ipset: Make invalid MAC address checks consistent

Set types bitmap:ipmac and hash:ipmac check that MAC addresses are not all zeroes. Introduce one missing check, and make the remaining ones consistent, using is_zero_ether_addr() instead of comparing against an array containing zeroes. This was already done for hash:mac sets in commit 26c97c5d8dac ("netfilter: ipset: Use is_zero_ether_addr instead of static and memcmp"). Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Stefano Brivio <sbrivio@redhat.com> 2018-08-17 21:09:48 +0200
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2018-08-30 10:31:05 +0200
commit: 9998f795bac2611e2a8fabd5dd9c264077c9a980 (patch)
tree: 6661deeb005cff207206e209e315025633e3a710 /kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
parent: 1543514c46a7a552aca0e1bb74d66ea98ecf3e38 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 2940b9b..b034f9e 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -237,6 +237,9 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
 	else
 		ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
 
+	if (is_zero_ether_addr(e.ether))
+		return -EINVAL;
+
 	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
 }
author	Stefano Brivio <sbrivio@redhat.com>	2018-08-17 21:09:48 +0200
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2018-08-30 10:31:05 +0200
commit	9998f795bac2611e2a8fabd5dd9c264077c9a980 (patch)
tree	6661deeb005cff207206e209e315025633e3a710 /kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
parent	1543514c46a7a552aca0e1bb74d66ea98ecf3e38 (diff)