This is a note to let you know that I've just added the patch titled
netfilter: nf_log: account for size of NLMSG_DONE attribute
to the 3.17-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch
and it can be found in the queue-3.17 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Mon Sep 17 00:00:00 2001
From: Florian Westphal <[email protected]>
Date: Thu, 23 Oct 2014 10:36:06 +0200
Subject: netfilter: nf_log: account for size of NLMSG_DONE attribute
From: Florian Westphal <[email protected]>
commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a upstream.
We currently neither account for the nlattr size, nor do we consider
the size of the trailing NLMSG_DONE when allocating nlmsg skb.
This can result in nflog to stop working, as __nfulnl_send() re-tries
sending forever if it failed to append NLMSG_DONE (which will never
work if buffer is not large enough).
Reported-by: Houcheng Lin <[email protected]>
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/netfilter/nfnetlink_log.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -649,7 +649,8 @@ nfulnl_log_packet(struct net *net,
+ nla_total_size(sizeof(u_int32_t)) /* gid */
+ nla_total_size(plen) /* prefix */
+ nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
- + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));
+ + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp))
+ + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */
if (in && skb_mac_header_was_set(skb)) {
size += nla_total_size(skb->dev->hard_header_len)
@@ -692,8 +693,7 @@ nfulnl_log_packet(struct net *net,
goto unlock_and_release;
}
- if (inst->skb &&
- size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) {
+ if (inst->skb && size > skb_tailroom(inst->skb)) {
/* either the queue len is too high or we don't have
* enough room in the skb left. flush to userspace. */
__nfulnl_flush(inst);
Patches currently in stable-queue which might be from [email protected] are
queue-3.17/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch
queue-3.17/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch
queue-3.17/inet-frags-fix-a-race-between-inet_evict_bucket-and-inet_frag_kill.patch
queue-3.17/inet-frags-remove-the-warn_on-from-inet_evict_bucket.patch
queue-3.17/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
