linux.git/net/netfilter/xt_NFLOG.c, branch v4.3 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git netfilter: log: netns NULL ptr bug when calling from conntrack 2013-05-15T12:11:07+00:00 Hans Schillstrom hans@schillstrom.com 2013-05-15T01:23:45+00:00 8cdb46da06ea94543a3b2e53e3e92736421d1093 Since (69b34fb netfilter: xt_LOG: add net namespace support for xt_LOG), we hit this: [ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388 [ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270 when callling log functions from conntrack both in and out are NULL i.e. the net pointer is invalid. Adding struct net *net in call to nf_logfn() will secure that there always is a vaild net ptr. Reported as netfilter's bugzilla bug 818: https://bugzilla.netfilter.org/show_bug.cgi?id=818 Reported-by: Ronald <ronald645@gmail.com> Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Since (69b34fb netfilter: xt_LOG: add net namespace support
for xt_LOG), we hit this:

[ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
[ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270

when callling log functions from conntrack both in and out
are NULL i.e. the net pointer is invalid.

Adding struct net *net in call to nf_logfn() will secure that
there always is a vaild net ptr.

Reported as netfilter's bugzilla bug 818:
https://bugzilla.netfilter.org/show_bug.cgi?id=818

Reported-by: Ronald <ronald645@gmail.com>
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: xtables: substitute temporary defines by final name 2010-05-11T16:31:17+00:00 Jan Engelhardt jengelh@medozas.de 2009-07-05T17:43:26+00:00 4b560b447df83368df44bd3712c0c39b1d79ba04 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
netfilter: xtables: change targets to return error code 2010-03-25T15:55:49+00:00 Jan Engelhardt jengelh@medozas.de 2010-03-25T15:34:45+00:00 d6b00a5345ce4e86e8b00a88bb84a2c0c1f69ddc Part of the transition of done by this semantic patch: // <smpl> @ rule1 @ struct xt_target ops; identifier check; @@ ops.checkentry = check; @@ identifier rule1.check; @@ check(...) { <... -return true; +return 0; ...> } @@ identifier rule1.check; @@ check(...) { <... -return false; +return -EINVAL; ...> } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> 
Part of the transition of done by this semantic patch:
// <smpl>
@ rule1 @
struct xt_target ops;
identifier check;
@@
 ops.checkentry = check;

@@
identifier rule1.check;
@@
 check(...) { <...
-return true;
+return 0;
 ...> }

@@
identifier rule1.check;
@@
 check(...) { <...
-return false;
+return -EINVAL;
 ...> }
// </smpl>

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
netfilter: xtables: change xt_target.checkentry return type 2010-03-25T15:04:33+00:00 Jan Engelhardt jengelh@medozas.de 2010-03-19T16:16:42+00:00 135367b8f6a18507af6b9a6910a14b5699415309 Restore function signatures from bool to int so that we can report memory allocation failures or similar using -ENOMEM rather than always having to pass -EINVAL back. // <smpl> @@ type bool; identifier check, par; @@ -bool check +int check (struct xt_tgchk_param *par) { ... } // </smpl> Minus the change it does to xt_ct_find_proto. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> 
Restore function signatures from bool to int so that we can report
memory allocation failures or similar using -ENOMEM rather than
always having to pass -EINVAL back.

// <smpl>
@@
type bool;
identifier check, par;
@@
-bool check
+int check
 (struct xt_tgchk_param *par) { ... }
// </smpl>

Minus the change it does to xt_ct_find_proto.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module. 2008-11-04T13:21:08+00:00 Eric Leblond eric@inl.fr 2008-11-04T13:21:08+00:00 5f7340eff8f68f41b7e5c7ad47ec4cd1ea1afb40 This patch modifies xt_NFLOG to suppress the call to nf_log_packet() function. The call of this wrapper in xt_NFLOG was causing NFLOG to use the first initialized module. Thus, if ipt_ULOG is loaded before nfnetlink_log all NFLOG rules are treated as plain LOG rules. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> 
This patch modifies xt_NFLOG to suppress the call to nf_log_packet()
function. The call of this wrapper in xt_NFLOG was causing NFLOG to
use the first initialized module. Thus, if ipt_ULOG is loaded before
nfnetlink_log all NFLOG rules are treated as plain LOG rules.

Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08T09:35:20+00:00 Jan Engelhardt jengelh@medozas.de 2008-10-08T09:35:20+00:00 92f3b2b1bc968caaabee8cd78bee75ab7c4af74e Using ->family in struct xt_*_param, multiple struct xt_{match,target} can be squashed together. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 
Using ->family in struct xt_*_param, multiple struct xt_{match,target}
can be squashed together.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08T09:35:19+00:00 Jan Engelhardt jengelh@medozas.de 2008-10-08T09:35:19+00:00 af5d6dc200eb0fcc6fbd3df1ab4d8969004cb37f This patch does this for target extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 
This patch does this for target extensions' checkentry functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08T09:35:19+00:00 Jan Engelhardt jengelh@medozas.de 2008-10-08T09:35:19+00:00 7eb3558655aaa87a3e71a0c065dfaddda521fa6d This patch does this for target extensions' target functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 
This patch does this for target extensions' target functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: x_tables: use NFPROTO_* in extensions 2008-10-08T09:35:01+00:00 Jan Engelhardt jengelh@medozas.de 2008-10-08T09:35:01+00:00 ee999d8b9573df1b547aacdc6d79f86eb79c25cd Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
[NETFILTER]: Update modules' descriptions 2008-01-28T23:02:26+00:00 Jan Engelhardt jengelh@computergmbh.de 2008-01-15T07:42:28+00:00 2ae15b64e6a1608c840c60df38e8e5eef7b2b8c3 Updates the MODULE_DESCRIPTION() tags for all Netfilter modules, actually describing what the module does and not just "netfilter XYZ target". Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
actually describing what the module does and not just
"netfilter XYZ target".

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>