commit 0e8a835aa59d08d702af0fcfd296e2218b2e344b · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

netfilter: ipset: bitmap:ip,mac type requires "src" for MAC

Enforce that the second "src/dst" parameter of the set match and SET target
must be "src", because we have access to the source MAC only in the packet.
The previous behaviour, that the type required the second parameter
but actually ignored the value was counter-intuitive and confusing.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by Jozsef Kadlecsik and committed by Patrick McHardy 15 years ago 0e8a835a b32e3dc7

1 changed file

expand all

unified split

net

netfilter

ipset

ip_set_bitmap_ipmac.c

net/netfilter/ipset/ip_set_bitmap_ipmac.c

··· 343 ipset_adtfn adtfn = set->variant->adt[adt]; 344 struct ipmac data; 345 346 data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC)); 347 if (data.id < map->first_ip || data.id > map->last_ip) 348 return -IPSET_ERR_BITMAP_RANGE;

··· 343 ipset_adtfn adtfn = set->variant->adt[adt]; 344 struct ipmac data; 345 346 + /* MAC can be src only */ 347 + if (!(flags & IPSET_DIM_TWO_SRC)) 348 + return 0; 349 + 350 data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC)); 351 if (data.id < map->first_ip || data.id > map->last_ip) 352 return -IPSET_ERR_BITMAP_RANGE;