[netfilter-cvslog] r6287 - in trunk/patch-o-matic-ng/patchlets/set:
linux/include/linux/netfilter_ipv4 linux/net/ipv4/netfilter
linux-2.6/include/linux/netfilter_ipv4 linux-2.6/net/ipv4/netfilter
kadlec at netfilter.org
kadlec at netfilter.org
Sat Dec 3 15:50:22 CET 2005
Author: kadlec at netfilter.org
Date: 2005-12-03 15:50:18 +0100 (Sat, 03 Dec 2005)
New Revision: 6287
Modified:
trunk/patch-o-matic-ng/patchlets/set/linux-2.6/include/linux/netfilter_ipv4/ip_set_iptree.h
trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_iptree.c
trunk/patch-o-matic-ng/patchlets/set/linux/include/linux/netfilter_ipv4/ip_set_iptree.h
trunk/patch-o-matic-ng/patchlets/set/linux/net/ipv4/netfilter/ip_set_iptree.c
Log:
Nasty off-by-one bug in iptree type of set fixed.
Modified: trunk/patch-o-matic-ng/patchlets/set/linux/include/linux/netfilter_ipv4/ip_set_iptree.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/set/linux/include/linux/netfilter_ipv4/ip_set_iptree.h 2005-11-29 08:56:09 UTC (rev 6286)
+++ trunk/patch-o-matic-ng/patchlets/set/linux/include/linux/netfilter_ipv4/ip_set_iptree.h 2005-12-03 14:50:18 UTC (rev 6287)
@@ -7,15 +7,15 @@
#define MAX_RANGE 0x0000FFFF
struct ip_set_iptreed {
- unsigned long expires[255]; /* x.x.x.ADDR */
+ unsigned long expires[256]; /* x.x.x.ADDR */
};
struct ip_set_iptreec {
- struct ip_set_iptreed *tree[255]; /* x.x.ADDR.* */
+ struct ip_set_iptreed *tree[256]; /* x.x.ADDR.* */
};
struct ip_set_iptreeb {
- struct ip_set_iptreec *tree[255]; /* x.ADDR.*.* */
+ struct ip_set_iptreec *tree[256]; /* x.ADDR.*.* */
};
struct ip_set_iptree {
@@ -23,7 +23,7 @@
unsigned int gc_interval;
#ifdef __KERNEL__
struct timer_list gc;
- struct ip_set_iptreeb *tree[255]; /* ADDR.*.*.* */
+ struct ip_set_iptreeb *tree[256]; /* ADDR.*.*.* */
#endif
};
Modified: trunk/patch-o-matic-ng/patchlets/set/linux/net/ipv4/netfilter/ip_set_iptree.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/set/linux/net/ipv4/netfilter/ip_set_iptree.c 2005-11-29 08:56:09 UTC (rev 6286)
+++ trunk/patch-o-matic-ng/patchlets/set/linux/net/ipv4/netfilter/ip_set_iptree.c 2005-12-03 14:50:18 UTC (rev 6287)
@@ -246,7 +246,7 @@
}
#define LOOP_WALK_BEGIN(map, i, branch) \
- for (i = 0; i < 255; i++) { \
+ for (i = 0; i < 256; i++) { \
if (!(map)->tree[i]) \
continue; \
branch = (map)->tree[i]
@@ -260,7 +260,7 @@
struct ip_set_iptreeb *btree;
struct ip_set_iptreec *ctree;
struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
+ unsigned int a,b,c,d;
unsigned char i,j,k;
i = j = k = 0;
@@ -269,7 +269,7 @@
LOOP_WALK_BEGIN(map, a, btree);
LOOP_WALK_BEGIN(btree, b, ctree);
LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 255; d++) {
+ for (d = 0; d < 256; d++) {
if (dtree->expires[d]) {
DP("gc: %u %u %u %u: expires %lu jiffies %lu",
a, b, c, d,
@@ -425,13 +425,13 @@
struct ip_set_iptreeb *btree;
struct ip_set_iptreec *ctree;
struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
+ unsigned int a,b,c,d;
unsigned int count = 0;
LOOP_WALK_BEGIN(map, a, btree);
LOOP_WALK_BEGIN(btree, b, ctree);
LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 255; d++) {
+ for (d = 0; d < 256; d++) {
if (dtree->expires[d]
&& (!map->timeout || time_after(dtree->expires[d], jiffies)))
count++;
@@ -450,14 +450,14 @@
struct ip_set_iptreeb *btree;
struct ip_set_iptreec *ctree;
struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
