aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/netfilter/ipset/ip_set.h6
-rw-r--r--include/linux/netfilter/ipset/ip_set_ahash.h2
-rw-r--r--include/linux/netfilter/ipset/ip_set_timeout.h2
-rw-r--r--include/linux/netfilter/ipset/pfxlen.h2
-rw-r--r--net/netfilter/ipset/ip_set_bitmap_ipmac.c3
-rw-r--r--net/netfilter/ipset/ip_set_core.c4
-rw-r--r--net/netfilter/ipset/ip_set_hash_net.c4
-rw-r--r--net/netfilter/ipset/ip_set_hash_netiface.c26
-rw-r--r--net/netfilter/ipset/ip_set_hash_netport.c2
-rw-r--r--net/netfilter/ipset/pfxlen.c2
-rw-r--r--net/netfilter/xt_set.c2
11 files changed, 28 insertions, 27 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index e40917334d04..3540c6e262f7 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -331,7 +331,7 @@ struct ip_set {
331/* register and unregister set references */ 331/* register and unregister set references */
332extern ip_set_id_t ip_set_get_byname(const char *name, struct ip_set **set); 332extern ip_set_id_t ip_set_get_byname(const char *name, struct ip_set **set);
333extern void ip_set_put_byindex(ip_set_id_t index); 333extern void ip_set_put_byindex(ip_set_id_t index);
334extern const char * ip_set_name_byindex(ip_set_id_t index); 334extern const char *ip_set_name_byindex(ip_set_id_t index);
335extern ip_set_id_t ip_set_nfnl_get(const char *name); 335extern ip_set_id_t ip_set_nfnl_get(const char *name);
336extern ip_set_id_t ip_set_nfnl_get_byindex(ip_set_id_t index); 336extern ip_set_id_t ip_set_nfnl_get_byindex(ip_set_id_t index);
337extern void ip_set_nfnl_put(ip_set_id_t index); 337extern void ip_set_nfnl_put(ip_set_id_t index);
@@ -349,7 +349,7 @@ extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb,
349 const struct ip_set_adt_opt *opt); 349 const struct ip_set_adt_opt *opt);
350 350
351/* Utility functions */ 351/* Utility functions */
352extern void * ip_set_alloc(size_t size); 352extern void *ip_set_alloc(size_t size);
353extern void ip_set_free(void *members); 353extern void ip_set_free(void *members);
354extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr); 354extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr);
355extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr); 355extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr);
@@ -359,7 +359,7 @@ ip_set_get_hostipaddr4(struct nlattr *nla, u32 *ipaddr)
359{ 359{
360 __be32 ip; 360 __be32 ip;
361 int ret = ip_set_get_ipaddr4(nla, &ip); 361 int ret = ip_set_get_ipaddr4(nla, &ip);
362 362
363 if (ret) 363 if (ret)
364 return ret; 364 return ret;
365 *ipaddr = ntohl(ip); 365 *ipaddr = ntohl(ip);
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h
index 8a0999a8baa1..c5b06aaa205c 100644
--- a/include/linux/netfilter/ipset/ip_set_ahash.h
+++ b/include/linux/netfilter/ipset/ip_set_ahash.h
@@ -43,7 +43,7 @@ struct htable {
43 struct hbucket bucket[0]; /* hashtable buckets */ 43 struct hbucket bucket[0]; /* hashtable buckets */
44}; 44};
45 45
46#define hbucket(h, i) &((h)->bucket[i]) 46#define hbucket(h, i) (&((h)->bucket[i]))
47 47
48/* Book-keeping of the prefixes added to the set */ 48/* Book-keeping of the prefixes added to the set */
49struct ip_set_hash_nets { 49struct ip_set_hash_nets {
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index bae086af0e44..47923205a4ad 100644
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -78,7 +78,7 @@ ip_set_timeout_set(u32 timeout)
78static inline u32 78static inline u32
79ip_set_timeout_get(unsigned long timeout) 79ip_set_timeout_get(unsigned long timeout)
80{ 80{
81 return timeout == IPSET_ELEM_PERMANENT ? 0 : 81 return timeout == IPSET_ELEM_PERMANENT ? 0 :
82 jiffies_to_msecs(timeout - jiffies)/1000; 82 jiffies_to_msecs(timeout - jiffies)/1000;
83} 83}
84 84
diff --git a/include/linux/netfilter/ipset/pfxlen.h b/include/linux/netfilter/ipset/pfxlen.h
index d55a6ccf662e..199fd11fedc0 100644
--- a/include/linux/netfilter/ipset/pfxlen.h
+++ b/include/linux/netfilter/ipset/pfxlen.h
@@ -2,7 +2,7 @@
2#define _PFXLEN_H 2#define _PFXLEN_H
3 3
4#include <asm/byteorder.h> 4#include <asm/byteorder.h>
5#include <linux/netfilter.h> 5#include <linux/netfilter.h>
6#include <net/tcp.h> 6#include <net/tcp.h>
7 7
8/* Prefixlen maps, by Jan Engelhardt */ 8/* Prefixlen maps, by Jan Engelhardt */
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 51ab66435a0a..56096f544978 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -635,7 +635,8 @@ static struct ip_set_type bitmap_ipmac_type = {
635 }, 635 },
636 .adt_policy = { 636 .adt_policy = {
