Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7dd37bc8 authored by Sergey Popovich's avatar Sergey Popovich Committed by Jozsef Kadlecsik
Browse files

netfilter: ipset: Check extensions attributes before getting extensions. 



Make all extensions attributes checks within ip_set_get_extensions()
and reduce number of duplicated code.

Signed-off-by: default avatarSergey Popovich <popovich_sergei@mail.ua>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent edda0791

net/netfilter/ipset/ip_set_bitmap_ip.c

+1 −7
Original line number Diff line number Diff line
@@ -138,13 +138,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], 
	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);

	int ret = 0;



	if (unlikely(!tb[IPSET_ATTR_IP] ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))

	if (unlikely(!tb[IPSET_ATTR_IP]))

		return -IPSET_ERR_PROTOCOL;



	if (tb[IPSET_ATTR_LINENO])

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+1 −7
Original line number Diff line number Diff line
@@ -239,13 +239,7 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[], 
	u32 ip = 0;

	int ret = 0;



	if (unlikely(!tb[IPSET_ATTR_IP] ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))

	if (unlikely(!tb[IPSET_ATTR_IP]))

		return -IPSET_ERR_PROTOCOL;



	if (tb[IPSET_ATTR_LINENO])

net/netfilter/ipset/ip_set_bitmap_port.c

+1 −7
Original line number Diff line number Diff line
@@ -137,13 +137,7 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[], 
	int ret = 0;



	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))

		return -IPSET_ERR_PROTOCOL;



	if (tb[IPSET_ATTR_LINENO])

net/netfilter/ipset/ip_set_core.c

+9 −0
Original line number Diff line number Diff line
@@ -389,6 +389,15 @@ ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], 
		      struct ip_set_ext *ext)

{

	u64 fullmark;



	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))

		return -IPSET_ERR_PROTOCOL;



	if (tb[IPSET_ATTR_TIMEOUT]) {

		if (!SET_WITH_TIMEOUT(set))

			return -IPSET_ERR_TIMEOUT;

net/netfilter/ipset/ip_set_hash_ip.c

+1 −13
Original line number Diff line number Diff line
@@ -108,13 +108,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], 
	u32 ip = 0, ip_to = 0, hosts;

	int ret = 0;



	if (unlikely(!tb[IPSET_ATTR_IP] ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))

	if (unlikely(!tb[IPSET_ATTR_IP]))

		return -IPSET_ERR_PROTOCOL;



	if (tb[IPSET_ATTR_LINENO])
@@ -247,12 +241,6 @@ hash_ip6_uadt(struct ip_set *set, struct nlattr *tb[], 
	int ret;



	if (unlikely(!tb[IPSET_ATTR_IP] ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||

		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||

		     tb[IPSET_ATTR_IP_TO] ||

		     tb[IPSET_ATTR_CIDR]))

		return -IPSET_ERR_PROTOCOL;