Commit 28658c8967da9083be83af0a37be3b190bae79da
Committed by
David S. Miller
David S. Miller
1 parent
8cf8fb5687
Exists in
master
and in
4 other branches
[NETFILTER]: xt_pkttype: fix mismatches on locally generated packets
Locally generated broadcast and multicast packets have pkttype set to PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST. This causes the pkttype match to fail to match packets of either type. The below patch remedies this by using the daddr as a hint as to broadcast|multicast. While not pretty, this seems like the only way to solve the problem short of just noting this as a limitation of the match. This resolves netfilter bugzilla #484 Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 11 additions and 1 deletions Side-by-side Diff
net/netfilter/xt_pkttype.c
| ... | ... | @@ -9,6 +9,8 @@ |
| 9 | 9 | #include <linux/skbuff.h> |
| 10 | 10 | #include <linux/if_ether.h> |
| 11 | 11 | #include <linux/if_packet.h> |
| 12 | +#include <linux/in.h> | |
| 13 | +#include <linux/ip.h> | |
| 12 | 14 | |
| 13 | 15 | #include <linux/netfilter/xt_pkttype.h> |
| 14 | 16 | #include <linux/netfilter/x_tables.h> |
| 15 | 17 | |
| ... | ... | @@ -28,9 +30,17 @@ |
| 28 | 30 | unsigned int protoff, |
| 29 | 31 | int *hotdrop) |
| 30 | 32 | { |
| 33 | + u_int8_t type; | |
| 31 | 34 | const struct xt_pkttype_info *info = matchinfo; |
| 32 | 35 | |
| 33 | - return (skb->pkt_type == info->pkttype) ^ info->invert; | |
| 36 | + if (skb->pkt_type == PACKET_LOOPBACK) | |
| 37 | + type = (MULTICAST(skb->nh.iph->daddr) | |
| 38 | + ? PACKET_MULTICAST | |
| 39 | + : PACKET_BROADCAST); | |
| 40 | + else | |
| 41 | + type = skb->pkt_type; | |
| 42 | + | |
| 43 | + return (type == info->pkttype) ^ info->invert; | |
| 34 | 44 | } |
| 35 | 45 | |
| 36 | 46 | static struct xt_match pkttype_match = { |