Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fd7fc253 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
If time allows, please consider pulling the following patchset contains two
late Netfilter fixes, they are:

* Skip broadcast/multicast locally generated traffic in the rpfilter,
  (closes netfilter bugzilla #814), from Florian Westphal.

* Fix missing elements in the listing of ipset bitmap ip,mac set
  type with timeout support enabled, from Jozsef Kadlecsik.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 6a4cd3fd f83a7ea2

net/ipv4/netfilter/ipt_rpfilter.c

+7 −1
Original line number Diff line number Diff line
@@ -66,6 +66,12 @@ static bool rpfilter_lookup_reverse(struct flowi4 *fl4, 
	return dev_match;

}



static bool rpfilter_is_local(const struct sk_buff *skb)

{

	const struct rtable *rt = skb_rtable(skb);

	return rt && (rt->rt_flags & RTCF_LOCAL);

}



static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)

{

	const struct xt_rpfilter_info *info;
@@ -76,7 +82,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	info = par->matchinfo;

	invert = info->flags & XT_RPFILTER_INVERT;



	if (par->in->flags & IFF_LOOPBACK)

	if (rpfilter_is_local(skb))

		return true ^ invert;



	iph = ip_hdr(skb);

net/ipv6/netfilter/ip6t_rpfilter.c

+7 −1
Original line number Diff line number Diff line
@@ -71,6 +71,12 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb, 
	return ret;

}



static bool rpfilter_is_local(const struct sk_buff *skb)

{

	const struct rt6_info *rt = (const void *) skb_dst(skb);

	return rt && (rt->rt6i_flags & RTF_LOCAL);

}



static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)

{

	const struct xt_rpfilter_info *info = par->matchinfo;
@@ -78,7 +84,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	struct ipv6hdr *iph;

	bool invert = info->flags & XT_RPFILTER_INVERT;



	if (par->in->flags & IFF_LOOPBACK)

	if (rpfilter_is_local(skb))

		return true ^ invert;



	iph = ipv6_hdr(skb);

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+5 −1
Original line number Diff line number Diff line
@@ -339,8 +339,12 @@ bitmap_ipmac_tlist(const struct ip_set *set, 
nla_put_failure:

	nla_nest_cancel(skb, nested);

	ipset_nest_end(skb, atd);

	if (unlikely(id == first)) {

		cb->args[2] = 0;

		return -EMSGSIZE;

	}

	return 0;

}



static int

bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,