extensions: call send_reset with xtables state socket

author Jan Engelhardt <jengelh@inai.de>

Sun, 22 Nov 2020 16:54:35 +0000 (17:54 +0100)

committer Jan Engelhardt <jengelh@inai.de>

Mon, 23 Nov 2020 22:06:25 +0000 (23:06 +0100)
author Jan Engelhardt <jengelh@inai.de>
Sun, 22 Nov 2020 16:54:35 +0000 (17:54 +0100)
committer Jan Engelhardt <jengelh@inai.de>
Mon, 23 Nov 2020 22:06:25 +0000 (23:06 +0100)
diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c

index 89cc41abfcba433a24ff8a470d1588a3f9acaec4..6390f713777687b6c1e91296d0eeb1d4b134a958 100644 (file)
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -25,8 +25,8 @@
  #include "compat_xtables.h"
  #define PFX KBUILD_MODNAME ": "
  
-static void delude_send_reset(struct net *net, struct sk_buff *oldskb,
-    unsigned int hook)
+static void delude_send_reset(struct net *net, struct sock *sk,
+    struct sk_buff *oldskb, unsigned int hook)
  {
         struct tcphdr _otcph, *tcph;
         const struct tcphdr *oth;
@@ -121,7 +121,7 @@ static void delude_send_reset(struct net *net, struct sk_buff *oldskb,
  
         /* ip_route_me_harder expects skb->dst to be set */
         skb_dst_set(nskb, dst_clone(skb_dst(oldskb)));
-       if (ip_route_me_harder(net, nskb->sk, nskb, addr_type))
+       if (ip_route_me_harder(net, sk, nskb, addr_type))
                 goto free_nskb;
         else
                 niph = ip_hdr(nskb);
@@ -150,7 +150,7 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
          * a problem, as that is supported since Linux 2.6.35. But since we do not
          * actually want to have a connection open, we are still going to drop it.
          */
-       delude_send_reset(par_net(par), skb, par->state->hook);
+       delude_send_reset(par_net(par), par->state->sk, skb, par->state->hook);
         return NF_DROP;
  }
  
diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c

index 4376d2f22bdff28900fe2eb09ce895299cb7495c..f1e9600a8ea4e4a30399cf0143f57fba7f8dcfff 100644 (file)
--- a/extensions/xt_ECHO.c
+++ b/extensions/xt_ECHO.c
@@ -113,7 +113,7 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par)
                 goto free_nskb;
  
         nf_ct_attach(newskb, oldskb);
-       ip6_local_out(par_net(par), newskb->sk, newskb);
+       ip6_local_out(par_net(par), par->state->sk, newskb);
         return NF_DROP;
  
   free_nskb:
@@ -191,7 +191,8 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par)
  
         /* ip_route_me_harder expects the skb's dst to be set */
         skb_dst_set(newskb, dst_clone(skb_dst(oldskb)));
-       if (ip_route_me_harder(par_net(par), newskb->sk, newskb, RTN_UNSPEC) != 0)
+       if (ip_route_me_harder(par_net(par), par->state->sk, newskb,
+           RTN_UNSPEC) != 0)
                 goto free_nskb;
  
         newip->ttl = ip4_dst_hoplimit(skb_dst(newskb));
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c

index 118c26c25b5112c1cf5b8f38fc37cc80a2a0c63d..2deefb09bc496cff4adbd06cb835685a762e4c97 100644 (file)
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -170,8 +170,8 @@ static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth,
         return true;
  }
  
-static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb,
-    unsigned int hook, unsigned int mode)
+static void tarpit_tcp4(struct net *net, struct sock *sk,
+    struct sk_buff *oldskb, unsigned int hook, unsigned int mode)
  {
         struct tcphdr _otcph, *tcph;
         const struct tcphdr *oth;
@@ -265,7 +265,7 @@ static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb,
  #endif
                 addr_type = RTN_LOCAL;
  
-       if (ip_route_me_harder(net, nskb->sk, nskb, addr_type))
+       if (ip_route_me_harder(net, sk, nskb, addr_type) != 0)
                 goto free_nskb;
         else
                 niph = ip_hdr(nskb);
@@ -296,8 +296,8 @@ static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb,
  }
  
  #ifdef WITH_IPV6
-static void tarpit_tcp6(struct net *net, struct sk_buff *oldskb,
-    unsigned int hook, unsigned int mode)
+static void tarpit_tcp6(struct net *net, struct sock *sock,
+    struct sk_buff *oldskb, unsigned int hook, unsigned int mode)
  {
         struct sk_buff *nskb;
         struct tcphdr *tcph, oth;
@@ -443,7 +443,8 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
         /* We are not interested in fragments */
         if (iph->frag_off & htons(IP_OFFSET))
                 return NF_DROP;
-       tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant);
+       tarpit_tcp4(par_net(par), par->state->sk, skb, par->state->hook,
+                   info->variant);
         return NF_DROP;
  }
  
@@ -484,7 +485,8 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
                 pr_debug("addr is not unicast.\n");
                 return NF_DROP;
         }
-       tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant);
+       tarpit_tcp6(par_net(par), par->state->sk, skb, par->state->hook,
+                   info->variant);
         return NF_DROP;
  }
  #endif
author	Jan Engelhardt <jengelh@inai.de>
	Sun, 22 Nov 2020 16:54:35 +0000 (17:54 +0100)
committer	Jan Engelhardt <jengelh@inai.de>
	Mon, 23 Nov 2020 22:06:25 +0000 (23:06 +0100)
extensions/xt_DELUDE.c		patch \| blob \| blame \| history
extensions/xt_ECHO.c		patch \| blob \| blame \| history
extensions/xt_TARPIT.c		patch \| blob \| blame \| history