Commit 0bc4c070 authored by David S. Miller's avatar David S. Miller

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for net-next. Briefly
speaking, cleanups and minor fixes for ipset from Jozsef Kadlecsik and
Serget Popovich, more incremental updates to make br_netfilter a better
place from Florian Westphal, ARP support to the x_tables mark match /
target from and context Zhang Chunyu and the addition of context to know
that the x_tables runs through nft_compat. More specifically, they are:

1) Fix sparse warning in ipset/ip_set_hash_ipmark.c when fetching the
   IPSET_ATTR_MARK netlink attribute, from Jozsef Kadlecsik.

2) Rename STREQ macro to STRNCMP in ipset, also from Jozsef.

3) Use skb->network_header to calculate the transport offset in
   ip_set_get_ip{4,6}_port(). From Alexander Drozdov.

4) Reduce memory consumption per element due to size miscalculation,
   this patch and follow up patches from Sergey Popovich.

5) Expand nomatch field from 1 bit to 8 bits to allow to simplify
   mtype_data_reset_flags(), also from Sergey.

6) Small clean for ipset macro trickery.

7) Fix error reporting when both ip_set_get_hostipaddr4() and
   ip_set_get_extensions() from per-set uadt functions.

8) Simplify IPSET_ATTR_PORT netlink attribute validation.

9) Introduce HOST_MASK instead of hardcoded 32 in ipset.

10) Return true/false instead of 0/1 in functions that return boolean
    in the ipset code.

11) Validate maximum length of the IPSET_ATTR_COMMENT netlink attribute.

12) Allow to dereference from ext_*() ipset macros.

13) Get rid of incorrect definitions of HKEY_DATALEN.

14) Include linux/netfilter/ipset/ip_set.h in the x_tables set match.

15) Reduce nf_bridge_info size in br_netfilter, from Florian Westphal.

16) Release nf_bridge_info after POSTROUTING since this is only needed
    from the physdev match, also from Florian.

17) Reduce size of ipset code by deinlining ip_set_put_extensions(),
    from Denys Vlasenko.

18) Oneliner to add ARP support to the x_tables mark match/target, from
    Zhang Chunyu.

19) Add context to know if the x_tables extension runs from nft_compat,
    to address minor problems with three existing extensions.

