提交 28658c89 编写于 作者: P Phil Oester 提交者: David S. Miller

[NETFILTER]: xt_pkttype: fix mismatches on locally generated packets

Locally generated broadcast and multicast packets have pkttype set to
PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST. This
causes the pkttype match to fail to match packets of either type.

The below patch remedies this by using the daddr as a hint as to
broadcast|multicast. While not pretty, this seems like the only way
to solve the problem short of just noting this as a limitation of the
match.

This resolves netfilter bugzilla #484
Signed-off-by: NPhil Oester <kernel@linuxace.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 8cf8fb56
...@@ -9,6 +9,8 @@ ...@@ -9,6 +9,8 @@
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/if_ether.h> #include <linux/if_ether.h>
#include <linux/if_packet.h> #include <linux/if_packet.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/netfilter/xt_pkttype.h> #include <linux/netfilter/xt_pkttype.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
...@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb, ...@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
int *hotdrop) int *hotdrop)
{ {
u_int8_t type;
const struct xt_pkttype_info *info = matchinfo; const struct xt_pkttype_info *info = matchinfo;
return (skb->pkt_type == info->pkttype) ^ info->invert; if (skb->pkt_type == PACKET_LOOPBACK)
type = (MULTICAST(skb->nh.iph->daddr)
? PACKET_MULTICAST
: PACKET_BROADCAST);
else
type = skb->pkt_type;
return (type == info->pkttype) ^ info->invert;
} }
static struct xt_match pkttype_match = { static struct xt_match pkttype_match = {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册