mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-11 16:29:05 +00:00
netfilter: fix endian bug in conntrack printks
dcc_ip is treated as a host-endian value in the first printk, but the second printk uses %pI4 which expects a be32. This will cause a mismatch between the debug statement and the warning statement. Treat as a be32 throughout and avoid some byteswapping during some comparisions, and allow another user of HIPQUAD to bite the dust. Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
3e8af307bf
commit
f940964901
@ -66,7 +66,7 @@ static const char *const dccprotos[] = {
|
|||||||
* ad_beg_p returns pointer to first byte of addr data
|
* ad_beg_p returns pointer to first byte of addr data
|
||||||
* ad_end_p returns pointer to last byte of addr data
|
* ad_end_p returns pointer to last byte of addr data
|
||||||
*/
|
*/
|
||||||
static int parse_dcc(char *data, const char *data_end, u_int32_t *ip,
|
static int parse_dcc(char *data, const char *data_end, __be32 *ip,
|
||||||
u_int16_t *port, char **ad_beg_p, char **ad_end_p)
|
u_int16_t *port, char **ad_beg_p, char **ad_end_p)
|
||||||
{
|
{
|
||||||
char *tmp;
|
char *tmp;
|
||||||
@ -85,7 +85,7 @@ static int parse_dcc(char *data, const char *data_end, u_int32_t *ip,
|
|||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
*ad_beg_p = data;
|
*ad_beg_p = data;
|
||||||
*ip = simple_strtoul(data, &data, 10);
|
*ip = cpu_to_be32(simple_strtoul(data, &data, 10));
|
||||||
|
|
||||||
/* skip blanks between ip and port */
|
/* skip blanks between ip and port */
|
||||||
while (*data == ' ') {
|
while (*data == ' ') {
|
||||||
@ -112,7 +112,7 @@ static int help(struct sk_buff *skb, unsigned int protoff,
|
|||||||
int dir = CTINFO2DIR(ctinfo);
|
int dir = CTINFO2DIR(ctinfo);
|
||||||
struct nf_conntrack_expect *exp;
|
struct nf_conntrack_expect *exp;
|
||||||
struct nf_conntrack_tuple *tuple;
|
struct nf_conntrack_tuple *tuple;
|
||||||
u_int32_t dcc_ip;
|
__be32 dcc_ip;
|
||||||
u_int16_t dcc_port;
|
u_int16_t dcc_port;
|
||||||
__be16 port;
|
__be16 port;
|
||||||
int i, ret = NF_ACCEPT;
|
int i, ret = NF_ACCEPT;
|
||||||
@ -177,13 +177,14 @@ static int help(struct sk_buff *skb, unsigned int protoff,
|
|||||||
pr_debug("unable to parse dcc command\n");
|
pr_debug("unable to parse dcc command\n");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
pr_debug("DCC bound ip/port: %u.%u.%u.%u:%u\n",
|
|
||||||
HIPQUAD(dcc_ip), dcc_port);
|
pr_debug("DCC bound ip/port: %pI4:%u\n",
|
||||||
|
&dcc_ip, dcc_port);
|
||||||
|
|
||||||
/* dcc_ip can be the internal OR external (NAT'ed) IP */
|
/* dcc_ip can be the internal OR external (NAT'ed) IP */
|
||||||
tuple = &ct->tuplehash[dir].tuple;
|
tuple = &ct->tuplehash[dir].tuple;
|
||||||
if (tuple->src.u3.ip != htonl(dcc_ip) &&
|
if (tuple->src.u3.ip != dcc_ip &&
|
||||||
tuple->dst.u3.ip != htonl(dcc_ip)) {
|
tuple->dst.u3.ip != dcc_ip) {
|
||||||
if (net_ratelimit())
|
if (net_ratelimit())
|
||||||
printk(KERN_WARNING
|
printk(KERN_WARNING
|
||||||
"Forged DCC command from %pI4: %pI4:%u\n",
|
"Forged DCC command from %pI4: %pI4:%u\n",
|
||||||
|
Loading…
x
Reference in New Issue
Block a user