mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-01 06:33:07 +00:00
Merge branch 'master' of git://blackhole.kfki.hu/nf-next
Jozsef Kadlecsik says: ==================== ipset patches for nf-next - Add wildcard support to hash:net,iface which makes possible to match interface prefixes besides complete interfaces names, from Kristian Evensen. ==================== Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
commit
3944a4fd0d
2 changed files with 20 additions and 5 deletions
|
@ -205,6 +205,8 @@ enum ipset_cadt_flags {
|
||||||
IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD),
|
IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD),
|
||||||
IPSET_FLAG_BIT_WITH_SKBINFO = 6,
|
IPSET_FLAG_BIT_WITH_SKBINFO = 6,
|
||||||
IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO),
|
IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO),
|
||||||
|
IPSET_FLAG_BIT_IFACE_WILDCARD = 7,
|
||||||
|
IPSET_FLAG_IFACE_WILDCARD = (1 << IPSET_FLAG_BIT_IFACE_WILDCARD),
|
||||||
IPSET_FLAG_CADT_MAX = 15,
|
IPSET_FLAG_CADT_MAX = 15,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,8 @@
|
||||||
/* 3 Counters support added */
|
/* 3 Counters support added */
|
||||||
/* 4 Comments support added */
|
/* 4 Comments support added */
|
||||||
/* 5 Forceadd support added */
|
/* 5 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 6 /* skbinfo support added */
|
/* 6 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 7 /* interface wildcard support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -57,6 +58,7 @@ struct hash_netiface4_elem {
|
||||||
u8 cidr;
|
u8 cidr;
|
||||||
u8 nomatch;
|
u8 nomatch;
|
||||||
u8 elem;
|
u8 elem;
|
||||||
|
u8 wildcard;
|
||||||
char iface[IFNAMSIZ];
|
char iface[IFNAMSIZ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -71,7 +73,9 @@ hash_netiface4_data_equal(const struct hash_netiface4_elem *ip1,
|
||||||
ip1->cidr == ip2->cidr &&
|
ip1->cidr == ip2->cidr &&
|
||||||
(++*multi) &&
|
(++*multi) &&
|
||||||
ip1->physdev == ip2->physdev &&
|
ip1->physdev == ip2->physdev &&
|
||||||
strcmp(ip1->iface, ip2->iface) == 0;
|
(ip1->wildcard ?
|
||||||
|
strncmp(ip1->iface, ip2->iface, strlen(ip1->iface)) == 0 :
|
||||||
|
strcmp(ip1->iface, ip2->iface) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -103,7 +107,8 @@ static bool
|
||||||
hash_netiface4_data_list(struct sk_buff *skb,
|
hash_netiface4_data_list(struct sk_buff *skb,
|
||||||
const struct hash_netiface4_elem *data)
|
const struct hash_netiface4_elem *data)
|
||||||
{
|
{
|
||||||
u32 flags = data->physdev ? IPSET_FLAG_PHYSDEV : 0;
|
u32 flags = (data->physdev ? IPSET_FLAG_PHYSDEV : 0) |
|
||||||
|
(data->wildcard ? IPSET_FLAG_IFACE_WILDCARD : 0);
|
||||||
|
|
||||||
if (data->nomatch)
|
if (data->nomatch)
|
||||||
flags |= IPSET_FLAG_NOMATCH;
|
flags |= IPSET_FLAG_NOMATCH;
|
||||||
|
@ -229,6 +234,8 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
|
||||||
e.physdev = 1;
|
e.physdev = 1;
|
||||||
if (cadt_flags & IPSET_FLAG_NOMATCH)
|
if (cadt_flags & IPSET_FLAG_NOMATCH)
|
||||||
flags |= (IPSET_FLAG_NOMATCH << 16);
|
flags |= (IPSET_FLAG_NOMATCH << 16);
|
||||||
|
if (cadt_flags & IPSET_FLAG_IFACE_WILDCARD)
|
||||||
|
e.wildcard = 1;
|
||||||
}
|
}
|
||||||
if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
|
if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
|
||||||
e.ip = htonl(ip & ip_set_hostmask(e.cidr));
|
e.ip = htonl(ip & ip_set_hostmask(e.cidr));
|
||||||
|
@ -280,6 +287,7 @@ struct hash_netiface6_elem {
|
||||||
u8 cidr;
|
u8 cidr;
|
||||||
u8 nomatch;
|
u8 nomatch;
|
||||||
u8 elem;
|
u8 elem;
|
||||||
|
u8 wildcard;
|
||||||
char iface[IFNAMSIZ];
|
char iface[IFNAMSIZ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -294,7 +302,9 @@ hash_netiface6_data_equal(const struct hash_netiface6_elem *ip1,
|
||||||
ip1->cidr == ip2->cidr &&
|
ip1->cidr == ip2->cidr &&
|
||||||
(++*multi) &&
|
(++*multi) &&
|
||||||
ip1->physdev == ip2->physdev &&
|
ip1->physdev == ip2->physdev &&
|
||||||
strcmp(ip1->iface, ip2->iface) == 0;
|
(ip1->wildcard ?
|
||||||
|
strncmp(ip1->iface, ip2->iface, strlen(ip1->iface)) == 0 :
|
||||||
|
strcmp(ip1->iface, ip2->iface) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -326,7 +336,8 @@ static bool
|
||||||
hash_netiface6_data_list(struct sk_buff *skb,
|
hash_netiface6_data_list(struct sk_buff *skb,
|
||||||
const struct hash_netiface6_elem *data)
|
const struct hash_netiface6_elem *data)
|
||||||
{
|
{
|
||||||
u32 flags = data->physdev ? IPSET_FLAG_PHYSDEV : 0;
|
u32 flags = (data->physdev ? IPSET_FLAG_PHYSDEV : 0) |
|
||||||
|
(data->wildcard ? IPSET_FLAG_IFACE_WILDCARD : 0);
|
||||||
|
|
||||||
if (data->nomatch)
|
if (data->nomatch)
|
||||||
flags |= IPSET_FLAG_NOMATCH;
|
flags |= IPSET_FLAG_NOMATCH;
|
||||||
|
@ -440,6 +451,8 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
|
||||||
e.physdev = 1;
|
e.physdev = 1;
|
||||||
if (cadt_flags & IPSET_FLAG_NOMATCH)
|
if (cadt_flags & IPSET_FLAG_NOMATCH)
|
||||||
flags |= (IPSET_FLAG_NOMATCH << 16);
|
flags |= (IPSET_FLAG_NOMATCH << 16);
|
||||||
|
if (cadt_flags & IPSET_FLAG_IFACE_WILDCARD)
|
||||||
|
e.wildcard = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = adtfn(set, &e, &ext, &ext, flags);
|
ret = adtfn(set, &e, &ext, &ext, flags);
|
||||||
|
|
Loading…
Reference in a new issue