Commit c15f1c83 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Pablo Neira Ayuso
Browse files

netfilter: ipset: use NFPROTO_ constants 



ipset is actually using NFPROTO values rather than AF (xt_set passes
that along).

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent ae5d3372

include/linux/netfilter/ipset/ip_set.h

+4 −1
Original line number Original line Diff line number Diff line
@@ -288,7 +288,10 @@ struct ip_set_type { 
	u8 features;

	u8 features;

	/* Set type dimension */

	/* Set type dimension */

	u8 dimension;

	u8 dimension;

	/* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */

	/*

	 * Supported family: may be NFPROTO_UNSPEC for both

	 * NFPROTO_IPV4/NFPROTO_IPV6.

	 */

	u8 family;

	u8 family;

	/* Type revisions */

	/* Type revisions */

	u8 revision_min, revision_max;

	u8 revision_min, revision_max;

net/netfilter/ipset/ip_set_bitmap_ip.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -442,7 +442,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, 
	map->timeout = IPSET_NO_TIMEOUT;

	map->timeout = IPSET_NO_TIMEOUT;





	set->data = map;

	set->data = map;

	set->family = AF_INET;

	set->family = NFPROTO_IPV4;





	return true;

	return true;

}

}
@@ -550,7 +550,7 @@ static struct ip_set_type bitmap_ip_type __read_mostly = { 
	.protocol	= IPSET_PROTOCOL,

	.protocol	= IPSET_PROTOCOL,

	.features	= IPSET_TYPE_IP,

	.features	= IPSET_TYPE_IP,

	.dimension	= IPSET_DIM_ONE,

	.dimension	= IPSET_DIM_ONE,

	.family		= AF_INET,

	.family		= NFPROTO_IPV4,

	.revision_min	= 0,

	.revision_min	= 0,

	.revision_max	= 0,

	.revision_max	= 0,

	.create		= bitmap_ip_create,

	.create		= bitmap_ip_create,

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -543,7 +543,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, 
	map->timeout = IPSET_NO_TIMEOUT;

	map->timeout = IPSET_NO_TIMEOUT;





	set->data = map;

	set->data = map;

	set->family = AF_INET;

	set->family = NFPROTO_IPV4;





	return true;

	return true;

}

}
@@ -623,7 +623,7 @@ static struct ip_set_type bitmap_ipmac_type = { 
	.protocol	= IPSET_PROTOCOL,

	.protocol	= IPSET_PROTOCOL,

	.features	= IPSET_TYPE_IP | IPSET_TYPE_MAC,

	.features	= IPSET_TYPE_IP | IPSET_TYPE_MAC,

	.dimension	= IPSET_DIM_TWO,

	.dimension	= IPSET_DIM_TWO,

	.family		= AF_INET,

	.family		= NFPROTO_IPV4,

	.revision_min	= 0,

	.revision_min	= 0,

	.revision_max	= 0,

	.revision_max	= 0,

	.create		= bitmap_ipmac_create,

	.create		= bitmap_ipmac_create,

net/netfilter/ipset/ip_set_bitmap_port.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -422,7 +422,7 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, 
	map->timeout = IPSET_NO_TIMEOUT;

	map->timeout = IPSET_NO_TIMEOUT;





	set->data = map;

	set->data = map;

	set->family = AF_UNSPEC;

	set->family = NFPROTO_UNSPEC;





	return true;

	return true;

}

}
@@ -483,7 +483,7 @@ static struct ip_set_type bitmap_port_type = { 
	.protocol	= IPSET_PROTOCOL,

	.protocol	= IPSET_PROTOCOL,

	.features	= IPSET_TYPE_PORT,

	.features	= IPSET_TYPE_PORT,

	.dimension	= IPSET_DIM_ONE,

	.dimension	= IPSET_DIM_ONE,

	.family		= AF_UNSPEC,

	.family		= NFPROTO_UNSPEC,

	.revision_min	= 0,

	.revision_min	= 0,

	.revision_max	= 0,

	.revision_max	= 0,

	.create		= bitmap_port_create,

	.create		= bitmap_port_create,

net/netfilter/ipset/ip_set_core.c

+8 −8
Original line number Original line Diff line number Diff line
@@ -69,7 +69,7 @@ find_set_type(const char *name, u8 family, u8 revision) 




	list_for_each_entry_rcu(type, &ip_set_type_list, list)

	list_for_each_entry_rcu(type, &ip_set_type_list, list)

		if (STREQ(type->name, name) &&

		if (STREQ(type->name, name) &&

		    (type->family == family || type->family == AF_UNSPEC) &&

		    (type->family == family || type->family == NFPROTO_UNSPEC) &&

		    revision >= type->revision_min &&

		    revision >= type->revision_min &&

		    revision <= type->revision_max)

		    revision <= type->revision_max)

			return type;

			return type;
@@ -149,7 +149,7 @@ __find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max, 
	rcu_read_lock();

	rcu_read_lock();

	list_for_each_entry_rcu(type, &ip_set_type_list, list)

	list_for_each_entry_rcu(type, &ip_set_type_list, list)

		if (STREQ(type->name, name) &&

		if (STREQ(type->name, name) &&

		    (type->family == family || type->family == AF_UNSPEC)) {

		    (type->family == family || type->family == NFPROTO_UNSPEC)) {

			found = true;

			found = true;

			if (type->revision_min < *min)

			if (type->revision_min < *min)

				*min = type->revision_min;

				*min = type->revision_min;
@@ -164,8 +164,8 @@ __find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max, 
		__find_set_type_minmax(name, family, min, max, true);

		__find_set_type_minmax(name, family, min, max, true);

}

}





#define family_name(f)	((f) == AF_INET ? "inet" : \

#define family_name(f)	((f) == NFPROTO_IPV4 ? "inet" : \

			 (f) == AF_INET6 ? "inet6" : "any")

			 (f) == NFPROTO_IPV6 ? "inet6" : "any")





/* Register a set type structure. The type is identified by

/* Register a set type structure. The type is identified by

 * the unique triple of name, family and revision.

 * the unique triple of name, family and revision.
@@ -354,7 +354,7 @@ ip_set_test(ip_set_id_t index, const struct sk_buff *skb, 
	pr_debug("set %s, index %u\n", set->name, index);

	pr_debug("set %s, index %u\n", set->name, index);





	if (opt->dim < set->type->dimension ||

	if (opt->dim < set->type->dimension ||

	    !(opt->family == set->family || set->family == AF_UNSPEC))

	    !(opt->family == set->family || set->family == NFPROTO_UNSPEC))

		return 0;

		return 0;





	read_lock_bh(&set->lock);

	read_lock_bh(&set->lock);
@@ -387,7 +387,7 @@ ip_set_add(ip_set_id_t index, const struct sk_buff *skb, 
	pr_debug("set %s, index %u\n", set->name, index);

	pr_debug("set %s, index %u\n", set->name, index);





	if (opt->dim < set->type->dimension ||

	if (opt->dim < set->type->dimension ||

	    !(opt->family == set->family || set->family == AF_UNSPEC))

	    !(opt->family == set->family || set->family == NFPROTO_UNSPEC))

		return 0;

		return 0;





	write_lock_bh(&set->lock);

	write_lock_bh(&set->lock);
@@ -410,7 +410,7 @@ ip_set_del(ip_set_id_t index, const struct sk_buff *skb, 
	pr_debug("set %s, index %u\n", set->name, index);

	pr_debug("set %s, index %u\n", set->name, index);





	if (opt->dim < set->type->dimension ||

	if (opt->dim < set->type->dimension ||

	    !(opt->family == set->family || set->family == AF_UNSPEC))

	    !(opt->family == set->family || set->family == NFPROTO_UNSPEC))

		return 0;

		return 0;





	write_lock_bh(&set->lock);

	write_lock_bh(&set->lock);
@@ -575,7 +575,7 @@ start_msg(struct sk_buff *skb, u32 pid, u32 seq, unsigned int flags, 
		return NULL;

		return NULL;





	nfmsg = nlmsg_data(nlh);

	nfmsg = nlmsg_data(nlh);

	nfmsg->nfgen_family = AF_INET;

	nfmsg->nfgen_family = NFPROTO_IPV4;

	nfmsg->version = NFNETLINK_V0;

	nfmsg->version = NFNETLINK_V0;

	nfmsg->res_id = 0;

	nfmsg->res_id = 0;

CRA Git | Maintained and supported by SUSTech CRA and CCSE