[NETFILTER]: xt_pkttype: fix mismatches on locally generated packets
Locally generated broadcast and multicast packets have pkttype set to PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST. This causes the pkttype match to fail to match packets of either type. The below patch remedies this by using the daddr as a hint as to broadcast|multicast. While not pretty, this seems like the only way to solve the problem short of just noting this as a limitation of the match. This resolves netfilter bugzilla #484 Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
8cf8fb5687
commit
28658c8967
|
@ -9,6 +9,8 @@
|
||||||
#include <linux/skbuff.h>
|
#include <linux/skbuff.h>
|
||||||
#include <linux/if_ether.h>
|
#include <linux/if_ether.h>
|
||||||
#include <linux/if_packet.h>
|
#include <linux/if_packet.h>
|
||||||
|
#include <linux/in.h>
|
||||||
|
#include <linux/ip.h>
|
||||||
|
|
||||||
#include <linux/netfilter/xt_pkttype.h>
|
#include <linux/netfilter/xt_pkttype.h>
|
||||||
#include <linux/netfilter/x_tables.h>
|
#include <linux/netfilter/x_tables.h>
|
||||||
|
@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb,
|
||||||
unsigned int protoff,
|
unsigned int protoff,
|
||||||
int *hotdrop)
|
int *hotdrop)
|
||||||
{
|
{
|
||||||
|
u_int8_t type;
|
||||||
const struct xt_pkttype_info *info = matchinfo;
|
const struct xt_pkttype_info *info = matchinfo;
|
||||||
|
|
||||||
return (skb->pkt_type == info->pkttype) ^ info->invert;
|
if (skb->pkt_type == PACKET_LOOPBACK)
|
||||||
|
type = (MULTICAST(skb->nh.iph->daddr)
|
||||||
|
? PACKET_MULTICAST
|
||||||
|
: PACKET_BROADCAST);
|
||||||
|
else
|
||||||
|
type = skb->pkt_type;
|
||||||
|
|
||||||
|
return (type == info->pkttype) ^ info->invert;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_match pkttype_match = {
|
static struct xt_match pkttype_match = {
|
||||||
|
|
Loading…
Reference in a new issue