linux/net/ipv6
Patrick McHardy 8fa9ff6849 netfilter: fix crashes in bridge netfilter caused by fragment jumps
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.

Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805

Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-12-15 16:59:59 +01:00
..
netfilter netfilter: fix crashes in bridge netfilter caused by fragment jumps 2009-12-15 16:59:59 +01:00
addrconf_core.c
addrconf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
addrlabel.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
af_inet6.c net: check kern before calling security subsystem 2009-11-05 22:18:18 -08:00
ah6.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
anycast.c ipv6: use RCU to walk list of network devices 2009-11-13 20:38:49 -08:00
datagram.c ipv6: no more dev_put() in datagram_send_ctl() 2009-11-02 03:42:41 -08:00
esp6.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
exthdrs_core.c
exthdrs.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
fib6_rules.c net: Allow fib_rule_unregister to batch 2009-12-03 12:22:55 -08:00
icmp.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
inet6_connection_sock.c net: IPv6 changes 2009-10-20 18:55:45 -07:00
inet6_hashtables.c tcp: connect() race with timewait reuse 2009-12-03 16:17:43 -08:00
ip6_fib.c xfrm: select sane defaults for xfrm[4|6] gc_thresh 2009-07-30 18:52:15 -07:00
ip6_flowlabel.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
ip6_input.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
ip6_output.c ip: Report qdisc packet drops 2009-09-02 18:05:33 -07:00
ip6_tunnel.c net: Simplify ip6_tunnel pernet operations. 2009-12-01 16:15:59 -08:00
ip6mr.c ip6mr: Optimize multiple unregistration 2009-10-29 01:13:53 -07:00
ipcomp6.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
ipv6_sockglue.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-10-27 01:03:26 -07:00
Kconfig IPv6: Fix 6RD typo 2009-10-07 14:50:30 -07:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c ipv6: use RCU to walk list of network devices 2009-11-13 20:38:49 -08:00
mip6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
ndisc.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
netfilter.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
proc.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
protocol.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
raw.c ipv6: avoid dev_hold()/dev_put() in rawv6_bind() 2009-11-08 00:43:18 -08:00
reassembly.c ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery 2009-12-15 16:59:18 +01:00
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
sit.c net: Simplify ipip6 aka sit pernet operations. 2009-12-01 16:15:59 -08:00
syncookies.c TCPCT part 1g: Responder Cookie => Initiator 2009-12-02 22:07:26 -08:00
sysctl_net_ipv6.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
tcp_ipv6.c net: Batch inet_twsk_purge 2009-12-03 12:23:47 -08:00
tunnel6.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c IPv6: use ipv6_addr_v4mapped() 2009-11-10 20:54:44 -08:00
udplite.c net: drop capability from protocol definitions 2009-11-05 21:40:17 -08:00
xfrm6_input.c netns xfrm: per-netns MIBs 2008-11-25 17:59:52 -08:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm6_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm6_policy.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
xfrm6_state.c ipv6: fix sparse warning: Using plain integer as NULL pointer 2009-02-21 23:37:10 -08:00
xfrm6_tunnel.c xfrm6_tunnel: RCU conversion 2009-10-24 06:07:57 -07:00