redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/netfilter/ipset
History
Florent Fourcot 52f072f580 netfilter: ipset: forbid family for hash:mac sets 
[ Upstream commit cbdebe481a ]

Userspace `ipset` command forbids family option for hash:mac type:

ipset create test hash:mac family inet4
ipset v6.30: Unknown argument: `family'

However, this check is not done in kernel itself. When someone use
external netlink applications (pyroute2 python library for example), one
can create hash:mac with invalid family and inconsistant results from
userspace (`ipset` command cannot read set content anymore).

This patch enforce the logic in kernel, and forbids insertion of
hash:mac with a family set.

Since IP_SET_PROTO_UNDEF is defined only for hash:mac, this patch has no
impact on other hash:* sets

Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: Victorien Molle <victorien.molle@wifirst.fr>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-08-03 07:50:23 +02:00
..
Kconfig netfilter: ipset: hash:ipmac type support added to ipset 2016-11-10 13:28:49 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_set_bitmap_gen.h netfilter: Remove unnecessary cast on void pointer 2017-04-07 17:29:17 +02:00
ip_set_bitmap_ip.c netfilter: ipset: Fix extension alignment 2015-11-07 11:21:47 +01:00
ip_set_bitmap_ipmac.c netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length 2016-03-08 20:36:17 +01:00
ip_set_bitmap_port.c netfilter: ipset: Fix extension alignment 2015-11-07 11:21:47 +01:00
ip_set_core.c netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() 2018-04-19 08:56:15 +02:00
ip_set_getport.c sctp: remove the typedef sctp_sctphdr_t 2017-07-01 09:08:41 -07:00
ip_set_hash_gen.h netfilter: ipset: forbid family for hash:mac sets 2018-08-03 07:50:23 +02:00
ip_set_hash_ip.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_ipmac.c netfilter: ipset: hash: fix boolreturn.cocci warnings 2016-11-10 13:28:50 +01:00
ip_set_hash_ipmark.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_ipport.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_ipportip.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_ipportnet.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_mac.c netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length 2016-03-08 20:36:17 +01:00
ip_set_hash_net.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_netiface.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_netnet.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_netport.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_hash_netportnet.c netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 2017-09-26 20:15:04 +02:00
ip_set_list_set.c netfilter: ipset: Null pointer exception in ipset list:set 2017-02-19 19:08:47 +01:00
pfxlen.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00