Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
phyus
/
linux-vybrid_public
8
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

David S. Miller 14 жил өмнө
parent
0553c891fa a8a8a0937e
commit
0b0dc0f17f
3 өөрчлөгдсөн 30 нэмэгдсэн , 10 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 4 0
      net/netfilter/ipset/ip_set_bitmap_ipmac.c
  2. 10 8
      net/netfilter/ipset/ip_set_core.c
  3. 16 2
      net/netfilter/xt_set.c

+ 4 - 0
net/netfilter/ipset/ip_set_bitmap_ipmac.c
Файл харах 

@@ -343,6 +343,10 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
 
 	ipset_adtfn adtfn = set->variant->adt[adt];
 
 	struct ipmac data;
 
 
+	/* MAC can be src only */
 
+	if (!(flags & IPSET_DIM_TWO_SRC))
 
+		return 0;
 
+
 
 	data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC));
 
 	if (data.id < map->first_ip || data.id > map->last_ip)
 
 		return -IPSET_ERR_BITMAP_RANGE;

+ 10 - 8
net/netfilter/ipset/ip_set_core.c
Файл харах 

@@ -1022,8 +1022,9 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
 
 	if (cb->args[1] >= ip_set_max)
 
 		goto out;
 
 
-	pr_debug("args[0]: %ld args[1]: %ld\n", cb->args[0], cb->args[1]);
 
 	max = cb->args[0] == DUMP_ONE ? cb->args[1] + 1 : ip_set_max;
 
+dump_last:
 
+	pr_debug("args[0]: %ld args[1]: %ld\n", cb->args[0], cb->args[1]);
 
 	for (; cb->args[1] < max; cb->args[1]++) {
 
 		index = (ip_set_id_t) cb->args[1];
 
 		set = ip_set_list[index];
 
@@ -1038,8 +1039,8 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
 
 		 * so that lists (unions of sets) are dumped last.
 
 		 */
 
 		if (cb->args[0] != DUMP_ONE &&
 
-		    !((cb->args[0] == DUMP_ALL) ^
 
-		      (set->type->features & IPSET_DUMP_LAST)))
 
+		    ((cb->args[0] == DUMP_ALL) ==
 
+		     !!(set->type->features & IPSET_DUMP_LAST)))
 
 			continue;
 
 		pr_debug("List set: %s\n", set->name);
 
 		if (!cb->args[2]) {
 
@@ -1083,6 +1084,12 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
 
 			goto release_refcount;
 
 		}
 
 	}
 
+	/* If we dump all sets, continue with dumping last ones */
 
+	if (cb->args[0] == DUMP_ALL) {
 
+		cb->args[0] = DUMP_LAST;
 
+		cb->args[1] = 0;
 
+		goto dump_last;
 
+	}
 
 	goto out;
 
 
 nla_put_failure:
 
@@ -1093,11 +1100,6 @@ release_refcount:
 
 		pr_debug("release set %s\n", ip_set_list[index]->name);
 
 		ip_set_put_byindex(index);
 
 	}
 
-
 
-	/* If we dump all sets, continue with dumping last ones */
 
-	if (cb->args[0] == DUMP_ALL && cb->args[1] >= max && !cb->args[2])
 
-		cb->args[0] = DUMP_LAST;
 
-
 
 out:
 
 	if (nlh) {
 
 		nlmsg_end(skb, nlh);

+ 16 - 2
net/netfilter/xt_set.c
Файл харах 

@@ -81,6 +81,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
 
 	if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
 
 		pr_warning("Protocol error: set match dimension "
 
 			   "is over the limit!\n");
 
+		ip_set_nfnl_put(info->match_set.index);
 
 		return -ERANGE;
 
 	}
 
 
@@ -135,6 +136,8 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
 
 		if (index == IPSET_INVALID_ID) {
 
 			pr_warning("Cannot find del_set index %u as target\n",
 
 				   info->del_set.index);
 
+			if (info->add_set.index != IPSET_INVALID_ID)
 
+				ip_set_nfnl_put(info->add_set.index);
 
 			return -ENOENT;
 
 		}
 
 	}
 
@@ -142,6 +145,10 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
 
 	    info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) {
 
 		pr_warning("Protocol error: SET target dimension "
 
 			   "is over the limit!\n");
 
+		if (info->add_set.index != IPSET_INVALID_ID)
 
+			ip_set_nfnl_put(info->add_set.index);
 
+		if (info->del_set.index != IPSET_INVALID_ID)
 
+			ip_set_nfnl_put(info->del_set.index);
 
 		return -ERANGE;
 
 	}
 
 
@@ -192,6 +199,7 @@ set_match_checkentry(const struct xt_mtchk_param *par)
 
 	if (info->match_set.dim > IPSET_DIM_MAX) {
 
 		pr_warning("Protocol error: set match dimension "
 
 			   "is over the limit!\n");
 
+		ip_set_nfnl_put(info->match_set.index);
 
 		return -ERANGE;
 
 	}
 
 
@@ -219,7 +227,7 @@ set_target(struct sk_buff *skb, const struct xt_action_param *par)
 
 	if (info->del_set.index != IPSET_INVALID_ID)
 
 		ip_set_del(info->del_set.index,
 
 			   skb, par->family,
 
-			   info->add_set.dim,
 
+			   info->del_set.dim,
 
 			   info->del_set.flags);
 
 
 	return XT_CONTINUE;
 
@@ -245,13 +253,19 @@ set_target_checkentry(const struct xt_tgchk_param *par)
 
 		if (index == IPSET_INVALID_ID) {
 
 			pr_warning("Cannot find del_set index %u as target\n",
 
 				   info->del_set.index);
 
+			if (info->add_set.index != IPSET_INVALID_ID)
 
+				ip_set_nfnl_put(info->add_set.index);
 
 			return -ENOENT;
 
 		}
 
 	}
 
 	if (info->add_set.dim > IPSET_DIM_MAX ||
 
-	    info->del_set.flags > IPSET_DIM_MAX) {
 
+	    info->del_set.dim > IPSET_DIM_MAX) {
 
 		pr_warning("Protocol error: SET target dimension "
 
 			   "is over the limit!\n");
 
+		if (info->add_set.index != IPSET_INVALID_ID)
 
+			ip_set_nfnl_put(info->add_set.index);
 
+		if (info->del_set.index != IPSET_INVALID_ID)
 
+			ip_set_nfnl_put(info->del_set.index);
 
 		return -ERANGE;
 
 	}