tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: fix ebtables compat support

commit 255d0dc34068a976 (netfilter: x_table: speedup compat operations)
made ebtables not working anymore.

1) xt_compat_calc_jump() is not an exact match lookup
2) compat_table_info() has a typo in xt_compat_init_offsets() call
3) compat_do_replace() misses a xt_compat_init_offsets() call

Reported-by: dann frazier <dannf@dannf.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Eric Dumazet and committed by
Pablo Neira Ayuso 5a6351ee 315c34da

+4 -3
+2 -1
net/bridge/netfilter/ebtables.c
··· 1766 1766 1767 1767 newinfo->entries_size = size; 1768 1768 1769 - xt_compat_init_offsets(AF_INET, info->nentries); 1769 + xt_compat_init_offsets(NFPROTO_BRIDGE, info->nentries); 1770 1770 return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, 1771 1771 entries, newinfo); 1772 1772 } ··· 2240 2240 2241 2241 xt_compat_lock(NFPROTO_BRIDGE); 2242 2242 2243 + xt_compat_init_offsets(NFPROTO_BRIDGE, tmp.nentries); 2243 2244 ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); 2244 2245 if (ret < 0) 2245 2246 goto out_unlock;
+2 -2
net/netfilter/x_tables.c
··· 455 455 vfree(xt[af].compat_tab); 456 456 xt[af].compat_tab = NULL; 457 457 xt[af].number = 0; 458 + xt[af].cur = 0; 458 459 } 459 460 } 460 461 EXPORT_SYMBOL_GPL(xt_compat_flush_offsets); ··· 474 473 else 475 474 return mid ? tmp[mid - 1].delta : 0; 476 475 } 477 - WARN_ON_ONCE(1); 478 - return 0; 476 + return left ? tmp[left - 1].delta : 0; 479 477 } 480 478 EXPORT_SYMBOL_GPL(xt_compat_calc_jump); 481 479