* [PATCH net 0/4] Netfilter fixes for net
@ 2023-03-09 17:46 Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers Pablo Neira Ayuso
` (4 more replies)
0 siblings, 5 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-09 17:46 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet
Hi,
The following patchset contains Netfilter fixes for net:
1) nft_parse_register_load() gets an incorrect datatype size
as input, from Jeremy Sowden.
2) incorrect maximum netlink attribute in nft_redir, also
from Jeremy.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 37d9df224d1eec1b434fe9ffa40104c756478c29:
ynl: re-license uniformly under GPL-2.0 OR BSD-3-Clause (2023-03-07 13:44:30 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to 493924519b1fe3faab13ee621a43b0d0939abab1:
netfilter: nft_redir: correct value of inet type `.maxattrs` (2023-03-08 12:26:42 +0100)
----------------------------------------------------------------
Jeremy Sowden (4):
netfilter: nft_nat: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_redir: correct value of inet type `.maxattrs`
net/netfilter/nft_masq.c | 2 +-
net/netfilter/nft_nat.c | 2 +-
net/netfilter/nft_redir.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers
2023-03-09 17:46 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
@ 2023-03-09 17:46 ` Pablo Neira Ayuso
2023-03-11 5:50 ` patchwork-bot+netdevbpf
2023-03-09 17:46 ` [PATCH net 2/4] netfilter: nft_masq: " Pablo Neira Ayuso
` (3 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-09 17:46 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet
From: Jeremy Sowden <jeremy@azazel.net>
The values in the protocol registers are two bytes wide. However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`. Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.
Fixes: d07db9884a5f ("netfilter: nf_tables: introduce nft_validate_register_load()")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_nat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 047999150390..5c29915ab028 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -226,7 +226,7 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
priv->flags |= NF_NAT_RANGE_MAP_IPS;
}
- plen = sizeof_field(struct nf_nat_range, min_addr.all);
+ plen = sizeof_field(struct nf_nat_range, min_proto.all);
if (tb[NFTA_NAT_REG_PROTO_MIN]) {
err = nft_parse_register_load(tb[NFTA_NAT_REG_PROTO_MIN],
&priv->sreg_proto_min, plen);
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH net 2/4] netfilter: nft_masq: correct length for loading protocol registers
2023-03-09 17:46 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers Pablo Neira Ayuso
@ 2023-03-09 17:46 ` Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 3/4] netfilter: nft_redir: " Pablo Neira Ayuso
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-09 17:46 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet
From: Jeremy Sowden <jeremy@azazel.net>
The values in the protocol registers are two bytes wide. However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`. Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.
Fixes: 8a6bf5da1aef ("netfilter: nft_masq: support port range")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_masq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_masq.c b/net/netfilter/nft_masq.c
index e55e455275c4..9544c2f16998 100644
--- a/net/netfilter/nft_masq.c
+++ b/net/netfilter/nft_masq.c
@@ -43,7 +43,7 @@ static int nft_masq_init(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nlattr * const tb[])
{
- u32 plen = sizeof_field(struct nf_nat_range, min_addr.all);
+ u32 plen = sizeof_field(struct nf_nat_range, min_proto.all);
struct nft_masq *priv = nft_expr_priv(expr);
int err;
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH net 3/4] netfilter: nft_redir: correct length for loading protocol registers
2023-03-09 17:46 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 2/4] netfilter: nft_masq: " Pablo Neira Ayuso
@ 2023-03-09 17:46 ` Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs` Pablo Neira Ayuso
2023-03-10 11:08 ` [PATCH net 0/4] Netfilter fixes for net Jeremy Sowden
4 siblings, 0 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-09 17:46 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet
From: Jeremy Sowden <jeremy@azazel.net>
The values in the protocol registers are two bytes wide. However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`. Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.
Fixes: d07db9884a5f ("netfilter: nf_tables: introduce nft_validate_register_load()")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_redir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c
index 5f7739987559..dbc642f5d32a 100644
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -48,7 +48,7 @@ static int nft_redir_init(const struct nft_ctx *ctx,
unsigned int plen;
int err;
- plen = sizeof_field(struct nf_nat_range, min_addr.all);
+ plen = sizeof_field(struct nf_nat_range, min_proto.all);
if (tb[NFTA_REDIR_REG_PROTO_MIN]) {
err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MIN],
&priv->sreg_proto_min, plen);
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH net 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs`
2023-03-09 17:46 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
` (2 preceding siblings ...)
