From patchwork Tue Jul 2 14:51:05 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 256445 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C7A7C2C0097 for ; Wed, 3 Jul 2013 00:53:32 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753134Ab3GBOxa (ORCPT ); Tue, 2 Jul 2013 10:53:30 -0400 Received: from mail.us.es ([193.147.175.20]:44210 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753103Ab3GBOxa (ORCPT ); Tue, 2 Jul 2013 10:53:30 -0400 Received: (qmail 28922 invoked from network); 2 Jul 2013 16:53:29 +0200 Received: from unknown (HELO us.es) (192.168.2.13) by us.es with SMTP; 2 Jul 2013 16:53:29 +0200 Received: (qmail 16237 invoked by uid 507); 2 Jul 2013 14:53:28 -0000 X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus3 (envelope-from , uid 501) with qmail-scanner-2.10 (clamdscan: 0.97.8/17448. spamassassin: 3.3.2. Clear:RC:1(127.0.0.1):SA:0(-98.2/7.5):. Processed in 1.885685 secs); 02 Jul 2013 14:53:28 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on antivirus3 X-Spam-Level: X-Spam-Status: No, score=-98.2 required=7.5 tests=BAYES_50,RCVD_IN_PBL, RDNS_NONE,USER_IN_WHITELIST autolearn=disabled version=3.3.2 X-Envelope-From: pablo@netfilter.org Received: from unknown (HELO antivirus3) (127.0.0.1) by us.es with SMTP; 2 Jul 2013 14:53:26 -0000 Received: from 192.168.1.13 (192.168.1.13) by antivirus3 (F-Secure/fsigk_smtp/410/antivirus3); Tue, 02 Jul 2013 16:53:26 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/410/antivirus3) Received: (qmail 31340 invoked from network); 2 Jul 2013 16:53:25 +0200 Received: from unknown (HELO localhost.localdomain) (pneira@us.es@77.208.93.96) by us.es with SMTP; 2 Jul 2013 16:53:25 +0200 From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, stable@vger.kernel.org Subject: [PATCH -stable-3.9 15/15] netfilter: ctnetlink: send event when conntrack label was modified Date: Tue, 2 Jul 2013 16:51:05 +0200 Message-Id: <1372776665-6795-15-git-send-email-pablo@netfilter.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1372776665-6795-1-git-send-email-pablo@netfilter.org> References: <1372776665-6795-1-git-send-email-pablo@netfilter.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Florian Westphal commit 0ceabd83875b72a29f33db4ab703d6ba40ea4c58 (netfilter: ctnetlink: deliver labels to userspace) sets the event bit when we raced with another packet, instead of raising the event bit when the label bit is set for the first time. commit 9b21f6a90924dfe8e5e686c314ddb441fb06501e (netfilter: ctnetlink: allow userspace to modify labels) forgot to update the event mask in the "conntrack already exists" case. Both issues result in CTA_LABELS attribute not getting included in the conntrack event. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- Cherry-pick: 797a7d66d2048fe8a4ac1ba58c5d4752d64b1ac4 net/netfilter/nf_conntrack_labels.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_labels.c b/net/netfilter/nf_conntrack_labels.c index 8fe2e99..355d2ef 100644 --- a/net/netfilter/nf_conntrack_labels.c +++ b/net/netfilter/nf_conntrack_labels.c @@ -45,7 +45,7 @@ int nf_connlabel_set(struct nf_conn *ct, u16 bit) if (test_bit(bit, labels->bits)) return 0; - if (test_and_set_bit(bit, labels->bits)) + if (!test_and_set_bit(bit, labels->bits)) nf_conntrack_event_cache(IPCT_LABEL, ct); return 0; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 9904b15..23af264 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1825,6 +1825,7 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, nf_conntrack_eventmask_report((1 << IPCT_REPLY) | (1 << IPCT_ASSURED) | (1 << IPCT_HELPER) | + (1 << IPCT_LABEL) | (1 << IPCT_PROTOINFO) | (1 << IPCT_NATSEQADJ) | (1 << IPCT_MARK),