20) Correct return value in several seqfile *_show() functions in the
    netfilter tree, from Joe Perches.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 17032ae3 861fb107
...@@ -122,13 +122,13 @@ struct ip_set_skbinfo { ...@@ -122,13 +122,13 @@ struct ip_set_skbinfo {
struct ip_set; struct ip_set;
#define ext_timeout(e, s) \ #define ext_timeout(e, s) \
(unsigned long *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_TIMEOUT]) ((unsigned long *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_TIMEOUT]))
#define ext_counter(e, s) \ #define ext_counter(e, s) \
(struct ip_set_counter *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_COUNTER]) ((struct ip_set_counter *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_COUNTER]))
#define ext_comment(e, s) \ #define ext_comment(e, s) \
(struct ip_set_comment *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_COMMENT]) ((struct ip_set_comment *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_COMMENT]))
#define ext_skbinfo(e, s) \ #define ext_skbinfo(e, s) \
(struct ip_set_skbinfo *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_SKBINFO]) ((struct ip_set_skbinfo *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_SKBINFO]))
typedef int (*ipset_adtfn)(struct ip_set *set, void *value, typedef int (*ipset_adtfn)(struct ip_set *set, void *value,
const struct ip_set_ext *ext, const struct ip_set_ext *ext,
...@@ -533,29 +533,9 @@ bitmap_bytes(u32 a, u32 b) ...@@ -533,29 +533,9 @@ bitmap_bytes(u32 a, u32 b)
#include <linux/netfilter/ipset/ip_set_timeout.h> #include <linux/netfilter/ipset/ip_set_timeout.h>
#include <linux/netfilter/ipset/ip_set_comment.h> #include <linux/netfilter/ipset/ip_set_comment.h>
static inline int int
ip_set_put_extensions(struct sk_buff *skb, const struct ip_set *set, ip_set_put_extensions(struct sk_buff *skb, const struct ip_set *set,
const void *e, bool active) const void *e, bool active);
{
if (SET_WITH_TIMEOUT(set)) {
unsigned long *timeout = ext_timeout(e, set);
if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(active ? ip_set_timeout_get(timeout)
: *timeout)))
return -EMSGSIZE;
}
if (SET_WITH_COUNTER(set) &&
ip_set_put_counter(skb, ext_counter(e, set)))
return -EMSGSIZE;
if (SET_WITH_COMMENT(set) &&
ip_set_put_comment(skb, ext_comment(e, set)))
return -EMSGSIZE;
if (SET_WITH_SKBINFO(set) &&
ip_set_put_skbinfo(skb, ext_skbinfo(e, set)))
return -EMSGSIZE;
return 0;
}
#define IP_SET_INIT_KEXT(skb, opt, set) \ #define IP_SET_INIT_KEXT(skb, opt, set) \
{ .bytes = (skb)->len, .packets = 1, \ { .bytes = (skb)->len, .packets = 1, \
......
...@@ -62,6 +62,7 @@ struct xt_mtchk_param { ...@@ -62,6 +62,7 @@ struct xt_mtchk_param {
void *matchinfo; void *matchinfo;
unsigned int hook_mask; unsigned int hook_mask;
u_int8_t family; u_int8_t family;
bool nft_compat;
}; };
/** /**
...@@ -92,6 +93,7 @@ struct xt_tgchk_param { ...@@ -92,6 +93,7 @@ struct xt_tgchk_param {
void *targinfo; void *targinfo;
unsigned int hook_mask; unsigned int hook_mask;
u_int8_t family; u_int8_t family;
bool nft_compat;
}; };
/* Target destructor parameters */ /* Target destructor parameters */
......
...@@ -170,12 +170,14 @@ struct nf_bridge_info { ...@@ -170,12 +170,14 @@ struct nf_bridge_info {
BRNF_PROTO_UNCHANGED, BRNF_PROTO_UNCHANGED,
BRNF_PROTO_8021Q, BRNF_PROTO_8021Q,
BRNF_PROTO_PPPOE BRNF_PROTO_PPPOE
} orig_proto; } orig_proto:8;
bool pkt_otherhost; bool pkt_otherhost;
unsigned int mask; unsigned int mask;
struct net_device *physindev; struct net_device *physindev;
struct net_device *physoutdev; union {
char neigh_header[8]; struct net_device *physoutdev;
char neigh_header[8];
};
}; };
#endif #endif
......
...@@ -129,6 +129,14 @@ static struct nf_bridge_info *nf_bridge_info_get(const struct sk_buff *skb) ...@@ -129,6 +129,14 @@ static struct nf_bridge_info *nf_bridge_info_get(const struct sk_buff *skb)
return skb->nf_bridge; return skb->nf_bridge;
} }
static void nf_bridge_info_free(struct sk_buff *skb)
{
if (skb->nf_bridge) {
nf_bridge_put(skb->nf_bridge);
skb->nf_bridge = NULL;
}
}
static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
{ {
struct net_bridge_port *port; struct net_bridge_port *port;
...@@ -841,6 +849,7 @@ static int br_nf_push_frag_xmit(struct sock *sk, struct sk_buff *skb) ...@@ -841,6 +849,7 @@ static int br_nf_push_frag_xmit(struct sock *sk, struct sk_buff *skb)
skb_copy_to_linear_data_offset(skb, -data->size, data->mac, data->size); skb_copy_to_linear_data_offset(skb, -data->size, data->mac, data->size);
__skb_push(skb, data->encap_size); __skb_push(skb, data->encap_size);
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(sk, skb); return br_dev_queue_push_xmit(sk, skb);
} }
...@@ -850,8 +859,10 @@ static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) ...@@ -850,8 +859,10 @@ static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb)
int frag_max_size; int frag_max_size;
unsigned int mtu_reserved; unsigned int mtu_reserved;
if (skb_is_gso(skb) || skb->protocol != htons(ETH_P_IP)) if (skb_is_gso(skb) || skb->protocol != htons(ETH_P_IP)) {
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(sk, skb); return br_dev_queue_push_xmit(sk, skb);
}
mtu_reserved = nf_bridge_mtu_reduction(skb); mtu_reserved = nf_bridge_mtu_reduction(skb);
/* This is wrong! We should preserve the original fragment /* This is wrong! We should preserve the original fragment
...@@ -877,6 +888,7 @@ static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) ...@@ -877,6 +888,7 @@ static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb)
ret = ip_fragment(sk, skb, br_nf_push_frag_xmit); ret = ip_fragment(sk, skb, br_nf_push_frag_xmit);
} else { } else {
nf_bridge_info_free(skb);
ret = br_dev_queue_push_xmit(sk, skb); ret = br_dev_queue_push_xmit(sk, skb);
} }
...@@ -885,7 +897,8 @@ static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) ...@@ -885,7 +897,8 @@ static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb)
#else #else
static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb)
{ {
return br_dev_queue_push_xmit(sk, skb); nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(sk, skb);
} }
#endif #endif
...@@ -973,6 +986,8 @@ static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) ...@@ -973,6 +986,8 @@ static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)
nf_bridge->neigh_header, nf_bridge->neigh_header,
ETH_HLEN - ETH_ALEN); ETH_HLEN - ETH_ALEN);
skb->dev = nf_bridge->physindev; skb->dev = nf_bridge->physindev;
nf_bridge->physoutdev = NULL;
br_handle_frame_finish(NULL, skb); br_handle_frame_finish(NULL, skb);
} }
......
...@@ -164,8 +164,10 @@ static int ebt_stp_mt_check(const struct xt_mtchk_param *par) ...@@ -164,8 +164,10 @@ static int ebt_stp_mt_check(const struct xt_mtchk_param *par)
!(info->bitmask & EBT_STP_MASK)) !(info->bitmask & EBT_STP_MASK))
return -EINVAL; return -EINVAL;
/* Make sure the match only receives stp frames */ /* Make sure the match only receives stp frames */
if (!ether_addr_equal(e->destmac, bridge_ula) || if (!par->nft_compat &&
!ether_addr_equal(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) (!ether_addr_equal(e->destmac, bridge_ula) ||
!ether_addr_equal(e->destmsk, msk) ||
!(e->bitmask & EBT_DESTMAC)))
return -EINVAL; return -EINVAL;
return 0; return 0;
......
...@@ -367,6 +367,11 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par) ...@@ -367,6 +367,11 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
