8cdb46da06ea94543a3b2e53e3e92736421d1093 |
|
15-May-2013 |
Hans Schillstrom <hans@schillstrom.com> |
netfilter: log: netns NULL ptr bug when calling from conntrack Since (69b34fb netfilter: xt_LOG: add net namespace support for xt_LOG), we hit this: [ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388 [ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270 when callling log functions from conntrack both in and out are NULL i.e. the net pointer is invalid. Adding struct net *net in call to nf_logfn() will secure that there always is a vaild net ptr. Reported as netfilter's bugzilla bug 818: https://bugzilla.netfilter.org/show_bug.cgi?id=818 Reported-by: Ronald <ronald645@gmail.com> Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
cca5cf91c789f3301cc2541a79c323c53be5a8e1 |
|
15-Jul-2010 |
Pablo Neira Ayuso <pablo@netfilter.org> |
nfnetlink_log: do not expose NFULNL_COPY_DISABLED to user-space This patch moves NFULNL_COPY_PACKET definition from linux/netfilter/nfnetlink_log.h to net/netfilter/nfnetlink_log.h since this copy mode is only for internal use. I have also changed the value from 0x03 to 0xff. Thus, we avoid a gap from user-space that may confuse users if we add new copy modes in the future. This change was introduced in: http://www.spinics.net/lists/netfilter-devel/msg13535.html Since this change is not included in any stable Linux kernel, I think it's safe to make this change now. Anyway, this copy mode does not make any sense from user-space, so this patch should not break any existing setup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
d9e150071d18b5c87ba7a097af4063a5ad0c6a0c |
|
18-Nov-2008 |
Patrick McHardy <kaber@trash.net> |
netfilter: nfnetlink_log: fix warning and prototype mismatch net/netfilter/nfnetlink_log.c:537:1: warning: symbol 'nfulnl_log_packet' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
|
5f7340eff8f68f41b7e5c7ad47ec4cd1ea1afb40 |
|
04-Nov-2008 |
Eric Leblond <eric@inl.fr> |
netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module. This patch modifies xt_NFLOG to suppress the call to nf_log_packet() function. The call of this wrapper in xt_NFLOG was causing NFLOG to use the first initialized module. Thus, if ipt_ULOG is loaded before nfnetlink_log all NFLOG rules are treated as plain LOG rules. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
|