lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 10 Dec 2009 09:50:43 -0800
From:	Laurent Chavey <chavey@...gle.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org,
	Patrick McHardy <kaber@...sh.net>,
	Netfilter Developers <netfilter-devel@...r.kernel.org>
Subject: Re: [PATCH] netfilter: Fix compiler warning.

On Wed, Dec 9, 2009 at 8:25 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> Le 10/12/2009 02:25, chavey@...gle.com a écrit :
>> Fix compiler warning "discards qualifiers from pointer target type".
>> The function prototype defines parameters as pointer to a constant.
>> Such parameters should not have their content modified in the
>> function.
>>
>> Signed-off-by: Laurent Chavey <chavey@...gle.com>
>
> This is not the right fix IMHO.
>
> We want an unique timestamp for the whole netfilter matches, because several 'time' rules
> could get 'interesting' effects.
>
> The 'const' attribute is a debugging aid, and the skb->tstamp 'write-once' is a valid exception.
>
> Read again the comment in time_mt() :

good point.  I  agree with the need for the exception, I would just
like it to be more explicit
in the code itself (like a turn off check around that particular
statement) so we do not have to
scrub thru the compiler output to filter out good / bad warning.
question:
  why do we not force the timestamp in the skb before going thru the
chain ? it looks to me
  that the check for (skb->tstamp.tv64 == 0) should be done once
>
> vi +163 net/netfilter/xt_time.c
>
> static bool
> time_mt(const struct sk_buff *skb, const struct xt_match_param *par)
> {
>        const struct xt_time_info *info = par->matchinfo;
>        unsigned int packet_time;
>        struct xtm current_time;
>        s64 stamp;
>
>        /*
>         * We cannot use get_seconds() instead of __net_timestamp() here.
>         * Suppose you have two rules:
>         *      1. match before 13:00
>         *      2. match after 13:00
>         * If you match against processing time (get_seconds) it
>         * may happen that the same packet matches both rules if
>         * it arrived at the right moment before 13:00.
>         */
>        if (skb->tstamp.tv64 == 0)
>                __net_timestamp((struct sk_buff *)skb);
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists