37 lines
1.5 KiB
Diff
37 lines
1.5 KiB
Diff
From: Liping Zhang <liping.zhang@spreadtrum.com>
|
|
Date: Tue, 11 Oct 2016 21:03:45 +0800
|
|
Subject: netfilter: xt_NFLOG: fix unexpected truncated packet
|
|
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888
|
|
Bug-Debian: https://bugs.debian.org/841261
|
|
|
|
Justin and Chris spotted that iptables NFLOG target was broken when they
|
|
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
|
|
"results in segfaults in ulogd-2.0.5".
|
|
|
|
Because "struct nf_loginfo li;" is a local variable, and flags will be
|
|
filled with garbage value, not inited to zero. So if it contains 0x1,
|
|
packets will not be logged to the userspace anymore.
|
|
|
|
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
|
|
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
|
|
Reported-by: Chris Caputo <ccaputo@alt.net>
|
|
Tested-by: Chris Caputo <ccaputo@alt.net>
|
|
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
net/netfilter/xt_NFLOG.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
|
|
index 018eed7e1ff1..8668a5c18dc3 100644
|
|
--- a/net/netfilter/xt_NFLOG.c
|
|
+++ b/net/netfilter/xt_NFLOG.c
|
|
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|
li.u.ulog.copy_len = info->len;
|
|
li.u.ulog.group = info->group;
|
|
li.u.ulog.qthreshold = info->threshold;
|
|
+ li.u.ulog.flags = 0;
|
|
|
|
if (info->flags & XT_NFLOG_F_COPY_LEN)
|
|
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
|