kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/include/net/netfilter
History
Liping Zhang 10596608c4 netfilter: nf_tables: fix mismatch in big-endian system 
Currently, there are two different methods to store an u16 integer to
the u32 data register. For example:
  u32 *dest = &regs->data[priv->dreg];
  1. *dest = 0; *(u16 *) dest = val_u16;
  2. *dest = val_u16;

For method 1, the u16 value will be stored like this, either in
big-endian or little-endian system:
  0          15           31
  +-+-+-+-+-+-+-+-+-+-+-+-+
  |   Value   |     0     |
  +-+-+-+-+-+-+-+-+-+-+-+-+

For method 2, in little-endian system, the u16 value will be the same
as listed above. But in big-endian system, the u16 value will be stored
like this:
  0          15           31
  +-+-+-+-+-+-+-+-+-+-+-+-+
  |     0     |   Value   |
  +-+-+-+-+-+-+-+-+-+-+-+-+

So later we use "memcmp(&regs->data[priv->sreg], data, 2);" to do
compare in nft_cmp, nft_lookup expr ..., method 2 will get the wrong
result in big-endian system, as 0~15 bits will always be zero.

For the similar reason, when loading an u16 value from the u32 data
register, we should use "*(u16 *) sreg;" instead of "(u16)*sreg;",
the 2nd method will get the wrong value in the big-endian system.

So introduce some wrapper functions to store/load an u8 or u16
integer to/from the u32 data register, and use them in the right
place.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-03-13 13:30:28 +01:00
..
ipv4 netfilter: merge udp and udplite conntrack helpers 2017-01-03 14:33:25 +01:00
ipv6 netfilter: merge udp and udplite conntrack helpers 2017-01-03 14:33:25 +01:00
br_netfilter.h netfilter: bridge: add and use br_nf_hook_thresh 2016-09-24 21:25:48 +02:00
nf_conntrack.h netfilter: merge ctinfo into nfct pointer storage area 2017-02-02 14:31:56 +01:00
nf_conntrack_acct.h netfilter: introduce nf_conn_acct structure 2013-11-03 21:48:49 +01:00
nf_conntrack_core.h skbuff: add and use skb_nfct helper 2017-02-02 14:31:53 +01:00
nf_conntrack_ecache.h netfilter: don't rely on DYING bit to detect when destroy event was sent 2016-08-30 11:43:08 +02:00
nf_conntrack_expect.h netfilter: conntrack: use a single expectation table for all namespaces 2016-05-06 11:50:01 +02:00
nf_conntrack_extend.h netfilter: move nat hlist_head to nf_conn 2016-07-11 11:47:50 +02:00
nf_conntrack_helper.h netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_l3proto.h netfilter: conntrack: add nf_conntrack_default_on sysctl 2016-12-04 21:17:25 +01:00
nf_conntrack_l4proto.h netfilter: conntrack: no need to pass ctinfo to error handler 2017-02-02 14:31:51 +01:00
nf_conntrack_labels.h netfilter: conntrack: avoid excess memory allocation 2016-10-27 18:29:02 +02:00
nf_conntrack_seqadj.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_synproxy.h netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
nf_conntrack_timeout.h netfilter: cttimeout: add netns support 2015-12-14 12:48:58 +01:00
nf_conntrack_timestamp.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_tuple.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_conntrack_zones.h netfilter: move zone info into struct nf_conn 2016-06-23 13:33:12 +02:00
nf_dup_netdev.h netfilter: add and use nf_fwd_netdev_egress 2016-12-06 21:48:22 +01:00
nf_log.h netfilter: allow logging from non-init namespaces 2017-02-02 14:31:58 +01:00
nf_nat.h netfilter: nat: convert nat bysrc hash to rhashtable 2016-07-11 12:07:57 +02:00
nf_nat_core.h netfilter: Pass net into nf_xfrm_me_harder 2015-09-18 22:00:22 +02:00
nf_nat_helper.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_l3proto.h netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
nf_nat_l4proto.h netfilter: built-in NAT support for UDPlite 2016-12-04 20:45:32 +01:00
nf_nat_redirect.h netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
nf_queue.h netfilter: remove hook_entries field from nf_hook_state 2016-11-03 11:52:58 +01:00
nf_socket.h netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.c 2016-11-01 20:50:31 +01:00
nf_tables.h netfilter: nf_tables: fix mismatch in big-endian system 2017-03-13 13:30:28 +01:00
nf_tables_core.h netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields 2016-12-06 21:47:54 +01:00
nf_tables_ipv4.h netfilter: merge fixup for "nf_tables_netdev: remove redundant ip_hdr assignment" 2016-10-05 20:25:48 -04:00
nf_tables_ipv6.h netfilter: nf_tables: set pktinfo->thoff at AH header if found 2017-03-08 18:35:27 +01:00
nfnetlink_log.h netfilter: log: netns NULL ptr bug when calling from conntrack 2013-05-15 14:11:07 +02:00
nft_dup.h netfilter: nf_tables: add nft_dup expression 2015-08-07 11:49:49 +02:00
nft_fib.h netfilter: rpfilter: fix incorrect loopback packet judgment 2017-01-16 14:23:01 +01:00
nft_masq.h netfilter: nft_masq: support port range 2016-03-02 20:05:27 +01:00
nft_meta.h netfilter: nft_meta: improve the validity check of pkttype set expr 2016-08-25 13:12:03 +02:00
nft_redir.h netfilter: nf_tables: add new expression nft_redir 2014-10-27 22:49:39 +01:00
nft_reject.h netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT 2016-08-25 12:55:34 +02:00
xt_rateest.h net_sched: gen_estimator: complete rewrite of rate estimators 2016-12-05 15:21:59 -05:00