Message ID | 20190110033603.31647-2-mfo@canonical.com |
---|---|
State | New |
Headers | show |
Series | netfilter: nf_conncount: fix for LP#1811094 | expand |
On 10.01.19 04:35, Mauricio Faria de Oliveira wrote: > BugLink: https://bugs.launchpad.net/bugs/1811094 > > The commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn > nodes)" made the 'addr' parameter in add_hlist() unused. So remove it > with a SAUCE patch, to simplify the backport of the next patches, as it is removed > anyway in upstream later (but before the next patches) through commit 625c556118f3 > ("netfilter: connlimit: split xt_connlimit into front and backend"), in the rename > from 'xt_connlimit.c' to 'nf_conncount.c', which is a large refactor we don't need. Not sure this really would make things clearer but what would you think about changing your description section to this: In commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn nodes)" the actual use of the addr argument in add_hlist() got dropped, but it was still passed as an argument. This was done as part of a bigger modification through commit 625c556118f3 ("netfilter: connlimit: split xt_connlimit into front and backend"). For upstream stable 4.14.y, this was merged into the backport of ce49480dba86 but this is already in Bionic/4.15. So we do this as a separate SAUCE patch. > > Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> > --- > net/netfilter/xt_connlimit.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c > index a6214f235333..580239db4af2 100644 > --- a/net/netfilter/xt_connlimit.c > +++ b/net/netfilter/xt_connlimit.c > @@ -97,8 +97,7 @@ same_source(const union nf_inet_addr *addr, > } > > static bool add_hlist(struct hlist_head *head, > - const struct nf_conntrack_tuple *tuple, > - const union nf_inet_addr *addr) > + const struct nf_conntrack_tuple *tuple) > { > struct xt_connlimit_conn *conn; > > @@ -211,7 +210,7 @@ count_tree(struct net *net, struct rb_root *root, > if (!addit) > return count; > > - if (!add_hlist(&rbconn->hhead, tuple, addr)) > + if (!add_hlist(&rbconn->hhead, tuple)) > return 0; /* hotdrop */ > > return count + 1; >
On Thu, Jan 10, 2019 at 8:15 AM Stefan Bader <stefan.bader@canonical.com> wrote: > > On 10.01.19 04:35, Mauricio Faria de Oliveira wrote: > > BugLink: https://bugs.launchpad.net/bugs/1811094 > > > > The commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn > > nodes)" made the 'addr' parameter in add_hlist() unused. So remove it > > with a SAUCE patch, to simplify the backport of the next patches, as it is removed > > anyway in upstream later (but before the next patches) through commit 625c556118f3 > > ("netfilter: connlimit: split xt_connlimit into front and backend"), in the rename > > from 'xt_connlimit.c' to 'nf_conncount.c', which is a large refactor we don't need. > > Not sure this really would make things clearer but what would you think about > changing your description section to this: > > In commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the > conn nodes)" the actual use of the addr argument in add_hlist() got dropped, > but it was still passed as an argument. This was done as part of a bigger > modification through commit 625c556118f3 ("netfilter: connlimit: split > xt_connlimit into front and backend"). > For upstream stable 4.14.y, this was merged into the backport of ce49480dba86 > but this is already in Bionic/4.15. So we do this as a separate SAUCE patch. Yes, that's clearer, thanks. Please let me know if you'd like me to send a v2 for that change. cheers, Mauricio > > > > > Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> > > --- > > net/netfilter/xt_connlimit.c | 5 ++--- > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c > > index a6214f235333..580239db4af2 100644 > > --- a/net/netfilter/xt_connlimit.c > > +++ b/net/netfilter/xt_connlimit.c > > @@ -97,8 +97,7 @@ same_source(const union nf_inet_addr *addr, > > } > > > > static bool add_hlist(struct hlist_head *head, > > - const struct nf_conntrack_tuple *tuple, > > - const union nf_inet_addr *addr) > > + const struct nf_conntrack_tuple *tuple) > > { > > struct xt_connlimit_conn *conn; > > > > @@ -211,7 +210,7 @@ count_tree(struct net *net, struct rb_root *root, > > if (!addit) > > return count; > > > > - if (!add_hlist(&rbconn->hhead, tuple, addr)) > > + if (!add_hlist(&rbconn->hhead, tuple)) > > return 0; /* hotdrop */ > > > > return count + 1; > > > >
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index a6214f235333..580239db4af2 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c @@ -97,8 +97,7 @@ same_source(const union nf_inet_addr *addr, } static bool add_hlist(struct hlist_head *head, - const struct nf_conntrack_tuple *tuple, - const union nf_inet_addr *addr) + const struct nf_conntrack_tuple *tuple) { struct xt_connlimit_conn *conn; @@ -211,7 +210,7 @@ count_tree(struct net *net, struct rb_root *root, if (!addit) return count; - if (!add_hlist(&rbconn->hhead, tuple, addr)) + if (!add_hlist(&rbconn->hhead, tuple)) return 0; /* hotdrop */ return count + 1;
BugLink: https://bugs.launchpad.net/bugs/1811094 The commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn nodes)" made the 'addr' parameter in add_hlist() unused. So remove it with a SAUCE patch, to simplify the backport of the next patches, as it is removed anyway in upstream later (but before the next patches) through commit 625c556118f3 ("netfilter: connlimit: split xt_connlimit into front and backend"), in the rename from 'xt_connlimit.c' to 'nf_conncount.c', which is a large refactor we don't need. Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> --- net/netfilter/xt_connlimit.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)