struct clusterip_config *config; struct clusterip_config *config;
int ret; int ret;
if (par->nft_compat) {
pr_err("cannot use CLUSTERIP target from nftables compat\n");
return -EOPNOTSUPP;
}
if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP && if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP &&
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT &&
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
......
...@@ -36,6 +36,7 @@ IP_SET_MODULE_DESC("bitmap:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); ...@@ -36,6 +36,7 @@ IP_SET_MODULE_DESC("bitmap:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_bitmap:ip"); MODULE_ALIAS("ip_set_bitmap:ip");
#define MTYPE bitmap_ip #define MTYPE bitmap_ip
#define HOST_MASK 32
/* Type structure */ /* Type structure */
struct bitmap_ip { struct bitmap_ip {
...@@ -149,8 +150,11 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -149,8 +150,11 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -174,7 +178,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -174,7 +178,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!cidr || cidr > 32) if (!cidr || cidr > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} else } else
...@@ -277,7 +281,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], ...@@ -277,7 +281,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (cidr >= 32) if (cidr >= HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(first_ip, last_ip, cidr); ip_set_mask_from_to(first_ip, last_ip, cidr);
} else } else
...@@ -286,7 +290,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], ...@@ -286,7 +290,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_NETMASK]) { if (tb[IPSET_ATTR_NETMASK]) {
netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
if (netmask > 32) if (netmask > HOST_MASK)
return -IPSET_ERR_INVALID_NETMASK; return -IPSET_ERR_INVALID_NETMASK;
first_ip &= ip_set_hostmask(netmask); first_ip &= ip_set_hostmask(netmask);
...@@ -360,7 +364,8 @@ static struct ip_set_type bitmap_ip_type __read_mostly = { ...@@ -360,7 +364,8 @@ static struct ip_set_type bitmap_ip_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -36,6 +36,7 @@ IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); ...@@ -36,6 +36,7 @@ IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_bitmap:ip,mac"); MODULE_ALIAS("ip_set_bitmap:ip,mac");
#define MTYPE bitmap_ipmac #define MTYPE bitmap_ipmac
#define HOST_MASK 32
#define IP_SET_BITMAP_STORED_TIMEOUT #define IP_SET_BITMAP_STORED_TIMEOUT
enum { enum {
...@@ -250,8 +251,11 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -250,8 +251,11 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -343,7 +347,7 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[], ...@@ -343,7 +347,7 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (cidr >= 32) if (cidr >= HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(first_ip, last_ip, cidr); ip_set_mask_from_to(first_ip, last_ip, cidr);
} else } else
...@@ -397,7 +401,8 @@ static struct ip_set_type bitmap_ipmac_type = { ...@@ -397,7 +401,8 @@ static struct ip_set_type bitmap_ipmac_type = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -294,7 +294,8 @@ static struct ip_set_type bitmap_port_type = { ...@@ -294,7 +294,8 @@ static struct ip_set_type bitmap_port_type = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -42,7 +42,7 @@ static inline struct ip_set_net *ip_set_pernet(struct net *net) ...@@ -42,7 +42,7 @@ static inline struct ip_set_net *ip_set_pernet(struct net *net)
} }
#define IP_SET_INC 64 #define IP_SET_INC 64
#define STREQ(a, b) (strncmp(a, b, IPSET_MAXNAMELEN) == 0) #define STRNCMP(a, b) (strncmp(a, b, IPSET_MAXNAMELEN) == 0)
static unsigned int max_sets; static unsigned int max_sets;
...@@ -85,7 +85,7 @@ find_set_type(const char *name, u8 family, u8 revision) ...@@ -85,7 +85,7 @@ find_set_type(const char *name, u8 family, u8 revision)
struct ip_set_type *type; struct ip_set_type *type;
list_for_each_entry_rcu(type, &ip_set_type_list, list) list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) && if (STRNCMP(type->name, name) &&
(type->family == family || (type->family == family ||
type->family == NFPROTO_UNSPEC) && type->family == NFPROTO_UNSPEC) &&
revision >= type->revision_min && revision >= type->revision_min &&
...@@ -132,7 +132,7 @@ __find_set_type_get(const char *name, u8 family, u8 revision, ...@@ -132,7 +132,7 @@ __find_set_type_get(const char *name, u8 family, u8 revision,
/* Make sure the type is already loaded /* Make sure the type is already loaded
* but we don't support the revision */ * but we don't support the revision */
list_for_each_entry_rcu(type, &ip_set_type_list, list) list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name)) { if (STRNCMP(type->name, name)) {
err = -IPSET_ERR_FIND_TYPE; err = -IPSET_ERR_FIND_TYPE;
goto unlock; goto unlock;
} }
...@@ -166,7 +166,7 @@ __find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max, ...@@ -166,7 +166,7 @@ __find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max,
*min = 255; *max = 0; *min = 255; *max = 0;
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(type, &ip_set_type_list, list) list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) && if (STRNCMP(type->name, name) &&
(type->family == family || (type->family == family ||
type->family == NFPROTO_UNSPEC)) { type->family == NFPROTO_UNSPEC)) {
found = true; found = true;
...@@ -365,7 +365,7 @@ size_t ...@@ -365,7 +365,7 @@ size_t
ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len) ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
{ {
enum ip_set_ext_id id; enum ip_set_ext_id id;
size_t offset = 0; size_t offset = len;
u32 cadt_flags = 0; u32 cadt_flags = 0;
if (tb[IPSET_ATTR_CADT_FLAGS]) if (tb[IPSET_ATTR_CADT_FLAGS])
...@@ -375,12 +375,12 @@ ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len) ...@@ -375,12 +375,12 @@ ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
for (id = 0; id < IPSET_EXT_ID_MAX; id++) { for (id = 0; id < IPSET_EXT_ID_MAX; id++) {
if (!add_extension(id, cadt_flags, tb)) if (!add_extension(id, cadt_flags, tb))
continue; continue;
offset += ALIGN(len + offset, ip_set_extensions[id].align); offset = ALIGN(offset, ip_set_extensions[id].align);
set->offset[id] = offset; set->offset[id] = offset;
set->extensions |= ip_set_extensions[id].type; set->extensions |= ip_set_extensions[id].type;
offset += ip_set_extensions[id].len; offset += ip_set_extensions[id].len;
} }
return len + offset; return offset;
} }
EXPORT_SYMBOL_GPL(ip_set_elem_len); EXPORT_SYMBOL_GPL(ip_set_elem_len);
...@@ -432,6 +432,31 @@ ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], ...@@ -432,6 +432,31 @@ ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
} }
EXPORT_SYMBOL_GPL(ip_set_get_extensions); EXPORT_SYMBOL_GPL(ip_set_get_extensions);
int
ip_set_put_extensions(struct sk_buff *skb, const struct ip_set *set,
const void *e, bool active)
{
if (SET_WITH_TIMEOUT(set)) {
unsigned long *timeout = ext_timeout(e, set);
if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(active ? ip_set_timeout_get(timeout)
: *timeout)))
return -EMSGSIZE;
}
if (SET_WITH_COUNTER(set) &&
ip_set_put_counter(skb, ext_counter(e, set)))
return -EMSGSIZE;
if (SET_WITH_COMMENT(set) &&
ip_set_put_comment(skb, ext_comment(e, set)))
return -EMSGSIZE;
if (SET_WITH_SKBINFO(set) &&
ip_set_put_skbinfo(skb, ext_skbinfo(e, set)))
return -EMSGSIZE;
return 0;
}
EXPORT_SYMBOL_GPL(ip_set_put_extensions);
/* /*
