diff options
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_netport.c')
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index fc3143a2d41..7ef700de596 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c | |||
@@ -24,9 +24,14 @@ | |||
24 | #include <linux/netfilter/ipset/ip_set_getport.h> | 24 | #include <linux/netfilter/ipset/ip_set_getport.h> |
25 | #include <linux/netfilter/ipset/ip_set_hash.h> | 25 | #include <linux/netfilter/ipset/ip_set_hash.h> |
26 | 26 | ||
27 | #define REVISION_MIN 0 | ||
28 | /* 1 SCTP and UDPLITE support added */ | ||
29 | /* 2 Range as input support for IPv4 added */ | ||
30 | #define REVISION_MAX 3 /* nomatch flag support added */ | ||
31 | |||
27 | MODULE_LICENSE("GPL"); | 32 | MODULE_LICENSE("GPL"); |
28 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 33 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
29 | MODULE_DESCRIPTION("hash:net,port type of IP sets"); | 34 | IP_SET_MODULE_DESC("hash:net,port", REVISION_MIN, REVISION_MAX); |
30 | MODULE_ALIAS("ip_set_hash:net,port"); | 35 | MODULE_ALIAS("ip_set_hash:net,port"); |
31 | 36 | ||
32 | /* Type specific function prefix */ | 37 | /* Type specific function prefix */ |
@@ -99,10 +104,10 @@ hash_netport4_data_flags(struct hash_netport4_elem *dst, u32 flags) | |||
99 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); | 104 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
100 | } | 105 | } |
101 | 106 | ||
102 | static inline bool | 107 | static inline int |
103 | hash_netport4_data_match(const struct hash_netport4_elem *elem) | 108 | hash_netport4_data_match(const struct hash_netport4_elem *elem) |
104 | { | 109 | { |
105 | return !elem->nomatch; | 110 | return elem->nomatch ? -ENOTEMPTY : 1; |
106 | } | 111 | } |
107 | 112 | ||
108 | static inline void | 113 | static inline void |
@@ -171,8 +176,8 @@ static inline void | |||
171 | hash_netport4_data_next(struct ip_set_hash *h, | 176 | hash_netport4_data_next(struct ip_set_hash *h, |
172 | const struct hash_netport4_elem *d) | 177 | const struct hash_netport4_elem *d) |
173 | { | 178 | { |
174 | h->next.ip = ntohl(d->ip); | 179 | h->next.ip = d->ip; |
175 | h->next.port = ntohs(d->port); | 180 | h->next.port = d->port; |
176 | } | 181 | } |
177 | 182 | ||
178 | static int | 183 | static int |
@@ -289,12 +294,13 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
289 | } | 294 | } |
290 | 295 | ||
291 | if (retried) | 296 | if (retried) |
292 | ip = h->next.ip; | 297 | ip = ntohl(h->next.ip); |
293 | while (!after(ip, ip_to)) { | 298 | while (!after(ip, ip_to)) { |
294 | data.ip = htonl(ip); | 299 | data.ip = htonl(ip); |
295 | last = ip_set_range_to_cidr(ip, ip_to, &cidr); | 300 | last = ip_set_range_to_cidr(ip, ip_to, &cidr); |
296 | data.cidr = cidr - 1; | 301 | data.cidr = cidr - 1; |
297 | p = retried && ip == h->next.ip ? h->next.port : port; | 302 | p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) |
303 | : port; | ||
298 | for (; p <= port_to; p++) { | 304 | for (; p <= port_to; p++) { |
299 | data.port = htons(p); | 305 | data.port = htons(p); |
300 | ret = adtfn(set, &data, timeout, flags); | 306 | ret = adtfn(set, &data, timeout, flags); |
@@ -369,10 +375,10 @@ hash_netport6_data_flags(struct hash_netport6_elem *dst, u32 flags) | |||
369 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); | 375 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
370 | } | 376 | } |
371 | 377 | ||
372 | static inline bool | 378 | static inline int |
373 | hash_netport6_data_match(const struct hash_netport6_elem *elem) | 379 | hash_netport6_data_match(const struct hash_netport6_elem *elem) |
374 | { | 380 | { |
375 | return !elem->nomatch; | 381 | return elem->nomatch ? -ENOTEMPTY : 1; |
376 | } | 382 | } |
377 | 383 | ||
378 | static inline void | 384 | static inline void |
@@ -450,7 +456,7 @@ static inline void | |||
450 | hash_netport6_data_next(struct ip_set_hash *h, | 456 | hash_netport6_data_next(struct ip_set_hash *h, |
451 | const struct hash_netport6_elem *d) | 457 | const struct hash_netport6_elem *d) |
452 | { | 458 | { |
453 | h->next.port = ntohs(d->port); | 459 | h->next.port = d->port; |
454 | } | 460 | } |
455 | 461 | ||
456 | static int | 462 | static int |
@@ -554,7 +560,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[], | |||
554 | swap(port, port_to); | 560 | swap(port, port_to); |
555 | 561 | ||
556 | if (retried) | 562 | if (retried) |
557 | port = h->next.port; | 563 | port = ntohs(h->next.port); |
558 | for (; port <= port_to; port++) { | 564 | for (; port <= port_to; port++) { |
559 | data.port = htons(port); | 565 | data.port = htons(port); |
560 | ret = adtfn(set, &data, timeout, flags); | 566 | ret = adtfn(set, &data, timeout, flags); |
@@ -644,13 +650,11 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
644 | static struct ip_set_type hash_netport_type __read_mostly = { | 650 | static struct ip_set_type hash_netport_type __read_mostly = { |
645 | .name = "hash:net,port", | 651 | .name = "hash:net,port", |
646 | .protocol = IPSET_PROTOCOL, | 652 | .protocol = IPSET_PROTOCOL, |
647 | .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, | 653 | .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_NOMATCH, |
648 | .dimension = IPSET_DIM_TWO, | 654 | .dimension = IPSET_DIM_TWO, |
649 | .family = NFPROTO_UNSPEC, | 655 | .family = NFPROTO_UNSPEC, |
650 | .revision_min = 0, | 656 | .revision_min = REVISION_MIN, |
651 | /* 1 SCTP and UDPLITE support added */ | 657 | .revision_max = REVISION_MAX, |
652 | /* 2, Range as input support for IPv4 added */ | ||
653 | .revision_max = 3, /* nomatch flag support added */ | ||
654 | .create = hash_netport_create, | 658 | .create = hash_netport_create, |
655 | .create_policy = { | 659 | .create_policy = { |
656 | [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, | 660 | [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, |