diff mbox series

[nf-next] netfilter: conntrack: udp: fix seen-reply test

Message ID 20230123120433.98002-1-fw@strlen.de
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nf-next] netfilter: conntrack: udp: fix seen-reply test | expand

Commit Message

Florian Westphal Jan. 23, 2023, 12:04 p.m. UTC 
IPS_SEEN_REPLY_BIT is only useful for test_bit() api.

Fixes: 4883ec512c17 ("netfilter: conntrack: avoid reload of ct->status")
Reported-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/nf_conntrack_proto_udp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Roi Dayan Jan. 23, 2023, 4:16 p.m. UTC | #1 
On 23/01/2023 14:04, Florian Westphal wrote:
> IPS_SEEN_REPLY_BIT is only useful for test_bit() api.
> 
> Fixes: 4883ec512c17 ("netfilter: conntrack: avoid reload of ct->status")
> Reported-by: Roi Dayan <roid@nvidia.com>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  net/netfilter/nf_conntrack_proto_udp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
> index 6b9206635b24..0030fbe8885c 100644
> --- a/net/netfilter/nf_conntrack_proto_udp.c
> +++ b/net/netfilter/nf_conntrack_proto_udp.c
> @@ -104,7 +104,7 @@ int nf_conntrack_udp_packet(struct nf_conn *ct,
>  	/* If we've seen traffic both ways, this is some kind of UDP
>  	 * stream. Set Assured.
>  	 */
> -	if (status & IPS_SEEN_REPLY_BIT) {
> +	if (status & IPS_SEEN_REPLY) {
>  		unsigned long extra = timeouts[UDP_CT_UNREPLIED];
>  		bool stream = false;
>  

Reviewed-by: Roi Dayan <roid@nvidia.com>

thanks
Roi Dayan Jan. 31, 2023, 12:37 p.m. UTC | #2 
On 23/01/2023 18:16, Roi Dayan wrote:
> 
> 
> On 23/01/2023 14:04, Florian Westphal wrote:
>> IPS_SEEN_REPLY_BIT is only useful for test_bit() api.
>>
>> Fixes: 4883ec512c17 ("netfilter: conntrack: avoid reload of ct->status")
>> Reported-by: Roi Dayan <roid@nvidia.com>
>> Signed-off-by: Florian Westphal <fw@strlen.de>
>> ---
>>  net/netfilter/nf_conntrack_proto_udp.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
>> index 6b9206635b24..0030fbe8885c 100644
>> --- a/net/netfilter/nf_conntrack_proto_udp.c
>> +++ b/net/netfilter/nf_conntrack_proto_udp.c
>> @@ -104,7 +104,7 @@ int nf_conntrack_udp_packet(struct nf_conn *ct,
>>  	/* If we've seen traffic both ways, this is some kind of UDP
>>  	 * stream. Set Assured.
>>  	 */
>> -	if (status & IPS_SEEN_REPLY_BIT) {
>> +	if (status & IPS_SEEN_REPLY) {
>>  		unsigned long extra = timeouts[UDP_CT_UNREPLIED];
>>  		bool stream = false;
>>  
> 
> Reviewed-by: Roi Dayan <roid@nvidia.com>
> 
> thanks

hi, just pinging. when is this fix going to be merged?
thanks
Pablo Neira Ayuso Jan. 31, 2023, 12:58 p.m. UTC | #3 
On Tue, Jan 31, 2023 at 02:37:21PM +0200, Roi Dayan wrote:
> 
> 
> On 23/01/2023 18:16, Roi Dayan wrote:
> > 
> > 
> > On 23/01/2023 14:04, Florian Westphal wrote:
> >> IPS_SEEN_REPLY_BIT is only useful for test_bit() api.
> >>
> >> Fixes: 4883ec512c17 ("netfilter: conntrack: avoid reload of ct->status")
> >> Reported-by: Roi Dayan <roid@nvidia.com>
> >> Signed-off-by: Florian Westphal <fw@strlen.de>
> >> ---
> >>  net/netfilter/nf_conntrack_proto_udp.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
> >> index 6b9206635b24..0030fbe8885c 100644
> >> --- a/net/netfilter/nf_conntrack_proto_udp.c
> >> +++ b/net/netfilter/nf_conntrack_proto_udp.c
> >> @@ -104,7 +104,7 @@ int nf_conntrack_udp_packet(struct nf_conn *ct,
> >>  	/* If we've seen traffic both ways, this is some kind of UDP
> >>  	 * stream. Set Assured.
> >>  	 */
> >> -	if (status & IPS_SEEN_REPLY_BIT) {
> >> +	if (status & IPS_SEEN_REPLY) {
> >>  		unsigned long extra = timeouts[UDP_CT_UNREPLIED];
> >>  		bool stream = false;
> >>  
> > 
> > Reviewed-by: Roi Dayan <roid@nvidia.com>
> > 
> > thanks
> 
> hi, just pinging. when is this fix going to be merged?

I'll take care of this.

Thanks.
Pablo Neira Ayuso Feb. 1, 2023, 11:17 a.m. UTC | #4 
On Mon, Jan 23, 2023 at 06:16:21PM +0200, Roi Dayan wrote:
> 
> 
> On 23/01/2023 14:04, Florian Westphal wrote:
> > IPS_SEEN_REPLY_BIT is only useful for test_bit() api.
> > 
> > Fixes: 4883ec512c17 ("netfilter: conntrack: avoid reload of ct->status")
> > Reported-by: Roi Dayan <roid@nvidia.com>
> > Signed-off-by: Florian Westphal <fw@strlen.de>
> > ---
> >  net/netfilter/nf_conntrack_proto_udp.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
> > index 6b9206635b24..0030fbe8885c 100644
> > --- a/net/netfilter/nf_conntrack_proto_udp.c
> > +++ b/net/netfilter/nf_conntrack_proto_udp.c
> > @@ -104,7 +104,7 @@ int nf_conntrack_udp_packet(struct nf_conn *ct,
> >  	/* If we've seen traffic both ways, this is some kind of UDP
> >  	 * stream. Set Assured.
> >  	 */
> > -	if (status & IPS_SEEN_REPLY_BIT) {
> > +	if (status & IPS_SEEN_REPLY) {
> >  		unsigned long extra = timeouts[UDP_CT_UNREPLIED];
> >  		bool stream = false;
> >  
> 
> Reviewed-by: Roi Dayan <roid@nvidia.com>

Applied, thanks
diff mbox series

Patch

diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 6b9206635b24..0030fbe8885c 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -104,7 +104,7 @@  int nf_conntrack_udp_packet(struct nf_conn *ct,
 	/* If we've seen traffic both ways, this is some kind of UDP
 	 * stream. Set Assured.
 	 */
-	if (status & IPS_SEEN_REPLY_BIT) {
+	if (status & IPS_SEEN_REPLY) {
 		unsigned long extra = timeouts[UDP_CT_UNREPLIED];
 		bool stream = false;