Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e8a835a authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik Committed by Patrick McHardy
Browse files

netfilter: ipset: bitmap:ip,mac type requires "src" for MAC 



Enforce that the second "src/dst" parameter of the set match and SET target
must be "src", because we have access to the source MAC only in the packet.
The previous behaviour, that the type required the second parameter
but actually ignored the value was counter-intuitive and confusing.

Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent b32e3dc7

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -343,6 +343,10 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb, 
	ipset_adtfn adtfn = set->variant->adt[adt];

	ipset_adtfn adtfn = set->variant->adt[adt];

	struct ipmac data;

	struct ipmac data;





	/* MAC can be src only */

	if (!(flags & IPSET_DIM_TWO_SRC))

		return 0;



	data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC));

	data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC));

	if (data.id < map->first_ip || data.id > map->last_ip)

	if (data.id < map->first_ip || data.id > map->last_ip)

		return -IPSET_ERR_BITMAP_RANGE;

		return -IPSET_ERR_BITMAP_RANGE;