forked from Minki/linux
Merge branch 'master' of git://blackhole.kfki.hu/nf
Jozsef Kadlecsik says: ==================== ipset patches for the nf tree - When the support of destination MAC addresses for hash:mac sets was introduced, it was forgotten to add the same functionality to hash:ip,mac types of sets. The patch from Stefano Brivio adds the missing part. - When the support of destination MAC addresses for hash:mac sets was introduced, a copy&paste error was made in the code of the hash:ip,mac and bitmap:ip,mac types: the MAC address in these set types is in the second position and not in the first one. Stefano Brivio's patch fixes the issue. - There was still a not properly handled concurrency handling issue between renaming and listing sets at the same time, reported by Shijie Luo. ==================== Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
commit
7cdc441228
@ -226,7 +226,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
|
|||||||
|
|
||||||
e.id = ip_to_id(map, ip);
|
e.id = ip_to_id(map, ip);
|
||||||
|
|
||||||
if (opt->flags & IPSET_DIM_ONE_SRC)
|
if (opt->flags & IPSET_DIM_TWO_SRC)
|
||||||
ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
|
ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
|
||||||
else
|
else
|
||||||
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
|
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
|
||||||
|
@ -1161,7 +1161,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl,
|
|||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
|
||||||
write_lock_bh(&ip_set_ref_lock);
|
write_lock_bh(&ip_set_ref_lock);
|
||||||
if (set->ref != 0) {
|
if (set->ref != 0 || set->ref_netlink != 0) {
|
||||||
ret = -IPSET_ERR_REFERENCED;
|
ret = -IPSET_ERR_REFERENCED;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -89,15 +89,11 @@ hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb,
|
|||||||
struct hash_ipmac4_elem e = { .ip = 0, { .foo[0] = 0, .foo[1] = 0 } };
|
struct hash_ipmac4_elem e = { .ip = 0, { .foo[0] = 0, .foo[1] = 0 } };
|
||||||
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
|
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
|
||||||
|
|
||||||
/* MAC can be src only */
|
|
||||||
if (!(opt->flags & IPSET_DIM_TWO_SRC))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (skb_mac_header(skb) < skb->head ||
|
if (skb_mac_header(skb) < skb->head ||
|
||||||
(skb_mac_header(skb) + ETH_HLEN) > skb->data)
|
(skb_mac_header(skb) + ETH_HLEN) > skb->data)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (opt->flags & IPSET_DIM_ONE_SRC)
|
if (opt->flags & IPSET_DIM_TWO_SRC)
|
||||||
ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
|
ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
|
||||||
else
|
else
|
||||||
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
|
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
|
||||||
|
Loading…
Reference in New Issue
Block a user