* [PATCH] netfilter: ipt_SYNPROXY: fix sending window update to client @ 2015-07-27 22:53 Phil Sutter 2015-08-04 17:53 ` Pablo Neira Ayuso 0 siblings, 1 reply; 11+ messages in thread From: Phil Sutter @ 2015-07-27 22:53 UTC (permalink / raw) To: pablo; +Cc: netdev Upon receipt of SYNACK from the server, ipt_SYNPROXY first sends back an ACK to finish the server handshake, then calls nf_ct_seqadj_init() to initiate sequence number adjustment of forwarded packets to the client and finally sends a window update to the client to unblock it's TX queue. Since synproxy_send_client_ack() does not set synproxy_send_tcp()'s nfct parameter, no sequence number adjustment happens and the client receives the window update with incorrect sequence number. Depending on client TCP implementation, this leads to a significant delay (until a window probe is being sent). Signed-off-by: Phil Sutter <phil@nwl.cc> --- net/ipv4/netfilter/ipt_SYNPROXY.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c index fe8cc18..95ea633e 100644 --- a/net/ipv4/netfilter/ipt_SYNPROXY.c +++ b/net/ipv4/netfilter/ipt_SYNPROXY.c @@ -226,7 +226,8 @@ synproxy_send_client_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); + synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, + niph, nth, tcp_hdr_size); } static bool -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH] netfilter: ipt_SYNPROXY: fix sending window update to client 2015-07-27 22:53 [PATCH] netfilter: ipt_SYNPROXY: fix sending window update to client Phil Sutter @ 2015-08-04 17:53 ` Pablo Neira Ayuso 2015-08-06 12:34 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Phil Sutter 0 siblings, 1 reply; 11+ messages in thread From: Pablo Neira Ayuso @ 2015-08-04 17:53 UTC (permalink / raw) To: Phil Sutter; +Cc: netdev, netfilter-devel On Tue, Jul 28, 2015 at 12:53:26AM +0200, Phil Sutter wrote: > Upon receipt of SYNACK from the server, ipt_SYNPROXY first sends back an ACK to > finish the server handshake, then calls nf_ct_seqadj_init() to initiate > sequence number adjustment of forwarded packets to the client and finally sends > a window update to the client to unblock it's TX queue. > > Since synproxy_send_client_ack() does not set synproxy_send_tcp()'s nfct > parameter, no sequence number adjustment happens and the client receives the > window update with incorrect sequence number. Depending on client TCP > implementation, this leads to a significant delay (until a window probe is > being sent). Could you also fix the IPv6 side to get both codes in sync? Thanks. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference 2015-08-04 17:53 ` Pablo Neira Ayuso @ 2015-08-06 12:34 ` Phil Sutter 2015-08-06 12:34 ` [PATCH 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter 2015-08-08 15:57 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy 0 siblings, 2 replies; 11+ messages in thread From: Phil Sutter @ 2015-08-06 12:34 UTC (permalink / raw) To: pablo; +Cc: netdev, Patrick McHardy, netfilter-devel This happens when networking namespaces are enabled. Suggested-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Phil Sutter <phil@nwl.cc> --- net/ipv6/netfilter/ip6t_SYNPROXY.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index 6edb7b1..f5af323 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -40,9 +40,9 @@ static void synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb, struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo, struct ipv6hdr *niph, struct tcphdr *nth, - unsigned int tcp_hdr_size) + unsigned int tcp_hdr_size, struct synproxy_net *snet) { - struct net *net = nf_ct_net((struct nf_conn *)nfct); + struct net *net = nf_ct_net(snet->tmpl); struct dst_entry *dst; struct flowi6 fl6; @@ -84,7 +84,8 @@ free_nskb: static void synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th, - const struct synproxy_options *opts) + const struct synproxy_options *opts, + struct synproxy_net *snet) { struct sk_buff *nskb; struct ipv6hdr *iph, *niph; @@ -120,7 +121,7 @@ synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th, synproxy_build_options(nth, opts); synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, - niph, nth, tcp_hdr_size); + niph, nth, tcp_hdr_size, snet); } static void @@ -164,7 +165,7 @@ synproxy_send_server_syn(const struct synproxy_net *snet, synproxy_build_options(nth, opts); synproxy_send_tcp(skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW, - niph, nth, tcp_hdr_size); + niph, nth, tcp_hdr_size, snet); } static void @@ -203,7 +204,7 @@ synproxy_send_server_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); + synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size, snet); } static void @@ -241,7 +242,7 @@ synproxy_send_client_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); + synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size, snet); } static bool @@ -301,7 +302,7 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) XT_SYNPROXY_OPT_SACK_PERM | XT_SYNPROXY_OPT_ECN); - synproxy_send_client_synack(skb, th, &opts); + synproxy_send_client_synack(skb, th, &opts, snet); return NF_DROP; } else if (th->ack && !