14 May, 2020
1 commit
-
commit c165d57b552aaca607fa5daf3fb524a6efe3c5a3 upstream.
gcc-10 points out that a code path exists where a pointer to a stack
variable may be passed back to the caller:net/netfilter/nfnetlink_osf.c: In function 'nf_osf_hdr_ctx_init':
cc1: warning: function may return address of local variable [-Wreturn-local-addr]
net/netfilter/nfnetlink_osf.c:171:16: note: declared here
171 | struct tcphdr _tcph;
| ^~~~~I am not sure whether this can happen in practice, but moving the
variable declaration into the callers avoids the problem.Fixes: 31a9c29210e2 ("netfilter: nf_osf: add struct nf_osf_hdr_ctx")
Signed-off-by: Arnd Bergmann
Reviewed-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman
03 Jun, 2019
1 commit
-
Netfilter hooks are always running under rcu read lock, use
the new iterator macro so sparse won't complain once we add
proper __rcu annotations.Signed-off-by: Florian Westphal
Signed-off-by: David S. Miller
21 May, 2019
1 commit
-
Add SPDX license identifiers to all files which:
- Have no license information of any form
- Have MODULE_LICENCE("GPL*") inside which was used in the initial
scan/conversion to ignore the fileThese files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:GPL-2.0-only
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
09 Apr, 2019
1 commit
-
Add version option support to the nftables "osf" expression.
Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso
28 Jan, 2019
1 commit
-
When we check the tcp options of a packet and it doesn't match the current
fingerprint, the tcp packet option pointer must be restored to its initial
value in order to do the proper tcp options check for the next fingerprint.Here we can see an example.
Assumming the following fingerprint base with two lines:S10:64:1:60:M*,S,T,N,W6: Linux:3.0::Linux 3.0
S20:64:1:60:M*,S,T,N,W7: Linux:4.19:arch:Linux 4.1Where TCP options are the last field in the OS signature, all of them overlap
except by the last one, ie. 'W6' versus 'W7'.In case a packet for Linux 4.19 kicks in, the osf finds no matching because the
TCP options pointer is updated after checking for the TCP options in the first
line.Therefore, reset pointer back to where it should be.
Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match")
Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso
16 Oct, 2018
1 commit
-
Add ttl option support to the nftables "osf" expression.
Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso
09 Aug, 2018
1 commit
-
Fixes the following sparse warning:
net/netfilter/nfnetlink_osf.c:274:24: warning:
Using plain integer as NULL pointerSigned-off-by: Wei Yongjun
Signed-off-by: Pablo Neira Ayuso
04 Aug, 2018
1 commit
-
The first client of the nf_osf.h userspace header is nft_osf, coming in
this batch, rename it to nfnetlink_osf.h as there are no userspace
clients for this yet, hence this looks consistent with other nfnetlink
subsystem.Suggested-by: Jan Engelhardt
Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso
30 Jul, 2018
2 commits
-
Move nfnetlink osf subsystem from xt_osf.c to standalone module so we can
reuse it from the new nft_ost extension.Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso -
Rename nf_osf.c to nfnetlink_osf.c as we introduce nfnetlink_osf which is
the OSF infraestructure.Signed-off-by: Fernando Fernandez Mancera
Signed-off-by: Pablo Neira Ayuso