diff options
| author | David S. Miller <davem@davemloft.net> | 2022-03-18 13:33:47 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2022-03-18 13:33:47 +0300 |
| commit | 4fa331b45da29765542ed3947d94e12615d298b5 (patch) | |
| tree | d5770569f28e652d8d5b570d76912026825cd077 /include | |
| parent | 551acdc3c3d2b6bc97f11e31dcf960bc36343bfc (diff) | |
| parent | 4c905f6740a365464e91467aa50916555b28213d (diff) | |
| download | linux-4fa331b45da29765542ed3947d94e12615d298b5.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Fix PPPoE and QinQ with flowtable inet family.
2) Missing register validation in nf_tables.
3) Initialize registers to avoid stack memleak to userspace.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_flow_table.h | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index bd59e950f4d6..64daafd1fc41 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -10,6 +10,8 @@ #include <linux/netfilter/nf_conntrack_tuple_common.h> #include <net/flow_offload.h> #include <net/dst.h> +#include <linux/if_pppox.h> +#include <linux/ppp_defs.h> struct nf_flowtable; struct nf_flow_rule; @@ -317,4 +319,20 @@ int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, int nf_flow_table_offload_init(void); void nf_flow_table_offload_exit(void); +static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb) +{ + __be16 proto; + + proto = *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + + sizeof(struct pppoe_hdr))); + switch (proto) { + case htons(PPP_IP): + return htons(ETH_P_IP); + case htons(PPP_IPV6): + return htons(ETH_P_IPV6); + } + + return 0; +} + #endif /* _NF_FLOW_TABLE_H */ |