linux/net/ipv4
Pablo Neira Ayuso cba85b532e netfilter: fix export secctx error handling
In 1ae4de0cdf, the secctx was exported
via the /proc/net/netfilter/nf_conntrack and ctnetlink interfaces
instead of the secmark.

That patch introduced the use of security_secid_to_secctx() which may
return a non-zero value on error.

In one of my setups, I have NF_CONNTRACK_SECMARK enabled but no
security modules. Thus, security_secid_to_secctx() returns a negative
value that results in the breakage of the /proc and `conntrack -L'
outputs. To fix this, we skip the inclusion of secctx if the
aforementioned function fails.

This patch also fixes the dynamic netlink message size calculation
if security_secid_to_secctx() returns an error, since its logic is
also wrong.

This problem exists in Linux kernel >= 2.6.37.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-01-06 11:25:00 -08:00
..
netfilter netfilter: fix export secctx error handling 2011-01-06 11:25:00 -08:00
af_inet.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
ah4.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
arp.c net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
cipso_ipv4.c Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
datagram.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
devinet.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
esp4.c xfrm: Traffic Flow Confidentiality for IPv4 ESP 2010-12-10 14:43:59 -08:00
fib_frontend.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
fib_hash.c fib: Fix fib zone and its hash leak on namespace stop 2010-10-28 10:27:03 -07:00
fib_lookup.h fib: fib_result_assign() should not change fib refcounts 2010-11-04 12:05:32 -07:00
fib_rules.c fib: RCU conversion of fib_lookup() 2010-10-05 20:39:38 -07:00
fib_semantics.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
fib_trie.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
gre.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
icmp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-11-19 13:13:47 -08:00
igmp.c igmp: refine skb allocations 2010-11-18 11:02:23 -08:00
inet_connection_sock.c net: optimize INET input path further 2010-12-09 20:05:58 -08:00
inet_diag.c inet_diag: Make sure we actually run the same bytecode we audited. 2010-11-04 12:26:34 -07:00
inet_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_hashtables.c inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners 2010-11-28 18:18:44 -08:00
inet_lro.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
inet_timewait_sock.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
inetpeer.c inetpeer: Kill use of inet_peer_address_t typedef. 2010-12-01 17:28:18 -08:00
ip_forward.c net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
ip_fragment.c ipv4: IP defragmentation must be ECN aware 2011-01-06 11:21:30 -08:00
ip_gre.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
ip_input.c net: use this_cpu_ptr() 2010-06-28 23:24:29 -07:00
ip_options.c bridge : Sanitize skb before it enters the IP stack 2010-09-19 12:42:34 -07:00
ip_output.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
ip_sockglue.c ipv4: add __rcu annotations to ip_ra_chain 2010-10-25 14:18:28 -07:00
ipcomp.c xfrm: SA lookups signature with mark 2010-02-22 16:20:22 -08:00
ipconfig.c net: add some KERN_CONT markers to continuation lines 2010-11-28 10:47:17 -08:00
ipip.c ipip: add module alias for tunl0 tunnel device 2010-12-01 12:53:23 -08:00
ipmr.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
Kconfig Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
Makefile PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol) 2010-08-21 23:05:39 -07:00
netfilter.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
proc.c tcp: Replace time wait bucket msg by counter 2010-12-08 12:16:33 -08:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
route.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-01-04 11:57:25 -08:00
syncookies.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
sysctl_net_ipv4.c net: add limits to ip_default_ttl 2010-12-13 12:16:14 -08:00
tcp_bic.c
tcp_cong.c net/ipv4: Eliminate kstrdup memory leak 2010-08-27 19:31:56 -07:00
tcp_cubic.c
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c
tcp_htcp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_hybla.c TCP: tcp_hybla: Fix integer overflow in slow start increment 2010-06-02 07:15:48 -07:00
tcp_illinois.c Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
tcp_input.c tcp: cleanup of cwnd initialization in tcp_init_metrics() 2010-12-23 09:54:26 -08:00
tcp_ipv4.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
tcp_lp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_minisocks.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
tcp_output.c TCP: increase default initial receive window. 2010-12-20 21:33:00 -08:00
tcp_probe.c net: ipv4: tcp_probe: cleanup snprintf() use 2010-11-17 12:27:46 -08:00
tcp_scalable.c
tcp_timer.c tcp: use correct counters in CA_CWR state too 2010-10-17 13:46:33 -07:00
tcp_vegas.c tcp: tcp_vegas ssthresh bugfix 2009-05-25 22:44:59 -07:00
tcp_vegas.h
tcp_veno.c Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
tcp_westwood.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
tcp_yeah.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
tunnel4.c tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm4_input.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
xfrm4_output.c netfilter: ipv4: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:30 +01:00
xfrm4_policy.c net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
xfrm4_state.c xfrm: Allow different selector family in temporary state 2010-09-20 11:11:38 -07:00
xfrm4_tunnel.c net: struct xfrm_tunnel in read_mostly section 2010-08-30 13:50:45 -07:00