mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-14 03:16:44 +07:00
Merge branch 'master' of git://blackhole.kfki.hu/nf-next
Jozsef Kadlecsik says: ==================== ipset patches for nf-next - Remove useless memset() calls, nla_parse_nested/nla_parse erase the tb array properly, from Florent Fourcot. - Merge the uadd and udel functions, the code is nicer this way, also from Florent Fourcot. - Add a missing check for the return value of a nla_parse[_deprecated] call, from Aditya Pakki. - Add the last missing check for the return value of nla_parse[_deprecated] call. - Fix error path and release the references properly in set_target_v3_checkentry(). - Fix memory accounting which is reported to userspace for hash types on resize, from Stefano Brivio. - Update my email address to kadlec@netfilter.org. The patch covers all places in the source tree where my kadlec@blackhole.kfki.hu address could be found. ==================== Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
commit
667ec21ebf
2
CREDITS
2
CREDITS
@ -1800,7 +1800,7 @@ S: 2300 Copenhagen S.
|
||||
S: Denmark
|
||||
|
||||
N: Jozsef Kadlecsik
|
||||
E: kadlec@blackhole.kfki.hu
|
||||
E: kadlec@netfilter.org
|
||||
P: 1024D/470DB964 4CB3 1A05 713E 9BF7 FAC5 5809 DD8C B7B1 470D B964
|
||||
D: netfilter: TCP window tracking code
|
||||
D: netfilter: raw table
|
||||
|
@ -10858,7 +10858,7 @@ F: drivers/net/ethernet/neterion/
|
||||
|
||||
NETFILTER
|
||||
M: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
M: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
M: Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
M: Florian Westphal <fw@strlen.de>
|
||||
L: netfilter-devel@vger.kernel.org
|
||||
L: coreteam@netfilter.org
|
||||
|
@ -17,7 +17,7 @@
|
||||
* if SELF_TEST is defined. You can use this free for any purpose. It's in
|
||||
* the public domain. It has no warranty.
|
||||
*
|
||||
* Copyright (C) 2009-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
|
||||
* Copyright (C) 2009-2010 Jozsef Kadlecsik (kadlec@netfilter.org)
|
||||
*
|
||||
* I've modified Bob's hash to be useful in the Linux kernel, and
|
||||
* any bugs present are my fault.
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
|
||||
* Patrick Schaaf <bof@bof.de>
|
||||
* Martin Josefsson <gandalf@wlug.westbo.se>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -1,7 +1,7 @@
|
||||
#ifndef _IP_SET_COUNTER_H
|
||||
#define _IP_SET_COUNTER_H
|
||||
|
||||
/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -1,7 +1,7 @@
|
||||
#ifndef _IP_SET_SKBINFO_H
|
||||
#define _IP_SET_SKBINFO_H
|
||||
|
||||
/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -1,7 +1,7 @@
|
||||
#ifndef _IP_SET_TIMEOUT_H
|
||||
#define _IP_SET_TIMEOUT_H
|
||||
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -2,7 +2,7 @@
|
||||
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
|
||||
* Patrick Schaaf <bof@bof.de>
|
||||
* Martin Josefsson <gandalf@wlug.westbo.se>
|
||||
* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -2,7 +2,7 @@
|
||||
/*
|
||||
* 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT .
|
||||
*
|
||||
* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*/
|
||||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
||||
#include <linux/module.h>
|
||||
|
@ -7,7 +7,7 @@
|
||||
* This source code is licensed under General Public License version 2.
