summaryrefslogtreecommitdiffstats
path: root/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
Commit message (Collapse)AuthorAgeFilesLines
* ipset: Make invalid MAC address checks consistentStefano Brivio2018-08-301-7/+4
| | | | | | | | | | | | | | | | Set types bitmap:ipmac and hash:ipmac check that MAC addresses are not all zeroes. Introduce one missing check, and make the remaining ones consistent, using is_zero_ether_addr() instead of comparing against an array containing zeroes. This was already done for hash:mac sets in commit 26c97c5d8dac ("netfilter: ipset: Use is_zero_ether_addr instead of static and memcmp"). Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: Allow matching on destination MAC address for mac and ipmac setsStefano Brivio2018-08-301-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There doesn't seem to be any reason to restrict MAC address matching to source MAC addresses in set types bitmap:ipmac, hash:ipmac and hash:mac. With this patch, and this setup: ip netns add A ip link add veth1 type veth peer name veth2 netns A ip addr add 192.0.2.1/24 dev veth1 ip -net A addr add 192.0.2.2/24 dev veth2 ip link set veth1 up ip -net A link set veth2 up ip netns exec A ipset create test hash:mac dst=$(ip netns exec A cat /sys/class/net/veth2/address) ip netns exec A ipset add test ${dst} ip netns exec A iptables -P INPUT DROP ip netns exec A iptables -I INPUT -m set --match-set test dst -j ACCEPT ipset will match packets based on destination MAC address: # ping -c1 192.0.2.2 >/dev/null # echo $? 0 Reported-by: Yi Chen <yiche@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* netfilter: ipset: hash: fix boolreturn.cocci warningskbuild test robot2016-10-151-4/+4
| | | | | | | | | | | | | net/netfilter/ipset/ip_set_hash_ipmac.c:70:8-9: WARNING: return of 0/1 in function 'hash_ipmac4_data_list' with return type bool net/netfilter/ipset/ip_set_hash_ipmac.c:178:8-9: WARNING: return of 0/1 in function 'hash_ipmac6_data_list' with return type bool Return statements in functions returning bool should use true/false instead of 1/0. Generated by: scripts/coccinelle/misc/boolreturn.cocci CC: Tomasz Chilinski <tomasz.chilinski@chilan.com> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Check IPSET_ATTR_ETHER netlink attribute length in hash:ipmac tooJozsef Kadlecsik2016-10-111-0/+2
| | | | | | The explicit length checking was missing, added. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* hash:ipmac type support added to ipsetTomasz Chilinski2016-05-051-0/+313
Signed-off-by: Tomasz Chili??ski <tomasz.chilinski@chilan.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>