From bd5a19dd4af64aaf2a1cc38033a2bd21a093a497 Mon Sep 17 00:00:00 2001 From: Marc Fiuczynski Date: Wed, 3 Jan 2007 22:14:39 +0000 Subject: [PATCH] Merge to Fedora kernel-2.6.18-1.2260_FC5 patched with stable patch-2.6.18.5-vs2.0.3-rc1.diff and latest version of the (ip)set netfilter incorporated by patch-o-matic --- .config | 2 +- configs/kernel-2.6.18-i586-smp.config | 2 +- configs/kernel-2.6.18-i586.config | 2 +- configs/kernel-2.6.18-i686-kdump.config | 2 +- configs/kernel-2.6.18-i686-smp.config | 2 +- configs/kernel-2.6.18-i686-xen.config | 2 +- configs/kernel-2.6.18-i686-xen0.config | 2 +- configs/kernel-2.6.18-i686-xenU.config | 2 +- configs/kernel-2.6.18-i686.config | 2 +- configs/kernel-2.6.18-ia64-xen.config | 2 +- configs/kernel-2.6.18-ia64.config | 2 +- configs/kernel-2.6.18-ppc-smp.config | 2 +- configs/kernel-2.6.18-ppc.config | 2 +- configs/kernel-2.6.18-ppc64-kdump.config | 2 +- configs/kernel-2.6.18-ppc64.config | 2 +- configs/kernel-2.6.18-ppc64iseries.config | 2 +- configs/kernel-2.6.18-s390.config | 2 +- configs/kernel-2.6.18-s390x.config | 2 +- configs/kernel-2.6.18-x86_64-kdump.config | 2 +- configs/kernel-2.6.18-x86_64-xen.config | 2 +- configs/kernel-2.6.18-x86_64-xen0.config | 2 +- configs/kernel-2.6.18-x86_64-xenU.config | 2 +- configs/kernel-2.6.18-x86_64.config | 2 +- include/linux/netfilter_ipv4/ip_set_iphash.h | 1 + .../linux/netfilter_ipv4/ip_set_ipporthash.h | 1 + include/linux/netfilter_ipv4/ip_set_iptree.h | 1 + include/linux/netfilter_ipv4/ip_set_nethash.h | 1 + net/ipv4/netfilter/Kconfig | 109 ++++++++++++++++++ net/ipv4/netfilter/Makefile | 12 ++ net/ipv4/netfilter/ip_set.c | 69 +++++------ net/ipv4/netfilter/ip_set_iphash.c | 21 +++- net/ipv4/netfilter/ip_set_ipporthash.c | 11 ++ net/ipv4/netfilter/ip_set_iptree.c | 25 +++- net/ipv4/netfilter/ip_set_nethash.c | 23 +++- net/ipv4/netfilter/ipt_SET.c | 46 ++++++-- net/ipv4/netfilter/ipt_set.c | 46 ++++++-- scripts/basic/.docproc.cmd | 8 +- scripts/basic/.fixdep.cmd | 8 +- scripts/basic/docproc | Bin 13404 -> 13404 bytes scripts/basic/fixdep | Bin 8881 -> 8881 bytes scripts/kconfig/.conf.o.cmd | 6 +- scripts/kconfig/.kxgettext.o.cmd | 6 +- scripts/kconfig/.mconf.o.cmd | 10 +- scripts/kconfig/.zconf.tab.o.cmd | 16 +-- scripts/kconfig/conf | Bin 67944 -> 67944 bytes scripts/kconfig/conf.o | Bin 11376 -> 11376 bytes scripts/kconfig/kxgettext.o | Bin 2416 -> 2416 bytes scripts/kconfig/mconf.o | Bin 29292 -> 29292 bytes scripts/kconfig/zconf.tab.o | Bin 70500 -> 70500 bytes 49 files changed, 356 insertions(+), 110 deletions(-) diff --git a/.config b/.config index 4ac339200..71f719b4c 100644 --- a/.config +++ b/.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:27 2006 +# Wed Jan 3 21:45:35 2007 # CONFIG_X86_64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-i586-smp.config b/configs/kernel-2.6.18-i586-smp.config index 9b8e0f044..adbc55e34 100644 --- a/configs/kernel-2.6.18-i586-smp.config +++ b/configs/kernel-2.6.18-i586-smp.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:21 2006 +# Wed Jan 3 21:45:29 2007 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y diff --git a/configs/kernel-2.6.18-i586.config b/configs/kernel-2.6.18-i586.config index 96022d6a5..904efab82 100644 --- a/configs/kernel-2.6.18-i586.config +++ b/configs/kernel-2.6.18-i586.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:21 2006 +# Wed Jan 3 21:45:29 2007 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y diff --git a/configs/kernel-2.6.18-i686-kdump.config b/configs/kernel-2.6.18-i686-kdump.config index f524425f6..0d635735a 100644 --- a/configs/kernel-2.6.18-i686-kdump.config +++ b/configs/kernel-2.6.18-i686-kdump.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:22 2006 +# Wed Jan 3 21:45:29 2007 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y diff --git a/configs/kernel-2.6.18-i686-smp.config b/configs/kernel-2.6.18-i686-smp.config index 002f39691..e62766108 100644 --- a/configs/kernel-2.6.18-i686-smp.config +++ b/configs/kernel-2.6.18-i686-smp.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:22 2006 +# Wed Jan 3 21:45:30 2007 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y diff --git a/configs/kernel-2.6.18-i686-xen.config b/configs/kernel-2.6.18-i686-xen.config index 3d888fc8f..fd1a4c242 100644 --- a/configs/kernel-2.6.18-i686-xen.config +++ b/configs/kernel-2.6.18-i686-xen.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:22 2006 +# Wed Jan 3 21:45:30 2007 # CONFIG_X86_32=y CONFIG_LOCKDEP_SUPPORT=y diff --git a/configs/kernel-2.6.18-i686-xen0.config b/configs/kernel-2.6.18-i686-xen0.config index c37defd9c..afeec72f5 100644 --- a/configs/kernel-2.6.18-i686-xen0.config +++ b/configs/kernel-2.6.18-i686-xen0.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:23 2006 +# Wed Jan 3 21:45:30 2007 # CONFIG_X86_32=y CONFIG_LOCKDEP_SUPPORT=y diff --git a/configs/kernel-2.6.18-i686-xenU.config b/configs/kernel-2.6.18-i686-xenU.config index ce59cd9d8..91794caa3 100644 --- a/configs/kernel-2.6.18-i686-xenU.config +++ b/configs/kernel-2.6.18-i686-xenU.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:23 2006 +# Wed Jan 3 21:45:31 2007 # CONFIG_X86_32=y CONFIG_LOCKDEP_SUPPORT=y diff --git a/configs/kernel-2.6.18-i686.config b/configs/kernel-2.6.18-i686.config index a9f030d09..ad5e47642 100644 --- a/configs/kernel-2.6.18-i686.config +++ b/configs/kernel-2.6.18-i686.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:23 2006 +# Wed Jan 3 21:45:31 2007 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y diff --git a/configs/kernel-2.6.18-ia64-xen.config b/configs/kernel-2.6.18-ia64-xen.config index 339709b62..8b290bcb4 100644 --- a/configs/kernel-2.6.18-ia64-xen.config +++ b/configs/kernel-2.6.18-ia64-xen.