aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Williamson <alex.williamson@hp.com>2009-02-08 17:49:17 -0800
committerDavid S. Miller <davem@davemloft.net>2009-02-08 17:49:17 -0800
commitcfbf84fcbcda98bb91ada683a8dc8e6901a83ebd (patch)
treeabc699128c7579183a7d493ca88807d9ba3d710a
parent23b904f35128f3c596831cc3320bab1f2db81f60 (diff)
tun: Fix unicast filter overflow
Tap devices can make use of a small MAC filter set via the TUNSETTXFILTER ioctl. The filter has a set of exact matches plus a hash for imperfect filtering of additional multicast addresses. The current code is unbalanced, adding unicast addresses to the multicast hash, but only checking the hash against multicast addresses. This results in the filter dropping unicast addresses that overflow the exact filter. The fix is simply to disable the filter by leaving count set to zero if we find non-multicast addresses after the exact match table is filled. Signed-off-by: Alex Williamson <alex.williamson@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/net/tun.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index d7b81e4fdd5..09fea31d3e3 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -157,10 +157,16 @@ static int update_filter(struct tap_filter *filter, void __user *arg)
nexact = n;
- /* The rest is hashed */
+ /* Remaining multicast addresses are hashed,
+ * unicast will leave the filter disabled. */
memset(filter->mask, 0, sizeof(filter->mask));
- for (; n < uf.count; n++)
+ for (; n < uf.count; n++) {
+ if (!is_multicast_ether_addr(addr[n].u)) {
+ err = 0; /* no filter */
+ goto done;
+ }
addr_hash_set(filter->mask, addr[n].u);
+ }
/* For ALLMULTI just set the mask to all ones.
* This overrides the mask populated above. */