Patchwork [2/2] netfilter: nft_reject: fix endianness in dump function

login
register
mail settings
Submitter Pablo Neira
Date Dec. 13, 2013, 6:24 p.m.
Message ID <1386959099-24582-3-git-send-email-pablo@netfilter.org>
Download mbox | patch
Permalink /patch/301138/
State Accepted
Delegated to: David Miller
Headers show

Comments

Pablo Neira - Dec. 13, 2013, 6:24 p.m.
From: Eric Leblond <eric@regit.org>

The dump function in nft_reject_ipv4 was not converting a u32
field to network order before sending it to userspace, this
needs to happen for consistency with other nf_tables and
nfnetlink subsystems.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/ipv4/netfilter/nft_reject_ipv4.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/net/ipv4/netfilter/nft_reject_ipv4.c b/net/ipv4/netfilter/nft_reject_ipv4.c
index fff5ba1..4a5e94a 100644
--- a/net/ipv4/netfilter/nft_reject_ipv4.c
+++ b/net/ipv4/netfilter/nft_reject_ipv4.c
@@ -72,7 +72,7 @@  static int nft_reject_dump(struct sk_buff *skb, const struct nft_expr *expr)
 {
 	const struct nft_reject *priv = nft_expr_priv(expr);
 
-	if (nla_put_be32(skb, NFTA_REJECT_TYPE, priv->type))
+	if (nla_put_be32(skb, NFTA_REJECT_TYPE, htonl(priv->type)))
 		goto nla_put_failure;
 
 	switch (priv->type) {