aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-04-09 18:14:18 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-09 18:14:18 -0400
commit1b9b70ea2ebaab26c3e4fed385dfab6fc16359ed (patch)
treedad450564144193ea3591a491cc24665f4b22224
parentb41f5bfff73f244101b34f3603974ef7aeadf545 (diff)
[NETFILTER]: xt_hashlimit: fix mask calculation
Shifts larger than the data type are undefined, don't try to shift an u32 by 32. Also remove some special-casing of bitmasks divisible by 32. Based on patch by Jan Engelhardt <jengelh@computergmbh.de>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netfilter/xt_hashlimit.c23
1 files changed, 5 insertions, 18 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index dc29007c52cd..40d344b21453 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -466,38 +466,25 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
466 466
467static inline __be32 maskl(__be32 a, unsigned int l) 467static inline __be32 maskl(__be32 a, unsigned int l)
468{ 468{
469 return htonl(ntohl(a) & ~(~(u_int32_t)0 >> l)); 469 return l ? htonl(ntohl(a) & ~0 << (32 - l)) : 0;
470} 470}
471 471
472#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 472#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
473static void hashlimit_ipv6_mask(__be32 *i, unsigned int p) 473static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
474{ 474{
475 switch (p) { 475 switch (p) {
476 case 0: 476 case 0 ... 31:
477 i[0] = i[1] = 0;
478 i[2] = i[3] = 0;
479 break;
480 case 1 ... 31:
481 i[0] = maskl(i[0], p); 477 i[0] = maskl(i[0], p);
482 i[1] = i[2] = i[3] = 0; 478 i[1] = i[2] = i[3] = 0;
483 break; 479 break;
484 case 32: 480 case 32 ... 63:
485 i[1] = i[2] = i[3] = 0;
486 break;
487 case 33 ... 63:
488 i[1] = maskl(i[1], p - 32); 481 i[1] = maskl(i[1], p - 32);
489 i[2] = i[3] = 0; 482 i[2] = i[3] = 0;
490 break; 483 break;
491 case 64: 484 case 64 ... 95:
492 i[2] = i[3] = 0;
493 break;
494 case 65 ... 95:
495 i[2] = maskl(i[2], p - 64); 485 i[2] = maskl(i[2], p - 64);
496 i[3] = 0; 486 i[3] = 0;
497 case 96: 487 case 96 ... 127:
498 i[3] = 0;
499 break;
500 case 97 ... 127:
501 i[3] = maskl(i[3], p - 96); 488 i[3] = maskl(i[3], p - 96);
502 break; 489 break;
503 case 128: 490 case 128: