* [PATCH 0/2] ipset patches for nf-next
@ 2013-10-27 18:31 Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 1/2] netfilter:ipset: Fix memory allocation for bitmap:port Jozsef Kadlecsik
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jozsef Kadlecsik @ 2013-10-27 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso
Hi Pablo,
Here follows two patches for nf-next.
- Fix memory allocation for bitmap:port: at the restructuring of
the bitmap types creation in ipset, for the bitmap:port type wrong
(too large) memory allocation was copied. Reported by Quentin Armitage,
the patch is from me.
- Remove a duplicate define from net/netfilter/ipset/ip_set_hash_gen.h,
submitted by Michael Opdenacker.
Please apply them.
Best regards,
Jozsef
The following changes since commit f2020b27be94222eb25c39ff46eb9917cb92897b:
netfilter: ip6t_REJECT: skip checksum verification for outgoing ipv6 packets (2013-10-23 11:20:00 +0200)
are available in the git repository at:
git://blackhole.kfki.hu/nf-next master
for you to fetch changes up to 1e56555ee1f3d04d89bdaa3df57ad2da9fbc0999:
netfilter: ipset: remove duplicate define (2013-10-27 19:24:45 +0100)
----------------------------------------------------------------
Jozsef Kadlecsik (1):
netfilter:ipset: Fix memory allocation for bitmap:port
Michael Opdenacker (1):
netfilter: ipset: remove duplicate define
net/netfilter/ipset/ip_set_bitmap_port.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] netfilter:ipset: Fix memory allocation for bitmap:port
2013-10-27 18:31 [PATCH 0/2] ipset patches for nf-next Jozsef Kadlecsik
@ 2013-10-27 18:31 ` Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 2/2] netfilter: ipset: remove duplicate define Jozsef Kadlecsik
2013-10-27 19:36 ` [PATCH 0/2] ipset patches for nf-next Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Jozsef Kadlecsik @ 2013-10-27 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso
At the restructuring of the bitmap types creation in ipset, for the
bitmap:port type wrong (too large) memory allocation was copied
(netfilter bugzilla id #859).
Reported-by: Quentin Armitage <quentin@armitage.org.uk>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_bitmap_port.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
index e7603c5..cf99676 100644
--- a/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -254,7 +254,7 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
return -ENOMEM;
map->elements = last_port - first_port + 1;
- map->memsize = map->elements * sizeof(unsigned long);
+ map->memsize = bitmap_bytes(0, map->elements);
set->variant = &bitmap_port;
set->dsize = ip_set_elem_len(set, tb, 0);
if (!init_map_port(set, map, first_port, last_port)) {
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] netfilter: ipset: remove duplicate define
2013-10-27 18:31 [PATCH 0/2] ipset patches for nf-next Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 1/2] netfilter:ipset: Fix memory allocation for bitmap:port Jozsef Kadlecsik
@ 2013-10-27 18:31 ` Jozsef Kadlecsik
2013-10-27 19:36 ` [PATCH 0/2] ipset patches for nf-next Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Jozsef Kadlecsik @ 2013-10-27 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso
From: Michael Opdenacker <michael.opdenacker@free-electrons.com>
This patch removes a duplicate define from
net/netfilter/ipset/ip_set_hash_gen.h
Signed-off-by: Michael Opdenacker <michael.opdenacker@free-electrons.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_hash_gen.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 2f80c74..be6932a 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -234,7 +234,6 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
#define mtype_uadt IPSET_TOKEN(MTYPE, _uadt)
#define mtype MTYPE
-#define mtype_elem IPSET_TOKEN(MTYPE, _elem)
#define mtype_add IPSET_TOKEN(MTYPE, _add)
#define mtype_del IPSET_TOKEN(MTYPE, _del)
#define mtype_test_cidrs IPSET_TOKEN(MTYPE, _test_cidrs)
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] ipset patches for nf-next
2013-10-27 18:31 [PATCH 0/2] ipset patches for nf-next Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 1/2] netfilter:ipset: Fix memory allocation for bitmap:port Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 2/2] netfilter: ipset: remove duplicate define Jozsef Kadlecsik
@ 2013-10-27 19:36 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-10-27 19:36 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter-devel
On Sun, Oct 27, 2013 at 07:31:57PM +0100, Jozsef Kadlecsik wrote:
[...]
> The following changes since commit f2020b27be94222eb25c39ff46eb9917cb92897b:
>
> netfilter: ip6t_REJECT: skip checksum verification for outgoing ipv6 packets (2013-10-23 11:20:00 +0200)
>
> are available in the git repository at:
>
> git://blackhole.kfki.hu/nf-next master
Pulled, thanks Jozsef.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-10-27 19:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-27 18:31 [PATCH 0/2] ipset patches for nf-next Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 1/2] netfilter:ipset: Fix memory allocation for bitmap:port Jozsef Kadlecsik
2013-10-27 18:31 ` [PATCH 2/2] netfilter: ipset: remove duplicate define Jozsef Kadlecsik
2013-10-27 19:36 ` [PATCH 0/2] ipset patches for nf-next Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.