On 2014年01月18日 20:24, Pablo Neira Ayuso wrote:
On Sat, Jan 18, 2014 at 10:16:14AM +0800, Fan Du wrote:
> sparse warnings: (new ones prefixed by>>)
>
> >> >> net/netfilter/xt_ipcomp.c:63:26: sparse: restricted __be16 degrades to integer
> >> >> net/netfilter/xt_ipcomp.c:63:26: sparse: cast to restricted __be32
>
> Fix this by using 16bits long spi, as IPcomp CPI is only valid for 16bits.
>
> Signed-off-by: Fan Du<fan.du@xxxxxxxxxxxxx>
> ---
> include/uapi/linux/netfilter/xt_ipcomp.h | 2 +-
> net/netfilter/xt_ipcomp.c | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/include/uapi/linux/netfilter/xt_ipcomp.h b/include/uapi/linux/netfilter/xt_ipcomp.h
> index 45c7e40..ca82ebb 100644
> --- a/include/uapi/linux/netfilter/xt_ipcomp.h
> +++ b/include/uapi/linux/netfilter/xt_ipcomp.h
> @@ -4,7 +4,7 @@
> #include<linux/types.h>
>
> struct xt_ipcomp {
> - __u32 spis[2]; /* Security Parameter Index */
> + __u16 spis[2]; /* Security Parameter Index */
This changes the binary interface so it break userspace (iptables
needs to be recompiled), we're still in time to make such change as
this is net-next stuff, but what I understand from the patch
description is that this aims to fix a sparse warning, which is a bit
of intrusive change.
Didn't you find any way to fix this without change the layout of
xt_ipcomp?
My bad for not catching this in the initial ipcomp version.
It would be easier to just use ntohs here to ease sparse checking.
From dbf796e63d600256fd40000669b83227ddccebc4 Mon Sep 17 00:00:00 2001
From: Fan Du <fan.du@xxxxxxxxxxxxx>
Date: Mon, 20 Jan 2014 09:42:12 +0800
Subject: [PATCHv2 net-next] ipcomp: Use ntohs to ease sparse warning
0-DAY kernel build testing backend reported:
sparse warnings: (new ones prefixed by >>)
>> >> net/netfilter/xt_ipcomp.c:63:26: sparse: restricted __be16 degrades to integer
>> >> net/netfilter/xt_ipcomp.c:63:26: sparse: cast to restricted __be32
Fix this by using ntohs without shifting.
Tested with: make C=1 CF=-D__CHECK_ENDIAN__
Signed-off-by: Fan Du <fan.du@xxxxxxxxxxxxx>
---
net/netfilter/xt_ipcomp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/xt_ipcomp.c b/net/netfilter/xt_ipcomp.c
index a4c7561..89d5310 100644
--- a/net/netfilter/xt_ipcomp.c
+++ b/net/netfilter/xt_ipcomp.c
@@ -60,7 +60,7 @@ static bool comp_mt(const struct sk_buff *skb, struct xt_action_param *par)
}
return spi_match(compinfo->spis[0], compinfo->spis[1],
- ntohl(chdr->cpi << 16),
+ ntohs(chdr->cpi),
!!(compinfo->invflags & XT_IPCOMP_INV_SPI));
}
--
1.7.9.5
--
浮沉随浪只记今朝笑
--fan
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
