From: Jozsef Kadlecsik Date: Tue, 7 Dec 2010 16:01:55 +0000 (+0100) Subject: Whitespace, checkpatch.pl cleanups. X-Git-Tag: v5.0~33 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9d317732eeeed959b3d0fa2f7997f059d74ad75b;p=ipset Whitespace, checkpatch.pl cleanups. --- diff --git a/kernel/include/linux/netfilter/ip_set.h b/kernel/include/linux/netfilter/ip_set.h index 5377cdc..07ff5a3 100644 --- a/kernel/include/linux/netfilter/ip_set.h +++ b/kernel/include/linux/netfilter/ip_set.h @@ -8,7 +8,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. + * published by the Free Software Foundation. */ /* The protocol version */ @@ -37,7 +37,7 @@ enum ipset_cmd { IPSET_MSG_MAX, /* Netlink message commands */ /* Commands in userspace: */ - IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 15: Enter restore mode */ + IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 15: Enter restore mode */ IPSET_CMD_HELP, /* 16: Get help */ IPSET_CMD_VERSION, /* 17: Get program version */ IPSET_CMD_QUIT, /* 18: Quit from interactive mode */ @@ -93,7 +93,7 @@ enum { IPSET_ATTR_ELEMENTS, IPSET_ATTR_REFERENCES, IPSET_ATTR_MEMSIZE, - + __IPSET_ATTR_CREATE_MAX, }; #define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) @@ -323,20 +323,20 @@ static inline void * ip_set_alloc(size_t size, gfp_t gfp_mask) { void *members = NULL; - + if (size < KMALLOC_MAX_SIZE) members = kzalloc(size, gfp_mask | __GFP_NOWARN); - + if (members) { pr_debug("%p: allocated with kmalloc", members); return members; } - + members = __vmalloc(size, gfp_mask | __GFP_ZERO, PAGE_KERNEL); if (!members) return NULL; pr_debug("%p: allocated with vmalloc", members); - + return members; } @@ -363,7 +363,7 @@ static inline u32 ip_set_get_h32(const struct nlattr *attr) { u32 value = nla_get_u32(attr); - + return attr->nla_type & NLA_F_NET_BYTEORDER ? ntohl(value) : value; } @@ -371,7 +371,7 @@ static inline u16 ip_set_get_h16(const struct nlattr *attr) { u16 value = nla_get_u16(attr); - + return attr->nla_type & NLA_F_NET_BYTEORDER ? ntohs(value) : value; } @@ -379,7 +379,7 @@ static inline u32 ip_set_get_n32(const struct nlattr *attr) { u32 value = nla_get_u32(attr); - + return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htonl(value); } @@ -387,7 +387,7 @@ static inline u16 ip_set_get_n16(const struct nlattr *attr) { u16 value = nla_get_u16(attr); - + return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htons(value); } @@ -412,7 +412,7 @@ ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr) return -IPSET_ERR_PROTOCOL; if (!tb[IPSET_ATTR_IPADDR_IPV4]) return -IPSET_ERR_IPADDR_IPV4; - + *ipaddr = ip_set_get_n32(tb[IPSET_ATTR_IPADDR_IPV4]); return 0; } @@ -438,7 +438,7 @@ ip_set_get_ipaddr6(struct nlattr *attr[], int type, union nf_inet_addr *ipaddr) } #define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED) -#define ipset_nest_end(skb, start) nla_nest_end(skb, start) +#define ipset_nest_end(skb, start) nla_nest_end(skb, start) #define NLA_PUT_NET32(skb, type, value) \ NLA_PUT_BE32(skb, type | NLA_F_NET_BYTEORDER, value) @@ -489,7 +489,7 @@ ip6addrptr(const struct sk_buff *skb, bool src, struct in6_addr *addr) /* Interface to iptables/ip6tables */ -#define SO_IP_SET 83 +#define SO_IP_SET 83 union ip_set_name_index { char name[IPSET_MAXNAMELEN]; diff --git a/kernel/include/linux/netfilter/ip_set_bitmap.h b/kernel/include/linux/netfilter/ip_set_bitmap.h index f3bff2c..61a9e87 100644 --- a/kernel/include/linux/netfilter/ip_set_bitmap.h +++ b/kernel/include/linux/netfilter/ip_set_bitmap.h @@ -18,14 +18,14 @@ static inline u32 range_to_mask(u32 from, u32 to, u8 *bits) { u32 mask = 0xFFFFFFFE; - + *bits = 32; while (--(*bits) > 0 && mask && (to & mask) != from) mask <<= 1; - + return mask; } #endif /* __KERNEL__ */ - + #endif /* __IP_SET_BITMAP_H */ diff --git a/kernel/include/linux/netfilter/ip_set_chash.h b/kernel/include/linux/netfilter/ip_set_chash.h index f223275..138e94d 100644 --- a/kernel/include/linux/netfilter/ip_set_chash.h +++ b/kernel/include/linux/netfilter/ip_set_chash.h @@ -11,7 +11,7 @@ * the timeout field must be the last one in the data structure - that field * is ignored when computing the hash key. */ - + /* Number of elements to store in an array block */ #define CHASH_DEFAULT_ARRAY_SIZE 4 /* Number of arrays: max ARRAY_SIZE * CHAIN_LIMIT "long" chains */ @@ -75,7 +75,7 @@ add_cidr(struct chash *h, u8 cidr, u8 host_mask) if (h->nets[cidr-1].nets > 1) return; - + /* New cidr size */ for (i = 0; i < host_mask && h->nets[i].cidr; i++) { /* Add in increasing prefix order, so larger cidr first */ @@ -113,7 +113,7 @@ chash_destroy(struct htable *ht) { struct slist *n, *tmp; u32 i; - + for (i = 0; i < jhash_size(ht->htable_bits); i++) slist_for_each_safe(n, tmp, &ht->htable[i]) /* FIXME: use slab cache */ @@ -134,12 +134,12 @@ chash_memsize(const struct chash *h, size_t dsize, u8 host_mask) + sizeof(struct chash_nets) * host_mask #endif + jhash_size(ht->htable_bits) * sizeof(struct slist); - + for (i = 0; i < jhash_size(ht->htable_bits); i++) slist_for_each(n, &ht->htable[i]) memsize += sizeof(struct slist) + h->array_size * dsize; - + return memsize; } @@ -151,7 +151,7 @@ ip_set_hash_flush(struct ip_set *set) struct htable *ht = h->table; struct slist *n, *tmp; u32 i; - + for (i = 0; i < jhash_size(ht->htable_bits); i++) { slist_for_each_safe(n, tmp, &ht->htable[i]) /* FIXME: slab cache */ @@ -176,7 +176,7 @@ ip_set_hash_destroy(struct ip_set *set) chash_destroy(h->table); kfree(h); - + set->data = NULL; } @@ -241,7 +241,7 @@ ip_set_hash_destroy(struct ip_set *set) /* Get the ith element from the array block n */ #define chash_data(n, i) \ -(struct type_pf_elem *)((char *)(n) + sizeof(struct slist) \ +(struct type_pf_elem *)((char *)(n) + sizeof(struct slist) \ + (i)*sizeof(struct type_pf_elem)) /* Add an element to the hash table when resizing the set: @@ -298,7 +298,7 @@ type_pf_chash_del_elem(struct chash *h, struct slist *prev, for (prev = n, tmp = n->next; tmp->next != NULL; prev = tmp, tmp = tmp->next) - /* Find last array */; + /* Find last array */; j = 0; } else { /* Already at last array */ @@ -310,9 +310,9 @@ type_pf_chash_del_elem(struct chash *h, struct slist *prev, if (type_pf_data_isnull(chash_data(tmp, j + 1))) break; - if (!(tmp == n && i == j)) { + if (!(tmp == n && i == j)) type_pf_data_swap(data, chash_data(tmp, j)); - } + #ifdef IP_SET_HASH_WITH_NETS del_cidr(h, data->cidr, HOST_MASK); #endif @@ -377,12 +377,12 @@ next_slot: h->table = ht; read_unlock_bh(&set->lock); - + /* Give time to other users of the set */ synchronize_net(); chash_destroy(orig); - + return 0; } @@ -540,7 +540,7 @@ type_pf_head(struct ip_set *set, struct sk_buff *skb) const struct chash *h = set->data; struct nlattr *nested; size_t memsize; - + read_lock_bh(&set->lock); memsize = chash_memsize(h, with_timeout(h->timeout) ? sizeof(struct type_pf_telem) @@ -564,7 +564,7 @@ type_pf_head(struct ip_set *set, struct sk_buff *skb) if (with_timeout(h->timeout)) NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -615,7 +615,7 @@ type_pf_list(struct ip_set *set, ipset_nest_end(skb, atd); /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -709,8 +709,8 @@ type_pf_chash_treadd(struct chash *h, struct htable *ht, for (i = 0; i < h->array_size; i++) { data = chash_tdata(n, i); if (type_pf_data_isnull(data)) { - tmp = n; - goto found; + tmp = n; + goto found; } } j++; @@ -734,7 +734,7 @@ found: static void type_pf_chash_del_telem(struct chash *h, struct slist *prev, - struct slist *n, int i) + struct slist *n, int i) { struct type_pf_elem *d, *data = chash_tdata(n, i); struct slist *tmp; @@ -745,7 +745,7 @@ type_pf_chash_del_telem(struct chash *h, struct slist *prev, for (prev = n, tmp = n->next; tmp->next != NULL; prev = tmp, tmp = tmp->next) - /* Find last array */; + /* Find last array */; j = 0; } else { /* Already at last array */ @@ -783,7 +783,7 @@ type_pf_chash_expire(struct chash *h) struct type_pf_elem *data; u32 i; int j; - + for (i = 0; i < jhash_size(ht->htable_bits); i++) slist_for_each_prev(prev, n, &ht->htable[i]) for (j = 0; j < h->array_size; j++) { @@ -862,14 +862,14 @@ next_slot: synchronize_net(); chash_destroy(orig); - + return 0; } static int type_pf_chash_tadd(struct ip_set *set, void *value, gfp_t gfp_flags, u32 timeout) -{ +{ struct chash *h = set->data; const struct type_pf_elem *d = value; struct slist *n, *prev; @@ -891,8 +891,8 @@ type_pf_chash_tadd(struct ip_set *set, void *value, data = chash_tdata(n, i); if (type_pf_data_isnull(data) || type_pf_data_expired(data)) { - tmp = n; - goto found; + tmp = n; + goto found; } if (type_pf_data_equal(data, d)) return -IPSET_ERR_EXIST; @@ -912,7 +912,7 @@ type_pf_chash_tadd(struct ip_set *set, void *value, } found: if (type_pf_data_isnull(data)) - h->elements++; + h->elements++; #ifdef IP_SET_HASH_WITH_NETS else del_cidr(h, data->cidr, HOST_MASK); @@ -943,7 +943,7 @@ type_pf_chash_tdel(struct ip_set *set, void *value, return -IPSET_ERR_EXIST; if (type_pf_data_equal(data, d)) { if (type_pf_data_expired(data)) - ret = -IPSET_ERR_EXIST; + ret = -IPSET_ERR_EXIST; type_pf_chash_del_telem(h, prev, n, i); return ret; } @@ -1058,7 +1058,7 @@ type_pf_tlist(struct ip_set *set, ipset_nest_end(skb, atd); /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -1107,7 +1107,7 @@ static inline void type_pf_gc_init(struct ip_set *set) { struct chash *h = set->data; - + init_timer(&h->gc); h->gc.data = (unsigned long) set; h->gc.function = type_pf_gc; diff --git a/kernel/include/linux/netfilter/ip_set_getport.h b/kernel/include/linux/netfilter/ip_set_getport.h index e4d469d..1597fa9 100644 --- a/kernel/include/linux/netfilter/ip_set_getport.h +++ b/kernel/include/linux/netfilter/ip_set_getport.h @@ -18,14 +18,14 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff, case IPPROTO_TCP: { struct tcphdr _tcph; const struct tcphdr *th; - + th = skb_header_pointer(skb, protooff, sizeof(_tcph), &_tcph); if (th == NULL) /* No choice either */ return false; - - *port = src ? th->source : th->dest; - break; + + *port = src ? th->source : th->dest; + break; } case IPPROTO_UDP: { struct udphdr _udph; @@ -35,29 +35,29 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff, if (uh == NULL) /* No choice either */ return false; - - *port = src ? uh->source : uh->dest; - break; + + *port = src ? uh->source : uh->dest; + break; } case IPPROTO_ICMP: { struct icmphdr _icmph; const struct icmphdr *ic; - + ic = skb_header_pointer(skb, protooff, sizeof(_icmph), &_icmph); if (ic == NULL) return false; - + *port = (ic->type << 8) & ic->code; break; } case IPPROTO_ICMPV6: { struct icmp6hdr _icmph; const struct icmp6hdr *ic; - + ic = skb_header_pointer(skb, protooff, sizeof(_icmph), &_icmph); if (ic == NULL) return false; - + *port = (ic->icmp6_type << 8) & ic->icmp6_code; break; } diff --git a/kernel/include/linux/netfilter/ip_set_hash.h b/kernel/include/linux/netfilter/ip_set_hash.h index e149a2b..b86f15c 100644 --- a/kernel/include/linux/netfilter/ip_set_hash.h +++ b/kernel/include/linux/netfilter/ip_set_hash.h @@ -22,5 +22,5 @@ enum { #define IPSET_DEFAULT_RESIZE 100 #endif /* __KERNEL__ */ - + #endif /* __IP_SET_HASH_H */ diff --git a/kernel/include/linux/netfilter/ip_set_list.h b/kernel/include/linux/netfilter/ip_set_list.h index 9988570..40a63f3 100644 --- a/kernel/include/linux/netfilter/ip_set_list.h +++ b/kernel/include/linux/netfilter/ip_set_list.h @@ -23,5 +23,5 @@ enum { #define IP_SET_LIST_MIN_SIZE 4 #endif /* __KERNEL__ */ - + #endif /* __IP_SET_LIST_H */ diff --git a/kernel/include/linux/netfilter/ip_set_slist.h b/kernel/include/linux/netfilter/ip_set_slist.h index 3e8d8b0..e472e43 100644 --- a/kernel/include/linux/netfilter/ip_set_slist.h +++ b/kernel/include/linux/netfilter/ip_set_slist.h @@ -7,7 +7,7 @@ /* * Single linked lists with a single pointer. - * Mostly useful for hash tables where the two pointer list head + * Mostly useful for hash tables where the two pointer list head * and list node is too wasteful. */ @@ -18,7 +18,7 @@ struct slist { #define SLIST(name) struct slist name = { .next = NULL } #define INIT_SLIST(ptr) ((ptr)->next = NULL) -#define slist_entry(ptr, type, member) container_of(ptr,type,member) +#define slist_entry(ptr, type, member) container_of(ptr, type, member) #define slist_for_each(pos, head) \ for (pos = (head)->next; pos && ({ prefetch(pos->next); 1; }); \ @@ -42,8 +42,8 @@ struct slist { */ #define slist_for_each_entry(tpos, pos, head, member) \ for (pos = (head)->next; \ - pos && ({ prefetch(pos->next); 1;}) && \ - ({ tpos = slist_entry(pos, typeof(*tpos), member); 1;}); \ + pos && ({ prefetch(pos->next); 1; }) && \ + ({ tpos = slist_entry(pos, typeof(*tpos), member); 1; });\ pos = pos->next) /** @@ -55,8 +55,8 @@ struct slist { */ #define slist_for_each_entry_continue(tpos, pos, member) \ for (pos = (pos)->next; \ - pos && ({ prefetch(pos->next); 1;}) && \ - ({ tpos = slist_entry(pos, typeof(*tpos), member); 1;}); \ + pos && ({ prefetch(pos->next); 1; }) && \ + ({ tpos = slist_entry(pos, typeof(*tpos), member); 1; });\ pos = pos->next) /** @@ -67,8 +67,8 @@ struct slist { * @member: the name of the slist within the struct. */ #define slist_for_each_entry_from(tpos, pos, member) \ - for (; pos && ({ prefetch(pos->next); 1;}) && \ - ({ tpos = slist_entry(pos, typeof(*tpos), member); 1;}); \ + for (; pos && ({ prefetch(pos->next); 1; }) && \ + ({ tpos = slist_entry(pos, typeof(*tpos), member); 1; });\ pos = pos->next) /** @@ -80,10 +80,10 @@ struct slist { * @head: the head for your list. * @member: the name of the slist within the struct. */ -#define slist_for_each_entry_safe(tpos, pos, n, head, member) \ - for (pos = (head)->next; \ - pos && ({ n = pos->next; 1; }) && \ - ({ tpos = slist_entry(pos, typeof(*tpos), member); 1;}); \ +#define slist_for_each_entry_safe(tpos, pos, n, head, member) \ + for (pos = (head)->next; \ + pos && ({ n = pos->next; 1; }) && \ + ({ tpos = slist_entry(pos, typeof(*tpos), member); 1; });\ pos = n) #endif /* _IP_SET_SLIST_H */ diff --git a/kernel/include/linux/netfilter/ip_set_timeout.h b/kernel/include/linux/netfilter/ip_set_timeout.h index b917480..519d84f 100644 --- a/kernel/include/linux/netfilter/ip_set_timeout.h +++ b/kernel/include/linux/netfilter/ip_set_timeout.h @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. + * published by the Free Software Foundation. */ #ifdef __KERNEL__ @@ -38,14 +38,14 @@ ip_set_timeout_uget(struct nlattr *tb) /* Bitmap entry is unset */ #define IPSET_ELEM_UNSET 0 /* Bitmap entry is set with no timeout value */ -#define IPSET_ELEM_PERMANENT UINT_MAX/2 +#define IPSET_ELEM_PERMANENT (UINT_MAX/2) static inline bool ip_set_timeout_test(unsigned long timeout) { return timeout != IPSET_ELEM_UNSET - && (timeout == IPSET_ELEM_PERMANENT - || time_after(timeout, jiffies)); + && (timeout == IPSET_ELEM_PERMANENT + || time_after(timeout, jiffies)); } static inline bool @@ -60,15 +60,15 @@ static inline unsigned long ip_set_timeout_set(u32 timeout) { unsigned long t; - + if (!timeout) return IPSET_ELEM_PERMANENT; - + t = timeout * HZ + jiffies; if (t == IPSET_ELEM_UNSET || t == IPSET_ELEM_PERMANENT) /* Bingo! */ t++; - + return t; } @@ -103,15 +103,15 @@ static inline unsigned long ip_set_timeout_set(u32 timeout) { unsigned long t; - + if (!timeout) return IPSET_ELEM_PERMANENT; - + t = timeout * HZ + jiffies; if (t == IPSET_ELEM_PERMANENT) /* Bingo! :-) */ t++; - + return t; } diff --git a/kernel/include/net/pfxlen.h b/kernel/include/net/pfxlen.h index 8183e17..6935145 100644 --- a/kernel/include/net/pfxlen.h +++ b/kernel/include/net/pfxlen.h @@ -8,7 +8,7 @@ {.ip6 = { \ __constant_htonl(a), __constant_htonl(b), \ __constant_htonl(c), __constant_htonl(d), \ - }} + } } /* * This table works for both IPv4 and IPv6; diff --git a/kernel/ip_set.c b/kernel/ip_set.c index ad1505d..1edb6ba 100644 --- a/kernel/ip_set.c +++ b/kernel/ip_set.c @@ -30,7 +30,7 @@ static DEFINE_MUTEX(ip_set_type_mutex); /* protects ip_set_type_list */ static struct ip_set **ip_set_list; /* all individual sets */ static ip_set_id_t ip_set_max = CONFIG_IP_SET_MAX; /* max number of sets */ -#define STREQ(a,b) (strncmp(a,b,IPSET_MAXNAMELEN) == 0) +#define STREQ(a, b) (strncmp(a, b, IPSET_MAXNAMELEN) == 0) static int max_sets; @@ -82,7 +82,7 @@ static struct ip_set_type * find_set_type_rcu(const char *name, u8 family, u8 revision) { struct ip_set_type *type; - + rcu_read_lock(); type = find_set_type(name, family, revision); if (type == NULL) @@ -92,7 +92,7 @@ find_set_type_rcu(const char *name, u8 family, u8 revision) } /* Find a given set type by name and family. - * If we succeeded, the supported minimal and maximum revisions are + * If we succeeded, the supported minimal and maximum revisions are * filled out. */ static bool @@ -101,15 +101,15 @@ find_set_type_minmax(const char *name, u8 family, { struct ip_set_type *type; bool ret = false; - + *min = *max = 0; rcu_read_lock(); list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && (type->family == family || type->family == AF_UNSPEC)) { - ret = true; - if (type->revision < *min) - *min = type->revision; + ret = true; + if (type->revision < *min) + *min = type->revision; else if (type->revision > *max) *max = type->revision; } @@ -128,7 +128,7 @@ int ip_set_type_register(struct ip_set_type *type) { int ret = 0; - + if (type->protocol != IPSET_PROTOCOL) { pr_warning("ip_set type %s, family %s, revision %u uses " "wrong protocol version %u (want %u)\n", @@ -181,7 +181,7 @@ EXPORT_SYMBOL(ip_set_type_unregister); * the properties of a set. All of these can be executed from userspace * only and serialized by the nfnl mutex indirectly from nfnetlink. * - * Sets are identified by their index in ip_set_list and the index + * Sets are identified by their index in ip_set_list and the index * is used by the external references (set/SET netfilter modules). * * The set behind an index may change by swapping only, from userspace. @@ -199,7 +199,7 @@ __ip_set_put(ip_set_id_t index) atomic_dec(&ip_set_list[index]->ref); } -/* +/* * Add, del and test set entries from kernel. * * The set behind the index must exist and must be referenced @@ -218,7 +218,7 @@ ip_set_test(ip_set_id_t index, const struct sk_buff *skb, if (dim < set->type->dimension || !