aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter/ipset/ip_set_hash_netport.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_netport.c')
-rw-r--r--net/netfilter/ipset/ip_set_hash_netport.c36
1 files changed, 20 insertions, 16 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index fc3143a2d41..7ef700de596 100644
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -24,9 +24,14 @@
24#include <linux/netfilter/ipset/ip_set_getport.h> 24#include <linux/netfilter/ipset/ip_set_getport.h>
25#include <linux/netfilter/ipset/ip_set_hash.h> 25#include <linux/netfilter/ipset/ip_set_hash.h>
26 26
27#define REVISION_MIN 0
28/* 1 SCTP and UDPLITE support added */
29/* 2 Range as input support for IPv4 added */
30#define REVISION_MAX 3 /* nomatch flag support added */
31
27MODULE_LICENSE("GPL"); 32MODULE_LICENSE("GPL");
28MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 33MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
29MODULE_DESCRIPTION("hash:net,port type of IP sets"); 34IP_SET_MODULE_DESC("hash:net,port", REVISION_MIN, REVISION_MAX);
30MODULE_ALIAS("ip_set_hash:net,port"); 35MODULE_ALIAS("ip_set_hash:net,port");
31 36
32/* Type specific function prefix */ 37/* Type specific function prefix */
@@ -99,10 +104,10 @@ hash_netport4_data_flags(struct hash_netport4_elem *dst, u32 flags)
99 dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); 104 dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH);
100} 105}
101 106
102static inline bool 107static inline int
103hash_netport4_data_match(const struct hash_netport4_elem *elem) 108hash_netport4_data_match(const struct hash_netport4_elem *elem)
104{ 109{
105 return !elem->nomatch; 110 return elem->nomatch ? -ENOTEMPTY : 1;
106} 111}
107 112
108static inline void 113static inline void
@@ -171,8 +176,8 @@ static inline void
171hash_netport4_data_next(struct ip_set_hash *h, 176hash_netport4_data_next(struct ip_set_hash *h,
172 const struct hash_netport4_elem *d) 177 const struct hash_netport4_elem *d)
173{ 178{
174 h->next.ip = ntohl(d->ip); 179 h->next.ip = d->ip;
175 h->next.port = ntohs(d->port); 180 h->next.port = d->port;
176} 181}
177 182
178static int 183static int
@@ -289,12 +294,13 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
289 } 294 }
290 295
291 if (retried) 296 if (retried)
292 ip = h->next.ip; 297 ip = ntohl(h->next.ip);
293 while (!after(ip, ip_to)) { 298 while (!after(ip, ip_to)) {
294 data.ip = htonl(ip); 299 data.ip = htonl(ip);
295 last = ip_set_range_to_cidr(ip, ip_to, &cidr); 300 last = ip_set_range_to_cidr(ip, ip_to, &cidr);
296 data.cidr = cidr - 1; 301 data.cidr = cidr - 1;
297 p = retried && ip == h->next.ip ? h->next.port : port; 302 p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
303 : port;
298 for (; p <= port_to; p++) { 304 for (; p <= port_to; p++) {
299 data.port = htons(p); 305 data.port = htons(p);
300 ret = adtfn(set, &data, timeout, flags); 306 ret = adtfn(set, &data, timeout, flags);
@@ -369,10 +375,10 @@ hash_netport6_data_flags(struct hash_netport6_elem *dst, u32 flags)
369 dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); 375 dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH);
370} 376}
371 377
372static inline bool 378static inline int
373hash_netport6_data_match(const struct hash_netport6_elem *elem) 379hash_netport6_data_match(const struct hash_netport6_elem *elem)
374{ 380{
375 return !elem->nomatch; 381 return elem->nomatch ? -ENOTEMPTY : 1;
376} 382}
377 383
378static inline void 384static inline void
@@ -450,7 +456,7 @@ static inline void
450hash_netport6_data_next(struct ip_set_hash *h, 456hash_netport6_data_next(struct ip_set_hash *h,
451 const struct hash_netport6_elem *d) 457 const struct hash_netport6_elem *d)
452{ 458{
453 h->next.port = ntohs(d->port); 459 h->next.port = d->port;
454} 460}
455 461
456static int 462static int
@@ -554,7 +560,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
554 swap(port, port_to); 560 swap(port, port_to);
555 561
556 if (retried) 562 if (retried)
557 port = h->next.port; 563 port = ntohs(h->next.port);
558 for (; port <= port_to; port++) { 564 for (; port <= port_to; port++) {
559 data.port = htons(port); 565 data.port = htons(port);
560 ret = adtfn(set, &data, timeout, flags); 566 ret = adtfn(set, &data, timeout, flags);
@@ -644,13 +650,11 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
644static struct ip_set_type hash_netport_type __read_mostly = { 650static struct ip_set_type hash_netport_type __read_mostly = {
645 .name = "hash:net,port", 651 .name = "hash:net,port",
646 .protocol = IPSET_PROTOCOL, 652 .protocol = IPSET_PROTOCOL,
647 .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, 653 .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_NOMATCH,
648 .dimension = IPSET_DIM_TWO, 654 .dimension = IPSET_DIM_TWO,
649 .family = NFPROTO_UNSPEC, 655 .family = NFPROTO_UNSPEC,
650 .revision_min = 0, 656 .revision_min = REVISION_MIN,
651 /* 1 SCTP and UDPLITE support added */ 657 .revision_max = REVISION_MAX,
652 /* 2, Range as input support for IPv4 added */
653 .revision_max = 3, /* nomatch flag support added */
654 .create = hash_netport_create, 658 .create = hash_netport_create,
655 .create_policy = { 659 .create_policy = {
656 [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, 660 [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-19 06:23:54 -0400