diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-07-08 11:06:40 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-07-08 11:06:40 +0200 |
| commit | 76f6727dd65d2c3c188b11100257277736e99817 (patch) | |
| tree | 38d07edf0eb9e948b3089bc3d6d762e795d62125 /kernel/net/netfilter/ipset/ip_set_hash_ipport.c | |
| parent | 21553f360f26843dcd044db689add4adadb60099 (diff) | |
hash:net,iface fixed to handle overlapping nets behind different interfaces
If overlapping networks with different interfaces was added to
the set, the type did not handle it properly. Example
ipset create test hash:net,iface
ipset add test 192.168.0.0/16,eth0
ipset add test 192.168.0.0/24,eth1
Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned
a match.
In the patch the algorithm is fixed in order to correctly handle
overlapping networks.
Limitation: the same network cannot be stored with more than 64 different
interfaces in a single set.
Diffstat (limited to 'kernel/net/netfilter/ipset/ip_set_hash_ipport.c')
| -rw-r--r-- | kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c index bbf51b6..6ee10f5 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c @@ -60,7 +60,8 @@ struct hash_ipport4_telem { static inline bool hash_ipport4_data_equal(const struct hash_ipport4_elem *ip1, - const struct hash_ipport4_elem *ip2) + const struct hash_ipport4_elem *ip2, + u32 *multi) { return ip1->ip == ip2->ip && ip1->port == ip2->port && @@ -276,7 +277,8 @@ struct hash_ipport6_telem { static inline bool hash_ipport6_data_equal(const struct hash_ipport6_elem *ip1, - const struct hash_ipport6_elem *ip2) + const struct hash_ipport6_elem *ip2, + u32 *multi) { return ipv6_addr_cmp(&ip1->ip.in6, &ip2->ip.in6) == 0 && ip1->port == ip2->port && |