|
||||
*
|
||||
* Based on the 'brute force' H.323 NAT module by
|
||||
* Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
|
@ -2,7 +2,7 @@
|
||||
/*
|
||||
* IPv6 raw table, a port of the IPv4 raw table to IPv6
|
||||
*
|
||||
* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*/
|
||||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
||||
#include <linux/module.h>
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
|
||||
* Patrick Schaaf <bof@bof.de>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -31,7 +31,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("bitmap:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_bitmap:ip");
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
|
||||
* Patrick Schaaf <bof@bof.de>
|
||||
* Martin Josefsson <gandalf@wlug.westbo.se>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -31,7 +31,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_bitmap:ip,mac");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -26,7 +26,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("bitmap:port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_bitmap:port");
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
|
||||
* Patrick Schaaf <bof@bof.de>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -51,7 +51,7 @@ static unsigned int max_sets;
|
||||
module_param(max_sets, int, 0600);
|
||||
MODULE_PARM_DESC(max_sets, "maximal number of sets");
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
MODULE_DESCRIPTION("core IP set support");
|
||||
MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET);
|
||||
|
||||
@ -1293,11 +1293,13 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
|
||||
struct nlattr *attr = (void *)nlh + min_len;
|
||||
u32 dump_type;
|
||||
ip_set_id_t index;
|
||||
int ret;
|
||||
|
||||
/* Second pass, so parser can't fail */
|
||||
nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, attr,
|
||||
nlh->nlmsg_len - min_len, ip_set_setname_policy,
|
||||
NULL);
|
||||
ret = nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, attr,
|
||||
nlh->nlmsg_len - min_len,
|
||||
ip_set_setname_policy, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);
|
||||
if (cda[IPSET_ATTR_SETNAME]) {
|
||||
@ -1544,10 +1546,14 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
|
||||
memcpy(&errmsg->msg, nlh, nlh->nlmsg_len);
|
||||
cmdattr = (void *)&errmsg->msg + min_len;
|
||||
|
||||
nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, cmdattr,
|
||||
nlh->nlmsg_len - min_len,
|
||||
ip_set_adt_policy, NULL);
|
||||
ret = nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, cmdattr,
|
||||
nlh->nlmsg_len - min_len,
|
||||
ip_set_adt_policy, NULL);
|
||||
|
||||
if (ret) {
|
||||
nlmsg_free(skb2);
|
||||
return ret;
|
||||
}
|
||||
errline = nla_data(cda[IPSET_ATTR_LINENO]);
|
||||
|
||||
*errline = lineno;
|
||||
@ -1561,10 +1567,12 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
|
||||
const struct nlmsghdr *nlh,
|
||||
const struct nlattr * const attr[],
|
||||
struct netlink_ext_ack *extack)
|
||||
static int ip_set_ad(struct net *net, struct sock *ctnl,
|
||||
struct sk_buff *skb,
|
||||
enum ipset_adt adt,
|
||||
const struct nlmsghdr *nlh,
|
||||
const struct nlattr * const attr[],
|
||||
struct netlink_ext_ack *extack)
|
||||
{
|
||||
struct ip_set_net *inst = ip_set_pernet(net);
|
||||
struct ip_set *set;
|
||||
@ -1593,18 +1601,17 @@ static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
|
||||
if (attr[IPSET_ATTR_DATA]) {
|
||||
if (nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], set->type->adt_policy, NULL))
|
||||
return -IPSET_ERR_PROTOCOL;
|
||||
ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags,
|
||||
ret = call_ad(ctnl, skb, set, tb, adt, flags,
|
||||
use_lineno);
|
||||
} else {
|
||||
int nla_rem;
|
||||
|
||||
nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
|
||||
memset(tb, 0, sizeof(tb));
|
||||
if (nla_type(nla) != IPSET_ATTR_DATA ||
|
||||
!flag_nested(nla) ||
|
||||
nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL))
|
||||
return -IPSET_ERR_PROTOCOL;
|
||||
ret = call_ad(ctnl, skb, set, tb, IPSET_ADD,
|
||||
ret = call_ad(ctnl, skb, set, tb, adt,
|
||||
flags, use_lineno);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
@ -1613,56 +1620,22 @@ static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int ip_set_udel(struct net *net, struct sock *ctnl, struct sk_buff *skb,
|
||||
const struct nlmsghdr *nlh,
|
||||
static int ip_set_uadd(struct net *net, struct sock *ctnl,
|
||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
||||
const struct nlattr * const attr[],
|
||||
struct netlink_ext_ack *extack)
|
||||
{
|
||||
struct ip_set_net *inst = ip_set_pernet(net);
|
||||
struct ip_set *set;
|
||||
struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
