anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-20 11:34:57 +02:00
Code Issues Releases Wiki Activity

ipset: update to 6.0

Browse Source
This commit is contained in:
Jan Engelhardt
2011-02-24 00:40:23 +01:00
parent ff27f61477
commit 18043f3e3a
30 changed files with 1016 additions and 1299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
extensions/ipset-6/xt_set.c
View File

@@ -56,10 +56,10 @@ match_set(ip_set_id_t index, const struct sk_buff *skb,
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
#define CHECK_OK 1
#define CHECK_FAIL 0
#define CHECK_FAIL(err) 0
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
#define CHECK_OK 0
#define CHECK_FAIL (-EINVAL)
#define CHECK_FAIL(err) (err)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
@@ -110,11 +110,12 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
info->match_set.index);
return CHECK_FAIL; /* error */
return CHECK_FAIL(-ENOENT); /* error */
}
if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
pr_warning("That's nasty!\n");
return CHECK_FAIL; /* error */
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
return CHECK_FAIL(-ERANGE); /* error */
}
/* Fill out compatibility data */
@@ -167,24 +168,25 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
if (info->add_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("cannot find add_set index %u as target\n",
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
return CHECK_FAIL; /* error */
return CHECK_FAIL(-ENOENT); /* error */
}
}
if (info->del_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("cannot find del_set index %u as target\n",
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
return CHECK_FAIL; /* error */
return CHECK_FAIL(-ENOENT); /* error */
}
}
if (info->add_set.u.flags[IPSET_DIM_MAX-1] != 0 ||
info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) {
pr_warning("That's nasty!\n");
return CHECK_FAIL; /* error */
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
return CHECK_FAIL(-ERANGE); /* error */
}
/* Fill out compatibility data */
@@ -239,11 +241,12 @@ set_match_checkentry(const struct xt_mtchk_param *par)
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
info->match_set.index);
return CHECK_FAIL; /* error */
return CHECK_FAIL(-ENOENT); /* error */
}
if (info->match_set.dim > IPSET_DIM_MAX) {
pr_warning("That's nasty!\n");
return CHECK_FAIL; /* error */
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
return CHECK_FAIL(-ERANGE); /* error */
}
return CHECK_OK;
@@ -295,24 +298,25 @@ set_target_checkentry(const struct xt_tgchk_param *par)
if (info->add_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("cannot find add_set index %u as target\n",
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
return CHECK_FAIL; /* error */
return CHECK_FAIL(-ENOENT); /* error */
}
}
if (info->del_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("cannot find del_set index %u as target\n",
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
return CHECK_FAIL; /* error */
return CHECK_FAIL(-ENOENT); /* error */
}
}
if (info->add_set.dim > IPSET_DIM_MAX ||
info->del_set.flags > IPSET_DIM_MAX) {
pr_warning("That's nasty!\n");
return CHECK_FAIL; /* error */
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
return CHECK_FAIL(-ERANGE); /* error */
}
return CHECK_OK;