tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: ipset: Fix coding styles reported by checkpatch.pl
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+327
-295
+2
-3
include/linux/netfilter/ipset/ip_set.h
+2
-3
include/linux/netfilter/ipset/ip_set.h
···
349
349
cpu_to_be64((u64)skbinfo->skbmark << 32 |
350
350
skbinfo->skbmarkmask))) ||
351
351
(skbinfo->skbprio &&
352
-
nla_put_net32(skb, IPSET_ATTR_SKBPRIO,
352
+
nla_put_net32(skb, IPSET_ATTR_SKBPRIO,
353
353
cpu_to_be32(skbinfo->skbprio))) ||
354
354
(skbinfo->skbqueue &&
355
-
nla_put_net16(skb, IPSET_ATTR_SKBQUEUE,
355
+
nla_put_net16(skb, IPSET_ATTR_SKBQUEUE,
356
356
cpu_to_be16(skbinfo->skbqueue)));
357
-
358
357
}
359
358
360
359
static inline void
+3
-3
include/uapi/linux/netfilter/ipset/ip_set.h
+3
-3
include/uapi/linux/netfilter/ipset/ip_set.h
···
15
15
/* The protocol version */
16
16
#define IPSET_PROTOCOL 6
17
17
18
-
/* The maximum permissible comment length we will accept over netlink */
19
-
#define IPSET_MAX_COMMENT_SIZE 255
20
-
21
18
/* The max length of strings including NUL: set and type identifiers */
22
19
#define IPSET_MAXNAMELEN 32
20
+
21
+
/* The maximum permissible comment length we will accept over netlink */
22
+
#define IPSET_MAX_COMMENT_SIZE 255
23
23
24
24
/* Message types and commands */
25
25
enum ipset_cmd {
+6
-5
net/netfilter/ipset/ip_set_bitmap_gen.h
+6
-5
net/netfilter/ipset/ip_set_bitmap_gen.h
···
41
41
struct mtype *map = set->data;
42
42
43
43
init_timer(&map->gc);
44
-
map->gc.data = (unsigned long) set;
44
+
map->gc.data = (unsigned long)set;
45
45
map->gc.function = gc;
46
46
map->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ;
47
47
add_timer(&map->gc);
···
223
223
if (!test_bit(id, map->members) ||
224
224
(SET_WITH_TIMEOUT(set) &&
225
225
#ifdef IP_SET_BITMAP_STORED_TIMEOUT
226
-
mtype_is_filled((const struct mtype_elem *) x) &&
226
+
mtype_is_filled((const struct mtype_elem *)x) &&
227
227
#endif
228
228
ip_set_timeout_expired(ext_timeout(x, set))))
229
229
continue;
···
240
240
if (mtype_do_list(skb, map, id, set->dsize))
241
241
goto nla_put_failure;
242
242
if (ip_set_put_extensions(skb, set, x,
243
-
mtype_is_filled((const struct mtype_elem *) x)))
243
+
mtype_is_filled((const struct mtype_elem *)x)))
244
244
goto nla_put_failure;
245
245
ipset_nest_end(skb, nested);
246
246
}
···
266
266
static void
267
267
mtype_gc(unsigned long ul_set)
268
268
{
269
-
struct ip_set *set = (struct ip_set *) ul_set;
269
+
struct ip_set *set = (struct ip_set *)ul_set;
270
270
struct mtype *map = set->data;
271
271
void *x;
272
272
u32 id;
273
273
274
274
/* We run parallel with other readers (test element)
275
-
* but adding/deleting new entries is locked out */
275
+
* but adding/deleting new entries is locked out
276
+
*/
276
277
spin_lock_bh(&set->lock);
277
278
for (id = 0; id < map->elements; id++)
278
279
if (mtype_gc_test(id, map, set->dsize)) {
+7
-5
net/netfilter/ipset/ip_set_bitmap_ip.c
+7
-5
net/netfilter/ipset/ip_set_bitmap_ip.c
···
59
59
static inline u32
60
60
ip_to_id(const struct bitmap_ip *m, u32 ip)
61
61
{
62
-
return ((ip & ip_set_hostmask(m->netmask)) - m->first_ip)/m->hosts;
62
+
return ((ip & ip_set_hostmask(m->netmask)) - m->first_ip) / m->hosts;
63
63
}
64
64
65
65
/* Common functions */
···
175
175
if (!cidr || cidr > HOST_MASK)
176
176
return -IPSET_ERR_INVALID_CIDR;
177
177
ip_set_mask_from_to(ip, ip_to, cidr);
178
-
} else
178
+
} else {
179
179
ip_to = ip;
180
+
}
180
181
181
182
if (ip_to > map->last_ip)
182
183
return -IPSET_ERR_BITMAP_RANGE;
···
188
187
189
188
if (ret && !ip_set_eexist(ret, flags))
190
189
return ret;
191
-
else
192
-
ret = 0;
190
+
191
+
ret = 0;
193
192
}
194
193
return ret;
195
194
}
···
279
278
if (cidr >= HOST_MASK)
280
279
return -IPSET_ERR_INVALID_CIDR;
281
280
ip_set_mask_from_to(first_ip, last_ip, cidr);
282
-
} else
281
+
} else {
283
282
return -IPSET_ERR_PROTOCOL;
283
+
}
284
284
285
285
if (tb[IPSET_ATTR_NETMASK]) {
286
286
netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
+11
-10
net/netfilter/ipset/ip_set_bitmap_ipmac.c
+11
-10
net/netfilter/ipset/ip_set_bitmap_ipmac.c
···
90
90
return 0;
91
91
elem = get_elem(map->extensions, e->id, dsize);
92
92
if (elem->filled == MAC_FILLED)
93
-
return e->ether == NULL ||
93
+
return !e->ether ||
94
94
ether_addr_equal(e->ether, elem->ether);
95
95
/* Trigger kernel to fill out the ethernet address */
96
96
return -EAGAIN;
···
131
131
/* If MAC is unset yet, we store plain timeout value
132
132
* because the timer is not activated yet
133
133
* and we can reuse it later when MAC is filled out,
134
-
* possibly by the kernel */
134
+
* possibly by the kernel
135
+
*/
135
136
if (e->ether)
136
137
ip_set_timeout_set(timeout, t);
137
138
else
···
156
155
/* memcpy isn't atomic */
157
156
clear_bit(e->id, map->members);
158
157
smp_mb__after_atomic();
159
-
memcpy(elem->ether, e->ether, ETH_ALEN);
158
+
ether_addr_copy(elem->ether, e->ether);
160
159
}
161
160
return IPSET_ADD_FAILED;
162
161
} else if (!e->ether)
···
165
164
/* Fill the MAC address and trigger the timer activation */
166
165
clear_bit(e->id, map->members);
167
166
smp_mb__after_atomic();
168
-
memcpy(elem->ether, e->ether, ETH_ALEN);
167
+
ether_addr_copy(elem->ether, e->ether);
169
168
elem->filled = MAC_FILLED;
170
169
return IPSET_ADD_START_STORED_TIMEOUT;
171
170
} else if (e->ether) {
172
171
/* We can store MAC too */
173
-
memcpy(elem->ether, e->ether, ETH_ALEN);
172
+
ether_addr_copy(elem->ether, e->ether);
174
173
elem->filled = MAC_FILLED;
175
174
return 0;
176
-
} else {
177
-
elem->filled = MAC_UNSET;
178
-
/* MAC is not stored yet, don't start timer */
179
-
return IPSET_ADD_STORE_PLAIN_TIMEOUT;
180
175
}
176
+
elem->filled = MAC_UNSET;
177
+
/* MAC is not stored yet, don't start timer */
178
+
return IPSET_ADD_STORE_PLAIN_TIMEOUT;
181
179
}
182
180
183
181
static inline int
···
352
352
if (cidr >= HOST_MASK)
353
353
return -IPSET_ERR_INVALID_CIDR;
354
354
ip_set_mask_from_to(first_ip, last_ip, cidr);
355
-
} else
355
+
} else {
356
356
return -IPSET_ERR_PROTOCOL;
357
+
}
357
358
358
359
elements = (u64)last_ip - first_ip + 1;
359
360
+4
-3
net/netfilter/ipset/ip_set_bitmap_port.c
+4
-3
net/netfilter/ipset/ip_set_bitmap_port.c
···
162
162
if (port < map->first_port)
163
163
return -IPSET_ERR_BITMAP_RANGE;
164
164
}
165
-
} else
165
+
} else {
166
166
port_to = port;
167
+
}
167
168
168
169
if (port_to > map->last_port)
169
170
return -IPSET_ERR_BITMAP_RANGE;
···
175
174
176
175
if (ret && !ip_set_eexist(ret, flags))
177
176
return ret;
178
-
else
179
-
ret = 0;
177
+
178
+
ret = 0;
180
179
}
181
180
return ret;
182
181
}
+96
-105
net/netfilter/ipset/ip_set_core.c
+96
-105
net/netfilter/ipset/ip_set_core.c
···
35
35
bool is_deleted; /* deleted by ip_set_net_exit */
36
36
bool is_destroyed; /* all sets are destroyed */
37
37
};
38
+
38
39
static int ip_set_net_id __read_mostly;
39
40
40
41
static inline struct ip_set_net *ip_set_pernet(struct net *net)
···
61
60
#define ip_set(inst, id) \
62
61
ip_set_dereference((inst)->ip_set_list)[id]
63
62
64
-
/*
65
-
* The set types are implemented in modules and registered set types
63
+
/* The set types are implemented in modules and registered set types
66
64
* can be found in ip_set_type_list. Adding/deleting types is
67
65
* serialized by ip_set_type_mutex.
