Hi Tobias,
On Tue, Mar 27, 2018 at 12:11:01PM +0200, Pablo Neira Ayuso wrote:
> diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
> index f302c8e0b2e5..d7bfaf7184ce 100644
> --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
> +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
> @@ -537,7 +537,8 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
> return -EINVAL;
> }
> for (i = 0; i < cipinfo->num_local_nodes; i++) {
> - if (cipinfo->local_nodes[i] - 1 >=
> + if (cipinfo->local_nodes[i] != 0 &&
> + cipinfo->local_nodes[i] - 1 >=
The bitmap assumes that the value is always > 0. If you look at:
static void
clusterip_config_init_nodelist(struct clusterip_config *c,
const struct ipt_clusterip_tgt_info *i)
{
int n;
for (n = 0; n < i->num_local_nodes; n++)
set_bit(i->local_nodes[n] - 1, &c->local_nodes);
}
If we allow i->local_nodes[n] == 0, then this sets bit -1 (underflow).
Could you post your configuration? Hence we can have a look at what was
working before Dmitry's fix.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
