diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index 1e5e1ddf..fd373ebd 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h @@ -342,7 +342,7 @@ enum { TCA_BPF_NAME, TCA_BPF_FLAGS, TCA_BPF_FLAGS_GEN, - TCA_BPF_DIGEST, + TCA_BPF_TAG, __TCA_BPF_MAX, }; diff --git a/include/linux/tc_act/tc_bpf.h b/include/linux/tc_act/tc_bpf.h index a6b88a6f..975b50dc 100644 --- a/include/linux/tc_act/tc_bpf.h +++ b/include/linux/tc_act/tc_bpf.h @@ -27,7 +27,7 @@ enum { TCA_ACT_BPF_FD, TCA_ACT_BPF_NAME, TCA_ACT_BPF_PAD, - TCA_ACT_BPF_DIGEST, + TCA_ACT_BPF_TAG, __TCA_ACT_BPF_MAX, }; #define TCA_ACT_BPF_MAX (__TCA_ACT_BPF_MAX - 1) diff --git a/include/utils.h b/include/utils.h index dc1d6b96..22369e0b 100644 --- a/include/utils.h +++ b/include/utils.h @@ -118,6 +118,7 @@ int get_be32(__be32 *val, const char *arg, int base); int get_be16(__be16 *val, const char *arg, int base); int get_addr64(__u64 *ap, const char *cp); +int hex2mem(const char *buf, uint8_t *mem, int count); char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen); __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); #define ADDR64_BUF_SIZE sizeof("xxxx:xxxx:xxxx:xxxx") diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c index 0f91aebf..88664c90 100644 --- a/ip/ipl2tp.c +++ b/ip/ipl2tp.c @@ -485,31 +485,6 @@ static int get_tunnel(struct l2tp_data *p) * Command parser *****************************************************************************/ -static int hex2mem(const char *buf, uint8_t *mem, int count) -{ - int i, j; - int c; - - for (i = 0, j = 0; i < count; i++, j += 2) { - c = get_hex(buf[j]); - if (c < 0) - goto err; - - mem[i] = c << 4; - - c = get_hex(buf[j + 1]); - if (c < 0) - goto err; - - mem[i] |= c; - } - - return 0; - -err: - return -1; -} - static void usage(void) __attribute__((noreturn)); static void usage(void) diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c index 22eb407b..4f726fdd 100644 --- a/ip/ipmaddr.c +++ b/ip/ipmaddr.c @@ -136,13 +136,17 @@ static void read_igmp(struct ma_info **result_p) while (fgets(buf, sizeof(buf), fp)) { struct ma_info *ma; + size_t len; if (buf[0] != '\t') { sscanf(buf, "%d%s", &m.index, m.name); + len = strlen(m.name); + if (m.name[len - 1] == ':') + len--; continue; } - if (filter.dev && strcmp(filter.dev, m.name)) + if (filter.dev && strncmp(filter.dev, m.name, len)) continue; sscanf(buf, "%08x%d", (__u32 *)&m.addr.data, &m.users); diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index cc9c0f1f..451b9822 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who, if (!xfrm_policy_filter_match(xpinfo, ptype)) return 0; - if (xb->offset > xb->size) { - fprintf(stderr, "Policy buffer overflow\n"); - return -1; - } + if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size) + return 0; new_n = (struct nlmsghdr *)(xb->buf + xb->offset); new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid)); diff --git a/lib/utils.c b/lib/utils.c index 83c9d097..870c4f1b 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -962,6 +962,31 @@ __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len) return buf; } +int hex2mem(const char *buf, uint8_t *mem, int count) +{ + int i, j; + int c; + + for (i = 0, j = 0; i < count; i++, j += 2) { + c = get_hex(buf[j]); + if (c < 0) + goto err; + + mem[i] = c << 4; + + c = get_hex(buf[j + 1]); + if (c < 0) + goto err; + + mem[i] |= c; + } + + return 0; + +err: + return -1; +} + int addr64_n2a(__u64 addr, char *buff, size_t len) { __u16 *words = (__u16 *)&addr; diff --git a/man/man8/Makefile b/man/man8/Makefile index d4cb01ac..77d347ca 100644 --- a/man/man8/Makefile +++ b/man/man8/Makefile @@ -16,7 +16,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss. tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \ tc-tcindex.8 tc-u32.8 tc-matchall.8 \ tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \ - tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 tc-skbmod.8 \ + tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 \ tc-tunnel_key.8 \ devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8 diff --git a/tc/f_flower.c b/tc/f_flower.c index d301db36..df4e7d00 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -721,14 +721,13 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, } parse_done: - addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); + ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); + if (ret) + return ret; ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); - if (ret) { - fprintf(stderr, "Illegal \"eth_type\"(0x%x)\n", - ntohs(eth_type)); - return -1; - } + if (ret) + return ret; tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail; @@ -987,10 +986,10 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, tb[TCA_FLOWER_KEY_IPV6_SRC], tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]); - nl_type = flower_port_attr_type(ip_proto, false); + nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST); if (nl_type >= 0) flower_print_port(f, "dst_port", tb[nl_type]); - nl_type = flower_port_attr_type(ip_proto, true); + nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC); if (nl_type >= 0) flower_print_port(f, "src_port", tb[nl_type]); diff --git a/tc/m_xt.c b/tc/m_xt.c index 57ed40d7..e59df8e1 100644 --- a/tc/m_xt.c +++ b/tc/m_xt.c @@ -77,7 +77,7 @@ static struct xtables_globals tcipt_globals = { .orig_opts = original_opts, .opts = original_opts, .exit_err = NULL, -#if (XTABLES_VERSION_CODE >= 11) +#if XTABLES_VERSION_CODE >= 11 .compat_rev = xtables_compatible_revision, #endif }; @@ -126,7 +126,7 @@ static int get_xtables_target_opts(struct xtables_globals *globals, { struct option *opts; -#if (XTABLES_VERSION_CODE >= 6) +#if XTABLES_VERSION_CODE >= 6 opts = xtables_options_xfrm(globals->orig_opts, globals->opts, m->x6_options, @@ -204,7 +204,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, break; default: -#if (XTABLES_VERSION_CODE >= 6) +#if XTABLES_VERSION_CODE >= 6 if (m != NULL && m->x6_parse != NULL) { xtables_option_tpcall(c, argv, 0, m, NULL); #else @@ -242,7 +242,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, } /* check that we passed the correct parameters to the target */ -#if (XTABLES_VERSION_CODE >= 6) +#if XTABLES_VERSION_CODE >= 6 if (m) xtables_option_tfcall(m); #else