diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-06-16 12:55:58 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2011-06-16 12:55:58 -0400 |
commit | e6146e8684ed6dd4c0ff85ca21bf4324114fbbfa (patch) | |
tree | 31ca70199cdfeb5705a119a510414704c64f0f3e /net/netfilter | |
parent | f3dfd1538f26f1ecf86daaf3d0c321d87e5de041 (diff) |
netfilter: ipset: use unified from/to address masking and check the usage
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_ip.c | 6 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_ipmac.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ip.c | 3 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 3 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 3 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 6 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 3 |
7 files changed, 9 insertions, 17 deletions
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c index 49323110560..c46e3440159 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c | |||
@@ -283,8 +283,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], | |||
283 | 283 | ||
284 | if (cidr > 32) | 284 | if (cidr > 32) |
285 | return -IPSET_ERR_INVALID_CIDR; | 285 | return -IPSET_ERR_INVALID_CIDR; |
286 | ip &= ip_set_hostmask(cidr); | 286 | ip_set_mask_from_to(ip, ip_to, cidr); |
287 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
288 | } else | 287 | } else |
289 | ip_to = ip; | 288 | ip_to = ip; |
290 | 289 | ||
@@ -478,8 +477,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
478 | 477 | ||
479 | if (cidr >= 32) | 478 | if (cidr >= 32) |
480 | return -IPSET_ERR_INVALID_CIDR; | 479 | return -IPSET_ERR_INVALID_CIDR; |
481 | first_ip &= ip_set_hostmask(cidr); | 480 | ip_set_mask_from_to(first_ip, last_ip, cidr); |
482 | last_ip = first_ip | ~ip_set_hostmask(cidr); | ||
483 | } else | 481 | } else |
484 | return -IPSET_ERR_PROTOCOL; | 482 | return -IPSET_ERR_PROTOCOL; |
485 | 483 | ||
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 5deb7bb3746..aa2cfa1ed47 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | |||
@@ -578,7 +578,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | |||
578 | 578 | ||
579 | if (cidr >= 32) | 579 | if (cidr >= 32) |
580 | return -IPSET_ERR_INVALID_CIDR; | 580 | return -IPSET_ERR_INVALID_CIDR; |
581 | last_ip = first_ip | ~ip_set_hostmask(cidr); | 581 | ip_set_mask_from_to(first_ip, last_ip, cidr); |
582 | } else | 582 | } else |
583 | return -IPSET_ERR_PROTOCOL; | 583 | return -IPSET_ERR_PROTOCOL; |
584 | 584 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index c3bc06d353d..bdb432e22a8 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c | |||
@@ -177,8 +177,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
177 | 177 | ||
178 | if (cidr > 32) | 178 | if (cidr > 32) |
179 | return -IPSET_ERR_INVALID_CIDR; | 179 | return -IPSET_ERR_INVALID_CIDR; |
180 | ip &= ip_set_hostmask(cidr); | 180 | ip_set_mask_from_to(ip, ip_to, cidr); |
181 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
182 | } else | 181 | } else |
183 | ip_to = ip; | 182 | ip_to = ip; |
184 | 183 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index de2e351034a..bdeb7160508 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
@@ -216,8 +216,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
216 | 216 | ||
217 | if (cidr > 32) | 217 | if (cidr > 32) |
218 | return -IPSET_ERR_INVALID_CIDR; | 218 | return -IPSET_ERR_INVALID_CIDR; |
219 | ip &= ip_set_hostmask(cidr); | 219 | ip_set_mask_from_to(ip, ip_to, cidr); |
220 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
221 | } else | 220 | } else |
222 | ip_to = ip; | 221 | ip_to = ip; |
223 | 222 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index 031ed057c81..fb986fc6a6f 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
@@ -224,8 +224,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
224 | 224 | ||
225 | if (cidr > 32) | 225 | if (cidr > 32) |
226 | return -IPSET_ERR_INVALID_CIDR; | 226 | return -IPSET_ERR_INVALID_CIDR; |
227 | ip &= ip_set_hostmask(cidr); | 227 | ip_set_mask_from_to(ip, ip_to, cidr); |
228 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
229 | } else | 228 | } else |
230 | ip_to = ip; | 229 | ip_to = ip; |
231 | 230 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index ef068b03ec1..2ed5e758105 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
@@ -254,8 +254,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
254 | 254 | ||
255 | if (cidr > 32) | 255 | if (cidr > 32) |
256 | return -IPSET_ERR_INVALID_CIDR; | 256 | return -IPSET_ERR_INVALID_CIDR; |
257 | ip &= ip_set_hostmask(cidr); | 257 | ip_set_mask_from_to(ip, ip_to, cidr); |
258 | ip_to = ip | ~ip_set_hostmask(cidr); | ||
259 | } | 258 | } |
260 | 259 | ||
261 | port_to = port = ntohs(data.port); | 260 | port_to = port = ntohs(data.port); |
@@ -273,8 +272,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
273 | if (ip2_from + UINT_MAX == ip2_to) | 272 | if (ip2_from + UINT_MAX == ip2_to) |
274 | return -IPSET_ERR_HASH_RANGE; | 273 | return -IPSET_ERR_HASH_RANGE; |
275 | } else { | 274 | } else { |
276 | ip2_from &= ip_set_hostmask(data.cidr); | 275 | ip_set_mask_from_to(ip2_from, ip2_to, data.cidr); |
277 | ip2_to = ip2_from | ~ip_set_hostmask(data.cidr); | ||
278 | } | 276 | } |
279 | 277 | ||
280 | if (retried) | 278 | if (retried) |
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index 30010309687..90adc2c3066 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c | |||
@@ -245,8 +245,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
245 | if (ip + UINT_MAX == ip_to) | 245 | if (ip + UINT_MAX == ip_to) |
246 | return -IPSET_ERR_HASH_RANGE; | 246 | return -IPSET_ERR_HASH_RANGE; |
247 | } else { | 247 | } else { |
248 | ip &= ip_set_hostmask(data.cidr); | 248 | ip_set_mask_from_to(ip, ip_to, data.cidr); |
249 | ip_to = ip | ~ip_set_hostmask(data.cidr); | ||
250 | } | 249 | } |
251 | 250 | ||
252 | if (retried) | 251 | if (retried) |