diff options
author | Jozsef Kadlecsik | 2015-06-12 22:11:00 +0200 |
---|---|---|
committer | Jozsef Kadlecsik | 2015-06-14 10:40:14 +0200 |
commit | f690cbaed9fe4d77592e24139db7ad790641c4fd (patch) | |
tree | 9922325ea06a0c1d8efbea9eb194f8047fa90872 /net/netfilter/ipset/ip_set_hash_netnet.c | |
parent | netfilter: ipset: Check CIDR value only when attribute is given (diff) | |
download | kernel-qcow2-linux-f690cbaed9fe4d77592e24139db7ad790641c4fd.tar.gz kernel-qcow2-linux-f690cbaed9fe4d77592e24139db7ad790641c4fd.tar.xz kernel-qcow2-linux-f690cbaed9fe4d77592e24139db7ad790641c4fd.zip |
netfilter: ipset: Fix cidr handling for hash:*net* types
Commit "Simplify cidr handling for hash:*net* types" broke the cidr
handling for the hash:*net* types when the sets were used by the SET
target: entries with invalid cidr values were added to the sets.
Reported by Jonathan Johnson.
Testsuite entry is added to verify the fix.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_netnet.c')
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_netnet.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_netnet.c b/net/netfilter/ipset/ip_set_hash_netnet.c index 11eee0077b8b..ed9cc45084dd 100644 --- a/net/netfilter/ipset/ip_set_hash_netnet.c +++ b/net/netfilter/ipset/ip_set_hash_netnet.c @@ -141,8 +141,8 @@ hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb, struct hash_netnet4_elem e = { }; struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); - e.cidr[0] = IP_SET_INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); - e.cidr[1] = IP_SET_INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); + e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); + e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); if (adt == IPSET_TEST) e.ccmp = (HOST_MASK << (sizeof(e.cidr[0]) * 8)) | HOST_MASK; @@ -364,8 +364,8 @@ hash_netnet6_kadt(struct ip_set *set, const struct sk_buff *skb, struct hash_netnet6_elem e = { }; struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); - e.cidr[0] = IP_SET_INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); - e.cidr[1] = IP_SET_INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); + e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); + e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); if (adt == IPSET_TEST) e.ccmp = (HOST_MASK << (sizeof(u8)*8)) | HOST_MASK; |