Commit 8ca4090f authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix UAF in set catch-all element, from Eric Dumazet.

2) Fix MAC mangling for multicast/loopback traffic in nfnetlink_queue
   and nfnetlink_log, from Ignacy Gawędzki.

3) Remove expired entries from ctnetlink dump path regardless the tuple
   direction, from Florian Westphal.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents b62e3317 76f12e63

net/netfilter/nf_conntrack_netlink.c

+3 −2
Original line number Diff line number Diff line
@@ -1195,8 +1195,6 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) 
		}

		hlist_nulls_for_each_entry(h, n, &nf_conntrack_hash[cb->args[0]],

					   hnnode) {

			if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL)

				continue;

			ct = nf_ct_tuplehash_to_ctrack(h);

			if (nf_ct_is_expired(ct)) {

				if (i < ARRAY_SIZE(nf_ct_evict) &&
@@ -1208,6 +1206,9 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) 
			if (!net_eq(net, nf_ct_net(ct)))

				continue;



			if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL)

				continue;



			if (cb->args[1]) {

				if (ct != last)

					continue;

net/netfilter/nf_tables_api.c

+2 −2
Original line number Diff line number Diff line
@@ -4481,9 +4481,9 @@ struct nft_set_elem_catchall { 
static void nft_set_catchall_destroy(const struct nft_ctx *ctx,

				     struct nft_set *set)

{

	struct nft_set_elem_catchall *catchall;

	struct nft_set_elem_catchall *next, *catchall;



	list_for_each_entry_rcu(catchall, &set->catchall_list, list) {

	list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {

		list_del_rcu(&catchall->list);

		nft_set_elem_destroy(set, catchall->elem, true);

		kfree_rcu(catchall);

net/netfilter/nfnetlink_log.c

+2 −1
Original line number Diff line number Diff line
@@ -556,7 +556,8 @@ __build_packet_message(struct nfnl_log_net *log, 
		goto nla_put_failure;



	if (indev && skb->dev &&

	    skb->mac_header != skb->network_header) {

	    skb_mac_header_was_set(skb) &&

	    skb_mac_header_len(skb) != 0) {

		struct nfulnl_msg_packet_hw phw;

		int len;

net/netfilter/nfnetlink_queue.c

+2 −1
Original line number Diff line number Diff line
@@ -560,7 +560,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, 
		goto nla_put_failure;



	if (indev && entskb->dev &&

	    skb_mac_header_was_set(entskb)) {

	    skb_mac_header_was_set(entskb) &&

	    skb_mac_header_len(entskb) != 0) {

		struct nfqnl_msg_packet_hw phw;

		int len;