All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH]extensions/tos_values.c mask value not accurate in certain condition
@ 2010-11-02  5:26 DuanZhenzhong
  2010-11-02  8:20 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: DuanZhenzhong @ 2010-11-02  5:26 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Joe Jin

scene:
# iptables -V
iptables v1.4.10
# iptables -v -t mangle -A MANGLE_OUTPUT -p tcp --dport 20 -j TOS
--set-tos 8
TOS tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:20 TOS set
0x08/0xff
# iptables -v -t mangle -A MANGLE_OUTPUT -p tcp --dport 20 -j TOS
--set-tos Maximize-Throughput
TOS tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:20 TOS set
0x08/0x3f

mask value is different for the same tos value. This is because below
code piece:
static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
unsigned int bits)
{
const unsigned int max = (1 << bits) - 1;
......
tvm->mask = max;
......
static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
unsigned int def_mask)
{
const unsigned int max = UINT8_MAX;
const struct tos_symbol_info *symbol;
char *tmp;

if (xtables_strtoui(str, &tmp, NULL, 0, max))
return tos_parse_numeric(str, tvm, max);

/* Do not consider ECN bits */
tvm->mask = def_mask;
.......
For tos value 8, bits shift lead to a overflow and trim, so the mask is
0xff no matter what the def_mask is.
For tos symbol Maximize-Throughput, tvm->mask got def_mask 0x3f.

PATCH:
diff -up iptables-1.4.10/extensions/tos_values.c.org
iptables-1.4.10/extensions/tos_values.c
--- iptables-1.4.10/extensions/tos_values.c.org 2010-11-02
13:08:32.000000000 +0800
+++ iptables-1.4.10/extensions/tos_values.c 2010-11-02
13:09:00.000000000 +0800
@@ -34,7 +34,7 @@ static const struct tos_symbol_info {
static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
unsigned int bits)
{
- const unsigned int max = (1 << bits) - 1;
+ const unsigned int max = bits;
unsigned int value;
char *end;

@@ -59,7 +59,7 @@ static bool tos_parse_numeric(const char
static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
unsigned int def_mask)
{
- const unsigned int max = UINT8_MAX;
+ const unsigned int max = def_mask;
const struct tos_symbol_info *symbol;
char *tmp;

--------------------------------------------------------------------------

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH]extensions/tos_values.c mask value not accurate in certain condition
  2010-11-02  5:26 [PATCH]extensions/tos_values.c mask value not accurate in certain condition DuanZhenzhong
@ 2010-11-02  8:20 ` Jan Engelhardt
  2010-11-09 14:45   ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2010-11-02  8:20 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Netfilter Developer Mailing List, Joe Jin, DuanZhenzhong

On Tuesday 2010-11-02 06:26, DuanZhenzhong wrote:

>scene:
># iptables -V
>iptables v1.4.10
># iptables -v -t mangle -A MANGLE_OUTPUT -p tcp --dport 20 -j TOS
>--set-tos 8
>TOS tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:20 TOS set
>0x08/0xff
># iptables -v -t mangle -A MANGLE_OUTPUT -p tcp --dport 20 -j TOS
>--set-tos Maximize-Throughput
>TOS tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:20 TOS set
>0x08/0x3f
>
>mask value is different for the same tos value. This is because below
>code piece:
>static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
>unsigned int bits)
>{
>const unsigned int max = (1 << bits) - 1;
>......
>tvm->mask = max;
>......
>static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
>unsigned int def_mask)
>{
>const unsigned int max = UINT8_MAX;
>const struct tos_symbol_info *symbol;
>char *tmp;
>
>if (xtables_strtoui(str, &tmp, NULL, 0, max))
>return tos_parse_numeric(str, tvm, max);
>
>/* Do not consider ECN bits */
>tvm->mask = def_mask;
>.......
>For tos value 8, bits shift lead to a overflow and trim, so the mask is
>0xff no matter what the def_mask is.

>For tos symbol Maximize-Throughput, tvm->mask got def_mask 0x3f.

This at least is intended.



Patrick, please grab from
	git://dev.medozas.de/iptables master

parent 600f38db82548a683775fd89b6e136673e924097 (v1.4.9-24-g600f38d)
commit 648fd1ad68ae2ec675ac07efee80783912535404
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Tue Nov 2 09:10:34 2010 +0100

libxt_TOS: avoid an undesired overflowing computation

The @bits parameter was wrongly labeled and should have been @max
already. This makes the - overflowing - 1<<bits redundant of course.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/tos_values.c |   19 +++++++++++--------
 1 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index 10add19..a65ef25 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -26,15 +26,13 @@ static const struct tos_symbol_info {
 /*
  * tos_parse_numeric - parse sth. like "15/255"
  *
- * @s:		input string
- * @info:	accompanying structure
- * @bits:	number of bits that are allowed
- *		(8 for IPv4 TOS field, 4 for IPv6 Priority Field)
+ * @str:	input string
+ * @tvm:	(value/mask) tuple
+ * @max:	maximum allowed value (must be pow(2,some_int)-1)
  */
 static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
-                              unsigned int bits)
+                              unsigned int max)
 {
-	const unsigned int max = (1 << bits) - 1;
 	unsigned int value;
 	char *end;
 
@@ -56,17 +54,22 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
 	return true;
 }
 
+/**
+ * @str:	input string
+ * @tvm:	(value/mask) tuple
+ * @def_mask:	mask to force when a symbolic name is used
+ */
 static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
     unsigned int def_mask)
 {
-	const unsigned int max = UINT8_MAX;
+	static const unsigned int max = UINT8_MAX;
 	const struct tos_symbol_info *symbol;
 	char *tmp;
 
 	if (xtables_strtoui(str, &tmp, NULL, 0, max))
 		return tos_parse_numeric(str, tvm, max);
 
-	/* Do not consider ECN bits */
+	/* Do not consider ECN bits when using preset names */
 	tvm->mask = def_mask;
 	for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
 		if (strcasecmp(str, symbol->name) == 0) {
-- 
# Created with git-export-patch

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH]extensions/tos_values.c mask value not accurate in certain condition
  2010-11-02  8:20 ` Jan Engelhardt
@ 2010-11-09 14:45   ` Patrick McHardy
  0 siblings, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2010-11-09 14:45 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List, Joe Jin, DuanZhenzhong

Am 02.11.2010 09:20, schrieb Jan Engelhardt:
> Patrick, please grab from
> 	git://dev.medozas.de/iptables master

It seems this was based on the iptables-next branch. However I should
have applied the option precedence patch to the main branch anyways.

Pulled, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-11-09 14:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-11-02  5:26 [PATCH]extensions/tos_values.c mask value not accurate in certain condition DuanZhenzhong
2010-11-02  8:20 ` Jan Engelhardt
2010-11-09 14:45   ` Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.