netfilter: nf_tables: improve nft payload fast eval - openslx/kernel-qcow2-linux.git

diff options

author	Liping Zhang	2016-09-15 15:29:08 +0200
committer	Pablo Neira Ayuso	2016-09-23 09:30:16 +0200
commit	8dc3c2b86bb16e8f345b80a8af69696e9a7edb65 (patch)
tree	7291fd6d6e0cac21b234a579e593e2059d83bd10 /net/netfilter/xt_connlimit.c
parent	netfilter: nf_queue: improve queue range support for bridge family (diff)
download	kernel-qcow2-linux-8dc3c2b86bb16e8f345b80a8af69696e9a7edb65.tar.gz kernel-qcow2-linux-8dc3c2b86bb16e8f345b80a8af69696e9a7edb65.tar.xz kernel-qcow2-linux-8dc3c2b86bb16e8f345b80a8af69696e9a7edb65.zip

netfilter: nf_tables: improve nft payload fast eval

There's an off-by-one issue in nft_payload_fast_eval, skb_tail_pointer and ptr + priv->len all point to the last valid address plus 1. So if they are equal, we can still fetch the valid data. It's unnecessary to fall back to nft_payload_eval. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/xt_connlimit.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: