From: Dash Four <mr.dash.four@googlemail.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Netfilter Core Team <netfilter-devel@vger.kernel.org>
Subject: [PATCH v4 1/2] ipset (kernel): add set match "inner" flag support
Date: Fri, 05 Jul 2013 23:23:57 +0100 [thread overview]
Message-ID: <51D7477D.5090506@googlemail.com> (raw)
In-Reply-To: <cover.1373061728.git.mr.dash.four@googlemail.com>
This patch implements "inner" flag support to all registered ipset types.
Revision history:
v1 * initial revision
v2 * redundant code removed;
* use the new ipv[46]addr[ptr] and ip_set_get*port functions;
v3 * revert to the old ip[46]addrptr and ip_set_get_ip[46]_port
function names;
v4 * add inner flag version support on all ipsets;
Signed-off-by: Dash Four <mr.dash.four@googlemail.com>
---
kernel/net/netfilter/ipset/ip_set_bitmap_ip.c | 10 ++++++--
kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | 10 ++++++--
kernel/net/netfilter/ipset/ip_set_bitmap_port.c | 4 ++-
kernel/net/netfilter/ipset/ip_set_hash_ip.c | 13 +++++++---
kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 19 ++++++++------
kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 25 ++++++++++++-------
kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 29 ++++++++++++++--------
kernel/net/netfilter/ipset/ip_set_hash_net.c | 13 +++++++---
kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 13 +++++++---
kernel/net/netfilter/ipset/ip_set_hash_netport.c | 24 ++++++++++--------
10 files changed, 107 insertions(+), 53 deletions(-)
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
index ce99d26..0c1b808 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -26,7 +26,8 @@
#include <linux/netfilter/ipset/ip_set_bitmap.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counter support added */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -115,8 +116,13 @@ bitmap_ip_kadt(struct ip_set *set, const struct sk_buff *skb,
struct bitmap_ip_adt_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, map);
u32 ip;
+ __be32 _ip;
- ip = ntohl(ip4addr(skb, opt->flags & IPSET_DIM_ONE_SRC));
+ if (!ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &_ip))
+ return -EINVAL;
+
+ ip = ntohl(_ip);
if (ip < map->first_ip || ip > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 6d5bad9..68ee7dd 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -26,7 +26,8 @@
#include <linux/netfilter/ipset/ip_set_bitmap.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counter support added */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -218,12 +219,17 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
struct bitmap_ipmac_adt_elem e = {};
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, map);
u32 ip;
+ __be32 _ip;
/* MAC can be src only */
if (!(opt->flags & IPSET_DIM_TWO_SRC))
return 0;
- ip = ntohl(ip4addr(skb, opt->flags & IPSET_DIM_ONE_SRC));
+ if (!ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &_ip))
+ return -EINVAL;
+
+ ip = ntohl(_ip);
if (ip < map->first_ip || ip > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
index b220489..ec1f6eb 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -21,7 +21,8 @@
#include <linux/netfilter/ipset/ip_set_getport.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counter support added */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -111,6 +112,7 @@ bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb,
u16 port = 0;
if (!ip_set_get_ip_port(skb, opt->family,
+ opt->cmdflags & IPSET_FLAG_INNER,
opt->flags & IPSET_DIM_ONE_SRC, &__port))
return -EINVAL;
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
index 260c9a8..84eacf6 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
@@ -24,7 +24,8 @@
#include <linux/netfilter/ipset/ip_set_hash.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counters support */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -102,7 +103,10 @@ hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb,
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
__be32 ip;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &ip);
+ if (!ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &ip))
+ return -EINVAL;
+
ip &= ip_set_netmask(h->netmask);
if (ip == 0)
return -EINVAL;
@@ -255,7 +259,10 @@ hash_ip6_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_ip6_elem e = {};
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
+ if (!ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6))
+ return -EINVAL;
+
hash_ip6_netmask(&e.ip, h->netmask);
if (ipv6_addr_any(&e.ip.in6))
return -EINVAL;
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
index 64caad3..f5fe62a 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -26,7 +26,8 @@
#define IPSET_TYPE_REV_MIN 0
/* 1 SCTP and UDPLITE support added */
-#define IPSET_TYPE_REV_MAX 2 /* Counters support added */
+/* 2 Counter support added */
+#define IPSET_TYPE_REV_MAX 3 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -121,11 +122,13 @@ hash_ipport4_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_ipport4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
- if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip4_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip))
return -EINVAL;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
@@ -311,11 +314,13 @@ hash_ipport6_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_ipport6_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
- if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip6_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6))
return -EINVAL;
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
index 2873bbc..250376e 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -26,7 +26,8 @@
#define IPSET_TYPE_REV_MIN 0
/* 1 SCTP and UDPLITE support added */
-#define IPSET_TYPE_REV_MAX 2 /* Counters support added */
+/* 2 Counter support added */
+#define IPSET_TYPE_REV_MAX 3 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -125,12 +126,15 @@ hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_ipportip4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
- if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip4_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip) ||
+ !ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_THREE_SRC, &e.ip2))
return -EINVAL;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
- ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