(family == set->family || set->family == AF_UNSPEC)) - return 0; + return 0; read_lock_bh(&set->lock); ret = set->variant->kadt(set, skb, IPSET_TEST, family, dim, flags); @@ -250,7 +250,7 @@ ip_set_add(ip_set_id_t index, const struct sk_buff *skb, if (dim < set->type->dimension || !(family == set->family || set->family == AF_UNSPEC)) - return 0; + return 0; write_lock_bh(&set->lock); ret = set->variant->kadt(set, skb, IPSET_ADD, family, dim, flags); @@ -272,12 +272,12 @@ ip_set_del(ip_set_id_t index, const struct sk_buff *skb, if (dim < set->type->dimension || !(family == set->family || set->family == AF_UNSPEC)) - return 0; + return 0; write_lock_bh(&set->lock); ret = set->variant->kadt(set, skb, IPSET_DEL, family, dim, flags); write_unlock_bh(&set->lock); - + return ret; } EXPORT_SYMBOL(ip_set_del); @@ -341,7 +341,7 @@ ip_set_name_byindex(ip_set_id_t index) BUG_ON(atomic_read(&set->ref) == 0); /* Referenced, so it's safe */ - return set->name; + return set->name; } EXPORT_SYMBOL(ip_set_name_byindex); @@ -453,7 +453,7 @@ start_msg(struct sk_buff *skb, u32 pid, u32 seq, unsigned int flags, nfmsg->nfgen_family = AF_INET; nfmsg->version = NFNETLINK_V0; nfmsg->res_id = 0; - + return nlh; } @@ -463,7 +463,7 @@ static const struct nla_policy ip_set_create_policy[IPSET_ATTR_CMD_MAX + 1] __read_mostly = { [IPSET_ATTR_PROTOCOL] = { .type = NLA_U8 }, [IPSET_ATTR_SETNAME] = { .type = NLA_NUL_STRING, - .len = IPSET_MAXNAMELEN -1 }, + .len = IPSET_MAXNAMELEN - 1 }, [IPSET_ATTR_TYPENAME] = { .type = NLA_NUL_STRING, .len = IPSET_MAXNAMELEN - 1}, [IPSET_ATTR_REVISION] = { .type = NLA_U8 }, @@ -476,7 +476,7 @@ find_set_id(const char *name) { ip_set_id_t i, index = IPSET_INVALID_ID; struct ip_set *set; - + for (i = 0; index == IPSET_INVALID_ID && i < ip_set_max; i++) { set = ip_set_list[i]; if (set != NULL && STREQ(set->name, name)) @@ -534,13 +534,13 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb, u32 flags = flag_exist(nlh); int ret = 0, len; - if (unlikely(protocol_failed(attr) + if (unlikely(protocol_failed(attr) || attr[IPSET_ATTR_SETNAME] == NULL || attr[IPSET_ATTR_TYPENAME] == NULL || attr[IPSET_ATTR_REVISION] == NULL || attr[IPSET_ATTR_FAMILY] == NULL || (attr[IPSET_ATTR_DATA] != NULL - && !flag_nested(attr[IPSET_ATTR_DATA])))) + && !flag_nested(attr[IPSET_ATTR_DATA])))) return -IPSET_ERR_PROTOCOL; name = nla_data(attr[IPSET_ATTR_SETNAME]); @@ -617,7 +617,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb, && set->type->family == clash->type->family && set->type->revision == clash->type->revision && set->variant->same_set(set, clash)) - ret = 0; + ret = 0; goto cleanup; } @@ -628,7 +628,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb, ip_set_list[index] = set; return ret; - + cleanup: set->variant->destroy(set); put_out: @@ -667,7 +667,7 @@ ip_set_destroy(struct sock *ctnl, struct sk_buff *skb, NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) { ip_set_id_t i; - + if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; @@ -676,7 +676,7 @@ ip_set_destroy(struct sock *ctnl, struct sk_buff *skb, for (i = 0; i < ip_set_max; i++) { if (ip_set_list[i] != NULL && (atomic_read(&ip_set_list[i]->ref))) - return -IPSET_ERR_BUSY; + return -IPSET_ERR_BUSY; } for (i = 0; i < ip_set_max; i++) { if (ip_set_list[i] != NULL) @@ -791,7 +791,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, ip_set_id_t from_id, to_id; char from_name[IPSET_MAXNAMELEN]; u32 from_ref; - + if (unlikely(protocol_failed(attr) || attr[IPSET_ATTR_SETNAME] == NULL || attr[IPSET_ATTR_SETNAME2] == NULL)) @@ -807,7 +807,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, from = ip_set_list[from_id]; to = ip_set_list[to_id]; - + /* Features must not change. * Not an artifical restriction anymore, as we must prevent * possible loops created by swapping in setlist type of sets. */ @@ -815,7 +815,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, && from->type->family == to->type->family)) return -IPSET_ERR_TYPE_MISMATCH; - /* No magic here: ref munging protected by the nfnl_lock */ + /* No magic here: ref munging protected by the nfnl_lock */ strncpy(from_name, from->name, IPSET_MAXNAMELEN); from_ref = atomic_read(&from->ref); @@ -823,7 +823,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, atomic_set(&from->ref, atomic_read(&to->ref)); strncpy(to->name, from_name, IPSET_MAXNAMELEN); atomic_set(&to->ref, from_ref); - + ip_set_list[from_id] = to; ip_set_list[to_id] = from; @@ -857,7 +857,7 @@ dump_attrs(struct nlmsghdr *nlh) struct nlattr *attr; int rem; - pr_debug("dump nlmsg"); + pr_debug("dump nlmsg"); nlmsg_for_each_attr(attr, nlh, sizeof(struct nfgenmsg), rem) { pr_debug("type: %u, len %u", nla_type(attr), attr->nla_len); } @@ -871,13 +871,13 @@ dump_init(struct netlink_callback *cb) struct nlattr *cda[IPSET_ATTR_CMD_MAX+1]; struct nlattr *attr = (void *)nlh + min_len; ip_set_id_t index; - + /* Second pass, so parser can't fail */ nla_parse(cda, IPSET_ATTR_CMD_MAX, attr, nlh->nlmsg_len - min_len, ip_set_setname_policy); /* cb->args[0] : dump single set/all sets - * [1] : set index + * [1] : set index * [..]: type specific */ @@ -889,7 +889,7 @@ dump_init(struct netlink_callback *cb) index = find_set_id(nla_data(cda[IPSET_ATTR_SETNAME])); if (index == IPSET_INVALID_ID) return -EEXIST; - + cb->args[0] = DUMP_ONE; cb->args[1] = index; return 0; @@ -934,8 +934,8 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb) */ if (cb->args[0] != DUMP_ONE && !((cb->args[0] == DUMP_ALL) - ^ (set->type->features & IPSET_DUMP_LAST))) - continue; + ^ (set->type->features & IPSET_DUMP_LAST))) + continue; pr_debug("List set: %s", set->name); if (!cb->args[2]) { /* Start listing: make sure set won't be destroyed */ @@ -999,7 +999,7 @@ out: pr_debug("nlmsg_len: %u", nlh->nlmsg_len); dump_attrs(nlh); } - + return ret < 0 ? ret : skb->len; } @@ -1038,7 +1038,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, int ret, len = nla_len(nla), retried = 0; u32 lineno = 0; bool eexist = flags & IPSET_FLAG_EXIST; - + do { write_lock_bh(&set->lock); ret = set->variant->uadt(set, head, len, adt, @@ -1047,17 +1047,17 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, } while (ret == -EAGAIN && set->variant->resize && (ret = set->variant->resize(set, GFP_ATOMIC, - retried++)) == 0); + retried++)) == 0); if (!ret || (ret == -IPSET_ERR_EXIST && eexist)) return 0; if (lineno && attr[IPSET_ATTR_LINENO]) { /* Error in restore/batch mode: send back lineno */ u32 *errline = nla_data(attr[IPSET_ATTR_LINENO]); - + *errline = lineno; } - + return ret; } @@ -1073,13 +1073,13 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, if (unlikely(protocol_failed(attr) || attr[IPSET_ATTR_SETNAME] == NULL - || !((attr[IPSET_ATTR_DATA] != NULL) ^ - (attr[IPSET_ATTR_ADT] != NULL)) + || !((attr[IPSET_ATTR_DATA] != NULL) + ^ (attr[IPSET_ATTR_ADT] != NULL)) || (attr[IPSET_ATTR_DATA] != NULL - && !flag_nested(attr[IPSET_ATTR_DATA])) + && !flag_nested(attr[IPSET_ATTR_DATA])) || (attr[IPSET_ATTR_ADT] != NULL - && (!flag_nested(attr[IPSET_ATTR_ADT]) - || attr[IPSET_ATTR_LINENO] == NULL)))) + && (!flag_nested(attr[IPSET_ATTR_ADT]) + || attr[IPSET_ATTR_LINENO] == NULL)))) return -IPSET_ERR_PROTOCOL; set = find_set(nla_data(attr[IPSET_ATTR_SETNAME])); @@ -1091,7 +1091,7 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, set, attr[IPSET_ATTR_DATA], IPSET_ADD, flags); } else { int nla_rem; - + nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) { if (nla_type(nla) != IPSET_ATTR_DATA || !flag_nested(nla)) @@ -1117,25 +1117,25 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb, if (unlikely(protocol_failed(attr) || attr[IPSET_ATTR_SETNAME] == NULL - || !((attr[IPSET_ATTR_DATA] != NULL) ^ - (attr[IPSET_ATTR_ADT] != NULL)) + || !((attr[IPSET_ATTR_DATA] != NULL) + ^ (attr[IPSET_ATTR_ADT] != NULL)) || (attr[IPSET_ATTR_DATA] != NULL - && !flag_nested(attr[IPSET_ATTR_DATA])) + && !flag_nested(attr[IPSET_ATTR_DATA])) || (attr[IPSET_ATTR_ADT] != NULL - && (!flag_nested(attr[IPSET_ATTR_ADT]) - || attr[IPSET_ATTR_LINENO] == NULL)))) + && (!flag_nested(attr[IPSET_ATTR_ADT]) + || attr[IPSET_ATTR_LINENO] == NULL)))) return -IPSET_ERR_PROTOCOL; - + set = find_set(nla_data(attr[IPSET_ATTR_SETNAME])); if (set == NULL) return -EEXIST; - + if (attr[IPSET_ATTR_DATA]) { ret = call_ad(ctnl, skb, attr, set, attr[IPSET_ATTR_DATA], IPSET_DEL, flags); } else { int nla_rem; - + nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) { if (nla_type(nla) != IPSET_ATTR_DATA || !flag_nested(nla)) @@ -1162,11 +1162,11 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, || attr[IPSET_ATTR_DATA] == NULL || !flag_nested(attr[IPSET_ATTR_DATA]))) return -IPSET_ERR_PROTOCOL; - + set = find_set(nla_data(attr[IPSET_ATTR_SETNAME])); if (set == NULL) return -EEXIST; - + read_lock_bh(&set->lock); ret = set->variant->uadt(set, nla_data(attr[IPSET_ATTR_DATA]), @@ -1176,7 +1176,7 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, /* Userspace can't trigger element to be re-added */ if (ret == -EAGAIN) ret = 1; - + return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST; } @@ -1196,7 +1196,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, if (unlikely(protocol_failed(attr) || attr[IPSET_ATTR_SETNAME] == NULL)) return -IPSET_ERR_PROTOCOL; - + index = find_set_id(nla_data(attr[IPSET_ATTR_SETNAME])); if (index == IPSET_INVALID_ID) return -EEXIST; @@ -1205,7 +1205,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); if (skb2 == NULL) return -ENOMEM; - + nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, IPSET_CMD_HEADER); if (!nlh2) @@ -1220,13 +1220,13 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); if (ret < 0) return -EFAULT; - + return 0; nla_put_failure: nlmsg_cancel(skb2, nlh2); nlmsg_failure: - kfree_skb(skb2); + kfree_skb(skb2); return -EFAULT; } @@ -1255,7 +1255,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, || attr[IPSET_ATTR_TYPENAME] == NULL || attr[IPSET_ATTR_FAMILY] == NULL)) return -IPSET_ERR_PROTOCOL; - + family = nla_get_u8(attr[IPSET_ATTR_FAMILY]); typename = nla_data(attr[IPSET_ATTR_TYPENAME]); if (!find_set_type_minmax(typename, family, &min, &max)) { @@ -1271,7 +1271,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); if (skb2 == NULL) return -ENOMEM; - + nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, IPSET_CMD_TYPE); if (!nlh2) @@ -1287,13 +1287,13 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); if (ret < 0) return -EFAULT; - + return 0; nla_put_failure: nlmsg_cancel(skb2, nlh2); nlmsg_failure: - kfree_skb(skb2); + kfree_skb(skb2); return -EFAULT; } @@ -1306,8 +1306,8 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] __read_mostly = { static int ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + NFNL_CB_CONST struct nlmsghdr *nlh, + NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) { struct sk_buff *skb2; struct nlmsghdr *nlh2; @@ -1315,11 +1315,11 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, if (unlikely(attr[IPSET_ATTR_PROTOCOL] == NULL)) return -IPSET_ERR_PROTOCOL; - + skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); if (skb2 == NULL) return -ENOMEM; - + nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, IPSET_CMD_PROTOCOL); if (!nlh2) @@ -1330,13 +1330,13 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); if (ret < 0) return -EFAULT; - + return 0; nla_put_failure: nlmsg_cancel(skb2, nlh2); nlmsg_failure: - kfree_skb(skb2); + kfree_skb(skb2); return -EFAULT; } @@ -1429,9 +1429,9 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) return -EPERM; if (optval != SO_IP_SET) return -EBADF; - if (*len < sizeof(unsigned)) { + if (*len < sizeof(unsigned)) return -EINVAL; - } + data = vmalloc(*len); if (!data) return -ENOMEM; @@ -1498,10 +1498,10 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) goto done; } /* end of switch(op) */ - copy: +copy: ret = copy_to_user(user, data, copylen); - - done: + +done: vfree(data); if (ret > 0) ret = 0; @@ -1509,8 +1509,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) } static struct nf_sockopt_ops so_set = { - .pf = PF_INET, - .get_optmin = SO_IP_SET, + .pf = PF_INET, + .get_optmin = SO_IP_SET, .get_optmax = SO_IP_SET + 1, .get = &ip_set_sockfn_get, .owner = THIS_MODULE, @@ -1549,7 +1549,7 @@ ip_set_init(void) return ret; } - pr_notice("ip_set: protocol %u", IPSET_PROTOCOL); + pr_notice("ip_set: protocol %u", IPSET_PROTOCOL); return 0; } diff --git a/kernel/ip_set_bitmap_ip.c b/kernel/ip_set_bitmap_ip.c index 5bb6a3c..815769f 100644 --- a/kernel/ip_set_bitmap_ip.c +++ b/kernel/ip_set_bitmap_ip.c @@ -14,8 +14,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -82,7 +82,7 @@ bitmap_ip_kadt(struct ip_set *set, const struct sk_buff *skb, { struct bitmap_ip *map = set->data; u32 ip; - + ip = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC)); if (ip < map->first_ip || ip > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; @@ -154,7 +154,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *head, int len, } } else if (tb[IPSET_ATTR_CIDR]) { u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); - + if (cidr > 32) return -IPSET_ERR_INVALID_CIDR; ip &= HOSTMASK(cidr); @@ -182,10 +182,10 @@ static void bitmap_ip_destroy(struct ip_set *set) { struct bitmap_ip *map = set->data; - + ip_set_free(map->members); kfree(map); - + set->data = NULL; } @@ -193,7 +193,7 @@ static void bitmap_ip_flush(struct ip_set *set) { struct bitmap_ip *map = set->data; - + memset(map->members, 0, map->memsize); } @@ -215,7 +215,7 @@ bitmap_ip_head(struct ip_set *set, struct sk_buff *skb) NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(sizeof(*map) + map->memsize)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -234,7 +234,7 @@ bitmap_ip_list(struct ip_set *set, return -EFAULT; for (; cb->args[2] < map->elements; cb->args[2]++) { id = cb->args[2]; - if (!bitmap_ip_test(map, id)) + if (!bitmap_ip_test(map, id)) continue; nested = ipset_nest_start(skb, IPSET_ATTR_DATA); if (!nested) { @@ -264,7 +264,7 @@ bitmap_ip_same_set(const struct ip_set *a, const struct ip_set *b) { struct bitmap_ip *x = a->data; struct bitmap_ip *y = b->data; - + return x->first_ip == y->first_ip && x->last_ip == y->last_ip && x->netmask == y->netmask; @@ -320,7 +320,7 @@ bitmap_ip_timeout_del(struct bitmap_ip_timeout *map, u32 id) if (bitmap_ip_timeout_test(map, id)) ret = 0; - + map->members[id] = IPSET_ELEM_UNSET; return ret; } @@ -373,7 +373,7 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, if (ip < map->first_ip || ip > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; - + if (adt == IPSET_TEST) return bitmap_ip_timeout_test(map, ip_to_id((const struct bitmap_ip *)map, ip)); @@ -390,7 +390,7 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, } } else if (tb[IPSET_ATTR_CIDR]) { u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); - + if (cidr > 32) return -IPSET_ERR_INVALID_CIDR; ip &= HOSTMASK(cidr); @@ -400,7 +400,7 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, if (ip_to > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; - + if (tb[IPSET_ATTR_TIMEOUT]) timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); @@ -422,11 +422,11 @@ static void bitmap_ip_timeout_destroy(struct ip_set *set) { struct bitmap_ip_timeout *map = set->data; - + del_timer_sync(&map->gc); ip_set_free(map->members); kfree(map); - + set->data = NULL; } @@ -434,7 +434,7 @@ static void bitmap_ip_timeout_flush(struct ip_set *set) { struct bitmap_ip_timeout *map = set->data; - + memset(map->members, IPSET_ELEM_UNSET, map->memsize); } @@ -443,7 +443,7 @@ bitmap_ip_timeout_head(struct ip_set *set, struct sk_buff *skb) { const struct bitmap_ip_timeout *map = set->data; struct nlattr *nested; - + nested = ipset_nest_start(skb, IPSET_ATTR_DATA); if (!nested) goto nla_put_failure; @@ -457,7 +457,7 @@ bitmap_ip_timeout_head(struct ip_set *set, struct sk_buff *skb) NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(sizeof(*map) + map->memsize)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -471,7 +471,7 @@ bitmap_ip_timeout_list(struct ip_set *set, struct nlattr *adt, *nested; u32 id, first = cb->args[2]; unsigned long *table = map->members; - + adt = ipset_nest_start(skb, IPSET_ATTR_ADT); if (!adt) return -EFAULT; @@ -497,7 +497,7 @@ bitmap_ip_timeout_list(struct ip_set *set, /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -511,7 +511,7 @@ bitmap_ip_timeout_same_set(const struct ip_set *a, const struct ip_set *b) { struct bitmap_ip_timeout *x = a->data; struct bitmap_ip_timeout *y = b->data; - + return x->first_ip == y->first_ip && x->last_ip == y->last_ip && x->netmask == y->netmask @@ -541,7 +541,7 @@ bitmap_ip_gc(unsigned long