1. 04 Jan, 2010 1 commit
  2. 22 Dec, 2009 1 commit
  3. 15 Dec, 2009 3 commits
    • Simon Horman's avatar
      ipvs: zero usvc and udest · 258c8893
      Simon Horman authored
      Make sure that any otherwise uninitialised fields of usvc are zero.
      
      This has been obvserved to cause a problem whereby the port of
      fwmark services may end up as a non-zero value which causes
      scheduling of a destination server to fail for persisitent services.
      
      As observed by Deon van der Merwe <dvdm@truteq.co.za>.
      This fix suggested by Julian Anastasov <ja@ssi.bg>.
      
      For good measure also zero udest.
      
      Cc: Deon van der Merwe <dvdm@truteq.co.za>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Cc: stable@kernel.org
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      258c8893
    • Patrick McHardy's avatar
      netfilter: fix crashes in bridge netfilter caused by fragment jumps · 8fa9ff68
      Patrick McHardy authored
      When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
      and a reassembly queue with the same fragment key already exists from
      reassembling a similar packet received on a different device (f.i. with
      multicasted fragments), the reassembled packet might continue on a different
      codepath than where the head fragment originated. This can cause crashes
      in bridge netfilter when a fragment received on a non-bridge device (and
      thus with skb->nf_bridge == NULL) continues through the bridge netfilter
      code.
      
      Add a new reassembly identifier for packets originating from bridge
      netfilter and use it to put those packets in insolated queues.
      
      Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805Reported-and-Tested-by: default avatarChong Qiao <qiaochong@loongson.cn>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      8fa9ff68
    • Patrick McHardy's avatar
      ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery · 0b5ccb2e
      Patrick McHardy authored
      Currently the same reassembly queue might be used for packets reassembled
      by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
      as well as local delivery. This can cause "packet jumps" when the fragment
      completing a reassembled packet is queued from a different position in the
      stack than the previous ones.
      
      Add a "user" identifier to the reassembly queue key to seperate the queues
      of each caller, similar to what we do for IPv4.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      0b5ccb2e
  4. 14 Dec, 2009 2 commits
  5. 11 Dec, 2009 33 commits