aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhilip Craig <philipc@snapgear.com>2008-04-29 06:35:10 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-29 06:35:10 -0400
commit443a70d50bdc212e1292778e264ce3d0a85b896f (patch)
tree6b00ca5759949a4c11f77b683d9f65cae82a68e3
parent0010e46577a27c1d915034637f6c2fa57a9a091c (diff)
netfilter: nf_conntrack: padding breaks conntrack hash on ARM
commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()" results in ARM platforms hashing uninitialised padding. This padding doesn't exist on other architectures. Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure everything is initialised. There were only 4 bytes that NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM). Signed-off-by: Philip Craig <philipc@snapgear.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h10
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c2
-rw-r--r--net/netfilter/nf_conntrack_core.c4
3 files changed, 3 insertions, 13 deletions
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 1bb7087833d3..a6874ba22d54 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -107,16 +107,6 @@ struct nf_conntrack_tuple_mask
107 } src; 107 } src;
108}; 108};
109 109
110/* This is optimized opposed to a memset of the whole structure. Everything we
111 * really care about is the source/destination unions */
112#define NF_CT_TUPLE_U_BLANK(tuple) \
113 do { \
114 (tuple)->src.u.all = 0; \
115 (tuple)->dst.u.all = 0; \
116 memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3)); \
117 memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3)); \
118 } while (0)
119
120#ifdef __KERNEL__ 110#ifdef __KERNEL__
121 111
122static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t) 112static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index cacb9cb27dab..5a955c440364 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
303 const struct nf_conntrack_tuple_hash *h; 303 const struct nf_conntrack_tuple_hash *h;
304 struct nf_conntrack_tuple tuple; 304 struct nf_conntrack_tuple tuple;
305 305
306 NF_CT_TUPLE_U_BLANK(&tuple); 306 memset(&tuple, 0, sizeof(tuple));
307 tuple.src.u3.ip = inet->rcv_saddr; 307 tuple.src.u3.ip = inet->rcv_saddr;
308 tuple.src.u.tcp.port = inet->sport; 308 tuple.src.u.tcp.port = inet->sport;
309 tuple.dst.u3.ip = inet->daddr; 309 tuple.dst.u3.ip = inet->daddr;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 4eac65c74ed0..c4b1799da5d7 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
104 const struct nf_conntrack_l3proto *l3proto, 104 const struct nf_conntrack_l3proto *l3proto,
105 const struct nf_conntrack_l4proto *l4proto) 105 const struct nf_conntrack_l4proto *l4proto)
106{ 106{
107 NF_CT_TUPLE_U_BLANK(tuple); 107 memset(tuple, 0, sizeof(*tuple));
108 108
109 tuple->src.l3num = l3num; 109 tuple->src.l3num = l3num;
110 if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0) 110 if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0)
@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
151 const struct nf_conntrack_l3proto *l3proto, 151 const struct nf_conntrack_l3proto *l3proto,
152 const struct nf_conntrack_l4proto *l4proto) 152 const struct nf_conntrack_l4proto *l4proto)
153{ 153{
154 NF_CT_TUPLE_U_BLANK(inverse); 154 memset(inverse, 0, sizeof(*inverse));
155 155
156 inverse->src.l3num = orig->src.l3num; 156 inverse->src.l3num = orig->src.l3num;
157 if (l3proto->invert_tuple(inverse, orig) == 0) 157 if (l3proto->invert_tuple(inverse, orig) == 0)