diff options
| author | Patrick McHardy <kaber@trash.net> | 2008-04-09 18:14:18 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-04-09 18:14:18 -0400 |
| commit | 1b9b70ea2ebaab26c3e4fed385dfab6fc16359ed (patch) | |
| tree | dad450564144193ea3591a491cc24665f4b22224 /net | |
| parent | b41f5bfff73f244101b34f3603974ef7aeadf545 (diff) | |
[NETFILTER]: xt_hashlimit: fix mask calculation
Shifts larger than the data type are undefined, don't try to shift
an u32 by 32. Also remove some special-casing of bitmasks divisible
by 32.
Based on patch by Jan Engelhardt <jengelh@computergmbh.de>.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_hashlimit.c | 23 |
1 files changed, 5 insertions, 18 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index dc29007c52cd..40d344b21453 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
| @@ -466,38 +466,25 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now) | |||
| 466 | 466 | ||
| 467 | static inline __be32 maskl(__be32 a, unsigned int l) | 467 | static inline __be32 maskl(__be32 a, unsigned int l) |
| 468 | { | 468 | { |
| 469 | return htonl(ntohl(a) & ~(~(u_int32_t)0 >> l)); | 469 | return l ? htonl(ntohl(a) & ~0 << (32 - l)) : 0; |
| 470 | } | 470 | } |
| 471 | 471 | ||
| 472 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) | 472 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) |
| 473 | static void hashlimit_ipv6_mask(__be32 *i, unsigned int p) | 473 | static void hashlimit_ipv6_mask(__be32 *i, unsigned int p) |
| 474 | { | 474 | { |
| 475 | switch (p) { | 475 | switch (p) { |
| 476 | case 0: | 476 | case 0 ... 31: |
| 477 | i[0] = i[1] = 0; | ||
| 478 | i[2] = i[3] = 0; | ||
| 479 | break; | ||
| 480 | case 1 ... 31: | ||
| 481 | i[0] = maskl(i[0], p); | 477 | i[0] = maskl(i[0], p); |
| 482 | i[1] = i[2] = i[3] = 0; | 478 | i[1] = i[2] = i[3] = 0; |
| 483 | break; | 479 | break; |
| 484 | case 32: | 480 | case 32 ... 63: |
| 485 | i[1] = i[2] = i[3] = 0; | ||
| 486 | break; | ||
| 487 | case 33 ... 63: | ||
| 488 | i[1] = maskl(i[1], p - 32); | 481 | i[1] = maskl(i[1], p - 32); |
| 489 | i[2] = i[3] = 0; | 482 | i[2] = i[3] = 0; |
| 490 | break; | 483 | break; |
| 491 | case 64: | 484 | case 64 ... 95: |
| 492 | i[2] = i[3] = 0; | ||
| 493 | break; | ||
| 494 | case 65 ... 95: | ||
| 495 | i[2] = maskl(i[2], p - 64); | 485 | i[2] = maskl(i[2], p - 64); |
| 496 | i[3] = 0; | 486 | i[3] = 0; |
| 497 | case 96: | 487 | case 96 ... 127: |
| 498 | i[3] = 0; | ||
| 499 | break; | ||
| 500 | case 97 ... 127: | ||
| 501 | i[3] = maskl(i[3], p - 96); | 488 | i[3] = maskl(i[3], p - 96); |
| 502 | break; | 489 | break; |
| 503 | case 128: | 490 | case 128: |