@@ -324,12 +328,15 @@ hash_ipportip6_kadt(struct ip_set *set, const struct sk_buff *skb,
struct hash_ipportip6_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
- if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip6_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6) ||
+ !ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6))
return -EINVAL;
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
- ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
index db0e761..43c4ca8 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -25,10 +25,11 @@
#include <linux/netfilter/ipset/ip_set_hash.h>
#define IPSET_TYPE_REV_MIN 0
-/* 1 SCTP and UDPLITE support added */
+/* 1 SCTP and UDPLITE support added */
/* 2 Range as input support for IPv4 added */
-/* 3 nomatch flag support added */
-#define IPSET_TYPE_REV_MAX 4 /* Counters support added */
+/* 3 nomatch flag support added */
+/* 4 Counter support added */
+#define IPSET_TYPE_REV_MAX 5 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -177,12 +178,15 @@ hash_ipportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
if (adt == IPSET_TEST)
e.cidr = HOST_MASK - 1;
- if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip4_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip) ||
+ !ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_THREE_SRC, &e.ip2))
return -EINVAL;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
- ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2);
e.ip2 &= ip_set_netmask(e.cidr + 1);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
@@ -461,12 +465,15 @@ hash_ipportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
if (adt == IPSET_TEST)
e.cidr = HOST_MASK - 1;
- if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip6_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6) ||
+ !ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6))
return -EINVAL;
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
- ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6);
ip6_netmask(&e.ip2, e.cidr + 1);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c
index 846ec80..82a0c76 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c
@@ -24,8 +24,9 @@
#define IPSET_TYPE_REV_MIN 0
/* 1 Range as input support for IPv4 added */
-/* 2 nomatch flag support added */
-#define IPSET_TYPE_REV_MAX 3 /* Counters support added */
+/* 2 nomatch flag support added */
+/* 3 Counter support added */
+#define IPSET_TYPE_REV_MAX 4 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -151,8 +152,10 @@ hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb,
return -EINVAL;
if (adt == IPSET_TEST)
e.cidr = HOST_MASK;
+ if (!ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip))
+ return -EINVAL;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
e.ip &= ip_set_netmask(e.cidr);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
@@ -346,8 +349,10 @@ hash_net6_kadt(struct ip_set *set, const struct sk_buff *skb,
return -EINVAL;
if (adt == IPSET_TEST)
e.cidr = HOST_MASK;
+ if (!ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6))
+ return -EINVAL;
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
ip6_netmask(&e.ip, e.cidr);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
index 8f0e496..a8c1103 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -25,8 +25,9 @@
#define IPSET_TYPE_REV_MIN 0
/* 1 nomatch flag support added */
-/* 2 /0 support added */
-#define IPSET_TYPE_REV_MAX 3 /* Counters support added */
+/* 2 /0 support added */
+/* 3 Counter support added */
+#define IPSET_TYPE_REV_MAX 4 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -275,8 +276,10 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb,
return -EINVAL;
if (adt == IPSET_TEST)
e.cidr = HOST_MASK;
+ if (!ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip))
+ return -EINVAL;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
e.ip &= ip_set_netmask(e.cidr);
#define IFACE(dir) (par->dir ? par->dir->name : NULL)
@@ -544,8 +547,10 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb,
return -EINVAL;
if (adt == IPSET_TEST)
e.cidr = HOST_MASK;
+ if (!ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6))
+ return -EINVAL;
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
ip6_netmask(&e.ip, e.cidr);
if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
index 021d716..beb3d2f 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
@@ -24,10 +24,11 @@
#include <linux/netfilter/ipset/ip_set_hash.h>
#define IPSET_TYPE_REV_MIN 0
-/* 1 SCTP and UDPLITE support added */
+/* 1 SCTP and UDPLITE support added */
/* 2 Range as input support for IPv4 added */
-/* 3 nomatch flag support added */
-#define IPSET_TYPE_REV_MAX 4 /* Counters support added */
+/* 3 nomatch flag support added */
+/* 4 Counter support added */
+#define IPSET_TYPE_REV_MAX 5 /* Inner flag support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -169,11 +170,13 @@ hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb,
if (adt == IPSET_TEST)
e.cidr = HOST_MASK - 1;
- if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip4_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip4addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip))
return -EINVAL;
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
e.ip &= ip_set_netmask(e.cidr + 1);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
@@ -413,12 +416,13 @@ hash_netport6_kadt(struct ip_set *set, const struct sk_buff *skb,
if (adt == IPSET_TEST)
e.cidr = HOST_MASK - 1;
-
- if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
- &e.port, &e.proto))
+ if (!ip_set_get_ip6_port(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_TWO_SRC, &e.port,
+ &e.proto) ||
+ !ip6addrptr(skb, opt->cmdflags & IPSET_FLAG_INNER,
+ opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6))
return -EINVAL;
- ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
ip6_netmask(&e.ip, e.cidr + 1);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
next parent reply other threads:[~2013-07-05 22:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1373061728.git.mr.dash.four@googlemail.com>
2013-07-05 22:23 ` Dash Four [this message]
2013-07-05 22:24 ` [PATCH v4 2/2] ipset (userspace): add "inner" flag version support Dash Four
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51D7477D.5090506@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.