ipset: upgrade to ipset 2.4.5

extensions/ipset/ip_set.c

@@ -21,6 +21,7 @@
 #include <linux/random.h>
 #include <linux/jhash.h>
 #include <linux/errno.h>
+#include <linux/capability.h>
 #include <asm/uaccess.h>
 #include <asm/bitops.h>
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
@@ -29,7 +30,6 @@
 #include <linux/semaphore.h>
 #endif
 #include <linux/spinlock.h>
-#include <linux/capability.h>
 
 #define ASSERT_READ_LOCK(x)
 #define ASSERT_WRITE_LOCK(x)
@@ -379,7 +379,7 @@ __ip_set_get_byname(const char *name, struct ip_set **set)
 	return index;
 }
 
-void __ip_set_put_byid(ip_set_id_t index)
+void __ip_set_put_byindex(ip_set_id_t index)
 {
 	if (ip_set_list[index])
 		__ip_set_put(index);
@@ -434,12 +434,26 @@ ip_set_get_byindex(ip_set_id_t index)
 	return index;
 }
 
+/*
+ * Find the set id belonging to the index.
+ * We are protected by the mutex, so we do not need to use
+ * ip_set_lock. There is no need to reference the sets either.
+ */
+ip_set_id_t
+ip_set_id(ip_set_id_t index)
+{
+	if (index >= ip_set_max || !ip_set_list[index])
+		return IP_SET_INVALID_ID;
+	
+	return ip_set_list[index]->id;
+}
+
 /*
  * If the given set pointer points to a valid set, decrement
  * reference count by 1. The caller shall not assume the index
  * to be valid, after calling this function.
  */
-void ip_set_put(ip_set_id_t index)
+void ip_set_put_byindex(ip_set_id_t index)
 {
 	down(&ip_set_app_mutex);
 	if (ip_set_list[index])
@@ -2038,9 +2052,10 @@ EXPORT_SYMBOL(ip_set_unregister_set_type);
 
 EXPORT_SYMBOL(ip_set_get_byname);
 EXPORT_SYMBOL(ip_set_get_byindex);
-EXPORT_SYMBOL(ip_set_put);
+EXPORT_SYMBOL(ip_set_put_byindex);
+EXPORT_SYMBOL(ip_set_id);
 EXPORT_SYMBOL(__ip_set_get_byname);
-EXPORT_SYMBOL(__ip_set_put_byid);
+EXPORT_SYMBOL(__ip_set_put_byindex);
 
 EXPORT_SYMBOL(ip_set_addip_kernel);
 EXPORT_SYMBOL(ip_set_delip_kernel);

extensions/ipset/ip_set.h

@@ -495,11 +495,12 @@ struct ip_set_hash {
 
 /* register and unregister set references */
 extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]);
-extern ip_set_id_t ip_set_get_byindex(ip_set_id_t id);
-extern void ip_set_put(ip_set_id_t id);
+extern ip_set_id_t ip_set_get_byindex(ip_set_id_t index);
+extern void ip_set_put_byindex(ip_set_id_t index);
+extern ip_set_id_t ip_set_id(ip_set_id_t index);
 extern ip_set_id_t __ip_set_get_byname(const char name[IP_SET_MAXNAMELEN],
 				       struct ip_set **set);
-extern void __ip_set_put_byid(ip_set_id_t id);
+extern void __ip_set_put_byindex(ip_set_id_t index);
 
 /* API for iptables set match, and SET target */
 extern int ip_set_addip_kernel(ip_set_id_t id,

extensions/ipset/ip_set_setlist.c

@@ -17,14 +17,14 @@
 #include "ip_set_setlist.h"
 
 /*
- * before ==> id, ref
- * after  ==> ref, id
+ * before ==> index, ref
+ * after  ==> ref, index
  */
 
 static inline bool
-next_id_eq(const struct ip_set_setlist *map, int i, ip_set_id_t id)
+next_index_eq(const struct ip_set_setlist *map, int i, ip_set_id_t index)
 {
-	return i < map->size && map->id[i] == id;
+	return i < map->size && map->index[i] == index;
 }
 
 static int
@@ -33,15 +33,15 @@ setlist_utest(struct ip_set *set, const void *data, size_t size,
 {
 	const struct ip_set_setlist *map = set->data;
 	const struct ip_set_req_setlist *req = data;
-	ip_set_id_t id, ref = IP_SET_INVALID_ID;
+	ip_set_id_t index, ref = IP_SET_INVALID_ID;
 	int i, res = 0;
 	struct ip_set *s;
 	
 	if (req->before && req->ref[0] == '\0')
 		return -EINVAL;
 
-	id = __ip_set_get_byname(req->name, &s);
-	if (id == IP_SET_INVALID_ID)
+	index = __ip_set_get_byname(req->name, &s);
+	if (index == IP_SET_INVALID_ID)
 		return -EEXIST;
 	if (req->ref[0] != '\0') {
 		ref = __ip_set_get_byname(req->ref, &s);
@@ -51,24 +51,24 @@ setlist_utest(struct ip_set *set, const void *data, size_t size,
 		}
 	}
 	for (i = 0; i < map->size
-		    && map->id[i] != IP_SET_INVALID_ID; i++) {
-		if (req->before && map->id[i] == id) {
-		    	res = next_id_eq(map, i + 1, ref);
+		    && map->index[i] != IP_SET_INVALID_ID; i++) {
+		if (req->before && map->index[i] == index) {
+		    	res = next_index_eq(map, i + 1, ref);
 		    	break;
 		} else if (!req->before) {
 			if ((ref == IP_SET_INVALID_ID
-			     && map->id[i] == id)
-			    || (map->id[i] == ref
-			        && next_id_eq(map, i + 1, id))) {
+			     && map->index[i] == index)
+			    || (map->index[i] == ref
+			        && next_index_eq(map, i + 1, index))) {
 			        res = 1;
 			        break;
 			}
 		}
 	}
 	if (ref != IP_SET_INVALID_ID)
-		__ip_set_put_byid(ref);
+		__ip_set_put_byindex(ref);
 finish:
-	__ip_set_put_byid(id);
+	__ip_set_put_byindex(index);
 	return res;
 }
 
@@ -83,27 +83,27 @@ setlist_ktest(struct ip_set *set,
 	int i, res = 0;
 	
 	for (i = 0; i < map->size
-		    && map->id[i] != IP_SET_INVALID_ID
+		    && map->index[i] != IP_SET_INVALID_ID
 		    && res == 0; i++)
-		res = ip_set_testip_kernel(map->id[i], skb, flags);
+		res = ip_set_testip_kernel(map->index[i], skb, flags);
 	return res;
 }
 
 static inline int
-insert_setlist(struct ip_set_setlist *map, int i, ip_set_id_t id)
+insert_setlist(struct ip_set_setlist *map, int i, ip_set_id_t index)
 {
 	ip_set_id_t tmp;
 	int j;
 
-	printk("i: %u, last %u\n", i, map->id[map->size - 1]);	
-	if (i >= map->size || map->id[map->size - 1] != IP_SET_INVALID_ID)
+	DP("i: %u, last %u\n", i, map->index[map->size - 1]);	
+	if (i >= map->size || map->index[map->size - 1] != IP_SET_INVALID_ID)
 		return -ERANGE;
 	
 	for (j = i; j < map->size
-		    && id != IP_SET_INVALID_ID; j++) {
-		tmp = map->id[j];
-		map->id[j] = id;
-		id = tmp;
+		    && index != IP_SET_INVALID_ID; j++) {
+		tmp = map->index[j];
+		map->index[j] = index;
+		index = tmp;
 	}
 	return 0;
 }
@@ -114,15 +114,15 @@ setlist_uadd(struct ip_set *set, const void *data, size_t size,
 {
 	struct ip_set_setlist *map = set->data;
 	const struct ip_set_req_setlist *req = data;
-	ip_set_id_t id, ref = IP_SET_INVALID_ID;
+	ip_set_id_t index, ref = IP_SET_INVALID_ID;
 	int i, res = -ERANGE;
 	struct ip_set *s;
 	
 	if (req->before && req->ref[0] == '\0')
 		return -EINVAL;
 
