git.cascardo.info Git - cascardo/linux.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 9 Sep 2016 10:42:49 +0000 (12:42 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 12 Sep 2016 16:51:57 +0000 (18:51 +0200)
commit	beac5afa2d78605b70f40cf5ab5601ab10659c7f
tree	40a5b1783ad7fb55c9ace0b06d3d1fd4860ea130	tree \| snapshot
parent	dbd2be0646e3239022630c426cbceefa15714bca	commit \| diff

netfilter: nf_tables: ensure proper initialization of nft_pktinfo fields

This patch introduces nft_set_pktinfo_unspec() that ensures proper
initialization all of pktinfo fields for non-IP traffic. This is used
by the bridge, netdev and arp families.

This new function relies on nft_set_pktinfo_proto_unspec() to set a new
tprot_set field that indicates if transport protocol information is
available. Remain fields are zeroed.

The meta expression has been also updated to check to tprot_set in first
place given that zero is a valid tprot value. Even a handcrafted packet
may come with the IPPROTO_RAW (255) protocol number so we can't rely on
this value as tprot unset.

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
include/net/netfilter/nf_tables_ipv4.h		diff \| blob \| history
include/net/netfilter/nf_tables_ipv6.h		diff \| blob \| history
net/bridge/netfilter/nf_tables_bridge.c		diff \| blob \| history
net/ipv4/netfilter/nf_tables_arp.c		diff \| blob \| history
net/netfilter/nf_tables_netdev.c		diff \| blob \| history
net/netfilter/nft_meta.c		diff \| blob \| history