release/5.2.35/netfilter-nft_tproxy-Fix-port-selector-on-Big-Endian.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From 24f03a3c252cfe6c30810a61e832f9f4e1671849 Mon Sep 17 00:00:00 2001
 From: Phil Sutter <phil@nwl.cc>
 Date: Wed, 18 Dec 2019 00:59:29 +0100
 Subject: [PATCH] netfilter: nft_tproxy: Fix port selector on Big Endian
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 commit 8cb4ec44de42b99b92399b4d1daf3dc430ed0186 upstream.

 On Big Endian architectures, u16 port value was extracted from the wrong
 parts of u32 sreg_port, just like commit 10596608c4d62 ("netfilter:
 nf_tables: fix mismatch in big-endian system") describes.

 Fixes: 4ed8eb6570a49 ("netfilter: nf_tables: Add native tproxy support")
 Signed-off-by: Phil Sutter <phil@nwl.cc>
 Acked-by: Florian Westphal <fw@strlen.de>
 Acked-by: Máté Eckl <ecklm94@gmail.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/net/netfilter/nft_tproxy.c b/net/netfilter/nft_tproxy.c
 index f92a82c73880..95980154ef02 100644
 --- a/net/netfilter/nft_tproxy.c
 +++ b/net/netfilter/nft_tproxy.c
 @@ -50,7 +50,7 @@ static void nft_tproxy_eval_v4(const struct nft_expr *expr,
  	taddr = nf_tproxy_laddr4(skb, taddr, iph->daddr);

  	if (priv->sreg_port)
 -		tport = regs->data[priv->sreg_port];
 +		tport = nft_reg_load16(&regs->data[priv->sreg_port]);
  	if (!tport)
  		tport = hp->dest;

 @@ -117,7 +117,7 @@ static void nft_tproxy_eval_v6(const struct nft_expr *expr,
  	taddr = *nf_tproxy_laddr6(skb, &taddr, &iph->daddr);

  	if (priv->sreg_port)
 -		tport = regs->data[priv->sreg_port];
 +		tport = nft_reg_load16(&regs->data[priv->sreg_port]);
  	if (!tport)
  		tport = hp->dest;

 --
 2.7.4
	From 24f03a3c252cfe6c30810a61e832f9f4e1671849 Mon Sep 17 00:00:00 2001
	From: Phil Sutter <phil@nwl.cc>
	Date: Wed, 18 Dec 2019 00:59:29 +0100
	Subject: [PATCH] netfilter: nft_tproxy: Fix port selector on Big Endian
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	commit 8cb4ec44de42b99b92399b4d1daf3dc430ed0186 upstream.

	On Big Endian architectures, u16 port value was extracted from the wrong
	parts of u32 sreg_port, just like commit 10596608c4d62 ("netfilter:
	nf_tables: fix mismatch in big-endian system") describes.

	Fixes: 4ed8eb6570a49 ("netfilter: nf_tables: Add native tproxy support")
	Signed-off-by: Phil Sutter <phil@nwl.cc>
	Acked-by: Florian Westphal <fw@strlen.de>
	Acked-by: Máté Eckl <ecklm94@gmail.com>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/net/netfilter/nft_tproxy.c b/net/netfilter/nft_tproxy.c
	index f92a82c73880..95980154ef02 100644
	--- a/net/netfilter/nft_tproxy.c
	+++ b/net/netfilter/nft_tproxy.c
	@@ -50,7 +50,7 @@ static void nft_tproxy_eval_v4(const struct nft_expr *expr,
	taddr = nf_tproxy_laddr4(skb, taddr, iph->daddr);

	if (priv->sreg_port)
	- tport = regs->data[priv->sreg_port];
	+ tport = nft_reg_load16(&regs->data[priv->sreg_port]);
	if (!tport)
	tport = hp->dest;

	@@ -117,7 +117,7 @@ static void nft_tproxy_eval_v6(const struct nft_expr *expr,
	taddr = *nf_tproxy_laddr6(skb, &taddr, &iph->daddr);

	if (priv->sreg_port)
	- tport = regs->data[priv->sreg_port];
	+ tport = nft_reg_load16(&regs->data[priv->sreg_port]);
	if (!tport)
	tport = hp->dest;

	--
	2.7.4