openstlinux/linux-st
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
43b2aef3735e0ddb4fc4e6401cd5dc1bf205dead
linux-st/include/net
History
Florian Westphal e34b9ed96c netfilter: nf_tables: avoid skb access on nf_stolen 
When verdict is NF_STOLEN, the skb might have been freed.

When tracing is enabled, this can result in a use-after-free:
1. access to skb->nf_trace
2. access to skb->mark
3. computation of trace id
4. dump of packet payload

To avoid 1, keep a cached copy of skb->nf_trace in the
trace state struct.
Refresh this copy whenever verdict is != STOLEN.

Avoid 2 by skipping skb->mark access if verdict is STOLEN.

3 is avoided by precomputing the trace id.

Only dump the packet when verdict is not "STOLEN".

Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-06-27 19:22:54 +02:00
..
9p
bluetooth
bluetooth: don't use bitmaps for random flag accesses
2022-06-05 16:28:41 -07:00
caif
iucv
netfilter
netfilter: nf_tables: avoid skb access on nf_stolen
2022-06-27 19:22:54 +02:00
netns
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next
2022-05-16 10:10:37 +01:00
nfc
phonet
sctp
net: remove noblock parameter from recvmsg() entities
2022-04-12 15:00:25 +02:00
tc_act
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-05-12 16:15:30 -07:00
6lowpan.h
act_api.h
net/sched: act_api: Add extack to offload_act_setup() callback
2022-04-08 13:45:43 +01:00
addrconf.h
net: Add new protocol attribute to IP addresses
2022-02-18 21:20:06 -08:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
vsock: each transport cycles only on its own sockets
2022-03-11 23:14:19 -08:00
ah.h
amt.h
amt: fix typo in amt
2022-05-25 21:36:16 -07:00
arp.h
ipv4: Invalidate neighbour for broadcast address upon address addition
2022-02-21 11:44:30 +00:00
atmclip.h
ax25.h
ax25: Fix ax25 session cleanup problems
2022-06-02 10:37:57 +02:00
ax88796.h
bareudp.h
bond_3ad.h
bonding: fix data-races around agg_select_timer
2022-02-15 14:35:18 +00:00
bond_alb.h
bond_options.h
bonding: add new option ns_ip6_target
2022-02-21 12:13:45 +00:00
bonding.h
bonding: guard ns_targets by CONFIG_IPV6
2022-06-01 11:18:55 +02:00
bpf_sk_storage.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h
net: wrap the wireless pointers in struct net_device in an ifdef
2022-05-22 21:51:54 +01:00
cfg802154.h
net: wrap the wireless pointers in struct net_device in an ifdef
2022-05-22 21:51:54 +01:00
checksum.h
powerpc/net: Implement powerpc specific csum_shift() to remove branch
2022-03-11 10:57:22 +00:00
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
Revert "Merge branch 'mlxsw-line-card-model'"
2022-05-05 15:47:23 -07:00
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h
net: dsa: remove port argument from ->change_tag_protocol()
2022-05-12 16:38:55 -07:00
dsfield.h
dst_cache.h
dst_metadata.h
net: fix a memleak when uncloning an skb dst and its metadata
2022-02-09 11:41:47 +00:00
dst_ops.h
dst.h
erspan.h
esp.h
esp: limit skb_page_frag_refill use to a single page
2022-04-13 10:16:11 +02:00
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow_dissector.h
flow_dissector: Add number of vlan tags dissector
2022-04-20 11:09:13 +01:00
flow_offload.h
netfilter: nf_tables: bail out early if hardware offload is not supported
2022-06-06 19:19:15 +02:00
flow.h
net: Add l3mdev index to flow struct and avoid oif reset for port devices
2022-03-15 20:20:02 -07:00
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gro.h
net: gro: Fix a 'directive in macro's argument list' sparse warning
2022-02-18 11:00:25 +00:00
gtp.h
gtp: Add support for checking GTP device type
2022-03-11 08:28:27 -08:00
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee80211: radiotap: fix -Wcast-qual warnings
2022-02-04 16:25:21 +01:00
ieee802154_netdev.h
if_inet6.h
ipv6: fix locking issues with loops over idev->addr_list
2022-04-06 22:09:39 -07:00
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
2022-05-16 10:31:06 +01:00
inet_common.h
inet_connection_sock.h
Revert "net: Add a second bind table hashed by port and address"
2022-06-16 11:07:59 -07:00
inet_dscp.h
ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules
2022-02-07 20:12:45 -08:00
inet_ecn.h
inet_frag.h
net: ip: Handle delivery_time in ip defrag
2022-03-03 14:38:48 +00:00
inet_hashtables.h
Revert "net: Add a second bind table hashed by port and address"
2022-06-16 11:07:59 -07:00
inet_sock.h
sock: redo the psock vs ULP protection check
2022-06-23 10:08:30 +02:00
inet_timewait_sock.h
Revert "tcp/dccp: get rid of inet_twsk_purge()"
2022-05-13 12:24:12 +01:00
inetpeer.h
ioam6.h
treewide: Replace zero-length arrays with flexible-array members
2022-02-17 07:00:39 -06:00
ip6_checksum.h
ip6_fib.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-02-17 11:44:20 -08:00
ip6_route.h
ip6_tunnel.h
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
2022-04-25 11:40:45 +01:00
ip_fib.h
ipv4: Use dscp_t in struct fib_entry_notifier_info
2022-04-11 17:37:50 -07:00
ip_tunnels.h
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
2022-04-25 11:40:45 +01:00
ip_vs.h
ip.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-05-19 11:23:59 -07:00
ipcomp.h
ipconfig.h
ipv6_frag.h
net: don't include ndisc.h from ipv6.h
2022-02-04 14:15:11 -08:00
ipv6_stubs.h
ipv6.h
ipv6: Fix signed integer overflow in __ip6_append_data
2022-06-08 10:56:43 -07:00
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h
mac80211: extend current rate control tx status API
2022-05-16 10:05:02 +02:00
mac802154.h
net: mac802154: Create an error helper for asynchronous offloading errors
2022-04-25 20:51:12 +02:00
macsec.h
mctp.h
mctp: Use output netdev to allocate skb headroom
2022-04-01 12:04:15 +01:00
mctpdevice.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mptcp.h
Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2022-05-23 16:07:14 -07:00
mrp.h
ncsi.h
ndisc.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-03-03 11:55:12 -08:00
neighbour.h
net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
2022-02-02 20:30:18 -08:00
net_debug.h
net: add CONFIG_DEBUG_NET
2022-05-11 12:43:10 +01:00
net_failover.h
net_namespace.h
net: make net->dev_unreg_count atomic
2022-02-10 15:30:26 +00:00
net_ratelimit.h
net_trackers.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h
p8022.h
page_pool.h
net: page_pool: introduce ethtool stats
2022-04-15 10:43:47 +01:00
pie.h
ping.h
net: remove noblock parameter from recvmsg() entities
2022-04-12 15:00:25 +02:00
pkt_cls.h
net/sched: act_api: Add extack to offload_act_setup() callback
2022-04-08 13:45:43 +01:00
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
tcp: Use BPF timeout setting for SYN ACK RTO
2022-02-02 14:45:18 +00:00
rose.h
route.h
ipv4: Avoid using RTO_ONLINK with ip_route_connect().
2022-04-22 13:06:03 +01:00
rpl.h
rsi_91x.h
rtnetlink.h
net: rtnetlink: add bulk delete support flag
2022-04-13 12:46:26 +01:00
rtnh.h
sch_generic.h
net: sched: add barrier to fix packet stuck problem for lockless qdisc
2022-05-31 20:39:28 -07:00
scm.h
secure_seq.h
secure_seq: use the 64 bits of the siphash for port offset calculation
2022-05-04 19:22:20 -07:00
seg6_hmac.h
seg6_local.h
seg6.h
selftests.h
slhc_vj.h
smc.h
snmp.h
sock_reuseport.h
sock.h
Revert "net: Add a second bind table hashed by port and address"
2022-06-16 11:07:59 -07:00
Space.h
stp.h
strparser.h
tls: rx: don't store the decryption status in socket context
2022-04-08 11:49:08 +01:00
switchdev.h
net: bridge: mst: Notify switchdev drivers of MST state changes
2022-03-17 16:49:58 -07:00
tcp_states.h
tcp.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-04-28 13:02:01 -07:00
timewait_sock.h
tipc.h
tls_toe.h
tls.h
tls: Add opt-in zerocopy mode of sendfile()
2022-05-19 12:14:11 +02:00
transp_v6.h
tso.h
tun_proto.h
udp_tunnel.h
udp.h
net: remove noblock parameter from recvmsg() entities
2022-04-12 15:00:25 +02:00
udplite.h
vsock_addr.h
vxlan.h
drivers: vxlan: vnifilter: per vni stats
2022-03-01 08:38:02 +00:00
wext.h
x25.h
x25device.h
xdp_priv.h
xdp_sock_drv.h
xdp_sock.h
xdp.h
net: veth: Account total xdp_frame len running ndo_xdp_xmit
2022-03-17 20:33:52 +01:00
xfrm.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-05-19 11:23:59 -07:00
xsk_buff_pool.h
xsk: Fix possible crash when multiple sockets are created
2022-04-26 16:19:54 +02:00