diff options
| author |   David Ahern <dsahern@gmail.com> | 2018-05-16 13:36:40 -0700 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2018-05-17 14:55:21 -0400 |
| commit | 5a847a6e1477be5bd3f94cc1b7708d7d4a7cd94c (patch) | |
| tree | f115003a688ee3366207745a53eabbe53a533796 /net/ipv4/netfilter | |
| parent | tls: don't use stack memory in a scatterlist (diff) | |
| download | linux-dev-5a847a6e1477be5bd3f94cc1b7708d7d4a7cd94c.tar.xz linux-dev-5a847a6e1477be5bd3f94cc1b7708d7d4a7cd94c.zip | |
net/ipv4: Initialize proto and ports in flow struct
Updating the FIB tracepoint for the recent change to allow rules using
the protocol and ports exposed a few places where the entries in the flow
struct are not initialized.
For __fib_validate_source add the call to fib4_rules_early_flow_dissect
since it is invoked for the input path. For netfilter, add the memset on
the flow struct to avoid future problems like this. In ip_route_input_slow
need to set the fields if the skb dissection does not happen.
Fixes: bfff4862653b ("net: fib_rules: support for match on ip_proto, sport and dport")
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter')
| -rw-r--r-- | net/ipv4/netfilter/ipt_rpfilter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c index fd01f13c896a..12843c9ef142 100644 --- a/net/ipv4/netfilter/ipt_rpfilter.c +++ b/net/ipv4/netfilter/ipt_rpfilter.c @@ -89,10 +89,10 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) return true ^ invert; } + memset(&flow, 0, sizeof(flow)); flow.flowi4_iif = LOOPBACK_IFINDEX; flow.daddr = iph->saddr; flow.saddr = rpfilter_get_saddr(iph->daddr); - flow.flowi4_oif = 0; flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0; flow.flowi4_tos = RT_TOS(iph->tos); flow.flowi4_scope = RT_SCOPE_UNIVERSE; |