diff options
| author | Patrick McHardy <kaber@trash.net> | 2007-12-18 00:47:14 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:58:30 -0500 |
| commit | 30c08c41be75145b8850ea14b2d5ee4ee4b705d8 (patch) | |
| tree | c7d9e721823d74a9d0c166274ad0564a3de9f541 /net/ipv4 | |
| parent | 89c002d66aafab93814b38d8dae43fa50aec390a (diff) | |
[NETFILTER]: ip_tables: account for struct ipt_entry/struct compat_ipt_entry size diff
Account for size differences when dumping entries or calculating the
entry positions. This doesn't actually make any difference for IPv4
since the structures have the same size, but its logically correct
and needed for IPv6.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 4586af397ef4..cc896fe2fd92 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1098,7 +1098,7 @@ static int compat_calc_entry(struct ipt_entry *e, | |||
| 1098 | unsigned int entry_offset; | 1098 | unsigned int entry_offset; |
| 1099 | int off, i, ret; | 1099 | int off, i, ret; |
| 1100 | 1100 | ||
| 1101 | off = 0; | 1101 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
| 1102 | entry_offset = (void *)e - base; | 1102 | entry_offset = (void *)e - base; |
| 1103 | IPT_MATCH_ITERATE(e, compat_calc_match, &off); | 1103 | IPT_MATCH_ITERATE(e, compat_calc_match, &off); |
| 1104 | t = ipt_get_target(e); | 1104 | t = ipt_get_target(e); |
| @@ -1501,6 +1501,8 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, | |||
| 1501 | goto out; | 1501 | goto out; |
| 1502 | 1502 | ||
| 1503 | *dstptr += sizeof(struct compat_ipt_entry); | 1503 | *dstptr += sizeof(struct compat_ipt_entry); |
| 1504 | *size -= sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | ||
| 1505 | |||
| 1504 | ret = IPT_MATCH_ITERATE(e, xt_compat_match_to_user, dstptr, size); | 1506 | ret = IPT_MATCH_ITERATE(e, xt_compat_match_to_user, dstptr, size); |
| 1505 | target_offset = e->target_offset - (origsize - *size); | 1507 | target_offset = e->target_offset - (origsize - *size); |
| 1506 | if (ret) | 1508 | if (ret) |
| @@ -1605,7 +1607,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, | |||
| 1605 | if (ret) | 1607 | if (ret) |
| 1606 | return ret; | 1608 | return ret; |
| 1607 | 1609 | ||
| 1608 | off = 0; | 1610 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
| 1609 | entry_offset = (void *)e - (void *)base; | 1611 | entry_offset = (void *)e - (void *)base; |
| 1610 | j = 0; | 1612 | j = 0; |
| 1611 | ret = IPT_MATCH_ITERATE(e, compat_find_calc_match, name, &e->ip, | 1613 | ret = IPT_MATCH_ITERATE(e, compat_find_calc_match, name, &e->ip, |
| @@ -1671,6 +1673,8 @@ compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, | |||
| 1671 | memcpy(de, e, sizeof(struct ipt_entry)); | 1673 | memcpy(de, e, sizeof(struct ipt_entry)); |
| 1672 | 1674 | ||
| 1673 | *dstptr += sizeof(struct compat_ipt_entry); | 1675 | *dstptr += sizeof(struct compat_ipt_entry); |
| 1676 | *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | ||
| 1677 | |||
| 1674 | ret = IPT_MATCH_ITERATE(e, xt_compat_match_from_user, dstptr, size); | 1678 | ret = IPT_MATCH_ITERATE(e, xt_compat_match_from_user, dstptr, size); |
| 1675 | if (ret) | 1679 | if (ret) |
| 1676 | return ret; | 1680 | return ret; |