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:24 2006 +# Wed Jan 3 21:45:31 2007 # CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" diff --git a/configs/kernel-2.6.18-ia64.config b/configs/kernel-2.6.18-ia64.config index d811a1beb..586f30868 100644 --- a/configs/kernel-2.6.18-ia64.config +++ b/configs/kernel-2.6.18-ia64.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:24 2006 +# Wed Jan 3 21:45:32 2007 # CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" diff --git a/configs/kernel-2.6.18-ppc-smp.config b/configs/kernel-2.6.18-ppc-smp.config index 7ecb586db..615402e6f 100644 --- a/configs/kernel-2.6.18-ppc-smp.config +++ b/configs/kernel-2.6.18-ppc-smp.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:24 2006 +# Wed Jan 3 21:45:32 2007 # # CONFIG_PPC64 is not set CONFIG_PPC32=y diff --git a/configs/kernel-2.6.18-ppc.config b/configs/kernel-2.6.18-ppc.config index 3b93fbad0..889cc466e 100644 --- a/configs/kernel-2.6.18-ppc.config +++ b/configs/kernel-2.6.18-ppc.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:25 2006 +# Wed Jan 3 21:45:32 2007 # # CONFIG_PPC64 is not set CONFIG_PPC32=y diff --git a/configs/kernel-2.6.18-ppc64-kdump.config b/configs/kernel-2.6.18-ppc64-kdump.config index fe9012c14..31aba7a0a 100644 --- a/configs/kernel-2.6.18-ppc64-kdump.config +++ b/configs/kernel-2.6.18-ppc64-kdump.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:25 2006 +# Wed Jan 3 21:45:32 2007 # CONFIG_PPC64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-ppc64.config b/configs/kernel-2.6.18-ppc64.config index 35c0c63d5..580315c18 100644 --- a/configs/kernel-2.6.18-ppc64.config +++ b/configs/kernel-2.6.18-ppc64.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:25 2006 +# Wed Jan 3 21:45:33 2007 # CONFIG_PPC64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-ppc64iseries.config b/configs/kernel-2.6.18-ppc64iseries.config index 2fdbeb8cb..86974c1c5 100644 --- a/configs/kernel-2.6.18-ppc64iseries.config +++ b/configs/kernel-2.6.18-ppc64iseries.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:25 2006 +# Wed Jan 3 21:45:33 2007 # CONFIG_PPC64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-s390.config b/configs/kernel-2.6.18-s390.config index d73b915cd..a8e83f698 100644 --- a/configs/kernel-2.6.18-s390.config +++ b/configs/kernel-2.6.18-s390.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:26 2006 +# Wed Jan 3 21:45:33 2007 # CONFIG_MMU=y CONFIG_LOCKDEP_SUPPORT=y diff --git a/configs/kernel-2.6.18-s390x.config b/configs/kernel-2.6.18-s390x.config index 56508ef57..c048da369 100644 --- a/configs/kernel-2.6.18-s390x.config +++ b/configs/kernel-2.6.18-s390x.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:26 2006 +# Wed Jan 3 21:45:34 2007 # CONFIG_MMU=y CONFIG_LOCKDEP_SUPPORT=y diff --git a/configs/kernel-2.6.18-x86_64-kdump.config b/configs/kernel-2.6.18-x86_64-kdump.config index da14891ec..732d8df5e 100644 --- a/configs/kernel-2.6.18-x86_64-kdump.config +++ b/configs/kernel-2.6.18-x86_64-kdump.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:27 2006 +# Wed Jan 3 21:45:34 2007 # CONFIG_X86_64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-x86_64-xen.config b/configs/kernel-2.6.18-x86_64-xen.config index 6fad8ff64..dcb421805 100644 --- a/configs/kernel-2.6.18-x86_64-xen.config +++ b/configs/kernel-2.6.18-x86_64-xen.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:27 2006 +# Wed Jan 3 21:45:34 2007 # CONFIG_X86_64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-x86_64-xen0.config b/configs/kernel-2.6.18-x86_64-xen0.config index 51a5b78dd..d52846f91 100644 --- a/configs/kernel-2.6.18-x86_64-xen0.config +++ b/configs/kernel-2.6.18-x86_64-xen0.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:27 2006 +# Wed Jan 3 21:45:34 2007 # CONFIG_X86_64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-x86_64-xenU.config b/configs/kernel-2.6.18-x86_64-xenU.config index 2fcae4e29..657150e2f 100644 --- a/configs/kernel-2.6.18-x86_64-xenU.config +++ b/configs/kernel-2.6.18-x86_64-xenU.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:27 2006 +# Wed Jan 3 21:45:34 2007 # CONFIG_X86_64=y CONFIG_64BIT=y diff --git a/configs/kernel-2.6.18-x86_64.config b/configs/kernel-2.6.18-x86_64.config index 6c935d9f0..699ee0797 100644 --- a/configs/kernel-2.6.18-x86_64.config +++ b/configs/kernel-2.6.18-x86_64.config @@ -2,7 +2,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.18.6 -# Thu Dec 28 22:01:27 2006 +# Wed Jan 3 21:45:35 2007 # CONFIG_X86_64=y CONFIG_64BIT=y diff --git a/include/linux/netfilter_ipv4/ip_set_iphash.h b/include/linux/netfilter_ipv4/ip_set_iphash.h index 65eb2be54..7de854b4a 100644 --- a/include/linux/netfilter_ipv4/ip_set_iphash.h +++ b/include/linux/netfilter_ipv4/ip_set_iphash.h @@ -8,6 +8,7 @@ struct ip_set_iphash { ip_set_ip_t *members; /* the iphash proper */ + uint32_t elements; /* number of elements */ uint32_t hashsize; /* hash size */ uint16_t probes; /* max number of probes */ uint16_t resize; /* resize factor in percent */ diff --git a/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/include/linux/netfilter_ipv4/ip_set_ipporthash.h index 0e422f570..b715c56c2 100644 --- a/include/linux/netfilter_ipv4/ip_set_ipporthash.h +++ b/include/linux/netfilter_ipv4/ip_set_ipporthash.h @@ -9,6 +9,7 @@ struct ip_set_ipporthash { ip_set_ip_t *members; /* the ipporthash proper */ + uint32_t elements; /* number of elements */ uint32_t hashsize; /* hash size */ uint16_t probes; /* max number of probes */ uint16_t resize; /* resize factor in percent */ diff --git a/include/linux/netfilter_ipv4/ip_set_iptree.h b/include/linux/netfilter_ipv4/ip_set_iptree.h index 54142a76b..64e716b03 100644 --- a/include/linux/netfilter_ipv4/ip_set_iptree.h +++ b/include/linux/netfilter_ipv4/ip_set_iptree.h @@ -22,6 +22,7 @@ struct ip_set_iptree { unsigned int timeout; unsigned int gc_interval; #ifdef __KERNEL__ + uint32_t elements; /* number of elements */ struct timer_list gc; struct ip_set_iptreeb *tree[256]; /* ADDR.