Commit cabfd139 authored by Sergey Popovich's avatar Sergey Popovich Committed by Pablo Neira Ayuso
Browse files

netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len 



Signed-off-by: default avatarSergey Popovich <popovich_sergei@mail.ua>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent d25472e4

net/netfilter/ipset/ip_set_bitmap_ip.c

+4 −3
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ IP_SET_MODULE_DESC("bitmap:ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); 
MODULE_ALIAS("ip_set_bitmap:ip");



#define MTYPE		bitmap_ip

#define HOST_MASK	32



/* Type structure */

struct bitmap_ip {
@@ -177,7 +178,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (!cidr || cidr > 32)

		if (!cidr || cidr > HOST_MASK)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	} else
@@ -280,7 +281,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (cidr >= 32)

		if (cidr >= HOST_MASK)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(first_ip, last_ip, cidr);

	} else
@@ -289,7 +290,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], 
	if (tb[IPSET_ATTR_NETMASK]) {

		netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);



		if (netmask > 32)

		if (netmask > HOST_MASK)

			return -IPSET_ERR_INVALID_NETMASK;



		first_ip &= ip_set_hostmask(netmask);

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+2 −1
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); 
MODULE_ALIAS("ip_set_bitmap:ip,mac");



#define MTYPE		bitmap_ipmac

#define HOST_MASK	32

#define IP_SET_BITMAP_STORED_TIMEOUT



enum {
@@ -346,7 +347,7 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (cidr >= 32)

		if (cidr >= HOST_MASK)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(first_ip, last_ip, cidr);

	} else

net/netfilter/ipset/ip_set_hash_ip.c

+1 −1
Original line number Diff line number Diff line
@@ -147,7 +147,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (!cidr || cidr > 32)

		if (!cidr || cidr > HOST_MASK)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	}

net/netfilter/ipset/ip_set_hash_ipmark.c

+1 −1
Original line number Diff line number Diff line
@@ -149,7 +149,7 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (!cidr || cidr > 32)

		if (!cidr || cidr > HOST_MASK)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	}

net/netfilter/ipset/ip_set_hash_ipport.c

+1 −1
Original line number Diff line number Diff line
@@ -170,7 +170,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (!cidr || cidr > 32)

		if (!cidr || cidr > HOST_MASK)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	}

CRA Git | Maintained and supported by SUSTech CRA and CCSE