diff options
author | Alex Williamson <alex.williamson@hp.com> | 2009-02-08 17:49:17 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-02-08 17:49:17 -0800 |
commit | cfbf84fcbcda98bb91ada683a8dc8e6901a83ebd (patch) | |
tree | abc699128c7579183a7d493ca88807d9ba3d710a | |
parent | 23b904f35128f3c596831cc3320bab1f2db81f60 (diff) |
tun: Fix unicast filter overflow
Tap devices can make use of a small MAC filter set via the
TUNSETTXFILTER ioctl. The filter has a set of exact matches
plus a hash for imperfect filtering of additional multicast
addresses. The current code is unbalanced, adding unicast
addresses to the multicast hash, but only checking the hash
against multicast addresses. This results in the filter
dropping unicast addresses that overflow the exact filter.
The fix is simply to disable the filter by leaving count set
to zero if we find non-multicast addresses after the exact
match table is filled.
Signed-off-by: Alex Williamson <alex.williamson@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/tun.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index d7b81e4fdd5..09fea31d3e3 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -157,10 +157,16 @@ static int update_filter(struct tap_filter *filter, void __user *arg) nexact = n; - /* The rest is hashed */ + /* Remaining multicast addresses are hashed, + * unicast will leave the filter disabled. */ memset(filter->mask, 0, sizeof(filter->mask)); - for (; n < uf.count; n++) + for (; n < uf.count; n++) { + if (!is_multicast_ether_addr(addr[n].u)) { + err = 0; /* no filter */ + goto done; + } addr_hash_set(filter->mask, addr[n].u); + } /* For ALLMULTI just set the mask to all ones. * This overrides the mask populated above. */ |