net/netfilter/xt_hl.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-)
Signed-off-by: Marino Dzalto <marino.dzalto@gmail.com>
---
net/netfilter/xt_hl.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
index c1a70f8f0..9434d5ca8 100644
--- a/net/netfilter/xt_hl.c
+++ b/net/netfilter/xt_hl.c
@@ -6,6 +6,7 @@
* Hop Limit matching module
* (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv>
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/ip.h>
#include <linux/ipv6.h>
@@ -25,7 +26,12 @@ MODULE_ALIAS("ip6t_hl");
static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ipt_ttl_info *info = par->matchinfo;
- const u8 ttl = ip_hdr(skb)->ttl;
+ const u8 ttl;
+
+ if (!skb)
+ return false;
+
+ ttl = ip_hdr(skb)->ttl;
switch (info->mode) {
case IPT_TTL_EQ:
@@ -36,15 +42,21 @@ static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
return ttl < info->ttl;
case IPT_TTL_GT:
return ttl > info->ttl;
+ default:
+ pr_warn("Unknown TTL match mode: %d\n", info->mode);
+ return false;
}
-
- return false;
}
static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ip6t_hl_info *info = par->matchinfo;
- const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+ const struct ipv6hdr *ip6h;
+
+ if (!skb)
+ return false;
+
+ ip6h = ipv6_hdr(skb);
switch (info->mode) {
case IP6T_HL_EQ:
@@ -55,9 +67,10 @@ static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
return ip6h->hop_limit < info->hop_limit;
case IP6T_HL_GT:
return ip6h->hop_limit > info->hop_limit;
+ default:
+ pr_warn("Unknown Hop Limit match mode: %d\n", info->mode);
+ return false;
}
-
- return false;
}
static struct xt_match hl_mt_reg[] __read_mostly = {
--
2.50.1 (Apple Git-155)Hi Marino,
kernel test robot noticed the following build errors:
[auto build test ERROR on netfilter-nf/main]
[also build test ERROR on linus/master v7.0 next-20260420]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Marino-Dzalto/netfilter-xt_HL-add-pr_fmt-default-case-and-NULL-checks/20260420-185652
base: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main
patch link: https://lore.kernel.org/r/20260403193929.89449-1-marino.dzalto%40gmail.com
patch subject: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
config: s390-allmodconfig (https://download.01.org/0day-ci/archive/20260422/202604220024.iITt6Hv8-lkp@intel.com/config)
compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260422/202604220024.iITt6Hv8-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604220024.iITt6Hv8-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/netfilter/xt_hl.c:34:6: error: cannot assign to variable 'ttl' with const-qualified type 'const u8' (aka 'const unsigned char')
34 | ttl = ip_hdr(skb)->ttl;
| ~~~ ^
net/netfilter/xt_hl.c:29:11: note: variable 'ttl' declared const here
29 | const u8 ttl;
| ~~~~~~~~~^~~
1 error generated.
vim +34 net/netfilter/xt_hl.c
25
26 static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
27 {
28 const struct ipt_ttl_info *info = par->matchinfo;
29 const u8 ttl;
30
31 if (!skb)
32 return false;
33
> 34 ttl = ip_hdr(skb)->ttl;
35
36 switch (info->mode) {
37 case IPT_TTL_EQ:
38 return ttl == info->ttl;
39 case IPT_TTL_NE:
40 return ttl != info->ttl;
41 case IPT_TTL_LT:
42 return ttl < info->ttl;
43 case IPT_TTL_GT:
44 return ttl > info->ttl;
45 default:
46 pr_warn("Unknown TTL match mode: %d\n", info->mode);
47 return false;
48 }
49 }
50
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi Marino,
kernel test robot noticed the following build errors:
[auto build test ERROR on netfilter-nf/main]
[also build test ERROR on nf-next/master horms-ipvs/master linus/master v7.0 next-20260420]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Marino-Dzalto/netfilter-xt_HL-add-pr_fmt-default-case-and-NULL-checks/20260420-185652
base: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main
patch link: https://lore.kernel.org/r/20260403193929.89449-1-marino.dzalto%40gmail.com
patch subject: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks
config: m68k-allmodconfig (https://download.01.org/0day-ci/archive/20260421/202604211905.6ZPE3dFs-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260421/202604211905.6ZPE3dFs-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604211905.6ZPE3dFs-lkp@intel.com/
All errors (new ones prefixed by >>):
net/netfilter/xt_hl.c: In function 'ttl_mt':
>> net/netfilter/xt_hl.c:34:13: error: assignment of read-only variable 'ttl'
34 | ttl = ip_hdr(skb)->ttl;
| ^
vim +/ttl +34 net/netfilter/xt_hl.c
25
26 static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
27 {
28 const struct ipt_ttl_info *info = par->matchinfo;
29 const u8 ttl;
30
31 if (!skb)
32 return false;
33
> 34 ttl = ip_hdr(skb)->ttl;
35
36 switch (info->mode) {
37 case IPT_TTL_EQ:
38 return ttl == info->ttl;
39 case IPT_TTL_NE:
40 return ttl != info->ttl;
41 case IPT_TTL_LT:
42 return ttl < info->ttl;
43 case IPT_TTL_GT:
44 return ttl > info->ttl;
45 default:
46 pr_warn("Unknown TTL match mode: %d\n", info->mode);
47 return false;
48 }
49 }
50
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
On Fri, Apr 03, 2026 at 09:39:29PM +0200, Marino Dzalto wrote:
> diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
> index c1a70f8f0..9434d5ca8 100644
> --- a/net/netfilter/xt_hl.c
> +++ b/net/netfilter/xt_hl.c
[...]
> static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
> {
> const struct ip6t_hl_info *info = par->matchinfo;
> - const struct ipv6hdr *ip6h = ipv6_hdr(skb);
> + const struct ipv6hdr *ip6h;
> +
> + if (!skb)
> + return false;
No skb !?
This codebase is frozen, I don't see any benefit in this update.
Marino Dzalto <marino.dzalto@gmail.com> wrote:
> Signed-off-by: Marino Dzalto <marino.dzalto@gmail.com>
> ---
> net/netfilter/xt_hl.c | 25 +++++++++++++++++++------
> 1 file changed, 19 insertions(+), 6 deletions(-)
>
> diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
> index c1a70f8f0..9434d5ca8 100644
> --- a/net/netfilter/xt_hl.c
> +++ b/net/netfilter/xt_hl.c
> @@ -6,6 +6,7 @@
> * Hop Limit matching module
> * (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv>
> */
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>
> #include <linux/ip.h>
> #include <linux/ipv6.h>
> @@ -25,7 +26,12 @@ MODULE_ALIAS("ip6t_hl");
> static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
> {
> const struct ipt_ttl_info *info = par->matchinfo;
> - const u8 ttl = ip_hdr(skb)->ttl;
> + const u8 ttl;
> +
> + if (!skb)
> + return false;
If this was NULL we'd have crashed already.
> case IPT_TTL_GT:
> return ttl > info->ttl;
> + default:
> + pr_warn("Unknown TTL match mode: %d\n", info->mode);
> + return false;
Please add a .checkentry function and reject this from there.
© 2016 - 2026 Red Hat, Inc.