Message ID | 20221122212814.63177-2-pablo@netfilter.org (mailing list archive) |
---|---|
State | Accepted |
Commit | c7aa1a76d4a0a3c401025b60c401412bbb60f8c6 |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net,1/3] netfilter: ipset: regression in ip_set_hash_ip.c | expand |
Hello: This series was applied to netdev/net.git (master) by Pablo Neira Ayuso <pablo@netfilter.org>: On Tue, 22 Nov 2022 22:28:12 +0100 you wrote: > From: Vishwanath Pai <vpai@akamai.com> > > This patch introduced a regression: commit 48596a8ddc46 ("netfilter: > ipset: Fix adding an IPv4 range containing more than 2^31 addresses") > > The variable e.ip is passed to adtfn() function which finally adds the > ip address to the set. The patch above refactored the for loop and moved > e.ip = htonl(ip) to the end of the for loop. > > [...] Here is the summary with links: - [net,1/3] netfilter: ipset: regression in ip_set_hash_ip.c https://git.kernel.org/netdev/net/c/c7aa1a76d4a0 - [net,2/3] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface https://git.kernel.org/netdev/net/c/6a66ce44a51b - [net,3/3] netfilter: flowtable_offload: add missing locking https://git.kernel.org/netdev/net/c/bcd9e3c1656d You are awesome, thank you!
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index dd30c03d5a23..75d556d71652 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c @@ -151,18 +151,16 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], if (((u64)ip_to - ip + 1) >> (32 - h->netmask) > IPSET_MAX_RANGE) return -ERANGE; - if (retried) { + if (retried) ip = ntohl(h->next.ip); - e.ip = htonl(ip); - } for (; ip <= ip_to;) { + e.ip = htonl(ip); ret = adtfn(set, &e, &ext, &ext, flags); if (ret && !ip_set_eexist(ret, flags)) return ret; ip += hosts; - e.ip = htonl(ip); - if (e.ip == 0) + if (ip == 0) return 0; ret = 0;