68
66
*/
···
131
131
goto unlock;
132
132
}
133
133
/* Make sure the type is already loaded
134
-
* but we don't support the revision */
134
+
* but we don't support the revision
135
+
*/
135
136
list_for_each_entry_rcu(type, &ip_set_type_list, list)
136
137
if (STRNCMP(type->name, name)) {
137
138
err = -IPSET_ERR_FIND_TYPE;
···
291
290
int
292
291
ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr)
293
292
{
294
-
struct nlattr *tb[IPSET_ATTR_IPADDR_MAX+1];
293
+
struct nlattr *tb[IPSET_ATTR_IPADDR_MAX + 1];
295
294
296
295
if (unlikely(!flag_nested(nla)))
297
296
return -IPSET_ERR_PROTOCOL;
···
308
307
int
309
308
ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr)
310
309
{
311
-
struct nlattr *tb[IPSET_ATTR_IPADDR_MAX+1];
310
+
struct nlattr *tb[IPSET_ATTR_IPADDR_MAX + 1];
312
311
313
312
if (unlikely(!flag_nested(nla)))
314
313
return -IPSET_ERR_PROTOCOL;
···
319
318
return -IPSET_ERR_PROTOCOL;
320
319
321
320
memcpy(ipaddr, nla_data(tb[IPSET_ATTR_IPADDR_IPV6]),
322
-
sizeof(struct in6_addr));
321
+
sizeof(struct in6_addr));
323
322
return 0;
324
323
}
325
324
EXPORT_SYMBOL_GPL(ip_set_get_ipaddr6);
···
468
467
}
469
468
EXPORT_SYMBOL_GPL(ip_set_put_extensions);
470
469
471
-
/*
472
-
* Creating/destroying/renaming/swapping affect the existence and
470
+
/* Creating/destroying/renaming/swapping affect the existence and
473
471
* the properties of a set. All of these can be executed from userspace
474
472
* only and serialized by the nfnl mutex indirectly from nfnetlink.
475
473
*
···
495
495
write_unlock_bh(&ip_set_ref_lock);
496
496
}
497
497
498
-
/*
499
-
* Add, del and test set entries from kernel.
498
+
/* Add, del and test set entries from kernel.
500
499
*
501
500
* The set behind the index must exist and must be referenced
502
501
* so it can't be destroyed (or changed) under our foot.
···
523
524
dev_net(par->in ? par->in : par->out), index);
524
525
int ret = 0;
525
526
526
-
BUG_ON(set == NULL);
527
+
BUG_ON(!set);
527
528
pr_debug("set %s, index %u\n", set->name, index);
528
529
529
530
if (opt->dim < set->type->dimension ||
···
562
563
dev_net(par->in ? par->in : par->out), index);
563
564
int ret;
564
565
565
-
BUG_ON(set == NULL);
566
+
BUG_ON(!set);
566
567
pr_debug("set %s, index %u\n", set->name, index);
567
568
568
569
if (opt->dim < set->type->dimension ||
···
585
586
dev_net(par->in ? par->in : par->out), index);
586
587
int ret = 0;
587
588
588
-
BUG_ON(set == NULL);
589
+
BUG_ON(!set);
589
590
pr_debug("set %s, index %u\n", set->name, index);
590
591
591
592
if (opt->dim < set->type->dimension ||
···
600
601
}
601
602
EXPORT_SYMBOL_GPL(ip_set_del);
602
603
603
-
/*
604
-
* Find set by name, reference it once. The reference makes sure the
604
+
/* Find set by name, reference it once. The reference makes sure the
605
605
* thing pointed to, does not go away under our feet.
606
606
*
607
607
*/
···
614
616
rcu_read_lock();
615
617
for (i = 0; i < inst->ip_set_max; i++) {
616
618
s = rcu_dereference(inst->ip_set_list)[i];
617
-
if (s != NULL && STRNCMP(s->name, name)) {
619
+
if (s && STRNCMP(s->name, name)) {
618
620
__ip_set_get(s);
619
621
index = i;
620
622
*set = s;
···
627
629
}
628
630
EXPORT_SYMBOL_GPL(ip_set_get_byname);
629
631
630
-
/*
631
-
* If the given set pointer points to a valid set, decrement
632
+
/* If the given set pointer points to a valid set, decrement
632
633
* reference count by 1. The caller shall not assume the index
633
634
* to be valid, after calling this function.
634
635
*
···
640
643
641
644
rcu_read_lock();
642
645
set = rcu_dereference(inst->ip_set_list)[index];
643
-
if (set != NULL)
646
+
if (set)
644
647
__ip_set_put(set);
645
648
rcu_read_unlock();
646
649
}
···
654
657
}
655
658
EXPORT_SYMBOL_GPL(ip_set_put_byindex);
656
659
657
-
/*
658
-
* Get the name of a set behind a set index.
660
+
/* Get the name of a set behind a set index.
659
661
* We assume the set is referenced, so it does exist and
660
662
* can't be destroyed. The set cannot be renamed due to
661
663
* the referencing either.
···
665
669
{
666
670
const struct ip_set *set = ip_set_rcu_get(net, index);
667
671
668
-
BUG_ON(set == NULL);
672
+
BUG_ON(!set);
669
673
BUG_ON(set->ref == 0);
670
674
671
675
/* Referenced, so it's safe */
···
673
677
}
674
678
EXPORT_SYMBOL_GPL(ip_set_name_byindex);
675
679
676
-
/*
677
-
* Routines to call by external subsystems, which do not
680
+
/* Routines to call by external subsystems, which do not
678
681
* call nfnl_lock for us.
679
682
*/
680
683
681
-
/*
682
-
* Find set by index, reference it once. The reference makes sure the
684
+
/* Find set by index, reference it once. The reference makes sure the
683
685
* thing pointed to, does not go away under our feet.
684
686
*
685
687
* The nfnl mutex is used in the function.
···
703
709
}
704
710
EXPORT_SYMBOL_GPL(ip_set_nfnl_get_byindex);
705
711
706
-
/*
707
-
* If the given set pointer points to a valid set, decrement
712
+
/* If the given set pointer points to a valid set, decrement
708
713
* reference count by 1. The caller shall not assume the index
709
714
* to be valid, after calling this function.
710
715
*
···
718
725
nfnl_lock(NFNL_SUBSYS_IPSET);
719
726
if (!inst->is_deleted) { /* already deleted from ip_set_net_exit() */
720
727
set = ip_set(inst, index);
721
-
if (set != NULL)
728
+
if (set)
722
729
__ip_set_put(set);
723
730
}
724
731
nfnl_unlock(NFNL_SUBSYS_IPSET);
725
732
}
726
733
EXPORT_SYMBOL_GPL(ip_set_nfnl_put);
727
734
728
-
/*
729
-
* Communication protocol with userspace over netlink.
735
+
/* Communication protocol with userspace over netlink.
730
736
*
731
737
* The commands are serialized by the nfnl mutex.
732
738
*/
···
752
760
753
761
nlh = nlmsg_put(skb, portid, seq, cmd | (NFNL_SUBSYS_IPSET << 8),
754
762
sizeof(*nfmsg), flags);
755
-
if (nlh == NULL)
763
+
if (!nlh)
756
764
return NULL;
757
765
758
766
nfmsg = nlmsg_data(nlh);
···
785
793
*id = IPSET_INVALID_ID;
786
794
for (i = 0; i < inst->ip_set_max; i++) {
787
795
set = ip_set(inst, i);
788
-
if (set != NULL && STRNCMP(set->name, name)) {
796
+
if (set && STRNCMP(set->name, name)) {
789
797
*id = i;
790
798
break;
791
799
}
···
811
819
*index = IPSET_INVALID_ID;
812
820
for (i = 0; i < inst->ip_set_max; i++) {
813
821
s = ip_set(inst, i);
814
-
if (s == NULL) {
822
+
if (!s) {
815
823
if (*index == IPSET_INVALID_ID)
816
824
*index = i;
817
825
} else if (STRNCMP(name, s->name)) {
···
843
851
struct ip_set_net *inst = ip_set_pernet(net);
844
852
struct ip_set *set, *clash = NULL;
845
853
ip_set_id_t index = IPSET_INVALID_ID;
846
-
struct nlattr *tb[IPSET_ATTR_CREATE_MAX+1] = {};
854
+
struct nlattr *tb[IPSET_ATTR_CREATE_MAX + 1] = {};
847
855
const char *name, *typename;
848
856
u8 family, revision;
849
857
u32 flags = flag_exist(nlh);
850
858
int ret = 0;
851
859
852
860
if (unlikely(protocol_failed(attr) ||
853
-
attr[IPSET_ATTR_SETNAME] == NULL ||
854
-
attr[IPSET_ATTR_TYPENAME] == NULL ||
855
-
attr[IPSET_ATTR_REVISION] == NULL ||
856
-
attr[IPSET_ATTR_FAMILY] == NULL ||
857
-
(attr[IPSET_ATTR_DATA] != NULL &&
861
+
!attr[IPSET_ATTR_SETNAME] ||
862
+
!attr[IPSET_ATTR_TYPENAME] ||
863
+
!attr[IPSET_ATTR_REVISION] ||
864
+
!attr[IPSET_ATTR_FAMILY] ||
865
+
(attr[IPSET_ATTR_DATA] &&
858
866
!flag_nested(attr[IPSET_ATTR_DATA]))))
859
867
return -IPSET_ERR_PROTOCOL;
860
868
···
865
873
pr_debug("setname: %s, typename: %s, family: %s, revision: %u\n",
866
874
name, typename, family_name(family), revision);
867
875
868
-
/*
869
-
* First, and without any locks, allocate and initialize
876
+
/* First, and without any locks, allocate and initialize
870
877
* a normal base set structure.
871
878
*/
872
-
set = kzalloc(sizeof(struct ip_set), GFP_KERNEL);
879
+
set = kzalloc(sizeof(*set), GFP_KERNEL);
873
880
if (!set)
874
881
return -ENOMEM;
875
882
spin_lock_init(&set->lock);
···
876
885
set->family = family;
877
886
set->revision = revision;
878
887
879
-
/*
880
-
* Next, check that we know the type, and take
888
+
/* Next, check that we know the type, and take
881
889
* a reference on the type, to make sure it stays available
882
890
* while constructing our new set.
883
891
*
884
892
* After referencing the type, we try to create the type
885
893
* specific part of the set without holding any locks.
886
894
*/
887
-
ret = find_set_type_get(typename, family, revision, &(set->type));
895
+
ret = find_set_type_get(typename, family, revision, &set->type);
888
896
if (ret)
889
897
goto out;
890
898
891
-
/*
892
-
* Without holding any locks, create private part.
893
-
*/
899
+
/* Without holding any locks, create private part. */
894
900
if (attr[IPSET_ATTR_DATA] &&
895
901
nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA],
896
902
set->type->create_policy)) {
···
901
913
902
914
/* BTW, ret==0 here. */
903
915
904
-
/*
905
-
* Here, we have a valid, constructed set and we are protected
916
+
/* Here, we have a valid, constructed set and we are protected
906
917
* by the nfnl mutex. Find the first free index in ip_set_list
907
918
* and check clashing.
