linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00

History

Tom Herbert 1eed4dfb81 flow_dissector: Add limit for number of headers to dissect In flow dissector there are no limits to the number of nested encapsulations or headers that might be dissected which makes for a nice DOS attack. This patch sets a limit of the number of headers that flow dissector will parse. Headers includes network layer headers, transport layer headers, shim headers for encapsulation, IPv6 extension headers, etc. The limit for maximum number of headers to parse has be set to fifteen to account for a reasonable number of encapsulations, extension headers, VLAN, in a packet. Note that this limit does not supercede the STOP_AT_* flags which may stop processing before the headers limit is reached. Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Tom Herbert <tom@quantonium.net> Signed-off-by: David S. Miller <davem@davemloft.net>		2017-09-05 11:40:08 -07:00
..
6lowpan
9p	Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-07-15 12:00:42 -07:00
802
8021q
appletalk
atm	net: atm: make atmdev_ops const	2017-08-09 22:43:50 -07:00
ax25	net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t	2017-07-04 22:35:19 +01:00
batman-adv	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-08-09 16:28:45 -07:00
bluetooth	Bluetooth: make baswap src const	2017-09-01 22:49:47 +02:00
bpf
bridge	net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.	2017-09-04 13:25:20 +02:00
caif	net: convert sock.sk_wmem_alloc from atomic_t to refcount_t	2017-07-01 07:39:08 -07:00
can	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
ceph	libceph: make RECOVERY_DELETES feature create a new interval	2017-08-01 16:46:45 +02:00
core	flow_dissector: Add limit for number of headers to dissect	2017-09-05 11:40:08 -07:00
dcb	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
dccp	net: dccp: Add handling of IPV6_PKTOPTIONS to dccp_v6_do_rcv()	2017-08-31 11:43:47 -07:00
decnet	Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next	2017-09-03 17:08:42 -07:00
dns_resolver
dsa	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
ethernet
hsr	net/hsr: Check skb_put_padto() return value	2017-08-22 13:40:23 -07:00
ieee802154	ieee802154: 6lowpan: make header_ops const	2017-08-25 18:11:29 +02:00
ife
ipv4	net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.	2017-09-04 13:25:20 +02:00
ipv6	net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.	2017-09-04 13:25:20 +02:00
ipx	net, ipx: convert ipx_route.refcnt from atomic_t to refcount_t	2017-07-04 22:35:17 +01:00
iucv	iucv: Convert sk_wmem_alloc accesses to refcount_t.	2017-07-03 02:31:22 -07:00
kcm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
key	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-08-15 20:23:23 -07:00
l2tp	l2tp: hold tunnel used while creating sessions with netlink	2017-08-28 11:34:58 -07:00
l3mdev
lapb	net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t	2017-07-04 22:35:16 +01:00
llc	net, llc: convert llc_sap.refcnt from atomic_t to refcount_t	2017-07-04 22:35:15 +01:00
mac80211	mac80211: add api to start ba session timer expired flow	2017-08-09 09:49:42 +03:00
mac802154
mpls	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
ncsi	net/ncsi: fix ncsi_vlan_rx_{add,kill}_vid references	2017-09-05 09:11:45 -07:00
netfilter	netfilter: nf_tables: support for recursive chain deletion	2017-09-04 17:34:55 +02:00
netlabel
netlink	net: convert sock.sk_refcnt from atomic_t to refcount_t	2017-07-01 07:39:08 -07:00
netrom	net, netrom: convert nr_node.refcount from atomic_t to refcount_t	2017-07-04 22:35:17 +01:00
nfc
nsh	nsh: add GSO support	2017-08-29 15:16:52 -07:00
openvswitch	Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next	2017-09-03 17:08:42 -07:00
packet	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
phonet	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
psample
qrtr	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
rds	RDS: make rhashtable_params const	2017-08-28 11:30:02 -07:00
rfkill
rose
rxrpc	rxrpc: Allow failed client calls to be retried	2017-08-29 10:55:20 +01:00
sched	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
sctp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
smc	net/smc: synchronize buffer usage with device	2017-07-29 11:22:58 -07:00
strparser	strparser: initialize all callbacks	2017-08-24 21:57:50 -07:00
sunrpc	Two nfsd bugfixes, neither 4.13 regressions, but both potentially	2017-08-25 17:27:26 -07:00
switchdev	net: switchdev: Remove bridge bypass support from switchdev	2017-08-07 14:48:48 -07:00
tipc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
tls	TLS: Fix length check in do_tls_getsockopt_tx()	2017-07-06 10:58:19 +01:00
unix	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-08-21 17:06:42 -07:00
vmw_vsock	hv_sock: implements Hyper-V transport for Virtual Sockets (AF_VSOCK)	2017-08-28 15:38:18 -07:00
wimax
wireless	netlink validation fixes for nl80211	2017-07-07 11:35:55 +01:00
x25	X25: constify null_x25_address	2017-08-03 09:13:51 -07:00
xfrm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
compat.c	get_compat_bpf_fprog(): don't copyin field-by-field	2017-07-04 13:14:34 -04:00
Kconfig	net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.	2017-09-04 13:25:20 +02:00
Makefile	nsh: add GSO support	2017-08-29 15:16:52 -07:00
socket.c	net: fixes for skb_send_sock	2017-08-16 11:27:52 -07:00
sysctl_net.c