* [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian
@ 2019-09-02 16:44 Phil Sutter
2019-09-03 20:34 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2019-09-02 16:44 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Code assumed host architecture to be Little Endian. Instead produce a
proper mask by pushing the set bits into most significant position and
apply htonl() on the result.
Fixes: 3f6a2e90936bb ("conntrack: add support for CIDR notation")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/conntrack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index c980a13f33d2c..baafcbd869c12 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2210,7 +2210,7 @@ nfct_build_netmask(uint32_t *dst, int b, int n)
dst[i] = 0xffffffff;
b -= 32;
} else if (b > 0) {
- dst[i] = (1 << b) - 1;
+ dst[i] = htonl(((1 << b) - 1) << (32 - b));
b = 0;
} else {
dst[i] = 0;
--
2.22.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian
2019-09-02 16:44 [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian Phil Sutter
@ 2019-09-03 20:34 ` Pablo Neira Ayuso
2019-09-04 6:53 ` Phil Sutter
0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2019-09-03 20:34 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Mon, Sep 02, 2019 at 06:44:31PM +0200, Phil Sutter wrote:
> Code assumed host architecture to be Little Endian. Instead produce a
> proper mask by pushing the set bits into most significant position and
> apply htonl() on the result.
>
> Fixes: 3f6a2e90936bb ("conntrack: add support for CIDR notation")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> src/conntrack.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/conntrack.c b/src/conntrack.c
> index c980a13f33d2c..baafcbd869c12 100644
> --- a/src/conntrack.c
> +++ b/src/conntrack.c
> @@ -2210,7 +2210,7 @@ nfct_build_netmask(uint32_t *dst, int b, int n)
> dst[i] = 0xffffffff;
> b -= 32;
> } else if (b > 0) {
> - dst[i] = (1 << b) - 1;
> + dst[i] = htonl(((1 << b) - 1) << (32 - b));
Simply this instead?
dst[i] = htonl(((1 << b) - 1);
> b = 0;
> } else {
> dst[i] = 0;
> --
> 2.22.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian
2019-09-03 20:34 ` Pablo Neira Ayuso
@ 2019-09-04 6:53 ` Phil Sutter
2019-09-04 8:21 ` Florian Westphal
0 siblings, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2019-09-04 6:53 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
On Tue, Sep 03, 2019 at 10:34:47PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Sep 02, 2019 at 06:44:31PM +0200, Phil Sutter wrote:
> > Code assumed host architecture to be Little Endian. Instead produce a
> > proper mask by pushing the set bits into most significant position and
> > apply htonl() on the result.
> >
> > Fixes: 3f6a2e90936bb ("conntrack: add support for CIDR notation")
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> > src/conntrack.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/conntrack.c b/src/conntrack.c
> > index c980a13f33d2c..baafcbd869c12 100644
> > --- a/src/conntrack.c
> > +++ b/src/conntrack.c
> > @@ -2210,7 +2210,7 @@ nfct_build_netmask(uint32_t *dst, int b, int n)
> > dst[i] = 0xffffffff;
> > b -= 32;
> > } else if (b > 0) {
> > - dst[i] = (1 << b) - 1;
> > + dst[i] = htonl(((1 << b) - 1) << (32 - b));
>
> Simply this instead?
>
> dst[i] = htonl(((1 << b) - 1);
You got me confused, so I played with different options. To see the
results, I used:
| union {
| uint32_t i;
| char b[4];
| } u;
What we need in b is 'ff ff ff 00' for a prefix length of 24. Your
suggested alternative does not compile, so I tried both options for the
closing brace:
| htonl((1 << 24) - 1)
This turns into '00 ff ff ff' for both LE and BE, the opposite of what
we need.
| htonl((1 << 24)) - 1
This turns into '00 00 00 00' on LE and '00 ff ff ff' on BE.
My code leads to correct result on either architecture and I don't see a
simpler way of doing it.
Cheers, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian
2019-09-04 6:53 ` Phil Sutter
@ 2019-09-04 8:21 ` Florian Westphal
2019-09-04 9:31 ` Phil Sutter
0 siblings, 1 reply; 5+ messages in thread
From: Florian Westphal @ 2019-09-04 8:21 UTC (permalink / raw)
To: Phil Sutter, Pablo Neira Ayuso, netfilter-devel
Phil Sutter <phil@nwl.cc> wrote:
> What we need in b is 'ff ff ff 00' for a prefix length of 24. Your
> suggested alternative does not compile, so I tried both options for the
> closing brace:
>
> | htonl((1 << 24) - 1)
>
> This turns into '00 ff ff ff' for both LE and BE, the opposite of what
> we need.
>
> | htonl((1 << 24)) - 1
>
> This turns into '00 00 00 00' on LE and '00 ff ff ff' on BE.
>
> My code leads to correct result on either architecture and I don't see a
> simpler way of doing it.
htonl(~0u << (32 - i)) would work, assuming i > 0 and <= 32.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian
2019-09-04 8:21 ` Florian Westphal
@ 2019-09-04 9:31 ` Phil Sutter
0 siblings, 0 replies; 5+ messages in thread
From: Phil Sutter @ 2019-09-04 9:31 UTC (permalink / raw)
To: Florian Westphal; +Cc: Pablo Neira Ayuso, netfilter-devel
Hi,
On Wed, Sep 04, 2019 at 10:21:28AM +0200, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
> > What we need in b is 'ff ff ff 00' for a prefix length of 24. Your
> > suggested alternative does not compile, so I tried both options for the
> > closing brace:
> >
> > | htonl((1 << 24) - 1)
> >
> > This turns into '00 ff ff ff' for both LE and BE, the opposite of what
> > we need.
> >
> > | htonl((1 << 24)) - 1
> >
> > This turns into '00 00 00 00' on LE and '00 ff ff ff' on BE.
> >
> > My code leads to correct result on either architecture and I don't see a
> > simpler way of doing it.
>
> htonl(~0u << (32 - i)) would work, assuming i > 0 and <= 32.
Ah, indeed! Left-shifting all-ones didn't come to mind. I'll send a v2.
Thanks, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-09-04 9:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-02 16:44 [conntrack-tools PATCH] conntrack: Fix CIDR to mask conversion on Big Endian Phil Sutter
2019-09-03 20:34 ` Pablo Neira Ayuso
2019-09-04 6:53 ` Phil Sutter
2019-09-04 8:21 ` Florian Westphal
2019-09-04 9:31 ` Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).