|
||||
const struct nlattr *nla;
|
||||
u32 flags = flag_exist(nlh);
|
||||
bool use_lineno;
|
||||
int ret = 0;
|
||||
return ip_set_ad(net, ctnl, skb,
|
||||
IPSET_ADD, nlh, attr, extack);
|
||||
}
|
||||
|
||||
if (unlikely(protocol_min_failed(attr) ||
|
||||
!attr[IPSET_ATTR_SETNAME] ||
|
||||
!((attr[IPSET_ATTR_DATA] != NULL) ^
|
||||
(attr[IPSET_ATTR_ADT] != NULL)) ||
|
||||
(attr[IPSET_ATTR_DATA] &&
|
||||
!flag_nested(attr[IPSET_ATTR_DATA])) ||
|
||||
(attr[IPSET_ATTR_ADT] &&
|
||||
(!flag_nested(attr[IPSET_ATTR_ADT]) ||
|
||||
!attr[IPSET_ATTR_LINENO]))))
|
||||
return -IPSET_ERR_PROTOCOL;
|
||||
|
||||
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
|
||||
if (!set)
|
||||
return -ENOENT;
|
||||
|
||||
use_lineno = !!attr[IPSET_ATTR_LINENO];
|
||||
if (attr[IPSET_ATTR_DATA]) {
|
||||
if (nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], set->type->adt_policy, NULL))
|
||||
return -IPSET_ERR_PROTOCOL;
|
||||
ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags,
|
||||
use_lineno);
|
||||
} else {
|
||||
int nla_rem;
|
||||
|
||||
nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
|
||||
memset(tb, 0, sizeof(*tb));
|
||||
if (nla_type(nla) != IPSET_ATTR_DATA ||
|
||||
!flag_nested(nla) ||
|
||||
nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL))
|
||||
return -IPSET_ERR_PROTOCOL;
|
||||
ret = call_ad(ctnl, skb, set, tb, IPSET_DEL,
|
||||
flags, use_lineno);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
static int ip_set_udel(struct net *net, struct sock *ctnl,
|
||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
||||
const struct nlattr * const attr[],
|
||||
struct netlink_ext_ack *extack)
|
||||
{
|
||||
return ip_set_ad(net, ctnl, skb,
|
||||
IPSET_DEL, nlh, attr, extack);
|
||||
}
|
||||
|
||||
static int ip_set_utest(struct net *net, struct sock *ctnl, struct sk_buff *skb,
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -625,7 +625,7 @@ mtype_resize(struct ip_set *set, bool retried)
|
||||
goto cleanup;
|
||||
}
|
||||
m->size = AHASH_INIT_SIZE;
|
||||
extsize = ext_size(AHASH_INIT_SIZE, dsize);
|
||||
extsize += ext_size(AHASH_INIT_SIZE, dsize);
|
||||
RCU_INIT_POINTER(hbucket(t, key), m);
|
||||
} else if (m->pos >= m->size) {
|
||||
struct hbucket *ht;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -30,7 +30,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 4 /* skbinfo support */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:ip");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
* Copyright (C) 2013 Smoothwall Ltd. <vytas.dauksa@smoothwall.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -32,7 +32,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:ip,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:ip,port");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -32,7 +32,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:ip,port,ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:ip,port,ip");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -34,7 +34,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:ip,port,net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:ip,port,net");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2014 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2014 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -23,7 +23,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 0
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:mac");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -31,7 +31,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 6 /* skbinfo mapping support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:net");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2011-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2011-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -32,7 +32,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 6 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:net,iface", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:net,iface");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
* Copyright (C) 2013 Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -33,7 +33,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("hash:net,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_hash:net,port");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2008-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
/* Copyright (C) 2008-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -22,7 +22,7 @@
|
||||
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
IP_SET_MODULE_DESC("list:set", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
|
||||
MODULE_ALIAS("ip_set_list:set");
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
* This source code is licensed under General Public License version 2.