908
919
*/
···
924
937
/* Wraparound */
925
938
goto cleanup;
926
939
927
-
list = kzalloc(sizeof(struct ip_set *) * i, GFP_KERNEL);
940
+
list = kcalloc(i, sizeof(struct ip_set *), GFP_KERNEL);
928
941
if (!list)
929
942
goto cleanup;
930
943
/* nfnl mutex is held, both lists are valid */
···
938
951
inst->ip_set_max = i;
939
952
kfree(tmp);
940
953
ret = 0;
941
-
} else if (ret)
954
+
} else if (ret) {
942
955
goto cleanup;
956
+
}
943
957
944
-
/*
945
-
* Finally! Add our shiny new set to the list, and be done.
946
-
*/
958
+
/* Finally! Add our shiny new set to the list, and be done. */
947
959
pr_debug("create: '%s' created with index %u!\n", set->name, index);
948
960
ip_set(inst, index) = set;
949
961
···
1004
1018
if (!attr[IPSET_ATTR_SETNAME]) {
1005
1019
for (i = 0; i < inst->ip_set_max; i++) {
1006
1020
s = ip_set(inst, i);
1007
-
if (s != NULL && s->ref) {
1021
+
if (s && s->ref) {
1008
1022
ret = -IPSET_ERR_BUSY;
1009
1023
goto out;
1010
1024
}
···
1023
1037
} else {
1024
1038
s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
1025
1039
&i);
1026
-
if (s == NULL) {
1040
+
if (!s) {
1027
1041
ret = -ENOENT;
1028
1042
goto out;
1029
1043
} else if (s->ref) {
···
1068
1082
if (!attr[IPSET_ATTR_SETNAME]) {
1069
1083
for (i = 0; i < inst->ip_set_max; i++) {
1070
1084
s = ip_set(inst, i);
1071
-
if (s != NULL)
1085
+
if (s)
1072
1086
ip_set_flush_set(s);
1073
1087
}
1074
1088
} else {
1075
1089
s = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
1076
-
if (s == NULL)
1090
+
if (!s)
1077
1091
return -ENOENT;
1078
1092
1079
1093
ip_set_flush_set(s);
···
1105
1119
int ret = 0;
1106
1120
1107
1121
if (unlikely(protocol_failed(attr) ||
1108
-
attr[IPSET_ATTR_SETNAME] == NULL ||
1109
-
attr[IPSET_ATTR_SETNAME2] == NULL))
1122
+
!attr[IPSET_ATTR_SETNAME] ||
1123
+
!attr[IPSET_ATTR_SETNAME2]))
1110
1124
return -IPSET_ERR_PROTOCOL;
1111
1125
1112
1126
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
1113
-
if (set == NULL)
1127
+
if (!set)
1114
1128
return -ENOENT;
1115
1129
1116
1130
read_lock_bh(&ip_set_ref_lock);
···
1122
1136
name2 = nla_data(attr[IPSET_ATTR_SETNAME2]);
1123
1137
for (i = 0; i < inst->ip_set_max; i++) {
1124
1138
s = ip_set(inst, i);
1125
-
if (s != NULL && STRNCMP(s->name, name2)) {
1139
+
if (s && STRNCMP(s->name, name2)) {
1126
1140
ret = -IPSET_ERR_EXIST_SETNAME2;
1127
1141
goto out;
1128
1142
}
···
1154
1168
char from_name[IPSET_MAXNAMELEN];
1155
1169
1156
1170
if (unlikely(protocol_failed(attr) ||
1157
-
attr[IPSET_ATTR_SETNAME] == NULL ||
1158
-
attr[IPSET_ATTR_SETNAME2] == NULL))
1171
+
!attr[IPSET_ATTR_SETNAME] ||
1172
+
!attr[IPSET_ATTR_SETNAME2]))
1159
1173
return -IPSET_ERR_PROTOCOL;
1160
1174
1161
1175
from = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
1162
1176
&from_id);
1163
-
if (from == NULL)
1177
+
if (!from)
1164
1178
return -ENOENT;
1165
1179
1166
1180
to = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME2]),
1167
1181
&to_id);
1168
-
if (to == NULL)
1182
+
if (!to)
1169
1183
return -IPSET_ERR_EXIST_SETNAME2;
1170
1184
1171
1185
/* Features must not change.
1172
-
* Not an artificial restriction anymore, as we must prevent
1173
-
* possible loops created by swapping in setlist type of sets. */
1186
+
* Not an artifical restriction anymore, as we must prevent
1187
+
* possible loops created by swapping in setlist type of sets.
1188
+
*/
1174
1189
if (!(from->type->features == to->type->features &&
1175
1190
from->family == to->family))
1176
1191
return -IPSET_ERR_TYPE_MISMATCH;
···
1233
1246
{
1234
1247
struct nlmsghdr *nlh = nlmsg_hdr(cb->skb);
1235
1248
int min_len = nlmsg_total_size(sizeof(struct nfgenmsg));
1236
-
struct nlattr *cda[IPSET_ATTR_CMD_MAX+1];
1249
+
struct nlattr *cda[IPSET_ATTR_CMD_MAX + 1];
1237
1250
struct nlattr *attr = (void *)nlh + min_len;
1238
1251
u32 dump_type;
1239
1252
ip_set_id_t index;
···
1247
1260
1248
1261
set = find_set_and_id(inst, nla_data(cda[IPSET_ATTR_SETNAME]),
1249
1262
&index);
1250
-
if (set == NULL)
1263
+
if (!set)
1251
1264
return -ENOENT;
1252
1265
1253
1266
dump_type = DUMP_ONE;
1254
1267
cb->args[IPSET_CB_INDEX] = index;
1255
-
} else
1268
+
} else {
1256
1269
dump_type = DUMP_ALL;
1270
+
}
1257
1271
1258
1272
if (cda[IPSET_ATTR_FLAGS]) {
1259
1273
u32 f = ip_set_get_h32(cda[IPSET_ATTR_FLAGS]);
1274
+
1260
1275
dump_type |= (f << 16);
1261
1276
}
1262
1277
cb->args[IPSET_CB_NET] = (unsigned long)inst;
···
1284
1295
if (ret < 0) {
1285
1296
nlh = nlmsg_hdr(cb->skb);
1286
1297
/* We have to create and send the error message
1287
-
* manually :-( */
1298
+
* manually :-(
1299
+
*/
1288
1300
if (nlh->nlmsg_flags & NLM_F_ACK)
1289
1301
netlink_ack(cb->skb, nlh, ret);
1290
1302
return ret;
···
1303
1313
pr_debug("dump type, flag: %u %u index: %ld\n",
1304
1314
dump_type, dump_flags, cb->args[IPSET_CB_INDEX]);
1305
1315
for (; cb->args[IPSET_CB_INDEX] < max; cb->args[IPSET_CB_INDEX]++) {
1306
-
index = (ip_set_id_t) cb->args[IPSET_CB_INDEX];
1316
+
index = (ip_set_id_t)cb->args[IPSET_CB_INDEX];
1307
1317
write_lock_bh(&ip_set_ref_lock);
1308
1318
set = ip_set(inst, index);
1309
1319
is_destroyed = inst->is_destroyed;
···
1470
1480
size_t payload = min(SIZE_MAX,
1471
1481
sizeof(*errmsg) + nlmsg_len(nlh));
1472
1482
int min_len = nlmsg_total_size(sizeof(struct nfgenmsg));
1473
-
struct nlattr *cda[IPSET_ATTR_CMD_MAX+1];
1483
+
struct nlattr *cda[IPSET_ATTR_CMD_MAX + 1];
1474
1484
struct nlattr *cmdattr;
1475
1485
u32 *errline;
1476
1486
1477
1487
skb2 = nlmsg_new(payload, GFP_KERNEL);
1478
-
if (skb2 == NULL)
1488
+
if (!skb2)
1479
1489
return -ENOMEM;
1480
1490
rep = __nlmsg_put(skb2, NETLINK_CB(skb).portid,
1481
1491
nlh->nlmsg_seq, NLMSG_ERROR, payload, 0);
···
1492
1502
1493
1503
*errline = lineno;
1494
1504
1495
-
netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT);
1505
+
netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid,
1506
+
MSG_DONTWAIT);
1496
1507
/* Signal netlink not to send its ACK/errmsg. */
1497
1508
return -EINTR;
1498
1509
}
···
1508
1517
{
1509
1518
struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
1510
1519
struct ip_set *set;
1511
-
struct nlattr *tb[IPSET_ATTR_ADT_MAX+1] = {};
1520
+
struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
1512
1521
const struct nlattr *nla;
1513
1522
u32 flags = flag_exist(nlh);
1514
1523
bool use_lineno;
1515
1524
int ret = 0;
1516
1525
1517
1526
if (unlikely(protocol_failed(attr) ||
1518
-
attr[IPSET_ATTR_SETNAME] == NULL ||
1527
+
!attr[IPSET_ATTR_SETNAME] ||
1519
1528
!((attr[IPSET_ATTR_DATA] != NULL) ^
1520
1529
(attr[IPSET_ATTR_ADT] != NULL)) ||
1521
-
(attr[IPSET_ATTR_DATA] != NULL &&
1530
+
(attr[IPSET_ATTR_DATA] &&
1522
1531
!flag_nested(attr[IPSET_ATTR_DATA])) ||
1523
-
(attr[IPSET_ATTR_ADT] != NULL &&
1532
+
(attr[IPSET_ATTR_ADT] &&
1524
1533
(!flag_nested(attr[IPSET_ATTR_ADT]) ||
1525
-
attr[IPSET_ATTR_LINENO] == NULL))))
1534
+
!attr[IPSET_ATTR_LINENO]))))
1526
1535
return -IPSET_ERR_PROTOCOL;
1527
1536
1528
1537
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
1529
-
if (set == NULL)
1538
+
if (!set)
1530
1539
return -ENOENT;
1531
1540
1532
1541
use_lineno = !!attr[IPSET_ATTR_LINENO];
···
1563
1572
{
1564
1573
struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
1565
1574
struct ip_set *set;
1566
-
struct nlattr *tb[IPSET_ATTR_ADT_MAX+1] = {};
1575
+
struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
1567
1576
const struct nlattr *nla;
1568
1577
u32 flags = flag_exist(nlh);
1569
1578
bool use_lineno;
1570
1579
int ret = 0;
1571
1580
1572
1581
if (unlikely(protocol_failed(attr) ||
1573
-
attr[IPSET_ATTR_SETNAME] == NULL ||
1582
+
!attr[IPSET_ATTR_SETNAME] ||
1574
1583
!((attr[IPSET_ATTR_DATA] != NULL) ^
1575
1584
(attr[IPSET_ATTR_ADT] != NULL)) ||
1576
-
(attr[IPSET_ATTR_DATA] != NULL &&
1585
+
(attr[IPSET_ATTR_DATA] &&
1577
1586
!flag_nested(attr[IPSET_ATTR_DATA])) ||
1578
-
(attr[IPSET_ATTR_ADT] != NULL &&
1587
+
(attr[IPSET_ATTR_ADT] &&
1579
1588
(!flag_nested(attr[IPSET_ATTR_ADT]) ||
1580
-
attr[IPSET_ATTR_LINENO] == NULL))))
1589
+
!attr[IPSET_ATTR_LINENO]))))
1581
1590
return -IPSET_ERR_PROTOCOL;
1582
1591
1583
1592
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
1584
-
if (set == NULL)
1593
+
if (!set)
1585
1594
return -ENOENT;
1586
1595
1587
1596
use_lineno = !!attr[IPSET_ATTR_LINENO];
···
1618
1627
{
1619
1628
struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
1620
1629
struct ip_set *set;
1621
-
struct nlattr *tb[IPSET_ATTR_ADT_MAX+1] = {};
1630
+
struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
1622
1631
int ret = 0;
1623
1632
1624
1633
if (unlikely(protocol_failed(attr) ||
1625
-
attr[IPSET_ATTR_SETNAME] == NULL ||
1626
-
attr[IPSET_ATTR_DATA] == NULL ||
1634
+
!attr[IPSET_ATTR_SETNAME] ||
1635
+
!attr[IPSET_ATTR_DATA] ||
1627
1636
!flag_nested(attr[IPSET_ATTR_DATA])))
1628
1637
return -IPSET_ERR_PROTOCOL;
1629
1638
1630
1639
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
1631
-
if (set == NULL)
1640
+
if (!set)
1632
1641
return -ENOENT;
1633
1642
1634
1643
if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA],
···
1659
1668
int ret = 0;
1660
1669
1661
1670
if (unlikely(protocol_failed(attr) ||
1662
-
attr[IPSET_ATTR_SETNAME] == NULL))
1671
+
!attr[IPSET_ATTR_SETNAME]))
1663
1672
return -IPSET_ERR_PROTOCOL;
1664
1673
1665
1674
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
1666
-
if (set == NULL)
1675
+
if (!set)
1667
1676
return -ENOENT;
1668
1677
1669
1678
skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1670
-
if (skb2 == NULL)
1679
+
if (!skb2)
1671
1680
return -ENOMEM;
1672
1681
1673
1682
nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0,
···
1716
1725
int ret = 0;
1717
1726
1718
1727
if (unlikely(protocol_failed(attr) ||
1719
-
attr[IPSET_ATTR_TYPENAME] == NULL ||
1720
-
attr[IPSET_ATTR_FAMILY] == NULL))
1728
+
!attr[IPSET_ATTR_TYPENAME] ||
1729
+
!attr[IPSET_ATTR_FAMILY]))
1721
1730
return -IPSET_ERR_PROTOCOL;
1722
1731
1723
1732
family = nla_get_u8(attr[IPSET_ATTR_FAMILY]);
···
1727
1736
return ret;
1728
1737
1729
1738
skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1730
-
if (skb2 == NULL)
1739
+
if (!skb2)
1731
1740
return -ENOMEM;
1732
1741
1733
1742
nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0,
···
1772
1781
struct nlmsghdr *nlh2;
1773
1782
int ret = 0;
1774
1783
1775
-
if (unlikely(attr[IPSET_ATTR_PROTOCOL] == NULL))
1784
+
if (unlikely(!attr[IPSET_ATTR_PROTOCOL]))
1776
1785
return -IPSET_ERR_PROTOCOL;
1777
1786
1778
1787
skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1779
-
if (skb2 == NULL)
1788
+
if (!skb2)
1780
1789
return -ENOMEM;
1781
1790
1782
1791
nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0,
···
1904
1913
ret = -EFAULT;
1905
1914
goto done;
1906
1915
}
1907
-
op = (unsigned int *) data;
1916
+
op = (unsigned int *)data;
1908
1917
1909
1918
if (*op < IP_SET_OP_VERSION) {
1910
1919
/* Check the version at the beginning of operations */
···
2016
2025
if (inst->ip_set_max >= IPSET_INVALID_ID)
2017
2026
inst->ip_set_max = IPSET_INVALID_ID - 1;
2018
2027
2019
-
list = kzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL);
2028
+
list = kcalloc(inst->ip_set_max, sizeof(struct ip_set *), GFP_KERNEL);
2020
2029
if (!list)
2021
2030
return -ENOMEM;
2022
2031
inst->is_deleted = false;
···
2052
2061
.size = sizeof(struct ip_set_net)
2053
2062
};
2054
2063
2055
-
2056
2064
static int __init
2057
2065
ip_set_init(void)
2058
2066
{
2059
2067
int ret = nfnetlink_subsys_register(&ip_set_netlink_subsys);
2068
+
2060
2069
if (ret != 0) {
2061
2070
pr_err("ip_set: cannot register with nfnetlink.\n");
2062
2071
return ret;
+7
-6
net/netfilter/ipset/ip_set_getport.c
+7
-6
net/netfilter/ipset/ip_set_getport.c
···
30
30
const struct tcphdr *th;
31
31
32
32
th = skb_header_pointer(skb, protooff, sizeof(_tcph), &_tcph);
33
-
if (th == NULL)
33
+
if (!th)
34
34
/* No choice either */
35
35
return false;
36
36
···
42
42
const sctp_sctphdr_t *sh;
43
43
44
44
sh = skb_header_pointer(skb, protooff, sizeof(_sh), &_sh);
45
-
if (sh == NULL)
45
+
if (!sh)
46
46
/* No choice either */
47
47
return false;
48
48
···
55
55
const struct udphdr *uh;
56
56
57
57
uh = skb_header_pointer(skb, protooff, sizeof(_udph), &_udph);
58
-
if (uh == NULL)
58
+
if (!uh)
59
59
/* No choice either */
60
60
return false;
61
61
···
67
67
const struct icmphdr *ic;
68
68
69
69
ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
70
-
if (ic == NULL)
70
+
if (!ic)
71
71
return false;
72
72
73
73
*port = (__force __be16)htons((ic->type << 8) | ic->code);
···
78
78
const struct icmp6hdr *ic;
79
79
80
80
ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
81
-
if (ic == NULL)
81
+
if (!ic)
82
82
return false;
83
83
84
84
*port = (__force __be16)
···
116
116
return false;
117
117
default:
118
118
/* Other protocols doesn't have ports,
119
-
so we can match fragments */
119
+
* so we can match fragments.
120
+
*/
120
121
*proto = protocol;
121
122
return true;
122
123
}
+31
-24
net/netfilter/ipset/ip_set_hash_gen.h
+31
-24
net/netfilter/ipset/ip_set_hash_gen.h
···
35
35
/* Number of elements to store in an initial array block */
36
36
#define AHASH_INIT_SIZE 4
37
37
/* Max number of elements to store in an array block */
38
-
#define AHASH_MAX_SIZE (3*AHASH_INIT_SIZE)
38
+
#define AHASH_MAX_SIZE (3 * AHASH_INIT_SIZE)
39
39
/* Max muber of elements in the array block when tuned */
40
40
#define AHASH_MAX_TUNED 64
41
41
···
57
57
*/
58
58
return n > curr && n <= AHASH_MAX_TUNED ? n : curr;
59
59
}
60
+
60
61
#define TUNE_AHASH_MAX(h, multi) \
61
62
((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi))
62
63
#else
···
257
256
#endif
258
257
259
258
#define HKEY(data, initval, htable_bits) \
260
-
(jhash2((u32 *)(data), HKEY_DATALEN/sizeof(u32), initval) \
259
+
(jhash2((u32 *)(data), HKEY_DATALEN / sizeof(u32), initval) \
261
260
& jhash_mask(htable_bits))
262
261
263
262
#ifndef htype
···
300
299
301
300
/* Add in increasing prefix order, so larger cidr first */
302
301
for (i = 0, j = -1; i < nets_length && h->nets[i].cidr[n]; i++) {
303
-
if (j != -1)
302
+
if (j != -1) {
304
303
continue;
305
-
else if (h->nets[i].cidr[n] < cidr)
304
+
} else if (h->nets[i].cidr[n] < cidr) {
306
305
j = i;
307
-
else if (h->nets[i].cidr[n] == cidr) {
306
+
} else if (h->nets[i].cidr[n] == cidr) {
308
307
h->nets[cidr - 1].nets[n]++;
309
308
return;
310
309
}
···
323
322
u8 i, j, net_end = nets_length - 1;
324
323
325
324
for (i = 0; i < nets_length; i++) {
326
-
if (h->nets[i].cidr[n] != cidr)
327
-
continue;
325
+
if (h->nets[i].cidr[n] != cidr)
326
+
continue;
328
327
h->nets[cidr - 1].nets[n]--;
329
328
if (h->nets[cidr - 1].nets[n] > 0)
330
-
return;
329
+
return;
331
330
for (j = i; j < net_end && h->nets[j].cidr[n]; j++)
332
-
h->nets[j].cidr[n] = h->nets[j + 1].cidr[n];
331
+
h->nets[j].cidr[n] = h->nets[j + 1].cidr[n];
333
332
h->nets[j].cidr[n] = 0;
334
-
return;
333
+
return;
335
334
}
336
335
}
337
336
#endif
···
427
426
if (SET_WITH_TIMEOUT(set))
428
427
del_timer_sync(&h->gc);
429
428
430
-
mtype_ahash_destroy(set, __ipset_dereference_protected(h->table, 1),
431
-
true);
429
+
mtype_ahash_destroy(set,
430
+
__ipset_dereference_protected(h->table, 1), true);
432
431
kfree(h);
433
432
434
433
set->data = NULL;
···
440
439
struct htype *h = set->data;
441
440
442
441
init_timer(&h->gc);
443
-
h->gc.data = (unsigned long) set;
442
+
h->gc.data = (unsigned long)set;
444
443
h->gc.function = gc;
445
444
h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ;
446
445
add_timer(&h->gc);
···
531
530
static void
532
531
mtype_gc(unsigned long ul_set)
533
532
{
534
-
struct ip_set *set = (struct ip_set *) ul_set;
533
+
struct ip_set *set = (struct ip_set *)ul_set;
535
534
struct htype *h = set->data;
536
535
537
536
pr_debug("called\n");
···
545
544
546
545
/* Resize a hash: create a new hash table with doubling the hashsize
547
546
* and inserting the elements to it. Repeat until we succeed or
548
-
* fail due to memory pressures. */
547
+
* fail due to memory pressures.
