]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit
netfilter: nf_ct_helper: bail out on duplicated helpers
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 24 May 2016 09:23:51 +0000 (11:23 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 31 May 2016 09:57:18 +0000 (11:57 +0200)
commit893e093c786c4256d52809eed697e9d70a6f6643
tree23f9c9487caf5f3937bd11e8f826579c19245e84
parenteaa2bcd6d1d410a52df8c7b05e76d86c0319b7b0
netfilter: nf_ct_helper: bail out on duplicated helpers

Don't allow registration of helpers using the same tuple:

{ l3proto, l4proto, src-port }

We lookup for the helper from the packet path using this tuple through
__nf_ct_helper_find(). Therefore, we have to avoid having two helpers
with the same tuple to ensure predictible behaviour.

Don't compare the helper string names anymore since it is valid to
register two helpers with the same name, but using different tuples.
This is also implicitly fixing up duplicated helper registration via
ports= modparam since the name comparison was defeating the tuple
duplication validation.

Reported-by: Feng Gao <gfree.wind@gmail.com>
Reported-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_helper.c