Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
On Sun, Oct 30, 2016 at 03:20:25AM +, Chris Caputo wrote: > On Sun, 30 Oct 2016, Liping Zhang wrote: > > 2016-10-30 3:04 GMT+08:00 Chris Caputo: > > > Can we get this patch approved? It is definitely needed for the 4.8.x > > > tree and 4.9-rcX and mainline. > > > > This patch was already applied, and was upstream to net.git: > > https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888 > > > > I think you will see this patch in mainline soon. > > Greg, any chance this could be picked up for 4.8.6? (apologies if I am > out of line) Looks good, now queued up. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
On Sun, 30 Oct 2016, Liping Zhang wrote: > 2016-10-30 3:04 GMT+08:00 Chris Caputo: > > Can we get this patch approved? It is definitely needed for the 4.8.x > > tree and 4.9-rcX and mainline. > > This patch was already applied, and was upstream to net.git: > https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888 > > I think you will see this patch in mainline soon. Greg, any chance this could be picked up for 4.8.6? (apologies if I am out of line) Thanks, Chris -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
2016-10-30 3:04 GMT+08:00 Chris Caputo: > Pablo, > > Can we get this patch approved? It is definitely needed for the 4.8.x > tree and 4.9-rcX and mainline. > > Thanks, > Chris > Hi, This patch was already applied, and was upstream to net.git: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6d19375b58763fefc2f215fb45117d3353ced888 I think you will see this patch in mainline soon. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
Pablo, Can we get this patch approved? It is definitely needed for the 4.8.x tree and 4.9-rcX and mainline. Thanks, Chris On Tue, 11 Oct 2016, Liping Zhang wrote: > From: Liping Zhang> > Justin and Chris spotted that iptables NFLOG target was broken when they > upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or > "results in segfaults in ulogd-2.0.5". > > Because "struct nf_loginfo li;" is a local variable, and flags will be > filled with garbage value, not inited to zero. So if it contains 0x1, > packets will not be logged to the userspace anymore. > > Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate > packets") > Reported-by: Justin Piszcz > Reported-by: Chris Caputo > Tested-by: Chris Caputo > Signed-off-by: Liping Zhang > --- > net/netfilter/xt_NFLOG.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c > index 018eed7..8668a5c 100644 > --- a/net/netfilter/xt_NFLOG.c > +++ b/net/netfilter/xt_NFLOG.c > @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param > *par) > li.u.ulog.copy_len = info->len; > li.u.ulog.group = info->group; > li.u.ulog.qthreshold = info->threshold; > + li.u.ulog.flags = 0; > > if (info->flags & XT_NFLOG_F_COPY_LEN) > li.u.ulog.flags |= NF_LOG_F_COPY_LEN; > -- > 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
On Tue, Oct 11, 2016 at 10:26:27PM +0800, Liping Zhang wrote: > From: Liping Zhang> > Justin and Chris spotted that iptables NFLOG target was broken when they > upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or > "results in segfaults in ulogd-2.0.5". > > Because "struct nf_loginfo li;" is a local variable, and flags will be > filled with garbage value, not inited to zero. So if it contains 0x1, > packets will not be logged to the userspace anymore. Applied and enqueued for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
> -Original Message- > From: Liping Zhang [mailto:zlpnob...@163.com] > Sent: Tuesday, October 11, 2016 9:04 AM > To: pa...@netfilter.org > Cc: netfilter-devel@vger.kernel.org; jpis...@lucidpixels.com; > ccap...@alt.net; v...@akamai.com; Liping Zhang > Subject: [PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet > > From: Liping Zhang <liping.zh...@spreadtrum.com> > > Justin and Chris spotted that iptables NFLOG target was broken when they > upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or > "results in segfaults in ulogd-2.0.5". > > Because "struct nf_loginfo li;" is a local variable, and flags will be > filled with garbage value, not inited to zero. So if it contains 0x1, > packets will not be logged to the userspace anymore. > > Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate > packets") > Reported-by: Justin Piszcz <jpis...@lucidpixels.com> > Reported-by: Chris Caputo <ccap...@alt.net> > Tested-by: Chris Caputo <ccap...@alt.net> > Signed-off-by: Liping Zhang <liping.zh...@spreadtrum.com> > --- > net/netfilter/xt_NFLOG.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c > index 018eed7..8668a5c 100644 > --- a/net/netfilter/xt_NFLOG.c > +++ b/net/netfilter/xt_NFLOG.c > @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct > xt_action_param *par) > li.u.ulog.copy_len = info->len; > li.u.ulog.group = info->group; > li.u.ulog.qthreshold = info->threshold; > + li.u.ulog.flags = 0; > > if (info->flags & XT_NFLOG_F_COPY_LEN) > li.u.ulog.flags |= NF_LOG_F_COPY_LEN; > -- > 2.5.5 > Hello, Applied patch against 4.8.1-- good here as well! Thanks, Justin. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
From: Liping ZhangJustin and Chris spotted that iptables NFLOG target was broken when they upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or "results in segfaults in ulogd-2.0.5". Because "struct nf_loginfo li;" is a local variable, and flags will be filled with garbage value, not inited to zero. So if it contains 0x1, packets will not be logged to the userspace anymore. Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets") Reported-by: Justin Piszcz Reported-by: Chris Caputo Tested-by: Chris Caputo Signed-off-by: Liping Zhang --- net/netfilter/xt_NFLOG.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 018eed7..8668a5c 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) li.u.ulog.copy_len = info->len; li.u.ulog.group = info->group; li.u.ulog.qthreshold = info->threshold; + li.u.ulog.flags = 0; if (info->flags & XT_NFLOG_F_COPY_LEN) li.u.ulog.flags |= NF_LOG_F_COPY_LEN; -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH nf] netfilter: xt_NFLOG: fix unexpected truncated packet
From: Liping ZhangJustin and Chris spotted that iptables NFLOG target was broken when they upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or "results in segfaults in ulogd-2.0.5". Because "struct nf_loginfo li;" is a local variable, and flags will be filled with garbage value, not inited to zero. So if it contains 0x1, packets will not be logged to the userspace anymore. Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets") Reported-by: Justin Piszcz Reported-by: Chris Caputo Tested-by: Chris Caputo Signed-off-by: Liping Zhang --- Sorry to redeliver this patch, my mail server told me that it failed. net/netfilter/xt_NFLOG.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 018eed7..8668a5c 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) li.u.ulog.copy_len = info->len; li.u.ulog.group = info->group; li.u.ulog.qthreshold = info->threshold; + li.u.ulog.flags = 0; if (info->flags & XT_NFLOG_F_COPY_LEN) li.u.ulog.flags |= NF_LOG_F_COPY_LEN; -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html