548
+
*/
549
549
static int
550
550
mtype_resize(struct ip_set *set, bool retried)
551
551
{
···
689
687
}
690
688
691
689
/* Add an element to a hash and update the internal counters when succeeded,
692
-
* otherwise report the proper error code. */
690
+
* otherwise report the proper error code.
691
+
*/
693
692
static int
694
693
mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
695
694
struct ip_set_ext *mext, u32 flags)
···
929
926
930
927
#ifdef IP_SET_HASH_WITH_NETS
931
928
/* Special test function which takes into account the different network
932
-
* sizes added to the set */
929
+
* sizes added to the set
930
+
*/
933
931
static int
934
932
mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d,
935
933
const struct ip_set_ext *ext,
···
1008
1004
t = rcu_dereference_bh(h->table);
1009
1005
#ifdef IP_SET_HASH_WITH_NETS
1010
1006
/* If we test an IP address and not a network address,
1011
-
* try all possible network sizes */
1007
+
* try all possible network sizes
1008
+
*/
1012
1009
for (i = 0; i < IPSET_NET_COUNT; i++)
1013
1010
if (DCIDR_GET(d->cidr, i) != SET_HOST_MASK(set->family))
1014
1011
break;
···
1153
1148
nla_nest_cancel(skb, atd);
1154
1149
ret = -EMSGSIZE;
1155
1150
goto out;
1156
-
} else
1157
-
goto nla_put_failure;
1151
+
}
1152
+
goto nla_put_failure;
1158
1153
}
1159
1154
if (mtype_data_list(skb, e))
1160
1155
goto nla_put_failure;
···
1176
1171
set->name);
1177
1172
cb->args[IPSET_CB_ARG0] = 0;
1178
1173
ret = -EMSGSIZE;
1179
-
} else
1174
+
} else {
1180
1175
ipset_nest_end(skb, atd);
1176
+
}
1181
1177
out:
1182
1178
rcu_read_unlock();
1183
1179
return ret;
···
1186
1180
1187
1181
static int
1188
1182
IPSET_TOKEN(MTYPE, _kadt)(struct ip_set *set, const struct sk_buff *skb,
1189
-
const struct xt_action_param *par,
1190
-
enum ipset_adt adt, struct ip_set_adt_opt *opt);
1183
+
const struct xt_action_param *par,
1184
+
enum ipset_adt adt, struct ip_set_adt_opt *opt);
1191
1185
1192
1186
static int
1193
1187
IPSET_TOKEN(MTYPE, _uadt)(struct ip_set *set, struct nlattr *tb[],
1194
-
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried);
1188
+
enum ipset_adt adt, u32 *lineno, u32 flags,
1189
+
bool retried);
1195
1190
1196
1191
static const struct ip_set_type_variant mtype_variant = {
1197
1192
.kadt = mtype_kadt,
+2
-2
net/netfilter/ipset/ip_set_hash_ip.c
+2
-2
net/netfilter/ipset/ip_set_hash_ip.c
+3
-6
net/netfilter/ipset/ip_set_hash_ipmark.c
+3
-6
net/netfilter/ipset/ip_set_hash_ipmark.c
···
155
155
156
156
if (ret && !ip_set_eexist(ret, flags))
157
157
return ret;
158
-
else
159
-
ret = 0;
158
+
159
+
ret = 0;
160
160
}
161
161
return ret;
162
162
}
···
205
205
#define HOST_MASK 128
206
206
#define IP_SET_EMIT_CREATE
207
207
#include "ip_set_hash_gen.h"
208
-
209
208
210
209
static int
211
210
hash_ipmark6_kadt(struct ip_set *set, const struct sk_buff *skb,
···
267
268
ret = adtfn(set, &e, &ext, &ext, flags);
268
269
if (ret && !ip_set_eexist(ret, flags))
269
270
return ret;
270
-
else
271
-
ret = 0;
272
271
273
-
return ret;
272
+
return 0;
274
273
}
275
274
276
275
static struct ip_set_type hash_ipmark_type __read_mostly = {
+8
-6
net/netfilter/ipset/ip_set_hash_ipport.c
+8
-6
net/netfilter/ipset/ip_set_hash_ipport.c
···
140
140
141
141
if (e.proto == 0)
142
142
return -IPSET_ERR_INVALID_PROTO;
143
-
} else
143
+
} else {
144
144
return -IPSET_ERR_MISSING_PROTO;
145
+
}
145
146
146
147
if (!(with_ports || e.proto == IPPROTO_ICMP))
147
148
e.port = 0;
···
188
187
189
188
if (ret && !ip_set_eexist(ret, flags))
190
189
return ret;
191
-
else
192
-
ret = 0;
190
+
191
+
ret = 0;
193
192
}
194
193
}
195
194
return ret;
···
306
305
307
306
if (e.proto == 0)
308
307
return -IPSET_ERR_INVALID_PROTO;
309
-
} else
308
+
} else {
310
309
return -IPSET_ERR_MISSING_PROTO;
310
+
}
311
311
312
312
if (!(with_ports || e.proto == IPPROTO_ICMPV6))
313
313
e.port = 0;
···
331
329
332
330
if (ret && !ip_set_eexist(ret, flags))
333
331
return ret;
334
-
else
335
-
ret = 0;
332
+
333
+
ret = 0;
336
334
}
337
335
return ret;
338
336
}
+9
-7
net/netfilter/ipset/ip_set_hash_ipportip.c
+9
-7
net/netfilter/ipset/ip_set_hash_ipportip.c
···
63
63
64
64
static bool
65
65
hash_ipportip4_data_list(struct sk_buff *skb,
66
-
const struct hash_ipportip4_elem *data)
66
+
const struct hash_ipportip4_elem *data)
67
67
{
68
68
if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
69
69
nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) ||
···
147
147
148
148
if (e.proto == 0)
149
149
return -IPSET_ERR_INVALID_PROTO;
150
-
} else
150
+
} else {
151
151
return -IPSET_ERR_MISSING_PROTO;
152
+
}
152
153
153
154
if (!(with_ports || e.proto == IPPROTO_ICMP))
154
155
e.port = 0;
···
195
194
196
195
if (ret && !ip_set_eexist(ret, flags))
197
196
return ret;
198
-
else
199
-
ret = 0;
197
+
198
+
ret = 0;
200
199
}
201
200
}
202
201
return ret;
···
321
320
322
321
if (e.proto == 0)
323
322
return -IPSET_ERR_INVALID_PROTO;
324
-
} else
323
+
} else {
325
324
return -IPSET_ERR_MISSING_PROTO;
325
+
}
326
326
327
327
if (!(with_ports || e.proto == IPPROTO_ICMPV6))
328
328
e.port = 0;
···
346
344
347
345
if (ret && !ip_set_eexist(ret, flags))
348
346
return ret;
349
-
else
350
-
ret = 0;
347
+
348
+
ret = 0;
351
349
}
352
350
return ret;
353
351
}
+12
-7
net/netfilter/ipset/ip_set_hash_ipportnet.c
+12
-7
net/netfilter/ipset/ip_set_hash_ipportnet.c
···
209
209
210
210
if (e.proto == 0)
211
211
return -IPSET_ERR_INVALID_PROTO;
212
-
} else
212
+
} else {
213
213
return -IPSET_ERR_MISSING_PROTO;
214
+
}
214
215
215
216
if (!(with_ports || e.proto == IPPROTO_ICMP))
216
217
e.port = 0;
217
218
218
219
if (tb[IPSET_ATTR_CADT_FLAGS]) {
219
220
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
221
+
220
222
if (cadt_flags & IPSET_FLAG_NOMATCH)
221
223
flags |= (IPSET_FLAG_NOMATCH << 16);
222
224
}
···
265
263
swap(ip2_from, ip2_to);
266
264
if (ip2_from + UINT_MAX == ip2_to)
267
265
return -IPSET_ERR_HASH_RANGE;
268
-
} else
266
+
} else {
269
267
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr + 1);
268
+
}
270
269
271
270
if (retried)
272
271
ip = ntohl(h->next.ip);
···
290
287
291
288
if (ret && !ip_set_eexist(ret, flags))
292
289
return ret;
293
-
else
294
-
ret = 0;
290
+
291
+
ret = 0;
295
292
ip2 = ip2_last + 1;
296
293
}
297
294
}
···
469
466
470
467
if (e.proto == 0)
471
468
return -IPSET_ERR_INVALID_PROTO;
472
-
} else
469
+
} else {
473
470
return -IPSET_ERR_MISSING_PROTO;
471
+
}
474
472
475
473
if (!(with_ports || e.proto == IPPROTO_ICMPV6))
476
474
e.port = 0;
477
475
478
476
if (tb[IPSET_ATTR_CADT_FLAGS]) {
479
477
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
478
+
480
479
if (cadt_flags & IPSET_FLAG_NOMATCH)
481
480
flags |= (IPSET_FLAG_NOMATCH << 16);
482
481
}
···
502
497
503
498
if (ret && !ip_set_eexist(ret, flags))
504
499
return ret;
505
-
else
506
-
ret = 0;
500
+
501
+
ret = 0;
507
502
}
508
503
return ret;
509
504
}
+3
-3
net/netfilter/ipset/ip_set_hash_mac.c
+3
-3
net/netfilter/ipset/ip_set_hash_mac.c
···
89
89
return 0;
90
90
91
91
if (skb_mac_header(skb) < skb->head ||
92
-
(skb_mac_header(skb) + ETH_HLEN) > skb->data)
92
+
(skb_mac_header(skb) + ETH_HLEN) > skb->data)
93
93
return -EINVAL;
94
94
95
-
memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN);
95
+
ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
96
96
if (memcmp(e.ether, invalid_ether, ETH_ALEN) == 0)
97
97
return -EINVAL;
98
98
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
···
116
116
ret = ip_set_get_extensions(set, tb, &ext);
117
117
if (ret)
118
118
return ret;
119
-
memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
119
+
ether_addr_copy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]));
120
120
if (memcmp(e.ether, invalid_ether, ETH_ALEN) == 0)
121
121
return -IPSET_ERR_HASH_ELEM;
122
122
+5
-3
net/netfilter/ipset/ip_set_hash_net.c
+5
-3
net/netfilter/ipset/ip_set_hash_net.c
···
169
169
170
170
if (tb[IPSET_ATTR_CADT_FLAGS]) {
171
171
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
172
+
172
173
if (cadt_flags & IPSET_FLAG_NOMATCH)
173
174
flags |= (IPSET_FLAG_NOMATCH << 16);
174
175
}
···
177
176
if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
178
177
e.ip = htonl(ip & ip_set_hostmask(e.cidr));
179
178
ret = adtfn(set, &e, &ext, &ext, flags);
180
-
return ip_set_enomatch(ret, flags, adt, set) ? -ret:
179
+
return ip_set_enomatch(ret, flags, adt, set) ? -ret :
181
180
ip_set_eexist(ret, flags) ? 0 : ret;
182
181
}
183
182
···
199
198
ret = adtfn(set, &e, &ext, &ext, flags);
200
199
if (ret && !ip_set_eexist(ret, flags))