637 [IPSET_ATTR_IP] = { .type = NLA_NESTED }, 637 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
638 [IPSET_ATTR_ETHER] = { .type = NLA_BINARY, .len = ETH_ALEN }, 638 [IPSET_ATTR_ETHER] = { .type = NLA_BINARY,
639 .len = ETH_ALEN },
639 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 640 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
640 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 641 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
641 }, 642 },
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 80a1262104bf..c012985a5a26 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -683,8 +683,8 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb,
683 if (attr[IPSET_ATTR_DATA] && 683 if (attr[IPSET_ATTR_DATA] &&
684 nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA], 684 nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA],
685 set->type->create_policy)) { 685 set->type->create_policy)) {
686 ret = -IPSET_ERR_PROTOCOL; 686 ret = -IPSET_ERR_PROTOCOL;
687 goto put_out; 687 goto put_out;
688 } 688 }
689 689
690 ret = set->type->create(set, tb, flags); 690 ret = set->type->create(set, tb, flags);
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index 050163fb6094..2d4b1f48e8c9 100644
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -187,7 +187,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
187 return -IPSET_ERR_TIMEOUT; 187 return -IPSET_ERR_TIMEOUT;
188 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 188 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
189 } 189 }
190 190
191 if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) { 191 if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
192 data.ip = htonl(ip & ip_set_hostmask(data.cidr)); 192 data.ip = htonl(ip & ip_set_hostmask(data.cidr));
193 ret = adtfn(set, &data, timeout, flags); 193 ret = adtfn(set, &data, timeout, flags);
@@ -205,7 +205,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
205 return -IPSET_ERR_HASH_RANGE; 205 return -IPSET_ERR_HASH_RANGE;
206 } 206 }
207 if (retried) 207 if (retried)
208 ip = h->next.ip; 208 ip = h->next.ip;
209 while (!after(ip, ip_to)) { 209 while (!after(ip, ip_to)) {
210 data.ip = htonl(ip); 210 data.ip = htonl(ip);
211 last = ip_set_range_to_cidr(ip, ip_to, &data.cidr); 211 last = ip_set_range_to_cidr(ip, ip_to, &data.cidr);
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index 51e5df12bd00..3d6c53b6211a 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -100,7 +100,7 @@ iface_test(struct rb_root *root, const char **iface)
100 while (n) { 100 while (n) {
101 const char *d = iface_data(n); 101 const char *d = iface_data(n);
102 int res = ifname_compare(*iface, d); 102 int res = ifname_compare(*iface, d);
103 103
104 if (res < 0) 104 if (res < 0)
105 n = n->rb_left; 105 n = n->rb_left;
106 else if (res > 0) 106 else if (res > 0)
@@ -118,7 +118,7 @@ iface_add(struct rb_root *root, const char **iface)
118{ 118{
119 struct rb_node **n = &(root->rb_node), *p = NULL; 119 struct rb_node **n = &(root->rb_node), *p = NULL;
120 struct iface_node *d; 120 struct iface_node *d;
121 121
122 while (*n) { 122 while (*n) {
123 char *ifname = iface_data(*n); 123 char *ifname = iface_data(*n);
124 int res = ifname_compare(*iface, ifname); 124 int res = ifname_compare(*iface, ifname);
@@ -296,10 +296,10 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb,
296 if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { 296 if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
297#ifdef CONFIG_BRIDGE_NETFILTER 297#ifdef CONFIG_BRIDGE_NETFILTER
298 const struct nf_bridge_info *nf_bridge = skb->nf_bridge; 298 const struct nf_bridge_info *nf_bridge = skb->nf_bridge;
299 299
300 if (!nf_bridge) 300 if (!nf_bridge)
301 return -EINVAL; 301 return -EINVAL;
302 data.iface = SRCDIR ? PHYSDEV(physindev): PHYSDEV(physoutdev); 302 data.iface = SRCDIR ? PHYSDEV(physindev) : PHYSDEV(physoutdev);
303 data.physdev = 1; 303 data.physdev = 1;
304#else 304#else
305 data.iface = NULL; 305 data.iface = NULL;
@@ -350,7 +350,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
350 if (tb[IPSET_ATTR_CIDR]) { 350 if (tb[IPSET_ATTR_CIDR]) {
351 data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); 351 data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
352 if (!data.cidr) 352 if (!data.cidr)
353 return -IPSET_ERR_INVALID_CIDR; 353 return -IPSET_ERR_INVALID_CIDR;
354 } 354 }
355 355
356 if (tb[IPSET_ATTR_TIMEOUT]) { 356 if (tb[IPSET_ATTR_TIMEOUT]) {
