{"id":833313,"url":"http://patchwork.ozlabs.org/api/1.2/patches/833313/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20171102115038.18699-1-fw@strlen.de/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.2/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20171102115038.18699-1-fw@strlen.de>","list_archive_url":null,"date":"2017-11-02T11:50:38","name":"[nf-next] netfilter: xt_connlimit: remove mask argument","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"7e080156a692d83a3b6d334603de690eb503b170","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/1.2/people/1025/?format=json","name":"Florian Westphal","email":"fw@strlen.de"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/1.2/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20171102115038.18699-1-fw@strlen.de/mbox/","series":[{"id":11488,"url":"http://patchwork.ozlabs.org/api/1.2/series/11488/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=11488","date":"2017-11-02T11:50:38","name":"[nf-next] netfilter: xt_connlimit: remove mask argument","version":1,"mbox":"http://patchwork.ozlabs.org/series/11488/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/833313/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/833313/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3ySNgk00lfz9t2M\n\tfor ;\n\tThu, 2 Nov 2017 22:50:24 +1100 (AEDT)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753829AbdKBLuX (ORCPT );\n\tThu, 2 Nov 2017 07:50:23 -0400","from Chamillionaire.breakpoint.cc ([146.0.238.67]:58050 \"EHLO\n\tChamillionaire.breakpoint.cc\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1752780AbdKBLuX (ORCPT\n\t);\n\tThu, 2 Nov 2017 07:50:23 -0400","from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2)\n\t(envelope-from )\n\tid 1eAE0R-0006Tb-H8; Thu, 02 Nov 2017 12:49:55 +0100"],"From":"Florian Westphal ","To":"","Cc":"Florian Westphal ","Subject":"[PATCH nf-next] netfilter: xt_connlimit: remove mask argument","Date":"Thu, 2 Nov 2017 12:50:38 +0100","Message-Id":"<20171102115038.18699-1-fw@strlen.de>","X-Mailer":"git-send-email 2.13.6","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"Instead of passing mask to all the helpers, just fixup the search key\nearly.\n\nAfter rbtree conversion, each rbtree node stores connections of same\n'addr & mask', so no need to pass the mask too.\n\nSigned-off-by: Florian Westphal \n---\n net/netfilter/xt_connlimit.c | 52 +++++++++++++++++---------------------------\n 1 file changed, 20 insertions(+), 32 deletions(-)","diff":"diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c\nindex ce2870428631..a6214f235333 100644\n--- a/net/netfilter/xt_connlimit.c\n+++ b/net/netfilter/xt_connlimit.c\n@@ -71,16 +71,9 @@ static inline unsigned int connlimit_iphash(__be32 addr)\n }\n \n static inline unsigned int\n-connlimit_iphash6(const union nf_inet_addr *addr,\n- const union nf_inet_addr *mask)\n+connlimit_iphash6(const union nf_inet_addr *addr)\n {\n-\tunion nf_inet_addr res;\n-\tunsigned int i;\n-\n-\tfor (i = 0; i < ARRAY_SIZE(addr->ip6); ++i)\n-\t\tres.ip6[i] = addr->ip6[i] & mask->ip6[i];\n-\n-\treturn jhash2((u32 *)res.ip6, ARRAY_SIZE(res.ip6),\n+\treturn jhash2((u32 *)addr->ip6, ARRAY_SIZE(addr->ip6),\n \t\t connlimit_rnd) % CONNLIMIT_SLOTS;\n }\n \n@@ -94,24 +87,13 @@ static inline bool already_closed(const struct nf_conn *conn)\n }\n \n static int\n-same_source_net(const