*.*.* */ #endif diff --git a/include/linux/netfilter_ipv4/ip_set_nethash.h b/include/linux/netfilter_ipv4/ip_set_nethash.h index 6823641b2..172ef02d8 100644 --- a/include/linux/netfilter_ipv4/ip_set_nethash.h +++ b/include/linux/netfilter_ipv4/ip_set_nethash.h @@ -8,6 +8,7 @@ struct ip_set_nethash { ip_set_ip_t *members; /* the nethash proper */ + uint32_t elements; /* number of elements */ uint32_t hashsize; /* hash size */ uint16_t probes; /* max number of probes */ uint16_t resize; /* resize factor in percent */ diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index ef0b5aac5..a43ed1aee 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig @@ -645,5 +645,114 @@ config IP_NF_ARP_MANGLE Allows altering the ARP packet payload: source and destination hardware and network addresses. +config IP_NF_SET + tristate "IP set support" + depends on INET && NETFILTER + help + This option adds IP set support to the kernel. + In order to define and use sets, you need the userspace utility + ipset(8). + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_MAX + int "Maximum number of IP sets" + default 256 + range 2 65534 + depends on IP_NF_SET + help + You can define here default value of the maximum number + of IP sets for the kernel. + + The value can be overriden by the 'max_sets' module + parameter of the 'ip_set' module. + +config IP_NF_SET_HASHSIZE + int "Hash size for bindings of IP sets" + default 1024 + depends on IP_NF_SET + help + You can define here default value of the hash size for + bindings of IP sets. + + The value can be overriden by the 'hash_size' module + parameter of the 'ip_set' module. + +config IP_NF_SET_IPMAP + tristate "ipmap set support" + depends on IP_NF_SET + help + This option adds the ipmap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_MACIPMAP + tristate "macipmap set support" + depends on IP_NF_SET + help + This option adds the macipmap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_PORTMAP + tristate "portmap set support" + depends on IP_NF_SET + help + This option adds the portmap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPHASH + tristate "iphash set support" + depends on IP_NF_SET + help + This option adds the iphash set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_NETHASH + tristate "nethash set support" + depends on IP_NF_SET + help + This option adds the nethash set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPPORTHASH + tristate "ipporthash set support" + depends on IP_NF_SET + help + This option adds the ipporthash set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPTREE + tristate "iptree set support" + depends on IP_NF_SET + help + This option adds the iptree set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_MATCH_SET + tristate "set match support" + depends on IP_NF_SET + help + Set matching matches against given IP sets. + You need the ipset utility to create and set up the sets. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_TARGET_SET + tristate "SET target support" + depends on IP_NF_SET + help + The SET target makes possible to add/delete entries + in IP sets. + You need the ipset utility to create and set up the sets. + + To compile it as a module, choose M here. If unsure, say N. + + endmenu diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 3ded4a3af..721968d47 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile @@ -62,6 +62,7 @@ obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o obj-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp.o obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o +obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o # targets @@ -79,6 +80,17 @@ obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o +obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o + +# sets +obj-$(CONFIG_IP_NF_SET) += ip_set.o +obj-$(CONFIG_IP_NF_SET_IPMAP) += ip_set_ipmap.o +obj-$(CONFIG_IP_NF_SET_PORTMAP) += ip_set_portmap.o +obj-$(CONFIG_IP_NF_SET_MACIPMAP) += ip_set_macipmap.o +obj-$(CONFIG_IP_NF_SET_IPHASH) += ip_set_iphash.o +obj-$(CONFIG_IP_NF_SET_NETHASH) += ip_set_nethash.o +obj-$(CONFIG_IP_NF_SET_IPPORTHASH) += ip_set_ipporthash.o +obj-$(CONFIG_IP_NF_SET_IPTREE) += ip_set_iptree.o # generic ARP tables obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o diff --git a/net/ipv4/netfilter/ip_set.c b/net/ipv4/netfilter/ip_set.c index ff30f7ced..1ecee5d0f 100644 --- a/net/ipv4/netfilter/ip_set.c +++ b/net/ipv4/netfilter/ip_set.c @@ -9,7 +9,10 @@ /* Kernel module for IP set management */ +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) #include +#endif #include #include #include @@ -25,9 +28,8 @@ #include #include -#define ASSERT_READ_LOCK(x) /* dont use that */ +#define ASSERT_READ_LOCK(x) #define ASSERT_WRITE_LOCK(x) -#include #include static struct list_head set_type_list; /* all registered sets */ @@ -69,11 +71,16 @@ __ip_set_put(ip_set_id_t index) * Binding routines */ -static inline int -ip_hash_cmp(const struct ip_set_hash *set_hash, - ip_set_id_t id, ip_set_ip_t ip) +static inline struct ip_set_hash * +__ip_set_find(u_int32_t key, ip_set_id_t id, ip_set_ip_t ip) { - return set_hash->id == id && set_hash->ip == ip; + struct ip_set_hash *set_hash; + + list_for_each_entry(set_hash, &ip_set_hash[key], list) + if (set_hash->id == id && set_hash->ip == ip) + return set_hash; + + return NULL; } static ip_set_id_t @@ -87,8 +94,7 @@ ip_set_find_in_hash(ip_set_id_t id, ip_set_ip_t ip) IP_SET_ASSERT(ip_set_list[id]); DP("set: %s, ip: %u.%u.%u.%u", ip_set_list[id]->name, HIPQUAD(ip)); - set_hash = LIST_FIND(&ip_set_hash[key], ip_hash_cmp, - struct ip_set_hash *, id, ip); + set_hash = __ip_set_find(key, id, ip); DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name, HIPQUAD(ip), @@ -118,8 +124,7 @@ ip_set_hash_del(ip_set_id_t id, ip_set_ip_t ip) IP_SET_ASSERT(ip_set_list[id]); DP("set: %s, ip: %u.