* [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
@ 2026-04-03 19:39 Marino Dzalto
2026-04-03 19:46 ` Florian Westphal
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Marino Dzalto @ 2026-04-03 19:39 UTC (permalink / raw)
To: pablo, fw; +Cc: netfilter-devel, coreteam, netdev, linux-kernel, Marino Dzalto
Signed-off-by: Marino Dzalto <marino.dzalto@gmail.com>
---
net/netfilter/xt_hl.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
index c1a70f8f0..9434d5ca8 100644
--- a/net/netfilter/xt_hl.c
+++ b/net/netfilter/xt_hl.c
@@ -6,6 +6,7 @@
* Hop Limit matching module
* (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv>
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/ip.h>
#include <linux/ipv6.h>
@@ -25,7 +26,12 @@ MODULE_ALIAS("ip6t_hl");
static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ipt_ttl_info *info = par->matchinfo;
- const u8 ttl = ip_hdr(skb)->ttl;
+ const u8 ttl;
+
+ if (!skb)
+ return false;
+
+ ttl = ip_hdr(skb)->ttl;
switch (info->mode) {
case IPT_TTL_EQ:
@@ -36,15 +42,21 @@ static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
return ttl < info->ttl;
case IPT_TTL_GT:
return ttl > info->ttl;
+ default:
+ pr_warn("Unknown TTL match mode: %d\n", info->mode);
+ return false;
}
-
- return false;
}
static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ip6t_hl_info *info = par->matchinfo;
- const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+ const struct ipv6hdr *ip6h;
+
+ if (!skb)
+ return false;
+
+ ip6h = ipv6_hdr(skb);
switch (info->mode) {
case IP6T_HL_EQ:
@@ -55,9 +67,10 @@ static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
return ip6h->hop_limit < info->hop_limit;
case IP6T_HL_GT:
return ip6h->hop_limit > info->hop_limit;
+ default:
+ pr_warn("Unknown Hop Limit match mode: %d\n", info->mode);
+ return false;
}
-
- return false;
}
static struct xt_match hl_mt_reg[] __read_mostly = {
--
2.50.1 (Apple Git-155)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
2026-04-03 19:39 [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks Marino Dzalto
@ 2026-04-03 19:46 ` Florian Westphal
2026-04-03 21:01 ` Pablo Neira Ayuso
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Florian Westphal @ 2026-04-03 19:46 UTC (permalink / raw)
To: Marino Dzalto; +Cc: pablo, netfilter-devel, coreteam, netdev, linux-kernel
Marino Dzalto <marino.dzalto@gmail.com> wrote:
> Signed-off-by: Marino Dzalto <marino.dzalto@gmail.com>
> ---
> net/netfilter/xt_hl.c | 25 +++++++++++++++++++------
> 1 file changed, 19 insertions(+), 6 deletions(-)
>
> diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
> index c1a70f8f0..9434d5ca8 100644
> --- a/net/netfilter/xt_hl.c
> +++ b/net/netfilter/xt_hl.c
> @@ -6,6 +6,7 @@
> * Hop Limit matching module
> * (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv>
> */
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>
> #include <linux/ip.h>
> #include <linux/ipv6.h>
> @@ -25,7 +26,12 @@ MODULE_ALIAS("ip6t_hl");
> static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
> {
> const struct ipt_ttl_info *info = par->matchinfo;
> - const u8 ttl = ip_hdr(skb)->ttl;
> + const u8 ttl;
> +
> + if (!skb)
> + return false;
If this was NULL we'd have crashed already.
> case IPT_TTL_GT:
> return ttl > info->ttl;
> + default:
> + pr_warn("Unknown TTL match mode: %d\n", info->mode);
> + return false;
Please add a .checkentry function and reject this from there.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
2026-04-03 19:39 [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks Marino Dzalto
2026-04-03 19:46 ` Florian Westphal
@ 2026-04-03 21:01 ` Pablo Neira Ayuso
2026-04-21 11:48 ` kernel test robot
2026-04-21 16:24 ` kernel test robot
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2026-04-03 21:01 UTC (permalink / raw)
To: Marino Dzalto; +Cc: fw, netfilter-devel, coreteam, netdev, linux-kernel
On Fri, Apr 03, 2026 at 09:39:29PM +0200, Marino Dzalto wrote:
> diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
> index c1a70f8f0..9434d5ca8 100644
> --- a/net/netfilter/xt_hl.c
> +++ b/net/netfilter/xt_hl.c
[...]
> static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
> {
> const struct ip6t_hl_info *info = par->matchinfo;
> - const struct ipv6hdr *ip6h = ipv6_hdr(skb);
> + const struct ipv6hdr *ip6h;
> +
> + if (!skb)
> + return false;
No skb !?
