hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of git://blackhole.kfki.hu/nf-next 

Jozsef Kadlecsik says:

====================
ipset patches for nf-next

- Remove useless memset() calls, nla_parse_nested/nla_parse
  erase the tb array properly, from Florent Fourcot.
- Merge the uadd and udel functions, the code is nicer
  this way, also from Florent Fourcot.
- Add a missing check for the return value of a
  nla_parse[_deprecated] call, from Aditya Pakki.
- Add the last missing check for the return value
  of nla_parse[_deprecated] call.
- Fix error path and release the references properly
  in set_target_v3_checkentry().
- Fix memory accounting which is reported to userspace
  for hash types on resize, from Stefano Brivio.
- Update my email address to kadlec@netfilter.org.
  The patch covers all places in the source tree where
  my kadlec@blackhole.kfki.hu address could be found.
====================

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2019-06-17 16:37:24 +02:00
parent 22567590b2 fe03d47456
commit 667ec21ebf
34 changed files with 104 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CREDITS
View File

@ -1800,7 +1800,7 @@ S: 2300 Copenhagen S.
S: Denmark S: Denmark
N: Jozsef Kadlecsik N: Jozsef Kadlecsik
E: kadlec@blackhole.kfki.hu E: kadlec@netfilter.org
P: 1024D/470DB964 4CB3 1A05 713E 9BF7 FAC5 5809 DD8C B7B1 470D B964 P: 1024D/470DB964 4CB3 1A05 713E 9BF7 FAC5 5809 DD8C B7B1 470D B964
D: netfilter: TCP window tracking code D: netfilter: TCP window tracking code
D: netfilter: raw table D: netfilter: raw table

2
MAINTAINERS
View File

@ -10858,7 +10858,7 @@ F: drivers/net/ethernet/neterion/
NETFILTER NETFILTER
M: Pablo Neira Ayuso <pablo@netfilter.org> M: Pablo Neira Ayuso <pablo@netfilter.org>
M: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> M: Jozsef Kadlecsik <kadlec@netfilter.org>
M: Florian Westphal <fw@strlen.de> M: Florian Westphal <fw@strlen.de>
L: netfilter-devel@vger.kernel.org L: netfilter-devel@vger.kernel.org
L: coreteam@netfilter.org L: coreteam@netfilter.org

2
include/linux/jhash.h
View File

@ -17,7 +17,7 @@
* if SELF_TEST is defined. You can use this free for any purpose. It's in * if SELF_TEST is defined. You can use this free for any purpose. It's in
* the public domain. It has no warranty. * the public domain. It has no warranty.
* *
* Copyright (C) 2009-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * Copyright (C) 2009-2010 Jozsef Kadlecsik (kadlec@netfilter.org)
* *
* I've modified Bob's hash to be useful in the Linux kernel, and * I've modified Bob's hash to be useful in the Linux kernel, and
* any bugs present are my fault. * any bugs present are my fault.

2
include/linux/netfilter/ipset/ip_set.h
View File

@ -1,7 +1,7 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de> * Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se> * Martin Josefsson <gandalf@wlug.westbo.se>
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

2
include/linux/netfilter/ipset/ip_set_counter.h
View File

@ -1,7 +1,7 @@
#ifndef _IP_SET_COUNTER_H #ifndef _IP_SET_COUNTER_H
#define _IP_SET_COUNTER_H #define _IP_SET_COUNTER_H
/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

2
include/linux/netfilter/ipset/ip_set_skbinfo.h
View File

@ -1,7 +1,7 @@
#ifndef _IP_SET_SKBINFO_H #ifndef _IP_SET_SKBINFO_H
#define _IP_SET_SKBINFO_H #define _IP_SET_SKBINFO_H
/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

2
include/linux/netfilter/ipset/ip_set_timeout.h
View File

@ -1,7 +1,7 @@
#ifndef _IP_SET_TIMEOUT_H #ifndef _IP_SET_TIMEOUT_H
#define _IP_SET_TIMEOUT_H #define _IP_SET_TIMEOUT_H
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

2
include/uapi/linux/netfilter/ipset/ip_set.h
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de> * Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se> * Martin Josefsson <gandalf@wlug.westbo.se>
* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

2
net/ipv4/netfilter/iptable_raw.c
View File

@ -2,7 +2,7 @@
/* /*
* 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT . * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT .
* *
* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>

