[PATCH] pkttype match mismatches on locally generated packets

[PATCH] pkttype match mismatches on locally generated packets

[Phil Oester]

Locally generated broadcast and multicast packets have pkttype set to
PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST.  This
causes the pkttype match to fail to match packets of either type.

The below patch remedies this by using the daddr as a hint as to
broadcast|multicast.  While not pretty, this seems like the only way
to solve the problem short of just noting this as a limitation of the match.

This resolves bug #484

Phil

Signed-off-by: Phil Oester <kernel@linuxace.com>

Re: [PATCH] pkttype match mismatches on locally generated packets

[Phil Oester]

[-- Attachment #1: Type: text/plain, Size: 632 bytes --]

On Mon, Jul 17, 2006 at 06:06:42PM -0700, Phil Oester wrote:
> Locally generated broadcast and multicast packets have pkttype set to
> PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST.  This
> causes the pkttype match to fail to match packets of either type.
> 
> The below patch remedies this by using the daddr as a hint as to
> broadcast|multicast.  While not pretty, this seems like the only way
> to solve the problem short of just noting this as a limitation of the match.
> 
> This resolves bug #484
> 
> Phil
> 
> Signed-off-by: Phil Oester <kernel@linuxace.com>

And this time the patch is attached...

Phil

[-- Attachment #2: patch-pkttype --]
[-- Type: text/plain, Size: 844 bytes --]

--- linux-dellfw/net/netfilter/xt_pkttype.c	2006-06-17 21:49:35.000000000 -0400
+++ linux-po/net/netfilter/xt_pkttype.c	2006-07-17 20:56:39.000000000 -0400
@@ -9,6 +9,8 @@
 #include <linux/skbuff.h>
 #include <linux/if_ether.h>
 #include <linux/if_packet.h>
+#include <linux/in.h>
+#include <linux/ip.h>
 
 #include <linux/netfilter/xt_pkttype.h>
 #include <linux/netfilter/x_tables.h>
@@ -28,9 +30,17 @@
       unsigned int protoff,
       int *hotdrop)
 {
+	u_int8_t type;
 	const struct xt_pkttype_info *info = matchinfo;
 
-	return (skb->pkt_type == info->pkttype) ^ info->invert;
+	if (skb->pkt_type == PACKET_LOOPBACK)
+		type = (MULTICAST(skb->nh.iph->daddr)
+			? PACKET_MULTICAST
+			: PACKET_BROADCAST);
+	else
+		type = skb->pkt_type;
+
+	return (type == info->pkttype) ^ info->invert;
 }
 
 static struct xt_match pkttype_match = {

Re: [PATCH] pkttype match mismatches on locally generated packets

[Patrick McHardy]

Phil Oester wrote:
> Locally generated broadcast and multicast packets have pkttype set to
> PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST.  This
> causes the pkttype match to fail to match packets of either type.
> 
> The below patch remedies this by using the daddr as a hint as to
> broadcast|multicast.  While not pretty, this seems like the only way
> to solve the problem short of just noting this as a limitation of the match.
> 
> This resolves bug #484

Thanks Phil. I thought about just adding PACKET_LOOPBACK support to
userspace, but this way seems better, so applied.