Hi Thomas,
On Sat, 22 Jan 2011, Thomas Jacob wrote:
> iprange_ipv6_sub was substracting 2 unsigned ints and then casting
> the result to int to find out whether they are lt, eq or gt each
> other, this doesn't work if the full 32 bits of each part
> can be used in IPv6 addresses. Patch should remedy that without
> significant performance penalties.
>
> Signed-off-by: Thomas Jacob <jacob@xxxxxxxxxxxxx>
> ---
> net/netfilter/xt_iprange.c | 16 +++++++---------
> 1 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
> index 4b5741b..3cc5d21 100644
> --- a/net/netfilter/xt_iprange.c
> +++ b/net/netfilter/xt_iprange.c
> @@ -96,15 +96,13 @@ iprange_mt4(const struct sk_buff *skb, const struct net_device *in,
> }
>
> static inline int
> -iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b)
> +iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b)
> {
> unsigned int i;
> - int r;
>
> for (i = 0; i < 4; ++i) {
> - r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]);
> - if (r != 0)
> - return r;
> + if(ntohl(a->s6_addr32[i]) != ntohl(b->s6_addr32[i]))
> + return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]);
> }
Why do you convert to host order in the inequality test? It could be left
out.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