%u.%u.%u", ip_set_list[id]->name, HIPQUAD(ip)); write_lock_bh(&ip_set_lock); - set_hash = LIST_FIND(&ip_set_hash[key], ip_hash_cmp, - struct ip_set_hash *, id, ip); + set_hash = __ip_set_find(key, id, ip); DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name, HIPQUAD(ip), set_hash != NULL ? ip_set_list[set_hash->binding]->name : ""); @@ -143,8 +148,7 @@ ip_set_hash_add(ip_set_id_t id, ip_set_ip_t ip, ip_set_id_t binding) DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name, HIPQUAD(ip), ip_set_list[binding]->name); write_lock_bh(&ip_set_lock); - set_hash = LIST_FIND(&ip_set_hash[key], ip_hash_cmp, - struct ip_set_hash *, id, ip); + set_hash = __ip_set_find(key, id, ip); if (!set_hash) { set_hash = kmalloc(sizeof(struct ip_set_hash), GFP_KERNEL); if (!set_hash) { @@ -285,19 +289,15 @@ ip_set_delip_kernel(ip_set_id_t index, /* Register and deregister settype */ -static inline int -set_type_equal(const struct ip_set_type *set_type, const char *str2) -{ - return !strncmp(set_type->typename, str2, IP_SET_MAXNAMELEN - 1); -} - static inline struct ip_set_type * find_set_type(const char *name) { - return LIST_FIND(&set_type_list, - set_type_equal, - struct ip_set_type *, - name); + struct ip_set_type *set_type; + + list_for_each_entry(set_type, &set_type_list, list) + if (!strncmp(set_type->typename, name, IP_SET_MAXNAMELEN - 1)) + return set_type; + return NULL; } int @@ -325,7 +325,7 @@ ip_set_register_set_type(struct ip_set_type *set_type) ret = -EFAULT; goto unlock; } - list_append(&set_type_list, set_type); + list_add(&set_type->list, &set_type_list); DP("'%s' registered.", set_type->typename); unlock: write_unlock_bh(&ip_set_lock); @@ -341,7 +341,7 @@ ip_set_unregister_set_type(struct ip_set_type *set_type) set_type->typename); goto unlock; } - LIST_DELETE(&set_type_list, set_type); + list_del(&set_type->list); module_put(THIS_MODULE); DP("'%s' unregistered.", set_type->typename); unlock: @@ -797,7 +797,7 @@ ip_set_create(const char *name, size_t size) { struct ip_set *set; - ip_set_id_t index, id; + ip_set_id_t index = 0, id; int res = 0; DP("setname: %s, typename: %s, id: %u", name, typename, restore); @@ -1161,8 +1161,8 @@ static int ip_set_save_set(ip_set_id_t index, set->type->list_header(set, data + *used); *used += set_save->header_size; - DP("set header filled: %s, used: %u %p %p", set->name, *used, - data, data + *used); + DP("set header filled: %s, used: %u(%u) %p %p", set->name, *used, + set_save->header_size, data, data + *used); /* Get and ensure set specific members size */ set_save->members_size = set->type->list_members_size(set); if (*used + set_save->members_size > len) @@ -1172,8 +1172,8 @@ static int ip_set_save_set(ip_set_id_t index, set->type->list_members(set, data + *used); *used += set_save->members_size; read_unlock_bh(&set->lock); - DP("set members filled: %s, used: %u %p %p", set->name, *used, - data, data + *used); + DP("set members filled: %s, used: %u(%u) %p %p", set->name, *used, + set_save->members_size, data, data + *used); return 0; unlock_set: @@ -1223,6 +1223,8 @@ static int ip_set_save_bindings(ip_set_id_t index, /* Marker */ set_save = (struct ip_set_save *) (data + *used); set_save->index = IP_SET_INVALID_ID; + set_save->header_size = 0; + set_save->members_size = 0; *used += sizeof(struct ip_set_save); DP("marker added used %u, len %u", *used, len); @@ -1413,8 +1415,8 @@ ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len) struct ip_set_req_create *req_create = (struct ip_set_req_create *) data; - if (len <= sizeof(struct ip_set_req_create)) { - ip_set_printk("short CREATE data (want >%zu, got %u)", + if (len < sizeof(struct ip_set_req_create)) { + ip_set_printk("short CREATE data (want >=%zu, got %u)", sizeof(struct ip_set_req_create), len); res = -EINVAL; goto done; @@ -1768,8 +1770,9 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) req_setnames->size += sizeof(struct ip_set_list) + set->type->header_size + set->type->list_members_size(set); + /* Sets are identified by id in the hash */ FOREACH_HASH_DO(__set_hash_bindings_size_list, - i, &req_setnames->size); + set->id, &req_setnames->size); break; } case IP_SET_OP_SAVE_SIZE: { @@ -1777,7 +1780,7 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) + set->type->header_size + set->type->list_members_size(set); FOREACH_HASH_DO(__set_hash_bindings_size_save, - i, &req_setnames->size); + set->id, &req_setnames->size); break; } default: diff --git a/net/ipv4/netfilter/ip_set_iphash.c b/net/ipv4/netfilter/ip_set_iphash.c index ef6dfa3b2..ad0d76890 100644 --- a/net/ipv4/netfilter/ip_set_iphash.c +++ b/net/ipv4/netfilter/ip_set_iphash.c @@ -25,6 +25,8 @@ #include #include +static int limit = MAX_RANGE; + static inline __u32 jhash_ip(const struct ip_set_iphash *map, uint16_t i, ip_set_ip_t ip) { @@ -58,7 +60,7 @@ hash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) static inline int __testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) { - return (hash_id(set, ip, hash_ip) != UINT_MAX); + return (ip && hash_id(set, ip, hash_ip) != UINT_MAX); } static int @@ -97,6 +99,9 @@ __addip(struct ip_set_iphash *map, ip_set_ip_t ip, ip_set_ip_t *hash_ip) __u32 probe; u_int16_t i; ip_set_ip_t *elem; + + if (!ip || map->elements > limit) + return -ERANGE; *hash_ip = ip & map->netmask; @@ -107,6 +112,7 @@ __addip(struct ip_set_iphash *map, ip_set_ip_t ip, ip_set_ip_t *hash_ip) return -EEXIST; if (!