diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-06-16 12:55:58 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-06-16 12:55:58 -0400 |
| commit | e6146e8684ed6dd4c0ff85ca21bf4324114fbbfa (patch) | |
| tree | 31ca70199cdfeb5705a119a510414704c64f0f3e /net/netfilter | |
| parent | f3dfd1538f26f1ecf86daaf3d0c321d87e5de041 (diff) | |
netfilter: ipset: use unified from/to address masking and check the usage
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_ip.c | 6 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_ipmac.c | 2 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ip.c | 3 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 3 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 3 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 6 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 3 |
7 files changed, 9 insertions, 17 deletions
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c index 49323110560..c46e3440159 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c | |||
| @@ -283,8 +283,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 283 | 283 | ||
| 284 | if (cidr > 32) | 284 | if (cidr > 32) |
| 285 | return -IPSET_ERR_INVALID_CIDR; | 285 | return -IPSET_ERR_INVALID_CIDR; |
| 286 | ip &= ip_set_hostmask(cidr); | 286 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 287 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
| 288 | } else | 287 | } else |
| 289 | ip_to = ip; | 288 | ip_to = ip; |
| 290 | 289 | ||
| @@ -478,8 +477,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
| 478 | 477 | ||
| 479 | if (cidr >= 32) | 478 | if (cidr >= 32) |
| 480 | return -IPSET_ERR_INVALID_CIDR; | 479 | return -IPSET_ERR_INVALID_CIDR; |
| 481 | first_ip &= ip_set_hostmask(cidr); | 480 | ip_set_mask_from_to(first_ip, last_ip, cidr); |
| 482 | last_ip = first_ip | ~ip_set_hostmask(cidr); | ||
| 483 | } else | 481 | } else |
| 484 | return -IPSET_ERR_PROTOCOL; | 482 | return -IPSET_ERR_PROTOCOL; |
| 485 | 483 | ||
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 5deb7bb3746..aa2cfa1ed47 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | |||
| @@ -578,7 +578,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | |||
| 578 | 578 | ||
| 579 | if (cidr >= 32) | 579 | if (cidr >= 32) |
| 580 | return -IPSET_ERR_INVALID_CIDR; | 580 | return -IPSET_ERR_INVALID_CIDR; |
| 581 | last_ip = first_ip | ~ip_set_hostmask(cidr); | 581 | ip_set_mask_from_to(first_ip, last_ip, cidr); |
| 582 | } else | 582 | } else |
| 583 | return -IPSET_ERR_PROTOCOL; | 583 | return -IPSET_ERR_PROTOCOL; |
| 584 | 584 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index c3bc06d353d..bdb432e22a8 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c | |||
| @@ -177,8 +177,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 177 | 177 | ||
| 178 | if (cidr > 32) | 178 | if (cidr > 32) |
| 179 | return -IPSET_ERR_INVALID_CIDR; | 179 | return -IPSET_ERR_INVALID_CIDR; |
| 180 | ip &= ip_set_hostmask(cidr); | 180 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 181 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
| 182 | } else | 181 | } else |
| 183 | ip_to = ip; | 182 | ip_to = ip; |
| 184 | 183 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index de2e351034a..bdeb7160508 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
| @@ -216,8 +216,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 216 | 216 | ||
| 217 | if (cidr > 32) | 217 | if (cidr > 32) |
| 218 | return -IPSET_ERR_INVALID_CIDR; | 218 | return -IPSET_ERR_INVALID_CIDR; |
| 219 | ip &= ip_set_hostmask(cidr); | 219 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 220 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
| 221 | } else | 220 | } else |
| 222 | ip_to = ip; | 221 | ip_to = ip; |
| 223 | 222 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index 031ed057c81..fb986fc6a6f 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
| @@ -224,8 +224,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 224 | 224 | ||
| 225 | if (cidr > 32) | 225 | if (cidr > 32) |
| 226 | return -IPSET_ERR_INVALID_CIDR; | 226 | return -IPSET_ERR_INVALID_CIDR; |
| 227 | ip &= ip_set_hostmask(cidr); | 227 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 228 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
| 229 | } else | 228 | } else |
| 230 | ip_to = ip; | 229 | ip_to = ip; |
| 231 | 230 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index ef068b03ec1..2ed5e758105 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
| @@ -254,8 +254,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 254 | 254 | ||
| 255 | if (cidr > 32) | 255 | if (cidr > 32) |
| 256 | return -IPSET_ERR_INVALID_CIDR; | 256 | return -IPSET_ERR_INVALID_CIDR; |
| 257 | ip &= ip_set_hostmask(cidr); | 257 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 258 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
| 259 | } | 258 | } |
| 260 | 259 | ||
| 261 | port_to = port = ntohs(data.port); | 260 | port_to = port = ntohs(data.port); |
| @@ -273,8 +272,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 273 | if (ip2_from + UINT_MAX == ip2_to) | 272 | if (ip2_from + UINT_MAX == ip2_to) |
| 274 | return -IPSET_ERR_HASH_RANGE; | 273 | return -IPSET_ERR_HASH_RANGE; |
| 275 | } else { | 274 | } else { |
| 276 | ip2_from &= ip_set_hostmask(data.cidr); | 275 | ip_set_mask_from_to(ip2_from, ip2_to, data.cidr); |
| 277 | ip2_to = ip2_from | ~ip_set_hostmask(data.cidr); | ||
| 278 | } | 276 | } |
| 279 | 277 | ||
| 280 | if (retried) | 278 | if (retried) |
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index 30010309687..90adc2c3066 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c | |||
| @@ -245,8 +245,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 245 | if (ip + UINT_MAX == ip_to) | 245 | if (ip + UINT_MAX == ip_to) |
| 246 | return -IPSET_ERR_HASH_RANGE; | 246 | return -IPSET_ERR_HASH_RANGE; |
| 247 | } else { | 247 | } else { |
| 248 | ip &= ip_set_hostmask(data.cidr); | 248 | ip_set_mask_from_to(ip, ip_to, data.cidr); |
| 249 | ip_to = ip | ~ip_set_hostmask(data.cidr); | ||
| 250 | } | 249 | } |
| 251 | 250 | ||
| 252 | if (retried) | 251 | if (retried) |