OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-kernel/net/ipv4/netfilter
History
Pablo Neira Ayuso cba85b532e netfilter: fix export secctx error handling 
In 1ae4de0cdf, the secctx was exported
via the /proc/net/netfilter/nf_conntrack and ctnetlink interfaces
instead of the secmark.

That patch introduced the use of security_secid_to_secctx() which may
return a non-zero value on error.

In one of my setups, I have NF_CONNTRACK_SECMARK enabled but no
security modules. Thus, security_secid_to_secctx() returns a negative
value that results in the breakage of the /proc and `conntrack -L'
outputs. To fix this, we skip the inclusion of secctx if the
aforementioned function fails.

This patch also fixes the dynamic netlink message size calculation
if security_secid_to_secctx() returns an error, since its logic is
also wrong.

This problem exists in Linux kernel >= 2.6.37.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2011-01-06 11:25:00 -08:00
..
Kconfig Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
Makefile Net: ipv4: netfilter: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:11 -08:00
arp_tables.c ipv4: netfilter: arp_tables: fix information leak to userland 2010-11-03 08:44:12 +01:00
arpt_mangle.c
arptable_filter.c
ip_queue.c
ip_tables.c ipv4: netfilter: ip_tables: fix information leak to userland 2010-11-03 08:45:06 +01:00
ipt_CLUSTERIP.c
ipt_ECN.c
ipt_LOG.c
ipt_MASQUERADE.c
ipt_NETMAP.c
ipt_REDIRECT.c
ipt_REJECT.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
ipt_ULOG.c
ipt_addrtype.c
ipt_ah.c
ipt_ecn.c
iptable_filter.c
iptable_mangle.c
iptable_raw.c
iptable_security.c
nf_conntrack_l3proto_ipv4.c
nf_conntrack_l3proto_ipv4_compat.c netfilter: fix export secctx error handling 2011-01-06 11:25:00 -08:00
nf_conntrack_proto_icmp.c
nf_defrag_ipv4.c
nf_nat_amanda.c
nf_nat_core.c netfilter: nf_nat: fix compiler warning with CONFIG_NF_CT_NETLINK=n 2010-10-29 16:28:07 +02:00
nf_nat_ftp.c
nf_nat_h323.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_pptp.c
nf_nat_proto_common.c
nf_nat_proto_dccp.c
nf_nat_proto_gre.c
nf_nat_proto_icmp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_rule.c
nf_nat_sip.c
nf_nat_snmp_basic.c
nf_nat_standalone.c
nf_nat_tftp.c