diff options
author | Phil Oester <kernel@linuxace.com> | 2006-07-25 01:54:14 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-07-25 01:54:14 -0400 |
commit | 28658c8967da9083be83af0a37be3b190bae79da (patch) | |
tree | 179a24d1b0462284a090a6f38872ea3b4e727d36 | |
parent | 8cf8fb5687bb37737ea419a0b2143aab49295779 (diff) |
[NETFILTER]: xt_pkttype: fix mismatches on locally generated packets
Locally generated broadcast and multicast packets have pkttype set to
PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST. This
causes the pkttype match to fail to match packets of either type.
The below patch remedies this by using the daddr as a hint as to
broadcast|multicast. While not pretty, this seems like the only way
to solve the problem short of just noting this as a limitation of the
match.
This resolves netfilter bugzilla #484
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/xt_pkttype.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 3ac703b5cb8f..d2f5320a80bf 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
@@ -9,6 +9,8 @@ | |||
9 | #include <linux/skbuff.h> | 9 | #include <linux/skbuff.h> |
10 | #include <linux/if_ether.h> | 10 | #include <linux/if_ether.h> |
11 | #include <linux/if_packet.h> | 11 | #include <linux/if_packet.h> |
12 | #include <linux/in.h> | ||
13 | #include <linux/ip.h> | ||
12 | 14 | ||
13 | #include <linux/netfilter/xt_pkttype.h> | 15 | #include <linux/netfilter/xt_pkttype.h> |
14 | #include <linux/netfilter/x_tables.h> | 16 | #include <linux/netfilter/x_tables.h> |
@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb, | |||
28 | unsigned int protoff, | 30 | unsigned int protoff, |
29 | int *hotdrop) | 31 | int *hotdrop) |
30 | { | 32 | { |
33 | u_int8_t type; | ||
31 | const struct xt_pkttype_info *info = matchinfo; | 34 | const struct xt_pkttype_info *info = matchinfo; |
32 | 35 | ||
33 | return (skb->pkt_type == info->pkttype) ^ info->invert; | 36 | if (skb->pkt_type == PACKET_LOOPBACK) |
37 | type = (MULTICAST(skb->nh.iph->daddr) | ||
38 | ? PACKET_MULTICAST | ||
39 | : PACKET_BROADCAST); | ||
40 | else | ||
41 | type = skb->pkt_type; | ||
42 | |||
43 | return (type == info->pkttype) ^ info->invert; | ||
34 | } | 44 | } |
35 | 45 | ||
36 | static struct xt_match pkttype_match = { | 46 | static struct xt_match pkttype_match = { |