This is a note to let you know that I've just added the patch titled
netfilter: nf_ct_helper: don't discard helper if it is actually the same
to the 3.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch
and it can be found in the queue-3.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 6e2f0aa8cf8892868bf2c19349cb5d7c407f690d Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@xxxxxxxxx>
Date: Tue, 12 Feb 2013 05:59:53 +0000
Subject: netfilter: nf_ct_helper: don't discard helper if it is actually the same
From: Florian Westphal <fw@xxxxxxxxx>
commit 6e2f0aa8cf8892868bf2c19349cb5d7c407f690d upstream.
commit (32f5376 netfilter: nf_ct_helper: disable automatic helper
re-assignment of different type) broke transparent proxy scenarios.
For example, initial helper lookup might yield "ftp" (dport 21),
while re-lookup after REDIRECT yields "ftp-2121".
This causes the autoassign code to toss the ftp helper, even
though these are just different instances of the same helper.
Change the test to check for the helper function address instead
of the helper address, as suggested by Pablo.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netfilter/nf_conntrack_helper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -236,7 +236,9 @@ int __nf_ct_try_assign_helper(struct nf_
/* We only allow helper re-assignment of the same sort since
* we cannot reallocate the helper extension area.
*/
- if (help->helper != helper) {
+ struct nf_conntrack_helper *tmp = rcu_dereference(help->helper);
+
+ if (tmp && tmp->help != helper->help) {
RCU_INIT_POINTER(help->helper, NULL);
goto out;
}
Patches currently in stable-queue which might be from fw@xxxxxxxxx are
queue-3.8/netfilter-ctnetlink-don-t-permit-ct-creation-with-random-tuple.patch
queue-3.8/netfilter-xt_rpfilter-skip-locally-generated-broadcast-multicast-too.patch
queue-3.8/netfilter-nf_nat-fix-race-when-unloading-protocol-modules.patch
queue-3.8/netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html