[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20191219234047.97315-1-olof@lixom.net>
Date: Thu, 19 Dec 2019 15:40:47 -0800
From: Olof Johansson <olof@...om.net>
To: Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>
Cc: coreteam@...filter.org, netfilter-devel@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Olof Johansson <olof@...om.net>
Subject: [PATCH] netfilter: nf_flow_table: big endian fix for TCP flags
TCP_FLAG_* are 32-bit big endian constants, not 16-bit. So on big endian
machines, you need to shift them down to fit the 16-bit tcp.mask here.
This surfaced through ARM allmodconfig, which is big endian:
net/netfilter/nf_flow_table_offload.c: In function 'nf_flow_rule_match':
net/netfilter/nf_flow_table_offload.c:91:21: warning: unsigned conversion from 'int' to '__be16' {aka 'short unsigned int'} changes value from '327680' to '0' [-Woverflow]
Need to convert to/from host word order to keep LE/BE behaving the same.
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Olof Johansson <olof@...om.net>
---
net/netfilter/nf_flow_table_offload.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index de7a0d1e15c88..e32ff796378c6 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -88,7 +88,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
switch (tuple->l4proto) {
case IPPROTO_TCP:
key->tcp.flags = 0;
- mask->tcp.flags = TCP_FLAG_RST | TCP_FLAG_FIN;
+ mask->tcp.flags = htons(ntohl(TCP_FLAG_RST | TCP_FLAG_FIN) >> 16);
match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_TCP);
break;
case IPPROTO_UDP:
--
2.11.0
Powered by blists - more mailing lists