On Fri, Feb 07, 2014 at 02:15:47PM +0100, Pablo Neira Ayuso wrote: > This patch fixes several things which related to the handling of > end interval elements: > > * Chain use underflow with intervals and map: If you add a rule > using intervals+map that introduces a loop, the error path of the > rbtree set decrements the chain refcount for each side of the > interval, leading to a chain use counter underflow. > > * Don't copy the data part of the end interval element since, this > area is uninitialized and this confuses the loop detection code. > > * Don't allocate room for the data part of end interval elements > since this is unused. > > So, after this patch the idea is that end interval elements don't > have a data part. > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > This patch extends http://patchwork.ozlabs.org/patch/317485/. > > @Patrick, you mentioned also that nft_hash needs to be adjusted, but > after looking at this again I think there's no problem there since > hash cannot currently be selected for interval sets. Thanks for your > comments on the initial patch :) Correct, just noticed that myself :) Acked-by: Patrick McHardy <kaber@xxxxxxxxx> for both patches. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