*elem) { *elem = *hash_ip; + map->elements++; return 0; } } @@ -183,6 +189,7 @@ static int retry(struct ip_set *set) return -ENOMEM; } tmp->hashsize = hashsize; + tmp->elements = 0; tmp->probes = map->probes; tmp->resize = map->resize; tmp->netmask = map->netmask; @@ -220,14 +227,18 @@ static inline int __delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) { struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; - ip_set_ip_t id = hash_id(set, ip, hash_ip); - ip_set_ip_t *elem; + ip_set_ip_t id, *elem; + + if (!ip) + return -ERANGE; + id = hash_id(set, ip, hash_ip); if (id == UINT_MAX) return -EEXIST; elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); *elem = 0; + map->elements--; return 0; } @@ -296,6 +307,7 @@ static int create(struct ip_set *set, const void *data, size_t size) } for (i = 0; i < req->probes; i++) get_random_bytes(((uint32_t *) map->initval)+i, 4); + map->elements = 0; map->hashsize = req->hashsize; map->probes = req->probes; map->resize = req->resize; @@ -325,6 +337,7 @@ static void flush(struct ip_set *set) { struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t)); + map->elements = 0; } static void list_header(const struct ip_set *set, void *data) @@ -382,6 +395,8 @@ static struct ip_set_type ip_set_iphash = { MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iphash type of IP sets"); +module_param(limit, int, 0600); +MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); static int __init init(void) { diff --git a/net/ipv4/netfilter/ip_set_ipporthash.c b/net/ipv4/netfilter/ip_set_ipporthash.c index 86a4c6c32..b229f73ce 100644 --- a/net/ipv4/netfilter/ip_set_ipporthash.c +++ b/net/ipv4/netfilter/ip_set_ipporthash.c @@ -27,6 +27,8 @@ #include #include +static int limit = MAX_RANGE; + /* We must handle non-linear skbs */ static inline ip_set_ip_t get_port(const struct sk_buff *skb, u_int32_t flags) @@ -175,6 +177,7 @@ __add_haship(struct ip_set_ipporthash *map, ip_set_ip_t hash_ip) return -EEXIST; if (!*elem) { *elem = hash_ip; + map->elements++; return 0; } } @@ -186,6 +189,8 @@ static inline int __addip(struct ip_set_ipporthash *map, ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t *hash_ip) { + if (map->elements > limit) + return -ERANGE; if (ip < map->first_ip || ip > map->last_ip) return -ERANGE; @@ -282,6 +287,7 @@ static int retry(struct ip_set *set) return -ENOMEM; } tmp->hashsize = hashsize; + tmp->elements = 0; tmp->probes = map->probes; tmp->resize = map->resize; tmp->first_ip = map->first_ip; @@ -334,6 +340,7 @@ __delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port, elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); *elem = 0; + map->elements--; return 0; } @@ -420,6 +427,7 @@ static int create(struct ip_set *set, const void *data, size_t size) } for (i = 0; i < req->probes; i++) get_random_bytes(((uint32_t *) map->initval)+i, 4); + map->elements = 0; map->hashsize = req->hashsize; map->probes = req->probes; map->resize = req->resize; @@ -450,6 +458,7 @@ static void flush(struct ip_set *set) { struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t)); + map->elements = 0; } static void list_header(const struct ip_set *set, void *data) @@ -508,6 +517,8 @@ static struct ip_set_type ip_set_ipporthash = { MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("ipporthash type of IP sets"); +module_param(limit, int, 0600); +MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); static int __init init(void) { diff --git a/net/ipv4/netfilter/ip_set_iptree.c b/net/ipv4/netfilter/ip_set_iptree.c index 0d195e327..bc4934e26 100644 --- a/net/ipv4/netfilter/ip_set_iptree.c +++ b/net/ipv4/netfilter/ip_set_iptree.c @@ -26,6 +26,8 @@ #include +static int limit = MAX_RANGE; + /* Garbage collection interval in seconds: */ #define IPTREE_GC_TIME 5*60 /* Sleep so many milliseconds before trying again @@ -57,6 +59,9 @@ __testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) struct ip_set_iptreec *ctree; struct ip_set_iptreed *dtree; unsigned char a,b,c,d; + + if (!ip) + return -ERANGE; *hash_ip = ip; ABCD(a, b, c, d, hash_ip); @@ -134,6 +139,11 @@ __addip(struct ip_set *set, ip_set_ip_t ip, unsigned int timeout, unsigned char a,b,c,d; int ret = 0; + if (!ip || map->elements > limit) + /* We could call the garbage collector + * but it's probably overkill */ + return -ERANGE; + *hash_ip = ip; ABCD(a, b, c, d, hash_ip); DP("%u %u %u %u timeout %u", a, b, c, d, timeout); @@ -148,6 +158,8 @@ __addip(struct ip_set *set, ip_set_ip_t ip, unsigned int timeout, if (dtree->expires[d] == 0) dtree->expires[d] = 1; DP("%u %lu", d, dtree->expires[d]); + if (ret == 0) + map->elements++; return ret; } @@ -206,6 +218,9 @@ __delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) struct ip_set_iptreed *dtree; unsigned char a,b,c,d; + if (!ip) + return -ERANGE; + *hash_ip = ip; ABCD(a, b, c, d, hash_ip); DELIP_WALK(map, a, btree); @@ -214,6 +229,7 @@ __delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) if (dtree->expires[d]) { dtree->expires[d] = 0; + map->elements--; return 0; } return -EEXIST; @@ -279,9 +295,10 @@ static void ip_tree_gc(unsigned long ul_set) a, b, c, d, dtree->expires[d], jiffies); if (map->timeout - && time_before(dtree->expires[d], jiffies)) + && time_before(dtree->expires[d], jiffies)) { dtree->expires[d] = 0; - else + map->elements--; + } else k = 1; } } @@ -362,6 +379,7 @@ static int create(struct ip_set *set, const void *data, size_t size) } memset(map, 0, sizeof(*map)); map->timeout = req->timeout; + map->elements = 0; set->data = map; init_gc_timer(set); @@ -385,6 +403,7 @@ static void __flush(struct ip_set_iptree *map) LOOP_WALK_END; kmem_cache_free(branch_cachep, btree); LOOP_WALK_END; + map->elements = 0; } static void destroy(struct ip_set *set) @@ -500,6 +519,8 @@ static struct ip_set_type ip_set_iptree = { MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptree type of IP sets"); +module_param(limit, int, 0600); +MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); static int __init init(void) { diff --git a/net/ipv4/netfilter/ip_set_nethash.c b/net/ipv4/netfilter/ip_set_nethash.c index b78988f39..8d5e9f64e 100644 --- a/net/ipv4/netfilter/ip_set_nethash.c +++ b/net/ipv4/netfilter/ip_set_nethash.c @@ -25,6 +25,8 @@ #include #include +static int limit = MAX_RANGE; + static inline __u32 jhash_ip(const struct ip_set_nethash *map, uint16_t i, ip_set_ip_t ip) { @@ -74,13 +76,13 @@ __testip_cidr(struct ip_set *set, ip_set_ip_t ip, unsigned char cidr, { struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; - return (hash_id_cidr(map, ip, cidr, hash_ip) != UINT_MAX); + return (ip && hash_id_cidr(map, ip, cidr, hash_ip) != UINT_MAX); } static inline int __testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) { - return (hash_id(set, ip, hash_ip) != UINT_MAX); + return (ip && hash_id(set, ip, hash_ip) != UINT_MAX); } static int @@ -128,6 +130,7 @@ __addip_base(struct ip_set_nethash *map, ip_set_ip_t ip) return -EEXIST; if (!