linux.git/net/netfilter, branch v2.6.22-rc4 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git [NETFILTER]: nf_conntrack_h323: add missing T.120 address in OLCA 2007-05-24T23:44:11+00:00 Jing Min Zhao zhaojingmin@vivecode.com 2007-05-24T23:44:11+00:00 f8f1c08eaef838e22bf427665da87cfa73e5074d Add missing process of T.120 address in OpenLogicalChannelAck signal. Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Add missing process of T.120 address in OpenLogicalChannelAck signal.

Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack_h323: remove unnecessary process of Information signal 2007-05-24T23:43:42+00:00 Jing Min Zhao zhaojingmin@vivecode.com 2007-05-24T23:43:42+00:00 596830f1a1e5d26a83fe83b99ced1456d9d7f39b According to the implementation of H.323, it's not necessary to check the addresses in Information signals. Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
According to the implementation of H.323, it's not necessary to check
the addresses in Information signals.

Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack_h323: fix get_h225_addr() for IPv6 address access 2007-05-24T23:43:07+00:00 Jing Min Zhao zhaojingmin@vivecode.com 2007-05-24T23:43:07+00:00 bb807245ef981cac7e8550aea365e6f2157d5c4d Update get_h225_addr() to meet the changes in ASN.1 types. It was using field ip6 to access IPv6 TransportAddress, it should be ip according the ASN.1 definition. Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Update get_h225_addr() to meet the changes in ASN.1 types. It was using
field ip6 to access IPv6 TransportAddress, it should be ip according the
ASN.1 definition.

Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack_h323: fix ASN.1 types 2007-05-24T23:42:26+00:00 Jing Min Zhao zhaojingmin@vivecode.com 2007-05-24T23:42:26+00:00 d052918688bdd7a1218aa5ae182013bf45a4881a 1. Add support for decoding IPv6 address. I know it was manually added in the header file, but not in the template file. That wouldn't work. 2. Add missing support for decoding T.120 address in OLCA. 3. Remove unnecessary decoding of Information signal. Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
1. Add support for decoding IPv6 address. I know it was manually added in
   the header file, but not in the template file. That wouldn't work.
2. Add missing support for decoding T.120 address in OLCA.
3. Remove unnecessary decoding of Information signal.

Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack_ftp: fix newline sequence number calculation 2007-05-24T23:41:50+00:00 Patrick McHardy kaber@trash.net 2007-05-24T23:41:50+00:00 25b86e05467a2bf936b78695ef49039e3bbd1e0c When the packet size is changed by the FTP NAT helper, the connection tracking helper adjusts the sequence number of the newline character by the size difference. This is wrong because NAT sequence number adjustment happens after helpers are called, so the unadjusted number is compared to the already adjusted one. Based on report by YU, Haitao <yuhaitao@tsinghua.org.cn> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
When the packet size is changed by the FTP NAT helper, the connection
tracking helper adjusts the sequence number of the newline character
by the size difference. This is wrong because NAT sequence number
adjustment happens after helpers are called, so the unadjusted number
is compared to the already adjusted one.

Based on report by YU, Haitao <yuhaitao@tsinghua.org.cn>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack_ftp: fix newline sequence number update 2007-05-24T23:40:51+00:00 Patrick McHardy kaber@trash.net 2007-05-24T23:40:51+00:00 5fe26f53fe9e2ba5dca2835a4ca69d0ba7b5f707 When trying to locate the oldest entry in the history of newline character sequence numbers, the sequence number of the current entry is incorrectly compared with the index of the oldest sequence number instead of the number itself. Additionally it is not made sure that the current sequence number really is after the oldest known one. Based on report by YU, Haitao <yuhaitao@tsinghua.org.cn> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
When trying to locate the oldest entry in the history of newline character
sequence numbers, the sequence number of the current entry is incorrectly
compared with the index of the oldest sequence number instead of the number
itself.

Additionally it is not made sure that the current sequence number really
is after the oldest known one.

Based on report by YU, Haitao <yuhaitao@tsinghua.org.cn>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack: fix use-after-free in helper destroy callback invocation 2007-05-19T21:23:52+00:00 Patrick McHardy kaber@trash.net 2007-05-19T21:23:52+00:00 5397e97d7533a03b28a7b8aeee648cbb36a8afc6 When the helper module is removed for a master connection that has a fulfilled expectation, but has already timed out and got removed from the hash tables, nf_conntrack_helper_unregister can't find the master connection to unset the helper, causing a use-after-free when the expected connection is destroyed and releases the last reference to the master. The helper destroy callback was introduced for the PPtP helper to clean up expectations and expected connections when the master connection times out, but doing this from destroy_conntrack only works for unfulfilled expectations since expected connections hold a reference to the master, preventing its destruction. Move the destroy callback to the timeout function, which fixes both problems. Reported/tested by Gabor Burjan <buga@buvoshetes.hu>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
When the helper module is removed for a master connection that has a
fulfilled expectation, but has already timed out and got removed from
the hash tables, nf_conntrack_helper_unregister can't find the master
connection to unset the helper, causing a use-after-free when the
expected connection is destroyed and releases the last reference to
the master.

The helper destroy callback was introduced for the PPtP helper to clean
up expectations and expected connections when the master connection
times out, but doing this from destroy_conntrack only works for
unfulfilled expectations since expected connections hold a reference
to the master, preventing its destruction. Move the destroy callback to
the timeout function, which fixes both problems.

Reported/tested by Gabor Burjan <buga@buvoshetes.hu>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: xt_conntrack: add compat support 2007-05-11T06:48:00+00:00 Patrick McHardy kaber@trash.net 2007-05-10T21:17:58+00:00 da0dd231436ba7e81789e93dd933d7a275e1709d Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_nat: Clears helper private area when NATing 2007-05-11T06:47:48+00:00 Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2007-05-10T21:16:24+00:00 5d78a84913abc1b2ef1ec0c14a78ec99517cc122 Some helpers (eg. ftp) assume that private area in conntrack is filled with zero. It should be cleared when helper is changed. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Some helpers (eg. ftp) assume that private area in conntrack is
filled with zero. It should be cleared when helper is changed.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: ctnetlink: clear helper area and handle unchanged helper 2007-05-11T06:47:47+00:00 Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2007-05-10T21:15:58+00:00 df293bbb6ff80f40a2308140ba4cbc2d3c1b18da This patch - Clears private area for helper even if no helper is assigned to conntrack. It might be used by old helper. - Unchanges if the same helper as the used one is specified. - Does not find helper if no helper is specified. And it does not require private area for helper in that case. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch
- Clears private area for helper even if no helper is assigned to
  conntrack. It might be used by old helper.
- Unchanges if the same helper as the used one is specified.
- Does not find helper if no helper is specified. And it does not
  require private area for helper in that case.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>