aboutsummaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-07-07 22:38:30 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-07-10 22:18:17 -0700
commitd3c3f4243e135b3d8c41d98be0cb2f54a4141abf (patch)
tree082b4108551892eecffa8ce9dab555827540183d /net
parent3569b621ceba0a9cfb80e24c0bd19fd632ccee25 (diff)
[NETFILTER]: ipt_CLUSTERIP: add compat code
Adjust structure size and don't expect pointers passed in from userspace to be valid. Also replace an enum in an ABI structure by a fixed size type. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c39
1 files changed, 20 insertions, 19 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 1cef3b09c32..1981acedbfe 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -397,23 +397,7 @@ checkentry(const char *tablename,
/* FIXME: further sanity checks */
config = clusterip_config_find_get(e->ip.dst.s_addr, 1);
- if (config) {
- if (cipinfo->config != NULL) {
- /* Case A: This is an entry that gets reloaded, since
- * it still has a cipinfo->config pointer. Simply
- * increase the entry refcount and return */
- if (cipinfo->config != config) {
- printk(KERN_ERR "CLUSTERIP: Reloaded entry "
- "has invalid config pointer!\n");
- return false;
- }
- } else {
- /* Case B: This is a new rule referring to an existing
- * clusterip config. */
- cipinfo->config = config;
- }
- } else {
- /* Case C: This is a completely new clusterip config */
+ if (!config) {
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
return false;
@@ -440,8 +424,8 @@ checkentry(const char *tablename,
}
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
}
- cipinfo->config = config;
}
+ cipinfo->config = config;
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
@@ -466,13 +450,30 @@ static void destroy(const struct xt_target *target, void *targinfo)
nf_ct_l3proto_module_put(target->family);
}
+#ifdef CONFIG_COMPAT
+struct compat_ipt_clusterip_tgt_info
+{
+ u_int32_t flags;
+ u_int8_t clustermac[6];
+ u_int16_t num_total_nodes;
+ u_int16_t num_local_nodes;
+ u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
+ u_int32_t hash_mode;
+ u_int32_t hash_initval;
+ compat_uptr_t config;
+};
+#endif /* CONFIG_COMPAT */
+
static struct xt_target clusterip_tgt __read_mostly = {
.name = "CLUSTERIP",
.family = AF_INET,
.target = target,
- .targetsize = sizeof(struct ipt_clusterip_tgt_info),
.checkentry = checkentry,
.destroy = destroy,
+ .targetsize = sizeof(struct ipt_clusterip_tgt_info),
+#ifdef CONFIG_COMPAT
+ .compatsize = sizeof(struct compat_ipt_clusterip_tgt_info),
+#endif /* CONFIG_COMPAT */
.me = THIS_MODULE
};