Hi Greg,
Cc'ing stable@xxxxxxxxxxxxxxx.
Subash (he's on Cc) needs these two fixes for 4.19:
f24d2d4f9586985509320f90308723d3d0c4e47f
netfilter: xt_TEE: fix wrong interface selection
18c0ab87364ac5128a152055fdcb1d27e01caf01
netfilter: xt_TEE: add missing code to get interface index in checkentry.
Subash forgot to Cc stable@xxxxxxxxxxxxxxx in his two patches, sorry
about that.
Thanks!
On Fri, Mar 08, 2019 at 04:38:14PM -0700, Subash Abhinov Kasiviswanathan wrote:
> From: Taehee Yoo <ap420073@xxxxxxxxx>
>
> commit 18c0ab87364ac5128a152055fdcb1d27e01caf01 upstream.
>
> checkentry(tee_tg_check) should initialize priv->oif from dev if possible.
> But only netdevice notifier handler can set that.
> Hence priv->oif is always -1 until notifier handler is called.
>
> Fixes: 9e2f6c5d78db ("netfilter: Rework xt_TEE netdevice notifier")
> Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> net/netfilter/xt_TEE.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
> index 673ad20..1dae02a 100644
> --- a/net/netfilter/xt_TEE.c
> +++ b/net/netfilter/xt_TEE.c
> @@ -104,6 +104,8 @@ static int tee_tg_check(const struct xt_tgchk_param *par)
> return -EINVAL;
>
> if (info->oif[0]) {
> + struct net_device *dev;
> +
> if (info->oif[sizeof(info->oif)-1] != '\0')
> return -EINVAL;
>
> @@ -115,6 +117,11 @@ static int tee_tg_check(const struct xt_tgchk_param *par)
> priv->oif = -1;
> info->priv = priv;
>
> + dev = dev_get_by_name(par->net, info->oif);
> + if (dev) {
> + priv->oif = dev->ifindex;
> + dev_put(dev);
> + }
> mutex_lock(&tn->lock);
> list_add(&priv->list, &tn->priv_list);
> mutex_unlock(&tn->lock);
> --
> 1.9.1
>
