| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 May 2020 11:45:44 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: netfilter-devel@...r.kernel.org, davem@...emloft.net,
netdev@...r.kernel.org
Subject: Re: [PATCH 4/5] netfilter: conntrack: make conntrack userspace
helpers work again
On Mon, 25 May 2020 23:54:19 +0200 Pablo Neira Ayuso wrote:
> +/* This packet is coming from userspace via nf_queue, complete the packet
> + * processing after the helper invocation in nf_confirm().
> + */
> +static int nf_confirm_cthelper(struct sk_buff *skb, struct nf_conn *ct,
> + enum ip_conntrack_info ctinfo)
> +{
> + const struct nf_conntrack_helper *helper;
> + const struct nf_conn_help *help;
> + unsigned int protoff;
> +
> + help = nfct_help(ct);
> + if (!help)
> + return 0;
> +
> + helper = rcu_dereference(help->helper);
> + if (!(helper->flags & NF_CT_HELPER_F_USERSPACE))
> + return 0;
> +
> + switch (nf_ct_l3num(ct)) {
> + case NFPROTO_IPV4:
> + protoff = skb_network_offset(skb) + ip_hdrlen(skb);
> + break;
> +#if IS_ENABLED(CONFIG_IPV6)
> + case NFPROTO_IPV6: {
> + __be16 frag_off;
> + u8 pnum;
> +
> + pnum = ipv6_hdr(skb)->nexthdr;
> + protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &pnum,
> + &frag_off);
> + if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
> + return 0;
> + break;
> + }
net/netfilter/nf_conntrack_core.c: In function nf_confirm_cthelper:
net/netfilter/nf_conntrack_core.c:2117:15: warning: comparison of unsigned expression in < 0 is always false [-Wtype-limits]
2117 | if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
| ^
Powered by blists - more mailing lists