netfilter: xt_connmark: do not cast xt_connmark_tginfo1 to xt_connmark_tginfo2
These structures have different layout, fill xt_connmark_tginfo2 with
old fields in xt_connmark_tginfo1. Based on patch from Jack Ma.
Fixes: 472a73e007
("netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets.")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
d71efb599a
commit
5a786232eb
1 changed files with 21 additions and 15 deletions
|
@ -36,9 +36,7 @@ MODULE_ALIAS("ipt_connmark");
|
||||||
MODULE_ALIAS("ip6t_connmark");
|
MODULE_ALIAS("ip6t_connmark");
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
connmark_tg_shift(struct sk_buff *skb,
|
connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
|
||||||
const struct xt_connmark_tginfo1 *info,
|
|
||||||
u8 shift_bits, u8 shift_dir)
|
|
||||||
{
|
{
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
u_int32_t new_targetmark;
|
u_int32_t new_targetmark;
|
||||||
|
@ -52,10 +50,11 @@ connmark_tg_shift(struct sk_buff *skb,
|
||||||
switch (info->mode) {
|
switch (info->mode) {
|
||||||
case XT_CONNMARK_SET:
|
case XT_CONNMARK_SET:
|
||||||
newmark = (ct->mark & ~info->ctmask) ^ info->ctmark;
|
newmark = (ct->mark & ~info->ctmask) ^ info->ctmark;
|
||||||
if (shift_dir == D_SHIFT_RIGHT)
|
if (info->shift_dir == D_SHIFT_RIGHT)
|
||||||
newmark >>= shift_bits;
|
newmark >>= info->shift_bits;
|
||||||
else
|
else
|
||||||
newmark <<= shift_bits;
|
newmark <<= info->shift_bits;
|
||||||
|
|
||||||
if (ct->mark != newmark) {
|
if (ct->mark != newmark) {
|
||||||
ct->mark = newmark;
|
ct->mark = newmark;
|
||||||
nf_conntrack_event_cache(IPCT_MARK, ct);
|
nf_conntrack_event_cache(IPCT_MARK, ct);
|
||||||
|
@ -63,10 +62,11 @@ connmark_tg_shift(struct sk_buff *skb,
|
||||||
break;
|
break;
|
||||||
case XT_CONNMARK_SAVE:
|
case XT_CONNMARK_SAVE:
|
||||||
new_targetmark = (skb->mark & info->nfmask);
|
new_targetmark = (skb->mark & info->nfmask);
|
||||||
if (shift_dir == D_SHIFT_RIGHT)
|
if (info->shift_dir == D_SHIFT_RIGHT)
|
||||||
new_targetmark >>= shift_bits;
|
new_targetmark >>= info->shift_bits;
|
||||||
else
|
else
|
||||||
new_targetmark <<= shift_bits;
|
new_targetmark <<= info->shift_bits;
|
||||||
|
|
||||||
newmark = (ct->mark & ~info->ctmask) ^
|
newmark = (ct->mark & ~info->ctmask) ^
|
||||||
new_targetmark;
|
new_targetmark;
|
||||||
if (ct->mark != newmark) {
|
if (ct->mark != newmark) {
|
||||||
|
@ -76,10 +76,11 @@ connmark_tg_shift(struct sk_buff *skb,
|
||||||
break;
|
break;
|
||||||
case XT_CONNMARK_RESTORE:
|
case XT_CONNMARK_RESTORE:
|
||||||
new_targetmark = (ct->mark & info->ctmask);
|
new_targetmark = (ct->mark & info->ctmask);
|
||||||
if (shift_dir == D_SHIFT_RIGHT)
|
if (info->shift_dir == D_SHIFT_RIGHT)
|
||||||
new_targetmark >>= shift_bits;
|
new_targetmark >>= info->shift_bits;
|
||||||
else
|
else
|
||||||
new_targetmark <<= shift_bits;
|
new_targetmark <<= info->shift_bits;
|
||||||
|
|
||||||
newmark = (skb->mark & ~info->nfmask) ^
|
newmark = (skb->mark & ~info->nfmask) ^
|
||||||
new_targetmark;
|
new_targetmark;
|
||||||
skb->mark = newmark;
|
skb->mark = newmark;
|
||||||
|
@ -92,8 +93,14 @@ static unsigned int
|
||||||
connmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
connmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_connmark_tginfo1 *info = par->targinfo;
|
const struct xt_connmark_tginfo1 *info = par->targinfo;
|
||||||
|
const struct xt_connmark_tginfo2 info2 = {
|
||||||
|
.ctmark = info->ctmark,
|
||||||
|
.ctmask = info->ctmask,
|
||||||
|
.nfmask = info->nfmask,
|
||||||
|
.mode = info->mode,
|
||||||
|
};
|
||||||
|
|
||||||
return connmark_tg_shift(skb, info, 0, 0);
|
return connmark_tg_shift(skb, &info2);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
|
@ -101,8 +108,7 @@ connmark_tg_v2(struct sk_buff *skb, const struct xt_action_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_connmark_tginfo2 *info = par->targinfo;
|
const struct xt_connmark_tginfo2 *info = par->targinfo;
|
||||||
|
|
||||||
return connmark_tg_shift(skb, (const struct xt_connmark_tginfo1 *)info,
|
return connmark_tg_shift(skb, info);
|
||||||
info->shift_bits, info->shift_dir);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int connmark_tg_check(const struct xt_tgchk_param *par)
|
static int connmark_tg_check(const struct xt_tgchk_param *par)
|
||||||
|
|
Loading…
Reference in a new issue