Commit 2f635adb authored by Florian Westphal's avatar Florian Westphal
Browse files

netfilter: nft_set_hash: fix get operation on big endian 



tests/shell/testcases/packetpath/set_match_nomatch_hash_fast
fails on big endian with:

Error: Could not process rule: No such file or directory
reset element ip test s { 244.147.90.126 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Fatal: Cannot fetch element "244.147.90.126"

... because the wrong bucket is searched, jhash() and jhash1_word are
not interchangeable on big endian.

Fixes: 3b02b0ad ("netfilter: nft_set_hash: fix lookups with fixed size hash on big endian")
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
parent 1d79ae50

net/netfilter/nft_set_hash.c

+7 −2
Original line number Diff line number Diff line
@@ -619,15 +619,20 @@ static struct nft_elem_priv * 
nft_hash_get(const struct net *net, const struct nft_set *set,

	     const struct nft_set_elem *elem, unsigned int flags)

{

	const u32 *key = (const u32 *)&elem->key.val;

	struct nft_hash *priv = nft_set_priv(set);

	u8 genmask = nft_genmask_cur(net);

	struct nft_hash_elem *he;

	u32 hash;



	hash = jhash(elem->key.val.data, set->klen, priv->seed);

	if (set->klen == 4)

		hash = jhash_1word(*key, priv->seed);

	else

		hash = jhash(key, set->klen, priv->seed);



	hash = reciprocal_scale(hash, priv->buckets);

	hlist_for_each_entry_rcu(he, &priv->table[hash], node) {

		if (!memcmp(nft_set_ext_key(&he->ext), elem->key.val.data, set->klen) &&

		if (!memcmp(nft_set_ext_key(&he->ext), key, set->klen) &&

		    nft_set_elem_active(&he->ext, genmask))

			return &he->priv;

	}