* Creating/destroying/renaming/swapping affect the existence and * Creating/destroying/renaming/swapping affect the existence and
* the properties of a set. All of these can be executed from userspace * the properties of a set. All of these can be executed from userspace
...@@ -581,7 +606,7 @@ ip_set_get_byname(struct net *net, const char *name, struct ip_set **set) ...@@ -581,7 +606,7 @@ ip_set_get_byname(struct net *net, const char *name, struct ip_set **set)
rcu_read_lock(); rcu_read_lock();
for (i = 0; i < inst->ip_set_max; i++) { for (i = 0; i < inst->ip_set_max; i++) {
s = rcu_dereference(inst->ip_set_list)[i]; s = rcu_dereference(inst->ip_set_list)[i];
if (s != NULL && STREQ(s->name, name)) { if (s != NULL && STRNCMP(s->name, name)) {
__ip_set_get(s); __ip_set_get(s);
index = i; index = i;
*set = s; *set = s;
...@@ -758,7 +783,7 @@ find_set_and_id(struct ip_set_net *inst, const char *name, ip_set_id_t *id) ...@@ -758,7 +783,7 @@ find_set_and_id(struct ip_set_net *inst, const char *name, ip_set_id_t *id)
*id = IPSET_INVALID_ID; *id = IPSET_INVALID_ID;
for (i = 0; i < inst->ip_set_max; i++) { for (i = 0; i < inst->ip_set_max; i++) {
set = ip_set(inst, i); set = ip_set(inst, i);
if (set != NULL && STREQ(set->name, name)) { if (set != NULL && STRNCMP(set->name, name)) {
*id = i; *id = i;
break; break;
} }
...@@ -787,7 +812,7 @@ find_free_id(struct ip_set_net *inst, const char *name, ip_set_id_t *index, ...@@ -787,7 +812,7 @@ find_free_id(struct ip_set_net *inst, const char *name, ip_set_id_t *index,
if (s == NULL) { if (s == NULL) {
if (*index == IPSET_INVALID_ID) if (*index == IPSET_INVALID_ID)
*index = i; *index = i;
} else if (STREQ(name, s->name)) { } else if (STRNCMP(name, s->name)) {
/* Name clash */ /* Name clash */
*set = s; *set = s;
return -EEXIST; return -EEXIST;
...@@ -887,7 +912,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb, ...@@ -887,7 +912,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb,
if (ret == -EEXIST) { if (ret == -EEXIST) {
/* If this is the same set and requested, ignore error */ /* If this is the same set and requested, ignore error */
if ((flags & IPSET_FLAG_EXIST) && if ((flags & IPSET_FLAG_EXIST) &&
STREQ(set->type->name, clash->type->name) && STRNCMP(set->type->name, clash->type->name) &&
set->type->family == clash->type->family && set->type->family == clash->type->family &&
set->type->revision_min == clash->type->revision_min && set->type->revision_min == clash->type->revision_min &&
set->type->revision_max == clash->type->revision_max && set->type->revision_max == clash->type->revision_max &&
...@@ -1098,7 +1123,7 @@ ip_set_rename(struct sock *ctnl, struct sk_buff *skb, ...@@ -1098,7 +1123,7 @@ ip_set_rename(struct sock *ctnl, struct sk_buff *skb,
name2 = nla_data(attr[IPSET_ATTR_SETNAME2]); name2 = nla_data(attr[IPSET_ATTR_SETNAME2]);
for (i = 0; i < inst->ip_set_max; i++) { for (i = 0; i < inst->ip_set_max; i++) {
s = ip_set(inst, i); s = ip_set(inst, i);
if (s != NULL && STREQ(s->name, name2)) { if (s != NULL && STRNCMP(s->name, name2)) {
ret = -IPSET_ERR_EXIST_SETNAME2; ret = -IPSET_ERR_EXIST_SETNAME2;
goto out; goto out;
} }
......
...@@ -98,7 +98,7 @@ ip_set_get_ip4_port(const struct sk_buff *skb, bool src, ...@@ -98,7 +98,7 @@ ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
__be16 *port, u8 *proto) __be16 *port, u8 *proto)
{ {
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
unsigned int protooff = ip_hdrlen(skb); unsigned int protooff = skb_network_offset(skb) + ip_hdrlen(skb);
int protocol = iph->protocol; int protocol = iph->protocol;
/* See comments at tcp_match in ip_tables.c */ /* See comments at tcp_match in ip_tables.c */
...@@ -135,7 +135,9 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, ...@@ -135,7 +135,9 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
__be16 frag_off = 0; __be16 frag_off = 0;
nexthdr = ipv6_hdr(skb)->nexthdr; nexthdr = ipv6_hdr(skb)->nexthdr;
protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, protoff = ipv6_skip_exthdr(skb,
skb_network_offset(skb) +
sizeof(struct ipv6hdr), &nexthdr,
&frag_off); &frag_off);
if (protoff < 0 || (frag_off & htons(~0x7)) != 0) if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
return false; return false;
......
...@@ -180,6 +180,7 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) ...@@ -180,6 +180,7 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
#undef mtype_data_equal #undef mtype_data_equal
#undef mtype_do_data_match #undef mtype_do_data_match
#undef mtype_data_set_flags #undef mtype_data_set_flags
#undef mtype_data_reset_elem
#undef mtype_data_reset_flags #undef mtype_data_reset_flags
#undef mtype_data_netmask #undef mtype_data_netmask
#undef mtype_data_list #undef mtype_data_list
...@@ -193,7 +194,6 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) ...@@ -193,7 +194,6 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
#undef mtype_ahash_memsize #undef mtype_ahash_memsize
#undef mtype_flush #undef mtype_flush
#undef mtype_destroy #undef mtype_destroy
#undef mtype_gc_init
#undef mtype_same_set #undef mtype_same_set
#undef mtype_kadt #undef mtype_kadt
#undef mtype_uadt #undef mtype_uadt
...@@ -227,6 +227,7 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) ...@@ -227,6 +227,7 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
#define mtype_data_list IPSET_TOKEN(MTYPE, _data_list) #define mtype_data_list IPSET_TOKEN(MTYPE, _data_list)
#define mtype_data_next IPSET_TOKEN(MTYPE, _data_next) #define mtype_data_next IPSET_TOKEN(MTYPE, _data_next)
#define mtype_elem IPSET_TOKEN(MTYPE, _elem) #define mtype_elem IPSET_TOKEN(MTYPE, _elem)
#define mtype_ahash_destroy IPSET_TOKEN(MTYPE, _ahash_destroy) #define mtype_ahash_destroy IPSET_TOKEN(MTYPE, _ahash_destroy)
#define mtype_ext_cleanup IPSET_TOKEN(MTYPE, _ext_cleanup) #define mtype_ext_cleanup IPSET_TOKEN(MTYPE, _ext_cleanup)
#define mtype_add_cidr IPSET_TOKEN(MTYPE, _add_cidr) #define mtype_add_cidr IPSET_TOKEN(MTYPE, _add_cidr)
...@@ -234,7 +235,6 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) ...@@ -234,7 +235,6 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
#define mtype_ahash_memsize IPSET_TOKEN(MTYPE, _ahash_memsize) #define mtype_ahash_memsize IPSET_TOKEN(MTYPE, _ahash_memsize)
#define mtype_flush IPSET_TOKEN(MTYPE, _flush) #define mtype_flush IPSET_TOKEN(MTYPE, _flush)
#define mtype_destroy IPSET_TOKEN(MTYPE, _destroy) #define mtype_destroy IPSET_TOKEN(MTYPE, _destroy)
#define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init)
#define mtype_same_set IPSET_TOKEN(MTYPE, _same_set) #define mtype_same_set IPSET_TOKEN(MTYPE, _same_set)
#define mtype_kadt IPSET_TOKEN(MTYPE, _kadt) #define mtype_kadt IPSET_TOKEN(MTYPE, _kadt)
#define mtype_uadt IPSET_TOKEN(MTYPE, _uadt) #define mtype_uadt IPSET_TOKEN(MTYPE, _uadt)
...@@ -249,9 +249,18 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) ...@@ -249,9 +249,18 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
#define mtype_head IPSET_TOKEN(MTYPE, _head) #define mtype_head IPSET_TOKEN(MTYPE, _head)
#define mtype_list IPSET_TOKEN(MTYPE, _list) #define mtype_list IPSET_TOKEN(MTYPE, _list)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc) #define mtype_gc IPSET_TOKEN(MTYPE, _gc)
#define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init)
#define mtype_variant IPSET_TOKEN(MTYPE, _variant) #define mtype_variant IPSET_TOKEN(MTYPE, _variant)
#define mtype_data_match IPSET_TOKEN(MTYPE, _data_match) #define mtype_data_match IPSET_TOKEN(MTYPE, _data_match)
