git.baikalelectronics.ru Git - kernel.git/commit

author	Liping Zhang <liping.zhang@spreadtrum.com>
	Sat, 17 Sep 2016 06:31:20 +0000 (14:31 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 23 Sep 2016 07:30:26 +0000 (09:30 +0200)
commit	121ddb5a279faa09b35643e13a05b4ca9541a6c9
tree	da43d9f571eb5a6c41b013645c831564e2f7b534	tree \| snapshot
parent	67cf44db17ac61408351a4b89a6c679e54cf0a5f	commit \| diff

netfilter: nf_tables: check tprot_set first when we use xt.thoff

pkt->xt.thoff is not always set properly, but we use it without any check.
For payload expr, it will cause wrong results. For nftrace, we may notify
the wrong network or transport header to the user space, furthermore,
input the following nft rules, warning message will be printed out:
  # nft add rule arp filter output meta nftrace set 1

  WARNING: CPU: 0 PID: 13428 at net/netfilter/nf_tables_trace.c:263
  nft_trace_notify+0x4a3/0x5e0 [nf_tables]
  Call Trace:
  [<ffffffff813d58ae>] dump_stack+0x63/0x85
  [<ffffffff810a4c0b>] __warn+0xcb/0xf0
  [<ffffffff810a4d3d>] warn_slowpath_null+0x1d/0x20
  [<ffffffffa0589703>] nft_trace_notify+0x4a3/0x5e0 [nf_tables]
  [ ... ]
  [<ffffffffa05690a8>] nft_do_chain_arp+0x78/0x90 [nf_tables_arp]
  [<ffffffff816f4aa2>] nf_iterate+0x62/0x80
  [<ffffffff816f4b33>] nf_hook_slow+0x73/0xd0
  [<ffffffff81732bbf>] arp_xmit+0x8f/0xb0
  [ ... ]
  [<ffffffff81732d36>] arp_solicit+0x106/0x2c0

So before we use pkt->xt.thoff, check the tprot_set first.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nf_tables_core.c		diff \| blob \| history
net/netfilter/nf_tables_trace.c		diff \| blob \| history
net/netfilter/nft_payload.c		diff \| blob \| history