diff options
author | Patrick McHardy <kaber@trash.net> | 2009-12-15 16:59:59 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-01-06 15:04:40 -0800 |
commit | 048a424c2826ccbeb9b08bc3a8c6bc7acbd3116d (patch) | |
tree | c1626ee2c2873f2b08ad6d6fcec4caaad6ada359 /include | |
parent | 89cf4f4c853f1f9619d58d89aa7d1fc56e24ee3a (diff) | |
download | lwn-048a424c2826ccbeb9b08bc3a8c6bc7acbd3116d.tar.gz lwn-048a424c2826ccbeb9b08bc3a8c6bc7acbd3116d.zip |
netfilter: fix crashes in bridge netfilter caused by fragment jumps
commit 8fa9ff6849bb86c59cc2ea9faadf3cb2d5223497 upstream.
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.
Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.
Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805
Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/ip.h | 1 | ||||
-rw-r--r-- | include/net/ipv6.h | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/include/net/ip.h b/include/net/ip.h index 2f47e5482b55..69db943058ac 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -342,6 +342,7 @@ enum ip_defrag_users IP_DEFRAG_CALL_RA_CHAIN, IP_DEFRAG_CONNTRACK_IN, IP_DEFRAG_CONNTRACK_OUT, + IP_DEFRAG_CONNTRACK_BRIDGE_IN, IP_DEFRAG_VS_IN, IP_DEFRAG_VS_OUT, IP_DEFRAG_VS_FWD diff --git a/include/net/ipv6.h b/include/net/ipv6.h index a49649906052..639bbf06d378 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -358,6 +358,7 @@ enum ip6_defrag_users { IP6_DEFRAG_LOCAL_DELIVER, IP6_DEFRAG_CONNTRACK_IN, IP6_DEFRAG_CONNTRACK_OUT, + IP6_DEFRAG_CONNTRACK_BRIDGE_IN, }; struct ip6_create_arg { |