linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Chris Wright <chrisw@sous-sol.org>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
	Zwane Mwaikambo <zwane@arm.linux.org.uk>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Randy Dunlap <rdunlap@xenotime.net>,
	Dave Jones <davej@redhat.com>,
	Chuck Wolber <chuckw@quantumlinux.com>,
	torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
	"David S. Miller" <davem@davemloft.net>,
	Bart De Schuymer <bdschuym@pandora.be>
Subject: [PATCH 11/17] [EBTABLES] Dont match tcp/udp source/destination port for IP fragments
Date: Thu, 12 Jan 2006 18:37:49 -0800	[thread overview]
Message-ID: <20060113032245.823423000@sorel.sous-sol.org> (raw)
In-Reply-To: 20060113032102.154909000@sorel.sous-sol.org

[-- Attachment #1: fix-bridge-netfilter-matching-ip-fragments.patch --]
[-- Type: text/plain, Size: 811 bytes --]

-stable review patch.  If anyone has any objections, please let us know.
------------------

---
 net/bridge/netfilter/ebt_ip.c |    3 +++
 1 file changed, 3 insertions(+)

--- linux-2.6.15.y.orig/net/bridge/netfilter/ebt_ip.c
+++ linux-2.6.15.y/net/bridge/netfilter/ebt_ip.c
@@ -15,6 +15,7 @@
 #include <linux/netfilter_bridge/ebtables.h>
 #include <linux/netfilter_bridge/ebt_ip.h>
 #include <linux/ip.h>
+#include <net/ip.h>
 #include <linux/in.h>
 #include <linux/module.h>
 
@@ -51,6 +52,8 @@ static int ebt_filter_ip(const struct sk
 		if (!(info->bitmask & EBT_IP_DPORT) &&
 		    !(info->bitmask & EBT_IP_SPORT))
 			return EBT_MATCH;
+		if (ntohs(ih->frag_off) & IP_OFFSET)
+			return EBT_NOMATCH;
 		pptr = skb_header_pointer(skb, ih->ihl*4,
 					  sizeof(_ports), &_ports);
 		if (pptr == NULL)

--

  parent reply	other threads:[~2006-01-13  3:20 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-13  2:37 [PATCH 00/17] -stable review Chris Wright
2006-01-13  2:37 ` [PATCH 01/17] BRIDGE: Fix faulty check in br_stp_recalculate_bridge_id() Chris Wright
2006-01-13 18:46   ` Ingo Oeser
2006-01-13 19:39     ` Chris Wright
2006-01-14 13:33       ` Ingo Oeser
2006-01-13  2:37 ` [PATCH 02/17] UFS: inode->i_sem is not released in error path Chris Wright
2006-01-13  2:37 ` [PATCH 03/17] [PATCH] skge: handle out of memory on ring changes Chris Wright
2006-01-13  2:37 ` [PATCH 04/17] [ATYFB]: Fix onboard video on SPARC Blade 100 for 2.6.{13,14,15} Chris Wright
2006-01-13  2:37 ` [PATCH 05/17] ppc32: Re-add embed_config.c to ml300/ep405 Chris Wright
2006-01-13  2:37 ` [PATCH 06/17] [PATCH] vgacon: fix doublescan mode Chris Wright
2006-01-13  2:37 ` [PATCH 07/17] [PATCH] fix workqueue oops during cpu offline Chris Wright
2006-01-13  2:37 ` [PATCH 08/17] [PATCH] netlink oops fix due to incorrect error code Chris Wright
2006-01-13  2:37 ` [PATCH 09/17] [NETFILTER]: Fix crash in ip_nat_pptp Chris Wright
2006-01-13  2:37 ` [PATCH 10/17] [NETFILTER]: Fix another " Chris Wright
2006-01-13  2:37 ` Chris Wright [this message]
2006-01-13  2:37 ` [PATCH 12/17] [SPARC64]: Fix ptrace/strace Chris Wright
2006-01-13  2:37 ` [PATCH 13/17] [SPARC64]: Fix sys_fstat64() entry in 64-bit syscall table Chris Wright
2006-01-13  2:37 ` [PATCH 14/17] [AF_NETLINK]: Fix DoS in netlink_rcv_skb() (CVE-2006-0035) Chris Wright
2006-01-13  2:37 ` [PATCH 15/17] [PATCH] moxa serial: add proper capability check Chris Wright
2006-01-13  9:00   ` Alan Cox
2006-01-13  2:37 ` [PATCH 16/17] " [PATCH] fix /sys/class/net/" <if>/wireless without dev->get_wireless_stats Chris Wright
2006-01-13  2:37 ` [PATCH 17/17] [PATCH] arch/sparc64/Kconfig: fix HUGETLB_PAGE_SIZE_64K dependencies Chris Wright
2006-01-13 15:15 ` Remove slashed from disk names when creation dev names in sysfs patch in stable? (was: Re: [PATCH 00/17] -stable review) Sander

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060113032245.823423000@sorel.sous-sol.org \
    --to=chrisw@sous-sol.org \
    --cc=akpm@osdl.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=bdschuym@pandora.be \
    --cc=chuckw@quantumlinux.com \
    --cc=davej@redhat.com \
    --cc=davem@davemloft.net \
    --cc=jmforbes@linuxtx.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rdunlap@xenotime.net \
    --cc=stable@kernel.org \
    --cc=torvalds@osdl.org \
    --cc=tytso@mit.edu \
    --cc=zwane@arm.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).