*elem) { *elem = ip; + map->elements++; return 0; } } @@ -139,6 +142,9 @@ static inline int __addip(struct ip_set_nethash *map, ip_set_ip_t ip, unsigned char cidr, ip_set_ip_t *hash_ip) { + if (!ip || map->elements > limit) + return -ERANGE; + *hash_ip = pack(ip, cidr); DP("%u.%u.%u.%u/%u, %u.%u.%u.%u", HIPQUAD(ip), cidr, HIPQUAD(*hash_ip)); @@ -246,6 +252,7 @@ static int retry(struct ip_set *set) return -ENOMEM; } tmp->hashsize = hashsize; + tmp->elements = 0; tmp->probes = map->probes; tmp->resize = map->resize; memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t)); @@ -283,14 +290,18 @@ static inline int __delip(struct ip_set_nethash *map, ip_set_ip_t ip, unsigned char cidr, ip_set_ip_t *hash_ip) { - ip_set_ip_t id = hash_id_cidr(map, ip, cidr, hash_ip); - ip_set_ip_t *elem; + ip_set_ip_t id, *elem; + if (!ip) + return -ERANGE; + + id = hash_id_cidr(map, ip, cidr, hash_ip); if (id == UINT_MAX) return -EEXIST; elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); *elem = 0; + map->elements--; return 0; } @@ -364,6 +375,7 @@ static int create(struct ip_set *set, const void *data, size_t size) } for (i = 0; i < req->probes; i++) get_random_bytes(((uint32_t *) map->initval)+i, 4); + map->elements = 0; map->hashsize = req->hashsize; map->probes = req->probes; map->resize = req->resize; @@ -394,6 +406,7 @@ static void flush(struct ip_set *set) struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t)); memset(map->cidr, 0, 30 * sizeof(unsigned char)); + map->elements = 0; } static void list_header(const struct ip_set *set, void *data) @@ -450,6 +463,8 @@ static struct ip_set_type ip_set_nethash = { MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("nethash type of IP sets"); +module_param(limit, int, 0600); +MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); static int __init init(void) { diff --git a/net/ipv4/netfilter/ipt_SET.c b/net/ipv4/netfilter/ipt_SET.c index 37e18ec07..f48a2e24f 100644 --- a/net/ipv4/netfilter/ipt_SET.c +++ b/net/ipv4/netfilter/ipt_SET.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -29,8 +30,15 @@ target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) const void *targinfo, void *userinfo) +#else + const void *targinfo) +#endif { const struct ipt_set_info_target *info = targinfo; @@ -48,18 +56,30 @@ target(struct sk_buff **pskb, static int checkentry(const char *tablename, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) + const void *e, +#else const struct ipt_entry *e, +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif void *targinfo, - unsigned int targinfosize, unsigned int hook_mask) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + unsigned int targinfosize, +#endif + unsigned int hook_mask) { struct ipt_set_info_target *info = (struct ipt_set_info_target *) targinfo; ip_set_id_t index; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) if (targinfosize != IPT_ALIGN(sizeof(*info))) { DP("bad target info size %u", targinfosize); return 0; } +#endif if (info->add_set.index != IP_SET_INVALID_ID) { index = ip_set_get_byindex(info->add_set.index); @@ -87,15 +107,24 @@ checkentry(const char *tablename, return 1; } -static void destroy(void *targetinfo, unsigned int targetsize) +static void destroy( +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + void *targetinfo, unsigned int targetsize) +#else + void *targetinfo) +#endif { struct ipt_set_info_target *info = targetinfo; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) { ip_set_printk("invalid targetsize %d", targetsize); return; } - +#endif if (info->add_set.index != IP_SET_INVALID_ID) ip_set_put(info->add_set.index); if (info->del_set.index != IP_SET_INVALID_ID) @@ -105,6 +134,9 @@ static void destroy(void *targetinfo, unsigned int targetsize) static struct ipt_target SET_target = { .name = "SET", .target = target, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + .targetsize = sizeof(struct ipt_set_info_target), +#endif .checkentry = checkentry, .destroy = destroy, .me = THIS_MODULE @@ -114,15 +146,15 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptables IP set target module"); -static int __init init(void) +static int __init ipt_SET_init(void) { return ipt_register_target(&SET_target); } -static void __exit fini(void) +static void __exit ipt_SET_fini(void) { ipt_unregister_target(&SET_target); } -module_init(init); -module_exit(fini); +module_init(ipt_SET_init); +module_exit(ipt_SET_fini); diff --git a/net/ipv4/netfilter/ipt_set.c b/net/ipv4/netfilter/ipt_set.c index 9e36c8111..e3e067640 100644 --- a/net/ipv4/netfilter/ipt_set.c +++ b/net/ipv4/netfilter/ipt_set.