#ifndef MTYPE
#error "MTYPE is not defined!"
#endif
#ifndef HOST_MASK
#error "HOST_MASK is not defined!"
#endif
#ifndef HKEY_DATALEN #ifndef HKEY_DATALEN
#define HKEY_DATALEN sizeof(struct mtype_elem) #define HKEY_DATALEN sizeof(struct mtype_elem)
#endif #endif
...@@ -261,6 +270,9 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) ...@@ -261,6 +270,9 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
& jhash_mask(htable_bits)) & jhash_mask(htable_bits))
#ifndef htype #ifndef htype
#ifndef HTYPE
#error "HTYPE is not defined!"
#endif /* HTYPE */
#define htype HTYPE #define htype HTYPE
/* The generic hash structure */ /* The generic hash structure */
...@@ -287,7 +299,7 @@ struct htype { ...@@ -287,7 +299,7 @@ struct htype {
struct net_prefixes nets[0]; /* book-keeping of prefixes */ struct net_prefixes nets[0]; /* book-keeping of prefixes */
#endif #endif
}; };
#endif #endif /* htype */
#ifdef IP_SET_HASH_WITH_NETS #ifdef IP_SET_HASH_WITH_NETS
/* Network cidr size book keeping when the hash stores different /* Network cidr size book keeping when the hash stores different
...@@ -1045,7 +1057,7 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, ...@@ -1045,7 +1057,7 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
u8 netmask; u8 netmask;
#endif #endif
size_t hsize; size_t hsize;
struct HTYPE *h; struct htype *h;
struct htable *t; struct htable *t;
#ifndef IP_SET_PROTO_UNDEF #ifndef IP_SET_PROTO_UNDEF
...@@ -1165,3 +1177,5 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, ...@@ -1165,3 +1177,5 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
return 0; return 0;
} }
#endif /* IP_SET_EMIT_CREATE */ #endif /* IP_SET_EMIT_CREATE */
#undef HKEY_DATALEN
...@@ -56,15 +56,15 @@ hash_ip4_data_equal(const struct hash_ip4_elem *e1, ...@@ -56,15 +56,15 @@ hash_ip4_data_equal(const struct hash_ip4_elem *e1,
return e1->ip == e2->ip; return e1->ip == e2->ip;
} }
static inline bool static bool
hash_ip4_data_list(struct sk_buff *skb, const struct hash_ip4_elem *e) hash_ip4_data_list(struct sk_buff *skb, const struct hash_ip4_elem *e)
{ {
if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, e->ip)) if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, e->ip))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -74,7 +74,6 @@ hash_ip4_data_next(struct hash_ip4_elem *next, const struct hash_ip4_elem *e) ...@@ -74,7 +74,6 @@ hash_ip4_data_next(struct hash_ip4_elem *next, const struct hash_ip4_elem *e)
} }
#define MTYPE hash_ip4 #define MTYPE hash_ip4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -121,8 +120,11 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -121,8 +120,11 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -145,7 +147,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -145,7 +147,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!cidr || cidr > 32) if (!cidr || cidr > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} }
...@@ -196,10 +198,10 @@ hash_ip6_data_list(struct sk_buff *skb, const struct hash_ip6_elem *e) ...@@ -196,10 +198,10 @@ hash_ip6_data_list(struct sk_buff *skb, const struct hash_ip6_elem *e)
{ {
if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6)) if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -208,12 +210,9 @@ hash_ip6_data_next(struct hash_ip4_elem *next, const struct hash_ip6_elem *e) ...@@ -208,12 +210,9 @@ hash_ip6_data_next(struct hash_ip4_elem *next, const struct hash_ip6_elem *e)
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#undef HKEY_DATALEN
#define MTYPE hash_ip6 #define MTYPE hash_ip6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
...@@ -261,8 +260,11 @@ hash_ip6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -261,8 +260,11 @@ hash_ip6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -301,7 +303,8 @@ static struct ip_set_type hash_ip_type __read_mostly = { ...@@ -301,7 +303,8 @@ static struct ip_set_type hash_ip_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -63,10 +63,10 @@ hash_ipmark4_data_list(struct sk_buff *skb, ...@@ -63,10 +63,10 @@ hash_ipmark4_data_list(struct sk_buff *skb,
if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
nla_put_net32(skb, IPSET_ATTR_MARK, htonl(data->mark))) nla_put_net32(skb, IPSET_ATTR_MARK, htonl(data->mark)))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -76,10 +76,8 @@ hash_ipmark4_data_next(struct hash_ipmark4_elem *next, ...@@ -76,10 +76,8 @@ hash_ipmark4_data_next(struct hash_ipmark4_elem *next,
next->ip = d->ip; next->ip = d->ip;
} }
#define MTYPE hash_ipmark4 #define MTYPE hash_ipmark4
#define PF 4 #define HOST_MASK 32
#define HOST_MASK 32
#define HKEY_DATALEN sizeof(struct hash_ipmark4_elem)
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
static int static int
...@@ -123,12 +121,15 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -123,12 +121,15 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
e.mark = ntohl(nla_get_u32(tb[IPSET_ATTR_MARK])); ret = ip_set_get_extensions(set, tb, &ext);
if (ret)
return ret;
e.mark = ntohl(nla_get_be32(tb[IPSET_ATTR_MARK]));
e.mark &= h->markmask; e.mark &= h->markmask;
if (adt == IPSET_TEST || if (adt == IPSET_TEST ||
...@@ -147,7 +148,7 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -147,7 +148,7 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!cidr || cidr > 32) if (!cidr || cidr > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} }
...@@ -191,10 +192,10 @@ hash_ipmark6_data_list(struct sk_buff *skb, ...@@ -191,10 +192,10 @@ hash_ipmark6_data_list(struct sk_buff *skb,
if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
nla_put_net32(skb, IPSET_ATTR_MARK, htonl(data->mark))) nla_put_net32(skb, IPSET_ATTR_MARK, htonl(data->mark)))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -204,15 +205,11 @@ hash_ipmark6_data_next(struct hash_ipmark4_elem *next, ...@@ -204,15 +205,11 @@ hash_ipmark6_data_next(struct hash_ipmark4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#undef HKEY_DATALEN
#define MTYPE hash_ipmark6 #define MTYPE hash_ipmark6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define HKEY_DATALEN sizeof(struct hash_ipmark6_elem) #define IP_SET_EMIT_CREATE
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -258,12 +255,15 @@ hash_ipmark6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -258,12 +255,15 @@ hash_ipmark6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
e.mark = ntohl(nla_get_u32(tb[IPSET_ATTR_MARK])); e.mark = ntohl(nla_get_be32(tb[IPSET_ATTR_MARK]));
e.mark &= h->markmask; e.mark &= h->markmask;
if (adt == IPSET_TEST) { if (adt == IPSET_TEST) {
...@@ -307,7 +307,8 @@ static struct ip_set_type hash_ipmark_type __read_mostly = { ...@@ -307,7 +307,8 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -69,10 +69,10 @@ hash_ipport4_data_list(struct sk_buff *skb, ...@@ -69,10 +69,10 @@ hash_ipport4_data_list(struct sk_buff *skb,
nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -83,10 +83,8 @@ hash_ipport4_data_next(struct hash_ipport4_elem *next, ...@@ -83,10 +83,8 @@ hash_ipport4_data_next(struct hash_ipport4_elem *next,
next->port = d->port; next->port = d->port;
} }
#define MTYPE hash_ipport4 #define MTYPE hash_ipport4
#define PF 4 #define HOST_MASK 32
#define HOST_MASK 32
#define HKEY_DATALEN sizeof(struct hash_ipport4_elem)
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
static int static int
...@@ -132,15 +130,15 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -132,15 +130,15 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
