diff options
author | Nikolay Aleksandrov <nikolay@redhat.com> | 2014-02-16 14:01:58 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-17 11:21:17 +0100 |
commit | f627ed91d85ed7a189ec8b3b045a0d831e1655e2 (patch) | |
tree | 9469b066c11c8cc0c734aa947bd5c8cde362202f /net | |
parent | netfilter: nf_tables: fix nf_trace always-on with XT_TRACE=n (diff) | |
download | linux-f627ed91d85ed7a189ec8b3b045a0d831e1655e2.tar.xz linux-f627ed91d85ed7a189ec8b3b045a0d831e1655e2.zip |
netfilter: nf_tables: check if payload length is a power of 2
Add a check if payload's length is a power of 2 when selecting ops.
The fast ops were meant for well aligned loads, also this fixes a
small bug when using a length of 3 with some offsets which causes
only 1 byte to be loaded because the fast ops are chosen.
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_payload.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c index a2aeb318678f..85daa84bfdfe 100644 --- a/net/netfilter/nft_payload.c +++ b/net/netfilter/nft_payload.c @@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx, if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data)) return ERR_PTR(-EINVAL); - if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER) + if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) && + base != NFT_PAYLOAD_LL_HEADER) return &nft_payload_fast_ops; else return &nft_payload_ops; |