Florian Westphal 86c4599155 netfilter: nf_tables: fix destination register zeroing ... [ Upstream commit 1e105e6afa ] Following bug was reported via irc: nft list ruleset set knock_candidates_ipv4 { type ipv4_addr . inet_service size 65535 elements = { 127.0.0.1 . 123, 127.0.0.1 . 123 } } .. udp dport 123 add @knock_candidates_ipv4 { ip saddr . 123 } udp dport 123 add @knock_candidates_ipv4 { ip saddr . udp dport } It should not have been possible to add a duplicate set entry. After some debugging it turned out that the problem is the immediate value (123) in the second-to-last rule. Concatenations use 32bit registers, i.e. the elements are 8 bytes each, not 6 and it turns out the kernel inserted inet firewall @knock_candidates_ipv4 element 0100007f ffff7b00 : 0 [end] element 0100007f 00007b00 : 0 [end] Note the non-zero upper bits of the first element. It turns out that nft_immediate doesn't zero the destination register, but this is needed when the length isn't a multiple of 4. Furthermore, the zeroing in nft_payload is broken. We can't use [len / 4] = 0 -- if len is a multiple of 4, index is off by one. Skip zeroing in this case and use a conditional instead of (len -1) / 4. Fixes: 49499c3e6e ("netfilter: nf_tables: switch registers to 32 bit addressing") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2020-09-09 19:04:25 +02:00
..
9p
bluetooth
caif
iucv
netfilter	netfilter: nf_tables: fix destination register zeroing	2020-09-09 19:04:25 +02:00
netns
nfc
phonet
sctp	sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket	2020-06-30 23:17:05 -04:00
tc_act
6lowpan.h
act_api.h	net sched: fix reporting the first-time use timestamp	2020-06-03 08:19:15 +02:00
addrconf.h	ipv6: fix memory leaks on IPV6_ADDRFORM path	2020-08-11 15:32:34 +02:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h	cfg80211: Fix radar event during another phy CAC	2020-02-05 14:43:46 +00:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h
dsfield.h
dst_cache.h
dst_metadata.h
dst_ops.h
dst.h	net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb	2020-07-22 09:31:59 +02:00
erspan.h
esp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h	fib: add missing attribute validation for tun_id	2020-03-18 07:14:14 +01:00
firewire.h
flow_dissector.h	net: sched: correct flower port blocking	2020-03-05 16:42:16 +01:00
flow.h
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h
genetlink.h	genetlink: remove genl_bind	2020-07-22 09:31:58 +02:00
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet_common.h
inet_connection_sock.h	net: refactor bind_bucket fastreuse into helper	2020-08-19 08:15:03 +02:00
inet_ecn.h	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
inet_frag.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h
inetpeer.h
ip_fib.h
ip_tunnels.h
ip_vs.h	ipvs: allow connection reuse for unconfirmed conntrack	2020-08-19 08:14:56 +02:00
ip.h
ip6_checksum.h
ip6_fib.h
ip6_route.h	net: ipv6: do not consider routes via gateways for anycast address check	2020-04-21 09:03:04 +02:00
ip6_tunnel.h
ipcomp.h
ipconfig.h
ipv6_frag.h
ipv6.h	net: ipv6: add net argument to ip6_dst_lookup_flow	2020-04-29 16:31:16 +02:00
ipx.h	bonding/alb: properly access headers in bond_alb_xmit()	2020-02-11 04:34:14 -08:00
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h
mac802154.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mrp.h
ncsi.h
ndisc.h
neighbour.h
net_failover.h
net_namespace.h
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h
p8022.h
page_pool.h
ping.h
pkt_cls.h	net_sched: fix ops->bind_class() implementations	2020-02-01 09:37:06 +00:00
pkt_sched.h	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h	net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head	2020-01-27 14:51:18 +01:00
rose.h
route.h
rsi_91x.h
rtnetlink.h
sch_generic.h	net_sched: fix ops->bind_class() implementations	2020-02-01 09:37:06 +00:00
scm.h
secure_seq.h
seg6_hmac.h
seg6_local.h
seg6.h
slhc_vj.h
smc.h
snmp.h
sock_reuseport.h
sock.h	net/compat: Add missing sock updates for SCM_RIGHTS	2020-08-21 11:05:32 +02:00
Space.h
stp.h
strparser.h
switchdev.h
tcp_states.h
tcp.h	tcp: fix SO_RCVLOWAT hangs with fat skbs	2020-05-20 08:18:38 +02:00
timewait_sock.h
tipc.h
tls.h
transp_v6.h
tso.h
tun_proto.h
udp_tunnel.h
udp.h
udplite.h
vsock_addr.h
vxlan.h
wext.h
wimax.h
x25.h
x25device.h
xdp_sock.h
xdp.h
xfrm.h	xfrm: Fix crash when the hold queue is used.	2020-08-05 10:06:02 +02:00