if (tb[IPSET_ATTR_PORT]) ret = ip_set_get_extensions(set, tb, &ext);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]); if (ret)
else return ret;
return -IPSET_ERR_PROTOCOL;
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -171,7 +169,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -171,7 +169,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!cidr || cidr > 32) if (!cidr || cidr > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} }
...@@ -231,10 +229,10 @@ hash_ipport6_data_list(struct sk_buff *skb, ...@@ -231,10 +229,10 @@ hash_ipport6_data_list(struct sk_buff *skb,
nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -245,15 +243,11 @@ hash_ipport6_data_next(struct hash_ipport4_elem *next, ...@@ -245,15 +243,11 @@ hash_ipport6_data_next(struct hash_ipport4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#undef HKEY_DATALEN
#define MTYPE hash_ipport6 #define MTYPE hash_ipport6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define HKEY_DATALEN sizeof(struct hash_ipport6_elem) #define IP_SET_EMIT_CREATE
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
static int static int
...@@ -301,15 +295,15 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -301,15 +295,15 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
if (tb[IPSET_ATTR_PORT]) ret = ip_set_get_extensions(set, tb, &ext);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]); if (ret)
else return ret;
return -IPSET_ERR_PROTOCOL;
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -376,7 +370,8 @@ static struct ip_set_type hash_ipport_type __read_mostly = { ...@@ -376,7 +370,8 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -70,10 +70,10 @@ hash_ipportip4_data_list(struct sk_buff *skb, ...@@ -70,10 +70,10 @@ hash_ipportip4_data_list(struct sk_buff *skb,
nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -86,7 +86,6 @@ hash_ipportip4_data_next(struct hash_ipportip4_elem *next, ...@@ -86,7 +86,6 @@ hash_ipportip4_data_next(struct hash_ipportip4_elem *next,
/* Common functions */ /* Common functions */
#define MTYPE hash_ipportip4 #define MTYPE hash_ipportip4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -134,8 +133,11 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -134,8 +133,11 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -143,10 +145,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -143,10 +145,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (ret) if (ret)
return ret; return ret;
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -177,7 +176,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -177,7 +176,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!cidr || cidr > 32) if (!cidr || cidr > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} }
...@@ -240,10 +239,10 @@ hash_ipportip6_data_list(struct sk_buff *skb, ...@@ -240,10 +239,10 @@ hash_ipportip6_data_list(struct sk_buff *skb,
nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -254,11 +253,9 @@ hash_ipportip6_data_next(struct hash_ipportip4_elem *next, ...@@ -254,11 +253,9 @@ hash_ipportip6_data_next(struct hash_ipportip4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#define MTYPE hash_ipportip6 #define MTYPE hash_ipportip6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -309,8 +306,11 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -309,8 +306,11 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -318,10 +318,7 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -318,10 +318,7 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[],
if (ret) if (ret)
return ret; return ret;
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -388,7 +385,8 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { ...@@ -388,7 +385,8 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -114,10 +114,10 @@ hash_ipportnet4_data_list(struct sk_buff *skb, ...@@ -114,10 +114,10 @@ hash_ipportnet4_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -130,7 +130,6 @@ hash_ipportnet4_data_next(struct hash_ipportnet4_elem *next, ...@@ -130,7 +130,6 @@ hash_ipportnet4_data_next(struct hash_ipportnet4_elem *next,
} }
#define MTYPE hash_ipportnet4 #define MTYPE hash_ipportnet4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -189,8 +188,11 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -189,8 +188,11 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -205,10 +207,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -205,10 +207,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
e.cidr = cidr - 1; e.cidr = cidr - 1;
} }
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -249,7 +248,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -249,7 +248,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
} else if (tb[IPSET_ATTR_CIDR]) { } else if (tb[IPSET_ATTR_CIDR]) {
cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!cidr || cidr > 32) if (!cidr || cidr > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} }
...@@ -367,10 +366,10 @@ hash_ipportnet6_data_list(struct sk_buff *skb, ...@@ -367,10 +366,10 @@ hash_ipportnet6_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -381,11 +380,9 @@ hash_ipportnet6_data_next(struct hash_ipportnet4_elem *next, ...@@ -381,11 +380,9 @@ hash_ipportnet6_data_next(struct hash_ipportnet4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#define MTYPE hash_ipportnet6 #define MTYPE hash_ipportnet6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -448,8 +445,11 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -448,8 +445,11 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -466,10 +466,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -466,10 +466,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
ip6_netmask(&e.ip2, e.cidr + 1); ip6_netmask(&e.ip2, e.cidr + 1);
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -547,7 +544,8 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { ...@@ -547,7 +544,8 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -52,7 +52,12 @@ hash_mac4_data_equal(const struct hash_mac4_elem *e1, ...@@ -52,7 +52,12 @@ hash_mac4_data_equal(const struct hash_mac4_elem *e1,
static inline bool static inline bool
hash_mac4_data_list(struct sk_buff *skb, const struct hash_mac4_elem *e) hash_mac4_data_list(struct sk_buff *skb, const struct hash_mac4_elem *e)
{ {
return nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN, e->ether); if (nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN, e->ether))
goto nla_put_failure;
return false;
nla_put_failure:
return true;
} }
static inline void static inline void
...@@ -62,7 +67,6 @@ hash_mac4_data_next(struct hash_mac4_elem *next, ...@@ -62,7 +67,6 @@ hash_mac4_data_next(struct hash_mac4_elem *next,
} }
#define MTYPE hash_mac4 #define MTYPE hash_mac4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#define IP_SET_PROTO_UNDEF #define IP_SET_PROTO_UNDEF
...@@ -149,7 +153,8 @@ static struct ip_set_type hash_mac_type __read_mostly = { ...@@ -149,7 +153,8 @@ static struct ip_set_type hash_mac_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -95,10 +95,10 @@ hash_net4_data_list(struct sk_buff *skb, const struct hash_net4_elem *data) ...@@ -95,10 +95,10 @@ hash_net4_data_list(struct sk_buff *skb, const struct hash_net4_elem *data)
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -109,7 +109,6 @@ hash_net4_data_next(struct hash_net4_elem *next, ...@@ -109,7 +109,6 @@ hash_net4_data_next(struct hash_net4_elem *next,
} }
#define MTYPE hash_net4 #define MTYPE hash_net4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -160,8 +159,11 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -160,8 +159,11 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -264,10 +266,10 @@ hash_net6_data_list(struct sk_buff *skb, const struct hash_net6_elem *data) ...@@ -264,10 +266,10 @@ hash_net6_data_list(struct sk_buff *skb, const struct hash_net6_elem *data)
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -277,11 +279,9 @@ hash_net6_data_next(struct hash_net4_elem *next, ...@@ -277,11 +279,9 @@ hash_net6_data_next(struct hash_net4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#define MTYPE hash_net6 #define MTYPE hash_net6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -333,8 +333,11 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -333,8 +333,11 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -383,7 +386,8 @@ static struct ip_set_type hash_net_type __read_mostly = { ...@@ -383,7 +386,8 @@ static struct ip_set_type hash_net_type __read_mostly = {
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -193,10 +193,10 @@ hash_netiface4_data_list(struct sk_buff *skb, ...@@ -193,10 +193,10 @@ hash_netiface4_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -207,7 +207,6 @@ hash_netiface4_data_next(struct hash_netiface4_elem *next, ...@@ -207,7 +207,6 @@ hash_netiface4_data_next(struct hash_netiface4_elem *next,
} }
#define MTYPE hash_netiface4 #define MTYPE hash_netiface4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#define HKEY_DATALEN sizeof(struct hash_netiface4_elem_hashed) #define HKEY_DATALEN sizeof(struct hash_netiface4_elem_hashed)
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -308,8 +307,11 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -308,8 +307,11 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -444,10 +446,10 @@ hash_netiface6_data_list(struct sk_buff *skb, ...@@ -444,10 +446,10 @@ hash_netiface6_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -457,12 +459,9 @@ hash_netiface6_data_next(struct hash_netiface4_elem *next, ...@@ -457,12 +459,9 @@ hash_netiface6_data_next(struct hash_netiface4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#undef HKEY_DATALEN
#define MTYPE hash_netiface6 #define MTYPE hash_netiface6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define HKEY_DATALEN sizeof(struct hash_netiface6_elem_hashed) #define HKEY_DATALEN sizeof(struct hash_netiface6_elem_hashed)
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
...@@ -546,8 +545,11 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -546,8 +545,11 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -613,7 +615,8 @@ static struct ip_set_type hash_netiface_type __read_mostly = { ...@@ -613,7 +615,8 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -128,7 +128,6 @@ hash_netnet4_data_next(struct hash_netnet4_elem *next, ...@@ -128,7 +128,6 @@ hash_netnet4_data_next(struct hash_netnet4_elem *next,
} }
#define MTYPE hash_netnet4 #define MTYPE hash_netnet4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -182,9 +181,15 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -182,9 +181,15 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from) || if (ret)
ip_set_get_extensions(set, tb, &ext); return ret;
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from);
if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -354,11 +359,9 @@ hash_netnet6_data_next(struct hash_netnet4_elem *next, ...@@ -354,11 +359,9 @@ hash_netnet6_data_next(struct hash_netnet4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#define MTYPE hash_netnet6 #define MTYPE hash_netnet6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -411,9 +414,15 @@ hash_netnet6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -411,9 +414,15 @@ hash_netnet6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]);
ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]) || if (ret)
ip_set_get_extensions(set, tb, &ext); return ret;
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]);
if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -470,7 +479,8 @@ static struct ip_set_type hash_netnet_type __read_mostly = { ...@@ -470,7 +479,8 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -110,10 +110,10 @@ hash_netport4_data_list(struct sk_buff *skb, ...@@ -110,10 +110,10 @@ hash_netport4_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -125,7 +125,6 @@ hash_netport4_data_next(struct hash_netport4_elem *next, ...@@ -125,7 +125,6 @@ hash_netport4_data_next(struct hash_netport4_elem *next,
} }
#define MTYPE hash_netport4 #define MTYPE hash_netport4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -182,8 +181,11 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -182,8 +181,11 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -194,10 +196,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -194,10 +196,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
e.cidr = cidr - 1; e.cidr = cidr - 1;
} }
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -326,10 +325,10 @@ hash_netport6_data_list(struct sk_buff *skb, ...@@ -326,10 +325,10 @@ hash_netport6_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -340,11 +339,9 @@ hash_netport6_data_next(struct hash_netport4_elem *next, ...@@ -340,11 +339,9 @@ hash_netport6_data_next(struct hash_netport4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#define MTYPE hash_netport6 #define MTYPE hash_netport6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -404,8 +401,11 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -404,8 +401,11 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
ip_set_get_extensions(set, tb, &ext); if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -417,10 +417,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -417,10 +417,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
} }
ip6_netmask(&e.ip, e.cidr + 1); ip6_netmask(&e.ip, e.cidr + 1);
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -495,7 +492,8 @@ static struct ip_set_type hash_netport_type __read_mostly = { ...@@ -495,7 +492,8 @@ static struct ip_set_type hash_netport_type __read_mostly = {
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -54,7 +54,7 @@ struct hash_netportnet4_elem { ...@@ -54,7 +54,7 @@ struct hash_netportnet4_elem {
u16 ccmp; u16 ccmp;
}; };
u16 padding; u16 padding;
u8 nomatch:1; u8 nomatch;
u8 proto; u8 proto;
}; };
...@@ -124,10 +124,10 @@ hash_netportnet4_data_list(struct sk_buff *skb, ...@@ -124,10 +124,10 @@ hash_netportnet4_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -139,7 +139,6 @@ hash_netportnet4_data_next(struct hash_netportnet4_elem *next, ...@@ -139,7 +139,6 @@ hash_netportnet4_data_next(struct hash_netportnet4_elem *next,
} }
#define MTYPE hash_netportnet4 #define MTYPE hash_netportnet4
#define PF 4
#define HOST_MASK 32 #define HOST_MASK 32
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -200,9 +199,15 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -200,9 +199,15 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip) || ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from) || if (ret)
ip_set_get_extensions(set, tb, &ext); return ret;
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from);
if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -220,10 +225,7 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -220,10 +225,7 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
e.cidr[1] = cidr; e.cidr[1] = cidr;
} }