201
200
return ret;
202
-
else
203
-
ret = 0;
201
+
202
+
ret = 0;
204
203
ip = last + 1;
205
204
}
206
205
return ret;
···
340
339
341
340
if (tb[IPSET_ATTR_CADT_FLAGS]) {
342
341
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
342
+
343
343
if (cadt_flags & IPSET_FLAG_NOMATCH)
344
344
flags |= (IPSET_FLAG_NOMATCH << 16);
345
345
}
+15
-10
net/netfilter/ipset/ip_set_hash_netiface.c
+15
-10
net/netfilter/ipset/ip_set_hash_netiface.c
···
143
143
return dev ? dev->name : NULL;
144
144
}
145
145
146
-
static const char *get_phyoutdev_name(const struct sk_buff *skb)
146
+
static const char *get_physoutdev_name(const struct sk_buff *skb)
147
147
{
148
148
struct net_device *dev = nf_bridge_get_physoutdev(skb);
149
149
···
178
178
if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
179
179
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
180
180
const char *eiface = SRCDIR ? get_physindev_name(skb) :
181
-
get_phyoutdev_name(skb);
181
+
get_physoutdev_name(skb);
182
182
183
183
if (!eiface)
184
184
return -EINVAL;
185
185
STRLCPY(e.iface, eiface);
186
186
e.physdev = 1;
187
187
#endif
188
-
} else
188
+
} else {
189
189
STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out));
190
+
}
190
191
191
192
if (strlen(e.iface) == 0)
192
193
return -EINVAL;
···
230
229
231
230
if (tb[IPSET_ATTR_CADT_FLAGS]) {
232
231
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
232
+
233
233
if (cadt_flags & IPSET_FLAG_PHYSDEV)
234
234
e.physdev = 1;
235
235
if (cadt_flags & IPSET_FLAG_NOMATCH)
···
251
249
swap(ip, ip_to);
252
250
if (ip + UINT_MAX == ip_to)
253
251
return -IPSET_ERR_HASH_RANGE;
254
-
} else
252
+
} else {
255
253
ip_set_mask_from_to(ip, ip_to, e.cidr);
254
+
}
256
255
257
256
if (retried)
258
257
ip = ntohl(h->next.ip);
···
264
261
265
262
if (ret && !ip_set_eexist(ret, flags))
266
263
return ret;
267
-
else
268
-
ret = 0;
264
+
265
+
ret = 0;
269
266
ip = last + 1;
270
267
}
271
268
return ret;
···
388
385
if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
389
386
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
390
387
const char *eiface = SRCDIR ? get_physindev_name(skb) :
391
-
get_phyoutdev_name(skb);
388
+
get_physoutdev_name(skb);
389
+
392
390
if (!eiface)
393
391
return -EINVAL;
394
-
395
392
STRLCPY(e.iface, eiface);
396
393
e.physdev = 1;
397
394
#endif
398
-
} else
395
+
} else {
399
396
STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out));
397
+
}
400
398
401
399
if (strlen(e.iface) == 0)
402
400
return -EINVAL;
···
407
403
408
404
static int
409
405
hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
410
-
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
406
+
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
411
407
{
412
408
ipset_adtfn adtfn = set->variant->adt[adt];
413
409
struct hash_netiface6_elem e = { .cidr = HOST_MASK, .elem = 1 };
···
444
440
445
441
if (tb[IPSET_ATTR_CADT_FLAGS]) {
446
442
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
443
+
447
444
if (cadt_flags & IPSET_FLAG_PHYSDEV)
448
445
e.physdev = 1;
449
446
if (cadt_flags & IPSET_FLAG_NOMATCH)
+25
-21
net/netfilter/ipset/ip_set_hash_netnet.c
+25
-21
net/netfilter/ipset/ip_set_hash_netnet.c
···
57
57
58
58
static inline bool
59
59
hash_netnet4_data_equal(const struct hash_netnet4_elem *ip1,
60
-
const struct hash_netnet4_elem *ip2,
61
-
u32 *multi)
60
+
const struct hash_netnet4_elem *ip2,
61
+
u32 *multi)
62
62
{
63
63
return ip1->ipcmp == ip2->ipcmp &&
64
64
ip1->ccmp == ip2->ccmp;
···
84
84
85
85
static inline void
86
86
hash_netnet4_data_reset_elem(struct hash_netnet4_elem *elem,
87
-
struct hash_netnet4_elem *orig)
87
+
struct hash_netnet4_elem *orig)
88
88
{
89
89
elem->ip[1] = orig->ip[1];
90
90
}
···
103
103
104
104
static bool
105
105
hash_netnet4_data_list(struct sk_buff *skb,
106
-
const struct hash_netnet4_elem *data)
106
+
const struct hash_netnet4_elem *data)
107
107
{
108
108
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
109
109
···
122
122
123
123
static inline void
124
124
hash_netnet4_data_next(struct hash_netnet4_elem *next,
125
-
const struct hash_netnet4_elem *d)
125
+
const struct hash_netnet4_elem *d)
126
126
{
127
127
next->ipcmp = d->ipcmp;
128
128
}
···
133
133
134
134
static int
135
135
hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
136
-
const struct xt_action_param *par,
137
-
enum ipset_adt adt, struct ip_set_adt_opt *opt)
136
+
const struct xt_action_param *par,
137
+
enum ipset_adt adt, struct ip_set_adt_opt *opt)
138
138
{
139
139
const struct hash_netnet *h = set->data;
140
140
ipset_adtfn adtfn = set->variant->adt[adt];
···
156
156
157
157
static int
158
158
hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
159
-
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
159
+
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
160
160
{
161
161
const struct hash_netnet *h = set->data;
162
162
ipset_adtfn adtfn = set->variant->adt[adt];
···
199
199
200
200
if (tb[IPSET_ATTR_CADT_FLAGS]) {
201
201
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
202
+
202
203
if (cadt_flags & IPSET_FLAG_NOMATCH)
203
204
flags |= (IPSET_FLAG_NOMATCH << 16);
204
205
}
···
222
221
swap(ip, ip_to);
223
222
if (unlikely(ip + UINT_MAX == ip_to))
224
223
return -IPSET_ERR_HASH_RANGE;
225
-
} else
224
+
} else {
226
225
ip_set_mask_from_to(ip, ip_to, e.cidr[0]);
226
+
}
227
227
228
228
ip2_to = ip2_from;
229
229
if (tb[IPSET_ATTR_IP2_TO]) {
···
235
233
swap(ip2_from, ip2_to);
236
234
if (unlikely(ip2_from + UINT_MAX == ip2_to))
237
235
return -IPSET_ERR_HASH_RANGE;
238
-
} else
236
+
} else {
239
237
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]);
238
+
}
240
239
241
240
if (retried)
242
241
ip = ntohl(h->next.ip[0]);
···
254
251
ret = adtfn(set, &e, &ext, &ext, flags);
255
252
if (ret && !ip_set_eexist(ret, flags))
256
253
return ret;
257
-
else
258
-
ret = 0;
254
+
255
+
ret = 0;
259
256
ip2 = last2 + 1;
260
257
}
261
258
ip = last + 1;
···
279
276
280
277
static inline bool
281
278
hash_netnet6_data_equal(const struct hash_netnet6_elem *ip1,
282
-
const struct hash_netnet6_elem *ip2,
283
-
u32 *multi)
279
+
const struct hash_netnet6_elem *ip2,
280
+
u32 *multi)
284
281
{
285
282
return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) &&
286
283
ipv6_addr_equal(&ip1->ip[1].in6, &ip2->ip[1].in6) &&
···
307
304
308
305
static inline void
309
306
hash_netnet6_data_reset_elem(struct hash_netnet6_elem *elem,
310
-
struct hash_netnet6_elem *orig)
307
+
struct hash_netnet6_elem *orig)
311
308
{
312
309
elem->ip[1] = orig->ip[1];
313
310
}
···
326
323
327
324
static bool
328
325
hash_netnet6_data_list(struct sk_buff *skb,
329
-
const struct hash_netnet6_elem *data)
326
+
const struct hash_netnet6_elem *data)
330
327
{
331
328
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
332
329
···
345
342
346
343
static inline void
347
344
hash_netnet6_data_next(struct hash_netnet4_elem *next,
348
-
const struct hash_netnet6_elem *d)
345
+
const struct hash_netnet6_elem *d)
349
346
{
350
347
}
351
348
···
359
356
360
357
static int
361
358
hash_netnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
362
-
const struct xt_action_param *par,
363
-
enum ipset_adt adt, struct ip_set_adt_opt *opt)
359
+
const struct xt_action_param *par,
360
+
enum ipset_adt adt, struct ip_set_adt_opt *opt)
364
361
{
365
362
const struct hash_netnet *h = set->data;
366
363
ipset_adtfn adtfn = set->variant->adt[adt];
···
370
367
e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK);
371
368
e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK);
372
369
if (adt == IPSET_TEST)
373
-
e.ccmp = (HOST_MASK << (sizeof(u8)*8)) | HOST_MASK;
370
+
e.ccmp = (HOST_MASK << (sizeof(u8) * 8)) | HOST_MASK;
374
371
375
372
ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6);
376
373
ip6addrptr(skb, opt->flags & IPSET_DIM_TWO_SRC, &e.ip[1].in6);
···
382
379
383
380
static int
384
381
hash_netnet6_uadt(struct ip_set *set, struct nlattr *tb[],
385
-
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
382
+
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
386
383
{
387
384
ipset_adtfn adtfn = set->variant->adt[adt];
388
385
struct hash_netnet6_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
···
427
424
428
425
if (tb[IPSET_ATTR_CADT_FLAGS]) {
429
426
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
427
+
430
428
if (cadt_flags & IPSET_FLAG_NOMATCH)
431
429
flags |= (IPSET_FLAG_NOMATCH << 16);
432
430
}
+12
-7
net/netfilter/ipset/ip_set_hash_netport.c
+12
-7
net/netfilter/ipset/ip_set_hash_netport.c
