RFC reference	2009-01-11 00:17:22 -08:00
decnet	net: Make static	2008-12-10 15:18:31 -08:00
dsa	dsa: convert to net_device_ops (v2)	2009-01-06 16:45:26 -08:00
econet
ethernet
ipv4	udp: Fix potential wrong ip_hdr(skb) pointers	2009-02-06 01:59:12 -08:00
ipv6	netfilter: nf_conntrack_ipv6: fix nf_log_packet message in icmpv6 conntrack	2009-02-18 15:28:46 +01:00
ipx
irda	tty: Fix an ircomm warning and note another bug	2009-01-02 10:19:43 -08:00
iucv	s390: remove s390_root_dev_*()	2009-01-06 10:44:34 -08:00
key	af_key: initialize xfrm encap_oa	2009-01-25 20:49:14 -08:00
lapb
llc
mac80211	mac80211: restrict to AP in outgoing interface heuristic	2009-02-11 11:27:17 -05:00
netfilter	netfilter: xt_recent: fix proc-file addition/removal of IPv4 addresses	2009-02-24 14:53:12 +01:00
netlabel	netlabel: Update kernel configuration API	2008-12-31 12:54:11 -05:00
netlink	genetlink: export genl_unregister_mc_group()	2009-01-07 10:00:17 -08:00
netrom	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2008-12-28 12:49:40 -08:00
packet	net: packet socket packet_lookup_frame fix	2009-02-01 01:53:29 -08:00
phonet	Phonet: do not compute unused value	2009-02-10 17:14:50 -08:00
rfkill	net/rfkill/rfkill.c: fix unused rfkill_led_trigger() warning	2009-01-04 17:11:24 -08:00
rose	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2008-12-28 12:49:40 -08:00
rxrpc	RxRPC: Fix a potential NULL dereference	2009-02-06 21:50:52 -08:00
sched	pkt_sched: sch_htb: Break all htb_do_events() after 2 jiffies	2009-01-12 21:54:40 -08:00
sctp	sctp: Fix another socket race during accept/peeloff	2009-01-22 14:53:23 -08:00
sunrpc	sunrpc: fix rdma dependencies	2009-02-03 15:20:13 -08:00
tipc	net/tipc/bcast.h: use ARRAY_SIZE	2009-01-11 00:06:33 -08:00
unix	introduce new LSM hooks where vfsmount is available.	2008-12-31 18:07:37 -05:00
wanrouter
wimax	wimax: fix oops in wimax_dev_get_by_genl_info() when looking up non-wimax iface	2009-02-12 17:00:20 -08:00
wireless	cfg80211: print correct intersected regulatory domain	2009-01-29 15:46:43 -05:00
x25
xfrm	Revert "xfrm: For 32/64 compatability wrt. xfrm_usersa_info"	2009-01-20 09:49:51 -08:00
compat.c
Kconfig	net: Move config NET_NS to from net/Kconfig to init/Kconfig	2009-01-26 12:25:55 -08:00
Makefile	wimax: Makefile, Kconfig and docbook linkage for the stack	2009-01-07 10:00:17 -08:00
nonet.c
socket.c	[CVE-2009-0029] System call wrappers part 22	2009-01-14 14:15:27 +01:00
sysctl_net.c
TUNABLE