* ipset bug (kernel hang)
@ 2022-12-22 23:22 Марк Коренберг
2022-12-29 13:14 ` Jozsef Kadlecsik
0 siblings, 1 reply; 2+ messages in thread
From: Марк Коренберг @ 2022-12-22 23:22 UTC (permalink / raw)
To: Jozsef Kadlecsik, netfilter, netfilter-devel, kadlecsik.jozsef,
kadlec
ipset create acl_cdc_cert hash:net,port,net
ipset add acl_cdc_cert 0.0.0.0/0,tcp:1-2,192.168.230.128/25
and kernel 6.0.12 hangs (!)
Seems the problem happens only if both 0.0.0.0/0 and port range
specified at the same time.
Please tell me where to report.
--
Segmentation fault
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ipset bug (kernel hang)
2022-12-22 23:22 ipset bug (kernel hang) Марк Коренберг
@ 2022-12-29 13:14 ` Jozsef Kadlecsik
0 siblings, 0 replies; 2+ messages in thread
From: Jozsef Kadlecsik @ 2022-12-29 13:14 UTC (permalink / raw)
To: Марк Коренберг
Cc: netfilter, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 2451 bytes --]
Hello,
On Fri, 23 Dec 2022, Марк Коренберг wrote:
> ipset create acl_cdc_cert hash:net,port,net
> ipset add acl_cdc_cert 0.0.0.0/0,tcp:1-2,192.168.230.128/25
>
> and kernel 6.0.12 hangs (!)
>
> Seems the problem happens only if both 0.0.0.0/0 and port range
> specified at the same time.
Thanks for the bugreport, I'm going to submit then next patch to fix it:
diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c
index 19bcdb3141f6..b3616f5e1f6a 100644
--- a/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -173,6 +173,16 @@ hash_netportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
+static u32
+hash_netportnet4_range_to_cidr(u32 from, u32 to, u8 *cidr)
+{
+ if (from == 0 && to == UINT_MAX) {
+ *cidr = 0;
+ return to;
+ }
+ return ip_set_range_to_cidr(from, to, cidr);
+}
+
static int
hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
@@ -287,12 +297,12 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
}
ipn = ip;
do {
- ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr[0]);
+ ipn = hash_netportnet4_range_to_cidr(ipn, ip_to, &e.cidr[0]);
n++;
} while (ipn++ < ip_to);
ipn = ip2_from;
do {
- ipn = ip_set_range_to_cidr(ipn, ip2_to, &e.cidr[1]);
+ ipn = hash_netportnet4_range_to_cidr(ipn, ip2_to, &e.cidr[1]);
m++;
} while (ipn++ < ip2_to);
@@ -310,13 +320,13 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
do {
e.ip[0] = htonl(ip);
- ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]);
+ ip = hash_netportnet4_range_to_cidr(ip, ip_to, &e.cidr[0]);
for (; p <= port_to; p++) {
e.port = htons(p);
do {
e.ip[1] = htonl(ip2);
- ip2 = ip_set_range_to_cidr(ip2, ip2_to,
- &e.cidr[1]);
+ ip2 = hash_netportnet4_range_to_cidr(ip2,
+ ip2_to, &e.cidr[1]);
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
return ret;
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-29 13:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-22 23:22 ipset bug (kernel hang) Марк Коренберг
2022-12-29 13:14 ` Jozsef Kadlecsik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).