Merge branch 'master' of git://blackhole.kfki.hu/nf-next
Jozsef Kadlecsik says: ==================== ipset patches for nf-next - Add wildcard support to hash:net,iface which makes possible to match interface prefixes besides complete interfaces names, from Kristian Evensen. ==================== Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
commit
3944a4fd0d
|
@ -205,6 +205,8 @@ enum ipset_cadt_flags {
|
|||
IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD),
|
||||
IPSET_FLAG_BIT_WITH_SKBINFO = 6,
|
||||
IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO),
|
||||
IPSET_FLAG_BIT_IFACE_WILDCARD = 7,
|
||||
IPSET_FLAG_IFACE_WILDCARD = (1 << IPSET_FLAG_BIT_IFACE_WILDCARD),
|
||||
IPSET_FLAG_CADT_MAX = 15,
|
||||
};
|
||||
|
||||
|
|
|
@ -25,7 +25,8 @@
|
|||
/* 3 Counters support added */
|
||||
/* 4 Comments support added */
|
||||
/* 5 Forceadd support added */
|
||||
#define IPSET_TYPE_REV_MAX 6 /* skbinfo support added */
|
||||
/* 6 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 7 /* interface wildcard support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
@ -57,6 +58,7 @@ struct hash_netiface4_elem {
|
|||
u8 cidr;
|
||||
u8 nomatch;
|
||||
u8 elem;
|
||||
u8 wildcard;
|
||||
char iface[IFNAMSIZ];
|
||||
};
|
||||
|
||||
|
@ -71,7 +73,9 @@ hash_netiface4_data_equal(const struct hash_netiface4_elem *ip1,
|
|||
ip1->cidr == ip2->cidr &&
|
||||
(++*multi) &&
|
||||
ip1->physdev == ip2->physdev &&
|
||||
strcmp(ip1->iface, ip2->iface) == 0;
|
||||
(ip1->wildcard ?
|
||||
strncmp(ip1->iface, ip2->iface, strlen(ip1->iface)) == 0 :
|
||||
strcmp(ip1->iface, ip2->iface) == 0);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -103,7 +107,8 @@ static bool
|
|||
hash_netiface4_data_list(struct sk_buff *skb,
|
||||
const struct hash_netiface4_elem *data)
|
||||
{
|
||||
u32 flags = data->physdev ? IPSET_FLAG_PHYSDEV : 0;
|
||||
u32 flags = (data->physdev ? IPSET_FLAG_PHYSDEV : 0) |
|
||||
(data->wildcard ? IPSET_FLAG_IFACE_WILDCARD : 0);
|
||||
|
||||
if (data->nomatch)
|
||||
flags |= IPSET_FLAG_NOMATCH;
|
||||
|
@ -229,6 +234,8 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
|
|||
e.physdev = 1;
|
||||
if (cadt_flags & IPSET_FLAG_NOMATCH)
|
||||
flags |= (IPSET_FLAG_NOMATCH << 16);
|
||||
if (cadt_flags & IPSET_FLAG_IFACE_WILDCARD)
|
||||
e.wildcard = 1;
|
||||
}
|
||||
if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
|
||||
e.ip = htonl(ip & ip_set_hostmask(e.cidr));
|
||||
|
@ -280,6 +287,7 @@ struct hash_netiface6_elem {
|
|||
u8 cidr;
|
||||
u8 nomatch;
|
||||
u8 elem;
|
||||
u8 wildcard;
|
||||
char iface[IFNAMSIZ];
|
||||
};
|
||||
|
||||
|
@ -294,7 +302,9 @@ hash_netiface6_data_equal(const struct hash_netiface6_elem *ip1,
|
|||
ip1->cidr == ip2->cidr &&
|
||||
(++*multi) &&
|
||||
ip1->physdev == ip2->physdev &&
|
||||
strcmp(ip1->iface, ip2->iface) == 0;
|
||||
(ip1->wildcard ?
|
||||
strncmp(ip1->iface, ip2->iface, strlen(ip1->iface)) == 0 :
|
||||
strcmp(ip1->iface, ip2->iface) == 0);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -326,7 +336,8 @@ static bool
|
|||
hash_netiface6_data_list(struct sk_buff *skb,
|
||||
const struct hash_netiface6_elem *data)
|
||||
{
|
||||
u32 flags = data->physdev ? IPSET_FLAG_PHYSDEV : 0;
|
||||
u32 flags = (data->physdev ? IPSET_FLAG_PHYSDEV : 0) |
|
||||
(data->wildcard ? IPSET_FLAG_IFACE_WILDCARD : 0);
|
||||
|
||||
if (data->nomatch)
|
||||
flags |= IPSET_FLAG_NOMATCH;
|
||||
|
@ -440,6 +451,8 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
|
|||
e.physdev = 1;
|
||||
if (cadt_flags & IPSET_FLAG_NOMATCH)
|
||||
flags |= (IPSET_FLAG_NOMATCH << 16);
|
||||
if (cadt_flags & IPSET_FLAG_IFACE_WILDCARD)
|
||||
e.wildcard = 1;
|
||||
}
|
||||
|
||||
ret = adtfn(set, &e, &ext, &ext, flags);
|
||||
|
|
Loading…
Reference in New Issue