Commit 6d19375b authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso

netfilter: xt_NFLOG: fix unexpected truncated packet

Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".

Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.

Fixes: 7643507f ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
Reported-by: default avatarJustin Piszcz <jpiszcz@lucidpixels.com>
Reported-by: default avatarChris Caputo <ccaputo@alt.net>
Tested-by: default avatarChris Caputo <ccaputo@alt.net>
Signed-off-by: default avatarLiping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 4f76de5f
......@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
li.u.ulog.copy_len = info->len;
li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold;
li.u.ulog.flags = 0;
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment