aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2012-06-17 05:56:46 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2012-06-25 06:03:21 -0400
commitef5b6e127761667f78d99b7510a3876077fe9abe (patch)
treef47a8122ac8fbb8bf7d76b2a4720a811e25dd3e2 /net
parent8b8e4bc0391f8abbcdb9e1c54415bcc0f4f5a2a0 (diff)
netfilter: ipset: fix interface comparision in hash-netiface sets
ifname_compare() assumes that skb->dev is zero-padded, e.g 'eth1\0\0\0\0\0...'. This isn't always the case. e1000 driver does strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1); in e1000_probe(), so once device is registered dev->name memory contains 'eth1\0:0:3\0\0\0' (or something like that), which makes eth1 compare fail. Use plain strcmp() instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/ipset/ip_set_hash_netiface.c32
1 files changed, 4 insertions, 28 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index ee863943c826..d5d3607ae7bc 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -38,30 +38,6 @@ struct iface_node {
38 38
39#define iface_data(n) (rb_entry(n, struct iface_node, node)->iface) 39#define iface_data(n) (rb_entry(n, struct iface_node, node)->iface)
40 40
41static inline long
42ifname_compare(const char *_a, const char *_b)
43{
44 const long *a = (const long *)_a;
45 const long *b = (const long *)_b;
46
47 BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long));
48 if (a[0] != b[0])
49 return a[0] - b[0];
50 if (IFNAMSIZ > sizeof(long)) {
51 if (a[1] != b[1])
52 return a[1] - b[1];
53 }
54 if (IFNAMSIZ > 2 * sizeof(long)) {
55 if (a[2] != b[2])
56 return a[2] - b[2];
57 }
58 if (IFNAMSIZ > 3 * sizeof(long)) {
59 if (a[3] != b[3])
60 return a[3] - b[3];
61 }
62 return 0;
63}
64
65static void 41static void
66rbtree_destroy(struct rb_root *root) 42rbtree_destroy(struct rb_root *root)
67{ 43{
@@ -99,7 +75,7 @@ iface_test(struct rb_root *root, const char **iface)
99 75
100 while (n) { 76 while (n) {
101 const char *d = iface_data(n); 77 const char *d = iface_data(n);
102 long res = ifname_compare(*iface, d); 78 int res = strcmp(*iface, d);
103 79
104 if (res < 0) 80 if (res < 0)
105 n = n->rb_left; 81 n = n->rb_left;
@@ -121,7 +97,7 @@ iface_add(struct rb_root *root, const char **iface)
121 97
122 while (*n) { 98 while (*n) {
123 char *ifname = iface_data(*n); 99 char *ifname = iface_data(*n);
124 long res = ifname_compare(*iface, ifname); 100 int res = strcmp(*iface, ifname);
125 101
126 p = *n; 102 p = *n;
127 if (res < 0) 103 if (res < 0)
@@ -366,7 +342,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
366 struct hash_netiface4_elem data = { .cidr = HOST_MASK }; 342 struct hash_netiface4_elem data = { .cidr = HOST_MASK };
367 u32 ip = 0, ip_to, last; 343 u32 ip = 0, ip_to, last;
368 u32 timeout = h->timeout; 344 u32 timeout = h->timeout;
369 char iface[IFNAMSIZ] = {}; 345 char iface[IFNAMSIZ];
370 int ret; 346 int ret;
371 347
372 if (unlikely(!tb[IPSET_ATTR_IP] || 348 if (unlikely(!tb[IPSET_ATTR_IP] ||
@@ -663,7 +639,7 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
663 ipset_adtfn adtfn = set->variant->adt[adt]; 639 ipset_adtfn adtfn = set->variant->adt[adt];
664 struct hash_netiface6_elem data = { .cidr = HOST_MASK }; 640 struct hash_netiface6_elem data = { .cidr = HOST_MASK };
665 u32 timeout = h->timeout; 641 u32 timeout = h->timeout;
666 char iface[IFNAMSIZ] = {}; 642 char iface[IFNAMSIZ];
667 int ret; 643 int ret;
668 644
669 if (unlikely(!tb[IPSET_ATTR_IP] || 645 if (unlikely(!tb[IPSET_ATTR_IP] ||
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-07 01:07:33 -0500