From 027dc5fb9021ce3f814a345b17c56d899733569a Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Sat, 16 May 2009 21:10:02 +0200 Subject: [PATCH] ipset 3.0 release The main change is full bigendian and 64/32bit enviroment support - in consequence the kernel-userspace protocol version was bumped. --- ChangeLog | 5 ++ Makefile | 2 +- ipset.h | 23 +++--- ipset_iphash.c | 4 +- ipset_ipmap.c | 4 +- ipset_ipporthash.c | 4 +- ipset_ipportiphash.c | 4 +- ipset_ipportnethash.c | 4 +- ipset_iptree.c | 4 +- ipset_iptreemap.c | 4 +- ipset_macipmap.c | 10 ++- ipset_nethash.c | 4 +- ipset_portmap.c | 4 +- ipset_setlist.c | 4 +- kernel/ChangeLog | 6 ++ kernel/include/linux/netfilter_ipv4/ip_set.h | 32 ++++----- .../linux/netfilter_ipv4/ip_set_bitmaps.h | 8 +-- .../linux/netfilter_ipv4/ip_set_compat.h | 1 + .../linux/netfilter_ipv4/ip_set_hashes.h | 16 +++-- .../linux/netfilter_ipv4/ip_set_ipmap.h | 2 +- .../linux/netfilter_ipv4/ip_set_macipmap.h | 4 +- .../linux/netfilter_ipv4/ip_set_portmap.h | 2 +- kernel/ip_set.c | 71 ++++++++++--------- kernel/ip_set_ipportnethash.c | 2 +- kernel/ip_set_iptree.c | 8 +-- kernel/ip_set_iptreemap.c | 4 +- kernel/ip_set_macipmap.c | 16 ++--- kernel/ip_set_nethash.c | 2 +- kernel/ip_set_setlist.c | 8 +-- tests/runtest.sh | 10 +-- 30 files changed, 143 insertions(+), 129 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7992f81..228925a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +3.0 + - New kernel-userspace protocol release + - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593) + - tests/runtests.sh changed to support old bash shells + 2.5.0 - On parisc architecture cast increases required aligment (bugzilla id 582), fixed. diff --git a/Makefile b/Makefile index c55226d..c3d8385 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ ifndef V V=0 endif -IPSET_VERSION:=2.5.0 +IPSET_VERSION:=3.0 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib diff --git a/ipset.h b/ipset.h index 2596dfa..e47a480 100644 --- a/ipset.h +++ b/ipset.h @@ -95,7 +95,7 @@ struct settype { */ /* Size of create data. Will be sent to kernel */ - size_t create_size; + u_int32_t create_size; /* Initialize the create. */ void (*create_init) (void *data); @@ -115,7 +115,7 @@ struct settype { */ /* Size of data. Will be sent to kernel */ - size_t adt_size; + u_int32_t adt_size; /* Function which parses command options */ ip_set_ip_t (*adt_parser) (int cmd, const char *optarg, void *data); @@ -125,7 +125,7 @@ struct settype { */ /* Size of header. */ - size_t header_size; + u_int32_t header_size; /* Initialize the type-header */ void (*initheader) (struct set *set, const void *data); @@ -134,16 +134,16 @@ struct settype { void (*printheader) (struct set *set, unsigned options); /* Pretty print all IPs */ - void (*printips) (struct set *set, void *data, size_t len, unsigned options); + void (*printips) (struct set *set, void *data, u_int32_t len, unsigned options); /* Pretty print all IPs sorted */ - void (*printips_sorted) (struct set *set, void *data, size_t len, unsigned options); + void (*printips_sorted) (struct set *set, void *data, u_int32_t len, unsigned options); /* Print save arguments for creating the set */ void (*saveheader) (struct set *set, unsigned options); /* Print save for all IPs */ - void (*saveips) (struct set *set, void *data, size_t len, unsigned options); + void (*saveips) (struct set *set, void *data, u_int32_t len, unsigned options); /* Conver a single IP (binding) to string */ char * (*bindip_tostring)(struct set *set, ip_set_ip_t ip, unsigned options); @@ -189,10 +189,13 @@ extern struct set *set_find_byid(ip_set_id_t id); extern unsigned warn_once; -#define BITSPERBYTE (8*sizeof(char)) -#define ID2BYTE(id) ((id)/BITSPERBYTE) -#define ID2MASK(id) (1 << ((id)%BITSPERBYTE)) -#define test_bit(id, heap) ((((char *)(heap))[ID2BYTE(id)] & ID2MASK(id)) != 0) +#define BITS_PER_LONG (8*sizeof(unsigned long)) +#define BIT_WORD(nr) ((nr) / BITS_PER_LONG) + +static inline int test_bit(int nr, const unsigned long *addr) +{ + return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1))); +} #define UNUSED __attribute__ ((unused)) #define CONSTRUCTOR(module) \ diff --git a/ipset_iphash.c b/ipset_iphash.c index edc22fb..dc9c89b 100644 --- a/ipset_iphash.c +++ b/ipset_iphash.c @@ -192,7 +192,7 @@ printheader(struct set *set, unsigned options UNUSED) } static void -printips(struct set *set UNUSED, void *data, size_t