Pablo,
Can we get this patch approved? It is definitely needed for the 4.8.x
tree and 4.9-rcX and mainline.
Thanks,
Chris
On Tue, 11 Oct 2016, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
>
> Justin and Chris spotted that iptables NFLOG target was broken when they
> upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
> "results in segfaults in ulogd-2.0.5".
>
> Because "struct nf_loginfo li;" is a local variable, and flags will be
> filled with garbage value, not inited to zero. So if it contains 0x1,
> packets will not be logged to the userspace anymore.
>
> Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
> Reported-by: Justin Piszcz <jpiszcz@xxxxxxxxxxxxxxx>
> Reported-by: Chris Caputo <ccaputo@xxxxxxx>
> Tested-by: Chris Caputo <ccaputo@xxxxxxx>
> Signed-off-by: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
> ---
> net/netfilter/xt_NFLOG.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
> index 018eed7..8668a5c 100644
> --- a/net/netfilter/xt_NFLOG.c
> +++ b/net/netfilter/xt_NFLOG.c
> @@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
> li.u.ulog.copy_len = info->len;
> li.u.ulog.group = info->group;
> li.u.ulog.qthreshold = info->threshold;
> + li.u.ulog.flags = 0;
>
> if (info->flags & XT_NFLOG_F_COPY_LEN)
> li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
> --
> 2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
