[PATCH AUTOSEL 4.19 21/29] netfilter: ipset: Actually allow destination MAC address for hash:ip,mac sets too

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Stefano Brivio <sbrivio@redhat.com>, Chen Yi <yiche@redhat.com>,
	Jozsef Kadlecsik <kadlec@netfilter.org>,
	Sasha Levin <sashal@kernel.org>,
	netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
	netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 21/29] netfilter: ipset: Actually allow destination MAC address for hash:ip,mac sets too
Date: Thu, 29 Aug 2019 06:50:01 -0400	[thread overview]
Message-ID: <20190829105009.2265-21-sashal@kernel.org> (raw)
In-Reply-To: <20190829105009.2265-1-sashal@kernel.org>

From: Stefano Brivio <sbrivio@redhat.com>

[ Upstream commit b89d15480d0cacacae1a0fe0b3da01b529f2914f ]

In commit 8cc4ccf58379 ("ipset: Allow matching on destination MAC address
for mac and ipmac sets"), ipset.git commit 1543514c46a7, I removed the
KADT check that prevents matching on destination MAC addresses for
hash:mac sets, but forgot to remove the same check for hash:ip,mac set.

Drop this check: functionality is now commented in man pages and there's
no reason to restrict to source MAC address matching anymore.

Reported-by: Chen Yi <yiche@redhat.com>
Fixes: 8cc4ccf58379 ("ipset: Allow matching on destination MAC address for mac and ipmac sets")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/ipset/ip_set_hash_ipmac.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/net/netfilter/ipset/ip_set_hash_ipmac.c b/net/netfilter/ipset/ip_set_hash_ipmac.c
index fd87de3ed55b3..75c21c8b76514 100644
--- a/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -95,10 +95,6 @@ hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb,
 	struct hash_ipmac4_elem e = { .ip = 0, { .foo[0] = 0, .foo[1] = 0 } };
 	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
 
-	 /* MAC can be src only */
-	if (!(opt->flags & IPSET_DIM_TWO_SRC))
-		return 0;
-
 	if (skb_mac_header(skb) < skb->head ||
 	    (skb_mac_header(skb) + ETH_HLEN) > skb->data)
 		return -EINVAL;
-- 
2.20.1

next prev parent reply	other threads:[~2019-08-29 10:54 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-29 10:49 [PATCH AUTOSEL 4.19 01/29] hv_sock: Fix hang when a connection is closed Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 02/29] Revert "dm bufio: fix deadlock with loop device" Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 03/29] kprobes: Fix potential deadlock in kprobe_optimizer() Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 04/29] ALSA: line6: Fix memory leak at line6_init_pcm() error path Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 05/29] Blk-iolatency: warn on negative inflight IO counter Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 06/29] blk-iolatency: fix STS_AGAIN handling Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 07/29] {nl,mac}80211: fix interface combinations on crypto controlled devices Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 08/29] timekeeping: Use proper ktime_add when adding nsecs in coarse offset Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 09/29] selftests: fib_rule_tests: use pre-defined DEV_ADDR Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 10/29] x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 11/29] binder: take read mode of mmap_sem in binder_alloc_free_page() Sasha Levin
2019-08-29 15:13   ` Tyler Hicks
2019-08-30  6:29     ` Greg Kroah-Hartman
2019-08-30  7:30       ` Tyler Hicks
2019-09-02 15:54         ` Greg Kroah-Hartman
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 12/29] powerpc/64: mark start_here_multiplatform as __ref Sasha Levin
2019-08-29 10:49   ` Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 13/29] media: stm32-dcmi: fix irq = 0 case Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 14/29] HID: input: fix a4tech horizontal wheel custom usage Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 15/29] netfilter: nf_tables: use-after-free in failing rule with bound set Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 16/29] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx Sasha Levin
     [not found] ` <20190829105009.2265-1-sashal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2019-08-29 10:49   ` [PATCH AUTOSEL 4.19 17/29] arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64 Sasha Levin
2019-08-29 10:49     ` Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 18/29] mac80211: fix possible sta leak Sasha Levin
2019-08-29 10:49 ` [PATCH AUTOSEL 4.19 19/29] scripts/decode_stacktrace: match basepath using shell prefix operator, not regex Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 20/29] KVM: arm/arm64: Only skip MMIO insn once Sasha Levin
2019-08-29 10:50   ` Sasha Levin
2019-08-29 10:50 ` Sasha Levin [this message]
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 22/29] netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and hash:ip,mac sets Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 23/29] ALSA: usb-audio: Check mixer unit bitmap yet more strictly Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 24/29] riscv: remove unused variable in ftrace Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 25/29] nvme-fc: use separate work queue to avoid warning Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 26/29] clk: s2mps11: Add used attribute to s2mps11_dt_match Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 27/29] remoteproc: qcom: q6v5: shore up resource probe handling Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 28/29] modules: always page-align module section allocations Sasha Levin
2019-08-29 10:50 ` [PATCH AUTOSEL 4.19 29/29] kernel/module: Fix mem leak in module_add_modinfo_attrs Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fd87de3ed55b dfblob:75c21c8b7651 )
 OR (
bs:"[PATCH AUTOSEL 4.19 21/29] netfilter: ipset: Actually allow destination MAC address for hash:ip,mac sets too" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190829105009.2265-21-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=coreteam@netfilter.org \
    --cc=kadlec@netfilter.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=sbrivio@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=yiche@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.