diff options
author | Philip Craig <philipc@snapgear.com> | 2008-04-29 06:35:10 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-29 06:35:10 -0400 |
commit | 443a70d50bdc212e1292778e264ce3d0a85b896f (patch) | |
tree | 6b00ca5759949a4c11f77b683d9f65cae82a68e3 | |
parent | 0010e46577a27c1d915034637f6c2fa57a9a091c (diff) |
netfilter: nf_conntrack: padding breaks conntrack hash on ARM
commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()"
results in ARM platforms hashing uninitialised padding. This padding
doesn't exist on other architectures.
Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure
everything is initialised. There were only 4 bytes that
NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM).
Signed-off-by: Philip Craig <philipc@snapgear.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/netfilter/nf_conntrack_tuple.h | 10 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 4 |
3 files changed, 3 insertions, 13 deletions
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index 1bb7087833d3..a6874ba22d54 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h | |||
@@ -107,16 +107,6 @@ struct nf_conntrack_tuple_mask | |||
107 | } src; | 107 | } src; |
108 | }; | 108 | }; |
109 | 109 | ||
110 | /* This is optimized opposed to a memset of the whole structure. Everything we | ||
111 | * really care about is the source/destination unions */ | ||
112 | #define NF_CT_TUPLE_U_BLANK(tuple) \ | ||
113 | do { \ | ||
114 | (tuple)->src.u.all = 0; \ | ||
115 | (tuple)->dst.u.all = 0; \ | ||
116 | memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3)); \ | ||
117 | memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3)); \ | ||
118 | } while (0) | ||
119 | |||
120 | #ifdef __KERNEL__ | 110 | #ifdef __KERNEL__ |
121 | 111 | ||
122 | static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t) | 112 | static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t) |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index cacb9cb27dab..5a955c440364 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) | |||
303 | const struct nf_conntrack_tuple_hash *h; | 303 | const struct nf_conntrack_tuple_hash *h; |
304 | struct nf_conntrack_tuple tuple; | 304 | struct nf_conntrack_tuple tuple; |
305 | 305 | ||
306 | NF_CT_TUPLE_U_BLANK(&tuple); | 306 | memset(&tuple, 0, sizeof(tuple)); |
307 | tuple.src.u3.ip = inet->rcv_saddr; | 307 | tuple.src.u3.ip = inet->rcv_saddr; |
308 | tuple.src.u.tcp.port = inet->sport; | 308 | tuple.src.u.tcp.port = inet->sport; |
309 | tuple.dst.u3.ip = inet->daddr; | 309 | tuple.dst.u3.ip = inet->daddr; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 4eac65c74ed0..c4b1799da5d7 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb, | |||
104 | const struct nf_conntrack_l3proto *l3proto, | 104 | const struct nf_conntrack_l3proto *l3proto, |
105 | const struct nf_conntrack_l4proto *l4proto) | 105 | const struct nf_conntrack_l4proto *l4proto) |
106 | { | 106 | { |
107 | NF_CT_TUPLE_U_BLANK(tuple); | 107 | memset(tuple, 0, sizeof(*tuple)); |
108 | 108 | ||
109 | tuple->src.l3num = l3num; | 109 | tuple->src.l3num = l3num; |
110 | if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0) | 110 | if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0) |
@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, | |||
151 | const struct nf_conntrack_l3proto *l3proto, | 151 | const struct nf_conntrack_l3proto *l3proto, |
152 | const struct nf_conntrack_l4proto *l4proto) | 152 | const struct nf_conntrack_l4proto *l4proto) |
153 | { | 153 | { |
154 | NF_CT_TUPLE_U_BLANK(inverse); | 154 | memset(inverse, 0, sizeof(*inverse)); |
155 | 155 | ||
156 | inverse->src.l3num = orig->src.l3num; | 156 | inverse->src.l3num = orig->src.l3num; |
157 | if (l3proto->invert_tuple(inverse, orig) == 0) | 157 | if (l3proto->invert_tuple(inverse, orig) == 0) |