Bug 13535
| Summary: | possibly wrong logic in xt_rateest.c | ||
|---|---|---|---|
| Product: | Networking | Reporter: | Török Edwin (edwin+bugs) |
| Component: | Netfilter/Iptables | Assignee: | networking_netfilter-iptables (networking_netfilter-iptables) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | alan, kaber |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.30 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
Good catch, thanks. I've queued your patch for upstream submission. |
Compiling the kernel with clang has shown this warning: net/netfilter/xt_rateest.c:69:16: warning: self-comparison always results in a constant value ret &= pps2 == pps2; ^ Looking at the code: if (info->flags & XT_RATEEST_MATCH_BPS) ret &= bps1 == bps2; if (info->flags & XT_RATEEST_MATCH_PPS) ret &= pps2 == pps2; Judging from the MATCH_BPS case it seems to be a typo, with the intention of comparing pps1 with pps2. If my intepretation is correct, then the following patch should fix this: diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c index 220a1d5..4fc6a91 100644 --- a/net/netfilter/xt_rateest.c +++ b/net/netfilter/xt_rateest.c @@ -66,7 +66,7 @@ xt_rateest_mt(const struct sk_buff *skb, const struct xt_match_param *par) if (info->flags & XT_RATEEST_MATCH_BPS) ret &= bps1 == bps2; if (info->flags & XT_RATEEST_MATCH_PPS) - ret &= pps2 == pps2; + ret &= pps1 == pps2; break; }