linux.git/net/netfilter/xt_TCPOPTSTRIP.c, branch v4.3 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-18T04:33:06+00:00 Tom Herbert tom@herbertland.com 2015-08-17T20:42:25+00:00 4b048d6d9d0b0b90e1e94f2393796bbf1fa8df4e inet_proto_csum_replace4,2,16 take a pseudohdr argument which indicates the checksum field carries a pseudo header. This argument should be a boolean instead of an int. Signed-off-by: Tom Herbert <tom@herbertland.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
inet_proto_csum_replace4,2,16 take a pseudohdr argument which indicates
the checksum field carries a pseudo header. This argument should be a
boolean instead of an int.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: xt_TCPOPTSTRIP: fix possible off by one access 2013-08-01T09:45:15+00:00 Pablo Neira Ayuso pablo@netfilter.org 2013-07-25T08:46:46+00:00 a206bcb3b02025b23137f3228109d72e0f835c05 Fix a possible off by one access since optlen() touches opt[offset+1] unsafely when i == tcp_hdrlen(skb) - 1. This patch replaces tcp_hdrlen() by the local variable tcp_hdrlen that stores the TCP header length, to save some cycles. Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Fix a possible off by one access since optlen()
touches opt[offset+1] unsafely when i == tcp_hdrlen(skb) - 1.

This patch replaces tcp_hdrlen() by the local variable tcp_hdrlen
that stores the TCP header length, to save some cycles.

Reported-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: xt_TCPOPTSTRIP: don't use tcp_hdr() 2013-06-10T23:55:07+00:00 Pablo Neira Ayuso pablo@netfilter.org 2013-06-10T23:51:31+00:00 ed82c437320c48a4032492f4a55a7e2c934158b6 In (bc6bcb5 netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary), the use of tcp_hdr was introduced. However, we cannot assume that skb->transport_header is set for non-local packets. Cc: Florian Westphal <fw@strlen.de> Reported-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
In (bc6bcb5 netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond
packet boundary), the use of tcp_hdr was introduced. However, we
cannot assume that skb->transport_header is set for non-local packets.

Cc: Florian Westphal <fw@strlen.de>
Reported-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary 2013-05-16T15:35:53+00:00 Pablo Neira Ayuso pablo@netfilter.org 2013-05-07T01:22:18+00:00 bc6bcb59dd7c184d229f9e86d08aa56059938a4c This target assumes that tcph->doff is well-formed, that may be well not the case. Add extra sanity checkings to avoid possible crash due to read/write out of the real packet boundary. After this patch, the default action on malformed TCP packets is to drop them. Moreover, fragments are skipped. Reported-by: Rafal Kupka <rkupka@telemetry.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
This target assumes that tcph->doff is well-formed, that may be well
not the case. Add extra sanity checkings to avoid possible crash due
to read/write out of the real packet boundary. After this patch, the
default action on malformed TCP packets is to drop them. Moreover,
fragments are skipped.

Reported-by: Rafal Kupka <rkupka@telemetry.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net:netfilter: use IS_ENABLED 2011-12-16T20:49:52+00:00 Igor Maravić igorm@etf.rs 2011-12-12T02:58:24+00:00 c0cd115667bcd23c2a31fe2114beaab3608de68c Use IS_ENABLED(CONFIG_FOO) instead of defined(CONFIG_FOO) || defined (CONFIG_FOO_MODULE) Signed-off-by: Igor Maravić <igorm@etf.rs> Signed-off-by: David S. Miller <davem@davemloft.net> 
Use IS_ENABLED(CONFIG_FOO)
instead of defined(CONFIG_FOO) || defined (CONFIG_FOO_MODULE)

Signed-off-by: Igor Maravić <igorm@etf.rs>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03T17:35:10+00:00 Jesse Gross jesse@nicira.com 2011-12-01T01:05:51+00:00 75f2811c6460ccc59d83c66059943ce9c9f81a18 While parsing through IPv6 extension headers, fragment headers are skipped making them invisible to the caller. This reports the fragment offset of the last header in order to make it possible to determine whether the packet is fragmented and, if so whether it is a first or last fragment. Signed-off-by: Jesse Gross <jesse@nicira.com> 
While parsing through IPv6 extension headers, fragment headers are
skipped making them invisible to the caller.  This reports the
fragment offset of the last header in order to make it possible to
determine whether the packet is fragmented and, if so whether it is
a first or last fragment.

Signed-off-by: Jesse Gross <jesse@nicira.com>
netfilter: xtables: substitute temporary defines by final name 2010-05-11T16:31:17+00:00 Jan Engelhardt jengelh@medozas.de 2009-07-05T17:43:26+00:00 4b560b447df83368df44bd3712c0c39b1d79ba04 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
netfilter: update my email address 2010-03-17T14:53:10+00:00 Jan Engelhardt jengelh@medozas.de 2010-02-28T22:19:52+00:00 408ffaa4a11ddd6f730be520479fd5cd890c57d3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08T09:35:19+00:00 Jan Engelhardt jengelh@medozas.de 2008-10-08T09:35:19+00:00 7eb3558655aaa87a3e71a0c065dfaddda521fa6d This patch does this for target extensions' target functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 
This patch does this for target extensions' target functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: x_tables: use NFPROTO_* in extensions 2008-10-08T09:35:01+00:00 Jan Engelhardt jengelh@medozas.de 2008-10-08T09:35:01+00:00 ee999d8b9573df1b547aacdc6d79f86eb79c25cd Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>