--- /dev/null
+From stable-bounces@linux.kernel.org Tue Mar 18 11:17:27 2008
+From: Patrick McHardy <kaber@trash.net>
+To: stable@kernel.org
+Message-Id: <20080317143315.20525.42891.sendpatchset@localhost.localdomain>
+Date: Mon, 17 Mar 2008 15:41:47 +0100 (MET)
+Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Subject: NETFILTER: nfnetlink_log: fix computation of netlink skb size
+
+From: Eric Leblond <eric@inl.fr>
+Upstream commit 7000d38d:
+
+This patch is similar to nfnetlink_queue fixes. It fixes the computation
+of skb size by using NLMSG_SPACE instead of NLMSG_ALIGN.
+
+Signed-off-by: Eric Leblond <eric@inl.fr>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ net/netfilter/nfnetlink_log.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -594,7 +594,7 @@ nfulnl_log_packet(unsigned int pf,
+ /* FIXME: do we want to make the size calculation conditional based on
+ * what is actually present? way more branches and checks, but more
+ * memory efficient... */
+- size = NLMSG_ALIGN(sizeof(struct nfgenmsg))
++ size = NLMSG_SPACE(sizeof(struct nfgenmsg))
+ + nla_total_size(sizeof(struct nfulnl_msg_packet_hdr))
+ + nla_total_size(sizeof(u_int32_t)) /* ifindex */
+ + nla_total_size(sizeof(u_int32_t)) /* ifindex */
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Mar 18 11:15:59 2008
+From: Patrick McHardy <kaber@trash.net>
+To: stable@kernel.org
+Message-Id: <20080317143314.20525.75176.sendpatchset@localhost.localdomain>
+Date: Mon, 17 Mar 2008 15:41:46 +0100 (MET)
+Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Subject: NETFILTER: nfnetlink_queue: fix computation of allocated size for netlink skb
+
+From: Eric Leblond <eric@inl.fr>
+Upstream commit cabaa9bf:
+
+Size of the netlink skb was wrongly computed because the formula was using
+NLMSG_ALIGN instead of NLMSG_SPACE. NLMSG_ALIGN does not add the room for
+netlink header as NLMSG_SPACE does. This was causing a failure of message
+building in some cases.
+
+On my test system, all messages for packets in range [8*k+41, 8*k+48] where k
+is an integer were invalid and the corresponding packets were dropped.
+
+Signed-off-by: Eric Leblond <eric@inl.fr>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ net/netfilter/nfnetlink_queue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nfnetlink_queue.c
++++ b/net/netfilter/nfnetlink_queue.c
+@@ -353,7 +353,7 @@ nfqnl_build_packet_message(struct nfqnl_
+
+ QDEBUG("entered\n");
+
+- size = NLMSG_ALIGN(sizeof(struct nfgenmsg))
++ size = NLMSG_SPACE(sizeof(struct nfgenmsg))
+ + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr))
+ + nla_total_size(sizeof(u_int32_t)) /* ifindex */
+ + nla_total_size(sizeof(u_int32_t)) /* ifindex */
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Mar 18 11:14:43 2008
+From: Patrick McHardy <kaber@trash.net>
+To: stable@kernel.org
+Message-Id: <20080317143312.20525.93415.sendpatchset@localhost.localdomain>
+Date: Mon, 17 Mar 2008 15:41:44 +0100 (MET)
+Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Subject: NETFILTER: xt_time: fix failure to match on Sundays
+
+From: Jan Engelhardt <jengelh@computergmbh.de>
+Upstream commit 4f4c9430:
+
+xt_time_match() in net/netfilter/xt_time.c in kernel 2.6.24 never
+matches on Sundays. On my host I have a rule like
+
+iptables -A OUTPUT -m time --weekdays Sun -j REJECT
+
+and it never matches. The problem is in localtime_2(), which uses
+
+ r->weekday = (4 + r->dse) % 7;
+
+to map the epoch day onto a weekday in {0,...,6}. In particular this
+gives 0 for Sundays. But 0 has to be wrong; a weekday of 0 can never
+match. xt_time_match() has
+
+ if (!(info->weekdays_match & (1 << current_time.weekday)))
+ return false;
+
+and when current_time.weekday = 0, the result of the & is always
+zero, even when info->weekdays_match = XT_TIME_ALL_WEEKDAYS = 0xFE.
+
+Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ net/netfilter/xt_time.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/xt_time.c
++++ b/net/netfilter/xt_time.c
+@@ -95,8 +95,11 @@ static inline void localtime_2(struct xt
+ */
+ r->dse = time / 86400;
+
+- /* 1970-01-01 (w=0) was a Thursday (4). */
+- r->weekday = (4 + r->dse) % 7;
++ /*
++ * 1970-01-01 (w=0) was a Thursday (4).
++ * -1 and +1 map Sunday properly onto 7.
++ */
++ r->weekday = (4 + r->dse - 1) % 7 + 1;
+ }
+
+ static void localtime_3(struct xtm *r, time_t time)
sched-fix-race-in-schedule.patch
nfsd-fix-oops-on-access-from-high-numbered-ports.patch
sched_nr_migrate-wrong-mode-bits.patch
+netfilter-xt_time-fix-failure-to-match-on-sundays.patch
+netfilter-nfnetlink_queue-fix-computation-of-allocated-size-for-netlink-skb.patch
+netfilter-nfnetlink_log-fix-computation-of-netlink-skb-size.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
