+2.2.7
+ All patches were submitted by Jones Desougi
+ - missing or confusing error message fixes for ipporthash
+ - minor correction in debugging in nethash
+ - copy-paste bug in kernel set types at memory allocation
+ checking fixed
+ - unified memory allocations in ipset
+
2.2.6
- memory allocation in iptree is changed to GFP_ATOMIC because
we hold a lock (bug reported by Radek Hladik)
KERNEL_DIR=/usr/src/linux
endif
-IPSET_VERSION:=2.2.6
+IPSET_VERSION:=2.2.7
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
return p;
}
+char *ipset_strdup(const char *s)
+{
+ char *p;
+
+ if ((p = strdup(s)) == NULL) {
+ perror("ipset: not enough memory");
+ exit(1);
+ }
+ return p;
+}
+
void ipset_free(void **data)
{
if (*data == NULL)
global_option_offset += OPTION_OFFSET;
*option_offset = global_option_offset;
- merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
+ merge = ipset_malloc(sizeof(struct option) * (num_new + num_old + 1));
memcpy(merge, oldopts, num_old * sizeof(struct option));
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
newargc = 1;
ptr = strtok(buffer, " \t\n");
- newargv[newargc++] = strdup(ptr);
+ newargv[newargc++] = ipset_strdup(ptr);
while ((ptr = strtok(NULL, " \t\n")) != NULL) {
if ((newargc + 1) < sizeof(newargv)/sizeof(char *))
- newargv[newargc++] = strdup(ptr);
+ newargv[newargc++] = ipset_strdup(ptr);
else
exit_error(PARAMETER_PROBLEM,
"Line %d is too long to restore\n", line);
if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP")))
tmpdir = "/tmp";
- filename = malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1);
- if (!filename)
- exit_error(OTHER_PROBLEM, "Could not malloc temporary filename.");
+ filename = ipset_malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1);
strcpy(filename, tmpdir);
- strcpy(filename, TEMPFILE_PATTERN);
+ strcat(filename, TEMPFILE_PATTERN);
(void) umask(077); /* Create with restrictive permissions */
fd = mkstemp(filename);
line = 0;
/* Initialize newargv/newargc */
- newargv[newargc++] = strdup(argv0);
+ newargv[newargc++] = ipset_strdup(argv0);
/* Second pass: build up restore request */
while (fgets(buffer, sizeof(buffer), in)) {
ip_set_ip_t *port);
extern void *ipset_malloc(size_t size);
+extern char *ipset_strdup(const char *);
extern void ipset_free(void **data);
#endif /* __IPSET_H */
#define OPT_CREATE_RESIZE 0x04U
#define OPT_CREATE_NETWORK 0x08U
#define OPT_CREATE_FROM 0x10U
-#define OPT_CREATE_TO 0x10U
+#define OPT_CREATE_TO 0x20U
/* Initialize the create. */
void create_init(void *data)
mydata->hashsize, mydata->probes, mydata->resize);
#endif
- if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to, or --network\n");
-
if (flags & OPT_CREATE_NETWORK) {
/* --network */
if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
exit_error(PARAMETER_PROBLEM,
"Can't specify --from or --to with --network\n");
- } else {
+ } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) {
/* --from --to */
- if ((flags & OPT_CREATE_FROM) == 0
- || (flags & OPT_CREATE_TO) == 0)
+ if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO))
exit_error(PARAMETER_PROBLEM,
"Need to specify both --from and --to\n");
+ } else {
+ exit_error(PARAMETER_PROBLEM,
+ "Need to specify --from and --to, or --network\n");
+
}
DP("from : %x to: %x diff: %x",
if (mydata->from > mydata->to)
exit_error(PARAMETER_PROBLEM,
- "From can't be lower than to.\n");
+ "From can't be higher than to.\n");
if (mydata->to - mydata->from > MAX_RANGE)
exit_error(PARAMETER_PROBLEM,
{
struct ip_set_req_ipporthash *mydata =
(struct ip_set_req_ipporthash *) data;
- char *saved = strdup(optarg);
+ char *saved = ipset_strdup(optarg);
char *ptr, *tmp = saved;
DP("ipporthash: %p %p", optarg, data);
" [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
"-N set ipporthash --network IP/mask\n"
" [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-A set IP\n"
- "-D set IP\n"
- "-T set IP\n");
+ "-A set IP%%port\n"
+ "-D set IP%%port\n"
+ "-T set IP%%port\n");
}
static struct settype settype_ipporthash = {
{
struct ip_set_req_iptree *mydata =
(struct ip_set_req_iptree *) data;
- char *saved = strdup(optarg);
+ char *saved = ipset_strdup(optarg);
char *ptr, *tmp = saved;
DP("iptree: %p %p", optarg, data);
{
struct ip_set_req_macipmap *mydata =
(struct ip_set_req_macipmap *) data;
- char *saved = strdup(optarg);
+ char *saved = ipset_strdup(optarg);
char *ptr, *tmp = saved;
DP("macipmap: %p %p", optarg, data);
{
struct ip_set_req_nethash *mydata =
(struct ip_set_req_nethash *) data;
- char *saved = strdup(optarg);
+ char *saved = ipset_strdup(optarg);
char *ptr, *tmp = saved;
ip_set_ip_t cidr;
((unsigned char *)&ip)[3],
b);
- DP("%s %s", ip_tostring(htonl(ip), options), buf);
+ DP("%s %s", ip_tostring(ntohl(ip), options), buf);
return buf;
}
projects / ipset / commitdiff