git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge to Fedora kernel-2.6.18-1.2260_FC5 patched with stable patch-2.6.18.5-vs2.0...
[linux-2.6.git]
/
net
/
ipv4
/
netfilter
/
ip_set_ipporthash.c
diff --git
a/net/ipv4/netfilter/ip_set_ipporthash.c
b/net/ipv4/netfilter/ip_set_ipporthash.c
index
86a4c6c
..
b229f73
100644
(file)
--- a/
net/ipv4/netfilter/ip_set_ipporthash.c
+++ b/
net/ipv4/netfilter/ip_set_ipporthash.c
@@
-27,6
+27,8
@@
#include <linux/netfilter_ipv4/ip_set_ipporthash.h>
#include <linux/netfilter_ipv4/ip_set_jhash.h>
#include <linux/netfilter_ipv4/ip_set_ipporthash.h>
#include <linux/netfilter_ipv4/ip_set_jhash.h>
+static int limit = MAX_RANGE;
+
/* We must handle non-linear skbs */
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
/* We must handle non-linear skbs */
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
@@
-175,6
+177,7
@@
__add_haship(struct ip_set_ipporthash *map, ip_set_ip_t hash_ip)
return -EEXIST;
if (!*elem) {
*elem = hash_ip;
return -EEXIST;
if (!*elem) {
*elem = hash_ip;
+ map->elements++;
return 0;
}
}
return 0;
}
}
@@
-186,6
+189,8
@@
static inline int
__addip(struct ip_set_ipporthash *map, ip_set_ip_t ip, ip_set_ip_t port,
ip_set_ip_t *hash_ip)
{
__addip(struct ip_set_ipporthash *map, ip_set_ip_t ip, ip_set_ip_t port,
ip_set_ip_t *hash_ip)
{
+ if (map->elements > limit)
+ return -ERANGE;
if (ip < map->first_ip || ip > map->last_ip)
return -ERANGE;
if (ip < map->first_ip || ip > map->last_ip)
return -ERANGE;
@@
-282,6
+287,7
@@
static int retry(struct ip_set *set)
return -ENOMEM;
}
tmp->hashsize = hashsize;
return -ENOMEM;
}
tmp->hashsize = hashsize;
+ tmp->elements = 0;
tmp->probes = map->probes;
tmp->resize = map->resize;
tmp->first_ip = map->first_ip;
tmp->probes = map->probes;
tmp->resize = map->resize;
tmp->first_ip = map->first_ip;
@@
-334,6
+340,7
@@
__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port,
elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
*elem = 0;
elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
*elem = 0;
+ map->elements--;
return 0;
}
return 0;
}
@@
-420,6
+427,7
@@
static int create(struct ip_set *set, const void *data, size_t size)
}
for (i = 0; i < req->probes; i++)
get_random_bytes(((uint32_t *) map->initval)+i, 4);
}
for (i = 0; i < req->probes; i++)
get_random_bytes(((uint32_t *) map->initval)+i, 4);
+ map->elements = 0;
map->hashsize = req->hashsize;
map->probes = req->probes;
map->resize = req->resize;
map->hashsize = req->hashsize;
map->probes = req->probes;
map->resize = req->resize;
@@
-450,6
+458,7
@@
static void flush(struct ip_set *set)
{
struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data;
harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t));
{
struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data;
harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t));
+ map->elements = 0;
}
static void list_header(const struct ip_set *set, void *data)
}
static void list_header(const struct ip_set *set, void *data)
@@
-508,6
+517,8
@@
static struct ip_set_type ip_set_ipporthash = {
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("ipporthash type of IP sets");
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("ipporthash type of IP sets");
+module_param(limit, int, 0600);
+MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
static int __init init(void)
{
static int __init init(void)
{