Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-11-09 Thread Greg Kroah-Hartman 
On Sun, Oct 30, 2016 at 03:20:25AM +, Chris Caputo wrote:
> On Sun, 30 Oct 2016, Liping Zhang wrote:
> > 2016-10-30 3:04 GMT+08:00 Chris Caputo :
> > > Can we get this patch approved?  It is definitely needed for the 4.8.x
> > > tree and 4.9-rcX and mainline.
> > 
> > This patch was already applied, and was upstream to net.git:
> > https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888
> > 
> > I think you will see this patch in mainline soon.
> 
> Greg, any chance this could be picked up for 4.8.6?  (apologies if I am 
> out of line)

Looks good, now queued up.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-29 Thread Chris Caputo 
On Sun, 30 Oct 2016, Liping Zhang wrote:
> 2016-10-30 3:04 GMT+08:00 Chris Caputo :
> > Can we get this patch approved?  It is definitely needed for the 4.8.x
> > tree and 4.9-rcX and mainline.
> 
> This patch was already applied, and was upstream to net.git:
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888
> 
> I think you will see this patch in mainline soon.

Greg, any chance this could be picked up for 4.8.6?  (apologies if I am 
out of line)

Thanks,
Chris
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-29 Thread Liping Zhang 
2016-10-30 3:04 GMT+08:00 Chris Caputo :
> Pablo,
>
> Can we get this patch approved?  It is definitely needed for the 4.8.x
> tree and 4.9-rcX and mainline.
>
> Thanks,
> Chris
>

Hi,

This patch was already applied, and was upstream to net.git:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888

I think you will see this patch in mainline soon.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-29 Thread Chris Caputo 
Pablo,

Can we get this patch approved?  It is definitely needed for the 4.8.x 
tree and 4.9-rcX and mainline.

Thanks,
Chris

On Tue, 11 Oct 2016, Liping Zhang wrote:
> From: Liping Zhang 
> 
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
> 
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.
> 
> Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate 
> packets")
> Reported-by: Justin Piszcz 
> Reported-by: Chris Caputo 
> Tested-by: Chris Caputo 
> Signed-off-by: Liping Zhang 
> ---
>  net/netfilter/xt_NFLOG.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
> index 018eed7..8668a5c 100644
> --- a/net/netfilter/xt_NFLOG.c
> +++ b/net/netfilter/xt_NFLOG.c
> @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param 
> *par)
>   li.u.ulog.copy_len   = info->len;
>   li.u.ulog.group  = info->group;
>   li.u.ulog.qthreshold = info->threshold;
> + li.u.ulog.flags  = 0;
>  
>   if (info->flags & XT_NFLOG_F_COPY_LEN)
>   li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
> -- 
> 2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-17 Thread Pablo Neira Ayuso 
On Tue, Oct 11, 2016 at 10:26:27PM +0800, Liping Zhang wrote:
> From: Liping Zhang 
> 
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
> 
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.

Applied and enqueued for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-11 Thread Justin Piszcz 


> -Original Message-
> From: Liping Zhang [mailto:zlpnob...@163.com]
> Sent: Tuesday, October 11, 2016 9:04 AM
> To: pa...@netfilter.org
> Cc: netfilter-devel@vger.kernel.org; jpis...@lucidpixels.com;
> ccap...@alt.net; v...@akamai.com; Liping Zhang
> Subject: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
> 
> From: Liping Zhang <liping.zh...@spreadtrum.com>
> 
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
> 
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.
> 
> Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate
> packets")
> Reported-by: Justin Piszcz <jpis...@lucidpixels.com>
> Reported-by: Chris Caputo <ccap...@alt.net>
> Tested-by: Chris Caputo <ccap...@alt.net>
> Signed-off-by: Liping Zhang <liping.zh...@spreadtrum.com>
> ---
>  net/netfilter/xt_NFLOG.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
> index 018eed7..8668a5c 100644
> --- a/net/netfilter/xt_NFLOG.c
> +++ b/net/netfilter/xt_NFLOG.c
> @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct
> xt_action_param *par)
>   li.u.ulog.copy_len   = info->len;
>   li.u.ulog.group  = info->group;
>   li.u.ulog.qthreshold = info->threshold;
> + li.u.ulog.flags  = 0;
> 
>   if (info->flags & XT_NFLOG_F_COPY_LEN)
>   li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
> --
> 2.5.5
> 

Hello,

Applied patch against 4.8.1-- good here as well!

Thanks,

Justin.



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-11 Thread Liping Zhang 
From: Liping Zhang 

Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".

Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.

Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate 
packets")
Reported-by: Justin Piszcz 
Reported-by: Chris Caputo 
Tested-by: Chris Caputo 
Signed-off-by: Liping Zhang 
---
 net/netfilter/xt_NFLOG.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 018eed7..8668a5c 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param 
*par)
li.u.ulog.copy_len   = info->len;
li.u.ulog.group  = info->group;
li.u.ulog.qthreshold = info->threshold;
+   li.u.ulog.flags  = 0;
 
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
-- 
2.5.5


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet

2016-10-11 Thread Liping Zhang 
From: Liping Zhang 

Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".

Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.

Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate 
packets")
Reported-by: Justin Piszcz 
Reported-by: Chris Caputo 
Tested-by: Chris Caputo 
Signed-off-by: Liping Zhang 
---
 Sorry to redeliver this patch, my mail server told me that it failed.

 net/netfilter/xt_NFLOG.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 018eed7..8668a5c 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param 
*par)
li.u.ulog.copy_len   = info->len;
li.u.ulog.group  = info->group;
li.u.ulog.qthreshold = info->threshold;
+   li.u.ulog.flags  = 0;
 
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
-- 
2.5.5


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html