netfilter: ipset: Make invalid MAC address checks consistent

author Stefano Brivio <sbrivio@redhat.com>

Fri, 17 Aug 2018 19:09:48 +0000 (21:09 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 6 Nov 2019 12:05:23 +0000 (13:05 +0100)
author Stefano Brivio <sbrivio@redhat.com>
Fri, 17 Aug 2018 19:09:48 +0000 (21:09 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 6 Nov 2019 12:05:23 +0000 (13:05 +0100)
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c

index 4f01321..794e033 100644 (file)
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -235,6 +235,9 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
         else
                 ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
  
+       if (is_zero_ether_addr(e.ether))
+               return -EINVAL;
+
         return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
  }
  
diff --git a/net/netfilter/ipset/ip_set_hash_ipmac.c b/net/netfilter/ipset/ip_set_hash_ipmac.c

index 16ec822..25560ea 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -36,9 +36,6 @@ MODULE_ALIAS("ip_set_hash:ip,mac");
  /* Type specific function prefix */
  #define HTYPE          hash_ipmac
  
-/* Zero valued element is not supported */
-static const unsigned char invalid_ether[ETH_ALEN] = { 0 };
-
  /* IPv4 variant */
  
  /* Member elements */
@@ -104,7 +101,7 @@ hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb,
         else
                 ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
  
-       if (ether_addr_equal(e.ether, invalid_ether))
+       if (is_zero_ether_addr(e.ether))
                 return -EINVAL;
  
         ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
@@ -140,7 +137,7 @@ hash_ipmac4_uadt(struct ip_set *set, struct nlattr *tb[],
         if (ret)
                 return ret;
         memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
-       if (ether_addr_equal(e.ether, invalid_ether))
+       if (is_zero_ether_addr(e.ether))
                 return -IPSET_ERR_HASH_ELEM;
  
         return adtfn(set, &e, &ext, &ext, flags);
@@ -220,7 +217,7 @@ hash_ipmac6_kadt(struct ip_set *set, const struct sk_buff *skb,
         else
                 ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
  
-       if (ether_addr_equal(e.ether, invalid_ether))
+       if (is_zero_ether_addr(e.ether))
                 return -EINVAL;
  
         ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
@@ -260,7 +257,7 @@ hash_ipmac6_uadt(struct ip_set *set, struct nlattr *tb[],
                 return ret;
  
         memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
-       if (ether_addr_equal(e.ether, invalid_ether))
+       if (is_zero_ether_addr(e.ether))
                 return -IPSET_ERR_HASH_ELEM;
  
         return adtfn(set, &e, &ext, &ext, flags);
author	Stefano Brivio <sbrivio@redhat.com>
	Fri, 17 Aug 2018 19:09:48 +0000 (21:09 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 6 Nov 2019 12:05:23 +0000 (13:05 +0100)
net/netfilter/ipset/ip_set_bitmap_ipmac.c		patch \| blob \| history
net/netfilter/ipset/ip_set_hash_ipmac.c		patch \| blob \| history