NetFilter: portability fixes

From: Russell King (rmk@arm.linux.org.uk)
Date: Tue May 30 2000 - 18:27:14 EST

Next message: Vojtech Pavlik: "Re: Advertising SuSe on lkml"
Previous message: James H. Cloos Jr.: "Inter-ac diffs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

The following patch, which I would like to be applied before Linux 2.4.0
is released fixes the x86 gcc dependent code and structures in netfilter.

The original code made a bogus assumption about the layout of the unions
and structures surrounding "struct ip_conntrack_tuple" by trying to
predict how the compiler is going to lay out the structure.

The following patch fixes this bogosity by:

* Removing the "pad" element which serves no purpose, and with some
  architecture rules does end up using more space than necessary. It
  serves NO purpose whatsoever to guarantee that the padding in the
  structures are set to defined values.
* Prefix structure initialisations with a memset call to zero so that
  we know for definite that all members and padding is set to a
  defined value.

The basic rule for writing portable code where you memcmp structures is
to always use memset first, then set the elements. There is NO other
way to RELIABLY ensure that you cover the possibilities for such code.

diff -ur linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-ebsa110/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
--- linux.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h Mon Mar 20 21:33:51 2000
+++ linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h Mon May 29 10:44:30 2000
@@ -31,7 +31,6 @@
{
         u_int32_t ip;
         union ip_conntrack_manip_proto u;
- u_int16_t pad; /* Must be set to 0 for memcmp. */
};

/* This contains the information to distinguish a connection. */
Only in linux-ebsa110/net/ipv4/netfilter: _xlk
diff -ur -x .* -x *.[oas] linux/net/ipv4/netfilter/ip_conntrack_core.c linux-ebsa110/net/ipv4/netfilter/ip_conntrack_core.c
--- linux.orig/net/ipv4/netfilter/ip_conntrack_core.c Fri May 12 20:34:04 2000
+++ linux/net/ipv4/netfilter/ip_conntrack_core.c Wed May 31 00:13:27 2000
@@ -99,10 +99,6 @@
#if 0
         dump_tuple(tuple);
#endif
-#ifdef CONFIG_NETFILTER_DEBUG
- if (tuple->src.pad)
- DEBUGP("Tuple %p has non-zero padding.\n", tuple);
-#endif
         /* ntohl because more differences in low bits. */
         /* To ensure that halves of the same connection don't hash
            clash, we add the source per-proto again. */
@@ -132,8 +128,8 @@
         else if (iph->ihl * 4 + 8 > len)
                 return 0;

+ memset(tuple, 0, sizeof(*tuple));
         tuple->src.ip = iph->saddr;
- tuple->src.pad = 0;
         tuple->dst.ip = iph->daddr;
         tuple->dst.protonum = iph->protocol;

@@ -148,8 +144,8 @@
              const struct ip_conntrack_tuple *orig,
              const struct ip_conntrack_protocol *protocol)
{
+ memset(inverse, 0, sizeof(*inverse));
         inverse->src.ip = orig->dst.ip;
- inverse->src.pad = 0;
         inverse->dst.ip = orig->src.ip;
         inverse->dst.protonum = orig->dst.protonum;

@@ -867,10 +863,14 @@
getorigdst(struct sock *sk, int optval, void *user, int *len)
{
         struct ip_conntrack_tuple_hash *h;
- struct ip_conntrack_tuple tuple = { { sk->rcv_saddr, { sk->sport },
- 0 },
- { sk->daddr, { sk->dport },
- IPPROTO_TCP } };
+ struct ip_conntrack_tuple tuple;
+
+ memset(&tuple, 0, sizeof(tuple));
+ tuple.src.ip = sk->rcv_saddr;
+ tuple.src.u.tcp.port = sk->sport;
+ tuple.dst.ip = sk->daddr;
+ tuple.dst.u.tcp.port = sk->dport;
+ tuple.dst.protonum = IPPROTO_TCP;

         /* We only do TCP at the moment: is there a better way? */
         if (strcmp(sk->prot->name, "TCP") != 0) {
diff -ur -x .* -x *.[oas] linux/net/ipv4/netfilter/ip_conntrack_ftp.c linux-ebsa110/net/ipv4/netfilter/ip_conntrack_ftp.c
--- linux.orig/net/ipv4/netfilter/ip_conntrack_ftp.c Thu Apr 13 18:02:28 2000
+++ linux/net/ipv4/netfilter/ip_conntrack_ftp.c Wed May 31 00:10:41 2000
@@ -206,13 +206,13 @@
         info->ftptype = dir;
         info->port = array[4] << 8 | array[5];

- t = ((struct ip_conntrack_tuple)
- { { ct->tuplehash[!dir].tuple.src.ip,
- { 0 }, 0 },
- { htonl((array[0] << 24) | (array[1] << 16)
- | (array[2] << 8) | array[3]),
- { htons(array[4] << 8 | array[5]) },
- IPPROTO_TCP }});
+ memset(&t, 0, sizeof(t));
+ t.src.ip = ct->tuplehash[!dir].tuple.src.ip;
+ t.dst.ip = htonl((array[0] << 24) | (array[1] << 16)
+ | (array[2] << 8) | array[3]);
+ t.dst.u.tcp.port = htons(array[4] << 8 | array[5]);
+ t.dst.protonum = IPPROTO_TCP;
+
         ip_conntrack_expect_related(ct, &t);
         UNLOCK_BH(&ip_ftp_lock);

   _____
  |_____| ------------------------------------------------- ---+---+-
  | | Russell King rmk@arm.linux.org.uk --- ---
  | | | | http://www.arm.linux.org.uk/~rmk/aboutme.html / / |
  | +-+-+ --- -+-
  / | THE developer of ARM Linux |+| /|\
/ | | | --- |
    +-+-+ ------------------------------------------------- /\\\ |

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vojtech Pavlik: "Re: Advertising SuSe on lkml"
Previous message: James H. Cloos Jr.: "Inter-ac diffs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 31 2000 - 21:00:25 EST