subject:"\[PATCH net\] netfilter\: nf_conntrack\: Use net

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

2016-05-17 Thread Pablo Neira Ayuso

Cc'ing Eric Biederman. On Mon, May 16, 2016 at 09:38:53PM -0700, Joe Stringer wrote: > On 6 May 2016 at 04:03, Pablo Neira Ayuso wrote: > > Hi Joe, > > > > On Thu, May 05, 2016 at 03:50:37PM -0700, Joe Stringer wrote: > >> diff --git a/net/netfilter/nf_conntrack_helper.c >

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

2016-05-16 Thread Joe Stringer

On 6 May 2016 at 04:03, Pablo Neira Ayuso wrote: > Hi Joe, > > On Thu, May 05, 2016 at 03:50:37PM -0700, Joe Stringer wrote: >> diff --git a/net/netfilter/nf_conntrack_helper.c >> b/net/netfilter/nf_conntrack_helper.c >> index 3b40ec575cd5..6860b19be406 100644 >> ---

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

2016-05-07 Thread Florian Westphal

Joe Stringer wrote: > > If so, probably I can append this as comment to this function so we > > don't forget. If we ever have .exit callbacks (I don't expect so), we > > would need to wait for worker completion. > > Sounds reasonable to me. > > I see there's a bunch of other

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

2016-05-06 Thread Joe Stringer

On 6 May 2016 at 04:03, Pablo Neira Ayuso wrote: > Hi Joe, > > On Thu, May 05, 2016 at 03:50:37PM -0700, Joe Stringer wrote: >> diff --git a/net/netfilter/nf_conntrack_helper.c >> b/net/netfilter/nf_conntrack_helper.c >> index 3b40ec575cd5..6860b19be406 100644 >> ---

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

2016-05-06 Thread Pablo Neira Ayuso

Hi Joe, On Thu, May 05, 2016 at 03:50:37PM -0700, Joe Stringer wrote: > diff --git a/net/netfilter/nf_conntrack_helper.c > b/net/netfilter/nf_conntrack_helper.c > index 3b40ec575cd5..6860b19be406 100644 > --- a/net/netfilter/nf_conntrack_helper.c > +++ b/net/netfilter/nf_conntrack_helper.c > @@

[PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

2016-05-05 Thread Joe Stringer

If a user loads nf_conntrack_ftp, sends FTP traffic through a network namespace, destroys that namespace then unloads the FTP helper module, then the kernel will crash. Florian's assessment of the bug: AFAIU following happens: 1. ct is created with ftp helper in netns x 2. netns x

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

[PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration.

6 matches

Site Navigation

Mail list logo

Footer information