···
198
198
199
199
if (e.proto == 0)
200
200
return -IPSET_ERR_INVALID_PROTO;
201
-
} else
201
+
} else {
202
202
return -IPSET_ERR_MISSING_PROTO;
203
+
}
203
204
204
205
if (!(with_ports || e.proto == IPPROTO_ICMP))
205
206
e.port = 0;
···
209
208
210
209
if (tb[IPSET_ATTR_CADT_FLAGS]) {
211
210
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
211
+
212
212
if (cadt_flags & IPSET_FLAG_NOMATCH)
213
213
flags |= (IPSET_FLAG_NOMATCH << 16);
214
214
}
···
235
233
swap(ip, ip_to);
236
234
if (ip + UINT_MAX == ip_to)
237
235
return -IPSET_ERR_HASH_RANGE;
238
-
} else
236
+
} else {
239
237
ip_set_mask_from_to(ip, ip_to, e.cidr + 1);
238
+
}
240
239
241
240
if (retried)
242
241
ip = ntohl(h->next.ip);
···
253
250
254
251
if (ret && !ip_set_eexist(ret, flags))
255
252
return ret;
256
-
else
257
-
ret = 0;
253
+
254
+
ret = 0;
258
255
}
259
256
ip = last + 1;
260
257
}
···
416
413
417
414
if (e.proto == 0)
418
415
return -IPSET_ERR_INVALID_PROTO;
419
-
} else
416
+
} else {
420
417
return -IPSET_ERR_MISSING_PROTO;
418
+
}
421
419
422
420
if (!(with_ports || e.proto == IPPROTO_ICMPV6))
423
421
e.port = 0;
424
422
425
423
if (tb[IPSET_ATTR_CADT_FLAGS]) {
426
424
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
425
+
427
426
if (cadt_flags & IPSET_FLAG_NOMATCH)
428
427
flags |= (IPSET_FLAG_NOMATCH << 16);
429
428
}
···
449
444
450
445
if (ret && !ip_set_eexist(ret, flags))
451
446
return ret;
452
-
else
453
-
ret = 0;
447
+
448
+
ret = 0;
454
449
}
455
450
return ret;
456
451
}
+30
-24
net/netfilter/ipset/ip_set_hash_netportnet.c
+30
-24
net/netfilter/ipset/ip_set_hash_netportnet.c
···
62
62
63
63
static inline bool
64
64
hash_netportnet4_data_equal(const struct hash_netportnet4_elem *ip1,
65
-
const struct hash_netportnet4_elem *ip2,
66
-
u32 *multi)
65
+
const struct hash_netportnet4_elem *ip2,
66
+
u32 *multi)
67
67
{
68
68
return ip1->ipcmp == ip2->ipcmp &&
69
69
ip1->ccmp == ip2->ccmp &&
···
91
91
92
92
static inline void
93
93
hash_netportnet4_data_reset_elem(struct hash_netportnet4_elem *elem,
94
-
struct hash_netportnet4_elem *orig)
94
+
struct hash_netportnet4_elem *orig)
95
95
{
96
96
elem->ip[1] = orig->ip[1];
97
97
}
···
111
111
112
112
static bool
113
113
hash_netportnet4_data_list(struct sk_buff *skb,
114
-
const struct hash_netportnet4_elem *data)
114
+
const struct hash_netportnet4_elem *data)
115
115
{
116
116
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
117
117
···
132
132
133
133
static inline void
134
134
hash_netportnet4_data_next(struct hash_netportnet4_elem *next,
135
-
const struct hash_netportnet4_elem *d)
135
+
const struct hash_netportnet4_elem *d)
136
136
{
137
137
next->ipcmp = d->ipcmp;
138
138
next->port = d->port;
···
144
144
145
145
static int
146
146
hash_netportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
147
-
const struct xt_action_param *par,
148
-
enum ipset_adt adt, struct ip_set_adt_opt *opt)
147
+
const struct xt_action_param *par,
148
+
enum ipset_adt adt, struct ip_set_adt_opt *opt)
149
149
{
150
150
const struct hash_netportnet *h = set->data;
151
151
ipset_adtfn adtfn = set->variant->adt[adt];
···
171
171
172
172
static int
173
173
hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
174
-
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
174
+
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
175
175
{
176
176
const struct hash_netportnet *h = set->data;
177
177
ipset_adtfn adtfn = set->variant->adt[adt];
···
223
223
224
224
if (e.proto == 0)
225
225
return -IPSET_ERR_INVALID_PROTO;
226
-
} else
226
+
} else {
227
227
return -IPSET_ERR_MISSING_PROTO;
228
+
}
228
229
229
230
if (!(with_ports || e.proto == IPPROTO_ICMP))
230
231
e.port = 0;
231
232
232
233
if (tb[IPSET_ATTR_CADT_FLAGS]) {
233
234
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
235
+
234
236
if (cadt_flags & IPSET_FLAG_NOMATCH)
235
237
flags |= (IPSET_FLAG_NOMATCH << 16);
236
238
}
···
256
254
swap(ip, ip_to);
257
255
if (unlikely(ip + UINT_MAX == ip_to))
258
256
return -IPSET_ERR_HASH_RANGE;
259
-
} else
257
+
} else {
260
258
ip_set_mask_from_to(ip, ip_to, e.cidr[0]);
259
+
}
261
260
262
261
port_to = port = ntohs(e.port);
263
262
if (tb[IPSET_ATTR_PORT_TO]) {
···
276
273
swap(ip2_from, ip2_to);
277
274
if (unlikely(ip2_from + UINT_MAX == ip2_to))
278
275
return -IPSET_ERR_HASH_RANGE;
279
-
} else
276
+
} else {
280
277
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]);
278
+
}
281
279
282
280
if (retried)
283
281
ip = ntohl(h->next.ip[0]);
···
300
296
ret = adtfn(set, &e, &ext, &ext, flags);
301
297
if (ret && !ip_set_eexist(ret, flags))
302
298
return ret;
303
-
else
304
-
ret = 0;
299
+
300
+
ret = 0;
305
301
ip2 = ip2_last + 1;
306
302
}
307
303
}
···
328
324
329
325
static inline bool
330
326
hash_netportnet6_data_equal(const struct hash_netportnet6_elem *ip1,
331
-
const struct hash_netportnet6_elem *ip2,
332
-
u32 *multi)
327
+
const struct hash_netportnet6_elem *ip2,
328
+
u32 *multi)
333
329
{
334
330
return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) &&
335
331
ipv6_addr_equal(&ip1->ip[1].in6, &ip2->ip[1].in6) &&
···
358
354
359
355
static inline void
360
356
hash_netportnet6_data_reset_elem(struct hash_netportnet6_elem *elem,
361
-
struct hash_netportnet6_elem *orig)
357
+
struct hash_netportnet6_elem *orig)
362
358
{
363
359
elem->ip[1] = orig->ip[1];
364
360
}
···
378
374
379
375
static bool
380
376
hash_netportnet6_data_list(struct sk_buff *skb,
381
-
const struct hash_netportnet6_elem *data)
377
+
const struct hash_netportnet6_elem *data)
382
378
{
383
379
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
384
380
···
399
395
400
396
static inline void
401
397
hash_netportnet6_data_next(struct hash_netportnet4_elem *next,
402
-
const struct hash_netportnet6_elem *d)
398
+
const struct hash_netportnet6_elem *d)
403
399
{
404
400
next->port = d->port;
405
401
}
···
414
410
415
411
static int
416
412
hash_netportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
417
-
const struct xt_action_param *par,
418
-
enum ipset_adt adt, struct ip_set_adt_opt *opt)
413
+
const struct xt_action_param *par,
414
+
enum ipset_adt adt, struct ip_set_adt_opt *opt)
419
415
{
420
416
const struct hash_netportnet *h = set->data;
421
417
ipset_adtfn adtfn = set->variant->adt[adt];
···
441
437
442
438
static int
443
439
hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
444
-
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
440
+
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
445
441
{
446
442
const struct hash_netportnet *h = set->data;
447
443
ipset_adtfn adtfn = set->variant->adt[adt];
···
497
493
498
494
if (e.proto == 0)
499
495
return -IPSET_ERR_INVALID_PROTO;
500
-
} else
496
+
} else {
501
497
return -IPSET_ERR_MISSING_PROTO;
498
+
}
502
499
503
500
if (!(with_ports || e.proto == IPPROTO_ICMPV6))
504
501
e.port = 0;
505
502
506
503
if (tb[IPSET_ATTR_CADT_FLAGS]) {
507
504
u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
505
+
508
506
if (cadt_flags & IPSET_FLAG_NOMATCH)
509
507
flags |= (IPSET_FLAG_NOMATCH << 16);
510
508
}
···
530
524
531
525
if (ret && !ip_set_eexist(ret, flags))
532
526
return ret;
533
-
else
534
-
ret = 0;
527
+
528
+
ret = 0;
535
529
}
536
530
return ret;
537
531
}
+6
-5
net/netfilter/ipset/ip_set_list_set.c
+6
-5
net/netfilter/ipset/ip_set_list_set.c
···
206
206
continue;
207
207
}
208
208
209
-
if (d->before == 0)
209
+
if (d->before == 0) {
210
210
ret = 1;
211
-
else if (d->before > 0) {
211
+
} else if (d->before > 0) {
212
212
next = list_next_entry(e, list);
213
213
ret = !list_is_last(&e->list, &map->members) &&
214
214
next->id == d->refid;
215
-
} else
215
+
} else {
216
216
ret = prev && prev->id == d->refid;
217
+
}
217
218
return ret;
218
219
}
219
220
return 0;
···
559
558
static void
560
559
list_set_gc(unsigned long ul_set)
561
560
{
562
-
struct ip_set *set = (struct ip_set *) ul_set;
561
+
struct ip_set *set = (struct ip_set *)ul_set;
563
562
struct list_set *map = set->data;
564
563
565
564
spin_lock_bh(&set->lock);
···
576
575
struct list_set *map = set->data;
577
576
578
577
init_timer(&map->gc);
579
-
map->gc.data = (unsigned long) set;
578
+
map->gc.data = (unsigned long)set;
580
579
map->gc.function = gc;
581
580
map->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ;
582
581
add_timer(&map->gc);
+6
-10
net/netfilter/ipset/pfxlen.c
+6
-10
net/netfilter/ipset/pfxlen.c
···
1
1
#include <linux/export.h>
2
2
#include <linux/netfilter/ipset/pfxlen.h>
3
3
4
-
/*
5
-
* Prefixlen maps for fast conversions, by Jan Engelhardt.
