diff options
| author | Liping Zhang <zlpnobody@gmail.com> | 2016-10-29 10:09:51 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-31 08:17:38 -0400 |
| commit | b73b8a1ba598236296a46103d81c10d629d9a470 (patch) | |
| tree | dfe1474c52de6b076e6abb5b8c9a0e44c2d7dabf /net | |
| parent | c17c3cdff10b9f59ef1244a14604f10949f17117 (diff) | |
netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
The NFTA_DUP_SREG_DEV attribute is not a must option, so we should use it
in routing lookup only when the user specify it.
Fixes: d877f07112f1 ("netfilter: nf_tables: add nft_dup expression")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/nft_dup_ipv4.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nft_dup_ipv6.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/nft_dup_ipv4.c b/net/ipv4/netfilter/nft_dup_ipv4.c index bf855e64fc45..0c01a270bf9f 100644 --- a/net/ipv4/netfilter/nft_dup_ipv4.c +++ b/net/ipv4/netfilter/nft_dup_ipv4.c | |||
| @@ -28,7 +28,7 @@ static void nft_dup_ipv4_eval(const struct nft_expr *expr, | |||
| 28 | struct in_addr gw = { | 28 | struct in_addr gw = { |
| 29 | .s_addr = (__force __be32)regs->data[priv->sreg_addr], | 29 | .s_addr = (__force __be32)regs->data[priv->sreg_addr], |
| 30 | }; | 30 | }; |
| 31 | int oif = regs->data[priv->sreg_dev]; | 31 | int oif = priv->sreg_dev ? regs->data[priv->sreg_dev] : -1; |
| 32 | 32 | ||
| 33 | nf_dup_ipv4(pkt->net, pkt->skb, pkt->hook, &gw, oif); | 33 | nf_dup_ipv4(pkt->net, pkt->skb, pkt->hook, &gw, oif); |
| 34 | } | 34 | } |
| @@ -59,7 +59,9 @@ static int nft_dup_ipv4_dump(struct sk_buff *skb, const struct nft_expr *expr) | |||
| 59 | { | 59 | { |
| 60 | struct nft_dup_ipv4 *priv = nft_expr_priv(expr); | 60 | struct nft_dup_ipv4 *priv = nft_expr_priv(expr); |
| 61 | 61 | ||
| 62 | if (nft_dump_register(skb, NFTA_DUP_SREG_ADDR, priv->sreg_addr) || | 62 | if (nft_dump_register(skb, NFTA_DUP_SREG_ADDR, priv->sreg_addr)) |
| 63 | goto nla_put_failure; | ||
| 64 | if (priv->sreg_dev && | ||
| 63 | nft_dump_register(skb, NFTA_DUP_SREG_DEV, priv->sreg_dev)) | 65 | nft_dump_register(skb, NFTA_DUP_SREG_DEV, priv->sreg_dev)) |
| 64 | goto nla_put_failure; | 66 | goto nla_put_failure; |
| 65 | 67 | ||
diff --git a/net/ipv6/netfilter/nft_dup_ipv6.c b/net/ipv6/netfilter/nft_dup_ipv6.c index 8bfd470cbe72..831f86e1ec08 100644 --- a/net/ipv6/netfilter/nft_dup_ipv6.c +++ b/net/ipv6/netfilter/nft_dup_ipv6.c | |||
| @@ -26,7 +26,7 @@ static void nft_dup_ipv6_eval(const struct nft_expr *expr, | |||
| 26 | { | 26 | { |
| 27 | struct nft_dup_ipv6 *priv = nft_expr_priv(expr); | 27 | struct nft_dup_ipv6 *priv = nft_expr_priv(expr); |
| 28 | struct in6_addr *gw = (struct in6_addr *)®s->data[priv->sreg_addr]; | 28 | struct in6_addr *gw = (struct in6_addr *)®s->data[priv->sreg_addr]; |
| 29 | int oif = regs->data[priv->sreg_dev]; | 29 | int oif = priv->sreg_dev ? regs->data[priv->sreg_dev] : -1; |
| 30 | 30 | ||
| 31 | nf_dup_ipv6(pkt->net, pkt->skb, pkt->hook, gw, oif); | 31 | nf_dup_ipv6(pkt->net, pkt->skb, pkt->hook, gw, oif); |
| 32 | } | 32 | } |
| @@ -57,7 +57,9 @@ static int nft_dup_ipv6_dump(struct sk_buff *skb, const struct nft_expr *expr) | |||
| 57 | { | 57 | { |
| 58 | struct nft_dup_ipv6 *priv = nft_expr_priv(expr); | 58 | struct nft_dup_ipv6 *priv = nft_expr_priv(expr); |
| 59 | 59 | ||
| 60 | if (nft_dump_register(skb, NFTA_DUP_SREG_ADDR, priv->sreg_addr) || | 60 | if (nft_dump_register(skb, NFTA_DUP_SREG_ADDR, priv->sreg_addr)) |
| 61 | goto nla_put_failure; | ||
| 62 | if (priv->sreg_dev && | ||
| 61 | nft_dump_register(skb, NFTA_DUP_SREG_DEV, priv->sreg_dev)) | 63 | nft_dump_register(skb, NFTA_DUP_SREG_DEV, priv->sreg_dev)) |
| 62 | goto nla_put_failure; | 64 | goto nla_put_failure; |
| 63 | 65 | ||