Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7cdc4412 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

Merge branch 'master' of git://blackhole.kfki.hu/nf 



Jozsef Kadlecsik says:

====================
ipset patches for the nf tree

- When the support of destination MAC addresses for hash:mac sets was
  introduced, it was forgotten to add the same functionality to hash:ip,mac
  types of sets. The patch from Stefano Brivio adds the missing part.
- When the support of destination MAC addresses for hash:mac sets was
  introduced, a copy&paste error was made in the code of the hash:ip,mac
  and bitmap:ip,mac types: the MAC address in these set types is in
  the second position and not in the first one. Stefano Brivio's patch
  fixes the issue.
- There was still a not properly handled concurrency handling issue
  between renaming and listing sets at the same time, reported by
  Shijie Luo.
====================

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parents 3b48300d 6c1f7e2c

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+1 −1
Original line number Diff line number Diff line
@@ -226,7 +226,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb, 


	e.id = ip_to_id(map, ip);



	if (opt->flags & IPSET_DIM_ONE_SRC)

	if (opt->flags & IPSET_DIM_TWO_SRC)

		ether_addr_copy(e.ether, eth_hdr(skb)->h_source);

	else

		ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);

net/netfilter/ipset/ip_set_core.c

+1 −1
Original line number Diff line number Diff line
@@ -1161,7 +1161,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl, 
		return -ENOENT;



	write_lock_bh(&ip_set_ref_lock);

	if (set->ref != 0) {

	if (set->ref != 0 || set->ref_netlink != 0) {

		ret = -IPSET_ERR_REFERENCED;

		goto out;

	}

net/netfilter/ipset/ip_set_hash_ipmac.c

+1 −5
Original line number Diff line number Diff line
@@ -89,15 +89,11 @@ hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb, 
	struct hash_ipmac4_elem e = { .ip = 0, { .foo[0] = 0, .foo[1] = 0 } };

	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);



	 /* MAC can be src only */

	if (!(opt->flags & IPSET_DIM_TWO_SRC))

		return 0;



	if (skb_mac_header(skb) < skb->head ||

	    (skb_mac_header(skb) + ETH_HLEN) > skb->data)

		return -EINVAL;



	if (opt->flags & IPSET_DIM_ONE_SRC)

	if (opt->flags & IPSET_DIM_TWO_SRC)

		ether_addr_copy(e.ether, eth_hdr(skb)->h_source);

	else

		ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);