android_kernel_oneplus_msm8998/net
Julian Anastasov 8294448593 ipvs: SNAT packet replies only for NATed connections
commit 3c5ab3f395d66a9e4e937fcfdf6ebc63894f028b upstream.

We do not check if packet from real server is for NAT
connection before performing SNAT. This causes problems
for setups that use DR/TUN and allow local clients to
access the real server directly, for example:

- local client in director creates IPVS-DR/TUN connection
CIP->VIP and the request packets are routed to RIP.
Talks are finished but IPVS connection is not expired yet.

- second local client creates non-IPVS connection CIP->RIP
with same reply tuple RIP->CIP and when replies are received
on LOCAL_IN we wrongly assign them for the first client
connection because RIP->CIP matches the reply direction.
As result, IPVS SNATs replies for non-IPVS connections.

The problem is more visible to local UDP clients but in rare
cases it can happen also for TCP or remote clients when the
real server sends the reply traffic via the director.

So, better to be more precise for the reply traffic.
As replies are not expected for DR/TUN connections, better
to not touch them.

Reported-by: Nick Moriarty <nick.moriarty@york.ac.uk>
Tested-by: Nick Moriarty <nick.moriarty@york.ac.uk>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-27 15:06:05 -07:00
..
6lowpan 6lowpan: put mcast compression in an own function 2015-10-21 00:49:25 +02:00
9p p9_client_readdir() fix 2017-05-02 21:19:55 -07:00
802 net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
8021q net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev 2017-07-05 14:37:14 +02:00
appletalk net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
atm atm: deal with setting entry before mkip was called 2015-09-17 22:13:32 -07:00
ax25 ax25: Fix segfault after sock connection timeout 2017-02-04 09:45:09 +01:00
batman-adv batman-adv: Check for alloc errors when preparing TT local data 2016-12-15 08:49:23 -08:00
bluetooth Bluetooth: use constant time memory comparison for secret values 2017-07-27 15:06:04 -07:00
bridge net: bridge: start hello timer only if device is up 2017-06-14 13:16:19 +02:00
caif net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx 2017-07-05 14:37:14 +02:00
can can: Fix kernel panic at security_sock_rcv_skb 2017-02-18 16:39:26 +01:00
ceph libceph: force GFP_NOIO for socket allocations 2017-04-08 09:53:30 +02:00
core net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() 2017-07-21 07:44:55 +02:00
dcb net/dcb: make dcbnl.c explicitly non-modular 2015-10-09 07:52:27 -07:00
dccp ipv6/dccp: do not inherit ipv6_mc_list from parent 2017-06-07 12:05:57 +02:00
decnet decnet: always not take dst->__refcnt when inserting dst into hash table 2017-07-05 14:37:14 +02:00
dns_resolver net: dns_resolver: convert time_t to time64_t 2015-11-18 16:27:46 -05:00
dsa net: dsa: Check return value of phy_connect_direct() 2017-07-05 14:37:19 +02:00
ethernet net: introduce device min_header_len 2017-02-18 16:39:27 +01:00
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
ipv4 tcp: reset sk_rx_dst in tcp_disconnect() 2017-07-21 07:44:54 +02:00
ipv6 net: ipv6: Compare lwstate in detecting duplicate nexthops 2017-07-21 07:44:55 +02:00
ipx ipx: call ipxitf_put() in ioctl error path 2017-05-25 14:30:13 +02:00
irda irda: Fix lockdep annotations in hashbin_delete(). 2017-02-26 11:07:50 +01:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-03-03 15:07:03 -08:00
key af_key: Fix sadb_x_ipsecrequest parsing 2017-07-27 15:06:05 -07:00
l2tp l2tp: fix PPP pseudo-wire auto-loading 2017-05-02 21:19:52 -07:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb lapb: move EXPORT_SYMBOL after functions. 2014-10-24 15:51:42 -04:00
llc net/llc: avoid BUG_ON() in skb_orphan() 2017-02-26 11:07:49 +01:00
mac80211 mac80211: initialize SMPS field in HT capabilities 2017-07-05 14:37:20 +02:00
mac802154 mac802154: llsec: use kzfree 2015-10-21 00:49:24 +02:00
mpls mpls: Send route delete notifications when router module is unloaded 2017-03-22 12:04:16 +01:00
netfilter ipvs: SNAT packet replies only for NATed connections 2017-07-27 15:06:05 -07:00
netlabel netlabel: add address family checks to netlbl_{sock,req}_delattr() 2016-08-20 18:09:22 +02:00
netlink netlink: Allow direct reclaim for fallback allocation 2017-05-08 07:46:02 +02:00
netrom netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00
nfc NFC: Add sockaddr length checks before accessing sa_family in bind handlers 2017-07-27 15:06:03 -07:00
openvswitch net/openvswitch: Set the ipv6 source tunnel key address attribute correctly 2017-03-30 09:35:12 +02:00
packet net/packet: fix overflow in check for tp_reserve 2017-05-02 21:19:51 -07:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-31 11:29:00 -08:00
rds rds: tcp: use sock_create_lite() to create the accept socket 2017-07-21 07:44:55 +02:00
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-03-03 15:07:26 -08:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-24 02:58:51 -07:00
rxrpc rxrpc: Fix several cases where a padded len isn't checked in ticket decode 2017-06-29 12:48:52 +02:00
sched net: sched: Fix one possible panic when no destroy callback 2017-07-21 07:44:54 +02:00
sctp sctp: check af before verify address in sctp_addr_id2transport 2017-07-05 14:37:21 +02:00
sunrpc SUNRPC: fix refcounting problems with auth_gss messages. 2017-04-21 09:30:08 +02:00
switchdev switchdev: pass pointer to fib_info instead of copy 2016-06-24 10:18:16 -07:00
tipc tipc: ignore requests when the connection state is not CONNECTED 2017-06-17 06:39:38 +02:00
unix af_unix: Add sockaddr length checks before accessing sa_family in bind and connect handlers 2017-07-05 14:37:13 +02:00
vmw_vsock VSOCK: Detach QP check should filter out non matching QPs. 2017-04-27 09:09:32 +02:00
wimax net:wimax: Fix doucble word "the the" in networking.xml 2015-08-09 22:43:52 -07:00
wireless cfg80211: Check if PMKID attribute is of expected size 2017-07-21 07:44:56 +02:00
x25 net: fix a kernel infoleak in x25 module 2016-05-18 17:06:43 -07:00
xfrm xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 2017-07-05 14:37:21 +02:00
compat.c net: switch importing msghdr from userland to {compat_,}import_iovec() 2015-04-09 00:02:26 -04:00
Kconfig net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
Makefile net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
socket.c net: socket: fix recvmmsg not returning error from sock_error 2017-02-26 11:07:50 +01:00
sysctl_net.c net: Use ns_capable_noaudit() when determining net sysctl permissions 2016-09-15 08:27:50 +02:00