netfilter: nf_tables: check if payload length is a power of 2

Add a check if payload's length is a power of 2 when selecting ops. The fast ops were meant for well aligned loads, also this fixes a small bug when using a length of 3 with some offsets which causes only 1 byte to be loaded because the fast ops are chosen. Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Nikolay Aleksandrov <nikolay@redhat.com> 2014-02-16 08:01:58 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-02-17 05:21:17 -0500
commit: f627ed91d85ed7a189ec8b3b045a0d831e1655e2 (patch)
tree: 9469b066c11c8cc0c734aa947bd5c8cde362202f
parent: 478b360a47b71f3b5030eacd3aae6acb1a32c2b6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index a2aeb318678f..85daa84bfdfe 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
        if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
                return ERR_PTR(-EINVAL);
-        if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER)
+        if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) &&
+            base != NFT_PAYLOAD_LL_HEADER)
                return &nft_payload_fast_ops;
        else
                return &nft_payload_ops;
author	Nikolay Aleksandrov <nikolay@redhat.com>	2014-02-16 08:01:58 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-02-17 05:21:17 -0500
commit	f627ed91d85ed7a189ec8b3b045a0d831e1655e2 (patch)
tree	9469b066c11c8cc0c734aa947bd5c8cde362202f
parent	478b360a47b71f3b5030eacd3aae6acb1a32c2b6 (diff)

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c index a2aeb318678f..85daa84bfdfe 100644 --- a/net/netfilter/nft_payload.c +++ b/net/netfilter/nft_payload.c
@@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
135	if (len == 0 \|\| len > FIELD_SIZEOF(struct nft_data, data))	135	if (len == 0 \|\| len > FIELD_SIZEOF(struct nft_data, data))
136	return ERR_PTR(-EINVAL);	136	return ERR_PTR(-EINVAL);
137		137
138	if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER)	138	if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) &&
		139	base != NFT_PAYLOAD_LL_HEADER)
139	return &nft_payload_fast_ops;	140	return &nft_payload_fast_ops;
140	else	141	else
141	return &nft_payload_ops;	142	return &nft_payload_ops;