union nf_inet_addr *addr,\n-\t\tconst union nf_inet_addr *mask,\n-\t\tconst union nf_inet_addr *u3, u_int8_t family)\n+same_source(const union nf_inet_addr *addr,\n+\t const union nf_inet_addr *u3, u_int8_t family)\n {\n-\tif (family == NFPROTO_IPV4) {\n-\t\treturn ntohl(addr->ip & mask->ip) -\n-\t\t ntohl(u3->ip & mask->ip);\n-\t} else {\n-\t\tunion nf_inet_addr lh, rh;\n-\t\tunsigned int i;\n-\n-\t\tfor (i = 0; i < ARRAY_SIZE(addr->ip6); ++i) {\n-\t\t\tlh.ip6[i] = addr->ip6[i] & mask->ip6[i];\n-\t\t\trh.ip6[i] = u3->ip6[i] & mask->ip6[i];\n-\t\t}\n+\tif (family == NFPROTO_IPV4)\n+\t\treturn ntohl(addr->ip) - ntohl(u3->ip);\n \n-\t\treturn memcmp(&lh.ip6, &rh.ip6, sizeof(lh.ip6));\n-\t}\n+\treturn memcmp(addr->ip6, u3->ip6, sizeof(addr->ip6));\n }\n \n static bool add_hlist(struct hlist_head *head,\n@@ -194,7 +176,7 @@ static void tree_nodes_free(struct rb_root *root,\n static unsigned int\n count_tree(struct net *net, struct rb_root *root,\n \t const struct nf_conntrack_tuple *tuple,\n-\t const union nf_inet_addr *addr, const union nf_inet_addr *mask,\n+\t const union nf_inet_addr *addr,\n \t u8 family, const struct nf_conntrack_zone *zone)\n {\n \tstruct xt_connlimit_rb *gc_nodes[CONNLIMIT_GC_MAX_NODES];\n@@ -215,7 +197,7 @@ count_tree(struct net *net, struct rb_root *root,\n \t\trbconn = rb_entry(*rbnode, struct xt_connlimit_rb, node);\n \n \t\tparent = *rbnode;\n-\t\tdiff = same_source_net(addr, mask, &rbconn->addr, family);\n+\t\tdiff = same_source(addr, &rbconn->addr, family);\n \t\tif (diff < 0) {\n \t\t\trbnode = &((*rbnode)->rb_left);\n \t\t} else if (diff > 0) {\n@@ -282,7 +264,6 @@ static int count_them(struct net *net,\n \t\t struct xt_connlimit_data *data,\n \t\t const struct nf_conntrack_tuple *tuple,\n \t\t const union nf_inet_addr *addr,\n-\t\t const union nf_inet_addr *mask,\n \t\t u_int8_t family,\n \t\t const struct nf_conntrack_zone *zone)\n {\n@@ -291,14 +272,14 @@ static int count_them(struct net *net,\n \tu32 hash;\n \n \tif (family == NFPROTO_IPV6)\n-\t\thash = connlimit_iphash6(addr, mask);\n+\t\thash = connlimit_iphash6(addr);\n \telse\n-\t\thash = connlimit_iphash(addr->ip & mask->ip);\n+\t\thash = connlimit_iphash(addr->ip);\n \troot = &data->climit_root[hash];\n \n \tspin_lock_bh(&xt_connlimit_locks[hash % CONNLIMIT_LOCK_SLOTS]);\n \n-\tcount = count_tree(net, root, tuple, addr, mask, family, zone);\n+\tcount = count_tree(net, root, tuple, addr, family, zone);\n \n \tspin_unlock_bh(&xt_connlimit_locks[hash % CONNLIMIT_LOCK_SLOTS]);\n \n@@ -329,16 +310,23 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)\n \n \tif (xt_family(par) == NFPROTO_IPV6) {\n \t\tconst struct ipv6hdr *iph = ipv6_hdr(skb);\n+\t\tunsigned int i;\n+\n \t\tmemcpy(&addr.ip6, (info->flags & XT_CONNLIMIT_DADDR) ?\n \t\t &iph->daddr : &iph->saddr, sizeof(addr.ip6));\n+\n+\t\tfor (i = 0; i < ARRAY_SIZE(addr.ip6); ++i)\n+\t\t\taddr.ip6[i] &= info->mask.ip6[i];\n \t} else {\n \t\tconst struct iphdr *iph = ip_hdr(skb);\n \t\taddr.ip = (info->flags & XT_CONNLIMIT_DADDR) ?\n \t\t\t iph->daddr : iph->saddr;\n+\n+\t\taddr.ip &= info->mask.ip;\n \t}\n \n \tconnections = count_them(net, info->data, tuple_ptr, &addr,\n-\t &info->mask, xt_family(par), zone);\n+\t\t\t\t xt_family(par), zone);\n \tif (connections == 0)\n \t\t/* kmalloc failed, drop it entirely */\n \t\tgoto hotdrop;\n","prefixes":["nf-next"]}