summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2009-12-15 16:59:59 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2010-01-06 15:04:40 -0800
commit048a424c2826ccbeb9b08bc3a8c6bc7acbd3116d (patch)
treec1626ee2c2873f2b08ad6d6fcec4caaad6ada359 /include
parent89cf4f4c853f1f9619d58d89aa7d1fc56e24ee3a (diff)
downloadlwn-048a424c2826ccbeb9b08bc3a8c6bc7acbd3116d.tar.gz
lwn-048a424c2826ccbeb9b08bc3a8c6bc7acbd3116d.zip
netfilter: fix crashes in bridge netfilter caused by fragment jumps
commit 8fa9ff6849bb86c59cc2ea9faadf3cb2d5223497 upstream. When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack and a reassembly queue with the same fragment key already exists from reassembling a similar packet received on a different device (f.i. with multicasted fragments), the reassembled packet might continue on a different codepath than where the head fragment originated. This can cause crashes in bridge netfilter when a fragment received on a non-bridge device (and thus with skb->nf_bridge == NULL) continues through the bridge netfilter code. Add a new reassembly identifier for packets originating from bridge netfilter and use it to put those packets in insolated queues. Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805 Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'include')
-rw-r--r--include/net/ip.h1
-rw-r--r--include/net/ipv6.h1
2 files changed, 2 insertions, 0 deletions
diff --git a/include/net/ip.h b/include/net/ip.h
index 2f47e5482b55..69db943058ac 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -342,6 +342,7 @@ enum ip_defrag_users
IP_DEFRAG_CALL_RA_CHAIN,
IP_DEFRAG_CONNTRACK_IN,
IP_DEFRAG_CONNTRACK_OUT,
+ IP_DEFRAG_CONNTRACK_BRIDGE_IN,
IP_DEFRAG_VS_IN,
IP_DEFRAG_VS_OUT,
IP_DEFRAG_VS_FWD
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index a49649906052..639bbf06d378 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -358,6 +358,7 @@ enum ip6_defrag_users {
IP6_DEFRAG_LOCAL_DELIVER,
IP6_DEFRAG_CONNTRACK_IN,
IP6_DEFRAG_CONNTRACK_OUT,
+ IP6_DEFRAG_CONNTRACK_BRIDGE_IN,
};
struct ip6_create_arg {