linux/net/ipv4/netfilter
Patrick McHardy 8fa9ff6849 netfilter: fix crashes in bridge netfilter caused by fragment jumps
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.

Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805

Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-12-15 16:59:59 +01:00
..
arp_tables.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
arpt_mangle.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
arptable_filter.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
ip_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
ip_tables.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_addrtype.c netfilter: netns-aware ipt_addrtype 2008-11-04 14:21:48 +01:00
ipt_ah.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
ipt_CLUSTERIP.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ecn.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ECN.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
ipt_LOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_MASQUERADE.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_NETMAP.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
ipt_REDIRECT.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
ipt_REJECT.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ULOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
iptable_filter.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
iptable_mangle.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
iptable_raw.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
iptable_security.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
Kconfig netfilter: Kconfig spelling fixes (trivial) 2009-03-16 15:17:23 +01:00
Makefile netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() 2009-03-25 21:05:46 +01:00
nf_conntrack_l3proto_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
nf_conntrack_proto_icmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
nf_defrag_ipv4.c netfilter: fix crashes in bridge netfilter caused by fragment jumps 2009-12-15 16:59:59 +01:00
nf_nat_amanda.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_core.c netfilter: nf_nat: fix NAT issue in 2.6.30.4+ 2009-11-06 00:43:42 -08:00
nf_nat_ftp.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_h323.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_helper.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-12-03 13:23:12 -08:00
nf_nat_irc.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_pptp.c netfilter: netns nat: PPTP NAT in netns 2008-10-08 11:35:11 +02:00
nf_nat_proto_common.c nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization 2008-08-18 21:32:32 -07:00
nf_nat_proto_dccp.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_gre.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_icmp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_sctp.c netfilter: Fix extra semi-colon in skb_walk_frags() changes. 2009-06-09 18:05:28 -07:00
nf_nat_proto_tcp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udplite.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_unknown.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_rule.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
nf_nat_sip.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_snmp_basic.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
nf_nat_standalone.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
nf_nat_tftp.c [NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with const 2008-01-31 19:28:08 -08:00