提交 f393808d 编写于 作者: V Vasily Khoruzhick 提交者: Pablo Neira Ayuso

netfilter: conntrack: fix calculation of next bucket number in early_drop

If there's no entry to drop in bucket that corresponds to the hash,
early_drop() should look for it in other buckets. But since it increments
hash instead of bucket number, it actually looks in the same bucket 8
times: hsize is 16k by default (14 bits) and hash is 32-bit value, so
reciprocal_scale(hash, hsize) returns the same value for hash..hash+7 in
most cases.

Fix it by increasing bucket number instead of hash and rename _hash
to bucket to avoid future confusion.

Fixes: 3e86638e ("netfilter: conntrack: consider ct netns in early_drop logic")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: NVasily Khoruzhick <vasilykh@arista.com>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 e4844c9c
......@@ -1073,19 +1073,22 @@ static unsigned int early_drop_list(struct net *net,
return drops;
}
static noinline int early_drop(struct net *net, unsigned int _hash)
static noinline int early_drop(struct net *net, unsigned int hash)
{
unsigned int i;
unsigned int i, bucket;
for (i = 0; i < NF_CT_EVICTION_RANGE; i++) {
struct hlist_nulls_head *ct_hash;
unsigned int hash, hsize, drops;
unsigned int hsize, drops;
rcu_read_lock();
nf_conntrack_get_ht(&ct_hash, &hsize);
hash = reciprocal_scale(_hash++, hsize);
if (!i)
bucket = reciprocal_scale(hash, hsize);
else
bucket = (bucket + 1) % hsize;
drops = early_drop_list(net, &ct_hash[hash]);
drops = early_drop_list(net, &ct_hash[bucket]);
rcu_read_unlock();
if (drops) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册