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -326,7 +328,7 @@ struct hash_netportnet6_elem { ...@@ -326,7 +328,7 @@ struct hash_netportnet6_elem {
u16 ccmp; u16 ccmp;
}; };
u16 padding; u16 padding;
u8 nomatch:1; u8 nomatch;
u8 proto; u8 proto;
}; };
...@@ -397,10 +399,10 @@ hash_netportnet6_data_list(struct sk_buff *skb, ...@@ -397,10 +399,10 @@ hash_netportnet6_data_list(struct sk_buff *skb,
(flags && (flags &&
nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure; goto nla_put_failure;
return 0; return false;
nla_put_failure: nla_put_failure:
return 1; return true;
} }
static inline void static inline void
...@@ -411,11 +413,9 @@ hash_netportnet6_data_next(struct hash_netportnet4_elem *next, ...@@ -411,11 +413,9 @@ hash_netportnet6_data_next(struct hash_netportnet4_elem *next,
} }
#undef MTYPE #undef MTYPE
#undef PF
#undef HOST_MASK #undef HOST_MASK
#define MTYPE hash_netportnet6 #define MTYPE hash_netportnet6
#define PF 6
#define HOST_MASK 128 #define HOST_MASK 128
#define IP_SET_EMIT_CREATE #define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h" #include "ip_set_hash_gen.h"
...@@ -477,9 +477,15 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -477,9 +477,15 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
if (tb[IPSET_ATTR_LINENO]) if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]) || ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]);
ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]) || if (ret)
ip_set_get_extensions(set, tb, &ext); return ret;
ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]);
if (ret)
return ret;
ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
...@@ -496,10 +502,7 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -496,10 +502,7 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
ip6_netmask(&e.ip[0], e.cidr[0]); ip6_netmask(&e.ip[0], e.cidr[0]);
ip6_netmask(&e.ip[1], e.cidr[1]); ip6_netmask(&e.ip[1], e.cidr[1]);
if (tb[IPSET_ATTR_PORT]) e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
if (tb[IPSET_ATTR_PROTO]) { if (tb[IPSET_ATTR_PROTO]) {
e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
...@@ -577,7 +580,8 @@ static struct ip_set_type hash_netportnet_type __read_mostly = { ...@@ -577,7 +580,8 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -678,7 +678,8 @@ static struct ip_set_type list_set_type __read_mostly = { ...@@ -678,7 +678,8 @@ static struct ip_set_type list_set_type __read_mostly = {
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 }, [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
.len = IPSET_MAX_COMMENT_SIZE },
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
......
...@@ -1257,7 +1257,7 @@ static int seq_show(struct seq_file *s, void *v) ...@@ -1257,7 +1257,7 @@ static int seq_show(struct seq_file *s, void *v)
inst->copy_mode, inst->copy_range, inst->copy_mode, inst->copy_range,
inst->queue_dropped, inst->queue_user_dropped, inst->queue_dropped, inst->queue_user_dropped,
inst->id_sequence, 1); inst->id_sequence, 1);
return seq_has_overflowed(s); return 0;
} }
static const struct seq_operations nfqnl_seq_ops = { static const struct seq_operations nfqnl_seq_ops = {
......
...@@ -161,6 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par, ...@@ -161,6 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par,
par->hook_mask = 0; par->hook_mask = 0;
} }
par->family = ctx->afi->family; par->family = ctx->afi->family;
par->nft_compat = true;
} }
static void target_compat_from_user(struct xt_target *t, void *in, void *out) static void target_compat_from_user(struct xt_target *t, void *in, void *out)
...@@ -377,6 +378,7 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx, ...@@ -377,6 +378,7 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx,
par->hook_mask = 0; par->hook_mask = 0;
} }
par->family = ctx->afi->family; par->family = ctx->afi->family;
par->nft_compat = true;
} }
static void match_compat_from_user(struct xt_match *m, void *in, void *out) static void match_compat_from_user(struct xt_match *m, void *in, void *out)
......
...@@ -947,11 +947,9 @@ static int xt_table_seq_show(struct seq_file *seq, void *v) ...@@ -947,11 +947,9 @@ static int xt_table_seq_show(struct seq_file *seq, void *v)
{ {
struct xt_table *table = list_entry(v, struct xt_table, list); struct xt_table *table = list_entry(v, struct xt_table, list);
if (strlen(table->name)) { if (*table->name)
seq_printf(seq, "%s\n", table->name); seq_printf(seq, "%s\n", table->name);
return seq_has_overflowed(seq); return 0;
} else
return 0;
} }
static const struct seq_operations xt_table_seq_ops = { static const struct seq_operations xt_table_seq_ops = {
...@@ -1087,10 +1085,8 @@ static int xt_match_seq_show(struct seq_file *seq, void *v) ...@@ -1087,10 +1085,8 @@ static int xt_match_seq_show(struct seq_file *seq, void *v)
if (trav->curr == trav->head) if (trav->curr == trav->head)
return 0; return 0;
match = list_entry(trav->curr, struct xt_match, list); match = list_entry(trav->curr, struct xt_match, list);
if (*match->name == '\0') if (*match->name)
return 0; seq_printf(seq, "%s\n", match->name);
seq_printf(seq, "%s\n", match->name);
return seq_has_overflowed(seq);
} }
return 0; return 0;
} }
...@@ -1142,10 +1138,8 @@ static int xt_target_seq_show(struct seq_file *seq, void *v) ...@@ -1142,10 +1138,8 @@ static int xt_target_seq_show(struct seq_file *seq, void *v)
if (trav->curr == trav->head) if (trav->curr == trav->head)
return 0; return 0;
target = list_entry(trav->curr, struct xt_target, list); target = list_entry(trav->curr, struct xt_target, list);
if (*target->name == '\0') if (*target->name)
return 0; seq_printf(seq, "%s\n", target->name);
seq_printf(seq, "%s\n", target->name);
return seq_has_overflowed(seq);
} }
return 0; return 0;
} }
......
...@@ -277,6 +277,9 @@ static int tcpmss_tg4_check(const struct xt_tgchk_param *par) ...@@ -277,6 +277,9 @@ static int tcpmss_tg4_check(const struct xt_tgchk_param *par)
"FORWARD, OUTPUT and POSTROUTING hooks\n"); "FORWARD, OUTPUT and POSTROUTING hooks\n");
return -EINVAL; return -EINVAL;
} }
if (par->nft_compat)
return 0;
xt_ematch_foreach(ematch, e) xt_ematch_foreach(ematch, e)
if (find_syn_match(ematch)) if (find_syn_match(ematch))
return 0; return 0;
...@@ -299,6 +302,9 @@ static int tcpmss_tg6_check(const struct xt_tgchk_param *par) ...@@ -299,6 +302,9 @@ static int tcpmss_tg6_check(const struct xt_tgchk_param *par)
"FORWARD, OUTPUT and POSTROUTING hooks\n"); "FORWARD, OUTPUT and POSTROUTING hooks\n");
return -EINVAL; return -EINVAL;
} }
if (par->nft_compat)
return 0;
xt_ematch_foreach(ematch, e) xt_ematch_foreach(ematch, e)
if (find_syn_match(ematch)) if (find_syn_match(ematch))
return 0; return 0;
......
...@@ -23,6 +23,7 @@ MODULE_ALIAS("ipt_mark"); ...@@ -23,6 +23,7 @@ MODULE_ALIAS("ipt_mark");
MODULE_ALIAS("ip6t_mark"); MODULE_ALIAS("ip6t_mark");
MODULE_ALIAS("ipt_MARK"); MODULE_ALIAS("ipt_MARK");
MODULE_ALIAS("ip6t_MARK"); MODULE_ALIAS("ip6t_MARK");
MODULE_ALIAS("arpt_MARK");
static unsigned int static unsigned int
mark_tg(struct sk_buff *skb, const struct xt_action_param *par) mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
......
...@@ -15,8 +15,9 @@ ...@@ -15,8 +15,9 @@
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_set.h> #include <linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_timeout.h> #include <linux/netfilter/ipset/ip_set_timeout.h>
#include <uapi/linux/netfilter/xt_set.h>
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment