diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-04-21 04:57:21 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-05-10 03:48:59 -0400 |
| commit | 5a6351eecf8c87afed9c883bb6341d09406d74ba (patch) | |
| tree | 2e7262b7002c8f09abaedb9e4e91ec51fdb01299 /net | |
| parent | 315c34dae0069d0c67abd714bb846cd466289c7f (diff) | |
netfilter: fix ebtables compat support
commit 255d0dc34068a976 (netfilter: x_table: speedup compat operations)
made ebtables not working anymore.
1) xt_compat_calc_jump() is not an exact match lookup
2) compat_table_info() has a typo in xt_compat_init_offsets() call
3) compat_do_replace() misses a xt_compat_init_offsets() call
Reported-by: dann frazier <dannf@dannf.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 3 | ||||
| -rw-r--r-- | net/netfilter/x_tables.c | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 893669caa8de..9707079bc40a 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -1766,7 +1766,7 @@ static int compat_table_info(const struct ebt_table_info *info, | |||
| 1766 | 1766 | ||
| 1767 | newinfo->entries_size = size; | 1767 | newinfo->entries_size = size; |
| 1768 | 1768 | ||
| 1769 | xt_compat_init_offsets(AF_INET, info->nentries); | 1769 | xt_compat_init_offsets(NFPROTO_BRIDGE, info->nentries); |
| 1770 | return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, | 1770 | return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, |
| 1771 | entries, newinfo); | 1771 | entries, newinfo); |
| 1772 | } | 1772 | } |
| @@ -2240,6 +2240,7 @@ static int compat_do_replace(struct net *net, void __user *user, | |||
| 2240 | 2240 | ||
| 2241 | xt_compat_lock(NFPROTO_BRIDGE); | 2241 | xt_compat_lock(NFPROTO_BRIDGE); |
| 2242 | 2242 | ||
| 2243 | xt_compat_init_offsets(NFPROTO_BRIDGE, tmp.nentries); | ||
| 2243 | ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); | 2244 | ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); |
| 2244 | if (ret < 0) | 2245 | if (ret < 0) |
| 2245 | goto out_unlock; | 2246 | goto out_unlock; |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index a9adf4c6b299..8a025a585d2f 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -455,6 +455,7 @@ void xt_compat_flush_offsets(u_int8_t af) | |||
| 455 | vfree(xt[af].compat_tab); | 455 | vfree(xt[af].compat_tab); |
| 456 | xt[af].compat_tab = NULL; | 456 | xt[af].compat_tab = NULL; |
| 457 | xt[af].number = 0; | 457 | xt[af].number = 0; |
| 458 | xt[af].cur = 0; | ||
| 458 | } | 459 | } |
| 459 | } | 460 | } |
| 460 | EXPORT_SYMBOL_GPL(xt_compat_flush_offsets); | 461 | EXPORT_SYMBOL_GPL(xt_compat_flush_offsets); |
| @@ -473,8 +474,7 @@ int xt_compat_calc_jump(u_int8_t af, unsigned int offset) | |||
| 473 | else | 474 | else |
| 474 | return mid ? tmp[mid - 1].delta : 0; | 475 | return mid ? tmp[mid - 1].delta : 0; |
| 475 | } | 476 | } |
| 476 | WARN_ON_ONCE(1); | 477 | return left ? tmp[left - 1].delta : 0; |
| 477 | return 0; | ||
| 478 | } | 478 | } |
| 479 | EXPORT_SYMBOL_GPL(xt_compat_calc_jump); | 479 | EXPORT_SYMBOL_GPL(xt_compat_calc_jump); |
| 480 | 480 | ||