hash type of sets. Enforce the restriction.
V=0
endif
-IPSET_VERSION:=2.4
+IPSET_VERSION:=2.4.1
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
+2.4.1
+ - Zero-valued element are not accepted by hash type of sets
+ because we cannot make a difference between a zero-valued
+ element and not-set element.
2.4
- ipportiphash, ipportnethash and setlist types added
- set type modules reworked to avoid code duplication
ip_set_ip_t *elem;
*hash_ip = pack_ip_port(map, ip, port);
+
DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
+ if (!*hash_ip)
+ return UINT_MAX;
for (i = 0; i < map->probes; i++) {
id = jhash_ip(map, i, *hash_ip) % map->hashsize;
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+
+ if (!*hash_ip)
+ return -ERANGE;
return __ipporthash_add(map, hash_ip);
}
*hash_ip = pack_ip_port(map, ip, port);
DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
+ if (!(*hash_ip || ip1))
+ return UINT_MAX;
for (i = 0; i < map->probes; i++) {
id = jhash_ip2(map, i, *hash_ip, ip1) % map->hashsize;
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ if (!(*hash_ip || ip1))
+ return -ERANGE;
return __ipportip_add(map, *hash_ip, ip1);
}
ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip_set_ip_t *hash_ip)
{
+ const struct ip_set_ipportnethash *map = set->data;
const struct ip_set_req_ipportnethash *req = data;
if (req->cidr <= 0 || req->cidr > 32)
return -EINVAL;
+ if (!(pack_ip_port(map, req->ip, req->port)))
+ return -ERANGE;
return (req->cidr == 32
? ipportnethash_test(set, hash_ip, req->ip, req->port,
req->ip1)
#define KADT_CONDITION \
ip_set_ip_t port, ip1; \
+ struct ip_set_ipportnethash *map = set->data; \
\
if (flags[index+2] == 0) \
return 0; \
ip1 = ipaddr(skb, flags[index+2]); \
\
if (port == INVALID_PORT) \
+ return 0; \
+ if (!(pack_ip_port(map, ip, port))) \
return 0;
KADT(ipportnethash, test, ipaddr, port, ip1)
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ if (!(*hash_ip || ip1))
+ return -ERANGE;
ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr));
if (ret == 0) {
# IP: Create a set
0 ipset -N test iphash --hashsize 128
+# Range: Add zero valued element
+2 ipset -A test 0.0.0.0
+# Range: Test zero valued element
+2 ipset -T test 0.0.0.0
# IP: Add first random value
0 ipset -A test 2.0.0.1
# IP: Add second random value
2 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.1
# Range: Create a set from a valid range
0 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add zero valued element
+1 ipset -A test 2.0.0.1,0
+# Range: Test zero valued element
+1 ipset -T test 2.0.0.1,0
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5
# Range: Add upper boundary
2 ipset -N test ipportiphash --from 2.0.0.1 --to 2.1.0.1
# Range: Create a set from a valid range
0 ipset -N test ipportiphash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add zero valued element
+1 ipset -A test 2.0.0.1,0,0.0.0.0
+# Range: Test zero valued element
+1 ipset -T test 2.0.0.1,0,0.0.0.0
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5,1.1.1.1
# Range: Add upper boundary
2 ipset -N test ipportnethash --from 2.0.0.1 --to 2.1.0.1
# Range: Create a set from a valid range
0 ipset -N test ipportnethash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add zero valued element
+1 ipset -A test 2.0.0.1,0,0.0.0.0/1
+# Range: Test zero valued element
+1 ipset -T test 2.0.0.1,0,0.0.0.0/1
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5,1.1.1.1/24
# Range: Add upper boundary
# Create a set
0 ipset -N test nethash --hashsize 128
+# Range: Add zero valued element
+2 ipset -A test 0.0.0.0/0
+# Range: Test zero valued element
+2 ipset -T test 0.0.0.0/0
# Add first random network
0 ipset -A test 2.0.0.1/24
# Add second random network
projects / ipset / commitdiff