| Message ID | 7bcaa9e0507fa9a5b6a48f56768a179281bf4ab2.1576226965.git.lucien.xin@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | netfilter: nft_tunnel: a bunch of fixes and improvements | expand |
On Fri, Dec 13, 2019 at 04:53:06PM +0800, Xin Long wrote: > ERSPAN_VERSION is an attribute parsed in kernel side, nla_policy > type should be added for it, like other attributes. > > Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") Is this really a fix? > Signed-off-by: Xin Long <lucien.xin@gmail.com> > Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> > --- > net/netfilter/nft_tunnel.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c > index ef2065dd..6538895 100644 > --- a/net/netfilter/nft_tunnel.c > +++ b/net/netfilter/nft_tunnel.c > @@ -248,8 +248,9 @@ static int nft_tunnel_obj_vxlan_init(const struct nlattr *attr, > } > > static const struct nla_policy nft_tunnel_opts_erspan_policy[NFTA_TUNNEL_KEY_ERSPAN_MAX + 1] = { > + [NFTA_TUNNEL_KEY_ERSPAN_VERSION] = { .type = NLA_U32 }, > [NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX] = { .type = NLA_U32 }, > - [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 }, > + [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 }, > [NFTA_TUNNEL_KEY_ERSPAN_V2_HWID] = { .type = NLA_U8 }, > }; > > -- > 2.1.0 >
On Sat, Dec 14, 2019 at 09:26:31AM +0100, Simon Horman wrote: > On Fri, Dec 13, 2019 at 04:53:06PM +0800, Xin Long wrote: > > ERSPAN_VERSION is an attribute parsed in kernel side, nla_policy > > type should be added for it, like other attributes. > > > > Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") > > Is this really a fix? I think so. Netlink attribute validation for NFTA_TUNNEL_KEY_ERSPAN_VERSION is missing.
On Tue, Dec 17, 2019 at 10:39:45PM +0100, Pablo Neira Ayuso wrote: > On Sat, Dec 14, 2019 at 09:26:31AM +0100, Simon Horman wrote: > > On Fri, Dec 13, 2019 at 04:53:06PM +0800, Xin Long wrote: > > > ERSPAN_VERSION is an attribute parsed in kernel side, nla_policy > > > type should be added for it, like other attributes. > > > > > > Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") > > > > Is this really a fix? > > I think so. Netlink attribute validation for > NFTA_TUNNEL_KEY_ERSPAN_VERSION is missing. Ok, I accept that reasoning.
diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index ef2065dd..6538895 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -248,8 +248,9 @@ static int nft_tunnel_obj_vxlan_init(const struct nlattr *attr, } static const struct nla_policy nft_tunnel_opts_erspan_policy[NFTA_TUNNEL_KEY_ERSPAN_MAX + 1] = { + [NFTA_TUNNEL_KEY_ERSPAN_VERSION] = { .type = NLA_U32 }, [NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX] = { .type = NLA_U32 }, - [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 }, + [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 }, [NFTA_TUNNEL_KEY_ERSPAN_V2_HWID] = { .type = NLA_U8 }, };
ERSPAN_VERSION is an attribute parsed in kernel side, nla_policy type should be added for it, like other attributes. Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nft_tunnel.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)