(th->fin || th->rst || th->syn)) { -- 2.1.2 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client 2015-08-06 12:34 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Phil Sutter @ 2015-08-06 12:34 ` Phil Sutter 2015-08-08 15:57 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy 1 sibling, 0 replies; 11+ messages in thread From: Phil Sutter @ 2015-08-06 12:34 UTC (permalink / raw) To: pablo; +Cc: netdev, Patrick McHardy, netfilter-devel This is the identical fix as "netfilter: ipt_SYNPROXY: fix sending window update to client" but for the IPv6 variant which obviously suffers from the same issue. Signed-off-by: Phil Sutter <phil@nwl.cc> --- net/ipv6/netfilter/ip6t_SYNPROXY.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index f5af323..ca30a04 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -242,7 +242,8 @@ synproxy_send_client_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size, snet); + synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, + niph, nth, tcp_hdr_size, snet); } static bool -- 2.1.2 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference 2015-08-06 12:34 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Phil Sutter 2015-08-06 12:34 ` [PATCH 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter @ 2015-08-08 15:57 ` Patrick McHardy 2015-08-09 11:14 ` [PATCH v2 " Phil Sutter 1 sibling, 1 reply; 11+ messages in thread From: Patrick McHardy @ 2015-08-08 15:57 UTC (permalink / raw) To: Phil Sutter; +Cc: pablo, netdev, netfilter-devel On 06.08, Phil Sutter wrote: > This happens when networking namespaces are enabled. Thanks, just one minor request: > synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb, > struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo, > struct ipv6hdr *niph, struct tcphdr *nth, > - unsigned int tcp_hdr_size) > + unsigned int tcp_hdr_size, struct synproxy_net *snet) Logically the synproxy_net pointer should come before all other arguments since its the container for a lot of the following arguments. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference 2015-08-08 15:57 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy @ 2015-08-09 11:14 ` Phil Sutter 2015-08-09 11:14 ` [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter 2015-08-10 7:57 ` [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy 0 siblings, 2 replies; 11+ messages in thread From: Phil Sutter @ 2015-08-09 11:14 UTC (permalink / raw) To: pablo; +Cc: netdev, Patrick McHardy, netfilter-devel This happens when networking namespaces are enabled. Suggested-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Phil Sutter <phil@nwl.cc> --- Changes since v1: - Moved snet param to first place. - Constify snet param. --- net/ipv6/netfilter/ip6t_SYNPROXY.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index 6edb7b1..bcebc24 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -37,12 +37,13 @@ synproxy_build_ip(struct sk_buff *skb, const struct in6_addr *saddr, } static void -synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb, +synproxy_send_tcp(const struct synproxy_net *snet, + const struct sk_buff *skb, struct sk_buff *nskb, struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo, struct ipv6hdr *niph, struct tcphdr *nth, unsigned int tcp_hdr_size) { - struct net *net = nf_ct_net((struct nf_conn *)nfct); + struct net *net = nf_ct_net(snet->tmpl); struct dst_entry *dst; struct flowi6 fl6; @@ -83,7 +84,8 @@ free_nskb: } static void -synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th, +synproxy_send_client_synack(const struct synproxy_net *snet, + const struct sk_buff *skb, const struct tcphdr *th, const struct synproxy_options *opts) { struct sk_buff *nskb; @@ -119,7 +121,7 @@ synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, + synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, niph, nth, tcp_hdr_size); } @@ -163,7 +165,7 @@ synproxy_send_server_syn(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW, + synproxy_send_tcp(snet, skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW, niph, nth, tcp_hdr_size); } @@ -203,7 +205,7 @@ synproxy_send_server_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); + synproxy_send_tcp(snet, skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); } static void @@ -241,7 +243,7 @@ synproxy_send_client_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); + synproxy_send_tcp(snet, skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); } static bool @@ -301,7 +303,7 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) XT_SYNPROXY_OPT_SACK_PERM | XT_SYNPROXY_OPT_ECN); - synproxy_send_client_synack(skb, th, &opts); + synproxy_send_client_synack(snet, skb, th, &opts); return NF_DROP; } else if (th->ack && !(th->fin || th->rst || th->syn)) { -- 2.1.2 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client 2015-08-09 11:14 ` [PATCH v2 " Phil Sutter @ 2015-08-09 11:14 ` Phil Sutter 2015-08-10 8:06 ` Patrick McHardy 2015-08-10 7:57 ` [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy 1 sibling, 1 reply; 11+ messages in thread From: Phil Sutter @ 2015-08-09 11:14 UTC (permalink / raw) To: pablo; +Cc: netdev, Patrick McHardy, netfilter-devel This is the identical fix as "netfilter: ipt_SYNPROXY: fix sending window update to client" but for the IPv6 variant which obviously suffers from the same issue. Signed-off-by: Phil Sutter <phil@nwl.cc> --- Changes since v1: - Adjust for v2 changes of first patch. --- net/ipv6/netfilter/ip6t_SYNPROXY.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index bcebc24..ebbb754 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -243,7 +243,8 @@ synproxy_send_client_ack(const struct synproxy_net *snet, synproxy_build_options(nth, opts); - synproxy_send_tcp(snet, skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); + synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, + niph, nth, tcp_hdr_size); } static bool -- 2.1.2 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client 2015-08-09 11:14 ` [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter @ 2015-08-10 8:06 ` Patrick McHardy 2015-08-10 11:58 ` Pablo Neira Ayuso 0 siblings, 1 reply; 11+ messages in thread From: Patrick McHardy @ 2015-08-10 8:06 UTC (permalink / raw) To: Phil Sutter; +Cc: pablo, netdev, netfilter-devel On 09.08, Phil Sutter wrote: > This is the identical fix as "netfilter: ipt_SYNPROXY: fix sending > window update to client" but for the IPv6 variant which obviously > suffers from the same issue. Looks fine to me. Acked-by: Patrick McHardy <kaber@trash.net> (Also for the IPv4 version, which for some reason I didn't receive) > > Signed-off-by: Phil Sutter <phil@nwl.cc> > --- > Changes since v1: > - Adjust for v2 changes of first patch. > --- > net/ipv6/netfilter/ip6t_SYNPROXY.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c > index bcebc24..ebbb754 100644 > --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c > +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c > @@ -243,7 +243,8 @@ synproxy_send_client_ack(const struct synproxy_net *snet, > > synproxy_build_options(nth, opts); > > - synproxy_send_tcp(snet, skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); > + synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, > + niph, nth, tcp_hdr_size); > } > > static bool > -- > 2.1.2 > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client 2015-08-10 8:06 ` Patrick McHardy @ 2015-08-10 11:58 ` Pablo Neira Ayuso 0 siblings, 0 replies; 11+ messages in thread From: Pablo Neira Ayuso @ 2015-08-10 11:58 UTC (permalink / raw) To: Patrick McHardy; +Cc: Phil Sutter, netdev, netfilter-devel On Mon, Aug 10, 2015 at 10:06:07AM +0200, Patrick McHardy wrote: > On 09.08, Phil Sutter wrote: > > This is the identical fix as "netfilter: ipt_SYNPROXY: fix sending > > window update to client" but for the IPv6 variant which obviously > > suffers from the same issue. > > Looks fine to me. > > Acked-by: Patrick McHardy <kaber@trash.net> Also applied, thanks. > (Also for the IPv4 version, which for some reason I didn't receive) I have collapsed the IPv4 chunk into this patch, the subject patch name is: netfilter: SYNPROXY: fix sending window update to client ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference 2015-08-09 11:14 ` [PATCH v2 " Phil Sutter 2015-08-09 11:14 ` [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter @ 2015-08-10 7:57 ` Patrick McHardy 2015-08-10 11:58 ` Pablo Neira Ayuso 1 sibling, 1 reply; 11+ messages in thread From: Patrick McHardy @ 2015-08-10 7:57 UTC (permalink / raw) To: Phil Sutter; +Cc: pablo, netdev, netfilter-devel On 09.08, Phil Sutter wrote: > This happens when networking namespaces are enabled. > > Suggested-by: Patrick McHardy <kaber@trash.net> > Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Patrick McHardy <kaber@trash.net> > --- > Changes since v1: > - Moved snet param to first place. > - Constify snet param. > --- > net/ipv6/netfilter/ip6t_SYNPROXY.