|
||||
*
|
||||
* Based on the 'brute force' H.323 connection tracking module by
|
||||
* Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* For more information, please see http://nath323.sourceforge.net/
|
||||
*/
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2002-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* (C) 2002-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* xt_iprange - Netfilter module to match IP address ranges
|
||||
*
|
||||
* (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
* (C) CC Computer Consultants GmbH, 2008
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
@ -133,7 +133,7 @@ static void __exit iprange_mt_exit(void)
|
||||
module_init(iprange_mt_init);
|
||||
module_exit(iprange_mt_exit);
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
|
||||
MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching");
|
||||
MODULE_ALIAS("ipt_iprange");
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
|
||||
* Patrick Schaaf <bof@bof.de>
|
||||
* Martin Josefsson <gandalf@wlug.westbo.se>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@ -21,7 +21,7 @@
|
||||
#include <uapi/linux/netfilter/xt_set.h>
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
MODULE_DESCRIPTION("Xtables: IP set match and target module");
|
||||
MODULE_ALIAS("xt_SET");
|
||||
MODULE_ALIAS("ipt_set");
|
||||
@ -439,6 +439,7 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct xt_set_info_target_v3 *info = par->targinfo;
|
||||
ip_set_id_t index;
|
||||
int ret = 0;
|
||||
|
||||
if (info->add_set.index != IPSET_INVALID_ID) {
|
||||
index = ip_set_nfnl_get_byindex(par->net,
|
||||
@ -456,17 +457,16 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||
if (index == IPSET_INVALID_ID) {
|
||||
pr_info_ratelimited("Cannot find del_set index %u as target\n",
|
||||
info->del_set.index);
|
||||
if (info->add_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net,
|
||||
info->add_set.index);
|
||||
return -ENOENT;
|
||||
ret = -ENOENT;
|
||||
goto cleanup_add;
|
||||
}
|
||||
}
|
||||
|
||||
if (info->map_set.index != IPSET_INVALID_ID) {
|
||||
if (strncmp(par->table, "mangle", 7)) {
|
||||
pr_info_ratelimited("--map-set only usable from mangle table\n");
|
||||
return -EINVAL;
|
||||
ret = -EINVAL;
|
||||
goto cleanup_del;
|
||||
}
|
||||
if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) |
|
||||
(info->flags & IPSET_FLAG_MAP_SKBQUEUE)) &&
|
||||
@ -474,20 +474,16 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||
1 << NF_INET_LOCAL_OUT |
|
||||
1 << NF_INET_POST_ROUTING))) {
|
||||
pr_info_ratelimited("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
|
||||
return -EINVAL;
|
||||
ret = -EINVAL;
|
||||
goto cleanup_del;
|
||||
}
|
||||
index = ip_set_nfnl_get_byindex(par->net,
|
||||
info->map_set.index);
|
||||
if (index == IPSET_INVALID_ID) {
|
||||
pr_info_ratelimited("Cannot find map_set index %u as target\n",
|
||||
info->map_set.index);
|
||||
if (info->add_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net,
|
||||
info->add_set.index);
|
||||
if (info->del_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net,
|
||||
info->del_set.index);
|
||||
return -ENOENT;
|
||||
ret = -ENOENT;
|
||||
goto cleanup_del;
|
||||
}
|
||||
}
|
||||
|
||||
@ -495,16 +491,21 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||
info->del_set.dim > IPSET_DIM_MAX ||
|
||||
info->map_set.dim > IPSET_DIM_MAX) {
|
||||
pr_info_ratelimited("SET target dimension over the limit!\n");
|
||||
if (info->add_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net, info->add_set.index);
|
||||
if (info->del_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net, info->del_set.index);
|
||||
if (info->map_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net, info->map_set.index);
|
||||
return -ERANGE;
|
||||
ret = -ERANGE;
|
||||
goto cleanup_mark;
|
||||
}
|
||||
|
||||
return 0;
|
||||
cleanup_mark:
|
||||
if (info->map_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net, info->map_set.index);
|
||||
cleanup_del:
|
||||
if (info->del_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net, info->del_set.index);
|
||||
cleanup_add:
|
||||
if (info->add_set.index != IPSET_INVALID_ID)
|
||||
ip_set_nfnl_put(par->net, info->add_set.index);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
|
Loading…
Reference in New Issue
Block a user