diff options
Diffstat (limited to 'iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch')
| -rw-r--r-- | iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch b/iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch new file mode 100644 index 00000000..70716b1d --- /dev/null +++ b/iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch @@ -0,0 +1,65 @@ +Url: https://git.netfilter.org/iptables/patch/?id=b3f3e256c263b9a1db49732696aba0dde084ef5e +From b3f3e256c263b9a1db49732696aba0dde084ef5e Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Fri, 15 Nov 2024 19:55:32 +0100 +Subject: nft: Drop interface mask leftovers from post_parse callbacks + +Fixed commit only adjusted the IPv4-specific callback for unclear +reasons. + +Fixes: fe70364b36119 ("xshared: Do not populate interface masks per default") +Signed-off-by: Phil Sutter <phil@nwl.cc> +Reviewed-by: Jeremy Sowden <jeremy@azazel.net> +--- + iptables/nft-arp.c | 3 --- + iptables/xshared.c | 5 ----- + iptables/xshared.h | 1 - + 3 files changed, 9 deletions(-) + +diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c +index c11d64c3..fa2dd558 100644 +--- a/iptables/nft-arp.c ++++ b/iptables/nft-arp.c +@@ -459,10 +459,7 @@ static void nft_arp_post_parse(int command, + cs->arp.arp.invflags = args->invflags; + + memcpy(cs->arp.arp.iniface, args->iniface, IFNAMSIZ); +- memcpy(cs->arp.arp.iniface_mask, args->iniface_mask, IFNAMSIZ); +- + memcpy(cs->arp.arp.outiface, args->outiface, IFNAMSIZ); +- memcpy(cs->arp.arp.outiface_mask, args->outiface_mask, IFNAMSIZ); + + cs->arp.counters.pcnt = args->pcnt_cnt; + cs->arp.counters.bcnt = args->bcnt_cnt; +diff --git a/iptables/xshared.c b/iptables/xshared.c +index 2a5eef09..2f663f97 100644 +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -2104,12 +2104,7 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs, + cs->fw6.ipv6.invflags = args->invflags; + + memcpy(cs->fw6.ipv6.iniface, args->iniface, IFNAMSIZ); +- memcpy(cs->fw6.ipv6.iniface_mask, +- args->iniface_mask, IFNAMSIZ*sizeof(unsigned char)); +- + memcpy(cs->fw6.ipv6.outiface, args->outiface, IFNAMSIZ); +- memcpy(cs->fw6.ipv6.outiface_mask, +- args->outiface_mask, IFNAMSIZ*sizeof(unsigned char)); + + if (args->goto_set) + cs->fw6.ipv6.flags |= IP6T_F_GOTO; +diff --git a/iptables/xshared.h b/iptables/xshared.h +index a111e797..af756738 100644 +--- a/iptables/xshared.h ++++ b/iptables/xshared.h +@@ -262,7 +262,6 @@ struct xtables_args { + uint8_t flags; + uint16_t invflags; + char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; +- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; + char bri_iniface[IFNAMSIZ], bri_outiface[IFNAMSIZ]; + bool goto_set; + const char *shostnetworkmask, *dhostnetworkmask; +-- +cgit v1.2.3 + |