diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-12-09 10:56:58 -0600 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-12-09 10:56:58 -0600 |
commit | a508a8e468f334960c5ba4673707b9b14eddae20 (patch) | |
tree | 8d37430087226fd44163b45ee10d5c0a2f20271a /netfilter_ppc_fix.patch | |
parent | 492eb2410f97963ea806ef93714bf1a111c2fee6 (diff) | |
download | kernel-a508a8e468f334960c5ba4673707b9b14eddae20.tar.gz kernel-a508a8e468f334960c5ba4673707b9b14eddae20.tar.xz kernel-a508a8e468f334960c5ba4673707b9b14eddae20.zip |
Linux v5.5-rc1
Diffstat (limited to 'netfilter_ppc_fix.patch')
-rw-r--r-- | netfilter_ppc_fix.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/netfilter_ppc_fix.patch b/netfilter_ppc_fix.patch new file mode 100644 index 000000000..421f80d41 --- /dev/null +++ b/netfilter_ppc_fix.patch @@ -0,0 +1,69 @@ +From: Pablo Neira Ayuso <pablo () netfilter ! org> +Date: Sat, 07 Dec 2019 17:38:05 +0000 +To: netfilter-devel +Subject: Re: [PATCH] netfilter: nf_flow_table_offload: Correct memcpy size for flow_overload_mangle + +I'm attaching a tentative patch to address this problem. + +Thanks. + +diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c +index c54c9a6cc981..3d6b2bea9a63 100644 +--- a/net/netfilter/nf_flow_table_offload.c ++++ b/net/netfilter/nf_flow_table_offload.c +@@ -326,23 +326,23 @@ static void flow_offload_port_snat(struct net *net, + struct nf_flow_rule *flow_rule) + { + struct flow_action_entry *entry = flow_action_entry_next(flow_rule); +- u32 mask = ~htonl(0xffff0000); +- __be16 port; ++ u32 mask = ~htonl(0xffff0000), port; + u32 offset; + + switch (dir) { + case FLOW_OFFLOAD_DIR_ORIGINAL: +- port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port; ++ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port); + offset = 0; /* offsetof(struct tcphdr, source); */ + break; + case FLOW_OFFLOAD_DIR_REPLY: +- port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port; ++ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port); + offset = 0; /* offsetof(struct tcphdr, dest); */ + break; + default: + break; + } + ++ port = htonl(port << 16); + flow_offload_mangle(entry, flow_offload_l4proto(flow), offset, + (u8 *)&port, (u8 *)&mask); + } +@@ -353,23 +353,23 @@ static void flow_offload_port_dnat(struct net *net, + struct nf_flow_rule *flow_rule) + { + struct flow_action_entry *entry = flow_action_entry_next(flow_rule); +- u32 mask = ~htonl(0xffff); +- __be16 port; ++ u32 mask = ~htonl(0xffff), port; + u32 offset; + + switch (dir) { + case FLOW_OFFLOAD_DIR_ORIGINAL: +- port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port; ++ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port); + offset = 0; /* offsetof(struct tcphdr, source); */ + break; + case FLOW_OFFLOAD_DIR_REPLY: +- port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port; ++ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port); + offset = 0; /* offsetof(struct tcphdr, dest); */ + break; + default: + break; + } + ++ port = htonl(port); + flow_offload_mangle(entry, flow_offload_l4proto(flow), offset, + (u8 *)&port, (u8 *)&mask); + } |