@@ -359,7 +359,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
359 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 359 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
360 } 360 }
361 361
362 strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE])); 362 strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE]));
363 data.iface = iface; 363 data.iface = iface;
364 ret = iface_test(&h->rbtree, &data.iface); 364 ret = iface_test(&h->rbtree, &data.iface);
365 if (adt == IPSET_ADD) { 365 if (adt == IPSET_ADD) {
@@ -372,8 +372,8 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
372 return ret; 372 return ret;
373 373
374 if (tb[IPSET_ATTR_CADT_FLAGS]) { 374 if (tb[IPSET_ATTR_CADT_FLAGS]) {
375 u32 flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 375 u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
376 if (flags & IPSET_FLAG_PHYSDEV) 376 if (cadt_flags & IPSET_FLAG_PHYSDEV)
377 data.physdev = 1; 377 data.physdev = 1;
378 } 378 }
379 379
@@ -559,10 +559,10 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb,
559 if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { 559 if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
560#ifdef CONFIG_BRIDGE_NETFILTER 560#ifdef CONFIG_BRIDGE_NETFILTER
561 const struct nf_bridge_info *nf_bridge = skb->nf_bridge; 561 const struct nf_bridge_info *nf_bridge = skb->nf_bridge;
562 562
563 if (!nf_bridge) 563 if (!nf_bridge)
564 return -EINVAL; 564 return -EINVAL;
565 data.iface = SRCDIR ? PHYSDEV(physindev): PHYSDEV(physoutdev); 565 data.iface = SRCDIR ? PHYSDEV(physindev) : PHYSDEV(physoutdev);
566 data.physdev = 1; 566 data.physdev = 1;
567#else 567#else
568 data.iface = NULL; 568 data.iface = NULL;
@@ -623,7 +623,7 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
623 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 623 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
624 } 624 }
625 625
626 strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE])); 626 strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE]));
627 data.iface = iface; 627 data.iface = iface;
628 ret = iface_test(&h->rbtree, &data.iface); 628 ret = iface_test(&h->rbtree, &data.iface);
629 if (adt == IPSET_ADD) { 629 if (adt == IPSET_ADD) {
@@ -636,8 +636,8 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
636 return ret; 636 return ret;
637 637
638 if (tb[IPSET_ATTR_CADT_FLAGS]) { 638 if (tb[IPSET_ATTR_CADT_FLAGS]) {
639 u32 flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 639 u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
640 if (flags & IPSET_FLAG_PHYSDEV) 640 if (cadt_flags & IPSET_FLAG_PHYSDEV)
641 data.physdev = 1; 641 data.physdev = 1;
642 } 642 }
643 643
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index d7710a9fb7c7..fe203d12f56b 100644
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -199,7 +199,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
199 if (tb[IPSET_ATTR_CIDR]) { 199 if (tb[IPSET_ATTR_CIDR]) {
200 data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); 200 data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
201 if (!data.cidr) 201 if (!data.cidr)
202 return -IPSET_ERR_INVALID_CIDR; 202 return -IPSET_ERR_INVALID_CIDR;
203 } 203 }
204 204
205 if (tb[IPSET_ATTR_PORT]) 205 if (tb[IPSET_ATTR_PORT])
diff --git a/net/netfilter/ipset/pfxlen.c b/net/netfilter/ipset/pfxlen.c
index b57a85673de7..bd13d66220f1 100644
--- a/net/netfilter/ipset/pfxlen.c
+++ b/net/netfilter/ipset/pfxlen.c
@@ -148,7 +148,7 @@ const union nf_inet_addr ip_set_netmask_map[] = {
148EXPORT_SYMBOL_GPL(ip_set_netmask_map); 148EXPORT_SYMBOL_GPL(ip_set_netmask_map);
149 149
150#undef E 150#undef E
151#define E(a, b, c, d) \ 151#define E(a, b, c, d) \
152 {.ip6 = { (__force __be32) a, (__force __be32) b, \ 152 {.ip6 = { (__force __be32) a, (__force __be32) b, \
153 (__force __be32) c, (__force __be32) d, \ 153 (__force __be32) c, (__force __be32) d, \
154 } } 154 } }
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c
index 453847f293d3..19461c462dbd 100644
--- a/net/netfilter/xt_set.c
+++ b/net/netfilter/xt_set.c
@@ -37,7 +37,7 @@ match_set(ip_set_id_t index, const struct sk_buff *skb,
37 return inv; 37 return inv;
38} 38}
39 39
40#define ADT_OPT(n, f, d, fs, cfs, t) \ 40#define ADT_OPT(n, f, d, fs, cfs, t) \
41const struct ip_set_adt_opt n = { \ 41const struct ip_set_adt_opt n = { \
42 .family = f, \ 42 .family = f, \
43 .dim = d, \ 43 .dim = d, \
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 18:52:00 -0500