2
net/ipv4/netfilter/nf_nat_h323.c
View File

@ -7,7 +7,7 @@
* This source code is licensed under General Public License version 2. * This source code is licensed under General Public License version 2.
* *
* Based on the 'brute force' H.323 NAT module by * Based on the 'brute force' H.323 NAT module by
* Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Jozsef Kadlecsik <kadlec@netfilter.org>
*/ */
#include <linux/module.h> #include <linux/module.h>

2
net/ipv6/netfilter/ip6table_raw.c
View File

@ -2,7 +2,7 @@
/* /*
* IPv6 raw table, a port of the IPv4 raw table to IPv6 * IPv6 raw table, a port of the IPv4 raw table to IPv6
* *
* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>

2
net/netfilter/ipset/ip_set_bitmap_gen.h
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

4
net/netfilter/ipset/ip_set_bitmap_ip.c
View File

@ -1,6 +1,6 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de> * Patrick Schaaf <bof@bof.de>
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -31,7 +31,7 @@
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("bitmap:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("bitmap:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_bitmap:ip"); MODULE_ALIAS("ip_set_bitmap:ip");

4
net/netfilter/ipset/ip_set_bitmap_ipmac.c
View File

@ -1,7 +1,7 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de> * Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se> * Martin Josefsson <gandalf@wlug.westbo.se>
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -31,7 +31,7 @@
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_bitmap:ip,mac"); MODULE_ALIAS("ip_set_bitmap:ip,mac");

4
net/netfilter/ipset/ip_set_bitmap_port.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -26,7 +26,7 @@
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("bitmap:port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("bitmap:port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_bitmap:port"); MODULE_ALIAS("ip_set_bitmap:port");

