lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 05 Jun 2018 14:13:47 +0200
From:   Paolo Abeni <pabeni@...hat.com>
To:     Arnd Bergmann <arnd@...db.de>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Cc:     Máté Eckl <ecklm94@...il.com>,
        Willem de Bruijn <willemb@...gle.com>,
        Eric Dumazet <edumazet@...gle.com>,
        David Ahern <dsahern@...il.com>,
        Martin KaFai Lau <kafai@...com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] netfilter: provide udp*_lib_lookup for nf_tproxy

On Tue, 2018-06-05 at 13:40 +0200, Arnd Bergmann wrote:
> It is now possible to enable the libified nf_tproxy modules without
> also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the
> ifdef logic in the udp core code:
> 
> net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6':
> nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup'
> net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4':
> nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup'
> 
> We can actually simplify the conditions now to provide the two functions
> exactly when they are needed.
> 
> Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  net/ipv4/udp.c | 4 +---
>  net/ipv6/udp.c | 4 +---
>  2 files changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index 4f16e5d71875..3365362cac88 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -544,9 +544,7 @@ EXPORT_SYMBOL_GPL(udp4_lib_lookup_skb);
>  /* Must be called under rcu_read_lock().
>   * Does increment socket refcount.
>   */
> -#if IS_ENABLED(CONFIG_NETFILTER_XT_MATCH_SOCKET) || \
> -    IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) || \
> -    IS_ENABLED(CONFIG_NF_SOCKET_IPV4)
> +#if IS_ENABLED(CONFIG_NF_TPROXY_IPV4) || IS_ENABLED(CONFIG_NF_SOCKET_IPV4)
>  struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport,
>  			     __be32 daddr, __be16 dport, int dif)
>  {
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index 967acff95bbe..164afd31aebf 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -285,9 +285,7 @@ EXPORT_SYMBOL_GPL(udp6_lib_lookup_skb);
>  /* Must be called under rcu_read_lock().
>   * Does increment socket refcount.
>   */
> -#if IS_ENABLED(CONFIG_NETFILTER_XT_MATCH_SOCKET) || \
> -    IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) || \
> -    IS_ENABLED(CONFIG_NF_SOCKET_IPV6)
> +#if IS_ENABLED(CONFIG_NF_TPROXY_IPV6) || IS_ENABLED(CONFIG_NF_SOCKET_IPV6)
>  struct sock *udp6_lib_lookup(struct net *net, const struct in6_addr *saddr, __be16 sport,
>  			     const struct in6_addr *daddr, __be16 dport, int dif)
>  {

LGTM,

Acked-by: Paolo Abeni <pabeni@...hat.com>

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