len, unsigned options) +printips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; @@ -221,7 +221,7 @@ saveheader(struct set *set, unsigned options UNUSED) /* Print save for an IP */ static void -saveips(struct set *set UNUSED, void *data, size_t len, unsigned options) +saveips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; diff --git a/ipset_ipmap.c b/ipset_ipmap.c index fed93d9..287b057 100644 --- a/ipset_ipmap.c +++ b/ipset_ipmap.c @@ -248,7 +248,7 @@ printheader(struct set *set, unsigned options) static void printips_sorted(struct set *set, void *data, - size_t len UNUSED, unsigned options) + u_int32_t len UNUSED, unsigned options) { struct ip_set_ipmap *mysetdata = set->settype->header; ip_set_ip_t id; @@ -279,7 +279,7 @@ saveheader(struct set *set, unsigned options) } static void -saveips(struct set *set, void *data, size_t len UNUSED, unsigned options) +saveips(struct set *set, void *data, u_int32_t len UNUSED, unsigned options) { struct ip_set_ipmap *mysetdata = set->settype->header; ip_set_ip_t id; diff --git a/ipset_ipporthash.c b/ipset_ipporthash.c index fa816c9..0073988 100644 --- a/ipset_ipporthash.c +++ b/ipset_ipporthash.c @@ -248,7 +248,7 @@ printheader(struct set *set, unsigned options) } static void -printips(struct set *set, void *data, size_t len, unsigned options) +printips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_ipporthash *mysetdata = set->settype->header; size_t offset = 0; @@ -284,7 +284,7 @@ saveheader(struct set *set, unsigned options) /* Print save for an IP */ static void -saveips(struct set *set, void *data, size_t len, unsigned options) +saveips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_ipporthash *mysetdata = set->settype->header; size_t offset = 0; diff --git a/ipset_ipportiphash.c b/ipset_ipportiphash.c index f445d73..22a92ef 100644 --- a/ipset_ipportiphash.c +++ b/ipset_ipportiphash.c @@ -253,7 +253,7 @@ printheader(struct set *set, unsigned options) } static void -printips(struct set *set, void *data, size_t len, unsigned options) +printips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_ipportiphash *mysetdata = set->settype->header; size_t offset = 0; @@ -292,7 +292,7 @@ saveheader(struct set *set, unsigned options) /* Print save for an IP */ static void -saveips(struct set *set, void *data, size_t len, unsigned options) +saveips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_ipportiphash *mysetdata = set->settype->header; size_t offset = 0; diff --git a/ipset_ipportnethash.c b/ipset_ipportnethash.c index 9184007..a029343 100644 --- a/ipset_ipportnethash.c +++ b/ipset_ipportnethash.c @@ -318,7 +318,7 @@ unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) } static void -printips(struct set *set, void *data, size_t len, unsigned options) +printips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_ipportnethash *mysetdata = set->settype->header; size_t offset = 0; @@ -357,7 +357,7 @@ saveheader(struct set *set, unsigned options) /* Print save for an IP */ static void -saveips(struct set *set, void *data, size_t len, unsigned options) +saveips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_ipportnethash *mysetdata = set->settype->header; size_t offset = 0; diff --git a/ipset_iptree.c b/ipset_iptree.c index 09f11db..fbde520 100644 --- a/ipset_iptree.c +++ b/ipset_iptree.c @@ -123,7 +123,7 @@ printheader(struct set *set, unsigned options UNUSED) } static void -printips_sorted(struct set *set, void *data, size_t len, unsigned options) +printips_sorted(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_iptree *mysetdata = set->settype->header; struct ip_set_req_iptree *req; @@ -155,7 +155,7 @@ saveheader(struct set *set, unsigned options UNUSED) } static void -saveips(struct set *set, void *data, size_t len, unsigned options) +saveips(struct set *set, void *data, u_int32_t len, unsigned options) { struct ip_set_iptree *mysetdata = set->settype->header; struct ip_set_req_iptree *req; diff --git a/ipset_iptreemap.c b/ipset_iptreemap.c index 81bc8f3..21948d4 100644 --- a/ipset_iptreemap.c +++ b/ipset_iptreemap.c @@ -115,7 +115,7 @@ printheader(struct set *set, unsigned int options UNUSED) static void printips_sorted(struct set *set UNUSED, void *data, - size_t len, unsigned int options) + u_int32_t len, unsigned int options) { struct ip_set_req_iptreemap *req; size_t offset = 0; @@ -147,7 +147,7 @@ saveheader(struct set *set, unsigned int options