All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/1] netfilter: nf_ct_helper: don't discard helper if it is actually the same
@ 2013-02-12 15:59 Florian Westphal
  2013-02-12 22:36 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2013-02-12 15:59 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Florian Westphal

commit 32f5376003920a8bc1bd97c6cddcf42df0b6a833
(netfilter: nf_ct_helper: disable automatic helper re-assignment of different type)
breaks transparent proxy scenarios.

For example, initial helper lookup might yield "ftp" (dport 21),
while re-lookup after REDIRECT yields "ftp-2121".

This causes the autoassign code to toss the ftp helper, even
though these are just different instances of the same.

Change the test to check for the helper function address instead
of the helper address, as suggested by Pablo.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/nf_conntrack_helper.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 884f2b3..6357441 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -236,7 +236,8 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
 		/* We only allow helper re-assignment of the same sort since
 		 * we cannot reallocate the helper extension area.
 		 */
-		if (help->helper != helper) {
+		struct nf_conntrack_helper *tmp = rcu_dereference(help->helper);
+		if (tmp && tmp->help != helper->help) {
 			RCU_INIT_POINTER(help->helper, NULL);
 			goto out;
 		}
-- 
1.7.8.6


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] netfilter: nf_ct_helper: don't discard helper if it is actually the same
  2013-02-12 15:59 [PATCH 1/1] netfilter: nf_ct_helper: don't discard helper if it is actually the same Florian Westphal
@ 2013-02-12 22:36 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2013-02-12 22:36 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netfilter-devel

On Tue, Feb 12, 2013 at 04:59:53PM +0100, Florian Westphal wrote:
> commit 32f5376003920a8bc1bd97c6cddcf42df0b6a833
> (netfilter: nf_ct_helper: disable automatic helper re-assignment of different type)
> breaks transparent proxy scenarios.
> 
> For example, initial helper lookup might yield "ftp" (dport 21),
> while re-lookup after REDIRECT yields "ftp-2121".
> 
> This causes the autoassign code to toss the ftp helper, even
> though these are just different instances of the same.
> 
> Change the test to check for the helper function address instead
> of the helper address, as suggested by Pablo.

Also applied this one, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-02-12 22:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-12 15:59 [PATCH 1/1] netfilter: nf_ct_helper: don't discard helper if it is actually the same Florian Westphal
2013-02-12 22:36 ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.