[NETFILTER]: convert nfmark and conntrack mark to 32bit

As discussed at netconf'05, we convert nfmark and conntrack-mark to be 32bits even on 64bit architectures. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-08-09 19:22:01 -0700
committer: David S. Miller <davem@sunset.davemloft.net> 2005-08-29 15:29:31 -0700
commit: bf3a46aa9b96f6eb3a49a568f72a2801c3e830c0 (patch)
tree: 4387ee7d8ef83348338a9d433c93139a4747dcb5 /net/ipv4/netfilter/ipt_CONNMARK.c
parent: 8f3d17fb7bcb7c255197d11469fb5e9695c9d2f4 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ipt_CONNMARK.c b/net/ipv4/netfilter/ipt_CONNMARK.c
index 30ddd3e18eb..8ed744157b1 100644
--- a/net/ipv4/netfilter/ipt_CONNMARK.c
+++ b/net/ipv4/netfilter/ipt_CONNMARK.c
@@ -40,9 +40,9 @@ target(struct sk_buff **pskb,
        void *userinfo)
 {
 	const struct ipt_connmark_target_info *markinfo = targinfo;
-	unsigned long diff;
-	unsigned long nfmark;
-	unsigned long newmark;
+	u_int32_t diff;
+	u_int32_t nfmark;
+	u_int32_t newmark;
 
 	enum ip_conntrack_info ctinfo;
 	struct ip_conntrack *ct = ip_conntrack_get((*pskb), &ctinfo);
@@ -94,6 +94,11 @@ checkentry(const char *tablename,
 	    }
 	}
 
+	if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
+		printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
+		return 0;
+	}
+
 	return 1;
 }
author	Harald Welte <laforge@netfilter.org>	2005-08-09 19:22:01 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	2005-08-29 15:29:31 -0700
commit	bf3a46aa9b96f6eb3a49a568f72a2801c3e830c0 (patch)
tree	4387ee7d8ef83348338a9d433c93139a4747dcb5 /net/ipv4/netfilter/ipt_CONNMARK.c
parent	8f3d17fb7bcb7c255197d11469fb5e9695c9d2f4 (diff)