In TCP --strict mode, forget the peer which sent the wrong knock in a
sequence, rather than resetting its status to ST_INIT. This avoids
filling up the peer table (which would lead to pknock DoS) in case of
a DDoS attack performed by a set of port-scanning malicious hosts.
Report by: Christian Blum <chrblum@users.sourceforge.net>
"I have found that they panic in an interrupt within xt_ipp2p, function
search_all_gnu(). It's a bounds checking problem; when I add this [a
check for plen >= 65535] at the beginning [of the function] the
servers run fine (very similar to find_all_kazaa())."
If rule->peer_head==NULL due to an unsuccessful allocation, peer_gc
(and perhaps other places) may crash when they try to access it.
Since I see no deferred retry for allocation, the only option is to
fail in add_rule, clean it up, and return false instead.
Independent of that problem, it also needs to free peer_head in case
the status_proc allocation fails.
It is no longer possible to specify gc_expir_time with a time lower
than its default value (65000 msecs). This is to avoid running
peer_gc() earlier than 1 minute [well, 65 s actually] in the future,
which would otherwise render anti-spoof protection in SPA mode
non-functional.
- $Id$ in a comment is pointless.
- remove unneeded/commented-out includes.
- remove warning messages on allocation failure
(if that happens it is almost too late anyway;
not wanting to spam the logs)
- remove warning messages about unhandled packets
(attacker filling up logs)
Kbuild would install the .ko module files relative to their source
directory, i.e.
extensions/xt_quota.ko
-> /lib/modules/%/extra/xt_quota.ko
extensions/ACCOUNT/xt_ACCOUNT.ko
-> /lib/modules/%/extra/ACCOUNT/xt_ACCOUNT.ko
Add a hack to Makefile.am so that it all goes into extra/ only,
without any further subdirectories created. This is strictly a hack
as it pokes with Kbuild internals.
Putting the ext-mod-dir override into extensions/Kbuild would not do,
it is overridden by $linux/scripts/Makefile.modinst, so a higher
priority override is needed (make command line by means of
Makefile.am invoking make).
First, there is a memory leak - when the crypto functions fail,
hexresult was not freed. Second, in that error case, the return value
is simply passed up to the caller, ignoring the different meanings of
0 and 1 between crypto and pknock.
Some functions like the crypto init or proc_mkdir do not return an
error value. Replace the -1, which is actually EPERM, and looks a
little out of place, and use ENXIO instead. (After all, the requested
objects were not there after the request of initialization.)
Since pr_debug depends on #if DEBUG anyway, there is no need to
contain DEBUGP/pk_debug within a further if. Rename from DEBUGP to
pk_debug, because DEBUGP is flagged by Xtables-addons (- and that's
good so, because often DEBUGPs should have been pr_debug instead).
The printk calls were protected using #if DEBUG anyway, so they can
just be changed to pr_debug. pr_debug also depends on #if DEBUG, and
takes care of the module prefix.