-	id = __ip_set_get_byname(req->name, &s);
-	if (id == IP_SET_INVALID_ID)
+	index = __ip_set_get_byname(req->name, &s);
+	if (index == IP_SET_INVALID_ID)
 		return -EEXIST;
 	/* "Loop detection" */
 	if (strcmp(s->type->typename, "setlist") == 0)
@@ -136,22 +136,22 @@ setlist_uadd(struct ip_set *set, const void *data, size_t size,
 		}
 	}
 	for (i = 0; i < map->size; i++) {
-		if (map->id[i] != ref)
+		if (map->index[i] != ref)
 			continue;
 		if (req->before) 
-			res = insert_setlist(map, i, id);
+			res = insert_setlist(map, i, index);
 		else
 			res = insert_setlist(map,
 				ref == IP_SET_INVALID_ID ? i : i + 1,
-				id);
+				index);
 		break;
 	}
 	if (ref != IP_SET_INVALID_ID)
-		__ip_set_put_byid(ref);
-	/* In case of success, we keep the reference to the id */
+		__ip_set_put_byindex(ref);
+	/* In case of success, we keep the reference to the set */
 finish:
 	if (res != 0)
-		__ip_set_put_byid(id);
+		__ip_set_put_byindex(index);
 	return res;
 }
 
@@ -166,9 +166,9 @@ setlist_kadd(struct ip_set *set,
 	int i, res = -EINVAL;
 	
 	for (i = 0; i < map->size
-		    && map->id[i] != IP_SET_INVALID_ID
+		    && map->index[i] != IP_SET_INVALID_ID
 		    && res != 0; i++)
-		res = ip_set_addip_kernel(map->id[i], skb, flags);
+		res = ip_set_addip_kernel(map->index[i], skb, flags);
 	return res;
 }
 
@@ -178,8 +178,8 @@ unshift_setlist(struct ip_set_setlist *map, int i)
 	int j;
 	
 	for (j = i; j < map->size - 1; j++)
-		map->id[j] = map->id[j+1];
-	map->id[map->size-1] = IP_SET_INVALID_ID;
+		map->index[j] = map->index[j+1];
+	map->index[map->size-1] = IP_SET_INVALID_ID;
 	return 0;
 }
 
@@ -189,15 +189,15 @@ setlist_udel(struct ip_set *set, const void *data, size_t size,
 {
 	struct ip_set_setlist *map = set->data;
 	const struct ip_set_req_setlist *req = data;
-	ip_set_id_t id, ref = IP_SET_INVALID_ID;
+	ip_set_id_t index, ref = IP_SET_INVALID_ID;
 	int i, res = -EEXIST;
 	struct ip_set *s;
 	
 	if (req->before && req->ref[0] == '\0')
 		return -EINVAL;
 
-	id = __ip_set_get_byname(req->name, &s);
-	if (id == IP_SET_INVALID_ID)
+	index = __ip_set_get_byname(req->name, &s);
+	if (index == IP_SET_INVALID_ID)
 		return -EEXIST;
 	if (req->ref[0] != '\0') {
 		ref = __ip_set_get_byname(req->ref, &s);
@@ -205,31 +205,31 @@ setlist_udel(struct ip_set *set, const void *data, size_t size,
 			goto finish;
 	}
 	for (i = 0; i < map->size
-	            && map->id[i] != IP_SET_INVALID_ID; i++) {
+	            && map->index[i] != IP_SET_INVALID_ID; i++) {
 		if (req->before) {
-			if (map->id[i] == id
-			    && next_id_eq(map, i + 1, ref)) {
+			if (map->index[i] == index
+			    && next_index_eq(map, i + 1, ref)) {
 				res = unshift_setlist(map, i);
 				break;
 			}
 		} else if (ref == IP_SET_INVALID_ID) {
-			if (map->id[i] == id) {
+			if (map->index[i] == index) {
 				res = unshift_setlist(map, i);
 				break;
 			}
-		} else if (map->id[i] == ref
-			   && next_id_eq(map, i + 1, id)) {
+		} else if (map->index[i] == ref
+			   && next_index_eq(map, i + 1, index)) {
 			res = unshift_setlist(map, i + 1);
 			break;
 		}
 	}
 	if (ref != IP_SET_INVALID_ID)
-		__ip_set_put_byid(ref);
+		__ip_set_put_byindex(ref);
 finish:
-	__ip_set_put_byid(id);
-	/* In case of success, release the reference to the id */
+	__ip_set_put_byindex(index);
+	/* In case of success, release the reference to the set */
 	if (res == 0)
-		__ip_set_put_byid(id);
+		__ip_set_put_byindex(index);
 	return res;
 }
 
@@ -244,9 +244,9 @@ setlist_kdel(struct ip_set *set,
 	int i, res = -EINVAL;
 	
 	for (i = 0; i < map->size
-		    && map->id[i] != IP_SET_INVALID_ID
+		    && map->index[i] != IP_SET_INVALID_ID
 		    && res != 0; i++)
-		res = ip_set_delip_kernel(map->id[i], skb, flags);
+		res = ip_set_delip_kernel(map->index[i], skb, flags);
 	return res;
 }
 
@@ -263,7 +263,7 @@ setlist_create(struct ip_set *set, const void *data, size_t size)
 		return -ENOMEM;
 	map->size = req->size;
 	for (i = 0; i < map->size; i++)
-		map->id[i] = IP_SET_INVALID_ID;
+		map->index[i] = IP_SET_INVALID_ID;
 	
 	set->data = map;
 	return 0;
@@ -276,8 +276,8 @@ setlist_destroy(struct ip_set *set)
 	int i;
 	
 	for (i = 0; i < map->size
-		    && map->id[i] != IP_SET_INVALID_ID; i++)
-		__ip_set_put_byid(map->id[i]);
+		    && map->index[i] != IP_SET_INVALID_ID; i++)
+		__ip_set_put_byindex(map->index[i]);
 
 	kfree(map);
 	set->data = NULL;
@@ -290,9 +290,9 @@ setlist_flush(struct ip_set *set)
 	int i;
 	
 	for (i = 0; i < map->size
-		    && map->id[i] != IP_SET_INVALID_ID; i++) {
-		__ip_set_put_byid(map->id[i]);
-		map->id[i] = IP_SET_INVALID_ID;
+		    && map->index[i] != IP_SET_INVALID_ID; i++) {
+		__ip_set_put_byindex(map->index[i]);
+		map->index[i] = IP_SET_INVALID_ID;
 	}
 }
 
@@ -320,7 +320,7 @@ setlist_list_members(const struct ip_set *set, void *data)
 	int i;
 	
 	for (i = 0; i < map->size; i++)
-		*((ip_set_id_t *)data + i) = map->id[i];
+		*((ip_set_id_t *)data + i) = ip_set_id(map->index[i]);
 }
 
 IP_SET_TYPE(setlist, IPSET_TYPE_SETNAME | IPSET_DATA_SINGLE)

extensions/ipset/ip_set_setlist.h

@@ -10,7 +10,7 @@
 
 struct ip_set_setlist {
 	uint8_t size;
-	ip_set_id_t id[0];
+	ip_set_id_t index[0];
 };
 
 struct ip_set_req_setlist_create {

extensions/ipset/ipset.c

@@ -30,7 +30,7 @@
 #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
 #endif
 
-#define IPSET_VERSION "2.4.3"
+#define IPSET_VERSION "2.4.5"
 
 char program_name[] = "ipset";
 char program_version[] = IPSET_VERSION;
@@ -121,7 +121,7 @@ static struct option opts_long[] = {
 	{"help",    2, 0, 'H'},
 
 	/* end */
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 static char opts_short[] =
@@ -734,13 +734,13 @@ string_to_number(const char *str, unsigned int min, unsigned int max,
 static int
 string_to_port(const char *str, ip_set_ip_t *port)
 {
-	struct servent *service = getservbyname(str, "tcp");
+	struct servent *service;
 	
 	if ((service = getservbyname(str, "tcp")) != NULL) {
 		*port = ntohs((uint16_t) service->s_port);
 		return 0;
 	}
-	return - 1;
+	return -1;
 }
 
 /* Fills the 'ip' with the parsed port in host byte order */
@@ -1955,7 +1955,7 @@ static int find_cmd(int option)
 	int i;
 	
 	for (i = 1; i <= NUMBER_OF_CMD; i++)
-		if (cmdflags[i] == (char) option)
+		if (cmdflags[i] == option)
 			return i;
 			
 	return CMD_NONE;

extensions/ipset/ipset.h

@@ -68,10 +68,11 @@ enum set_commands {
 	CMD_ADT_GET,
 };
 
-/* Exit codes */
-#define OTHER_PROBLEM		1
-#define PARAMETER_PROBLEM	2
-#define VERSION_PROBLEM		3
+enum exittype {
+	OTHER_PROBLEM = 1,
+	PARAMETER_PROBLEM,
+	VERSION_PROBLEM
+};
 