97
net/netfilter/ipset/ip_set_core.c
View File

@ -1,6 +1,6 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de> * Patrick Schaaf <bof@bof.de>
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -51,7 +51,7 @@ static unsigned int max_sets;
module_param(max_sets, int, 0600); module_param(max_sets, int, 0600);
MODULE_PARM_DESC(max_sets, "maximal number of sets"); MODULE_PARM_DESC(max_sets, "maximal number of sets");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
MODULE_DESCRIPTION("core IP set support"); MODULE_DESCRIPTION("core IP set support");
MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET); MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET);
@ -1293,11 +1293,13 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
struct nlattr *attr = (void *)nlh + min_len; struct nlattr *attr = (void *)nlh + min_len;
u32 dump_type; u32 dump_type;
ip_set_id_t index; ip_set_id_t index;
int ret;
/* Second pass, so parser can't fail */ ret = nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, attr,
nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, attr, nlh->nlmsg_len - min_len,
nlh->nlmsg_len - min_len, ip_set_setname_policy, ip_set_setname_policy, NULL);
NULL); if (ret)
return ret;
cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]); cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);
if (cda[IPSET_ATTR_SETNAME]) { if (cda[IPSET_ATTR_SETNAME]) {
@ -1544,10 +1546,14 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
memcpy(&errmsg->msg, nlh, nlh->nlmsg_len); memcpy(&errmsg->msg, nlh, nlh->nlmsg_len);
cmdattr = (void *)&errmsg->msg + min_len; cmdattr = (void *)&errmsg->msg + min_len;
nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, cmdattr, ret = nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, cmdattr,
nlh->nlmsg_len - min_len, nlh->nlmsg_len - min_len,
ip_set_adt_policy, NULL); ip_set_adt_policy, NULL);
if (ret) {
nlmsg_free(skb2);
return ret;
}
errline = nla_data(cda[IPSET_ATTR_LINENO]); errline = nla_data(cda[IPSET_ATTR_LINENO]);
*errline = lineno; *errline = lineno;
@ -1561,10 +1567,12 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
return ret; return ret;
} }
static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb, static int ip_set_ad(struct net *net, struct sock *ctnl,
const struct nlmsghdr *nlh, struct sk_buff *skb,
const struct nlattr * const attr[], enum ipset_adt adt,
struct netlink_ext_ack *extack) const struct nlmsghdr *nlh,
const struct nlattr * const attr[],
struct netlink_ext_ack *extack)
{ {
struct ip_set_net *inst = ip_set_pernet(net); struct ip_set_net *inst = ip_set_pernet(net);
struct ip_set *set; struct ip_set *set;
@ -1593,18 +1601,17 @@ static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
if (attr[IPSET_ATTR_DATA]) { if (attr[IPSET_ATTR_DATA]) {
if (nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], set->type->adt_policy, NULL)) if (nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], set->type->adt_policy, NULL))
return -IPSET_ERR_PROTOCOL; return -IPSET_ERR_PROTOCOL;
ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags, ret = call_ad(ctnl, skb, set, tb, adt, flags,
use_lineno); use_lineno);
} else { } else {
int nla_rem; int nla_rem;
nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) { nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
memset(tb, 0, sizeof(tb));
if (nla_type(nla) != IPSET_ATTR_DATA || if (nla_type(nla) != IPSET_ATTR_DATA ||
!flag_nested(nla) || !flag_nested(nla) ||
nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL)) nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL))
return -IPSET_ERR_PROTOCOL; return -IPSET_ERR_PROTOCOL;
ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, ret = call_ad(ctnl, skb, set, tb, adt,
flags, use_lineno); flags, use_lineno);
if (ret < 0) if (ret < 0)
return ret; return ret;
@ -1613,56 +1620,22 @@ static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
return ret; return ret;
} }
static int ip_set_udel(struct net *net, struct sock *ctnl, struct sk_buff *skb, static int ip_set_uadd(struct net *net, struct sock *ctnl,
const struct nlmsghdr *nlh, struct sk_buff *skb, const struct nlmsghdr *nlh,
const struct nlattr * const attr[], const struct nlattr * const attr[],
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
struct ip_set_net *inst = ip_set_pernet(net); return ip_set_ad(net, ctnl, skb,
struct ip_set *set; IPSET_ADD, nlh, attr, extack);
struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {}; }
const struct nlattr *nla;
u32 flags = flag_exist(nlh);
bool use_lineno;
int ret = 0;
if (unlikely(protocol_min_failed(attr) || static int ip_set_udel(struct net *net, struct sock *ctnl,
!attr[IPSET_ATTR_SETNAME] || struct sk_buff *skb, const struct nlmsghdr *nlh,
!((attr[IPSET_ATTR_DATA] != NULL) ^ const struct nlattr * const attr[],
(attr[IPSET_ATTR_ADT] != NULL)) || struct netlink_ext_ack *extack)
(attr[IPSET_ATTR_DATA] && {
!flag_nested(attr[IPSET_ATTR_DATA])) || return ip_set_ad(net, ctnl, skb,
(attr[IPSET_ATTR_ADT] && IPSET_DEL, nlh, attr, extack);
(!flag_nested(attr[IPSET_ATTR_ADT]) ||
!attr[IPSET_ATTR_LINENO]))))
return -IPSET_ERR_PROTOCOL;
set = find_set(inst, nla_data(attr[IPSET_ATTR_SETNAME]));
if (!set)
return -ENOENT;
use_lineno = !!attr[IPSET_ATTR_LINENO];
if (attr[IPSET_ATTR_DATA]) {
if (nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], set->type->adt_policy, NULL))
return -IPSET_ERR_PROTOCOL;
ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags,
use_lineno);
} else {
int nla_rem;
nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
memset(tb, 0, sizeof(*tb));
if (nla_type(nla) != IPSET_ATTR_DATA ||
!flag_nested(nla) ||
nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL))
return -IPSET_ERR_PROTOCOL;
ret = call_ad(ctnl, skb, set, tb, IPSET_DEL,
flags, use_lineno);
if (ret < 0)
return ret;
}
}
return ret;
} }
static int ip_set_utest(struct net *net, struct sock *ctnl, struct sk_buff *skb, static int ip_set_utest(struct net *net, struct sock *ctnl, struct sk_buff *skb,

2
net/netfilter/ipset/ip_set_getport.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

4
net/netfilter/ipset/ip_set_hash_gen.h
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -625,7 +625,7 @@ retry:
goto cleanup; goto cleanup;
} }
m->size = AHASH_INIT_SIZE; m->size = AHASH_INIT_SIZE;
extsize = ext_size(AHASH_INIT_SIZE, dsize); extsize += ext_size(AHASH_INIT_SIZE, dsize);
RCU_INIT_POINTER(hbucket(t, key), m); RCU_INIT_POINTER(hbucket(t, key), m);
} else if (m->pos >= m->size) { } else if (m->pos >= m->size) {
struct hbucket *ht; struct hbucket *ht;

