diff options
author | Nikolay Aleksandrov <nikolay@cumulusnetworks.com> | 2019-06-27 11:10:45 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-06-29 11:15:12 -0700 |
commit | f4c1c40c353fe602e12192d522b2358947da83bb (patch) | |
tree | 077365ba226cef19f6da4c171dab3163634fd906 /net/sched | |
parent | 9e10edd7dcd37ddf55d30d1f8f85ae9306306879 (diff) | |
download | linux-f4c1c40c353fe602e12192d522b2358947da83bb.tar.bz2 |
net: sched: em_ipt: set the family based on the packet if it's unspecified
Set the family based on the packet if it's unspecified otherwise
protocol-neutral matches will have wrong information (e.g. NFPROTO_UNSPEC).
In preparation for using NFPROTO_UNSPEC xt matches.
v2: set the nfproto only when unspecified
Suggested-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched')
-rw-r--r-- | net/sched/em_ipt.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 64dbafe4e94c..fd7f5b288c31 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -182,6 +182,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, const struct em_ipt_match *im = (const void *)em->data; struct xt_action_param acpar = {}; struct net_device *indev = NULL; + u8 nfproto = im->match->family; struct nf_hook_state state; int ret; @@ -189,10 +190,14 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, case htons(ETH_P_IP): if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; + if (nfproto == NFPROTO_UNSPEC) + nfproto = NFPROTO_IPV4; break; case htons(ETH_P_IPV6): if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; + if (nfproto == NFPROTO_UNSPEC) + nfproto = NFPROTO_IPV6; break; default: return 0; @@ -203,7 +208,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, if (skb->skb_iif) indev = dev_get_by_index_rcu(em->net, skb->skb_iif); - nf_hook_state_init(&state, im->hook, im->match->family, + nf_hook_state_init(&state, im->hook, nfproto, indev ?: skb->dev, skb->dev, NULL, em->net, NULL); acpar.match = im->match; |