ul_set) read_lock_bh(&set->lock); for (id = 0; id < map->elements; id++) if (ip_set_timeout_expired(table[id])) - table[id] = IPSET_ELEM_UNSET; + table[id] = IPSET_ELEM_UNSET; read_unlock_bh(&set->lock); map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ; @@ -587,7 +587,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, set->data = map; set->family = AF_INET; - + return true; } @@ -603,7 +603,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len, if (nla_parse(tb, IPSET_ATTR_CREATE_MAX, head, len, bitmap_ip_create_policy)) return -IPSET_ERR_PROTOCOL; - + ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &first_ip); if (ret) return ret; @@ -616,13 +616,13 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len, last_ip = htonl(last_ip); if (first_ip > last_ip) { u32 tmp = first_ip; - + first_ip = last_ip; last_ip = tmp; } } else if (tb[IPSET_ATTR_CIDR]) { u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); - + if (cidr >= 32) return -IPSET_ERR_INVALID_CIDR; last_ip = first_ip | ~HOSTMASK(cidr); @@ -631,14 +631,14 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_NETMASK]) { netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); - + if (netmask > 32) return -IPSET_ERR_INVALID_NETMASK; first_ip &= HOSTMASK(netmask); last_ip |= ~HOSTMASK(netmask); } - + if (netmask == 32) { hosts = 1; elements = last_ip - first_ip + 1; @@ -656,20 +656,20 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len, hosts = 2 << (32 - netmask - 1); elements = 2 << (netmask - mask_bits - 1); } - if (elements > IPSET_BITMAP_MAX_RANGE + 1) { + if (elements > IPSET_BITMAP_MAX_RANGE + 1) return -IPSET_ERR_BITMAP_RANGE_SIZE; - } + pr_debug("hosts %u, elements %u", hosts, elements); if (tb[IPSET_ATTR_TIMEOUT]) { struct bitmap_ip_timeout *map; - + map = kzalloc(sizeof(*map), GFP_KERNEL); if (!map) return -ENOMEM; - + map->memsize = elements * sizeof(unsigned long); - + if (!init_map_ip(set, (struct bitmap_ip *)map, first_ip, last_ip, elements, hosts, netmask)) { @@ -679,15 +679,15 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len, map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); set->variant = &bitmap_ip_timeout; - + bitmap_ip_gc_init(set); } else { struct bitmap_ip *map; - + map = kzalloc(sizeof(*map), GFP_KERNEL); if (!map) return -ENOMEM; - + map->memsize = bitmap_bytes(0, elements - 1); if (!init_map_ip(set, map, diff --git a/kernel/ip_set_bitmap_ipmac.c b/kernel/ip_set_bitmap_ipmac.c index 6778819..f2f34ed 100644 --- a/kernel/ip_set_bitmap_ipmac.c +++ b/kernel/ip_set_bitmap_ipmac.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -96,8 +96,8 @@ static inline int bitmap_ipmac_exist(const struct ipmac_telem *elem) { return elem->match == MAC_UNSET - || (elem->match == MAC_FILLED - && !ip_set_timeout_expired(elem->timeout)); + || (elem->match == MAC_FILLED + && !ip_set_timeout_expired(elem->timeout)); } /* Base variant */ @@ -203,7 +203,7 @@ bitmap_ipmac_list(struct ip_set *set, ipset_nest_end(skb, atd); /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -309,7 +309,7 @@ bitmap_ipmac_tlist(struct ip_set *set, for (; cb->args[2] <= last; cb->args[2]++) { id = cb->args[2]; elem = bitmap_ipmac_elem(map, id); - if (!bitmap_ipmac_exist(elem)) + if (!bitmap_ipmac_exist(elem)) continue; nested = ipset_nest_start(skb, IPSET_ATTR_DATA); if (!nested) { @@ -332,7 +332,7 @@ bitmap_ipmac_tlist(struct ip_set *set, ipset_nest_end(skb, atd); /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -356,7 +356,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb, /* Backward compatibility: we don't check the second flag */ if (skb_mac_header(skb) < skb->head || (skb_mac_header(skb) + ETH_HLEN) > skb->data) - return -EINVAL; + return -EINVAL; data.id -= map->first_ip; data.ether = eth_hdr(skb)->h_source; @@ -423,10 +423,10 @@ bitmap_ipmac_destroy(struct ip_set *set) if (with_timeout(map->timeout)) del_timer_sync(&map->gc); - + ip_set_free(map->members); kfree(map); - + set->data = NULL; } @@ -434,7 +434,7 @@ static void bitmap_ipmac_flush(struct ip_set *set) { struct bitmap_ipmac *map = set->data; - + memset(map->members, 0, (map->last_ip - map->first_ip + 1) * map->dsize); } @@ -454,11 +454,11 @@ bitmap_ipmac_head(struct ip_set *set, struct sk_buff *skb) htonl(atomic_read(&set->ref) - 1)); NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(sizeof(*map) - + (map->last_ip - map->first_ip + 1) * map->dsize)); + + (map->last_ip - map->first_ip + 1) * map->dsize)); if (with_timeout(map->timeout)) NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -469,7 +469,7 @@ bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b) { struct bitmap_ipmac *x = a->data; struct bitmap_ipmac *y = b->data; - + return x->first_ip == y->first_ip && x->last_ip == y->last_ip && x->timeout == y->timeout; @@ -512,7 +512,7 @@ bitmap_ipmac_gc(unsigned long ul_set) struct bitmap_ipmac *map = set->data; struct ipmac_telem *elem; u32 id, last = map->last_ip - map->first_ip; - + /* We run parallel with other readers (test element) * but adding/deleting new entries is locked out */ read_lock_bh(&set->lock); @@ -520,7 +520,7 @@ bitmap_ipmac_gc(unsigned long ul_set) elem = bitmap_ipmac_elem(map, id); if (elem->match == MAC_FILLED && ip_set_timeout_expired(elem->timeout)) - elem->match = MAC_EMPTY; + elem->match = MAC_EMPTY; } read_unlock_bh(&set->lock); @@ -563,7 +563,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, set->data = map; set->family = AF_INET; - + return true; } @@ -579,7 +579,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len, if (nla_parse(tb, IPSET_ATTR_CREATE_MAX, head, len, bitmap_ipmac_create_policy)) return -IPSET_ERR_PROTOCOL; - + ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &first_ip); if (ret) return ret; @@ -592,13 +592,13 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len, last_ip = ntohl(last_ip); if (first_ip > last_ip) { u32 tmp = first_ip; - + first_ip = last_ip; last_ip = tmp; } } else if (tb[IPSET_ATTR_CIDR]) { u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); - + if (cidr >= 32) return -IPSET_ERR_INVALID_CIDR; last_ip = first_ip | ~HOSTMASK(cidr); @@ -616,18 +616,18 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_TIMEOUT]) { map->dsize = sizeof(struct ipmac_telem); - + if (!init_map_ipmac(set, map, first_ip, last_ip)) { kfree(map); return -ENOMEM; } map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - - set->variant = &bitmap_tipmac; + + set->variant = &bitmap_tipmac; bitmap_ipmac_gc_init(set); - } else { + } else { map->dsize = sizeof(struct ipmac_elem); if (!init_map_ipmac(set, map, first_ip, last_ip)) { @@ -635,7 +635,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len, return -ENOMEM; } set->variant = &bitmap_ipmac; - + } return 0; } diff --git a/kernel/ip_set_bitmap_port.c b/kernel/ip_set_bitmap_port.c index 27363f6..b6d8120 100644 --- a/kernel/ip_set_bitmap_port.c +++ b/kernel/ip_set_bitmap_port.c @@ -14,8 +14,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -76,12 +76,12 @@ bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb, if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &port)) return -EINVAL; - + port = ntohs(port); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; - + port -= map->first_port; switch (adt) { @@ -125,7 +125,7 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *head, int len, port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; - + if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -165,10 +165,10 @@ static void bitmap_port_destroy(struct ip_set *set) { struct bitmap_port *map = set->data; - + ip_set_free(map->members); kfree(map); - + set->data = NULL; } @@ -176,7 +176,7 @@ static void bitmap_port_flush(struct ip_set *set) { struct bitmap_port *map = set->data; - + memset(map->members, 0, map->memsize); } @@ -196,7 +196,7 @@ bitmap_port_head(struct ip_set *set, struct sk_buff *skb) NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(sizeof(*map) + map->memsize)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -216,7 +216,7 @@ bitmap_port_list(struct ip_set *set, return -EFAULT; for (; cb->args[2] <= last; cb->args[2]++) { id = cb->args[2]; - if (!test_bit(id, map->members)) + if (!test_bit(id, map->members)) continue; nested = ipset_nest_start(skb, IPSET_ATTR_DATA); if (!nested) { @@ -233,7 +233,7 @@ bitmap_port_list(struct ip_set *set, ipset_nest_end(skb, atd); /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -247,7 +247,7 @@ bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b) { struct bitmap_port *x = a->data; struct bitmap_port *y = b->data; - + return x->first_port == y->first_port && x->last_port == y->last_port; } @@ -300,7 +300,7 @@ bitmap_port_timeout_del(const struct bitmap_port_timeout *map, if (bitmap_port_timeout_test(map, id)) ret = 0; - + map->members[id] = IPSET_ELEM_UNSET; return ret; } @@ -371,19 +371,19 @@ bitmap_port_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, } } else port_to = port; - + if (port_to > map->last_port) return -IPSET_ERR_BITMAP_RANGE; if (tb[IPSET_ATTR_TIMEOUT]) timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - + for (; port <= port_to; port++) { id = port - map->first_port; ret = adt == IPSET_ADD ? bitmap_port_timeout_add(map, id, timeout) : bitmap_port_timeout_del(map, id); - + if (ret && !ip_set_eexist(ret, flags)) return ret; else @@ -400,7 +400,7 @@ bitmap_port_timeout_destroy(struct ip_set *set) del_timer_sync(&map->gc); ip_set_free(map->members); kfree(map); - + set->data = NULL; } @@ -408,7 +408,7 @@ static void bitmap_port_timeout_flush(struct ip_set *set) { struct bitmap_port_timeout *map = set->data; - + memset(map->members, 0, map->memsize); } @@ -429,7 +429,7 @@ bitmap_port_timeout_head(struct ip_set *set, struct sk_buff *skb) NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(sizeof(*map) + map->memsize)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -444,7 +444,7 @@ bitmap_port_timeout_list(struct ip_set *set, u16 id, first = cb->args[2]; u16 last = map->last_port - map->first_port; unsigned long *table = map->members; - + adt = ipset_nest_start(skb, IPSET_ATTR_ADT); if (!adt) return -EFAULT; @@ -470,7 +470,7 @@ bitmap_port_timeout_list(struct ip_set *set, /* Set listing finished */ cb->args[2] = 0; - + return 0; nla_put_failure: @@ -484,7 +484,7 @@ bitmap_port_timeout_same_set(const struct ip_set *a, const struct ip_set *b) { struct bitmap_port_timeout *x = a->data; struct bitmap_port_timeout *y = b->data; - + return x->first_port == y->first_port && x->last_port == y->last_port && x->timeout == y->timeout; @@ -508,13 +508,13 @@ bitmap_port_gc(unsigned long ul_set) unsigned long *table = map->members; u32 id; /* wraparound */ u16 last = map->last_port - map->first_port; - + /* We run parallel with other readers (test element) * but adding/deleting new entries is locked out */ read_lock_bh(&set->lock); for (id = 0; id <= last; id++) if (ip_set_timeout_expired(table[id])) - table[id] = IPSET_ELEM_UNSET; + table[id] = IPSET_ELEM_UNSET; read_unlock_bh(&set->lock); map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ; @@ -554,7 +554,7 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, set->data = map; set->family = AF_UNSPEC; - + return true; } @@ -568,7 +568,7 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, if (nla_parse(tb, IPSET_ATTR_CREATE_MAX, head, len, bitmap_port_create_policy)) return -IPSET_ERR_PROTOCOL; - + if (tb[IPSET_ATTR_PORT]) first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); else @@ -578,7 +578,7 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); if (first_port > last_port) { u16 tmp = first_port; - + first_port = last_port; last_port = tmp; } @@ -587,14 +587,14 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_TIMEOUT]) { struct bitmap_port_timeout *map; - + map = kzalloc(sizeof(*map), GFP_KERNEL); if (!map) return -ENOMEM; - + map->memsize = (last_port - first_port + 1) * sizeof(unsigned long); - + if (!init_map_port(set, (struct bitmap_port *) map, first_port, last_port)) { kfree(map); @@ -603,11 +603,11 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); set->variant = &bitmap_port_timeout; - + bitmap_port_gc_init(set); } else { struct bitmap_port *map; - + map = kzalloc(sizeof(*map), GFP_KERNEL); if (!map) return -ENOMEM; diff --git a/kernel/ip_set_hash_ip.c b/kernel/ip_set_hash_ip.c index 32093fc..eb4a859 100644 --- a/kernel/ip_set_hash_ip.c +++ b/kernel/ip_set_hash_ip.c @@ -13,8 +13,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -125,7 +125,7 @@ hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb, struct chash *h = set->data; ipset_adtfn adtfn = set->variant->adt[adt]; u32 ip; - + ip4addrptr(skb, flags & IPSET_DIM_ONE_SRC, &ip); ip &= NETMASK(h->netmask); if (ip == 0) @@ -187,7 +187,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len, swap(ip, ip_to); } else if (tb[IPSET_ATTR_CIDR]) { u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); - + if (cidr > 32) return -IPSET_ERR_INVALID_CIDR; ip &= HOSTMASK(cidr); @@ -257,7 +257,7 @@ static inline void hash_ip6_data_swap(struct hash_ip6_elem *dst, struct hash_ip6_elem *src) { struct in6_addr tmp; - + ipv6_addr_copy(&tmp, &dst->ip.in6); ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); ipv6_addr_copy(&src->ip.in6, &tmp); @@ -291,9 +291,9 @@ nla_put_failure: static inline bool hash_ip6_data_tlist(struct sk_buff *skb, const struct hash_ip6_elem *data) { - const struct hash_ip6_telem *e = + const struct hash_ip6_telem *e = (const struct hash_ip6_telem *)data; - + NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(ip_set_timeout_get(e->timeout))); @@ -411,7 +411,7 @@ hash_ip_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) if (tb[IPSET_ATTR_NETMASK]) { netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); - + if ((set->family == AF_INET && netmask > 32) || (set->family == AF_INET6 && netmask > 128) || netmask == 0) @@ -444,7 +444,7 @@ hash_ip_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - + set->variant = set->family == AF_INET ? &hash_ip4_tvariant : &hash_ip6_tvariant; @@ -456,11 +456,11 @@ hash_ip_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) set->variant = set->family == AF_INET ? &hash_ip4_variant : &hash_ip6_variant; } - + pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)", set->name, jhash_size(h->table->htable_bits), h->table->htable_bits, h->maxelem, set->data, h->table); - + return 0; } diff --git a/kernel/ip_set_hash_ipport.c b/kernel/ip_set_hash_ipport.c index ddd0d28..7ac0c05 100644 --- a/kernel/ip_set_hash_ipport.c +++ b/kernel/ip_set_hash_ipport.c @@ -13,8 +13,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -191,7 +191,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_PROTO]) { data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); - + if (data.proto == 0) return -IPSET_ERR_INVALID_PROTO; } else @@ -223,7 +223,7 @@ hash_ipport_same_set(const struct ip_set *a, const struct ip_set *b) { struct chash *x = a->data; struct chash *y = b->data; - + /* Resizing changes htable_bits, so we ignore it */ return x->maxelem == y->maxelem && x->timeout == y->timeout @@ -304,9 +304,9 @@ static inline bool hash_ipport6_data_tlist(struct sk_buff *skb, const struct hash_ipport6_elem *data) { - const struct hash_ipport6_telem *e = + const struct hash_ipport6_telem *e = (const struct hash_ipport6_telem *)data; - + NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); @@ -394,7 +394,7 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *head, int len, } ret = adtfn(set, &data, GFP_ATOMIC, timeout); - + return ip_set_eexist(ret, flags) ? 0 : ret; } @@ -459,7 +459,7 @@ hash_ipport_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - + set->variant = set->family == AF_INET ? &hash_ipport4_tvariant : &hash_ipport6_tvariant; @@ -471,11 +471,11 @@ hash_ipport_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) set->variant = set->family == AF_INET ? &hash_ipport4_variant : &hash_ipport6_variant; } - + pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)", set->name, jhash_size(h->table->htable_bits), h->table->htable_bits, h->maxelem, set->data, h->table); - + return 0; } diff --git a/kernel/ip_set_hash_ipportip.c b/kernel/ip_set_hash_ipportip.c index 0e46268..2dccb29 100644 --- a/kernel/ip_set_hash_ipportip.c +++ b/kernel/ip_set_hash_ipportip.c @@ -13,8 +13,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -148,7 +148,7 @@ hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb, struct chash *h = set->data; ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_ipportip4_elem data = { }; - + if (!get_ip4_port(skb, flags & IPSET_DIM_TWO_SRC, &data.port, &data.proto)) return -EINVAL; @@ -202,7 +202,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_PROTO]) { data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); - + if (data.proto == 0) return -IPSET_ERR_INVALID_PROTO; } else @@ -234,7 +234,7 @@ hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b) { struct chash *x = a->data; struct chash *y = b->data; - + /* Resizing changes htable_bits, so we ignore it */ return x->maxelem == y->maxelem && x->timeout == y->timeout @@ -289,7 +289,7 @@ hash_ipportip6_data_swap(struct hash_ipportip6_elem *dst, struct hash_ipportip6_elem *src) { struct hash_ipportip6_elem tmp; - + memcpy(&tmp, dst, sizeof(tmp)); memcpy(dst, src, sizeof(tmp)); memcpy(src, &tmp, sizeof(tmp)); @@ -319,9 +319,9 @@ static inline bool hash_ipportip6_data_tlist(struct sk_buff *skb, const struct hash_ipportip6_elem *data) { - const struct hash_ipportip6_telem *e = + const struct hash_ipportip6_telem *e = (const struct hash_ipportip6_telem *)data; - + NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); @@ -480,7 +480,7 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *head, if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - + set->variant = set->family == AF_INET ? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant; @@ -492,11 +492,11 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *head, set->variant = set->family == AF_INET ? &hash_ipportip4_variant : &hash_ipportip6_variant; } - + pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)", set->name, jhash_size(h->table->htable_bits), h->table->htable_bits, h->maxelem, set->data, h->table); - + return 0; } diff --git a/kernel/ip_set_hash_net.c b/kernel/ip_set_hash_net.c index 4cb57ac..94c4118 100644 --- a/kernel/ip_set_hash_net.c +++ b/kernel/ip_set_hash_net.c @@ -13,8 +13,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -144,7 +144,7 @@ hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb, struct chash *h = set->data; ipset_adtfn adtfn = set->variant->adt[adt]; struct hash_net4_elem data = { .cidr = h->nets[0].cidr || HOST_MASK }; - + if (data.cidr == 0) return -EINVAL; if (adt == IPSET_TEST) @@ -209,7 +209,7 @@ hash_net_same_set(const struct ip_set *a, const struct ip_set *b) { struct chash *x = a->data; struct chash *y = b->data; - + /* Resizing changes htable_bits, so we ignore it */ return x->maxelem == y->maxelem && x->timeout == y->timeout @@ -302,9 +302,9 @@ nla_put_failure: static inline bool hash_net6_data_tlist(struct sk_buff *skb, const struct hash_net6_elem *data) { - const struct hash_net6_telem *e = + const struct hash_net6_telem *e = (const struct hash_net6_telem *)data; - + NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); NLA_PUT_U8(skb, IPSET_ATTR_CIDR, e->cidr); NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, @@ -378,7 +378,7 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *head, int len, } ret = adtfn(set, &data, GFP_ATOMIC, timeout); - + return ip_set_eexist(ret, flags) ? 0 : ret; } @@ -444,7 +444,7 @@ hash_net_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - + set->variant = set->family == AF_INET ? &hash_net4_tvariant : &hash_net6_tvariant; @@ -456,11 +456,11 @@ hash_net_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) set->variant = set->family == AF_INET ? &hash_net4_variant : &hash_net6_variant; } - + pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)", set->name, jhash_size(h->table->htable_bits), h->table->htable_bits, h->maxelem, set->data, h->table); - + return 0; } diff --git a/kernel/ip_set_hash_netport.c b/kernel/ip_set_hash_netport.c index db4d2f5..b9f5789 100644 --- a/kernel/ip_set_hash_netport.c +++ b/kernel/ip_set_hash_netport.c @@ -13,8 +13,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -79,7 +79,7 @@ hash_netport4_data_isnull(const struct hash_netport4_elem *elem) static inline void hash_netport4_data_copy(struct hash_netport4_elem *dst, - const struct hash_netport4_elem *src) + const struct hash_netport4_elem *src) { dst->ip = src->ip; dst->port = src->port; @@ -89,7 +89,7 @@ hash_netport4_data_copy(struct hash_netport4_elem *dst, static inline void hash_netport4_data_swap(struct hash_netport4_elem *dst, - struct hash_netport4_elem *src) + struct hash_netport4_elem *src) { swap(dst->ip, src->ip); swap(dst->port, src->port); @@ -112,7 +112,7 @@ hash_netport4_data_zero_out(struct hash_netport4_elem *elem) static inline bool hash_netport4_data_list(struct sk_buff *skb, - const struct hash_netport4_elem *data) + const struct hash_netport4_elem *data) { NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); @@ -157,8 +157,8 @@ hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb, { struct chash *h = set->data; ipset_adtfn adtfn = set->variant->adt[adt]; - struct hash_netport4_elem data = - { .cidr = h->nets[0].cidr || HOST_MASK }; + struct hash_netport4_elem data = { + .cidr = h->nets[0].cidr || HOST_MASK }; if (data.cidr == 0) return -EINVAL; @@ -206,7 +206,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *head, int len, ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &data.ip); if (ret) return ret; - + if (tb[IPSET_ATTR_CIDR]) data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); if (!data.cidr) @@ -220,7 +220,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_PROTO]) { data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); - + if (data.proto == 0) return -IPSET_ERR_INVALID_PROTO; } else @@ -252,7 +252,7 @@ hash_netport_same_set(const struct ip_set *a, const struct ip_set *b) { struct chash *x = a->data; struct chash *y = b->data; - + /* Resizing changes htable_bits, so we ignore it */ return x->maxelem == y->maxelem && x->timeout == y->timeout @@ -295,14 +295,14 @@ hash_netport6_data_isnull(const struct hash_netport6_elem *elem) static inline void hash_netport6_data_copy(struct hash_netport6_elem *dst, - const struct hash_netport6_elem *src) + const struct hash_netport6_elem *src) { memcpy(dst, src, sizeof(*dst)); } static inline void hash_netport6_data_swap(struct hash_netport6_elem *dst, - struct hash_netport6_elem *src) + struct hash_netport6_elem *src) { struct hash_netport6_elem tmp; @@ -335,7 +335,7 @@ hash_netport6_data_netmask(struct hash_netport6_elem *elem, u8 cidr) static inline bool hash_netport6_data_list(struct sk_buff *skb, - const struct hash_netport6_elem *data) + const struct hash_netport6_elem *data) { NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); @@ -351,9 +351,9 @@ static inline bool hash_netport6_data_tlist(struct sk_buff *skb, const struct hash_netport6_elem *data) { - const struct hash_netport6_telem *e = + const struct hash_netport6_telem *e = (const struct hash_netport6_telem *)data; - + NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); @@ -379,8 +379,8 @@ hash_netport6_kadt(struct ip_set *set, const struct sk_buff *skb, { struct chash *h = set->data; ipset_adtfn adtfn = set->variant->adt[adt]; - struct hash_netport6_elem data = - { .cidr = h->nets[0].cidr || HOST_MASK }; + struct hash_netport6_elem data = { + .cidr = h->nets[0].cidr || HOST_MASK }; if (data.cidr == 0) return -EINVAL; @@ -418,7 +418,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *head, int len, ret = ip_set_get_ipaddr6(tb, IPSET_ATTR_IP, &data.ip); if (ret) return ret; - + if (tb[IPSET_ATTR_CIDR]) data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); if (!data.cidr) @@ -455,7 +455,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *head, int len, } ret = adtfn(set, &data, GFP_ATOMIC, timeout); - + return ip_set_eexist(ret, flags) ? 0 : ret; } @@ -522,7 +522,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - + set->variant = set->family == AF_INET ? &hash_netport4_tvariant : &hash_netport6_tvariant; @@ -534,11 +534,11 @@ hash_netport_create(struct ip_set *set, struct nlattr *head, int len, u32 flags) set->variant = set->family == AF_INET ? &hash_netport4_variant : &hash_netport6_variant; } - + pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)", set->name, jhash_size(h->table->htable_bits), h->table->htable_bits, h->maxelem, set->data, h->table); - + return 0; } diff --git a/kernel/ip_set_list_set.c b/kernel/ip_set_list_set.c index ea3f0a9..3b9ba12 100644 --- a/kernel/ip_set_list_set.c +++ b/kernel/ip_set_list_set.c @@ -52,7 +52,7 @@ list_set_timeout(const struct list_set *map, u32 id) { const struct set_telem *elem = (const struct set_telem *) list_set_elem(map, id); - + return ip_set_timeout_test(elem->timeout); } @@ -150,7 +150,7 @@ list_elem_add(struct list_set *map, u32 i, ip_set_id_t id) break; } } - + static inline void list_elem_tadd(struct list_set *map, u32 i, ip_set_id_t id, unsigned long timeout) @@ -165,7 +165,7 @@ list_elem_tadd(struct list_set *map, u32 i, ip_set_id_t id, swap(e->timeout, timeout); } } - + static int list_set_add(struct list_set *map, u32 i, ip_set_id_t id, unsigned long timeout) @@ -179,7 +179,7 @@ list_set_add(struct list_set *map, u32 i, ip_set_id_t id, list_elem_tadd(map, i, id, timeout); else list_elem_add(map, i, id); - + return 0; } @@ -266,7 +266,7 @@ list_set_uadt(struct ip_set *set, struct nlattr *head, int len, } timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); } - + switch (adt) { case IPSET_TEST: for (i = 0; i < map->size && !ret; i++) { @@ -289,7 +289,7 @@ list_set_uadt(struct ip_set *set, struct nlattr *head, int len, elem = list_set_elem(map, i); if (elem->id == id && !(with_timeout && list_set_expired(map, i))) - ret = -IPSET_ERR_EXIST; + ret = -IPSET_ERR_EXIST; } if (ret == -IPSET_ERR_EXIST) break; @@ -320,13 +320,14 @@ list_set_uadt(struct ip_set *set, struct nlattr *head, int len, } else if (with_timeout && list_set_expired(map, i)) continue; else if (elem->id == id - && (before == 0 - || (before > 0 - && next_id_eq(map, i, refid)))) + && (before == 0 + || (before > 0 + && next_id_eq(map, i, refid)))) ret = list_set_del(map, id, i); - else if (before < 0 && elem->id == refid - && next_id_eq(map, i, id)) - ret = list_set_del(map, id, i + 1); + else if (before < 0 + && elem->id == refid + && next_id_eq(map, i, id)) + ret = list_set_del(map, id, i + 1); } break; default: @@ -367,7 +368,7 @@ list_set_destroy(struct ip_set *set) del_timer_sync(&map->gc); list_set_flush(set); kfree(map); - + set->data = NULL; } @@ -388,7 +389,7 @@ list_set_head(struct ip_set *set, struct sk_buff *skb) NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(sizeof(*map) + map->size * map->dsize)); ipset_nest_end(skb, nested); - + return 0; nla_put_failure: return -EFAULT; @@ -411,7 +412,7 @@ list_set_list(struct ip_set *set, e = list_set_elem(map, i); if (e->id == IPSET_INVALID_ID) goto finish; - if (with_timeout(map->timeout) && list_set_expired(map, i)) + if (with_timeout(map->timeout) && list_set_expired(map, i)) continue; nested = ipset_nest_start(skb, IPSET_ATTR_DATA); if (!nested) { @@ -448,7 +449,7 @@ list_set_same_set(const struct ip_set *a, const struct ip_set *b) { struct list_set *x = a->data; struct list_set *y = b->data; - + return x->size == y->size && x->timeout == y->timeout; } @@ -478,7 +479,7 @@ list_set_gc(unsigned long ul_set) e = (struct set_telem *) list_set_elem(map, i); if (e->id != IPSET_INVALID_ID && list_set_expired(map, i)) - list_set_del(map, e->id, i); + list_set_del(map, e->id, i); } read_unlock_bh(&set->lock); @@ -513,7 +514,7 @@ init_list_set(struct ip_set *set, u32 size, size_t dsize, struct list_set *map; struct set_elem *e; u32 i; - + map = kzalloc(sizeof(*map) + size * dsize, GFP_KERNEL); if (!map) return false; @@ -527,7 +528,7 @@ init_list_set(struct ip_set *set, u32 size, size_t dsize, e = list_set_elem(map, i); e->id = IPSET_INVALID_ID; } - + return true; } @@ -541,7 +542,7 @@ list_set_create(struct ip_set *set, struct nlattr *head, int len, if (nla_parse(tb, IPSET_ATTR_CREATE_MAX, head, len, list_set_create_policy)) return -IPSET_ERR_PROTOCOL; - + if (tb[IPSET_ATTR_SIZE]) size = ip_set_get_h32(tb[IPSET_ATTR_SIZE]); if (size < IP_SET_LIST_MIN_SIZE) @@ -551,9 +552,9 @@ list_set_create(struct ip_set *set, struct nlattr *head, int len, if (!init_list_set(set, size, sizeof(struct set_telem), ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]))) return -ENOMEM; - + list_set_gc_init(set); - } else { + } else { if (!init_list_set(set, size, sizeof(struct set_elem), IPSET_NO_TIMEOUT)) return -ENOMEM; diff --git a/kernel/xt_set.c b/kernel/xt_set.c index 05bd84e..7484919 100644 --- a/kernel/xt_set.c +++ b/kernel/xt_set.c @@ -30,7 +30,7 @@ MODULE_ALIAS("ip6t_SET"); static inline int match_set(ip_set_id_t index, const struct sk_buff *skb, u8 pf, u8 dim, u8 flags, int inv) -{ +{ if (ip_set_test(index, skb, pf, dim, flags)) inv = !inv; return inv; @@ -42,21 +42,21 @@ match_set(ip_set_id_t index, const struct sk_buff *skb, * 2.6.24: [NETLINK]: Introduce nested and byteorder flag to netlink attribute * 2.6.31: netfilter: passive OS fingerprint xtables match */ - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,31) + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 31) #error "Linux kernel version too old: must be >= 2.6.31" #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) #define CHECK_OK 1 #define CHECK_FAIL 0 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ #define CHECK_OK 0 -#define CHECK_FAIL -EINVAL +#define CHECK_FAIL (-EINVAL) #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static bool set_match_v0(const struct sk_buff *skb, const struct xt_match_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -65,7 +65,7 @@ set_match_v0(const struct sk_buff *skb, struct xt_action_param *par) #endif { const struct xt_set_info_match_v0 *info = par->matchinfo; - + return match_set(info->match_set.index, skb, par->family, info->match_set.u.compat.dim, info->match_set.u.compat.flags, @@ -88,7 +88,7 @@ compat_flags(struct xt_set_info_v0 *info) } } -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static bool set_match_v0_checkentry(const struct xt_mtchk_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -100,7 +100,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) ip_set_id_t index; index = ip_set_nfnl_get_byindex(info->match_set.index); - + if (index == IPSET_INVALID_ID) { pr_warning("Cannot find set indentified by id %u to match", info->match_set.index); @@ -125,7 +125,7 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par) ip_set_nfnl_put(info->match_set.index); } -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static unsigned int set_target_v0(struct sk_buff *skb, const struct xt_target_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -134,7 +134,7 @@ set_target_v0(struct sk_buff *skb, const struct xt_action_param *par) #endif { const struct xt_set_info_target_v0 *info = par->targinfo; - + if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, par->family, info->add_set.u.compat.dim, @@ -147,7 +147,7 @@ set_target_v0(struct sk_buff *skb, const struct xt_action_param *par) return XT_CONTINUE; } -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static bool set_target_v0_checkentry(const struct xt_tgchk_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -201,7 +201,7 @@ set_target_v0_destroy(const struct xt_tgdtor_param *par) /* Revision 1: current interface to netfilter/iptables */ -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static bool set_match(const struct sk_buff *skb, const struct xt_match_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -210,14 +210,14 @@ set_match(const struct sk_buff *skb, struct xt_action_param *par) #endif { const struct xt_set_info_match *info = par->matchinfo; - + return match_set(info->match_set.index, skb, par->family, info->match_set.dim, info->match_set.flags, info->match_set.flags & IPSET_INV_MATCH); } -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static bool set_match_checkentry(const struct xt_mtchk_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -229,7 +229,7 @@ set_match_checkentry(const struct xt_mtchk_param *par) ip_set_id_t index; index = ip_set_nfnl_get_byindex(info->match_set.index); - + if (index == IPSET_INVALID_ID) { pr_warning("Cannot find set indentified by id %u to match", info->match_set.index); @@ -251,7 +251,7 @@ set_match_destroy(const struct xt_mtdtor_param *par) ip_set_nfnl_put(info->match_set.index); } -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static unsigned int set_target(struct sk_buff *skb, const struct xt_target_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -260,7 +260,7 @@ set_target(struct sk_buff *skb, const struct xt_action_param *par) #endif { const struct xt_set_info_target *info = par->targinfo; - + if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, par->family, @@ -275,7 +275,7 @@ set_target(struct sk_buff *skb, const struct xt_action_param *par) return XT_CONTINUE; } -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) static bool set_target_checkentry(const struct xt_tgchk_param *par) #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ @@ -358,41 +358,41 @@ static struct xt_match set_matches[] __read_mostly = { static struct xt_target set_targets[] __read_mostly = { { - .name = "SET", + .name = "SET", .revision = 0, .family = NFPROTO_IPV4, - .target = set_target_v0, + .target = set_target_v0, .targetsize = sizeof(struct xt_set_info_target_v0), - .checkentry = set_target_v0_checkentry, - .destroy = set_target_v0_destroy, - .me = THIS_MODULE + .checkentry = set_target_v0_checkentry, + .destroy = set_target_v0_destroy, + .me = THIS_MODULE }, { - .name = "SET", + .name = "SET", .revision = 1, .family = NFPROTO_IPV4, - .target = set_target, + .target = set_target, .targetsize = sizeof(struct xt_set_info_target), - .checkentry = set_target_checkentry, - .destroy = set_target_destroy, - .me = THIS_MODULE + .checkentry = set_target_checkentry, + .destroy = set_target_destroy, + .me = THIS_MODULE }, { - .name = "SET", + .name = "SET", .revision = 1, .family = NFPROTO_IPV6, - .target = set_target, + .target = set_target, .targetsize = sizeof(struct xt_set_info_target), - .checkentry = set_target_checkentry, - .destroy = set_target_destroy, - .me = THIS_MODULE + .checkentry = set_target_checkentry, + .destroy = set_target_destroy, + .me = THIS_MODULE }, }; static int __init xt_set_init(void) { int ret = xt_register_matches(set_matches, ARRAY_SIZE(set_matches)); - + if (!ret) { ret = xt_register_targets(set_targets, ARRAY_SIZE(set_targets));