6
-
*/
4
+
/* Prefixlen maps for fast conversions, by Jan Engelhardt. */
7
5
8
6
#define E(a, b, c, d) \
9
7
{.ip6 = { \
···
9
11
htonl(c), htonl(d), \
10
12
} }
11
13
12
-
/*
13
-
* This table works for both IPv4 and IPv6;
14
+
/* This table works for both IPv4 and IPv6;
14
15
* just use prefixlen_netmask_map[prefixlength].ip.
15
16
*/
16
17
const union nf_inet_addr ip_set_netmask_map[] = {
···
146
149
EXPORT_SYMBOL_GPL(ip_set_netmask_map);
147
150
148
151
#undef E
149
-
#define E(a, b, c, d) \
150
-
{.ip6 = { (__force __be32) a, (__force __be32) b, \
151
-
(__force __be32) c, (__force __be32) d, \
152
+
#define E(a, b, c, d) \
153
+
{.ip6 = { (__force __be32)a, (__force __be32)b, \
154
+
(__force __be32)c, (__force __be32)d, \
152
155
} }
153
156
154
-
/*
155
-
* This table works for both IPv4 and IPv6;
157
+
/* This table works for both IPv4 and IPv6;
156
158
* just use prefixlen_hostmask_map[prefixlength].ip.
157
159
*/
158
160
const union nf_inet_addr ip_set_hostmask_map[] = {
+24
-20
net/netfilter/xt_set.c
+24
-20
net/netfilter/xt_set.c
···
9
9
*/
10
10
11
11
/* Kernel module which implements the set match and SET target
12
-
* for netfilter/iptables. */
12
+
* for netfilter/iptables.
13
+
*/
13
14
14
15
#include <linux/module.h>
15
16
#include <linux/skbuff.h>
···
54
53
set_match_v0(const struct sk_buff *skb, struct xt_action_param *par)
55
54
{
56
55
const struct xt_set_info_match_v0 *info = par->matchinfo;
56
+
57
57
ADT_OPT(opt, par->family, info->match_set.u.compat.dim,
58
58
info->match_set.u.compat.flags, 0, UINT_MAX);
59
59
···
71
69
info->u.compat.dim = IPSET_DIM_ZERO;
72
70
if (info->u.flags[0] & IPSET_MATCH_INV)
73
71
info->u.compat.flags |= IPSET_INV_MATCH;
74
-
for (i = 0; i < IPSET_DIM_MAX-1 && info->u.flags[i]; i++) {
72
+
for (i = 0; i < IPSET_DIM_MAX - 1 && info->u.flags[i]; i++) {
75
73
info->u.compat.dim++;
76
74
if (info->u.flags[i] & IPSET_SRC)
77
-
info->u.compat.flags |= (1<<info->u.compat.dim);
75
+
info->u.compat.flags |= (1 << info->u.compat.dim);
78
76
}
79
77
}
80
78
···
91
89
info->match_set.index);
92
90
return -ENOENT;
93
91
}
94
-
if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
92
+
if (info->match_set.u.flags[IPSET_DIM_MAX - 1] != 0) {
95
93
pr_warn("Protocol error: set match dimension is over the limit!\n");
96
94
ip_set_nfnl_put(par->net, info->match_set.index);
97
95
return -ERANGE;
···
117
115
set_match_v1(const struct sk_buff *skb, struct xt_action_param *par)
118
116
{
119
117
const struct xt_set_info_match_v1 *info = par->matchinfo;
118
+
120
119
ADT_OPT(opt, par->family, info->match_set.dim,
121
120
info->match_set.flags, 0, UINT_MAX);
122
121
···
182
179
set_match_v3(const struct sk_buff *skb, struct xt_action_param *par)
183
180
{
184
181
const struct xt_set_info_match_v3 *info = par->matchinfo;
182
+
int ret;
183
+
185
184
ADT_OPT(opt, par->family, info->match_set.dim,
186
185
info->match_set.flags, info->flags, UINT_MAX);
187
-
int ret;
188
186
189
187
if (info->packets.op != IPSET_COUNTER_NONE ||
190
188
info->bytes.op != IPSET_COUNTER_NONE)
···
229
225
set_match_v4(const struct sk_buff *skb, struct xt_action_param *par)
230
226
{
231
227
const struct xt_set_info_match_v4 *info = par->matchinfo;
228
+
int ret;
229
+
232
230
ADT_OPT(opt, par->family, info->match_set.dim,
233
231
info->match_set.flags, info->flags, UINT_MAX);
234
-
int ret;
235
232
236
233
if (info->packets.op != IPSET_COUNTER_NONE ||
237
234
info->bytes.op != IPSET_COUNTER_NONE)
···
258
253
set_target_v0(struct sk_buff *skb, const struct xt_action_param *par)
259
254
{
260
255
const struct xt_set_info_target_v0 *info = par->targinfo;
256
+
261
257
ADT_OPT(add_opt, par->family, info->add_set.u.compat.dim,
262
258
info->add_set.u.compat.flags, 0, UINT_MAX);
263
259
ADT_OPT(del_opt, par->family, info->del_set.u.compat.dim,
···
297
291
return -ENOENT;
298
292
}
299
293
}
300
-
if (info->add_set.u.flags[IPSET_DIM_MAX-1] != 0 ||
301
-
info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) {
294
+
if (info->add_set.u.flags[IPSET_DIM_MAX - 1] != 0 ||
295
+
info->del_set.u.flags[IPSET_DIM_MAX - 1] != 0) {
302
296
pr_warn("Protocol error: SET target dimension is over the limit!\n");
303
297
if (info->add_set.index != IPSET_INVALID_ID)
304
298
ip_set_nfnl_put(par->net, info->add_set.index);
···
331
325
set_target_v1(struct sk_buff *skb, const struct xt_action_param *par)
332
326
{
333
327
const struct xt_set_info_target_v1 *info = par->targinfo;
328
+
334
329
ADT_OPT(add_opt, par->family, info->add_set.dim,
335
330
info->add_set.flags, 0, UINT_MAX);
336
331
ADT_OPT(del_opt, par->family, info->del_set.dim,
···
400
393
set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
401
394
{
402
395
const struct xt_set_info_target_v2 *info = par->targinfo;
396
+
403
397
ADT_OPT(add_opt, par->family, info->add_set.dim,
404
398
info->add_set.flags, info->flags, info->timeout);
405
399
ADT_OPT(del_opt, par->family, info->del_set.dim,
···
408
400
409
401
/* Normalize to fit into jiffies */
410
402
if (add_opt.ext.timeout != IPSET_NO_TIMEOUT &&
411
-
add_opt.ext.timeout > UINT_MAX/MSEC_PER_SEC)
412
-
add_opt.ext.timeout = UINT_MAX/MSEC_PER_SEC;
403
+
add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC)
404
+
add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC;
413
405
if (info->add_set.index != IPSET_INVALID_ID)
414
406
ip_set_add(info->add_set.index, skb, par, &add_opt);
415
407
if (info->del_set.index != IPSET_INVALID_ID)
···
427
419
set_target_v3(struct sk_buff *skb, const struct xt_action_param *par)
428
420
{
429
421
const struct xt_set_info_target_v3 *info = par->targinfo;
422
+
int ret;
423
+
430
424
ADT_OPT(add_opt, par->family, info->add_set.dim,
431
425
info->add_set.flags, info->flags, info->timeout);
432
426
ADT_OPT(del_opt, par->family, info->del_set.dim,
···
436
426
ADT_OPT(map_opt, par->family, info->map_set.dim,
437
427
info->map_set.flags, 0, UINT_MAX);
438
428
439
-
int ret;
440
-
441
429
/* Normalize to fit into jiffies */
442
430
if (add_opt.ext.timeout != IPSET_NO_TIMEOUT &&
443
-
add_opt.ext.timeout > UINT_MAX/MSEC_PER_SEC)
444
-
add_opt.ext.timeout = UINT_MAX/MSEC_PER_SEC;
431
+
add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC)
432
+
add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC;
445
433
if (info->add_set.index != IPSET_INVALID_ID)
446
434
ip_set_add(info->add_set.index, skb, par, &add_opt);
447
435
if (info->del_set.index != IPSET_INVALID_ID)
···
464
456
}
465
457
return XT_CONTINUE;
466
458
}
467
-
468
459
469
460
static int
470
461
set_target_v3_checkentry(const struct xt_tgchk_param *par)
···
504
497
!(par->hook_mask & (1 << NF_INET_FORWARD |
505
498
1 << NF_INET_LOCAL_OUT |
506
499
1 << NF_INET_POST_ROUTING))) {
507
-
pr_warn("mapping of prio or/and queue is allowed only"
508
-
"from OUTPUT/FORWARD/POSTROUTING chains\n");
500
+
pr_warn("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
509
501
return -EINVAL;
510
502
}
511
503
index = ip_set_nfnl_get_byindex(par->net,
···
525
519
if (info->add_set.dim > IPSET_DIM_MAX ||
526
520
info->del_set.dim > IPSET_DIM_MAX ||
527
521
info->map_set.dim > IPSET_DIM_MAX) {
528
-
pr_warn("Protocol error: SET target dimension "
529
-
"is over the limit!\n");
522
+
pr_warn("Protocol error: SET target dimension is over the limit!\n");
530
523
if (info->add_set.index != IPSET_INVALID_ID)
531
524
ip_set_nfnl_put(par->net, info->add_set.index);
532
525
if (info->del_set.index != IPSET_INVALID_ID)
···
550
545
if (info->map_set.index != IPSET_INVALID_ID)
551
546
ip_set_nfnl_put(par->net, info->map_set.index);
552
547
}
553
-
554
548
555
549
static struct xt_match set_matches[] __read_mostly = {
556
550
{