Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e6146e86 authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik Committed by Patrick McHardy
Browse files

netfilter: ipset: use unified from/to address masking and check the usage 



Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent f3dfd153

include/linux/netfilter/ipset/pfxlen.h

+6 −0
Original line number Original line Diff line number Diff line
@@ -35,4 +35,10 @@ ip_set_hostmask6(u8 pfxlen) 




extern u32 ip_set_range_to_cidr(u32 from, u32 to, u8 *cidr);

extern u32 ip_set_range_to_cidr(u32 from, u32 to, u8 *cidr);





#define ip_set_mask_from_to(from, to, cidr)	\

do {						\

	from &= ip_set_hostmask(cidr);		\

	to = from | ~ip_set_hostmask(cidr);	\

} while (0)



#endif /*_PFXLEN_H */
 
#endif /*_PFXLEN_H */

net/netfilter/ipset/ip_set_bitmap_ip.c

+2 −4
Original line number Original line Diff line number Diff line
@@ -283,8 +283,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], 




		if (cidr > 32)

		if (cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

			return -IPSET_ERR_INVALID_CIDR;

		ip &= ip_set_hostmask(cidr);

		ip_set_mask_from_to(ip, ip_to, cidr);

		ip_to = ip | ~ip_set_hostmask(cidr);

	} else

	} else

		ip_to = ip;

		ip_to = ip;
@@ -478,8 +477,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) 




		if (cidr >= 32)

		if (cidr >= 32)

			return -IPSET_ERR_INVALID_CIDR;

			return -IPSET_ERR_INVALID_CIDR;

		first_ip &= ip_set_hostmask(cidr);

		ip_set_mask_from_to(first_ip, last_ip, cidr);

		last_ip = first_ip | ~ip_set_hostmask(cidr);

	} else

	} else

		return -IPSET_ERR_PROTOCOL;

		return -IPSET_ERR_PROTOCOL;

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -578,7 +578,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], 




		if (cidr >= 32)

		if (cidr >= 32)

			return -IPSET_ERR_INVALID_CIDR;

			return -IPSET_ERR_INVALID_CIDR;

		last_ip = first_ip | ~ip_set_hostmask(cidr);

		ip_set_mask_from_to(first_ip, last_ip, cidr);

	} else

	} else

		return -IPSET_ERR_PROTOCOL;

		return -IPSET_ERR_PROTOCOL;

net/netfilter/ipset/ip_set_hash_ip.c

+1 −2
Original line number Original line Diff line number Diff line
@@ -177,8 +177,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], 




		if (cidr > 32)

		if (cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

			return -IPSET_ERR_INVALID_CIDR;

		ip &= ip_set_hostmask(cidr);

		ip_set_mask_from_to(ip, ip_to, cidr);

		ip_to = ip | ~ip_set_hostmask(cidr);

	} else

	} else

		ip_to = ip;

		ip_to = ip;

net/netfilter/ipset/ip_set_hash_ipport.c

+1 −2
Original line number Original line Diff line number Diff line
@@ -216,8 +216,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], 




		if (cidr > 32)

		if (cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

			return -IPSET_ERR_INVALID_CIDR;

		ip &= ip_set_hostmask(cidr);

		ip_set_mask_from_to(ip, ip_to, cidr);

		ip_to = ip | ~ip_set_hostmask(cidr);

	} else

	} else

		ip_to = ip;

		ip_to = ip;