* [PATCH v2] netfilter: nf_tables: check if payload offset is a power of 2
@ 2014-02-16 12:22 Nikolay Aleksandrov
2014-02-16 12:33 ` Nikolay Aleksandrov
0 siblings, 1 reply; 2+ messages in thread
From: Nikolay Aleksandrov @ 2014-02-16 12:22 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo, kaber, Nikolay Aleksandrov
Add a check if payload's offset is a power of 2 when selecting ops.
The fast ops were meant for well aligned offsets, also this fixes a
small bug when using unaligned offset and length of 3 which causes
only 1 byte to be loaded because the fast ops are chosen.
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
---
v2: use is_power_of_2, and adjust order of checks as per Patrick's comment
Sorry for the noise, I shouldn't hurry so much. This patch applies to
Dave's -net tree.
net/netfilter/nft_payload.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index a2aeb31..3321ce0 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
return ERR_PTR(-EINVAL);
- if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER)
+ if (len <= 4 && is_power_of_2(offset) && IS_ALIGNED(offset, len) &&
+ base != NFT_PAYLOAD_LL_HEADER)
return &nft_payload_fast_ops;
else
return &nft_payload_ops;
--
1.8.4.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] netfilter: nf_tables: check if payload offset is a power of 2
2014-02-16 12:22 [PATCH v2] netfilter: nf_tables: check if payload offset is a power of 2 Nikolay Aleksandrov
@ 2014-02-16 12:33 ` Nikolay Aleksandrov
0 siblings, 0 replies; 2+ messages in thread
From: Nikolay Aleksandrov @ 2014-02-16 12:33 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo, kaber, Nikolay Aleksandrov
On 02/16/2014 01:22 PM, Nikolay Aleksandrov wrote:
> Add a check if payload's offset is a power of 2 when selecting ops.
> The fast ops were meant for well aligned offsets, also this fixes a
> small bug when using unaligned offset and length of 3 which causes
> only 1 byte to be loaded because the fast ops are chosen.
>
> Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
> ---
> v2: use is_power_of_2, and adjust order of checks as per Patrick's comment
>
> Sorry for the noise, I shouldn't hurry so much. This patch applies to
> Dave's -net tree.
>
> net/netfilter/nft_payload.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
> index a2aeb31..3321ce0 100644
> --- a/net/netfilter/nft_payload.c
> +++ b/net/netfilter/nft_payload.c
> @@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
> if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
> return ERR_PTR(-EINVAL);
>
> - if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER)
> + if (len <= 4 && is_power_of_2(offset) && IS_ALIGNED(offset, len) &&
> + base != NFT_PAYLOAD_LL_HEADER)
> return &nft_payload_fast_ops;
> else
> return &nft_payload_ops;
>
Self-NAK as per our discussion in v1, there'll be v3 with the check for
length alignment.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-02-16 12:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-16 12:22 [PATCH v2] netfilter: nf_tables: check if payload offset is a power of 2 Nikolay Aleksandrov
2014-02-16 12:33 ` Nikolay Aleksandrov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).