+ unsigned int a,b,c,d;
size_t offset = 0;
struct ip_set_req_iptree *entry;
LOOP_WALK_BEGIN(map, a, btree);
LOOP_WALK_BEGIN(btree, b, ctree);
LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 255; d++) {
+ for (d = 0; d < 256; d++) {
if (dtree->expires[d]
&& (!map->timeout || time_after(dtree->expires[d], jiffies))) {
entry = (struct ip_set_req_iptree *)(data + offset);
Modified: trunk/patch-o-matic-ng/patchlets/set/linux-2.6/include/linux/netfilter_ipv4/ip_set_iptree.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/set/linux-2.6/include/linux/netfilter_ipv4/ip_set_iptree.h 2005-11-29 08:56:09 UTC (rev 6286)
+++ trunk/patch-o-matic-ng/patchlets/set/linux-2.6/include/linux/netfilter_ipv4/ip_set_iptree.h 2005-12-03 14:50:18 UTC (rev 6287)
@@ -7,15 +7,15 @@
#define MAX_RANGE 0x0000FFFF
struct ip_set_iptreed {
- unsigned long expires[255]; /* x.x.x.ADDR */
+ unsigned long expires[256]; /* x.x.x.ADDR */
};
struct ip_set_iptreec {
- struct ip_set_iptreed *tree[255]; /* x.x.ADDR.* */
+ struct ip_set_iptreed *tree[256]; /* x.x.ADDR.* */
};
struct ip_set_iptreeb {
- struct ip_set_iptreec *tree[255]; /* x.ADDR.*.* */
+ struct ip_set_iptreec *tree[256]; /* x.ADDR.*.* */
};
struct ip_set_iptree {
@@ -23,7 +23,7 @@
unsigned int gc_interval;
#ifdef __KERNEL__
struct timer_list gc;
- struct ip_set_iptreeb *tree[255]; /* ADDR.*.*.* */
+ struct ip_set_iptreeb *tree[256]; /* ADDR.*.*.* */
#endif
};
Modified: trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_iptree.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_iptree.c 2005-11-29 08:56:09 UTC (rev 6286)
+++ trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_iptree.c 2005-12-03 14:50:18 UTC (rev 6287)
@@ -250,7 +250,7 @@
}
#define LOOP_WALK_BEGIN(map, i, branch) \
- for (i = 0; i < 255; i++) { \
+ for (i = 0; i < 256; i++) { \
if (!(map)->tree[i]) \
continue; \
branch = (map)->tree[i]
@@ -264,7 +264,7 @@
struct ip_set_iptreeb *btree;
struct ip_set_iptreec *ctree;
struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
+ unsigned int a,b,c,d;
unsigned char i,j,k;
i = j = k = 0;
@@ -273,7 +273,7 @@
LOOP_WALK_BEGIN(map, a, btree);
LOOP_WALK_BEGIN(btree, b, ctree);
LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 255; d++) {
+ for (d = 0; d < 256; d++) {
if (dtree->expires[d]) {
DP("gc: %u %u %u %u: expires %lu jiffies %lu",
a, b, c, d,
@@ -429,13 +429,13 @@
struct ip_set_iptreeb *btree;
struct ip_set_iptreec *ctree;
struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
+ unsigned int a,b,c,d;
unsigned int count = 0;
LOOP_WALK_BEGIN(map, a, btree);
LOOP_WALK_BEGIN(btree, b, ctree);
LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 255; d++) {
+ for (d = 0; d < 256; d++) {
if (dtree->expires[d]
&& (!map->timeout || time_after(dtree->expires[d], jiffies)))
count++;
@@ -454,14 +454,14 @@
struct ip_set_iptreeb *btree;
struct ip_set_iptreec *ctree;
struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
+ unsigned int a,b,c,d;
size_t offset = 0;
struct ip_set_req_iptree *entry;
LOOP_WALK_BEGIN(map, a, btree);
LOOP_WALK_BEGIN(btree, b, ctree);
LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 255; d++) {
+ for (d = 0; d < 256; d++) {
if (dtree->expires[d]
&& (!map->timeout || time_after(dtree->expires[d], jiffies))) {
entry = (struct ip_set_req_iptree *)(data + offset);
More information about the netfilter-cvslog
mailing list