* [PATCH nft] src: avoid IPPROTO_MAX for array definitions
@ 2023-06-20 20:08 Florian Westphal
2023-06-20 22:32 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2023-06-20 20:08 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
ip header can only accomodate 8but value, but IPPROTO_MAX has been bumped
due to uapi reasons to support MPTCP (262, which is used to toggle on
multipath support in tcp).
This results in:
exthdr.c:349:11: warning: result of comparison of constant 263 with expression of type 'uint8_t' (aka 'unsigned char') is always true [-Wtautological-constant-out-of-range-compare]
if (type < array_size(exthdr_protocols))
~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
redude array sizes back to what can be used on-wire.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/rule.h | 2 +-
src/exthdr.c | 5 ++---
src/rule.c | 2 +-
3 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/include/rule.h b/include/rule.h
index b360e2614c78..5cb549c2e14e 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -786,7 +786,7 @@ struct timeout_protocol {
uint32_t *dflt_timeout;
};
-extern struct timeout_protocol timeout_protocol[IPPROTO_MAX];
+extern struct timeout_protocol timeout_protocol[UINT8_MAX + 1];
extern int timeout_str2num(uint16_t l4proto, struct timeout_state *ts);
#endif /* NFTABLES_RULE_H */
diff --git a/src/exthdr.c b/src/exthdr.c
index d0274bea6ca0..f5527ddb4a3f 100644
--- a/src/exthdr.c
+++ b/src/exthdr.c
@@ -289,7 +289,7 @@ struct stmt *exthdr_stmt_alloc(const struct location *loc,
return stmt;
}
-static const struct exthdr_desc *exthdr_protocols[IPPROTO_MAX] = {
+static const struct exthdr_desc *exthdr_protocols[UINT8_MAX + 1] = {
[IPPROTO_HOPOPTS] = &exthdr_hbh,
[IPPROTO_ROUTING] = &exthdr_rt,
[IPPROTO_FRAGMENT] = &exthdr_frag,
@@ -346,8 +346,7 @@ void exthdr_init_raw(struct expr *expr, uint8_t type,
expr->exthdr.offset = offset;
expr->exthdr.desc = NULL;
- if (type < array_size(exthdr_protocols))
- expr->exthdr.desc = exthdr_protocols[type];
+ expr->exthdr.desc = exthdr_protocols[type];
if (expr->exthdr.desc == NULL)
goto out;
diff --git a/src/rule.c b/src/rule.c
index 3704600a87be..19d681bb74b3 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -76,7 +76,7 @@ static uint32_t udp_dflt_timeout[] = {
[NFTNL_CTTIMEOUT_UDP_REPLIED] = 120,
};
-struct timeout_protocol timeout_protocol[IPPROTO_MAX] = {
+struct timeout_protocol timeout_protocol[UINT8_MAX + 1] = {
[IPPROTO_TCP] = {
.array_size = NFTNL_CTTIMEOUT_TCP_MAX,
.state_to_name = tcp_state_to_name,
--
2.39.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nft] src: avoid IPPROTO_MAX for array definitions
2023-06-20 20:08 [PATCH nft] src: avoid IPPROTO_MAX for array definitions Florian Westphal
@ 2023-06-20 22:32 ` Pablo Neira Ayuso
2023-06-21 11:18 ` Florian Westphal
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2023-06-20 22:32 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Tue, Jun 20, 2023 at 10:08:36PM +0200, Florian Westphal wrote:
> ip header can only accomodate 8but value, but IPPROTO_MAX has been bumped
> due to uapi reasons to support MPTCP (262, which is used to toggle on
> multipath support in tcp).
Maybe use IPPROTO_RAW + 1, hopefully that won't ever change.
> This results in:
> exthdr.c:349:11: warning: result of comparison of constant 263 with expression of type 'uint8_t' (aka 'unsigned char') is always true [-Wtautological-constant-out-of-range-compare]
> if (type < array_size(exthdr_protocols))
> ~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> redude array sizes back to what can be used on-wire.
