Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 534473c6080e01395058445135df29a8eb638c77

Authored by Florian Westphal
Committed by Pablo Neira Ayuso
1 parent a42b99a6e3
Exists in smarc-imx_3.14.28_1.0.0_ga and in 1 other branch imx_3.14.28_1.0.0_ga

netfilter: ctnetlink: honor CTA_MARK_MASK when setting ctmark 

Useful to only set a particular range of the conntrack mark while
leaving exisiting parts of the value alone, e.g. when setting
conntrack marks via NFQUEUE.

Follows same scheme as MARK/CONNMARK targets, i.e. the mask defines
those bits that should be altered.  No mask is equal to '~0', ie.
the old value is replaced by new one.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Showing 1 changed file with 10 additions and 2 deletions Side-by-side Diff

net/netfilter/nf_conntrack_netlink.c
Diff comments   View file @ 534473c
... ... @@ -2118,8 +2118,16 @@
2118 2118 return err;
2119 2119 }
2120 2120 #if defined(CONFIG_NF_CONNTRACK_MARK)
2121   - if (cda[CTA_MARK])
2122   - ct->mark = ntohl(nla_get_be32(cda[CTA_MARK]));
  2121 + if (cda[CTA_MARK]) {
  2122 + u32 mask = 0, mark, newmark;
  2123 + if (cda[CTA_MARK_MASK])
  2124 + mask = ~ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
  2125 +
  2126 + mark = ntohl(nla_get_be32(cda[CTA_MARK]));
  2127 + newmark = (ct->mark & mask) ^ mark;
  2128 + if (newmark != ct->mark)
  2129 + ct->mark = newmark;
  2130 + }
2123 2131 #endif
2124 2132 return 0;
2125 2133 }