• Fernando Fernandez Mancera's avatar
    netfilter: nfnetlink_osf: add missing fmatch check · 8316b605
    Fernando Fernandez Mancera authored
    commit 1a6a0951 upstream.
    
    When we check the tcp options of a packet and it doesn't match the current
    fingerprint, the tcp packet option pointer must be restored to its initial
    value in order to do the proper tcp options check for the next fingerprint.
    
    Here we can see an example.
    Assumming the following fingerprint base with two lines:
    
    S10:64:1:60:M*,S,T,N,W6:      Linux:3.0::Linux 3.0
    S20:64:1:60:M*,S,T,N,W7:      Linux:4.19:arch:Linux 4.1
    
    Where TCP options are the last field in the OS signature, all of them overlap
    except by the last one, ie. 'W6' versus 'W7'.
    
    In case a packet for Linux 4.19 kicks in, the osf finds no matching because the
    TCP options pointer is updated after checking for the TCP options in the first
    line.
    
    Therefore, reset pointer back to where it should be.
    
    Fixes: 11eeef41 ("netfilter: passive OS fingerprint xtables match")
    Signed-off-by: Fernando Fernandez Mancera's avatarFernando Fernandez Mancera <ffmancera@riseup.net>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    8316b605
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.clang-format Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...