bugfix: fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst fields not being zeroed

bugfix: fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst fields not being zeroed

[Luis Fernando Cornachioni Estrozi]

fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst
fields not being zeroed

Signed-off-by: Luís Fernando Cornachioni Estrozi <lestrozi@uolinc.com>
---
this bug was introduced on commit
0898f99a267f89a7dc72cc687955f17613a711b8 on Mar 08, 2010; I'm just
returning 2 checks that existed before as suggested by Bart De Schuymer

--- linux-3.8.13/net/bridge/netfilter/ebt_ip6.c.orig    2013-07-03
12:07:25.892466692 -0300
+++ linux-3.8.13/net/bridge/netfilter/ebt_ip6.c    2013-07-03
12:29:47.272496246 -0300
@@ -48,10 +48,12 @@ ebt_ip6_mt(const struct sk_buff *skb, st
      if (info->bitmask & EBT_IP6_TCLASS &&
         FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
          return false;
-    if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
-                       &info->saddr), EBT_IP6_SOURCE) ||
-        FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
-                       &info->daddr), EBT_IP6_DEST))
+    if ((info->bitmask & EBT_IP6_SOURCE &&
+            FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
+                    &info->saddr), EBT_IP6_SOURCE)) ||
+            (info->bitmask & EBT_IP6_DEST &&
+            FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
+                    &info->daddr), EBT_IP6_DEST)))
          return false;
      if (info->bitmask & EBT_IP6_PROTO) {
          uint8_t nexthdr = ih6->nexthdr;

________________________________

AVISO: A informação contida neste e-mail, bem como em qualquer de seus anexos, é CONFIDENCIAL e destinada ao uso exclusivo do(s) destinatário(s) acima referido(s), podendo conter informações sigilosas e/ou legalmente protegidas. Caso você não seja o destinatário desta mensagem, informamos que qualquer divulgação, distribuição ou cópia deste e-mail e/ou de qualquer de seus anexos é absolutamente proibida. Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, e que o original desta mensagem e de seus anexos, bem como toda e qualquer cópia e/ou impressão realizada a partir destes, sejam permanentemente apagados e/ou destruídos. Informações adicionais sobre nossa empresa podem ser obtidas no site http://sobre.uol.com.br/.

NOTICE: The information contained in this e-mail and any attachments thereto is CONFIDENTIAL and is intended only for use by the recipient named herein and may contain legally privileged and/or secret information.
If you are not the e-mail´s intended recipient, you are hereby notified that any dissemination, distribution or copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please immediately notify the sender replying to the above mentioned e-mail address, and permanently delete and/or destroy the original and any copy of this e-mail and/or its attachments, as well as any printout thereof. Additional information about our company may be obtained through the site http://www.uol.com.br/ir/.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: bugfix: fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst fields not being zeroed

[Bart De Schuymer]

Luis Fernando Cornachioni Estrozi schreef op 6/11/2013 22:39:
> fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst
> fields not being zeroed
>
> Signed-off-by: Luís Fernando Cornachioni Estrozi <lestrozi@uolinc.com>
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: bugfix: fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst fields not being zeroed

[Pablo Neira Ayuso]

On Mon, Nov 18, 2013 at 09:53:24PM +0100, Bart De Schuymer wrote:
> Luis Fernando Cornachioni Estrozi schreef op 6/11/2013 22:39:
> >fix regression bug in ebt_ip6 which resulted in ebtables IPv6 src/dst
> >fields not being zeroed

I think the problem is that IPv6 src/dst matching was broken.

> >Signed-off-by: Luís Fernando Cornachioni Estrozi <lestrozi@uolinc.com>
> Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>

This patch does not apply at all, it seems that it was probably
mangled by Luis Fernando's MUA.

I have fixed and applied this patch. Please, next time make sure your
patch applies cleanly, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html