lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Dec 2009 09:50:43 -0800 From: Laurent Chavey <chavey@...gle.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: davem@...emloft.net, netdev@...r.kernel.org, Patrick McHardy <kaber@...sh.net>, Netfilter Developers <netfilter-devel@...r.kernel.org> Subject: Re: [PATCH] netfilter: Fix compiler warning. On Wed, Dec 9, 2009 at 8:25 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > Le 10/12/2009 02:25, chavey@...gle.com a écrit : >> Fix compiler warning "discards qualifiers from pointer target type". >> The function prototype defines parameters as pointer to a constant. >> Such parameters should not have their content modified in the >> function. >> >> Signed-off-by: Laurent Chavey <chavey@...gle.com> > > This is not the right fix IMHO. > > We want an unique timestamp for the whole netfilter matches, because several 'time' rules > could get 'interesting' effects. > > The 'const' attribute is a debugging aid, and the skb->tstamp 'write-once' is a valid exception. > > Read again the comment in time_mt() : good point. I agree with the need for the exception, I would just like it to be more explicit in the code itself (like a turn off check around that particular statement) so we do not have to scrub thru the compiler output to filter out good / bad warning. question: why do we not force the timestamp in the skb before going thru the chain ? it looks to me that the check for (skb->tstamp.tv64 == 0) should be done once > > vi +163 net/netfilter/xt_time.c > > static bool > time_mt(const struct sk_buff *skb, const struct xt_match_param *par) > { > const struct xt_time_info *info = par->matchinfo; > unsigned int packet_time; > struct xtm current_time; > s64 stamp; > > /* > * We cannot use get_seconds() instead of __net_timestamp() here. > * Suppose you have two rules: > * 1. match before 13:00 > * 2. match after 13:00 > * If you match against processing time (get_seconds) it > * may happen that the same packet matches both rules if > * it arrived at the right moment before 13:00. > */ > if (skb->tstamp.tv64 == 0) > __net_timestamp((struct sk_buff *)skb); > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists