commit 0b0dc0f17f98b59772ca6380c7d5ce4cc593a974 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

David S. Miller 15 years ago 0b0dc0f1 0553c891

+30 -10

3 changed files

expand all

unified split

net

netfilter

ipset

ip_set_bitmap_ipmac.c

ip_set_core.c

xt_set.c

net/netfilter/ipset/ip_set_bitmap_ipmac.c

··· 343 343 ipset_adtfn adtfn = set->variant->adt[adt]; 344 344 struct ipmac data; 345 345 346 + /* MAC can be src only */ 347 + if (!(flags & IPSET_DIM_TWO_SRC)) 348 + return 0; 349 + 346 350 data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC)); 347 351 if (data.id < map->first_ip || data.id > map->last_ip) 348 352 return -IPSET_ERR_BITMAP_RANGE;

+10 -8

net/netfilter/ipset/ip_set_core.c

··· 1022 1022 if (cb->args[1] >= ip_set_max) 1023 1023 goto out; 1024 1024 1025 - pr_debug("args[0]: %ld args[1]: %ld\n", cb->args[0], cb->args[1]); 1026 1025 max = cb->args[0] == DUMP_ONE ? cb->args[1] + 1 : ip_set_max; 1026 + dump_last: 1027 + pr_debug("args[0]: %ld args[1]: %ld\n", cb->args[0], cb->args[1]); 1027 1028 for (; cb->args[1] < max; cb->args[1]++) { 1028 1029 index = (ip_set_id_t) cb->args[1]; 1029 1030 set = ip_set_list[index]; ··· 1039 1038 * so that lists (unions of sets) are dumped last. 1040 1039 */ 1041 1040 if (cb->args[0] != DUMP_ONE && 1042 - !((cb->args[0] == DUMP_ALL) ^ 1043 - (set->type->features & IPSET_DUMP_LAST))) 1041 + ((cb->args[0] == DUMP_ALL) == 1042 + !!(set->type->features & IPSET_DUMP_LAST))) 1044 1043 continue; 1045 1044 pr_debug("List set: %s\n", set->name); 1046 1045 if (!cb->args[2]) { ··· 1084 1083 goto release_refcount; 1085 1084 } 1086 1085 } 1086 + /* If we dump all sets, continue with dumping last ones */ 1087 + if (cb->args[0] == DUMP_ALL) { 1088 + cb->args[0] = DUMP_LAST; 1089 + cb->args[1] = 0; 1090 + goto dump_last; 1091 + } 1087 1092 goto out; 1088 1093 1089 1094 nla_put_failure: ··· 1100 1093 pr_debug("release set %s\n", ip_set_list[index]->name); 1101 1094 ip_set_put_byindex(index); 1102 1095 } 1103 - 1104 - /* If we dump all sets, continue with dumping last ones */ 1105 - if (cb->args[0] == DUMP_ALL && cb->args[1] >= max && !cb->args[2]) 1106 - cb->args[0] = DUMP_LAST; 1107 - 1108 1096 out: 1109 1097 if (nlh) { 1110 1098 nlmsg_end(skb, nlh);

+16 -2

net/netfilter/xt_set.c

··· 81 81 if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { 82 82 pr_warning("Protocol error: set match dimension " 83 83 "is over the limit!\n"); 84 + ip_set_nfnl_put(info->match_set.index); 84 85 return -ERANGE; 85 86 } 86 87 ··· 136 135 if (index == IPSET_INVALID_ID) { 137 136 pr_warning("Cannot find del_set index %u as target\n", 138 137 info->del_set.index); 138 + if (info->add_set.index != IPSET_INVALID_ID) 139 + ip_set_nfnl_put(info->add_set.index); 139 140 return -ENOENT; 140 141 } 141 142 } ··· 145 142 info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) { 146 143 pr_warning("Protocol error: SET target dimension " 147 144 "is over the limit!\n"); 145 + if (info->add_set.index != IPSET_INVALID_ID) 146 + ip_set_nfnl_put(info->add_set.index); 147 + if (info->del_set.index != IPSET_INVALID_ID) 148 + ip_set_nfnl_put(info->del_set.index); 148 149 return -ERANGE; 149 150 } 150 151 ··· 199 192 if (info->match_set.dim > IPSET_DIM_MAX) { 200 193 pr_warning("Protocol error: set match dimension " 201 194 "is over the limit!\n"); 195 + ip_set_nfnl_put(info->match_set.index); 202 196 return -ERANGE; 203 197 } 204 198 ··· 227 219 if (info->del_set.index != IPSET_INVALID_ID) 228 220 ip_set_del(info->del_set.index, 229 221 skb, par->family, 230 - info->add_set.dim, 222 + info->del_set.dim, 231 223 info->del_set.flags); 232 224 233 225 return XT_CONTINUE; ··· 253 245 if (index == IPSET_INVALID_ID) { 254 246 pr_warning("Cannot find del_set index %u as target\n", 255 247 info->del_set.index); 248 + if (info->add_set.index != IPSET_INVALID_ID) 249 + ip_set_nfnl_put(info->add_set.index); 256 250 return -ENOENT; 257 251 } 258 252 } 259 253 if (info->add_set.dim > IPSET_DIM_MAX || 260 - info->del_set.flags > IPSET_DIM_MAX) { 254 + info->del_set.dim > IPSET_DIM_MAX) { 261 255 pr_warning("Protocol error: SET target dimension " 262 256 "is over the limit!\n"); 257 + if (info->add_set.index != IPSET_INVALID_ID) 258 + ip_set_nfnl_put(info->add_set.index); 259 + if (info->del_set.index != IPSET_INVALID_ID) 260 + ip_set_nfnl_put(info->del_set.index); 263 261 return -ERANGE; 264 262 } 265 263