Skip to content

Commit 5a7ef1e

Browse files
ummakynesroxanan1996
ummakynes
authored and
roxanan1996
committed
netfilter: nft_payload: restore vlan q-in-q match support
BugLink: https://bugs.launchpad.net/bugs/2072617 [ Upstream commit aff5c01fa1284d606f8e7cbdaafeef2511bb46c1 ] Revert f6ae9f1 ("netfilter: nft_payload: add C-VLAN support"). f41f72d ("netfilter: nft_payload: simplify vlan header handling") already allows to match on inner vlan tags by subtract the vlan header size to the payload offset which has been popped and stored in skbuff metadata fields. Fixes: f6ae9f1 ("netfilter: nft_payload: add C-VLAN support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Portia Stephens <portia.stephens@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
1 parent 7f362a3 commit 5a7ef1e

File tree

1 file changed

+7
-16
lines changed

1 file changed

+7
-16
lines changed

net/netfilter/nft_payload.c

Lines changed: 7 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -45,36 +45,27 @@ nft_payload_copy_vlan(u32 *d, const struct sk_buff *skb, u8 offset, u8 len)
4545
int mac_off = skb_mac_header(skb) - skb->data;
4646
u8 *vlanh, *dst_u8 = (u8 *) d;
4747
struct vlan_ethhdr veth;
48-
u8 vlan_hlen = 0;
49-
50-
if ((skb->protocol == htons(ETH_P_8021AD) ||
51-
skb->protocol == htons(ETH_P_8021Q)) &&
52-
offset >= VLAN_ETH_HLEN && offset < VLAN_ETH_HLEN + VLAN_HLEN)
53-
vlan_hlen += VLAN_HLEN;
5448

5549
vlanh = (u8 *) &veth;
56-
if (offset < VLAN_ETH_HLEN + vlan_hlen) {
50+
if (offset < VLAN_ETH_HLEN) {
5751
u8 ethlen = len;
5852

59-
if (vlan_hlen &&
60-
skb_copy_bits(skb, mac_off, &veth, VLAN_ETH_HLEN) < 0)
61-
return false;
62-
else if (!nft_payload_rebuild_vlan_hdr(skb, mac_off, &veth))
53+
if (!nft_payload_rebuild_vlan_hdr(skb, mac_off, &veth))
6354
return false;
6455

65-
if (offset + len > VLAN_ETH_HLEN + vlan_hlen)
66-
ethlen -= offset + len - VLAN_ETH_HLEN - vlan_hlen;
56+
if (offset + len > VLAN_ETH_HLEN)
57+
ethlen -= offset + len - VLAN_ETH_HLEN;
6758

68-
memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen);
59+
memcpy(dst_u8, vlanh + offset, ethlen);
6960

7061
len -= ethlen;
7162
if (len == 0)
7263
return true;
7364

7465
dst_u8 += ethlen;
75-
offset = ETH_HLEN + vlan_hlen;
66+
offset = ETH_HLEN;
7667
} else {
77-
offset -= VLAN_HLEN + vlan_hlen;
68+
offset -= VLAN_HLEN;
7869
}
7970

8071
return skb_copy_bits(skb, offset + mac_off, dst_u8, len) == 0;

0 commit comments

Comments
 (0)