Commit 21705c77 authored by David S. Miller's avatar David S. Miller

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pable Neira Ayuso says:

====================

The following patchset contains Netfilter fixes for net:

1) Increase timeout to 120 seconds for netfilter selftests to fix
   nftables transaction tests, from Florian Westphal.

2) Fix overflow in bitmap_ip_create() due to integer arithmetics
   in a 64-bit bitmask, from Gavrilov Ilia.

3) Fix incorrect arithmetics in nft_payload with double-tagged
   vlan matching.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents c296c77e 696e1a48
...@@ -308,8 +308,8 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], ...@@ -308,8 +308,8 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
return -IPSET_ERR_BITMAP_RANGE; return -IPSET_ERR_BITMAP_RANGE;
pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask); pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask);
hosts = 2 << (32 - netmask - 1); hosts = 2U << (32 - netmask - 1);
elements = 2 << (netmask - mask_bits - 1); elements = 2UL << (netmask - mask_bits - 1);
} }
if (elements > IPSET_BITMAP_MAX_RANGE + 1) if (elements > IPSET_BITMAP_MAX_RANGE + 1)
return -IPSET_ERR_BITMAP_RANGE_SIZE; return -IPSET_ERR_BITMAP_RANGE_SIZE;
......
...@@ -63,7 +63,7 @@ nft_payload_copy_vlan(u32 *d, const struct sk_buff *skb, u8 offset, u8 len) ...@@ -63,7 +63,7 @@ nft_payload_copy_vlan(u32 *d, const struct sk_buff *skb, u8 offset, u8 len)
return false; return false;
if (offset + len > VLAN_ETH_HLEN + vlan_hlen) if (offset + len > VLAN_ETH_HLEN + vlan_hlen)
ethlen -= offset + len - VLAN_ETH_HLEN + vlan_hlen; ethlen -= offset + len - VLAN_ETH_HLEN - vlan_hlen;
memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen); memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen);
......
...@@ -10,12 +10,20 @@ ...@@ -10,12 +10,20 @@
ksft_skip=4 ksft_skip=4
testns=testns-$(mktemp -u "XXXXXXXX") testns=testns-$(mktemp -u "XXXXXXXX")
tmp=""
tables="foo bar baz quux" tables="foo bar baz quux"
global_ret=0 global_ret=0
eret=0 eret=0
lret=0 lret=0
cleanup() {
ip netns pids "$testns" | xargs kill 2>/dev/null
ip netns del "$testns"
rm -f "$tmp"
}
check_result() check_result()
{ {
local r=$1 local r=$1
...@@ -43,6 +51,7 @@ if [ $? -ne 0 ];then ...@@ -43,6 +51,7 @@ if [ $? -ne 0 ];then
exit $ksft_skip exit $ksft_skip
fi fi
trap cleanup EXIT
tmp=$(mktemp) tmp=$(mktemp)
for table in $tables; do for table in $tables; do
...@@ -139,11 +148,4 @@ done ...@@ -139,11 +148,4 @@ done
check_result $lret "add/delete with nftrace enabled" check_result $lret "add/delete with nftrace enabled"
pkill -9 ping
wait
rm -f "$tmp"
ip netns del "$testns"
exit $global_ret exit $global_ret
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment