From 3fd6b24ace319b139ec3c4e3031a5f05d21e304e Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 15 Jun 2010 13:30:55 +0200 Subject: ipset 5 in an almost ready state - milestone Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors --- kernel/include/linux/netfilter/ip_set_getport.h | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'kernel/include/linux/netfilter/ip_set_getport.h') diff --git a/kernel/include/linux/netfilter/ip_set_getport.h b/kernel/include/linux/netfilter/ip_set_getport.h index 855f12a..ffa89f1 100644 --- a/kernel/include/linux/netfilter/ip_set_getport.h +++ b/kernel/include/linux/netfilter/ip_set_getport.h @@ -8,8 +8,8 @@ #define IPSET_INVALID_PORT 65536 /* We must handle non-linear skbs */ -static uint32_t -get_port(uint8_t pf, const struct sk_buff *skb, const uint8_t *flags) +static bool +get_port(u8 pf, const struct sk_buff *skb, bool src, u16 *port) { unsigned short protocol; unsigned int protoff; @@ -30,19 +30,19 @@ get_port(uint8_t pf, const struct sk_buff *skb, const uint8_t *flags) protohdr = ipv6_find_hdr(skb, &protoff, -1, &frag_off); if (protohdr < 0) - return IPSET_INVALID_PORT; + return false; protocol = protohdr; fragoff = frag_off; break; } default: - return IPSET_INVALID_PORT; + return false; } /* See comments at tcp_match in ip_tables.c */ if (fragoff) - return IPSET_INVALID_PORT; + return false; switch (protocol) { case IPPROTO_TCP: { @@ -52,9 +52,10 @@ get_port(uint8_t pf, const struct sk_buff *skb, const uint8_t *flags) th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); if (th == NULL) /* No choice either */ - return IPSET_INVALID_PORT; + return false; - return flags[0] & IPSET_SRC ? th->source : th->dest; + *port = src ? th->source : th->dest; + break; } case IPPROTO_UDP: { struct udphdr _udph; @@ -63,14 +64,16 @@ get_port(uint8_t pf, const struct sk_buff *skb, const uint8_t *flags) uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); if (uh == NULL) /* No choice either */ - return IPSET_INVALID_PORT; + return false; - return flags[0] & IPSET_SRC ? uh->source : uh->dest; + *port = src ? uh->source : uh->dest; + break; } default: - return IPSET_INVALID_PORT; + return false; } + return true; } -#endif /* __KERNEL__ */ +#endif /* __KERNEL__ */ #endif /*_IP_SET_GETPORT_H*/ -- cgit v1.2.3