summaryrefslogtreecommitdiffstats
path: root/net/netfilter/ipset/ip_set_hash_netnet.c
diff options
context:
space:
mode:
authorJozsef Kadlecsik2015-06-12 22:11:00 +0200
committerJozsef Kadlecsik2015-06-14 10:40:14 +0200
commitf690cbaed9fe4d77592e24139db7ad790641c4fd (patch)
tree9922325ea06a0c1d8efbea9eb194f8047fa90872 /net/netfilter/ipset/ip_set_hash_netnet.c
parentnetfilter: ipset: Check CIDR value only when attribute is given (diff)
downloadkernel-qcow2-linux-f690cbaed9fe4d77592e24139db7ad790641c4fd.tar.gz
kernel-qcow2-linux-f690cbaed9fe4d77592e24139db7ad790641c4fd.tar.xz
kernel-qcow2-linux-f690cbaed9fe4d77592e24139db7ad790641c4fd.zip
netfilter: ipset: Fix cidr handling for hash:*net* types
Commit "Simplify cidr handling for hash:*net* types" broke the cidr handling for the hash:*net* types when the sets were used by the SET target: entries with invalid cidr values were added to the sets. Reported by Jonathan Johnson. Testsuite entry is added to verify the fix. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_netnet.c')
-rw-r--r--net/netfilter/ipset/ip_set_hash_netnet.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_netnet.c b/net/netfilter/ipset/ip_set_hash_netnet.c
index 11eee0077b8b..ed9cc45084dd 100644
--- a/net/netfilter/ipset/ip_set_hash_netnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netnet.c
@@ -141,8 +141,8 @@ hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_netnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
- e.cidr[0] = IP_SET_INIT_CIDR(h->nets[0].cidr[0], HOST_MASK);
- e.cidr[1] = IP_SET_INIT_CIDR(h->nets[0].cidr[1], HOST_MASK);
+ e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK);
+ e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK);
if (adt == IPSET_TEST)
e.ccmp = (HOST_MASK << (sizeof(e.cidr[0]) * 8)) | HOST_MASK;
@@ -364,8 +364,8 @@ hash_netnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_netnet6_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
- e.cidr[0] = IP_SET_INIT_CIDR(h->nets[0].cidr[0], HOST_MASK);
- e.cidr[1] = IP_SET_INIT_CIDR(h->nets[0].cidr[1], HOST_MASK);
+ e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK);
+ e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK);
if (adt == IPSET_TEST)
e.ccmp = (HOST_MASK << (sizeof(u8)*8)) | HOST_MASK;
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-30 07:37:29 +0200