diff options
| author |   David S. Miller <davem@davemloft.net> | 2017-02-23 10:59:15 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-02-23 10:59:15 -0500 |
| commit | ccaba0621a8577ce6b84cf625f2b9a4c6466d999 (patch) | |
| tree | 24d46e90c58370be098c6e27a840c2ea29771b54 /net/netfilter/xt_hashlimit.c | |
| parent | Merge branch 'mlx4-misc-fixes' (diff) | |
| parent | Merge branch 'master' of git://blackhole.kfki.hu/nf (diff) | |
| download | linux-dev-ccaba0621a8577ce6b84cf625f2b9a4c6466d999.tar.xz linux-dev-ccaba0621a8577ce6b84cf625f2b9a4c6466d999.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Revisit warning logic when not applying default helper assignment.
Jiri Kosina considers we are breaking existing setups and not warning
our users accordinly now that automatic helper assignment has been
turned off by default. So let's make him happy by spotting the warning
by when we find a helper but we cannot attach, instead of warning on the
former deprecated behaviour. Patch from Jiri Kosina.
2) Two patches to fix regression in ctnetlink interfaces with
nfnetlink_queue. Specifically, perform more relaxed in CTA_STATUS
and do not bail out if CTA_HELP indicates the same helper that we
already have. Patches from Kevin Cernekee.
3) A couple of bugfixes for ipset via Jozsef Kadlecsik. Due to wrong
index logic in hash set types and null pointer exception in the
list:set type.
4) hashlimit bails out with correct userspace parameters due to wrong
arithmetics in the code that avoids "divide by zero" when
transforming the userspace timing in milliseconds to token credits.
Patch from Alban Browaeys.
5) Fix incorrect NFQA_VLAN_MAX definition, patch from
Ken-ichirou MATSUZAWA.
6) Don't not declare nfnetlink batch error list as static, since this
may be used by several subsystems at the same time. Patch from
Liping Zhang.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/xt_hashlimit.c')
| -rw-r--r-- | net/netfilter/xt_hashlimit.c | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 26ef70c50e3b..2a6dfe8b74d3 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -463,23 +463,16 @@ static u32 xt_hashlimit_len_to_chunks(u32 len) /* Precision saver. */ static u64 user2credits(u64 user, int revision) { - if (revision == 1) { - /* If multiplying would overflow... */ - if (user > 0xFFFFFFFF / (HZ*CREDITS_PER_JIFFY_v1)) - /* Divide first. */ - return div64_u64(user, XT_HASHLIMIT_SCALE) - * HZ * CREDITS_PER_JIFFY_v1; - - return div64_u64(user * HZ * CREDITS_PER_JIFFY_v1, - XT_HASHLIMIT_SCALE); - } else { - if (user > 0xFFFFFFFFFFFFFFFFULL / (HZ*CREDITS_PER_JIFFY)) - return div64_u64(user, XT_HASHLIMIT_SCALE_v2) - * HZ * CREDITS_PER_JIFFY; + u64 scale = (revision == 1) ? + XT_HASHLIMIT_SCALE : XT_HASHLIMIT_SCALE_v2; + u64 cpj = (revision == 1) ? + CREDITS_PER_JIFFY_v1 : CREDITS_PER_JIFFY; - return div64_u64(user * HZ * CREDITS_PER_JIFFY, - XT_HASHLIMIT_SCALE_v2); - } + /* Avoid overflow: divide the constant operands first */ + if (scale >= HZ * cpj) + return div64_u64(user, div64_u64(scale, HZ * cpj)); + + return user * div64_u64(HZ * cpj, scale); } static u32 user2credits_byte(u32 user) |