mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 22:25:03 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal 6b8dbcf2c4 bridge: netfilter: orphan skb before invoking ip netfilter hooks 
Pekka Pietikäinen reports xt_socket behavioural change after commit
00028aa37098o (netfilter: xt_socket: use IP early demux).

Reason is xt_socket now no longer does an unconditional sk lookup -
it re-uses existing skb->sk if possible, assuming ->sk was set by
ip early demux.

However, when netfilter is invoked via bridge, this can cause 'bogus'
sockets to be examined by the match, e.g. a 'tun' device socket.

bridge netfilter should orphan the skb just like the routing path
before invoking ipv4/ipv6 netfilter hooks to avoid this.

Reported-and-tested-by: Pekka Pietikäinen <pp@ee.oulu.fi>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-10-27 21:44:33 +01:00
..
9p for-linus-3.12-merge minor 9p fixes and tweaks for 3.12 merge window 2013-09-11 12:34:13 -07:00
802 mrp: add periodictimer to allow retries when packets get lost 2013-09-23 16:53:52 -04:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-08 23:07:53 -04:00
appletalk net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
atm
ax25
batman-adv batman-adv: set up network coding packet handlers during module init 2013-10-02 13:46:19 +02:00
bluetooth Bluetooth: Only one command per L2CAP LE signalling is supported 2013-10-03 16:09:59 +03:00
bridge bridge: netfilter: orphan skb before invoking ip netfilter hooks 2013-10-27 21:44:33 +01:00
caif caif: Add missing braces to multiline if in cfctrl_linkup_request 2013-09-05 14:31:02 -04:00
can can: gw: add a per rule limitation of frame hops 2013-08-29 22:58:24 +02:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-09-19 12:50:37 -05:00
core net: gro: allow to build full sized skb 2013-10-10 00:08:07 -04:00
dcb
dccp inet: rename ir_loc_port to ir_num 2013-10-10 14:37:35 -04:00
decnet
dns_resolver net: strict_strtoul is obsolete, use kstrtoul instead 2013-07-12 16:09:14 -07:00
dsa net: dsa: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
ethernet ethernet: use likely() for common Ethernet encap 2013-09-30 21:52:53 -07:00
ieee802154 6lowpan: Sync default hardware address of lowpan links to their wpan 2013-10-08 15:28:37 -04:00
ipv4 netfilter: ipt_CLUSTERIP: use proper net namespace to operate CLUSTERIP 2013-10-17 10:48:47 +02:00
ipv6 netfilter: ip6t_REJECT: skip checksum verification for outgoing ipv6 packets 2013-10-23 11:20:00 +02:00
ipx net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
irda net/irda: fixed style issues in irttp 2013-07-19 17:34:40 -07:00
iucv net: delete __cpuinit usage from all net files 2013-07-14 19:36:58 -04:00
key xfrm: Remove rebundant address family checking 2013-08-07 10:12:58 +02:00
l2tp ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
lapb net/lapb: re-send packets on timeout 2013-09-23 16:52:45 -04:00
llc llc: Use normal etherdevice.h tests 2013-09-03 22:34:47 -04:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-08 23:07:53 -04:00
mac802154
mpls
netfilter netfilter: ipset: remove duplicate define 2013-10-27 19:24:45 +01:00
netlabel inet: includes a sock_common in request_sock 2013-10-10 00:08:07 -04:00
netlink net: netlink: filter particular protocols from analyzers 2013-09-06 14:43:48 -04:00
netrom
nfc NFC: Update secure element state 2013-08-14 01:13:40 +02:00
openvswitch net ipv4: Convert ipv4.ip_local_port_range to be per netns v3 2013-09-30 21:59:38 -07:00
packet net: packet: use reciprocal_divide in fanout_demux_hash 2013-08-29 16:43:29 -04:00
phonet net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
rds
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
rose
rxrpc
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-08 23:07:53 -04:00
sctp ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
sunrpc net: fix build errors if ipv6 is disabled 2013-10-09 13:04:03 -04:00
tipc tipc: set sk_err correctly when connection fails 2013-08-30 16:06:57 -04:00
unix unix_diag: fix info leak 2013-10-02 16:08:24 -04:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-08-16 15:37:26 -07:00
wimax
wireless cfg80211: fix sysfs registration race 2013-09-26 20:03:45 +02:00
x25 x25: add a sanity check parsing X.25 facilities 2013-09-04 00:27:27 -04:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2013-09-30 15:24:57 -04:00
compat.c net: heap overflow in __audit_sockaddr() 2013-10-03 16:05:14 -04:00
Kconfig Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
Makefile
nonet.c
socket.c net: heap overflow in __audit_sockaddr() 2013-10-03 16:05:14 -04:00
sysctl_net.c net: Update the sysctl permissions handler to test effective uid/gid 2013-10-07 15:57:56 -04:00