Re: [NETFILTER][PATCH] Re: Question about the hashlimit network mask patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@computergmbh.de>
Cc: Iavor Stoev <iavor@icdsoft.com>,
	Netfilter Developer Mailing List
	<netfilter-devel@vger.kernel.org>
Subject: Re: [NETFILTER][PATCH] Re: Question about the hashlimit network mask patch
Date: Tue, 01 Apr 2008 14:49:39 +0200	[thread overview]
Message-ID: <47F22F63.8020102@trash.net> (raw)
In-Reply-To: <alpine.LNX.1.10.0803260836030.22661@fbirervta.pbzchgretzou.qr>

[-- Attachment #1: Type: text/plain, Size: 443 bytes --]

Jan Engelhardt wrote:
> [NETFILTER]: xt_hashlimit: add workaround for >>32 case
> 
> Hardware surprisingly does nothing when a 32-bit right-shift is
> to be done. Worse yet, compilers do not even work around it.

Thats because the C standard states that the result is undefined.
Anyways, I think this patch is slightly nicer because it
gets rid of the double negation and the %32 == 0 special-casing
for IPv6.

Do you want to add an ACKed-by?

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1553 bytes --]

commit 830213d52cb7a7e003335003bd56bf82d6153dcf
Author: Patrick McHardy <kaber@trash.net>
Date:   Tue Apr 1 14:48:04 2008 +0200

    [NETFILTER]: xt_hashlimit: fix mask calculation
    
    Shifts larger than the data type are undefined, don't try to shift
    an u32 by 32. Also remove some special-casing of bitmasks divisible
    by 32.
    
    Based on patch by Jan Engelhardt <jengelh@computergmbh.de>.

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index dc29007..40d344b 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -466,38 +466,25 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
 
 static inline __be32 maskl(__be32 a, unsigned int l)
 {
-	return htonl(ntohl(a) & ~(~(u_int32_t)0 >> l));
+	return l ? htonl(ntohl(a) & ~0 << (32 - l)) : 0;
 }
 
 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
 static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
 {
 	switch (p) {
-	case 0:
-		i[0] = i[1] = 0;
-		i[2] = i[3] = 0;
-		break;
-	case 1 ... 31:
+	case 0 ... 31:
 		i[0] = maskl(i[0], p);
 		i[1] = i[2] = i[3] = 0;
 		break;
-	case 32:
-		i[1] = i[2] = i[3] = 0;
-		break;
-	case 33 ... 63:
+	case 32 ... 63:
 		i[1] = maskl(i[1], p - 32);
 		i[2] = i[3] = 0;
 		break;
-	case 64:
-		i[2] = i[3] = 0;
-		break;
-	case 65 ... 95:
+	case 64 ... 95:
 		i[2] = maskl(i[2], p - 64);
 		i[3] = 0;
-	case 96:
-		i[3] = 0;
-		break;
-	case 97 ... 127:
+	case 96 ... 127:
 		i[3] = maskl(i[3], p - 96);
 		break;
 	case 128:

next prev parent reply	other threads:[~2008-04-01 12:49 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <47E39230.90400@icdsoft.com>
     [not found] ` <alpine.LNX.1.00.0803211404530.10642@fbirervta.pbzchgretzou.qr>
     [not found]   ` <47E3E861.9090707@icdsoft.com>
     [not found]     ` <alpine.LNX.1.00.0803211805340.10642@fbirervta.pbzchgretzou.qr>
     [not found]       ` <47E90678.7090405@icdsoft.com>
2008-03-26  7:44         ` [NETFILTER][PATCH] Re: Question about the hashlimit network mask patch Jan Engelhardt
2008-03-26  9:54           ` Niki Denev
2008-03-26 10:28           ` Michał Mirosław
2008-03-26 13:18             ` Jan Engelhardt
2008-04-01 12:49           ` Patrick McHardy [this message]
2008-04-01 15:32             ` Jan Engelhardt
2008-04-02  9:52               ` Patrick McHardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dc29007 dfblob:40d344b )
 OR (
bs:"Re: [NETFILTER][PATCH] Re: Question about the hashlimit network mask patch" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47F22F63.8020102@trash.net \
    --to=kaber@trash.net \
    --cc=iavor@icdsoft.com \
    --cc=jengelh@computergmbh.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.