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> include/rule.h | 2 +-
> src/exthdr.c | 5 ++---
> src/rule.c | 2 +-
> 3 files changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/include/rule.h b/include/rule.h
> index b360e2614c78..5cb549c2e14e 100644
> --- a/include/rule.h
> +++ b/include/rule.h
> @@ -786,7 +786,7 @@ struct timeout_protocol {
> uint32_t *dflt_timeout;
> };
>
> -extern struct timeout_protocol timeout_protocol[IPPROTO_MAX];
> +extern struct timeout_protocol timeout_protocol[UINT8_MAX + 1];
> extern int timeout_str2num(uint16_t l4proto, struct timeout_state *ts);
>
> #endif /* NFTABLES_RULE_H */
> diff --git a/src/exthdr.c b/src/exthdr.c
> index d0274bea6ca0..f5527ddb4a3f 100644
> --- a/src/exthdr.c
> +++ b/src/exthdr.c
> @@ -289,7 +289,7 @@ struct stmt *exthdr_stmt_alloc(const struct location *loc,
> return stmt;
> }
>
> -static const struct exthdr_desc *exthdr_protocols[IPPROTO_MAX] = {
> +static const struct exthdr_desc *exthdr_protocols[UINT8_MAX + 1] = {
> [IPPROTO_HOPOPTS] = &exthdr_hbh,
> [IPPROTO_ROUTING] = &exthdr_rt,
> [IPPROTO_FRAGMENT] = &exthdr_frag,
> @@ -346,8 +346,7 @@ void exthdr_init_raw(struct expr *expr, uint8_t type,
> expr->exthdr.offset = offset;
> expr->exthdr.desc = NULL;
>
> - if (type < array_size(exthdr_protocols))
> - expr->exthdr.desc = exthdr_protocols[type];
> + expr->exthdr.desc = exthdr_protocols[type];
>
> if (expr->exthdr.desc == NULL)
> goto out;
> diff --git a/src/rule.c b/src/rule.c
> index 3704600a87be..19d681bb74b3 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -76,7 +76,7 @@ static uint32_t udp_dflt_timeout[] = {
> [NFTNL_CTTIMEOUT_UDP_REPLIED] = 120,
> };
>
> -struct timeout_protocol timeout_protocol[IPPROTO_MAX] = {
> +struct timeout_protocol timeout_protocol[UINT8_MAX + 1] = {
> [IPPROTO_TCP] = {
> .array_size = NFTNL_CTTIMEOUT_TCP_MAX,
> .state_to_name = tcp_state_to_name,
> --
> 2.39.3
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nft] src: avoid IPPROTO_MAX for array definitions
2023-06-20 22:32 ` Pablo Neira Ayuso
@ 2023-06-21 11:18 ` Florian Westphal
2023-06-21 14:41 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2023-06-21 11:18 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Tue, Jun 20, 2023 at 10:08:36PM +0200, Florian Westphal wrote:
> > ip header can only accomodate 8but value, but IPPROTO_MAX has been bumped
> > due to uapi reasons to support MPTCP (262, which is used to toggle on
> > multipath support in tcp).
>
> Maybe use IPPROTO_RAW + 1, hopefully that won't ever change.
If you don't like UINT8_MAX+1, would you be fine with open-coding, i.e.
[256] ?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nft] src: avoid IPPROTO_MAX for array definitions
2023-06-21 11:18 ` Florian Westphal
@ 2023-06-21 14:41 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2023-06-21 14:41 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Wed, Jun 21, 2023 at 01:18:15PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > On Tue, Jun 20, 2023 at 10:08:36PM +0200, Florian Westphal wrote:
> > > ip header can only accomodate 8but value, but IPPROTO_MAX has been bumped
> > > due to uapi reasons to support MPTCP (262, which is used to toggle on
> > > multipath support in tcp).
> >
> > Maybe use IPPROTO_RAW + 1, hopefully that won't ever change.
>
> If you don't like UINT8_MAX+1, would you be fine with open-coding, i.e.
> [256] ?
UINT8_MAX+1 is OK with me
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-06-21 14:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-20 20:08 [PATCH nft] src: avoid IPPROTO_MAX for array definitions Florian Westphal
2023-06-20 22:32 ` Pablo Neira Ayuso
2023-06-21 11:18 ` Florian Westphal
2023-06-21 14:41 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).