UNUSED) static void saveips(struct set *set UNUSED, void *data, - size_t len, unsigned int options) + u_int32_t len, unsigned int options) { struct ip_set_req_iptreemap *req; size_t offset = 0; diff --git a/ipset_macipmap.c b/ipset_macipmap.c index 186e68e..3a47e59 100644 --- a/ipset_macipmap.c +++ b/ipset_macipmap.c @@ -245,15 +245,14 @@ print_mac(unsigned char macaddress[ETH_ALEN]) static void printips_sorted(struct set *set, void *data, - size_t len UNUSED, unsigned options) + u_int32_t len UNUSED, unsigned options) { struct ip_set_macipmap *mysetdata = set->settype->header; struct ip_set_macip *table = data; u_int32_t addr = mysetdata->first_ip; while (addr <= mysetdata->last_ip) { - if (test_bit(IPSET_MACIP_ISSET, - (void *)&table[addr - mysetdata->first_ip].flags)) { + if (table[addr - mysetdata->first_ip].match) { printf("%s,", ip_tostring(addr, options)); print_mac(table[addr - mysetdata->first_ip]. ethernet); @@ -280,15 +279,14 @@ saveheader(struct set *set, unsigned options) static void saveips(struct set *set, void *data, - size_t len UNUSED, unsigned options) + u_int32_t len UNUSED, unsigned options) { struct ip_set_macipmap *mysetdata = set->settype->header; struct ip_set_macip *table = data; u_int32_t addr = mysetdata->first_ip; while (addr <= mysetdata->last_ip) { - if (test_bit(IPSET_MACIP_ISSET, - (void *)&table[addr - mysetdata->first_ip].flags)) { + if (table[addr - mysetdata->first_ip].match) { printf("-A %s %s,", set->name, ip_tostring(addr, options)); print_mac(table[addr - mysetdata->first_ip]. diff --git a/ipset_nethash.c b/ipset_nethash.c index 9c9d6ac..c73e382 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -224,7 +224,7 @@ unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) } static void -printips(struct set *set UNUSED, void *data, size_t len, unsigned options) +printips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; @@ -249,7 +249,7 @@ saveheader(struct set *set, unsigned options UNUSED) /* Print save for an IP */ static void -saveips(struct set *set UNUSED, void *data, size_t len, unsigned options) +saveips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; diff --git a/ipset_portmap.c b/ipset_portmap.c index b86dbb2..96e87c2 100644 --- a/ipset_portmap.c +++ b/ipset_portmap.c @@ -149,7 +149,7 @@ printheader(struct set *set, unsigned options) static void printports_sorted(struct set *set, void *data, - size_t len UNUSED, unsigned options) + u_int32_t len UNUSED, unsigned options) { struct ip_set_portmap *mysetdata = set->settype->header; u_int32_t addr = mysetdata->first_ip; @@ -184,7 +184,7 @@ saveheader(struct set *set, unsigned options) static void saveports(struct set *set, void *data, - size_t len UNUSED, unsigned options) + u_int32_t len UNUSED, unsigned options) { struct ip_set_portmap *mysetdata = set->settype->header; u_int32_t addr = mysetdata->first_ip; diff --git a/ipset_setlist.c b/ipset_setlist.c index 064d67d..d5d65d7 100644 --- a/ipset_setlist.c +++ b/ipset_setlist.c @@ -134,7 +134,7 @@ printheader(struct set *set, unsigned options UNUSED) static void printips_sorted(struct set *set, void *data, - size_t len UNUSED, unsigned options UNUSED) + u_int32_t len UNUSED, unsigned options UNUSED) { struct ip_set_setlist *mysetdata = set->settype->header; int i; @@ -162,7 +162,7 @@ saveheader(struct set *set, unsigned options UNUSED) static void saveips(struct set *set, void *data, - size_t len UNUSED, unsigned options UNUSED) + u_int32_t len UNUSED, unsigned options UNUSED) { struct ip_set_setlist *mysetdata = set->settype->header; int i; diff --git a/kernel/ChangeLog b/kernel/ChangeLog index eab7310..f8414e1 100644 --- a/kernel/ChangeLog +++ b/kernel/ChangeLog @@ -1,3 +1,9 @@ +3.0 + - New kernel-userspace protocol release + - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593) + - Support of 2.4.3[67].* kernels fixed + - Compiling with debugging enabled fixed + 2.5.0 - Use the spinlock initiator instead of setting the locks directly as it causes compilation errors with 2.6.29-rt (Jan Engelhardt). diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h index ec3e59f..3667352 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set.h @@ -40,7 +40,7 @@ /* * Used so that the kernel module and ipset-binary can match their versions */ -#define IP_SET_PROTOCOL_VERSION 2 +#define IP_SET_PROTOCOL_VERSION 3 #define IP_SET_MAXNAMELEN 32 /* set names and set typenames */ @@ -228,7 +228,7 @@ struct ip_set_req_max_sets { struct ip_set_req_setnames { unsigned op; ip_set_id_t index; /* set to list/save */ - size_t size; /* size to get setdata/bindings */ + u_int32_t size; /* size to get setdata/bindings */ /* followed by sets number of struct ip_set_name_list */ }; @@ -250,9 +250,9 @@ struct ip_set_list { ip_set_id_t index; ip_set_id_t binding; u_int32_t ref; - size_t header_size; /* Set header data of header_size */ - size_t members_size; /* Set members data of members_size */ - size_t bindings_size; /* Set bindings data of bindings_size */ + u_int32_t header_size; /* Set header data of header_size */ + u_int32_t members_size; /* Set members data of members_size */ + u_int32_t bindings_size;/* Set bindings data of bindings_size */ }; struct ip_set_hash_list { @@ -269,8 +269,8 @@ struct ip_set_hash_list { struct ip_set_save { ip_set_id_t index; ip_set_id_t binding; - size_t header_size; /* Set header data of header_size */ - size_t members_size; /* Set members data of members_size */ + u_int32_t header_size; /* Set header data of header_size */ + u_int32_t members_size; /* Set members data of members_size */ }; /* At restoring, ip == 0 means default binding for the given set: */ @@ -290,8 +290,8 @@ struct ip_set_restore { char name[IP_SET_MAXNAMELEN]; char typename[IP_SET_MAXNAMELEN]; ip_set_id_t index; - size_t header_size; /* Create data of header_size */ - size_t members_size; /* Set members data of members_size */ + u_int32_t header_size; /* Create data of header_size */ + u_int32_t members_size; /* Set members data of members_size */ }; static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) @@ -358,14 +358,14 @@ struct ip_set_type { * return 0 if not in set, 1 if in set. */ int (*testip) (struct ip_set *set, - const void *data, size_t size, + const void *data, u_int32_t size, ip_set_ip_t *ip); /* * Size of the data structure passed by when * adding/deletin/testing an entry. */ - size_t reqsize; + u_int32_t reqsize; /* Add IP into set (userspace: ipset -A set IP) * Return -EEXIST if the address is already in the set, @@ -373,7 +373,7 @@ struct ip_set_type { * If the address was not already in the set, 0 is returned. */ int (*addip) (struct ip_set *set, - const void *data, size_t size, + const void *data, u_int32_t size, ip_set_ip_t *ip); /* Add IP into set (kernel: iptables ... -j SET set src|dst) @@ -393,7 +393,7 @@ struct ip_set_type { * If the address really was in the set, 0 is returned. */ int (*delip) (struct ip_set *set, - const void *data, size_t size, + const void *data, u_int32_t size, ip_set_ip_t *ip); /* remove IP from set (kernel: iptables ... -j SET --entry x) @@ -410,7 +410,7 @@ struct ip_set_type { /* new set creation - allocated type specific items */ int (*create) (struct ip_set *set, - const void *data, size_t size); + const void *data, u_int32_t size); /* retry the operation after successfully tweaking the set */ @@ -429,7 +429,7 @@ struct ip_set_type { /* Listing: size needed for header */ - size_t header_size; + u_int32_t header_size; /* Listing: Get the header * @@ -515,7 +515,7 @@ extern int ip_set_testip_kernel(ip_set_id_t id, #define UADT0(type, adt, args...) \ static int \ -FNAME(type,_u,adt)(struct ip_set *set, const void *data, size_t size, \ +FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size,\ ip_set_ip_t *hash_ip) \ { \ const STRUCT(ip_set_req_,type) *req = data; \ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h index 2e9293f..d537639 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h @@ -6,7 +6,7 @@ #ifdef __KERNEL__ #define BITMAP_CREATE(type) \ static int \ -type##_create(struct ip_set *set, const void *data, size_t size) \ +type##_create(struct ip_set *set, const void *data, u_int32_t size) \ { \ int newbytes; \ const struct ip_set_req_##type##_create *req = data; \ @@ -19,8 +19,8 @@ type##_create(struct ip_set *set, const void *data, size_t size) \ \ map = kmalloc(sizeof(struct ip_set_##type), GFP_KERNEL); \ if (!map) { \ - DP("out of memory for %d bytes", \ - sizeof(struct ip_set_#type)); \ + DP("out of memory for %lu bytes", \ + sizeof(struct ip_set_##type)); \ return -ENOMEM; \ } \ map->first_ip = req->from; \ @@ -35,7 +35,7 @@ type##_create(struct ip_set *set, const void *data, size_t size) \ map->size = newbytes; \ map->members = ip_set_malloc(newbytes); \ if (!map->members) { \ - DP("out of memory for %d bytes", newbytes); \ + DP("out of memory