2023-03-09 17:46 ` [PATCH net 3/4] netfilter: nft_redir: " Pablo Neira Ayuso
@ 2023-03-09 17:46 ` Pablo Neira Ayuso
2023-03-10 11:08 ` [PATCH net 0/4] Netfilter fixes for net Jeremy Sowden
4 siblings, 0 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-09 17:46 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet
From: Jeremy Sowden <jeremy@azazel.net>
`nft_redir_inet_type.maxattrs` was being set, presumably because of a
cut-and-paste error, to `NFTA_MASQ_MAX`, instead of `NFTA_REDIR_MAX`.
Fixes: 63ce3940f3ab ("netfilter: nft_redir: add inet support")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_redir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c
index dbc642f5d32a..67cec56bc84a 100644
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -236,7 +236,7 @@ static struct nft_expr_type nft_redir_inet_type __read_mostly = {
.name = "redir",
.ops = &nft_redir_inet_ops,
.policy = nft_redir_policy,
- .maxattr = NFTA_MASQ_MAX,
+ .maxattr = NFTA_REDIR_MAX,
.owner = THIS_MODULE,
};
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH net 0/4] Netfilter fixes for net
2023-03-09 17:46 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
` (3 preceding siblings ...)
2023-03-09 17:46 ` [PATCH net 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs` Pablo Neira Ayuso
@ 2023-03-10 11:08 ` Jeremy Sowden
2023-03-10 11:44 ` Pablo Neira Ayuso
4 siblings, 1 reply; 8+ messages in thread
From: Jeremy Sowden @ 2023-03-10 11:08 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 499 bytes --]
On 2023-03-09, at 18:46:51 +0100, Pablo Neira Ayuso wrote:
> The following patchset contains Netfilter fixes for net:
>
> 1) nft_parse_register_load() gets an incorrect datatype size
> as input, from Jeremy Sowden.
>
> 2) incorrect maximum netlink attribute in nft_redir, also
> from Jeremy.
>
> Please, pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Have you actually pushed these changes to nf.git? Can't see them. :)
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net 0/4] Netfilter fixes for net
2023-03-10 11:08 ` [PATCH net 0/4] Netfilter fixes for net Jeremy Sowden
@ 2023-03-10 11:44 ` Pablo Neira Ayuso
0 siblings, 0 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-10 11:44 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: netfilter-devel
On Fri, Mar 10, 2023 at 11:08:56AM +0000, Jeremy Sowden wrote:
> On 2023-03-09, at 18:46:51 +0100, Pablo Neira Ayuso wrote:
> > The following patchset contains Netfilter fixes for net:
> >
> > 1) nft_parse_register_load() gets an incorrect datatype size
> > as input, from Jeremy Sowden.
> >
> > 2) incorrect maximum netlink attribute in nft_redir, also
> > from Jeremy.
> >
> > Please, pull these changes from:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
>
> Have you actually pushed these changes to nf.git? Can't see them. :)
Oh, I pushed out to master, not main...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers
2023-03-09 17:46 ` [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers Pablo Neira Ayuso
@ 2023-03-11 5:50 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 8+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-03-11 5:50 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, davem, netdev, kuba, pabeni, edumazet
Hello:
This series was applied to netdev/net.git (main)
by Pablo Neira Ayuso <pablo@netfilter.org>:
On Thu, 9 Mar 2023 18:46:52 +0100 you wrote:
> From: Jeremy Sowden <jeremy@azazel.net>
>
> The values in the protocol registers are two bytes wide. However, when
> parsing the register loads, the code currently uses the larger 16-byte
> size of a `union nf_inet_addr`. Change it to use the (correct) size of
> a `union nf_conntrack_man_proto` instead.
>
> [...]
Here is the summary with links:
- [net,1/4] netfilter: nft_nat: correct length for loading protocol registers
https://git.kernel.org/netdev/net/c/068d82e75d53
- [net,2/4] netfilter: nft_masq: correct length for loading protocol registers
https://git.kernel.org/netdev/net/c/ec2c5917eb85
- [net,3/4] netfilter: nft_redir: correct length for loading protocol registers
https://git.kernel.org/netdev/net/c/1f617b6b4c7a
- [net,4/4] netfilter: nft_redir: correct value of inet type `.maxattrs`
https://git.kernel.org/netdev/net/c/493924519b1f
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-03-11 5:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-09 17:46 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 1/4] netfilter: nft_nat: correct length for loading protocol registers Pablo Neira Ayuso
2023-03-11 5:50 ` patchwork-bot+netdevbpf
2023-03-09 17:46 ` [PATCH net 2/4] netfilter: nft_masq: " Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 3/4] netfilter: nft_redir: " Pablo Neira Ayuso
2023-03-09 17:46 ` [PATCH net 4/4] netfilter: nft_redir: correct value of inet type `.maxattrs` Pablo Neira Ayuso
2023-03-10 11:08 ` [PATCH net 0/4] Netfilter fixes for net Jeremy Sowden
2023-03-10 11:44 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).