linux/net/ipv4/netfilter
Patrick McHardy 8fa9ff6849 netfilter: fix crashes in bridge netfilter caused by fragment jumps
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.

Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805

Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-12-15 16:59:59 +01:00
..
arp_tables.c
arpt_mangle.c
arptable_filter.c
ip_queue.c
ip_tables.c
ipt_addrtype.c
ipt_ah.c
ipt_CLUSTERIP.c
ipt_ecn.c
ipt_ECN.c
ipt_LOG.c
ipt_MASQUERADE.c
ipt_NETMAP.c
ipt_REDIRECT.c
ipt_REJECT.c
ipt_ULOG.c
iptable_filter.c
iptable_mangle.c
iptable_raw.c
iptable_security.c
Kconfig
Makefile
nf_conntrack_l3proto_ipv4_compat.c
nf_conntrack_l3proto_ipv4.c
nf_conntrack_proto_icmp.c
nf_defrag_ipv4.c
nf_nat_amanda.c
nf_nat_core.c
nf_nat_ftp.c
nf_nat_h323.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_pptp.c
nf_nat_proto_common.c
nf_nat_proto_dccp.c
nf_nat_proto_gre.c
nf_nat_proto_icmp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_rule.c
nf_nat_sip.c
nf_nat_snmp_basic.c
nf_nat_standalone.c
nf_nat_tftp.c