for %i bytes", newbytes); \ kfree(map); \ return -ENOMEM; \ } \ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h index 5695b3b..96c2024 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h @@ -58,6 +58,7 @@ static inline void *kzalloc(size_t size, gfp_t flags) #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +#include #define KMEM_CACHE_CREATE(name, size) \ kmem_cache_create(name, size, 0, 0, NULL, NULL) #else diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h index 6914a12..4ca8431 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h @@ -28,20 +28,22 @@ type##_retry(struct ip_set *set) \ hashsize++; \ \ ip_set_printk("rehashing of set %s triggered: " \ - "hashsize grows from %u to %u", \ - set->name, map->hashsize, hashsize); \ + "hashsize grows from %lu to %lu", \ + set->name, \ + (long unsigned)map->hashsize, \ + (long unsigned)hashsize); \ \ tmp = kmalloc(sizeof(struct ip_set_##type) \ + map->probes * sizeof(initval_t), GFP_ATOMIC); \ if (!tmp) { \ - DP("out of memory for %d bytes", \ + DP("out of memory for %lu bytes", \ sizeof(struct ip_set_##type) \ + map->probes * sizeof(initval_t)); \ return -ENOMEM; \ } \ tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\ if (!tmp->members) { \ - DP("out of memory for %d bytes", hashsize * sizeof(dtype));\ + DP("out of memory for %lu bytes", hashsize * sizeof(dtype));\ kfree(tmp); \ return -ENOMEM; \ } \ @@ -88,7 +90,7 @@ type##_retry(struct ip_set *set) \ #define HASH_CREATE(type, dtype) \ static int \ -type##_create(struct ip_set *set, const void *data, size_t size) \ +type##_create(struct ip_set *set, const void *data, u_int32_t size) \ { \ const struct ip_set_req_##type##_create *req = data; \ struct ip_set_##type *map; \ @@ -107,7 +109,7 @@ type##_create(struct ip_set *set, const void *data, size_t size) \ map = kmalloc(sizeof(struct ip_set_##type) \ + req->probes * sizeof(initval_t), GFP_KERNEL); \ if (!map) { \ - DP("out of memory for %d bytes", \ + DP("out of memory for %lu bytes", \ sizeof(struct ip_set_##type) \ + req->probes * sizeof(initval_t)); \ return -ENOMEM; \ @@ -124,7 +126,7 @@ type##_create(struct ip_set *set, const void *data, size_t size) \ } \ map->members = harray_malloc(map->hashsize, sizeof(dtype), GFP_KERNEL);\ if (!map->members) { \ - DP("out of memory for %d bytes", map->hashsize * sizeof(dtype));\ + DP("out of memory for %lu bytes", map->hashsize * sizeof(dtype));\ kfree(map); \ return -ENOMEM; \ } \ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h index d1381b5..ce4b29b 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h @@ -13,7 +13,7 @@ struct ip_set_ipmap { ip_set_ip_t netmask; /* subnet netmask */ ip_set_ip_t sizeid; /* size of set in IPs */ ip_set_ip_t hosts; /* number of hosts in a subnet */ - size_t size; /* size of the ipmap proper */ + u_int32_t size; /* size of the ipmap proper */ }; struct ip_set_req_ipmap_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h index c983214..19418f3 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h @@ -17,7 +17,7 @@ struct ip_set_macipmap { ip_set_ip_t first_ip; /* host byte order, included in range */ ip_set_ip_t last_ip; /* host byte order, included in range */ u_int32_t flags; - size_t size; /* size of the ipmap proper */ + u_int32_t size; /* size of the ipmap proper */ }; struct ip_set_req_macipmap_create { @@ -32,7 +32,7 @@ struct ip_set_req_macipmap { }; struct ip_set_macip { - unsigned short flags; + unsigned short match; unsigned char ethernet[ETH_ALEN]; }; diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h index e878327..8ea6ba2 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h @@ -10,7 +10,7 @@ struct ip_set_portmap { void *members; /* the portmap proper */ ip_set_ip_t first_ip; /* host byte order, included in range */ ip_set_ip_t last_ip; /* host byte order, included in range */ - size_t size; /* size of the ipmap proper */ + u_int32_t size; /* size of the ipmap proper */ }; struct ip_set_req_portmap_create { diff --git a/kernel/ip_set.c b/kernel/ip_set.c index 15e98d0..f94d0e0 100644 --- a/kernel/ip_set.c +++ b/kernel/ip_set.c @@ -493,7 +493,7 @@ ip_set_find_byindex(ip_set_id_t index) static inline int __ip_set_testip(struct ip_set *set, const void *data, - size_t size, + u_int32_t size, ip_set_ip_t *ip) { int res; @@ -508,7 +508,7 @@ __ip_set_testip(struct ip_set *set, static int __ip_set_addip(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set = ip_set_list[index]; ip_set_ip_t ip; @@ -529,15 +529,15 @@ __ip_set_addip(ip_set_id_t index, static int ip_set_addip(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set = ip_set_list[index]; IP_SET_ASSERT(set); if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) { - ip_set_printk("data length wrong (want %zu, have %zu)", - set->type->reqsize, + ip_set_printk("data length wrong (want %lu, have %lu)", + (long unsigned)set->type->reqsize, size - sizeof(struct ip_set_req_adt)); return -EINVAL; } @@ -549,7 +549,7 @@ ip_set_addip(ip_set_id_t index, static int ip_set_delip(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set = ip_set_list[index]; ip_set_ip_t ip; @@ -558,8 +558,8 @@ ip_set_delip(ip_set_id_t index, IP_SET_ASSERT(set); if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) { - ip_set_printk("data length wrong (want %zu, have %zu)", - set->type->reqsize, + ip_set_printk("data length wrong (want %lu, have %lu)", + (long unsigned)set->type->reqsize, size - sizeof(struct ip_set_req_adt)); return -EINVAL; } @@ -576,7 +576,7 @@ ip_set_delip(ip_set_id_t index, static int ip_set_testip(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set = ip_set_list[index]; ip_set_ip_t ip; @@ -585,8 +585,8 @@ ip_set_testip(ip_set_id_t index, IP_SET_ASSERT(set); if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) { - ip_set_printk("data length wrong (want %zu, have %zu)", - set->type->reqsize, + ip_set_printk("data length wrong (want %lu, have %lu)", + (long unsigned)set->type->reqsize, size - sizeof(struct ip_set_req_adt)); return -EINVAL; } @@ -601,7 +601,7 @@ ip_set_testip(ip_set_id_t index, static int ip_set_bindip(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set = ip_set_list[index]; const struct ip_set_req_bind *req_bind; @@ -687,7 +687,7 @@ __unbind_default(struct ip_set *set) static int ip_set_unbindip(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set; const struct ip_set_req_bind *req_bind; @@ -760,7 +760,7 @@ ip_set_unbindip(ip_set_id_t index, static int ip_set_testbind(ip_set_id_t index, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set = ip_set_list[index]; const struct ip_set_req_bind *req_bind; @@ -862,7 +862,7 @@ ip_set_create(const char *name, const char *typename, ip_set_id_t restore, const void *data, - size_t size) + u_int32_t size) { struct ip_set *set; ip_set_id_t index = 0, id; @@ -915,9 +915,9 @@ ip_set_create(const char *name, /* Check request size */ if (size != set->type->header_size) { - ip_set_printk("data length wrong (want %zu, have %zu)", - set->type->header_size, - size); + ip_set_printk("data length wrong (want %lu, have %lu)", + (long unsigned)set->type->header_size, + (long unsigned)size); goto put_out; } @@ -1109,7 +1109,7 @@ ip_set_swap(ip_set_id_t from_index, ip_set_id_t to_index) static inline void __set_hash_bindings_size_list(struct ip_set_hash *set_hash, - ip_set_id_t id, size_t *size) + ip_set_id_t id, u_int32_t *size) { if (set_hash->id == id) *size += sizeof(struct ip_set_hash_list); @@ -1117,7 +1117,7 @@ __set_hash_bindings_size_list(struct ip_set_hash *set_hash, static inline void __set_hash_bindings_size_save(struct ip_set_hash *set_hash, - ip_set_id_t id, size_t *size) + ip_set_id_t id, u_int32_t *size) { if (set_hash->id == id) *size += sizeof(struct ip_set_hash_save); @@ -1220,7 +1220,7 @@ static int ip_set_save_set(ip_set_id_t index, *used += sizeof(struct ip_set_save); set = ip_set_list[index]; - DP("set: %s, used: %u(%u) %p %p", set->name, *used, len, + DP("set: %s, used: %i(%i) %p %p", set->name, *used, len, data, data + *used); read_lock_bh(&set->lock); @@ -1237,8 +1237,8 @@ static int ip_set_save_set(ip_set_id_t index, set->type->list_header(set, data + *used); *used += set_save->header_size; - DP("set header filled: %s, used: %u(%u) %p %p", set->name, *used, - set_save->header_size, data, data + *used); + DP("set header filled: %s, used: %i(%lu) %p %p", set->name, *used, + (unsigned long)set_save->header_size, data, data + *used); /* Get and ensure set specific members size */ set_save->members_size = set->type->list_members_size(set); if (*used + set_save->members_size > len) @@ -1248,8 +1248,8 @@ static int ip_set_save_set(ip_set_id_t index, set->type->list_members(set, data + *used); *used += set_save->members_size; read_unlock_bh(&set->lock); - DP("set members filled: %s, used: %u(%u) %p %p", set->name, *used, - set_save->members_size, data, data + *used); + DP("set members filled: %s, used: %i(%lu) %p %p", set->name, *used, + (unsigned long)set_save->members_size, data, data + *used); return 0; unlock_set: @@ -1329,7 +1329,7 @@ static int ip_set_restore(void *data, while (1) { line++; - DP("%u %u %u", used, sizeof(struct ip_set_restore), len); + DP("%i %lu %i", used, sizeof(struct ip_set_restore), len); /* Get and ensure header size */ if (used + sizeof(struct ip_set_restore) > len) return line; @@ -1367,12 +1367,13 @@ static int ip_set_restore(void *data, /* Try to restore members data */ set = ip_set_list[index]; members_size = 0; - DP("members_size %u reqsize %u", - set_restore->members_size, set->type->reqsize); + DP("members_size %lu reqsize %lu", + (unsigned long)set_restore->members_size, + (unsigned long)set->type->reqsize); while (members_size + set->type->reqsize <= set_restore->members_size) { line++; - DP("members: %u, line %u", members_size, line); + DP("members: %i, line %i", members_size, line); res = __ip_set_addip(index, data + used + members_size, set->type->reqsize); @@ -1381,8 +1382,8 @@ static int ip_set_restore(void *data, members_size += set->type->reqsize; } - DP("members_size %u %u", - set_restore->members_size, members_size); + DP("members_size %lu %i", + (unsigned long)set_restore->members_size, members_size); if (members_size != set_restore->members_size) return line++; used += set_restore->members_size; @@ -1442,10 +1443,10 @@ ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len) struct ip_set_req_adt *req_adt; ip_set_id_t index = IP_SET_INVALID_ID; int (*adtfn)(ip_set_id_t index, - const void *data, size_t size); + const void *data, u_int32_t size); struct fn_table { int (*fn)(ip_set_id_t index, - const void *data, size_t size); + const void *data, u_int32_t size); } adtfn_table[] = { { ip_set_addip }, { ip_set_delip }, { ip_set_testip}, { ip_set_bindip}, { ip_set_unbindip }, { ip_set_testbind }, @@ -1938,8 +1939,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) if (*len < sizeof(struct ip_set_req_setnames) || *len != req_restore->size) { - ip_set_printk("invalid RESTORE (want =%zu, got %d)", - req_restore->size, *len); + ip_set_printk("invalid RESTORE (want =%lu, got %u)", + (long unsigned)req_restore->size, *len); res = -EINVAL; goto done; } diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c index fe36c58..45e53ed 100644 --- a/kernel/ip_set_ipportnethash.c +++ b/kernel/ip_set_ipportnethash.c @@ -102,7 +102,7 @@ ipportnethash_test(struct ip_set *set, ip_set_ip_t *hash_ip, } static int -ipportnethash_utest(struct ip_set *set, const void *data, size_t size, +ipportnethash_utest(struct ip_set *set, const void *data, u_int32_t size, ip_set_ip_t *hash_ip) { const struct ip_set_req_ipportnethash *req = data; diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c index f51dea1..08b9118 100644 --- a/kernel/ip_set_iptree.c +++ b/kernel/ip_set_iptree.c @@ -276,21 +276,21 @@ init_gc_timer(struct ip_set *set) } static int -iptree_create(struct ip_set *set, const void *data, size_t size) +iptree_create(struct ip_set *set, const void *data, u_int32_t size) { const struct ip_set_req_iptree_create *req = data; struct ip_set_iptree *map; if (size != sizeof(struct ip_set_req_iptree_create)) { - ip_set_printk("data length wrong (want %zu, have %zu)", + ip_set_printk("data length wrong (want %lu, have %lu)", sizeof(struct ip_set_req_iptree_create), - size); + (unsigned long)size); return -EINVAL; } map = kmalloc(sizeof(struct ip_set_iptree), GFP_KERNEL); if (!map) { - DP("out of memory for %d bytes", + DP("out of memory for %lu bytes", sizeof(struct ip_set_iptree)); return -ENOMEM; } diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c index 4bf70f7..f62ed19 100644 --- a/kernel/ip_set_iptreemap.c +++ b/kernel/ip_set_iptreemap.c @@ -470,7 +470,7 @@ init_gc_timer(struct ip_set *set) } static int -iptreemap_create(struct ip_set *set, const void *data, size_t size) +iptreemap_create(struct ip_set *set, const void *data, u_int32_t size) { const struct ip_set_req_iptreemap_create *req = data; struct ip_set_iptreemap *map; @@ -567,7 +567,7 @@ iptreemap_list_members_size(const struct ip_set *set) return (count * sizeof(struct ip_set_req_iptreemap)); } -static inline size_t +static inline u_int32_t add_member(void *data, size_t offset, ip_set_ip_t start, ip_set_ip_t end) { struct ip_set_req_iptreemap *entry = data + offset; diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c