This codebase is frozen, I don't see any benefit in this update.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
2026-04-03 19:39 [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks Marino Dzalto
2026-04-03 19:46 ` Florian Westphal
2026-04-03 21:01 ` Pablo Neira Ayuso
@ 2026-04-21 11:48 ` kernel test robot
2026-04-21 16:24 ` kernel test robot
3 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2026-04-21 11:48 UTC (permalink / raw)
To: Marino Dzalto, pablo, fw
Cc: oe-kbuild-all, netfilter-devel, coreteam, netdev, linux-kernel,
Marino Dzalto
Hi Marino,
kernel test robot noticed the following build errors:
[auto build test ERROR on netfilter-nf/main]
[also build test ERROR on nf-next/master horms-ipvs/master linus/master v7.0 next-20260420]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Marino-Dzalto/netfilter-xt_HL-add-pr_fmt-default-case-and-NULL-checks/20260420-185652
base: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main
patch link: https://lore.kernel.org/r/20260403193929.89449-1-marino.dzalto%40gmail.com
patch subject: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
config: m68k-allmodconfig (https://download.01.org/0day-ci/archive/20260421/202604211905.6ZPE3dFs-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260421/202604211905.6ZPE3dFs-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604211905.6ZPE3dFs-lkp@intel.com/
All errors (new ones prefixed by >>):
net/netfilter/xt_hl.c: In function 'ttl_mt':
>> net/netfilter/xt_hl.c:34:13: error: assignment of read-only variable 'ttl'
34 | ttl = ip_hdr(skb)->ttl;
| ^
vim +/ttl +34 net/netfilter/xt_hl.c
25
26 static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
27 {
28 const struct ipt_ttl_info *info = par->matchinfo;
29 const u8 ttl;
30
31 if (!skb)
32 return false;
33
> 34 ttl = ip_hdr(skb)->ttl;
35
36 switch (info->mode) {
37 case IPT_TTL_EQ:
38 return ttl == info->ttl;
39 case IPT_TTL_NE:
40 return ttl != info->ttl;
41 case IPT_TTL_LT:
42 return ttl < info->ttl;
43 case IPT_TTL_GT:
44 return ttl > info->ttl;
45 default:
46 pr_warn("Unknown TTL match mode: %d\n", info->mode);
47 return false;
48 }
49 }
50
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
2026-04-03 19:39 [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks Marino Dzalto
` (2 preceding siblings ...)
2026-04-21 11:48 ` kernel test robot
@ 2026-04-21 16:24 ` kernel test robot
3 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2026-04-21 16:24 UTC (permalink / raw)
To: Marino Dzalto, pablo, fw
Cc: llvm, oe-kbuild-all, netfilter-devel, coreteam, netdev,
linux-kernel, Marino Dzalto
Hi Marino,
kernel test robot noticed the following build errors:
[auto build test ERROR on netfilter-nf/main]
[also build test ERROR on linus/master v7.0 next-20260420]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Marino-Dzalto/netfilter-xt_HL-add-pr_fmt-default-case-and-NULL-checks/20260420-185652
base: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main
patch link: https://lore.kernel.org/r/20260403193929.89449-1-marino.dzalto%40gmail.com
patch subject: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
config: s390-allmodconfig (https://download.01.org/0day-ci/archive/20260422/202604220024.iITt6Hv8-lkp@intel.com/config)
compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260422/202604220024.iITt6Hv8-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604220024.iITt6Hv8-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/netfilter/xt_hl.c:34:6: error: cannot assign to variable 'ttl' with const-qualified type 'const u8' (aka 'const unsigned char')
34 | ttl = ip_hdr(skb)->ttl;
| ~~~ ^
net/netfilter/xt_hl.c:29:11: note: variable 'ttl' declared const here
29 | const u8 ttl;
| ~~~~~~~~~^~~
1 error generated.
vim +34 net/netfilter/xt_hl.c
25
26 static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
27 {
28 const struct ipt_ttl_info *info = par->matchinfo;
29 const u8 ttl;
30
31 if (!skb)
32 return false;
33
> 34 ttl = ip_hdr(skb)->ttl;
35
36 switch (info->mode) {
37 case IPT_TTL_EQ:
38 return ttl == info->ttl;
39 case IPT_TTL_NE:
40 return ttl != info->ttl;
41 case IPT_TTL_LT:
42 return ttl < info->ttl;
43 case IPT_TTL_GT:
44 return ttl > info->ttl;
45 default:
46 pr_warn("Unknown TTL match mode: %d\n", info->mode);
47 return false;
48 }
49 }
50
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-04-21 16:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-03 19:39 [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks Marino Dzalto
2026-04-03 19:46 ` Florian Westphal
2026-04-03 21:01 ` Pablo Neira Ayuso
2026-04-21 11:48 ` kernel test robot
2026-04-21 16:24 ` kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox