summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu>2008-10-21 12:09:05 +0000
committer/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu>2008-10-21 12:09:05 +0000
commitb8d6cfc169bf79b72faaab6ef7940798dbfe9328 (patch)
tree0bcc128ad3bcfdfca6849cea318e3de51673c6c6
parenta96e4fca10506462df4ee4035f0f86f09bd9dc34 (diff)
As the manpage says, zero valued set entries cannot be used with
hash type of sets. Enforce the restriction.
-rw-r--r--Makefile2
-rw-r--r--kernel/ChangeLog4
-rw-r--r--kernel/ip_set_ipporthash.c6
-rw-r--r--kernel/ip_set_ipportiphash.c4
-rw-r--r--kernel/ip_set_ipportnethash.c8
-rw-r--r--tests/iphash.t4
-rw-r--r--tests/ipporthash.t4
-rw-r--r--tests/ipportiphash.t4
-rw-r--r--tests/ipportnethash.t4
-rw-r--r--tests/nethash.t4
10 files changed, 43 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index a192216..6de0097 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ ifndef V
V=0
endif
-IPSET_VERSION:=2.4
+IPSET_VERSION:=2.4.1
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
diff --git a/kernel/ChangeLog b/kernel/ChangeLog
index d034b34..f730927 100644
--- a/kernel/ChangeLog
+++ b/kernel/ChangeLog
@@ -1,3 +1,7 @@
+2.4.1
+ - Zero-valued element are not accepted by hash type of sets
+ because we cannot make a difference between a zero-valued
+ element and not-set element.
2.4
- ipportiphash, ipportnethash and setlist types added
- set type modules reworked to avoid code duplication
diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c
index 1dd39c3..97b2323 100644
--- a/kernel/ip_set_ipporthash.c
+++ b/kernel/ip_set_ipporthash.c
@@ -39,8 +39,11 @@ ipporthash_id(struct ip_set *set, ip_set_ip_t *hash_ip,
ip_set_ip_t *elem;
*hash_ip = pack_ip_port(map, ip, port);
+
DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
+ if (!*hash_ip)
+ return UINT_MAX;
for (i = 0; i < map->probes; i++) {
id = jhash_ip(map, i, *hash_ip) % map->hashsize;
@@ -113,6 +116,9 @@ ipporthash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+
+ if (!*hash_ip)
+ return -ERANGE;
return __ipporthash_add(map, hash_ip);
}
diff --git a/kernel/ip_set_ipportiphash.c b/kernel/ip_set_ipportiphash.c
index 1755c57..74e8f7e 100644
--- a/kernel/ip_set_ipportiphash.c
+++ b/kernel/ip_set_ipportiphash.c
@@ -44,6 +44,8 @@ ipportiphash_id(struct ip_set *set, ip_set_ip_t *hash_ip,
*hash_ip = pack_ip_port(map, ip, port);
DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
+ if (!(*hash_ip || ip1))
+ return UINT_MAX;
for (i = 0; i < map->probes; i++) {
id = jhash_ip2(map, i, *hash_ip, ip1) % map->hashsize;
@@ -127,6 +129,8 @@ ipportiphash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ if (!(*hash_ip || ip1))
+ return -ERANGE;
return __ipportip_add(map, *hash_ip, ip1);
}
diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c
index 3783bb8..0f08ba6 100644
--- a/kernel/ip_set_ipportnethash.c
+++ b/kernel/ip_set_ipportnethash.c
@@ -106,10 +106,13 @@ static int
ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip_set_ip_t *hash_ip)
{
+ const struct ip_set_ipportnethash *map = set->data;
const struct ip_set_req_ipportnethash *req = data;
if (req->cidr <= 0 || req->cidr > 32)
return -EINVAL;
+ if (!(pack_ip_port(map, req->ip, req->port)))
+ return -ERANGE;
return (req->cidr == 32
? ipportnethash_test(set, hash_ip, req->ip, req->port,
req->ip1)
@@ -119,6 +122,7 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
#define KADT_CONDITION \
ip_set_ip_t port, ip1; \
+ struct ip_set_ipportnethash *map = set->data; \
\
if (flags[index+2] == 0) \
return 0; \
@@ -127,6 +131,8 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip1 = ipaddr(skb, flags[index+2]); \
\
if (port == INVALID_PORT) \
+ return 0; \
+ if (!(pack_ip_port(map, ip, port))) \
return 0;
KADT(ipportnethash, test, ipaddr, port, ip1)
@@ -181,6 +187,8 @@ ipportnethash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ if (!(*hash_ip || ip1))
+ return -ERANGE;
ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr));
if (ret == 0) {
diff --git a/tests/iphash.t b/tests/iphash.t
index 14c3395..731457d 100644
--- a/tests/iphash.t
+++ b/tests/iphash.t
@@ -1,5 +1,9 @@
# IP: Create a set
0 ipset -N test iphash --hashsize 128
+# Range: Add zero valued element
+2 ipset -A test 0.0.0.0
+# Range: Test zero valued element
+2 ipset -T test 0.0.0.0
# IP: Add first random value
0 ipset -A test 2.0.0.1
# IP: Add second random value
diff --git a/tests/ipporthash.t b/tests/ipporthash.t
index edbbb0c..fe246a3 100644
--- a/tests/ipporthash.t
+++ b/tests/ipporthash.t
@@ -2,6 +2,10 @@
2 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.1
# Range: Create a set from a valid range
0 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add zero valued element
+1 ipset -A test 2.0.0.1,0
+# Range: Test zero valued element
+1 ipset -T test 2.0.0.1,0
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5
# Range: Add upper boundary
diff --git a/tests/ipportiphash.t b/tests/ipportiphash.t
index 5ffd08a..058b706 100644
--- a/tests/ipportiphash.t
+++ b/tests/ipportiphash.t
@@ -2,6 +2,10 @@
2 ipset -N test ipportiphash --from 2.0.0.1 --to 2.1.0.1
# Range: Create a set from a valid range
0 ipset -N test ipportiphash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add zero valued element
+1 ipset -A test 2.0.0.1,0,0.0.0.0
+# Range: Test zero valued element
+1 ipset -T test 2.0.0.1,0,0.0.0.0
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5,1.1.1.1
# Range: Add upper boundary
diff --git a/tests/ipportnethash.t b/tests/ipportnethash.t
index b7d64ff..18e89a1 100644
--- a/tests/ipportnethash.t
+++ b/tests/ipportnethash.t
@@ -2,6 +2,10 @@
2 ipset -N test ipportnethash --from 2.0.0.1 --to 2.1.0.1
# Range: Create a set from a valid range
0 ipset -N test ipportnethash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add zero valued element
+1 ipset -A test 2.0.0.1,0,0.0.0.0/1
+# Range: Test zero valued element
+1 ipset -T test 2.0.0.1,0,0.0.0.0/1
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5,1.1.1.1/24
# Range: Add upper boundary
diff --git a/tests/nethash.t b/tests/nethash.t
index ef213f9..bcb873b 100644
--- a/tests/nethash.t
+++ b/tests/nethash.t
@@ -1,5 +1,9 @@
# Create a set
0 ipset -N test nethash --hashsize 128
+# Range: Add zero valued element
+2 ipset -A test 0.0.0.0/0
+# Range: Test zero valued element
+2 ipset -T test 0.0.0.0/0
# Add first random network
0 ipset -A test 2.0.0.1/24
# Add second random network