4
net/netfilter/ipset/ip_set_hash_ip.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -30,7 +30,7 @@
#define IPSET_TYPE_REV_MAX 4 /* skbinfo support */ #define IPSET_TYPE_REV_MAX 4 /* skbinfo support */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:ip"); MODULE_ALIAS("ip_set_hash:ip");

2
net/netfilter/ipset/ip_set_hash_ipmark.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* Copyright (C) 2013 Smoothwall Ltd. <vytas.dauksa@smoothwall.net> * Copyright (C) 2013 Smoothwall Ltd. <vytas.dauksa@smoothwall.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify

4
net/netfilter/ipset/ip_set_hash_ipport.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -32,7 +32,7 @@
#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:ip,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:ip,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:ip,port"); MODULE_ALIAS("ip_set_hash:ip,port");

4
net/netfilter/ipset/ip_set_hash_ipportip.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -32,7 +32,7 @@
#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:ip,port,ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:ip,port,ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:ip,port,ip"); MODULE_ALIAS("ip_set_hash:ip,port,ip");

4
net/netfilter/ipset/ip_set_hash_ipportnet.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -34,7 +34,7 @@
#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:ip,port,net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:ip,port,net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:ip,port,net"); MODULE_ALIAS("ip_set_hash:ip,port,net");

4
net/netfilter/ipset/ip_set_hash_mac.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2014 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2014 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -23,7 +23,7 @@
#define IPSET_TYPE_REV_MAX 0 #define IPSET_TYPE_REV_MAX 0
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:mac"); MODULE_ALIAS("ip_set_hash:mac");

4
net/netfilter/ipset/ip_set_hash_net.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -31,7 +31,7 @@
#define IPSET_TYPE_REV_MAX 6 /* skbinfo mapping support added */ #define IPSET_TYPE_REV_MAX 6 /* skbinfo mapping support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:net"); MODULE_ALIAS("ip_set_hash:net");

4
net/netfilter/ipset/ip_set_hash_netiface.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2011-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2011-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -32,7 +32,7 @@
#define IPSET_TYPE_REV_MAX 6 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 6 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:net,iface", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:net,iface", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:net,iface"); MODULE_ALIAS("ip_set_hash:net,iface");

2
net/netfilter/ipset/ip_set_hash_netnet.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* Copyright (C) 2013 Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> * Copyright (C) 2013 Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify

4
net/netfilter/ipset/ip_set_hash_netport.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -33,7 +33,7 @@
#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:net,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("hash:net,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:net,port"); MODULE_ALIAS("ip_set_hash:net,port");

2
net/netfilter/ipset/ip_set_hash_netportnet.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as

4
net/netfilter/ipset/ip_set_list_set.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2008-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> /* Copyright (C) 2008-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -22,7 +22,7 @@
#define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */ #define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("list:set", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); IP_SET_MODULE_DESC("list:set", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_list:set"); MODULE_ALIAS("ip_set_list:set");

2
net/netfilter/nf_conntrack_h323_main.c
View File

@ -7,7 +7,7 @@
* This source code is licensed under General Public License version 2. * This source code is licensed under General Public License version 2.
* *
* Based on the 'brute force' H.323 connection tracking module by * Based on the 'brute force' H.323 connection tracking module by
* Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* For more information, please see http://nath323.sourceforge.net/ * For more information, please see http://nath323.sourceforge.net/
*/ */

2
net/netfilter/nf_conntrack_proto_tcp.c
View File

@ -1,6 +1,6 @@
/* (C) 1999-2001 Paul `Rusty' Russell /* (C) 1999-2001 Paul `Rusty' Russell
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
* (C) 2002-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * (C) 2002-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* (C) 2006-2012 Patrick McHardy <kaber@trash.net> * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify

