Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[NETFILTER]: ipt_CLUSTERIP: add compat code

Browse source 
Adjust structure size and don't expect pointers passed in from
userspace to be valid. Also replace an enum in an ABI structure
by a fixed size type.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2007-07-07 22:38:30 -07:00 committed by David S. Miller
parent 3569b621ce
commit d3c3f4243e
2 changed files with 22 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
View file

@ -18,13 +18,13 @@ struct clusterip_config;
struct ipt_clusterip_tgt_info { struct ipt_clusterip_tgt_info {
u_int32_t flags; u_int32_t flags;
/* only relevant for new ones */ /* only relevant for new ones */
u_int8_t clustermac[6]; u_int8_t clustermac[6];
u_int16_t num_total_nodes; u_int16_t num_total_nodes;
u_int16_t num_local_nodes; u_int16_t num_local_nodes;
u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
enum clusterip_hashmode hash_mode; u_int32_t hash_mode;
u_int32_t hash_initval; u_int32_t hash_initval;
struct clusterip_config *config; struct clusterip_config *config;

39
net/ipv4/netfilter/ipt_CLUSTERIP.c
View file

@ -397,23 +397,7 @@ checkentry(const char *tablename,
/* FIXME: further sanity checks */ /* FIXME: further sanity checks */
config = clusterip_config_find_get(e->ip.dst.s_addr, 1); config = clusterip_config_find_get(e->ip.dst.s_addr, 1);
if (config) { if (!config) {
if (cipinfo->config != NULL) {
/* Case A: This is an entry that gets reloaded, since
* it still has a cipinfo->config pointer. Simply
* increase the entry refcount and return */
if (cipinfo->config != config) {
printk(KERN_ERR "CLUSTERIP: Reloaded entry "
"has invalid config pointer!\n");
return false;
}
} else {
/* Case B: This is a new rule referring to an existing
* clusterip config. */
cipinfo->config = config;
}
} else {
/* Case C: This is a completely new clusterip config */
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr)); printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
return false; return false;
@ -440,8 +424,8 @@ checkentry(const char *tablename,
} }
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
} }
cipinfo->config = config;
} }
cipinfo->config = config;
if (nf_ct_l3proto_try_module_get(target->family) < 0) { if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
@ -466,13 +450,30 @@ static void destroy(const struct xt_target *target, void *targinfo)
nf_ct_l3proto_module_put(target->family); nf_ct_l3proto_module_put(target->family);
} }
#ifdef CONFIG_COMPAT
struct compat_ipt_clusterip_tgt_info
{
u_int32_t flags;
u_int8_t clustermac[6];
u_int16_t num_total_nodes;
u_int16_t num_local_nodes;
u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
u_int32_t hash_mode;
u_int32_t hash_initval;
compat_uptr_t config;
};
#endif /* CONFIG_COMPAT */
static struct xt_target clusterip_tgt __read_mostly = { static struct xt_target clusterip_tgt __read_mostly = {
.name = "CLUSTERIP", .name = "CLUSTERIP",
.family = AF_INET, .family = AF_INET,
.target = target, .target = target,
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
.checkentry = checkentry, .checkentry = checkentry,
.destroy = destroy, .destroy = destroy,
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
#ifdef CONFIG_COMPAT
.compatsize = sizeof(struct compat_ipt_clusterip_tgt_info),
#endif /* CONFIG_COMPAT */
.me = THIS_MODULE .me = THIS_MODULE
}; };