[ovs-dev] openvswitch: Allow attaching helpers to ct action
Dan Carpenter
dan.carpenter at oracle.com
Mon Sep 14 01:17:10 UTC 2015
Hello Joe Stringer,
The patch cae3a2627520: "openvswitch: Allow attaching helpers to ct
action" from Aug 26, 2015, leads to the following static checker
warning:
net/openvswitch/conntrack.c:281 ovs_ct_helper()
warn: unsigned 'protoff' is never less than zero.
net/openvswitch/conntrack.c
251 static int ovs_ct_helper(struct sk_buff *skb, u16 proto)
252 {
253 const struct nf_conntrack_helper *helper;
254 const struct nf_conn_help *help;
255 enum ip_conntrack_info ctinfo;
256 unsigned int protoff;
257 struct nf_conn *ct;
258
259 ct = nf_ct_get(skb, &ctinfo);
260 if (!ct || ctinfo == IP_CT_RELATED_REPLY)
261 return NF_ACCEPT;
262
263 help = nfct_help(ct);
264 if (!help)
265 return NF_ACCEPT;
266
267 helper = rcu_dereference(help->helper);
268 if (!helper)
269 return NF_ACCEPT;
270
271 switch (proto) {
272 case NFPROTO_IPV4:
273 protoff = ip_hdrlen(skb);
274 break;
275 case NFPROTO_IPV6: {
276 u8 nexthdr = ipv6_hdr(skb)->nexthdr;
277 __be16 frag_off;
278
279 protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
280 &nexthdr, &frag_off);
281 if (protoff < 0 || (frag_off & htons(~0x7)) != 0) {
^^^^^^^^^^^
Error handling won't work because of the signedness bug.
282 pr_debug("proto header not found\n");
283 return NF_ACCEPT;
284 }
285 break;
286 }
regards,
dan carpenter
More information about the dev
mailing list