aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2014-02-06 04:17:41 -0500
committerPablo Neira Ayuso <pablo@netfilter.org>2014-02-06 05:41:38 -0500
commitb8ecbee67c732ef9fc47fcf50aed6b7bb6231d98 (patch)
treedac36b02c3026506d5fe2199ebbd0cc6e10ee61b
parent05513e9e33dbded8124567466a444d32173eecc6 (diff)
netfilter: nf_tables: fix log/queue expressions for NFPROTO_INET
The log and queue expressions both store the family during ->init() and use it to deliver packets. This is wrong when used in NFPROTO_INET since they should both deliver to the actual AF of the packet, not the dummy NFPROTO_INET. Use the family from the hook ops to fix this. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat
-rw-r--r--net/netfilter/nft_log.c5
-rw-r--r--net/netfilter/nft_queue.c4
2 files changed, 2 insertions, 7 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index 5af790123ad8..26c5154e05f3 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -23,7 +23,6 @@ static const char *nft_log_null_prefix = "";
23struct nft_log { 23struct nft_log {
24 struct nf_loginfo loginfo; 24 struct nf_loginfo loginfo;
25 char *prefix; 25 char *prefix;
26 int family;
27}; 26};
28 27
29static void nft_log_eval(const struct nft_expr *expr, 28static void nft_log_eval(const struct nft_expr *expr,
@@ -33,7 +32,7 @@ static void nft_log_eval(const struct nft_expr *expr,
33 const struct nft_log *priv = nft_expr_priv(expr); 32 const struct nft_log *priv = nft_expr_priv(expr);
34 struct net *net = dev_net(pkt->in ? pkt->in : pkt->out); 33 struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);
35 34
36 nf_log_packet(net, priv->family, pkt->ops->hooknum, pkt->skb, pkt->in, 35 nf_log_packet(net, pkt->ops->pf, pkt->ops->hooknum, pkt->skb, pkt->in,
37 pkt->out, &priv->loginfo, "%s", priv->prefix); 36 pkt->out, &priv->loginfo, "%s", priv->prefix);
38} 37}
39 38
@@ -52,8 +51,6 @@ static int nft_log_init(const struct nft_ctx *ctx,
52 struct nf_loginfo *li = &priv->loginfo; 51 struct nf_loginfo *li = &priv->loginfo;
53 const struct nlattr *nla; 52 const struct nlattr *nla;
54 53
55 priv->family = ctx->afi->family;
56
57 nla = tb[NFTA_LOG_PREFIX]; 54 nla = tb[NFTA_LOG_PREFIX];
58 if (nla != NULL) { 55 if (nla != NULL) {
59 priv->prefix = kmalloc(nla_len(nla) + 1, GFP_KERNEL); 56 priv->prefix = kmalloc(nla_len(nla) + 1, GFP_KERNEL);
diff --git a/net/netfilter/nft_queue.c b/net/netfilter/nft_queue.c
index cbea473d69e9..e8ae2f6bf232 100644
--- a/net/netfilter/nft_queue.c
+++ b/net/netfilter/nft_queue.c
@@ -25,7 +25,6 @@ struct nft_queue {
25 u16 queuenum; 25 u16 queuenum;
26 u16 queues_total; 26 u16 queues_total;
27 u16 flags; 27 u16 flags;
28 u8 family;
29}; 28};
30 29
31static void nft_queue_eval(const struct nft_expr *expr, 30static void nft_queue_eval(const struct nft_expr *expr,
@@ -43,7 +42,7 @@ static void nft_queue_eval(const struct nft_expr *expr,
43 queue = priv->queuenum + cpu % priv->queues_total; 42 queue = priv->queuenum + cpu % priv->queues_total;
44 } else { 43 } else {
45 queue = nfqueue_hash(pkt->skb, queue, 44 queue = nfqueue_hash(pkt->skb, queue,
46 priv->queues_total, priv->family, 45 priv->queues_total, pkt->ops->pf,
47 jhash_initval); 46 jhash_initval);
48 } 47 }
49 } 48 }
@@ -71,7 +70,6 @@ static int nft_queue_init(const struct nft_ctx *ctx,
71 return -EINVAL; 70 return -EINVAL;
72 71
73 init_hashrandom(&jhash_initval); 72 init_hashrandom(&jhash_initval);
74 priv->family = ctx->afi->family;
75 priv->queuenum = ntohs(nla_get_be16(tb[NFTA_QUEUE_NUM])); 73 priv->queuenum = ntohs(nla_get_be16(tb[NFTA_QUEUE_NUM]));
76 74
77 if (tb[NFTA_QUEUE_TOTAL] != NULL) 75 if (tb[NFTA_QUEUE_TOTAL] != NULL)
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-14 17:58:38 -0400