-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net 1) Use kfree_rcu(ptr, rcu) variant, using kfree_rcu(ptr) was not intentional. From Eric Dumazet. 2) Use-after-free in netfilter hook core, from Eric Dumazet. 3) Missing rcu read lock side for netfilter egress hook, from Florian Westphal. 4) nf_queue assume state->sk is full socket while it might not be. Invoke sock_gen_put(), from Florian Westphal. 5) Add selftest to exercise the reported KASAN splat in 4) 6) Fix possible use-after-free in nf_queue in case sk_refcnt is 0. Also from Florian. 7) Use input interface index only for hardware offload, not for the software plane. This breaks tc ct action. Patch from Paul Blakey. * git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: net/sched: act_ct: Fix flow table lookup failure with no originating ifindex netfilter: nf_queue: handle socket prefetch netfilter: nf_queue: fix possible use-after-free selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test netfilter: nf_queue: don't assume sk is full socket netfilter: egress: silence egress hook lockdep splats netfilter: fix use-after-free in __nf_register_net_hook() netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant ==================== Link: https://lore.kernel.org/r/20220301215337.378405-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
- Loading branch information
Showing
13 changed files
with
226 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
# SPDX-License-Identifier: GPL-2.0-only | ||
nf-queue | ||
connect_close |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
// SPDX-License-Identifier: GPL-2.0 | ||
|
||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <fcntl.h> | ||
#include <string.h> | ||
#include <unistd.h> | ||
#include <signal.h> | ||
|
||
#include <arpa/inet.h> | ||
#include <sys/socket.h> | ||
|
||
#define PORT 12345 | ||
#define RUNTIME 10 | ||
|
||
static struct { | ||
unsigned int timeout; | ||
unsigned int port; | ||
} opts = { | ||
.timeout = RUNTIME, | ||
.port = PORT, | ||
}; | ||
|
||
static void handler(int sig) | ||
{ | ||
_exit(sig == SIGALRM ? 0 : 1); | ||
} | ||
|
||
static void set_timeout(void) | ||
{ | ||
struct sigaction action = { | ||
.sa_handler = handler, | ||
}; | ||
|
||
sigaction(SIGALRM, &action, NULL); | ||
|
||
alarm(opts.timeout); | ||
} | ||
|
||
static void do_connect(const struct sockaddr_in *dst) | ||
{ | ||
int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); | ||
|
||
if (s >= 0) | ||
fcntl(s, F_SETFL, O_NONBLOCK); | ||
|
||
connect(s, (struct sockaddr *)dst, sizeof(*dst)); | ||
close(s); | ||
} | ||
|
||
static void do_accept(const struct sockaddr_in *src) | ||
{ | ||
int c, one = 1, s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); | ||
|
||
if (s < 0) | ||
return; | ||
|
||
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); | ||
setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)); | ||
|
||
bind(s, (struct sockaddr *)src, sizeof(*src)); | ||
|
||
listen(s, 16); | ||
|
||
c = accept(s, NULL, NULL); | ||
if (c >= 0) | ||
close(c); | ||
|
||
close(s); | ||
} | ||
|
||
static int accept_loop(void) | ||
{ | ||
struct sockaddr_in src = { | ||
.sin_family = AF_INET, | ||
.sin_port = htons(opts.port), | ||
}; | ||
|
||
inet_pton(AF_INET, "127.0.0.1", &src.sin_addr); | ||
|
||
set_timeout(); | ||
|
||
for (;;) | ||
do_accept(&src); | ||
|
||
return 1; | ||
} | ||
|
||
static int connect_loop(void) | ||
{ | ||
struct sockaddr_in dst = { | ||
.sin_family = AF_INET, | ||
.sin_port = htons(opts.port), | ||
}; | ||
|
||
inet_pton(AF_INET, "127.0.0.1", &dst.sin_addr); | ||
|
||
set_timeout(); | ||
|
||
for (;;) | ||
do_connect(&dst); | ||
|
||
return 1; | ||
} | ||
|
||
static void parse_opts(int argc, char **argv) | ||
{ | ||
int c; | ||
|
||
while ((c = getopt(argc, argv, "t:p:")) != -1) { | ||
switch (c) { | ||
case 't': | ||
opts.timeout = atoi(optarg); | ||
break; | ||
case 'p': | ||
opts.port = atoi(optarg); | ||
break; | ||
} | ||
} | ||
} | ||
|
||
int main(int argc, char *argv[]) | ||
{ | ||
pid_t p; | ||
|
||
parse_opts(argc, argv); | ||
|
||
p = fork(); | ||
if (p < 0) | ||
return 111; | ||
|
||
if (p > 0) | ||
return accept_loop(); | ||
|
||
return connect_loop(); | ||
} |
Oops, something went wrong.