index 61ea6d5..464106e 100644 --- a/kernel/ip_set_macipmap.c +++ b/kernel/ip_set_macipmap.c @@ -22,7 +22,7 @@ #include static int -macipmap_utest(struct ip_set *set, const void *data, size_t size, +macipmap_utest(struct ip_set *set, const void *data, u_int32_t size, ip_set_ip_t *hash_ip) { const struct ip_set_macipmap *map = set->data; @@ -35,8 +35,7 @@ macipmap_utest(struct ip_set *set, const void *data, size_t size, *hash_ip = req->ip; DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u", set->name, HIPQUAD(req->ip), HIPQUAD(*hash_ip)); - if (test_bit(IPSET_MACIP_ISSET, - (void *) &table[req->ip - map->first_ip].flags)) { + if (table[req->ip - map->first_ip].match) { return (memcmp(req->ethernet, &table[req->ip - map->first_ip].ethernet, ETH_ALEN) == 0); @@ -64,8 +63,7 @@ macipmap_ktest(struct ip_set *set, *hash_ip = ip; DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u", set->name, HIPQUAD(ip), HIPQUAD(*hash_ip)); - if (test_bit(IPSET_MACIP_ISSET, - (void *) &table[ip - map->first_ip].flags)) { + if (table[ip - map->first_ip].match) { /* Is mac pointer valid? * If so, compare... */ return (skb_mac_header(skb) >= skb->head @@ -88,13 +86,13 @@ macipmap_add(struct ip_set *set, ip_set_ip_t *hash_ip, if (ip < map->first_ip || ip > map->last_ip) return -ERANGE; - if (test_and_set_bit(IPSET_MACIP_ISSET, - (void *) &table[ip - map->first_ip].flags)) + if (table[ip - map->first_ip].match) return -EEXIST; *hash_ip = ip; DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip)); memcpy(&table[ip - map->first_ip].ethernet, ethernet, ETH_ALEN); + table[ip - map->first_ip].match = IPSET_MACIP_ISSET; return 0; } @@ -114,11 +112,11 @@ macipmap_del(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip) if (ip < map->first_ip || ip > map->last_ip) return -ERANGE; - if (!test_and_clear_bit(IPSET_MACIP_ISSET, - (void *)&table[ip - map->first_ip].flags)) + if (!table[ip - map->first_ip].match) return -EEXIST; *hash_ip = ip; + table[ip - map->first_ip].match = 0; DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip)); return 0; } diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c index 27267d9..d68a015 100644 --- a/kernel/ip_set_nethash.c +++ b/kernel/ip_set_nethash.c @@ -80,7 +80,7 @@ nethash_test(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip) } static int -nethash_utest(struct ip_set *set, const void *data, size_t size, +nethash_utest(struct ip_set *set, const void *data, u_int32_t size, ip_set_ip_t *hash_ip) { const struct ip_set_req_nethash *req = data; diff --git a/kernel/ip_set_setlist.c b/kernel/ip_set_setlist.c index 4c9eb59..15a67ba 100644 --- a/kernel/ip_set_setlist.c +++ b/kernel/ip_set_setlist.c @@ -32,7 +32,7 @@ next_index_eq(const struct ip_set_setlist *map, int i, ip_set_id_t index) } static int -setlist_utest(struct ip_set *set, const void *data, size_t size, +setlist_utest(struct ip_set *set, const void *data, u_int32_t size, ip_set_ip_t *hash_ip) { const struct ip_set_setlist *map = set->data; @@ -113,7 +113,7 @@ insert_setlist(struct ip_set_setlist *map, int i, ip_set_id_t index) } static int -setlist_uadd(struct ip_set *set, const void *data, size_t size, +setlist_uadd(struct ip_set *set, const void *data, u_int32_t size, ip_set_ip_t *hash_ip) { struct ip_set_setlist *map = set->data; @@ -188,7 +188,7 @@ unshift_setlist(struct ip_set_setlist *map, int i) } static int -setlist_udel(struct ip_set *set, const void *data, size_t size, +setlist_udel(struct ip_set *set, const void *data, u_int32_t size, ip_set_ip_t *hash_ip) { struct ip_set_setlist *map = set->data; @@ -255,7 +255,7 @@ setlist_kdel(struct ip_set *set, } static int -setlist_create(struct ip_set *set, const void *data, size_t size) +setlist_create(struct ip_set *set, const void *data, u_int32_t size) { struct ip_set_setlist *map; const struct ip_set_req_setlist_create *req = data; diff --git a/tests/runtest.sh b/tests/runtest.sh index 4f2a2d2..d063cd7 100755 --- a/tests/runtest.sh +++ b/tests/runtest.sh @@ -1,11 +1,11 @@ #!/bin/bash tests="init" -tests+=" ipmap macipmap portmap" -tests+=" iphash nethash ipporthash" -tests+=" ipportiphash ipportnethash" -tests+=" iptree iptreemap" -tests+=" setlist" +tests="$tests ipmap macipmap portmap" +tests="$tests iphash nethash ipporthash" +tests="$tests ipportiphash ipportnethash" +tests="$tests iptree iptreemap" +tests="$tests setlist" if [ "$1" ]; then tests="init $@" -- 2.40.0