From: Valentina Giusti <valentina.giusti@xxxxxxxxxxxx>
Since (41063e9 ipv4: Early TCP socket demux), we can apply the owner
extension on the INPUT chain and match established TCP sockets.
However, because of the same commit, we can have skb->sk pointing to a
timewait socket, in which case accessing skb->sk->sk_socket is invalid.
Signed-off-by: Valentina Giusti <valentina.giusti@xxxxxxxxxxxx>
Cc: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Cc: Patrick McHardy <kaber@xxxxxxxxx>
Cc: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
---
net/netfilter/xt_owner.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
index ca2e577..df03cac 100644
--- a/net/netfilter/xt_owner.c
+++ b/net/netfilter/xt_owner.c
@@ -16,6 +16,7 @@
#include <net/sock.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_owner.h>
+#include <net/tcp_states.h>
static int owner_check(const struct xt_mtchk_param *par)
{
@@ -34,7 +35,8 @@ owner_mt(const struct sk_buff *skb, struct xt_action_param *par)
const struct xt_owner_match_info *info = par->matchinfo;
const struct file *filp;
- if (skb->sk == NULL || skb->sk->sk_socket == NULL)
+ if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT ||
+ skb->sk->sk_socket == NULL)
return (info->match ^ info->invert) == 0;
else if (info->match & info->invert & XT_OWNER_SOCKET)
/*
@@ -76,7 +78,8 @@ static struct xt_match owner_mt_reg __read_mostly = {
.checkentry = owner_check,
.match = owner_mt,
.matchsize = sizeof(struct xt_owner_match_info),
- .hooks = (1 << NF_INET_LOCAL_OUT) |
+ .hooks = (1 << NF_INET_LOCAL_IN) |
+ (1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_POST_ROUTING),
.me = THIS_MODULE,
};
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
