Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/833313/?format=api
{ "id": 833313, "url": "http://patchwork.ozlabs.org/api/1.2/patches/833313/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20171102115038.18699-1-fw@strlen.de/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.2/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20171102115038.18699-1-fw@strlen.de>", "list_archive_url": null, "date": "2017-11-02T11:50:38", "name": "[nf-next] netfilter: xt_connlimit: remove mask argument", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "7e080156a692d83a3b6d334603de690eb503b170", "submitter": { "id": 1025, "url": "http://patchwork.ozlabs.org/api/1.2/people/1025/?format=api", "name": "Florian Westphal", "email": "fw@strlen.de" }, "delegate": { "id": 6139, "url": "http://patchwork.ozlabs.org/api/1.2/users/6139/?format=api", "username": "pablo", "first_name": "Pablo", "last_name": "Neira", "email": "pablo@netfilter.org" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20171102115038.18699-1-fw@strlen.de/mbox/", "series": [ { "id": 11488, "url": "http://patchwork.ozlabs.org/api/1.2/series/11488/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=11488", "date": "2017-11-02T11:50:38", "name": "[nf-next] netfilter: xt_connlimit: remove mask argument", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/11488/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/833313/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/833313/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netfilter-devel-owner@vger.kernel.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3ySNgk00lfz9t2M\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 2 Nov 2017 22:50:24 +1100 (AEDT)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753829AbdKBLuX (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tThu, 2 Nov 2017 07:50:23 -0400", "from Chamillionaire.breakpoint.cc ([146.0.238.67]:58050 \"EHLO\n\tChamillionaire.breakpoint.cc\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1752780AbdKBLuX (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tThu, 2 Nov 2017 07:50:23 -0400", "from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2)\n\t(envelope-from <fw@breakpoint.cc>)\n\tid 1eAE0R-0006Tb-H8; Thu, 02 Nov 2017 12:49:55 +0100" ], "From": "Florian Westphal <fw@strlen.de>", "To": "<netfilter-devel@vger.kernel.org>", "Cc": "Florian Westphal <fw@strlen.de>", "Subject": "[PATCH nf-next] netfilter: xt_connlimit: remove mask argument", "Date": "Thu, 2 Nov 2017 12:50:38 +0100", "Message-Id": "<20171102115038.18699-1-fw@strlen.de>", "X-Mailer": "git-send-email 2.13.6", "Sender": "netfilter-devel-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netfilter-devel.vger.kernel.org>", "X-Mailing-List": "netfilter-devel@vger.kernel.org" }, "content": "Instead of passing mask to all the helpers, just fixup the search key\nearly.\n\nAfter rbtree conversion, each rbtree node stores connections of same\n'addr & mask', so no need to pass the mask too.\n\nSigned-off-by: Florian Westphal <fw@strlen.de>\n---\n net/netfilter/xt_connlimit.c | 52 +++++++++++++++++---------------------------\n 1 file changed, 20 insertions(+), 32 deletions(-)", "diff": "diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c\nindex ce2870428631..a6214f235333 100644\n--- a/net/netfilter/xt_connlimit.c\n+++ b/net/netfilter/xt_connlimit.c\n@@ -71,16 +71,9 @@ static inline unsigned int connlimit_iphash(__be32 addr)\n }\n \n static inline unsigned int\n-connlimit_iphash6(const union nf_inet_addr *addr,\n- const union nf_inet_addr *mask)\n+connlimit_iphash6(const union nf_inet_addr *addr)\n {\n-\tunion nf_inet_addr res;\n-\tunsigned int i;\n-\n-\tfor (i = 0; i < ARRAY_SIZE(addr->ip6); ++i)\n-\t\tres.ip6[i] = addr->ip6[i] & mask->ip6[i];\n-\n-\treturn jhash2((u32 *)res.ip6, ARRAY_SIZE(res.ip6),\n+\treturn jhash2((u32 *)addr->ip6, ARRAY_SIZE(addr->ip6),\n \t\t connlimit_rnd) % CONNLIMIT_SLOTS;\n }\n \n@@ -94,24 +87,13 @@ static inline bool already_closed(const struct nf_conn *conn)\n }\n \n static int\n-same_source_net(const union nf_inet_addr *addr,\n-\t\tconst union nf_inet_addr *mask,\n-\t\tconst union nf_inet_addr *u3, u_int8_t family)\n+same_source(const union nf_inet_addr *addr,\n+\t const union nf_inet_addr *u3, u_int8_t family)\n {\n-\tif (family == NFPROTO_IPV4) {\n-\t\treturn ntohl(addr->ip & mask->ip) -\n-\t\t ntohl(u3->ip & mask->ip);\n-\t} else {\n-\t\tunion nf_inet_addr lh, rh;\n-\t\tunsigned int i;\n-\n-\t\tfor (i = 0; i < ARRAY_SIZE(addr->ip6); ++i) {\n-\t\t\tlh.ip6[i] = addr->ip6[i] & mask->ip6[i];\n-\t\t\trh.ip6[i] = u3->ip6[i] & mask->ip6[i];\n-\t\t}\n+\tif (family == NFPROTO_IPV4)\n+\t\treturn ntohl(addr->ip) - ntohl(u3->ip);\n \n-\t\treturn memcmp(&lh.ip6, &rh.ip6, sizeof(lh.ip6));\n-\t}\n+\treturn memcmp(addr->ip6, u3->ip6, sizeof(addr->ip6));\n }\n \n static bool add_hlist(struct hlist_head *head,\n@@ -194,7 +176,7 @@ static void tree_nodes_free(struct rb_root *root,\n static unsigned int\n count_tree(struct net *net, struct rb_root *root,\n \t const struct nf_conntrack_tuple *tuple,\n-\t const union nf_inet_addr *addr, const union nf_inet_addr *mask,\n+\t const union nf_inet_addr *addr,\n \t u8 family, const struct nf_conntrack_zone *zone)\n {\n \tstruct xt_connlimit_rb *gc_nodes[CONNLIMIT_GC_MAX_NODES];\n@@ -215,7 +197,7 @@ count_tree(struct net *net, struct rb_root *root,\n \t\trbconn = rb_entry(*rbnode, struct xt_connlimit_rb, node);\n \n \t\tparent = *rbnode;\n-\t\tdiff = same_source_net(addr, mask, &rbconn->addr, family);\n+\t\tdiff = same_source(addr, &rbconn->addr, family);\n \t\tif (diff < 0) {\n \t\t\trbnode = &((*rbnode)->rb_left);\n \t\t} else if (diff > 0) {\n@@ -282,7 +264,6 @@ static int count_them(struct net *net,\n \t\t struct xt_connlimit_data *data,\n \t\t const struct nf_conntrack_tuple *tuple,\n \t\t const union nf_inet_addr *addr,\n-\t\t const union nf_inet_addr *mask,\n \t\t u_int8_t family,\n \t\t const struct nf_conntrack_zone *zone)\n {\n@@ -291,14 +272,14 @@ static int count_them(struct net *net,\n \tu32 hash;\n \n \tif (family == NFPROTO_IPV6)\n-\t\thash = connlimit_iphash6(addr, mask);\n+\t\thash = connlimit_iphash6(addr);\n \telse\n-\t\thash = connlimit_iphash(addr->ip & mask->ip);\n+\t\thash = connlimit_iphash(addr->ip);\n \troot = &data->climit_root[hash];\n \n \tspin_lock_bh(&xt_connlimit_locks[hash % CONNLIMIT_LOCK_SLOTS]);\n \n-\tcount = count_tree(net, root, tuple, addr, mask, family, zone);\n+\tcount = count_tree(net, root, tuple, addr, family, zone);\n \n \tspin_unlock_bh(&xt_connlimit_locks[hash % CONNLIMIT_LOCK_SLOTS]);\n \n@@ -329,16 +310,23 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)\n \n \tif (xt_family(par) == NFPROTO_IPV6) {\n \t\tconst struct ipv6hdr *iph = ipv6_hdr(skb);\n+\t\tunsigned int i;\n+\n \t\tmemcpy(&addr.ip6, (info->flags & XT_CONNLIMIT_DADDR) ?\n \t\t &iph->daddr : &iph->saddr, sizeof(addr.ip6));\n+\n+\t\tfor (i = 0; i < ARRAY_SIZE(addr.ip6); ++i)\n+\t\t\taddr.ip6[i] &= info->mask.ip6[i];\n \t} else {\n \t\tconst struct iphdr *iph = ip_hdr(skb);\n \t\taddr.ip = (info->flags & XT_CONNLIMIT_DADDR) ?\n \t\t\t iph->daddr : iph->saddr;\n+\n+\t\taddr.ip &= info->mask.ip;\n \t}\n \n \tconnections = count_them(net, info->data, tuple_ptr, &addr,\n-\t &info->mask, xt_family(par), zone);\n+\t\t\t\t xt_family(par), zone);\n \tif (connections == 0)\n \t\t/* kmalloc failed, drop it entirely */\n \t\tgoto hotdrop;\n", "prefixes": [ "nf-next" ] }