From: kaber@trash.net
To: davem@davemloft.net
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH 1/3] netfilter: ipset: bitmap:ip,mac type requires "src" for MAC
Date: Tue, 19 Apr 2011 16:51:43 +0200 [thread overview]
Message-ID: <1303224705-17400-2-git-send-email-kaber@trash.net> (raw)
In-Reply-To: <1303224705-17400-1-git-send-email-kaber@trash.net>
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Enforce that the second "src/dst" parameter of the set match and SET target
must be "src", because we have access to the source MAC only in the packet.
The previous behaviour, that the type required the second parameter
but actually ignored the value was counter-intuitive and confusing.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 00a3324..a274300 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -343,6 +343,10 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
ipset_adtfn adtfn = set->variant->adt[adt];
struct ipmac data;
+ /* MAC can be src only */
+ if (!(flags & IPSET_DIM_TWO_SRC))
+ return 0;
+
data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC));
if (data.id < map->first_ip || data.id > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
--
1.7.2.3
next prev parent reply other threads:[~2011-04-19 14:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-19 14:51 [PATCH 0/3] netfilter: netfilter fixes for 2.6.39-rc4 kaber
2011-04-19 14:51 ` kaber [this message]
2011-04-19 14:51 ` [PATCH 2/3] netfilter: ipset: set match and SET target fixes kaber
2011-04-19 14:51 ` [PATCH 3/3] netfilter: ipset: Fix the order of listing of sets kaber
2011-04-19 19:05 ` [PATCH 0/3] netfilter: netfilter fixes for 2.6.39-rc4 David Miller
-- strict thread matches above, loose matches on Subject: below --
2011-04-09 20:02 [PATCH 0/3] netfilter: ipset: fixes Jozsef Kadlecsik
2011-04-09 20:03 ` [PATCH 1/3] netfilter: ipset: bitmap:ip,mac type requires "src" for MAC Jozsef Kadlecsik
2011-04-13 11:44 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1303224705-17400-2-git-send-email-kaber@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).