Commit 794e6871 authored by Patrick McHardy's avatar Patrick McHardy

netfilter: ctnetlink: only assign helpers for matching protocols

Make sure not to assign a helper for a different network or transport
layer protocol to a connection.

Additionally change expectation deletion by helper to compare the name
directly - there might be multiple helper registrations using the same
name, currently one of them is chosen in an unpredictable manner and
only those expectations are removed.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 2eff25c1
...@@ -40,7 +40,7 @@ struct nf_conntrack_helper { ...@@ -40,7 +40,7 @@ struct nf_conntrack_helper {
}; };
extern struct nf_conntrack_helper * extern struct nf_conntrack_helper *
__nf_conntrack_helper_find_byname(const char *name); __nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum);
extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); extern int nf_conntrack_helper_register(struct nf_conntrack_helper *);
extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);
......
...@@ -65,7 +65,7 @@ __nf_ct_helper_find(const struct nf_conntrack_tuple *tuple) ...@@ -65,7 +65,7 @@ __nf_ct_helper_find(const struct nf_conntrack_tuple *tuple)
} }
struct nf_conntrack_helper * struct nf_conntrack_helper *
__nf_conntrack_helper_find_byname(const char *name) __nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum)
{ {
struct nf_conntrack_helper *h; struct nf_conntrack_helper *h;
struct hlist_node *n; struct hlist_node *n;
...@@ -73,13 +73,15 @@ __nf_conntrack_helper_find_byname(const char *name) ...@@ -73,13 +73,15 @@ __nf_conntrack_helper_find_byname(const char *name)
for (i = 0; i < nf_ct_helper_hsize; i++) { for (i = 0; i < nf_ct_helper_hsize; i++) {
hlist_for_each_entry_rcu(h, n, &nf_ct_helper_hash[i], hnode) { hlist_for_each_entry_rcu(h, n, &nf_ct_helper_hash[i], hnode) {
if (!strcmp(h->name, name)) if (!strcmp(h->name, name) &&
h->tuple.src.l3num == l3num &&
h->tuple.dst.protonum == protonum)
return h; return h;
} }
} }
return NULL; return NULL;
} }
EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find_byname); EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find);
struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp) struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp)
{ {
......
...@@ -1001,7 +1001,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[]) ...@@ -1001,7 +1001,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
return 0; return 0;
} }
helper = __nf_conntrack_helper_find_byname(helpname); helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
nf_ct_protonum(ct));
if (helper == NULL) { if (helper == NULL) {
#ifdef CONFIG_MODULES #ifdef CONFIG_MODULES
spin_unlock_bh(&nf_conntrack_lock); spin_unlock_bh(&nf_conntrack_lock);
...@@ -1012,7 +1013,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[]) ...@@ -1012,7 +1013,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
} }
spin_lock_bh(&nf_conntrack_lock); spin_lock_bh(&nf_conntrack_lock);
helper = __nf_conntrack_helper_find_byname(helpname); helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
nf_ct_protonum(ct));
if (helper) if (helper)
return -EAGAIN; return -EAGAIN;
#endif #endif
...@@ -1211,7 +1213,8 @@ ctnetlink_create_conntrack(struct net *net, ...@@ -1211,7 +1213,8 @@ ctnetlink_create_conntrack(struct net *net,
if (err < 0) if (err < 0)
goto err2; goto err2;
helper = __nf_conntrack_helper_find_byname(helpname); helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
nf_ct_protonum(ct));
if (helper == NULL) { if (helper == NULL) {
rcu_read_unlock(); rcu_read_unlock();
#ifdef CONFIG_MODULES #ifdef CONFIG_MODULES
...@@ -1221,7 +1224,9 @@ ctnetlink_create_conntrack(struct net *net, ...@@ -1221,7 +1224,9 @@ ctnetlink_create_conntrack(struct net *net,
} }
rcu_read_lock(); rcu_read_lock();
helper = __nf_conntrack_helper_find_byname(helpname); helper = __nf_conntrack_helper_find(helpname,
nf_ct_l3num(ct),
nf_ct_protonum(ct));
if (helper) { if (helper) {
err = -EAGAIN; err = -EAGAIN;
goto err2; goto err2;
...@@ -1714,7 +1719,6 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, ...@@ -1714,7 +1719,6 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
struct net *net = sock_net(ctnl); struct net *net = sock_net(ctnl);
struct nf_conntrack_expect *exp; struct nf_conntrack_expect *exp;
struct nf_conntrack_tuple tuple; struct nf_conntrack_tuple tuple;
struct nf_conntrack_helper *h;
struct nfgenmsg *nfmsg = nlmsg_data(nlh); struct nfgenmsg *nfmsg = nlmsg_data(nlh);
struct hlist_node *n, *next; struct hlist_node *n, *next;
u_int8_t u3 = nfmsg->nfgen_family; u_int8_t u3 = nfmsg->nfgen_family;
...@@ -1751,18 +1755,13 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, ...@@ -1751,18 +1755,13 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
/* delete all expectations for this helper */ /* delete all expectations for this helper */
spin_lock_bh(&nf_conntrack_lock); spin_lock_bh(&nf_conntrack_lock);
h = __nf_conntrack_helper_find_byname(name);
if (!h) {
spin_unlock_bh(&nf_conntrack_lock);
return -EOPNOTSUPP;
}
for (i = 0; i < nf_ct_expect_hsize; i++) { for (i = 0; i < nf_ct_expect_hsize; i++) {
hlist_for_each_entry_safe(exp, n, next, hlist_for_each_entry_safe(exp, n, next,
&net->ct.expect_hash[i], &net->ct.expect_hash[i],
hnode) { hnode) {
m_help = nfct_help(exp->master); m_help = nfct_help(exp->master);
if (m_help->helper == h if (!strcmp(m_help->helper->name, name) &&
&& del_timer(&exp->timeout)) { del_timer(&exp->timeout)) {
nf_ct_unlink_expect(exp); nf_ct_unlink_expect(exp);
nf_ct_expect_put(exp); nf_ct_expect_put(exp);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment