* [PATCH nf 0/4] NAT fixes
@ 2023-03-07 23:22 Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 1/4] netfilter: nft_nat: correct length for loading protocol registers Jeremy Sowden
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Jeremy Sowden @ 2023-03-07 23:22 UTC (permalink / raw)
To: Netfilter Devel
These bug-fixes were originally part of a larger series adding shifted
port-ranges to nft NAT and targetting nf-next, but Florian suggested
sending them via nf instead to get them upstream more quickly.
* Patches 1-3 correct the sizes in `nft_parse_register_load` calls in
nft_nat, nft_masq and nft_redir.
* Patch 4 corrects a C&P mistake in an nft_redir `nft_expr_type`
definition.
Jeremy Sowden (4):
netfilter: nft_nat: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_redir: correct value of inet type `.maxattrs`
net/netfilter/nft_masq.c | 2 +-
net/netfilter/nft_nat.c | 2 +-
net/netfilter/nft_redir.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
--
2.39.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH nf 1/4] netfilter: nft_nat: correct length for loading protocol registers
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
@ 2023-03-07 23:22 ` Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 2/4] netfilter: nft_masq: " Jeremy Sowden
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jeremy Sowden @ 2023-03-07 23:22 UTC (permalink / raw)
To: Netfilter Devel
The values in the protocol registers are two bytes wide. However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`. Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.
Fixes: d07db9884a5f ("netfilter: nf_tables: introduce nft_validate_register_load()")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
net/netfilter/nft_nat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 047999150390..5c29915ab028 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -226,7 +226,7 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
priv->flags |= NF_NAT_RANGE_MAP_IPS;
}
- plen = sizeof_field(struct nf_nat_range, min_addr.all);
+ plen = sizeof_field(struct nf_nat_range, min_proto.all);
if (tb[NFTA_NAT_REG_PROTO_MIN]) {
err = nft_parse_register_load(tb[NFTA_NAT_REG_PROTO_MIN],
&priv->sreg_proto_min, plen);
--
2.39.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH nf 2/4] netfilter: nft_masq: correct length for loading protocol registers
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 1/4] netfilter: nft_nat: correct length for loading protocol registers Jeremy Sowden
@ 2023-03-07 23:22 ` Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 3/4] netfilter: nft_redir: " Jeremy Sowden
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jeremy Sowden @ 2023-03-07 23:22 UTC (permalink / raw)
To: Netfilter Devel
The values in the protocol registers are two bytes wide. However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`. Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.
Fixes: 8a6bf5da1aef ("netfilter: nft_masq: support port range")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
net/netfilter/nft_masq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_masq.c b/net/netfilter/nft_masq.c
index e55e455275c4..9544c2f16998 100644
--- a/net/netfilter/nft_masq.c
+++ b/net/netfilter/nft_masq.c
@@ -43,7 +43,7 @@ static int nft_masq_init(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nlattr * const tb[])
{
- u32 plen = sizeof_field(struct nf_nat_range, min_addr.all);
+ u32 plen = sizeof_field(struct nf_nat_range, min_proto.all);
struct nft_masq *priv = nft_expr_priv(expr);
int err;
--
2.39.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH nf 3/4] netfilter: nft_redir: correct length for loading protocol registers
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 1/4] netfilter: nft_nat: correct length for loading protocol registers Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 2/4] netfilter: nft_masq: " Jeremy Sowden
@ 2023-03-07 23:22 ` Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs` Jeremy Sowden
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jeremy Sowden @ 2023-03-07 23:22 UTC (permalink / raw)
To: Netfilter Devel
The values in the protocol registers are two bytes wide. However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`. Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.
Fixes: d07db9884a5f ("netfilter: nf_tables: introduce nft_validate_register_load()")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
net/netfilter/nft_redir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c
index 5f7739987559..dbc642f5d32a 100644
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -48,7 +48,7 @@ static int nft_redir_init(const struct nft_ctx *ctx,
unsigned int plen;
int err;
- plen = sizeof_field(struct nf_nat_range, min_addr.all);
+ plen = sizeof_field(struct nf_nat_range, min_proto.all);
if (tb[NFTA_REDIR_REG_PROTO_MIN]) {
err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MIN],
&priv->sreg_proto_min, plen);
--
2.39.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH nf 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs`
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
` (2 preceding siblings ...)
2023-03-07 23:22 ` [PATCH nf 3/4] netfilter: nft_redir: " Jeremy Sowden
@ 2023-03-07 23:22 ` Jeremy Sowden
2023-03-08 11:14 ` [PATCH nf 0/4] NAT fixes Florian Westphal
2023-03-09 9:27 ` Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Jeremy Sowden @ 2023-03-07 23:22 UTC (permalink / raw)
To: Netfilter Devel
`nft_redir_inet_type.maxattrs` was being set, presumably because of a
cut-and-paste error, to `NFTA_MASQ_MAX`, instead of `NFTA_REDIR_MAX`.
Fixes: 63ce3940f3ab ("netfilter: nft_redir: add inet support")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
net/netfilter/nft_redir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c
index dbc642f5d32a..67cec56bc84a 100644
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -236,7 +236,7 @@ static struct nft_expr_type nft_redir_inet_type __read_mostly = {
.name = "redir",
.ops = &nft_redir_inet_ops,
.policy = nft_redir_policy,
- .maxattr = NFTA_MASQ_MAX,
+ .maxattr = NFTA_REDIR_MAX,
.owner = THIS_MODULE,
};
--
2.39.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH nf 0/4] NAT fixes
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
` (3 preceding siblings ...)
2023-03-07 23:22 ` [PATCH nf 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs` Jeremy Sowden
@ 2023-03-08 11:14 ` Florian Westphal
2023-03-09 9:27 ` Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Florian Westphal @ 2023-03-08 11:14 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Netfilter Devel
Jeremy Sowden <jeremy@azazel.net> wrote:
> These bug-fixes were originally part of a larger series adding shifted
> port-ranges to nft NAT and targetting nf-next, but Florian suggested
> sending them via nf instead to get them upstream more quickly.
>
> * Patches 1-3 correct the sizes in `nft_parse_register_load` calls in
> nft_nat, nft_masq and nft_redir.
> * Patch 4 corrects a C&P mistake in an nft_redir `nft_expr_type`
> definition.
Reviewed-by: Florian Westphal <fw@strlen.de>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH nf 0/4] NAT fixes
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
` (4 preceding siblings ...)
2023-03-08 11:14 ` [PATCH nf 0/4] NAT fixes Florian Westphal
@ 2023-03-09 9:27 ` Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-09 9:27 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Netfilter Devel
On Tue, Mar 07, 2023 at 11:22:55PM +0000, Jeremy Sowden wrote:
> These bug-fixes were originally part of a larger series adding shifted
> port-ranges to nft NAT and targetting nf-next, but Florian suggested
> sending them via nf instead to get them upstream more quickly.
Applied to nf.git, thanks
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-03-09 9:27 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-07 23:22 [PATCH nf 0/4] NAT fixes Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 1/4] netfilter: nft_nat: correct length for loading protocol registers Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 2/4] netfilter: nft_masq: " Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 3/4] netfilter: nft_redir: " Jeremy Sowden
2023-03-07 23:22 ` [PATCH nf 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs` Jeremy Sowden
2023-03-08 11:14 ` [PATCH nf 0/4] NAT fixes Florian Westphal
2023-03-09 9:27 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.