aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-07-08 01:38:30 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-07-11 01:18:17 -0400
commitd3c3f4243e135b3d8c41d98be0cb2f54a4141abf (patch)
tree082b4108551892eecffa8ce9dab555827540183d
parent3569b621ceba0a9cfb80e24c0bd19fd632ccee25 (diff)
[NETFILTER]: ipt_CLUSTERIP: add compat code
Adjust structure size and don't expect pointers passed in from userspace to be valid. Also replace an enum in an ABI structure by a fixed size type. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/netfilter_ipv4/ipt_CLUSTERIP.h4
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c39
2 files changed, 22 insertions, 21 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
index d9bceedfb3dc..daf50be22c9d 100644
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
@@ -18,13 +18,13 @@ struct clusterip_config;
18struct ipt_clusterip_tgt_info { 18struct ipt_clusterip_tgt_info {
19 19
20 u_int32_t flags; 20 u_int32_t flags;
21 21
22 /* only relevant for new ones */ 22 /* only relevant for new ones */
23 u_int8_t clustermac[6]; 23 u_int8_t clustermac[6];
24 u_int16_t num_total_nodes; 24 u_int16_t num_total_nodes;
25 u_int16_t num_local_nodes; 25 u_int16_t num_local_nodes;
26 u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; 26 u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
27 enum clusterip_hashmode hash_mode; 27 u_int32_t hash_mode;
28 u_int32_t hash_initval; 28 u_int32_t hash_initval;
29 29
30 struct clusterip_config *config; 30 struct clusterip_config *config;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 1cef3b09c326..1981acedbfe8 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -397,23 +397,7 @@ checkentry(const char *tablename,
397 /* FIXME: further sanity checks */ 397 /* FIXME: further sanity checks */
398 398
399 config = clusterip_config_find_get(e->ip.dst.s_addr, 1); 399 config = clusterip_config_find_get(e->ip.dst.s_addr, 1);
400 if (config) { 400 if (!config) {
401 if (cipinfo->config != NULL) {
402 /* Case A: This is an entry that gets reloaded, since
403 * it still has a cipinfo->config pointer. Simply
404 * increase the entry refcount and return */
405 if (cipinfo->config != config) {
406 printk(KERN_ERR "CLUSTERIP: Reloaded entry "
407 "has invalid config pointer!\n");
408 return false;
409 }
410 } else {
411 /* Case B: This is a new rule referring to an existing
412 * clusterip config. */
413 cipinfo->config = config;
414 }
415 } else {
416 /* Case C: This is a completely new clusterip config */
417 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { 401 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
418 printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr)); 402 printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
419 return false; 403 return false;
@@ -440,8 +424,8 @@ checkentry(const char *tablename,
440 } 424 }
441 dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); 425 dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
442 } 426 }
443 cipinfo->config = config;
444 } 427 }
428 cipinfo->config = config;
445 429
446 if (nf_ct_l3proto_try_module_get(target->family) < 0) { 430 if (nf_ct_l3proto_try_module_get(target->family) < 0) {
447 printk(KERN_WARNING "can't load conntrack support for " 431 printk(KERN_WARNING "can't load conntrack support for "
@@ -466,13 +450,30 @@ static void destroy(const struct xt_target *target, void *targinfo)
466 nf_ct_l3proto_module_put(target->family); 450 nf_ct_l3proto_module_put(target->family);
467} 451}
468 452
453#ifdef CONFIG_COMPAT
454struct compat_ipt_clusterip_tgt_info
455{
456 u_int32_t flags;
457 u_int8_t clustermac[6];
458 u_int16_t num_total_nodes;
459 u_int16_t num_local_nodes;
460 u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
461 u_int32_t hash_mode;
462 u_int32_t hash_initval;
463 compat_uptr_t config;
464};
465#endif /* CONFIG_COMPAT */
466
469static struct xt_target clusterip_tgt __read_mostly = { 467static struct xt_target clusterip_tgt __read_mostly = {
470 .name = "CLUSTERIP", 468 .name = "CLUSTERIP",
471 .family = AF_INET, 469 .family = AF_INET,
472 .target = target, 470 .target = target,
473 .targetsize = sizeof(struct ipt_clusterip_tgt_info),
474 .checkentry = checkentry, 471 .checkentry = checkentry,
475 .destroy = destroy, 472 .destroy = destroy,
473 .targetsize = sizeof(struct ipt_clusterip_tgt_info),
474#ifdef CONFIG_COMPAT
475 .compatsize = sizeof(struct compat_ipt_clusterip_tgt_info),
476#endif /* CONFIG_COMPAT */
476 .me = THIS_MODULE 477 .me = THIS_MODULE
477}; 478};
478 479