From: Patrick McHardy <kaber@xxxxxxxxx>
We currently have a hole of 48 bits in the layout of struct nft_rule
because the increased handle size. Using 48 bits for the handle should
be enough to avoid overflow and allows to plug that hole.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
include/net/netfilter/nf_tables.h | 4 ++--
1 Datei geändert, 2 Zeilen hinzugefügt(+), 2 Zeilen entfernt(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 2301b74..a3defd8 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -303,8 +303,8 @@ static inline void *nft_expr_priv(const struct nft_expr *expr)
struct nft_rule {
struct list_head list;
struct rcu_head rcu_head;
- u64 handle;
- u16 dlen;
+ u64 handle:48,
+ dlen:16;
unsigned char data[]
__attribute__((aligned(__alignof__(struct nft_expr))));
};
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
