diff options
author | Patrick McHardy <kaber@trash.net> | 2007-07-08 01:38:30 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-07-11 01:18:17 -0400 |
commit | d3c3f4243e135b3d8c41d98be0cb2f54a4141abf (patch) | |
tree | 082b4108551892eecffa8ce9dab555827540183d | |
parent | 3569b621ceba0a9cfb80e24c0bd19fd632ccee25 (diff) |
[NETFILTER]: ipt_CLUSTERIP: add compat code
Adjust structure size and don't expect pointers passed in from
userspace to be valid. Also replace an enum in an ABI structure
by a fixed size type.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 39 |
2 files changed, 22 insertions, 21 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h index d9bceedfb3dc..daf50be22c9d 100644 --- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h +++ b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | |||
@@ -18,13 +18,13 @@ struct clusterip_config; | |||
18 | struct ipt_clusterip_tgt_info { | 18 | struct ipt_clusterip_tgt_info { |
19 | 19 | ||
20 | u_int32_t flags; | 20 | u_int32_t flags; |
21 | 21 | ||
22 | /* only relevant for new ones */ | 22 | /* only relevant for new ones */ |
23 | u_int8_t clustermac[6]; | 23 | u_int8_t clustermac[6]; |
24 | u_int16_t num_total_nodes; | 24 | u_int16_t num_total_nodes; |
25 | u_int16_t num_local_nodes; | 25 | u_int16_t num_local_nodes; |
26 | u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; | 26 | u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; |
27 | enum clusterip_hashmode hash_mode; | 27 | u_int32_t hash_mode; |
28 | u_int32_t hash_initval; | 28 | u_int32_t hash_initval; |
29 | 29 | ||
30 | struct clusterip_config *config; | 30 | struct clusterip_config *config; |
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 1cef3b09c326..1981acedbfe8 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -397,23 +397,7 @@ checkentry(const char *tablename, | |||
397 | /* FIXME: further sanity checks */ | 397 | /* FIXME: further sanity checks */ |
398 | 398 | ||
399 | config = clusterip_config_find_get(e->ip.dst.s_addr, 1); | 399 | config = clusterip_config_find_get(e->ip.dst.s_addr, 1); |
400 | if (config) { | 400 | if (!config) { |
401 | if (cipinfo->config != NULL) { | ||
402 | /* Case A: This is an entry that gets reloaded, since | ||
403 | * it still has a cipinfo->config pointer. Simply | ||
404 | * increase the entry refcount and return */ | ||
405 | if (cipinfo->config != config) { | ||
406 | printk(KERN_ERR "CLUSTERIP: Reloaded entry " | ||
407 | "has invalid config pointer!\n"); | ||
408 | return false; | ||
409 | } | ||
410 | } else { | ||
411 | /* Case B: This is a new rule referring to an existing | ||
412 | * clusterip config. */ | ||
413 | cipinfo->config = config; | ||
414 | } | ||
415 | } else { | ||
416 | /* Case C: This is a completely new clusterip config */ | ||
417 | if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { | 401 | if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { |
418 | printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr)); | 402 | printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr)); |
419 | return false; | 403 | return false; |
@@ -440,8 +424,8 @@ checkentry(const char *tablename, | |||
440 | } | 424 | } |
441 | dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); | 425 | dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); |
442 | } | 426 | } |
443 | cipinfo->config = config; | ||
444 | } | 427 | } |
428 | cipinfo->config = config; | ||
445 | 429 | ||
446 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { | 430 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { |
447 | printk(KERN_WARNING "can't load conntrack support for " | 431 | printk(KERN_WARNING "can't load conntrack support for " |
@@ -466,13 +450,30 @@ static void destroy(const struct xt_target *target, void *targinfo) | |||
466 | nf_ct_l3proto_module_put(target->family); | 450 | nf_ct_l3proto_module_put(target->family); |
467 | } | 451 | } |
468 | 452 | ||
453 | #ifdef CONFIG_COMPAT | ||
454 | struct compat_ipt_clusterip_tgt_info | ||
455 | { | ||
456 | u_int32_t flags; | ||
457 | u_int8_t clustermac[6]; | ||
458 | u_int16_t num_total_nodes; | ||
459 | u_int16_t num_local_nodes; | ||
460 | u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; | ||
461 | u_int32_t hash_mode; | ||
462 | u_int32_t hash_initval; | ||
463 | compat_uptr_t config; | ||
464 | }; | ||
465 | #endif /* CONFIG_COMPAT */ | ||
466 | |||
469 | static struct xt_target clusterip_tgt __read_mostly = { | 467 | static struct xt_target clusterip_tgt __read_mostly = { |
470 | .name = "CLUSTERIP", | 468 | .name = "CLUSTERIP", |
471 | .family = AF_INET, | 469 | .family = AF_INET, |
472 | .target = target, | 470 | .target = target, |
473 | .targetsize = sizeof(struct ipt_clusterip_tgt_info), | ||
474 | .checkentry = checkentry, | 471 | .checkentry = checkentry, |
475 | .destroy = destroy, | 472 | .destroy = destroy, |
473 | .targetsize = sizeof(struct ipt_clusterip_tgt_info), | ||
474 | #ifdef CONFIG_COMPAT | ||
475 | .compatsize = sizeof(struct compat_ipt_clusterip_tgt_info), | ||
476 | #endif /* CONFIG_COMPAT */ | ||
476 | .me = THIS_MODULE | 477 | .me = THIS_MODULE |
477 | }; | 478 | }; |
478 | 479 | ||