lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 15 Nov 2010 12:48:55 +0800
From:	Changli Gao <xiaosuo@...il.com>
To:	Patrick McHardy <kaber@...sh.net>
Cc:	"David S. Miller" <davem@...emloft.net>,
	netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
	Changli Gao <xiaosuo@...il.com>
Subject: [PATCH] netfilter: make rcu read section smaller

Signed-off-by: Changli Gao <xiaosuo@...il.com>
---
 net/ipv4/netfilter/nf_nat_core.c |   38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index c04787c..7300611 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -85,7 +85,7 @@ in_range(const struct nf_conntrack_tuple *tuple,
 	 const struct nf_nat_range *range)
 {
 	const struct nf_nat_protocol *proto;
-	int ret = 0;
+	int ret = 1;
 
 	/* If we are supposed to map IPs, then we must be in the
 	   range specified, otherwise let this drag us onto a new src IP. */
@@ -95,13 +95,14 @@ in_range(const struct nf_conntrack_tuple *tuple,
 			return 0;
 	}
 
-	rcu_read_lock();
-	proto = __nf_nat_proto_find(tuple->dst.protonum);
-	if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) ||
-	    proto->in_range(tuple, IP_NAT_MANIP_SRC,
-			    &range->min, &range->max))
-		ret = 1;
-	rcu_read_unlock();
+	if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
+		rcu_read_lock();
+		proto = __nf_nat_proto_find(tuple->dst.protonum);
+		if (!proto->in_range(tuple, IP_NAT_MANIP_SRC, &range->min,
+				     &range->max))
+			ret = 0;
+		rcu_read_unlock();
+	}
 
 	return ret;
 }
@@ -235,22 +236,21 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
 
 	/* 3) The per-protocol part of the manip is made to map into
 	   the range to make a unique tuple. */
+	if (!(range->flags & (IP_NAT_RANGE_PROTO_RANDOM |
+			      IP_NAT_RANGE_PROTO_SPECIFIED)) &&
+	    !nf_nat_used_tuple(tuple, ct))
+		return;
 
 	rcu_read_lock();
 	proto = __nf_nat_proto_find(orig_tuple->dst.protonum);
 
 	/* Only bother mapping if it's not already in range and unique */
-	if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
-		if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
-			if (proto->in_range(tuple, maniptype, &range->min,
-					    &range->max) &&
-			    (range->min.all == range->max.all ||
-			     !nf_nat_used_tuple(tuple, ct)))
-				goto out;
-		} else if (!nf_nat_used_tuple(tuple, ct)) {
-			goto out;
-		}
-	}
+	if ((range->flags & (IP_NAT_RANGE_PROTO_RANDOM |
+			     IP_NAT_RANGE_PROTO_SPECIFIED)) ==
+	    IP_NAT_RANGE_PROTO_SPECIFIED &&
+	    proto->in_range(tuple, maniptype, &range->min, &range->max) &&
+	    (range->min.all == range->max.all || !nf_nat_used_tuple(tuple, ct)))
+		goto out;
 
 	/* Last change: get protocol to try to obtain unique tuple. */
 	proto->unique_tuple(tuple, range, maniptype, ct);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