From 3e26335cbdd1b15cb0a23485b8ef8bcb9fe735a3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 21 Aug 2009 16:03:50 +0200 Subject: [PATCH] ipset: fast forward to v3.2 --- doc/changelog.txt | 1 + extensions/ipset/ip_set.c | 16 +++++++++++++--- extensions/ipset/ip_set_iptreemap.c | 4 ++-- extensions/ipset/ip_set_malloc.h | 4 ++-- extensions/ipset/ip_set_setlist.c | 12 +++++------- extensions/ipset/ipset.8 | 3 +++ extensions/ipset/ipset.c | 2 +- 7 files changed, 27 insertions(+), 15 deletions(-) diff --git a/doc/changelog.txt b/doc/changelog.txt index a2a3545..7dc2ab8 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -1,6 +1,7 @@ - build: support for Linux 2.6.31-rc1 +- ipset: fast forward to v3.2 - quota2: support anonymous counters - quota2: reduce memory footprint for anonymous counters - quota2: extend locked period during cleanup (locking bugfix) diff --git a/extensions/ipset/ip_set.c b/extensions/ipset/ip_set.c index 90c7f8d..8ea57fc 100644 --- a/extensions/ipset/ip_set.c +++ b/extensions/ipset/ip_set.c @@ -1373,7 +1373,7 @@ static int ip_set_restore(void *data, while (members_size + set->type->reqsize <= set_restore->members_size) { line++; - DP("members: %d, line %d", members_size, line); + DP("members: %d, line %d", members_size, line); res = __ip_set_addip(index, data + used + members_size, set->type->reqsize); @@ -1911,13 +1911,23 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) res = -ENOENT; goto done; } + +#define SETLIST(set) (strcmp(set->type->typename, "setlist") == 0) + used = 0; if (index == IP_SET_INVALID_ID) { - /* Save all sets */ + /* Save all sets: ugly setlist type dependency */ + int setlist = 0; + setlists: for (i = 0; i < ip_set_max && res == 0; i++) { - if (ip_set_list[i] != NULL) + if (ip_set_list[i] != NULL + && !(setlist ^ SETLIST(ip_set_list[i]))) res = ip_set_save_set(i, data, &used, *len); } + if (!setlist) { + setlist = 1; + goto setlists; + } } else { /* Save an individual set */ res = ip_set_save_set(index, data, &used, *len); diff --git a/extensions/ipset/ip_set_iptreemap.c b/extensions/ipset/ip_set_iptreemap.c index f1fec0c..00f3357 100644 --- a/extensions/ipset/ip_set_iptreemap.c +++ b/extensions/ipset/ip_set_iptreemap.c @@ -338,7 +338,7 @@ KADT(iptreemap, add, ipaddr, ip) static inline int __delip_single(struct ip_set *set, ip_set_ip_t *hash_ip, - ip_set_ip_t ip, unsigned int __nocast flags) + ip_set_ip_t ip, gfp_t flags) { struct ip_set_iptreemap *map = set->data; struct ip_set_iptreemap_b *btree; @@ -364,7 +364,7 @@ __delip_single(struct ip_set *set, ip_set_ip_t *hash_ip, static inline int iptreemap_del(struct ip_set *set, ip_set_ip_t *hash_ip, - ip_set_ip_t start, ip_set_ip_t end, unsigned int __nocast flags) + ip_set_ip_t start, ip_set_ip_t end, gfp_t flags) { struct ip_set_iptreemap *map = set->data; struct ip_set_iptreemap_b *btree; diff --git a/extensions/ipset/ip_set_malloc.h b/extensions/ipset/ip_set_malloc.h index 8bce667..2a80443 100644 --- a/extensions/ipset/ip_set_malloc.h +++ b/extensions/ipset/ip_set_malloc.h @@ -40,7 +40,7 @@ struct harray { }; static inline void * -__harray_malloc(size_t hashsize, size_t typesize, int flags) +__harray_malloc(size_t hashsize, size_t typesize, gfp_t flags) { struct harray *harray; size_t max_elements, size, i, j; @@ -88,7 +88,7 @@ __harray_malloc(size_t hashsize, size_t typesize, int flags) } static inline void * -harray_malloc(size_t hashsize, size_t typesize, int flags) +harray_malloc(size_t hashsize, size_t typesize, gfp_t flags) { void *harray; diff --git a/extensions/ipset/ip_set_setlist.c b/extensions/ipset/ip_set_setlist.c index d4945f1..ba743b7 100644 --- a/extensions/ipset/ip_set_setlist.c +++ b/extensions/ipset/ip_set_setlist.c @@ -21,7 +21,7 @@ * after ==> ref, index */ -static inline bool +static inline int next_index_eq(const struct ip_set_setlist *map, int i, ip_set_id_t index) { return i < map->size && map->index[i] == index; @@ -38,17 +38,15 @@ setlist_utest(struct ip_set *set, const void *data, u_int32_t size, struct ip_set *s; if (req->before && req->ref[0] == '\0') - return -EINVAL; + return 0; index = __ip_set_get_byname(req->name, &s); if (index == IP_SET_INVALID_ID) - return -EEXIST; + return 0; if (req->ref[0] != '\0') { ref = __ip_set_get_byname(req->ref, &s); - if (ref == IP_SET_INVALID_ID) { - res = -EEXIST; + if (ref == IP_SET_INVALID_ID) goto finish; - } } for (i = 0; i < map->size && map->index[i] != IP_SET_INVALID_ID; i++) { @@ -172,7 +170,7 @@ setlist_kadd(struct ip_set *set, return res; } -static inline bool +static inline int unshift_setlist(struct ip_set_setlist *map, int i) { int j; diff --git a/extensions/ipset/ipset.8 b/extensions/ipset/ipset.8 index 522608e..6ef1179 100644 --- a/extensions/ipset/ipset.8 +++ b/extensions/ipset/ipset.8 @@ -50,6 +50,9 @@ IP set bindings pointing to sets and iptables matches and targets referring to sets creates references, which protects the given sets in the kernel. A set cannot be removed (destroyed) while there is a single reference pointing to it. +.P +.B +Please note, binding sets is a deprecated feature and will be removed in a later release. Switch to the multidata type of sets from using bindings. .SH OPTIONS The options that are recognized by .B ipset diff --git a/extensions/ipset/ipset.c b/extensions/ipset/ipset.c index 70935a3..0a8d91d 100644 --- a/extensions/ipset/ipset.c +++ b/extensions/ipset/ipset.c @@ -30,7 +30,7 @@ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" #endif -#define IPSET_VERSION "2.5.0" +#define IPSET_VERSION "3.2" char program_name[] = "ipset"; char program_version[] = IPSET_VERSION;