linux/net
Pablo Neira Ayuso 3d058d7bc2 netfilter: rework user-space expectation helper support
This partially reworks bc01befdcf
which added userspace expectation support.

This patch removes the nf_ct_userspace_expect_list since now we
force to use the new iptables CT target feature to add the helper
extension for conntracks that have attached expectations from
userspace.

A new version of the proof-of-concept code to implement userspace
helpers from userspace is available at:

http://people.netfilter.org/pablo/userspace-conntrack-helpers/nf-ftp-helper-POC.tar.bz2

This patch also modifies the CT target to allow to set the
conntrack's userspace helper status flags. This flag is used
to tell the conntrack system to explicitly allocate the helper
extension.

This helper extension is useful to link the userspace expectations
with the master conntrack that is being tracked from one userspace
helper.

This feature fixes a problem in the current approach of the
userspace helper support. Basically, if the master conntrack that
has got a userspace expectation vanishes, the expectations point to
one invalid memory address. Thus, triggering an oops in the
expectation deletion event path.

I decided not to add a new revision of the CT target because
I only needed to add a new flag for it. I'll document in this
issue in the iptables manpage. I have also changed the return
value from EINVAL to EOPNOTSUPP if one flag not supported is
specified. Thus, in the future adding new features that only
require a new flag can be added without a new revision.

There is no official code using this in userspace (apart from
the proof-of-concept) that uses this infrastructure but there
will be some by beginning 2012.

Reported-by: Sam Roberts <vieuxtech@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-12-23 14:36:39 +01:00
..
9p net/9p: Convert net/9p protocol dumps to tracepoints 2011-10-24 11:13:12 -05:00
802 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
8021q vlan: Move vlan_set_encap_proto() to vlan header file 2011-12-03 09:35:09 -08:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm atm: clip: Remove code commented out since eternity. 2011-12-02 14:27:11 -05:00
ax25 NET: AX.25: Check ioctl arguments to avoid overflows further down the road. 2011-11-29 00:23:12 -05:00
batman-adv batman-adv: Fix range check for expected packets 2011-11-20 13:08:35 +01:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2011-11-22 14:05:46 -05:00
bridge ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
caif caif: Remove unused enum and parameter in cfserl 2011-11-30 23:30:48 -05:00
can can: remove references to berlios mailinglist 2011-10-17 19:22:46 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2011-11-21 12:11:13 -08:00
core tcp: take care of misalignments 2011-12-04 13:20:39 -05:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp dccp: Fix compile warning in probe code. 2011-12-01 14:45:49 -05:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa dsa: Move switch drivers to new directory drivers/net/dsa 2011-11-29 00:21:36 -05:00
econet net: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:09 -05:00
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154 net: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:09 -05:00
ipv4 netfilter: add ipv4 reverse path filter match 2011-12-04 22:43:37 +01:00
ipv6 netfilter: add ipv6 reverse path filter match 2011-12-13 11:34:43 +01:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda irttp: Use kmemdup rather than duplicating its implementation 2011-11-21 15:02:17 -05:00
iucv net: more accurate skb truesize 2011-10-13 16:05:07 -04:00
key net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
l2tp l2tp: ensure sk->dst is still valid 2011-11-26 15:57:36 -05:00
lapb wan: make LAPB callbacks const 2011-09-16 19:20:20 -04:00
llc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
netfilter netfilter: rework user-space expectation helper support 2011-12-23 14:36:39 +01:00
netlabel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
netlink genetlink: Add lockdep_genl_is_held(). 2011-12-03 09:35:07 -08:00
netrom NET: NETROM: Fix formatting. 2011-11-29 00:23:13 -05:00
nfc Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2011-11-22 14:05:46 -05:00
openvswitch net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
packet packet: Add needed_tailroom to packet_sendmsg_spkt 2011-11-18 14:37:10 -05:00
phonet Phonet: set the pipe handle using setsockopt 2011-11-18 14:37:40 -05:00
rds rds: drop "select LLIST" 2011-11-14 00:10:50 -05:00
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2011-11-22 14:05:46 -05:00
rose net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rxrpc RxRPC: Use kmemdup rather than duplicating its implementation 2011-11-21 15:02:36 -05:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
tipc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
unix AF_UNIX: Fix poll blocking problem when reading from a stream socket 2011-11-26 16:34:22 -05:00
wanrouter wanrouter: Remove kernel_lock annotations 2011-11-07 13:27:30 -05:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
x25 Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-11-26 14:47:03 -05:00
compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
nonet.c
socket.c net: add network priority cgroup infrastructure (v4) 2011-11-22 15:22:23 -05:00
sysctl_net.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00