All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly
@ 2016-11-23 14:12 Liping Zhang
  2016-11-23 14:12 ` [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero Liping Zhang
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Liping Zhang @ 2016-11-23 14:12 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, fw, Liping Zhang

From: Liping Zhang <zlpnobody@gmail.com>

Acctually ntohl and htonl are identical, so this doesn't affect
anything, but it is conceptually wrong.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
---
 net/ipv4/netfilter/nft_fib_ipv4.c | 2 +-
 net/ipv6/netfilter/nft_fib_ipv6.c | 2 +-
 net/netfilter/nft_fib.c           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c
index 1b49966..bfffa74 100644
--- a/net/ipv4/netfilter/nft_fib_ipv4.c
+++ b/net/ipv4/netfilter/nft_fib_ipv4.c
@@ -198,7 +198,7 @@ nft_fib4_select_ops(const struct nft_ctx *ctx,
 	if (!tb[NFTA_FIB_RESULT])
 		return ERR_PTR(-EINVAL);
 
-	result = htonl(nla_get_be32(tb[NFTA_FIB_RESULT]));
+	result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT]));
 
 	switch (result) {
 	case NFT_FIB_RESULT_OIF:
diff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c
index d526bb5..c947aad 100644
--- a/net/ipv6/netfilter/nft_fib_ipv6.c
+++ b/net/ipv6/netfilter/nft_fib_ipv6.c
@@ -235,7 +235,7 @@ nft_fib6_select_ops(const struct nft_ctx *ctx,
 	if (!tb[NFTA_FIB_RESULT])
 		return ERR_PTR(-EINVAL);
 
-	result = htonl(nla_get_be32(tb[NFTA_FIB_RESULT]));
+	result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT]));
 
 	switch (result) {
 	case NFT_FIB_RESULT_OIF:
diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c
index 249c9b8..29a4906 100644
--- a/net/netfilter/nft_fib.c
+++ b/net/netfilter/nft_fib.c
@@ -86,7 +86,7 @@ int nft_fib_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
 	if ((priv->flags & (NFTA_FIB_F_SADDR | NFTA_FIB_F_DADDR)) == 0)
 		return -EINVAL;
 
-	priv->result = htonl(nla_get_be32(tb[NFTA_FIB_RESULT]));
+	priv->result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT]));
 	priv->dreg = nft_parse_register(tb[NFTA_FIB_DREG]);
 
 	switch (priv->result) {
-- 
2.5.5



^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero
  2016-11-23 14:12 [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Liping Zhang
@ 2016-11-23 14:12 ` Liping Zhang
  2016-11-24 12:54   ` Florian Westphal
  2016-12-04 20:14   ` Pablo Neira Ayuso
  2016-11-24 12:13 ` [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Florian Westphal
  2016-12-04 20:14 ` Pablo Neira Ayuso
  2 siblings, 2 replies; 6+ messages in thread
From: Liping Zhang @ 2016-11-23 14:12 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, fw, Liping Zhang

From: Liping Zhang <zlpnobody@gmail.com>

Otherwise, if fib lookup fail, *dest will be filled with garbage value,
so reverse path filtering will not work properly:
 # nft add rule x prerouting fib saddr oif eq 0 drop

Fixes: f6d0cbcf09c5 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
---
 net/ipv4/netfilter/nft_fib_ipv4.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c
index bfffa74..2581363 100644
--- a/net/ipv4/netfilter/nft_fib_ipv4.c
+++ b/net/ipv4/netfilter/nft_fib_ipv4.c
@@ -122,6 +122,8 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
 		fl4.saddr = get_saddr(iph->daddr);
 	}
 
+	*dest = 0;
+
 	if (fib_lookup(nft_net(pkt), &fl4, &res, FIB_LOOKUP_IGNORE_LINKSTATE))
 		return;
 
-- 
2.5.5



^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly
  2016-11-23 14:12 [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Liping Zhang
  2016-11-23 14:12 ` [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero Liping Zhang
@ 2016-11-24 12:13 ` Florian Westphal
  2016-12-04 20:14 ` Pablo Neira Ayuso
  2 siblings, 0 replies; 6+ messages in thread
From: Florian Westphal @ 2016-11-24 12:13 UTC (permalink / raw)
  To: Liping Zhang; +Cc: pablo, netfilter-devel, fw, Liping Zhang

Liping Zhang <zlpnobody@163.com> wrote:
> From: Liping Zhang <zlpnobody@gmail.com>
> 
> Acctually ntohl and htonl are identical, so this doesn't affect
> anything, but it is conceptually wrong.

Acked-by: Florian Westphal <fw@strlen.de>

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero
  2016-11-23 14:12 ` [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero Liping Zhang
@ 2016-11-24 12:54   ` Florian Westphal
  2016-12-04 20:14   ` Pablo Neira Ayuso
  1 sibling, 0 replies; 6+ messages in thread
From: Florian Westphal @ 2016-11-24 12:54 UTC (permalink / raw)
  To: Liping Zhang; +Cc: pablo, netfilter-devel, fw, Liping Zhang

Liping Zhang <zlpnobody@163.com> wrote:
> From: Liping Zhang <zlpnobody@gmail.com>
> 
> Otherwise, if fib lookup fail, *dest will be filled with garbage value,
> so reverse path filtering will not work properly:
>  # nft add rule x prerouting fib saddr oif eq 0 drop
> 
> Fixes: f6d0cbcf09c5 ("netfilter: nf_tables: add fib expression")
> Signed-off-by: Liping Zhang <zlpnobody@gmail.com>

Acked-by: Florian Westphal <fw@strlen.de>

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly
  2016-11-23 14:12 [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Liping Zhang
  2016-11-23 14:12 ` [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero Liping Zhang
  2016-11-24 12:13 ` [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Florian Westphal
@ 2016-12-04 20:14 ` Pablo Neira Ayuso
  2 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2016-12-04 20:14 UTC (permalink / raw)
  To: Liping Zhang; +Cc: netfilter-devel, fw, Liping Zhang

On Wed, Nov 23, 2016 at 10:12:20PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@gmail.com>
> 
> Acctually ntohl and htonl are identical, so this doesn't affect
> anything, but it is conceptually wrong.

Applied, thanks Liping.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero
  2016-11-23 14:12 ` [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero Liping Zhang
  2016-11-24 12:54   ` Florian Westphal
@ 2016-12-04 20:14   ` Pablo Neira Ayuso
  1 sibling, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2016-12-04 20:14 UTC (permalink / raw)
  To: Liping Zhang; +Cc: netfilter-devel, fw, Liping Zhang

On Wed, Nov 23, 2016 at 10:12:21PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@gmail.com>
> 
> Otherwise, if fib lookup fail, *dest will be filled with garbage value,
> so reverse path filtering will not work properly:
>  # nft add rule x prerouting fib saddr oif eq 0 drop

Also applied, thanks.

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-12-04 20:14 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-23 14:12 [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Liping Zhang
2016-11-23 14:12 ` [PATCH nf-next] netfilter: nft_fib_ipv4: initialize *dest to zero Liping Zhang
2016-11-24 12:54   ` Florian Westphal
2016-12-04 20:14   ` Pablo Neira Ayuso
2016-11-24 12:13 ` [PATCH nf-next] netfilter: nft_fib: convert htonl to ntohl properly Florian Westphal
2016-12-04 20:14 ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.