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c > index 6edb7b1..bcebc24 100644 > --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c > +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c > @@ -37,12 +37,13 @@ synproxy_build_ip(struct sk_buff *skb, const struct in6_addr *saddr, > } > > static void > -synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb, > +synproxy_send_tcp(const struct synproxy_net *snet, > + const struct sk_buff *skb, struct sk_buff *nskb, > struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo, > struct ipv6hdr *niph, struct tcphdr *nth, > unsigned int tcp_hdr_size) > { > - struct net *net = nf_ct_net((struct nf_conn *)nfct); > + struct net *net = nf_ct_net(snet->tmpl); > struct dst_entry *dst; > struct flowi6 fl6; > > @@ -83,7 +84,8 @@ free_nskb: > } > > static void > -synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th, > +synproxy_send_client_synack(const struct synproxy_net *snet, > + const struct sk_buff *skb, const struct tcphdr *th, > const struct synproxy_options *opts) > { > struct sk_buff *nskb; > @@ -119,7 +121,7 @@ synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th, > > synproxy_build_options(nth, opts); > > - synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, > + synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY, > niph, nth, tcp_hdr_size); > } > > @@ -163,7 +165,7 @@ synproxy_send_server_syn(const struct synproxy_net *snet, > > synproxy_build_options(nth, opts); > > - synproxy_send_tcp(skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW, > + synproxy_send_tcp(snet, skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW, > niph, nth, tcp_hdr_size); > } > > @@ -203,7 +205,7 @@ synproxy_send_server_ack(const struct synproxy_net *snet, > > synproxy_build_options(nth, opts); > > - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); > + synproxy_send_tcp(snet, skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); > } > > static void > @@ -241,7 +243,7 @@ synproxy_send_client_ack(const struct synproxy_net *snet, > > synproxy_build_options(nth, opts); > > - synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); > + synproxy_send_tcp(snet, skb, nskb, NULL, 0, niph, nth, tcp_hdr_size); > } > > static bool > @@ -301,7 +303,7 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) > XT_SYNPROXY_OPT_SACK_PERM | > XT_SYNPROXY_OPT_ECN); > > - synproxy_send_client_synack(skb, th, &opts); > + synproxy_send_client_synack(snet, skb, th, &opts); > return NF_DROP; > > } else if (th->ack && !(th->fin || th->rst || th->syn)) { > -- > 2.1.2 > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference 2015-08-10 7:57 ` [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy @ 2015-08-10 11:58 ` Pablo Neira Ayuso 0 siblings, 0 replies; 11+ messages in thread From: Pablo Neira Ayuso @ 2015-08-10 11:58 UTC (permalink / raw) To: Patrick McHardy; +Cc: Phil Sutter, netdev, netfilter-devel On Mon, Aug 10, 2015 at 09:57:21AM +0200, Patrick McHardy wrote: > On 09.08, Phil Sutter wrote: > > This happens when networking namespaces are enabled. > > > > Suggested-by: Patrick McHardy <kaber@trash.net> > > Signed-off-by: Phil Sutter <phil@nwl.cc> > > Acked-by: Patrick McHardy <kaber@trash.net> Applied, thanks! ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2015-08-10 11:58 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-07-27 22:53 [PATCH] netfilter: ipt_SYNPROXY: fix sending window update to client Phil Sutter 2015-08-04 17:53 ` Pablo Neira Ayuso 2015-08-06 12:34 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Phil Sutter 2015-08-06 12:34 ` [PATCH 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter 2015-08-08 15:57 ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy 2015-08-09 11:14 ` [PATCH v2 " Phil Sutter 2015-08-09 11:14 ` [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter 2015-08-10 8:06 ` Patrick McHardy 2015-08-10 11:58 ` Pablo Neira Ayuso 2015-08-10 7:57 ` [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy 2015-08-10 11:58 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).