70 lines
2.3 KiB
Diff
70 lines
2.3 KiB
Diff
From: Pablo Neira Ayuso <pablo () netfilter ! org>
|
|
Date: Sat, 07 Dec 2019 17:38:05 +0000
|
|
To: netfilter-devel
|
|
Subject: Re: [PATCH] netfilter: nf_flow_table_offload: Correct memcpy size for flow_overload_mangle
|
|
|
|
I'm attaching a tentative patch to address this problem.
|
|
|
|
Thanks.
|
|
|
|
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
|
|
index c54c9a6cc981..3d6b2bea9a63 100644
|
|
--- a/net/netfilter/nf_flow_table_offload.c
|
|
+++ b/net/netfilter/nf_flow_table_offload.c
|
|
@@ -326,23 +326,23 @@ static void flow_offload_port_snat(struct net *net,
|
|
struct nf_flow_rule *flow_rule)
|
|
{
|
|
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
|
|
- u32 mask = ~htonl(0xffff0000);
|
|
- __be16 port;
|
|
+ u32 mask = ~htonl(0xffff0000), port;
|
|
u32 offset;
|
|
|
|
switch (dir) {
|
|
case FLOW_OFFLOAD_DIR_ORIGINAL:
|
|
- port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port;
|
|
+ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port);
|
|
offset = 0; /* offsetof(struct tcphdr, source); */
|
|
break;
|
|
case FLOW_OFFLOAD_DIR_REPLY:
|
|
- port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port;
|
|
+ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port);
|
|
offset = 0; /* offsetof(struct tcphdr, dest); */
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
+ port = htonl(port << 16);
|
|
flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
|
|
(u8 *)&port, (u8 *)&mask);
|
|
}
|
|
@@ -353,23 +353,23 @@ static void flow_offload_port_dnat(struct net *net,
|
|
struct nf_flow_rule *flow_rule)
|
|
{
|
|
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
|
|
- u32 mask = ~htonl(0xffff);
|
|
- __be16 port;
|
|
+ u32 mask = ~htonl(0xffff), port;
|
|
u32 offset;
|
|
|
|
switch (dir) {
|
|
case FLOW_OFFLOAD_DIR_ORIGINAL:
|
|
- port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port;
|
|
+ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port);
|
|
offset = 0; /* offsetof(struct tcphdr, source); */
|
|
break;
|
|
case FLOW_OFFLOAD_DIR_REPLY:
|
|
- port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port;
|
|
+ port = ntohs(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port);
|
|
offset = 0; /* offsetof(struct tcphdr, dest); */
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
+ port = htonl(port);
|
|
flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
|
|
(u8 *)&port, (u8 *)&mask);
|
|
}
|