On Sat, Nov 11, 2017 at 10:27 AM, Florian Westphal <fw@xxxxxxxxx> wrote: > It also looks wrong. > let ct->timeout be 1000. > let nfct_time_stamp be 0x80000000 > > Then ct->timout is capped to 0x7fffffff. > Next check considers the timeout to be expired, as 0x7fff... - 0x800 < 0. Thanks for pointing that out; it does look like something that could cause troubles. Is it alright if I submit a fix to this as a separate patch? I *think* I have a solution (pending some testing), but I also think it's outside of the scope of this commit since it's a pre-existing problem so I'd like to fix it separately. > So I guess best bet is to actually do a 64bit multiplication, as you > did, then truncate. > > Please use u64 for this (the u_intXX_t types are prehistoric leftovers). So to clarify, are changing the u_int64_t variables to u64 and fixing the case where nfct_time_stamp >= 0x8000... the only changes that need to be made based on the v2 patch I sent out? Thank you, Jay Elliott -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