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -32,9 +33,15 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_match *match, +#endif const void *matchinfo, - int offset, - int *hotdrop) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) + int offset, unsigned int protoff, int *hotdrop) +#else + int offset, int *hotdrop) +#endif { const struct ipt_set_info_match *info = matchinfo; @@ -45,19 +52,30 @@ match(const struct sk_buff *skb, static int checkentry(const char *tablename, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) + const void *inf, +#else const struct ipt_ip *ip, +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_match *match, +#endif void *matchinfo, +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) unsigned int matchsize, +#endif unsigned int hook_mask) { struct ipt_set_info_match *info = (struct ipt_set_info_match *) matchinfo; ip_set_id_t index; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); return 0; } +#endif index = ip_set_get_byindex(info->match_set.index); @@ -74,21 +92,33 @@ checkentry(const char *tablename, return 1; } -static void destroy(void *matchinfo, unsigned int matchsize) +static void destroy( +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_match *match, +#endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + void *matchinfo, unsigned int matchsize) +#else + void *matchinfo) +#endif { struct ipt_set_info_match *info = matchinfo; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); return; } - +#endif ip_set_put(info->match_set.index); } static struct ipt_match set_match = { .name = "set", .match = &match, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + .matchsize = sizeof(struct ipt_set_info_match), +#endif .checkentry = &checkentry, .destroy = &destroy, .me = THIS_MODULE @@ -98,15 +128,15 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptables IP set match module"); -static int __init init(void) +static int __init ipt_ipset_init(void) { return ipt_register_match(&set_match); } -static void __exit fini(void) +static void __exit ipt_ipset_fini(void) { ipt_unregister_match(&set_match); } -module_init(init); -module_exit(fini); +module_init(ipt_ipset_init); +module_exit(ipt_ipset_fini); diff --git a/scripts/basic/.docproc.cmd b/scripts/basic/.docproc.cmd index 53cdd464c..d23cee6bb 100644 --- a/scripts/basic/.docproc.cmd +++ b/scripts/basic/.docproc.cmd @@ -8,7 +8,7 @@ deps_scripts/basic/docproc := \ /usr/include/gnu/stubs.h \ /usr/include/bits/wordsize.h \ /usr/include/gnu/stubs-32.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stddef.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stddef.h \ /usr/include/bits/types.h \ /usr/include/bits/typesizes.h \ /usr/include/libio.h \ @@ -16,7 +16,7 @@ deps_scripts/basic/docproc := \ /usr/include/wchar.h \ /usr/include/bits/wchar.h \ /usr/include/gconv.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdarg.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdarg.h \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h \ @@ -40,8 +40,8 @@ deps_scripts/basic/docproc := \ /usr/include/bits/posix_opt.h \ /usr/include/bits/confname.h \ /usr/include/getopt.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/limits.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/syslimits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/limits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/syslimits.h \ /usr/include/limits.h \ /usr/include/bits/posix1_lim.h \ /usr/include/bits/local_lim.h \ diff --git a/scripts/basic/.fixdep.cmd b/scripts/basic/.fixdep.cmd index d8cd332f8..d7d4590fb 100644 --- a/scripts/basic/.fixdep.cmd +++ b/scripts/basic/.fixdep.cmd @@ -14,7 +14,7 @@ deps_scripts/basic/fixdep := \ /usr/include/bits/wordsize.h \ /usr/include/gnu/stubs-32.h \ /usr/include/bits/types.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stddef.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stddef.h \ /usr/include/bits/typesizes.h \ /usr/include/time.h \ /usr/include/endian.h \ @@ -46,12 +46,12 @@ deps_scripts/basic/fixdep := \ /usr/include/wchar.h \ /usr/include/bits/wchar.h \ /usr/include/gconv.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdarg.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdarg.h \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/limits.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/syslimits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/limits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/syslimits.h \ /usr/include/limits.h \ /usr/include/bits/posix1_lim.h \ /usr/include/bits/local_lim.h \ diff --git a/scripts/basic/docproc b/scripts/basic/docproc index 939288420f5423503829a9e2f93da5b135ade1f3..11a16bb2dcf1f6eb3e1fb1639777e0344806ed26 100755 GIT binary patch delta 140 zcmcbUaVKNLDaCpt1tS9kQ$s@|Qw5En)D#7e#1aJ)Jp(->T?#Ao>6R delta 28 ecmdn!y3ut5lhEW&A-T!N1Z|+S?&jq}Tmk@{c?t{w diff --git a/scripts/kconfig/.conf.o.cmd b/scripts/kconfig/.conf.o.cmd index 6db9a9117..bbac30496 100644 --- a/scripts/kconfig/.conf.o.cmd +++ b/scripts/kconfig/.conf.o.cmd @@ -12,7 +12,7 @@ deps_scripts/kconfig/conf.o := \ /usr/include/bits/wordsize.h \ /usr/include/gnu/stubs-32.h \ /usr/include/bits/types.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stddef.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stddef.h \ /usr/include/bits/typesizes.h \ /usr/include/endian.h \ /usr/include/bits/endian.h \ @@ -32,7 +32,7 @@ deps_scripts/kconfig/conf.o := \ /usr/include/wchar.h \ /usr/include/bits/wchar.h \ /usr/include/gconv.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdarg.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdarg.h \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h \ @@ -48,7 +48,7 @@ deps_scripts/kconfig/conf.o := \ scripts/kconfig/lkc.h \ $(wildcard include/config/list.h) \ scripts/kconfig/expr.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdbool.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdbool.h \ /usr/include/libintl.h \ /usr/include/locale.h \ /usr/include/bits/locale.h \ diff --git a/scripts/kconfig/.kxgettext.o.cmd b/scripts/kconfig/.kxgettext.o.cmd index 27cef9a55..4ff098898 100644 --- a/scripts/kconfig/.kxgettext.o.cmd +++ b/scripts/kconfig/.kxgettext.o.cmd @@ -8,7 +8,7 @@ deps_scripts/kconfig/kxgettext.o := \ /usr/include/gnu/stubs.h \ /usr/include/bits/wordsize.h \ /usr/include/gnu/stubs-32.