OpenSDV
/
original_kernel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
original_kernel/net/ipv4
History
Pablo Neira Ayuso cba85b532e netfilter: fix export secctx error handling 
In 1ae4de0cdf, the secctx was exported
via the /proc/net/netfilter/nf_conntrack and ctnetlink interfaces
instead of the secmark.

That patch introduced the use of security_secid_to_secctx() which may
return a non-zero value on error.

In one of my setups, I have NF_CONNTRACK_SECMARK enabled but no
security modules. Thus, security_secid_to_secctx() returns a negative
value that results in the breakage of the /proc and `conntrack -L'
outputs. To fix this, we skip the inclusion of secctx if the
aforementioned function fails.

This patch also fixes the dynamic netlink message size calculation
if security_secid_to_secctx() returns an error, since its logic is
also wrong.

This problem exists in Linux kernel >= 2.6.37.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2011-01-06 11:25:00 -08:00
..
netfilter netfilter: fix export secctx error handling 2011-01-06 11:25:00 -08:00
Kconfig
Makefile
af_inet.c
ah4.c
arp.c net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
cipso_ipv4.c
datagram.c
devinet.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
esp4.c xfrm: Traffic Flow Confidentiality for IPv4 ESP 2010-12-10 14:43:59 -08:00
fib_frontend.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
fib_hash.c
fib_lookup.h
fib_rules.c
fib_semantics.c
fib_trie.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
gre.c
icmp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-11-19 13:13:47 -08:00
igmp.c igmp: refine skb allocations 2010-11-18 11:02:23 -08:00
inet_connection_sock.c net: optimize INET input path further 2010-12-09 20:05:58 -08:00
inet_diag.c
inet_fragment.c
inet_hashtables.c inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners 2010-11-28 18:18:44 -08:00
inet_lro.c
inet_timewait_sock.c
inetpeer.c inetpeer: Kill use of inet_peer_address_t typedef. 2010-12-01 17:28:18 -08:00
ip_forward.c
ip_fragment.c ipv4: IP defragmentation must be ECN aware 2011-01-06 11:21:30 -08:00
ip_gre.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
ip_input.c
ip_options.c
ip_output.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
ip_sockglue.c
ipcomp.c
ipconfig.c net: add some KERN_CONT markers to continuation lines 2010-11-28 10:47:17 -08:00
ipip.c ipip: add module alias for tunl0 tunnel device 2010-12-01 12:53:23 -08:00
ipmr.c
netfilter.c
proc.c tcp: Replace time wait bucket msg by counter 2010-12-08 12:16:33 -08:00
protocol.c
raw.c
route.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-01-04 11:57:25 -08:00
syncookies.c
sysctl_net_ipv4.c net: add limits to ip_default_ttl 2010-12-13 12:16:14 -08:00
tcp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
tcp_bic.c
tcp_cong.c
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: cleanup of cwnd initialization in tcp_init_metrics() 2010-12-23 09:54:26 -08:00
tcp_ipv4.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
tcp_lp.c
tcp_minisocks.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
tcp_output.c TCP: increase default initial receive window. 2010-12-20 21:33:00 -08:00
tcp_probe.c net: ipv4: tcp_probe: cleanup snprintf() use 2010-11-17 12:27:46 -08:00
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
udp_impl.h
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
xfrm4_output.c
xfrm4_policy.c
xfrm4_state.c
xfrm4_tunnel.c