* [PATCH 0/1] ipset bugfix patch
@ 2012-06-29 19:42 Jozsef Kadlecsik
2012-06-29 19:42 ` [PATCH 1/1] Timeout fixing bug broke SET target special timeout value, fixed Jozsef Kadlecsik
0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2012-06-29 19:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso
Hi Pablo,
In my previous patchset a bug slipped in by ignoring a special
value of the timeout parameter for the SET target. Please submit
the next patch for the stable branch. Thanks!
Best regards,
Jozsef
Jozsef Kadlecsik (1):
Timeout fixing bug broke SET target special timeout value, fixed
net/netfilter/xt_set.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] Timeout fixing bug broke SET target special timeout value, fixed
2012-06-29 19:42 [PATCH 0/1] ipset bugfix patch Jozsef Kadlecsik
@ 2012-06-29 19:42 ` Jozsef Kadlecsik
2012-07-04 21:18 ` Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2012-06-29 19:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso, Jozsef Kadlecsik
The patch "Fix timeout value overflow bug at large timeout parameters"
broke the SET target when no timeout was specified (reported by
Jean-Philippe Menil).
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/xt_set.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c
index 035960e..b172cbc 100644
--- a/net/netfilter/xt_set.c
+++ b/net/netfilter/xt_set.c
@@ -16,6 +16,7 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_set.h>
+#include <linux/netfilter/ipset/ip_set_timeout.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -310,7 +311,8 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
info->del_set.flags, 0, UINT_MAX);
/* Normalize to fit into jiffies */
- if (add_opt.timeout > UINT_MAX/MSEC_PER_SEC)
+ if (add_opt.timeout != IPSET_NO_TIMEOUT
+ && add_opt.timeout > UINT_MAX/MSEC_PER_SEC)
add_opt.timeout = UINT_MAX/MSEC_PER_SEC;
if (info->add_set.index != IPSET_INVALID_ID)
ip_set_add(info->add_set.index, skb, par, &add_opt);
--
1.7.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] Timeout fixing bug broke SET target special timeout value, fixed
2012-06-29 19:42 ` [PATCH 1/1] Timeout fixing bug broke SET target special timeout value, fixed Jozsef Kadlecsik
@ 2012-07-04 21:18 ` Pablo Neira Ayuso
0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2012-07-04 21:18 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter-devel
On Fri, Jun 29, 2012 at 09:42:28PM +0200, Jozsef Kadlecsik wrote:
> The patch "Fix timeout value overflow bug at large timeout parameters"
> broke the SET target when no timeout was specified (reported by
> Jean-Philippe Menil).
>
> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
I've enqueued this for 3.5-rc, thanks Jozsef.
I'll pass this to -stable 3.4 once this hit Linus tree.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-07-04 21:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-29 19:42 [PATCH 0/1] ipset bugfix patch Jozsef Kadlecsik
2012-06-29 19:42 ` [PATCH 1/1] Timeout fixing bug broke SET target special timeout value, fixed Jozsef Kadlecsik
2012-07-04 21:18 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).