mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 05:12:49 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal da1a5442ad netfilter: conntrack: skip identical origin tuple in same zone only 
[ Upstream commit 07998281c2 ]

The origin skip check needs to re-test the zone. Else, we might skip
a colliding tuple in the reply direction.

This only occurs when using 'directional zones' where origin tuples
reside in different zones but the reply tuples share the same zone.

This causes the new conntrack entry to be dropped at confirmation time
because NAT clash resolution was elided.

Fixes: 4e35c1cb94 ("netfilter: nf_nat: skip nat clash resolution for same-origin entries")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-02-17 10:35:17 +01:00
..
6lowpan
9p net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid 2020-11-05 11:43:20 +01:00
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:05:31 +01:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-11 15:33:40 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:17:58 +02:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 18:39:31 +02:00
batman-adv batman-adv: set .owner to THIS_MODULE 2020-12-02 08:49:50 +01:00
bluetooth Bluetooth: Fix null pointer dereference in hci_event_packet() 2020-12-30 11:51:05 +01:00
bpf
bpfilter net/bpfilter: remove superfluous testing message 2020-04-21 09:04:53 +02:00
bridge bridge: Fix a deadlock when enabling multicast snooping 2020-12-21 13:27:04 +01:00
caif
can can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check 2020-12-11 13:23:32 +01:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:43:34 +01:00
core neighbour: Prevent a dead entry from updating gc_list 2021-02-10 09:25:32 +01:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:57:59 +01:00
dccp dccp: Fix possible memleak in dccp_init and dccp_fini 2020-06-17 16:40:32 +02:00
decnet
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa dsa: Allow forwarding of redirected IGMP traffic 2020-09-23 12:40:33 +02:00
ethernet
hsr hsr: check protocol version in hsr_newlink() 2020-04-21 09:04:44 +02:00
ieee802154 nl802154: add missing attribute validation for dev_type 2020-03-18 07:17:44 +01:00
ife
ipv4 net: ip_tunnel: fix mtu calculation 2021-02-10 09:25:32 +01:00
ipv6 IPv6: reply ICMP error if the first fragment don't include all headers 2021-02-03 23:25:55 +01:00
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-12-08 10:40:23 +01:00
kcm
key af_key: relax availability checks for skb size calculation 2021-02-13 13:52:54 +01:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:32:47 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc net: silence data-races on sk_backlog.tail 2020-10-01 13:17:15 +02:00
mac80211 mac80211: 160MHz with extended NSS BW in CSA 2021-02-13 13:52:55 +01:00
mac802154 mac802154: tx: fix use-after-free 2020-10-01 13:18:17 +02:00
mpls
ncsi net/ncsi: Use real net-device for response handler 2021-01-12 20:16:13 +01:00
netfilter netfilter: conntrack: skip identical origin tuple in same zone only 2021-02-17 10:35:17 +01:00
netlabel netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() 2020-11-24 13:28:57 +01:00
netlink genetlink: remove genl_bind 2020-07-22 09:32:46 +02:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-04-29 16:33:08 +02:00
nfc NFC: fix possible resource leak 2021-02-03 23:26:01 +01:00
nsh
openvswitch net: openvswitch: ensure LSE is pullable before reading it 2020-12-08 10:40:27 +01:00
packet net/packet: fix overflow in tpacket_rcv 2020-09-09 19:12:29 +02:00
phonet
psample
qrtr net: qrtr: check skb_put_padto() return value 2020-09-26 18:03:15 +02:00
rds rds: Prevent kernel-infoleak in rds_notify_queue_get() 2020-08-05 09:59:44 +02:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-24 13:29:05 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:40:23 +01:00
rxrpc rxrpc: Fix deadlock around release of dst cached on udp tunnel 2021-02-10 09:25:27 +01:00
sched net_sched: reject silly cell_log in qdisc_get_rtab() 2021-01-27 11:47:54 +01:00
sctp net, sctp, filter: remap copy_from_user failure error 2021-01-23 15:58:00 +01:00
smc net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() 2020-11-24 13:28:58 +01:00
strparser
sunrpc SUNRPC: Handle 0 length opaque XDR object data properly 2021-02-13 13:52:56 +01:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:35:46 +01:00
tipc tipc: fix NULL deref in tipc_link_xmit() 2021-01-23 15:58:00 +01:00
tls net/tls: Protect from calling tls_dev_del for TLS RX twice 2020-12-08 10:40:23 +01:00
unix skbuff: fix a data race in skb_queue_len() 2020-10-01 13:17:31 +02:00
vmw_vsock vsock: use ns_capable_noaudit() on socket create 2020-11-10 12:37:30 +01:00
wimax
wireless wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:25:56 +01:00
x25 net/x25: prevent a couple of overflows 2020-12-08 10:40:26 +01:00
xdp xsk: Replace datagram_poll by sock_poll_wait 2020-12-30 11:50:53 +01:00
xfrm xfrm: Fix wraparound in xfrm_policy_addr_delta() 2021-02-03 23:25:59 +01:00
compat.c net/compat: Add missing sock updates for SCM_RIGHTS 2020-08-21 13:05:25 +02:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-04-01 11:02:18 +02:00
Makefile
socket.c net: Set fput_needed iff FDPUT_FPUT is set 2020-08-19 08:16:22 +02:00
sysctl_net.c