commit | 8dc3c2b86bb16e8f345b80a8af69696e9a7edb65 | [log] [tgz] |
---|---|---|
author | Liping Zhang <liping.zhang@spreadtrum.com> | Thu Sep 15 21:29:08 2016 +0800 |
committer | Pablo Neira Ayuso <pablo@netfilter.org> | Fri Sep 23 09:30:16 2016 +0200 |
tree | 7291fd6d6e0cac21b234a579e593e2059d83bd10 | |
parent | 2462f3f4a7e079192b78f36900c34f18dad824a7 [diff] |
netfilter: nf_tables: improve nft payload fast eval There's an off-by-one issue in nft_payload_fast_eval, skb_tail_pointer and ptr + priv->len all point to the last valid address plus 1. So if they are equal, we can still fetch the valid data. It's unnecessary to fall back to nft_payload_eval. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>