 /* The view of an ipset in userspace */
 struct set {

extensions/ipset/ipset_iphash.c

@@ -127,7 +127,7 @@ static const struct option create_opts[] = {
 	{.name = "probes",	.has_arg = required_argument,	.val = '2'},
 	{.name = "resize",	.has_arg = required_argument,	.val = '3'},
 	{.name = "netmask",	.has_arg = required_argument,	.val = '4'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_ipmap.c

@@ -183,7 +183,7 @@ static const struct option create_opts[] = {
 	{.name = "to",		.has_arg = required_argument,	.val = '2'},
 	{.name = "network",	.has_arg = required_argument,	.val = '3'},
 	{.name = "netmask",	.has_arg = required_argument,	.val = '4'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_ipporthash.c

@@ -184,7 +184,7 @@ static const struct option create_opts[] = {
 	{.name = "from",	.has_arg = required_argument,	.val = '4'},
 	{.name = "to",		.has_arg = required_argument,	.val = '5'},
 	{.name = "network",	.has_arg = required_argument,	.val = '6'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_ipportiphash.c

@@ -184,7 +184,7 @@ static const struct option create_opts[] = {
 	{.name = "from",	.has_arg = required_argument,	.val = '4'},
 	{.name = "to",		.has_arg = required_argument,	.val = '5'},
 	{.name = "network",	.has_arg = required_argument,	.val = '6'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_ipportnethash.c

@@ -184,7 +184,7 @@ static const struct option create_opts[] = {
 	{.name = "from",	.has_arg = required_argument,	.val = '4'},
 	{.name = "to",		.has_arg = required_argument,	.val = '5'},
 	{.name = "network",	.has_arg = required_argument,	.val = '6'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_iptree.c

@@ -70,7 +70,7 @@ create_final(void *data UNUSED, unsigned int flags UNUSED)
 /* Create commandline options */
 static const struct option create_opts[] = {
 	{.name = "timeout",	.has_arg = required_argument,	.val = '1'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_iptreemap.c

@@ -59,7 +59,7 @@ create_final(void *data UNUSED, unsigned int flags UNUSED)
 
 static const struct option create_opts[] = {
 	{.name = "gc",	.has_arg = required_argument,	.val = 'g'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 static ip_set_ip_t

extensions/ipset/ipset_macipmap.c

@@ -149,7 +149,7 @@ static const struct option create_opts[] = {
 	{.name = "to",		.has_arg = required_argument,	.val = '2'},
 	{.name = "network",	.has_arg = required_argument,	.val = '3'},
 	{.name = "matchunset",	.has_arg = no_argument,		.val = '4'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 static void

extensions/ipset/ipset_nethash.c

@@ -106,7 +106,7 @@ static const struct option create_opts[] = {
 	{.name = "hashsize",	.has_arg = required_argument,	.val = '1'},
 	{.name = "probes",	.has_arg = required_argument,	.val = '2'},
 	{.name = "resize",	.has_arg = required_argument,	.val = '3'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_portmap.c

@@ -108,7 +108,7 @@ create_final(void *data, unsigned int flags)
 static const struct option create_opts[] = {
 	{.name = "from",	.has_arg = required_argument,	.val = '1'},
 	{.name = "to",		.has_arg = required_argument,	.val = '2'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 /* Add, del, test parser */

extensions/ipset/ipset_setlist.c

@@ -64,7 +64,7 @@ create_final(void *data UNUSED, unsigned int flags UNUSED)
 /* Create commandline options */
 static const struct option create_opts[] = {
 	{.name = "size",	.has_arg = required_argument,	.val = '1'},
-	{0, 0, 0, 0},
+	{NULL},
 };
 
 static void check_setname(const char *name)

extensions/ipset/ipt_SET.c

@@ -179,9 +179,9 @@ static void destroy(const struct xt_target *target,
 	}
 #endif
 	if (info->add_set.index != IP_SET_INVALID_ID)
-		ip_set_put(info->add_set.index);
+		ip_set_put_byindex(info->add_set.index);
 	if (info->del_set.index != IP_SET_INVALID_ID)
-		ip_set_put(info->del_set.index);
+		ip_set_put_byindex(info->del_set.index);
 }
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)

extensions/ipset/ipt_set.c

@@ -175,7 +175,7 @@ static void destroy(const struct xt_match *match,
 		return;
 	}
 #endif
-	ip_set_put(info->match_set.index);
+	ip_set_put_byindex(info->match_set.index);
 }
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)