[NETFILTER 1/2]: xt_hashlimit: fix mask calculation

All of lore.kernel.org
 help / color / mirror / Atom feed

* [NETFILTER 1/2]: xt_hashlimit: fix mask calculation
@ 2008-04-07 11:57 Patrick McHardy
  2008-04-09 22:15 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Patrick McHardy @ 2008-04-07 11:57 UTC (permalink / raw)
  To: David S. Miller; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 193 bytes --]

The following two patches fix an invalid mask calculation
in xt_hashlimit for prefix-lengths of 32 and add a missing
module dependency from nf_nat to nf_conntrack_ipv4.

Please apply, thanks.


[-- Attachment #2: 01.diff --]
[-- Type: text/x-diff, Size: 1611 bytes --]

commit 01b916505ef235308d0b3b1f688a76153583bafe
Author: Patrick McHardy <kaber@trash.net>
Date:   Mon Apr 7 13:52:15 2008 +0200

    [NETFILTER]: xt_hashlimit: fix mask calculation
    
    Shifts larger than the data type are undefined, don't try to shift
    an u32 by 32. Also remove some special-casing of bitmasks divisible
    by 32.
    
    Based on patch by Jan Engelhardt <jengelh@computergmbh.de>.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index dc29007..40d344b 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -466,38 +466,25 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
 
 static inline __be32 maskl(__be32 a, unsigned int l)
 {
-	return htonl(ntohl(a) & ~(~(u_int32_t)0 >> l));
+	return l ? htonl(ntohl(a) & ~0 << (32 - l)) : 0;
 }
 
 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
 static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
 {
 	switch (p) {
-	case 0:
-		i[0] = i[1] = 0;
-		i[2] = i[3] = 0;
-		break;
-	case 1 ... 31:
+	case 0 ... 31:
 		i[0] = maskl(i[0], p);
 		i[1] = i[2] = i[3] = 0;
 		break;
-	case 32:
-		i[1] = i[2] = i[3] = 0;
-		break;
-	case 33 ... 63:
+	case 32 ... 63:
 		i[1] = maskl(i[1], p - 32);
 		i[2] = i[3] = 0;
 		break;
-	case 64:
-		i[2] = i[3] = 0;
-		break;
-	case 65 ... 95:
+	case 64 ... 95:
 		i[2] = maskl(i[2], p - 64);
 		i[3] = 0;
-	case 96:
-		i[3] = 0;
-		break;
-	case 97 ... 127:
+	case 96 ... 127:
 		i[3] = maskl(i[3], p - 96);
 		break;
 	case 128:

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [NETFILTER 1/2]: xt_hashlimit: fix mask calculation
  2008-04-07 11:57 [NETFILTER 1/2]: xt_hashlimit: fix mask calculation Patrick McHardy
@ 2008-04-09 22:15 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2008-04-09 22:15 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel

From: Patrick McHardy <kaber@trash.net>
Date: Mon, 07 Apr 2008 13:57:16 +0200

> The following two patches fix an invalid mask calculation
> in xt_hashlimit for prefix-lengths of 32 and add a missing
> module dependency from nf_nat to nf_conntrack_ipv4.
> 
> Please apply, thanks.

Both applied to net-2.6, thanks Patrick!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-04-09 22:15 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-07 11:57 [NETFILTER 1/2]: xt_hashlimit: fix mask calculation Patrick McHardy
2008-04-09 22:15 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.