| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
When a message carries multiple commands and one of them triggers
an error, we have to report to the userspace which one was that.
The line number of the command plays this role and there's an attribute
reserved in the header part of the message to be filled out with the error
line number. In order not to modify the original message received from
the userspace, we construct a new, complete netlink error message and
modifies the attribute there, then send it.
Netlink is notified not to send its ACK/error message.
|
|
|
|
|
|
|
|
| |
Don't fall through in the switch statement, otherwise IPv4 headers
are incorrectly parsed again as IPv6 and the return value will always
be 'false'.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
| |
None of the set types need uaccess.h since this is handled centrally
in ip_set_core. Most set types additionally don't need bitops.h and
spinlock.h since they use neither. tcp.h is only needed by those
using before(), udp.h is not needed at all.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace calls of the form:
nla_parse(tb, ATTR_MAX, nla_data(attr), nla_len(attr), policy)
by:
nla_parse_nested(tb, ATTR_MAX, attr, policy)
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
The error line checking would fail when debugging is enabled
(and spit out junk lines), fixed.
|
|
|
|
| |
It's too easy to mistype "n" to "new", so just allow it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The number of comparisons for a matching a command name can be
made smaller by just checking on argv[1].
As an example consider the following 'create' arguments 'hashsize',
'family' and 'timeout'. When having the command
create foo hash:ip timeout 60 family inet hashsize 64
it compares without this patch:
strcmp("timeout", "hashsize")
strcmp("64", "hashsize")
strcmp("family", "hashsize")
strcmp("inet", "hashsize")
strcmp("hashsize", "hashsize")
It is worse in practice, as 'create' has more arguments than this.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
|
|
|
|
|
|
|
|
| |
After stripping off the global options there simply has to follow
a command name, there is no other syntax possible. Therefore the
argv[] loop is unnecessary.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
|
|
|
|
| |
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Use flavour-specific ADT functions and use shared ones for all
other type functions (Patrick McHardy's review)
|
|
|
|
|
| |
Use flavour-specific ADT functions and use shared ones for all
other type functions (Patrick McHardy's review)
|
|
|
|
|
|
| |
The type specific attribute validation can be moved to the ipset core.
That way it's done centrally and thus can be eliminated from the individual
set types (suggested by Patrick McHardy).
|
|
|
|
| |
Spelling error fixed (Ferenc Wagner)
|
|
|
|
| |
Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
|
|
|
|
| |
Old cryptic error messages are not useful (Patrick McHardy's review)
|
|
|
|
|
|
| |
Attribute is const so a little bit more work is needed to return
the error line number. A test is also added in order to check
the functionality. (Patrick McHardy's review)
|
|
|
|
|
| |
Missing check of the flag NLM_F_ACK is added to the kernel -
and userspace does set it too (Patrick McHardy's review)
|
|
|
|
| |
Use correct error codes (Patrick McHardy's review)
|
| |
|
|
|
|
|
| |
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
| |
Do not use time() as a Netlink sequence number for each message,
as otherwise the same seq number will be used when sending
another message in the same second. Instead use time() just for
initialization, then increment per message.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also check for the name length.
Note that passing errno values back is not done consistently at
various place, as there are some functions which set errno manually,
others pass -errno back. I use the -errno approach here, as it is
slightly shorter.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
| |
"sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
|
|
|
|
|
|
| |
If resolving is requested and the resolved hostname contains a dash
character, print the unresolved IP address instead in order not to
clash with the IP/hostname range syntax.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
I mistyped the bitwise operator and the network-order conversion was
missing too. Sigh, sendip cannot generate proper packets to check
ICMP and ICMPv6 in the testsuite. :-(
|
|
|
|
|
|
| |
Some trailing whitespace slipped in, those are removed. With the deleted
ip_set_kernel.h, the pr_* messages lost the trailing "\n" character.
The messages were completed with it.
|
| |
|
|
|
|
|
| |
While holding the nfnl_mutex, module loading is not allowed.
Bug spotted by Patrick McHardy in his reviewing.
|
|
|
|
|
| |
The expire functions of the hash types are called while locked, so
kzalloc must be called with GFP_ATOMIC.
|
| |
|
|
|
|
|
| |
We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc
with vzalloc. Missing flag was noticed by Eric Dumazet.
|
|
|
|
|
|
| |
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
|
|
|
|
|
|
| |
Annotated types are introduced and sparse warnings fixed.
Two warnings remained in ip_set_core.c but those are false ones.
(Patrick McHardy's review)
|
|
|
|
|
|
| |
The functions are too large to be inlined, so move them into the core.
Also, fix the unnecessary initializations in ip_set_get_ipaddr*.
(Patrick McHardy's review)
|
|
|
|
|
| |
NETMASK*, HOSTMASK* macros are rewritten to small inline functions
ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
|
|
|
|
|
| |
Avoid the need for explicit initialization during runtime
(Patrick McHardy's review)
|
|
|
|
| |
These macros can be useful in general (Patrick McHardy's review)
|
|
|
|
| |
Negative set numbers are strange :-) (Patrick McHardy's review)
|
|
|
|
|
| |
The header file was useful at deep debugging only, we can get rid of now.
(Patrick McHardy's review)
|
|
|
|
| |
Fix "&&" and "||" continuation style (Patrick McHardy's review)
|
| |
|
|
|
|
|
| |
Compiling with debugging can be enabled with the "--enable-debug" option
of the configure script.
|
|
|
|
|
| |
The testsuite failed incorrectly, because the order of the elements
changed.
|