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stddef.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stddef.h \ /usr/include/sys/types.h \ /usr/include/bits/types.h \ /usr/include/bits/typesizes.h \ @@ -34,11 +34,11 @@ deps_scripts/kconfig/kxgettext.o := \ /usr/include/wchar.h \ /usr/include/bits/wchar.h \ /usr/include/gconv.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdarg.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdarg.h \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdbool.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdbool.h \ /usr/include/libintl.h \ /usr/include/locale.h \ /usr/include/bits/locale.h \ diff --git a/scripts/kconfig/.mconf.o.cmd b/scripts/kconfig/.mconf.o.cmd index b87b8e35b..ba6c5c257 100644 --- a/scripts/kconfig/.mconf.o.cmd +++ b/scripts/kconfig/.mconf.o.cmd @@ -19,7 +19,7 @@ deps_scripts/kconfig/mconf.o := \ /usr/include/signal.h \ /usr/include/bits/sigset.h \ /usr/include/bits/types.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stddef.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stddef.h \ /usr/include/bits/typesizes.h \ /usr/include/bits/signum.h \ /usr/include/time.h \ @@ -48,14 +48,14 @@ deps_scripts/kconfig/mconf.o := \ /usr/include/sys/select.h \ /usr/include/bits/select.h \ /usr/include/sys/sysmacros.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/limits.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/syslimits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/limits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/syslimits.h \ /usr/include/limits.h \ /usr/include/bits/posix1_lim.h \ /usr/include/bits/local_lim.h \ /usr/include/linux/limits.h \ /usr/include/bits/posix2_lim.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdarg.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdarg.h \ /usr/include/stdlib.h \ /usr/include/alloca.h \ /usr/include/string.h \ @@ -81,7 +81,7 @@ deps_scripts/kconfig/mconf.o := \ /usr/include/bits/stdio_lim.h \ /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdbool.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdbool.h \ /usr/include/libintl.h \ scripts/kconfig/lkc_proto.h \ diff --git a/scripts/kconfig/.zconf.tab.o.cmd b/scripts/kconfig/.zconf.tab.o.cmd index 1ba1d6f45..a2400de81 100644 --- a/scripts/kconfig/.zconf.tab.o.cmd +++ b/scripts/kconfig/.zconf.tab.o.cmd @@ -9,11 +9,11 @@ deps_scripts/kconfig/zconf.tab.o := \ /usr/include/bits/wordsize.h \ /usr/include/gnu/stubs-32.h \ /usr/include/bits/types.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stddef.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stddef.h \ /usr/include/bits/typesizes.h \ /usr/include/endian.h \ /usr/include/bits/endian.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdarg.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdarg.h \ /usr/include/stdio.h \ /usr/include/libio.h \ /usr/include/_G_config.h \ @@ -36,7 +36,7 @@ deps_scripts/kconfig/zconf.tab.o := \ /usr/include/string.h \ /usr/include/bits/string.h \ /usr/include/bits/string2.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/stdbool.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/stdbool.h \ scripts/kconfig/lkc.h \ $(wildcard include/config/list.h) \ scripts/kconfig/expr.h \ @@ -50,8 +50,8 @@ deps_scripts/kconfig/zconf.tab.o := \ /usr/include/bits/errno.h \ /usr/include/linux/errno.h \ /usr/include/asm/errno.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/limits.h \ - /usr/lib/gcc/i386-redhat-linux/4.0.1/include/syslimits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/limits.h \ + /usr/lib/gcc/i386-redhat-linux/4.0.2/include/syslimits.h \ /usr/include/limits.h \ /usr/include/bits/posix1_lim.h \ /usr/include/bits/local_lim.h \ @@ -61,9 +61,7 @@ deps_scripts/kconfig/zconf.tab.o := \ /usr/include/bits/posix_opt.h \ /usr/include/bits/confname.h \ /usr/include/getopt.h \ - scripts/kconfig/lkc.h \ scripts/kconfig/util.c \ - scripts/kconfig/lkc.h \ scripts/kconfig/confdata.c \ $(wildcard include/config/config.h) \ $(wildcard include/config/.h) \ @@ -75,16 +73,12 @@ deps_scripts/kconfig/zconf.tab.o := \ /usr/include/bits/stat.h \ /usr/include/fcntl.h \ /usr/include/bits/fcntl.h \ - scripts/kconfig/lkc.h \ scripts/kconfig/expr.c \ - scripts/kconfig/lkc.h \ scripts/kconfig/symbol.c \ /usr/include/regex.h \ /usr/include/sys/utsname.h \ /usr/include/bits/utsname.h \ - scripts/kconfig/lkc.h \ scripts/kconfig/menu.c \ - scripts/kconfig/lkc.h \ scripts/kconfig/zconf.tab.o: $(deps_scripts/kconfig/zconf.tab.o) diff --git a/scripts/kconfig/conf b/scripts/kconfig/conf index d86cae4bdfb97be05b24d29dd9bc3ea68dcdabea..03096774b1734ed0c153f9c80f5a1fcf4a14b662 100755 GIT binary patch delta 182 zcmaDciRHy4mJL=n>x~qQ3=B*S4UJ3{G=fr76g(136ioCC^o(>ZG#MD&ot>=|G~E3{ XH6emjSFB8g(UaHTG}z2@D@Gpx-?%IG delta 26 dcmaDciRHy4mJL=nCqK9m1;uikd2Yq%0|3ie4wnD` diff --git a/scripts/kconfig/conf.o b/scripts/kconfig/conf.o index 08e76d5eb2585a6234c116d5fecde355fa04ce1f..8525dc3aafc687e97237b63af2b490f0c49bb0d4 100644 GIT binary patch delta 40 wcmewm@gZWv4l!vX1tS9kQ$s@|Qw5En)D#7e#1aJ)Jp(->U5m|^#pa3v0215`aR2}S delta 40 wcmewm@gZWv4l!v%1tS9kQv-7&a|Ml{)D#7e#1aJ)Jp(;MUDM5%#pa3v0253Ma{vGU diff --git a/scripts/kconfig/kxgettext.o b/scripts/kconfig/kxgettext.o index 531fd720480cf020533b0b88f610cac502020982..38cc7672c64c4b58277e73efde9af0a34c459757 100644 GIT binary patch delta 40 vcmew$^g(FDcV=lL1tS9kQ$s@|Qw5En)D#7e#1aJ)Jp(->U5m{^EOD#=0AmX8 delta 40 vcmew$^g(FDcV=lr1tS9kQv-7&a|Ml{)D#7e#1aJ)Jp(;MUDM4%EOD#=0MiQb diff --git a/scripts/kconfig/mconf.o b/scripts/kconfig/mconf.o index c530662d86623b1328201eec10ae060ead61437f..3be4eb06fe5799cfe514d92f896e6fbf6ae8b394 100644 GIT binary patch delta 42 ycmaF!gz?Q2#tplJrHvGf3=B*S4UJ3{G=fr76g(136ioCC^o(>ZHeU;#CIZcZXauFED0n26D46IO=o#voZeG29XEFdiD-KHl -- 2.43.0