unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../net/netfilter
History
Patrick McHardy b54ad409fd netfilter: ctnetlink: fix conntrack creation race 
Conntrack creation through ctnetlink has two races:

- the timer may expire and free the conntrack concurrently, causing an
  invalid memory access when attempting to put it in the hash tables

- an identical conntrack entry may be created in the packet processing
  path in the time between the lookup and hash insertion

Hold the conntrack lock between the lookup and insertion to avoid this.

Reported-by: Zoltan Borbely <bozo@andrews.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-24 15:56:17 -08:00
..
ipvs netfilter: payload_len is be16, add size of struct rather than size of pointer 2008-11-10 16:46:06 -08:00
core.c netfilter: enable netfilter in netns 2008-10-08 11:35:11 +02:00
Kconfig netfilter: ctnetlink: remove obsolete NAT dependency from Kconfig 2008-10-20 03:31:17 -07:00
Makefile Merge branch 'lvs-next-2.6' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/lvs-2.6 2008-10-08 14:26:36 -07:00
nf_conntrack_acct.c fix random typos 2008-10-16 11:21:30 -07:00
nf_conntrack_amanda.c
nf_conntrack_core.c netfilter: ctnetlink: fix conntrack creation race 2008-11-24 15:56:17 -08:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: netns nf_conntrack: H323 conntracking in netns 2008-10-08 11:35:09 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: netns ct: walk netns list under RTNL 2008-11-05 03:03:18 -08:00
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: fix conntrack creation race 2008-11-24 15:56:17 -08:00
nf_conntrack_pptp.c driver core: basic infrastructure for per-module dynamic debug messages 2008-10-16 09:24:47 -07:00
nf_conntrack_proto.c netfilter: netns ct: walk netns list under RTNL 2008-11-05 03:03:18 -08:00
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: nf_conntrack_proto_gre: switch to register_pernet_gen_subsys() 2008-10-30 23:55:44 -07:00
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_sane.c
nf_conntrack_sip.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c
nf_internals.h
nf_log.c
nf_queue.c
nf_sockopt.c netfilter: enable netfilter in netns 2008-10-08 11:35:11 +02:00
nf_tproxy_core.c netfilter: remove unused #include <version.h> 2008-10-12 21:08:34 -07:00
nfnetlink.c net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely) 2008-10-16 15:24:51 -07:00
nfnetlink_log.c
nfnetlink_queue.c
x_tables.c netfilter: xtables: provide invoked family value to extensions 2008-10-08 11:35:20 +02:00
xt_CLASSIFY.c netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08 11:35:19 +02:00
xt_comment.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_connbytes.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_connlimit.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_CONNMARK.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_connmark.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_CONNSECMARK.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_conntrack.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_dccp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_dscp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_DSCP.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
xt_esp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_hashlimit.c netfilter: xtables: move extension arguments into compound structure (3/6) 2008-10-08 11:35:19 +02:00
xt_helper.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_iprange.c netfilter: xt_iprange: fix range inversion match 2008-10-20 03:32:21 -07:00
xt_length.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00
xt_limit.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_mac.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_MARK.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_mark.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_multiport.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_NFLOG.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_NFQUEUE.c netfilter: replace old NF_ARP calls with NFPROTO_ARP 2008-10-20 03:34:51 -07:00
xt_NOTRACK.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_owner.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_physdev.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_pkttype.c netfilter: xtables: cut down on static data for family-independent extensions 2008-10-08 11:35:20 +02:00
xt_policy.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_quota.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_rateest.c netfilter: xtables: move extension arguments into compound structure (3/6) 2008-10-08 11:35:19 +02:00
xt_RATEEST.c netfilter: xtables: move extension arguments into compound structure (6/6) 2008-10-08 11:35:19 +02:00
xt_realm.c netfilter: xtables: use NFPROTO_UNSPEC in more extensions 2008-10-08 11:35:20 +02:00
xt_recent.c netfilter: xt_recent: use proc_create_data() 2008-10-20 03:33:49 -07:00
xt_sctp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_SECMARK.c netfilter: xtables: move extension arguments into compound structure (6/6) 2008-10-08 11:35:19 +02:00
xt_socket.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00
xt_state.c netfilter: xtables: move extension arguments into compound structure (3/6) 2008-10-08 11:35:19 +02:00
xt_statistic.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_string.c netfilter: xtables: move extension arguments into compound structure (3/6) 2008-10-08 11:35:19 +02:00
xt_TCPMSS.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
xt_tcpmss.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00
xt_TCPOPTSTRIP.c netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08 11:35:19 +02:00
xt_tcpudp.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_time.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
xt_TPROXY.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
xt_TRACE.c netfilter: xtables: move extension arguments into compound structure (4/6) 2008-10-08 11:35:19 +02:00
xt_u32.c netfilter: xtables: move extension arguments into compound structure (1/6) 2008-10-08 11:35:18 +02:00