4
net/netfilter/xt_iprange.c
View File

@ -1,7 +1,7 @@
/* /*
* xt_iprange - Netfilter module to match IP address ranges * xt_iprange - Netfilter module to match IP address ranges
* *
* (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
* (C) CC Computer Consultants GmbH, 2008 * (C) CC Computer Consultants GmbH, 2008
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
@ -133,7 +133,7 @@ static void __exit iprange_mt_exit(void)
module_init(iprange_mt_init); module_init(iprange_mt_init);
module_exit(iprange_mt_exit); module_exit(iprange_mt_exit);
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>"); MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching"); MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching");
MODULE_ALIAS("ipt_iprange"); MODULE_ALIAS("ipt_iprange");

45
net/netfilter/xt_set.c
View File

@ -1,7 +1,7 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de> * Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se> * Martin Josefsson <gandalf@wlug.westbo.se>
* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -21,7 +21,7 @@
#include <uapi/linux/netfilter/xt_set.h> #include <uapi/linux/netfilter/xt_set.h>
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
MODULE_DESCRIPTION("Xtables: IP set match and target module"); MODULE_DESCRIPTION("Xtables: IP set match and target module");
MODULE_ALIAS("xt_SET"); MODULE_ALIAS("xt_SET");
MODULE_ALIAS("ipt_set"); MODULE_ALIAS("ipt_set");
@ -439,6 +439,7 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
{ {
const struct xt_set_info_target_v3 *info = par->targinfo; const struct xt_set_info_target_v3 *info = par->targinfo;
ip_set_id_t index; ip_set_id_t index;
int ret = 0;
if (info->add_set.index != IPSET_INVALID_ID) { if (info->add_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(par->net, index = ip_set_nfnl_get_byindex(par->net,
@ -456,17 +457,16 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_info_ratelimited("Cannot find del_set index %u as target\n", pr_info_ratelimited("Cannot find del_set index %u as target\n",
info->del_set.index); info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID) ret = -ENOENT;
ip_set_nfnl_put(par->net, goto cleanup_add;
info->add_set.index);
return -ENOENT;
} }
} }
if (info->map_set.index != IPSET_INVALID_ID) { if (info->map_set.index != IPSET_INVALID_ID) {
if (strncmp(par->table, "mangle", 7)) { if (strncmp(par->table, "mangle", 7)) {
pr_info_ratelimited("--map-set only usable from mangle table\n"); pr_info_ratelimited("--map-set only usable from mangle table\n");
return -EINVAL; ret = -EINVAL;
goto cleanup_del;
} }
if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) | if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) |
(info->flags & IPSET_FLAG_MAP_SKBQUEUE)) && (info->flags & IPSET_FLAG_MAP_SKBQUEUE)) &&
@ -474,20 +474,16 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
1 << NF_INET_LOCAL_OUT | 1 << NF_INET_LOCAL_OUT |
1 << NF_INET_POST_ROUTING))) { 1 << NF_INET_POST_ROUTING))) {
pr_info_ratelimited("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n"); pr_info_ratelimited("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
return -EINVAL; ret = -EINVAL;
goto cleanup_del;
} }
index = ip_set_nfnl_get_byindex(par->net, index = ip_set_nfnl_get_byindex(par->net,
info->map_set.index); info->map_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_info_ratelimited("Cannot find map_set index %u as target\n", pr_info_ratelimited("Cannot find map_set index %u as target\n",
info->map_set.index); info->map_set.index);
if (info->add_set.index != IPSET_INVALID_ID) ret = -ENOENT;
ip_set_nfnl_put(par->net, goto cleanup_del;
info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(par->net,
info->del_set.index);
return -ENOENT;
} }
} }
@ -495,16 +491,21 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
info->del_set.dim > IPSET_DIM_MAX || info->del_set.dim > IPSET_DIM_MAX ||
info->map_set.dim > IPSET_DIM_MAX) { info->map_set.dim > IPSET_DIM_MAX) {
pr_info_ratelimited("SET target dimension over the limit!\n"); pr_info_ratelimited("SET target dimension over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID) ret = -ERANGE;
ip_set_nfnl_put(par->net, info->add_set.index); goto cleanup_mark;
if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(par->net, info->del_set.index);
if (info->map_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(par->net, info->map_set.index);
return -ERANGE;
} }
return 0; return 0;
cleanup_mark:
if (info->map_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(par->net, info->map_set.index);
cleanup_del:
if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(par->net, info->del_set.index);
cleanup_add:
if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(par->net, info->add_set.index);
return ret;
} }
static void static void