summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-01-20 14:48:23 +0100
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-01-20 14:48:23 +0100
commitc8396bdc040f4b16e6f6e3f8b81b9fb67a499d9c (patch)
tree0704d9f117fb9fefed1b9ec5e680e765d80ff877 /kernel
parent13dcc23a375f61d8286072b20067fb31bcc3ad46 (diff)
Use annotated types and fix sparse warnings
Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
Diffstat (limited to 'kernel')
-rw-r--r--kernel/include/linux/netfilter/ipset/ip_set.h42
-rw-r--r--kernel/include/linux/netfilter/ipset/ip_set_getport.h12
-rw-r--r--kernel/include/linux/netfilter/ipset/pfxlen.h4
-rw-r--r--kernel/ip_set_bitmap_ip.c18
-rw-r--r--kernel/ip_set_bitmap_ipmac.c15
-rw-r--r--kernel/ip_set_bitmap_port.c16
-rw-r--r--kernel/ip_set_core.c6
-rw-r--r--kernel/ip_set_hash_ip.c29
-rw-r--r--kernel/ip_set_hash_ipport.c19
-rw-r--r--kernel/ip_set_hash_ipportip.c23
-rw-r--r--kernel/ip_set_hash_ipportnet.c23
-rw-r--r--kernel/ip_set_hash_net.c4
-rw-r--r--kernel/ip_set_hash_netport.c16
-rw-r--r--kernel/pfxlen.c6
14 files changed, 110 insertions, 123 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h
index b35c5d9..7679b33 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set.h
@@ -320,10 +320,22 @@ extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb,
/* Utility functions */
extern void * ip_set_alloc(size_t size, gfp_t gfp_mask);
extern void ip_set_free(void *members);
-extern int ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr);
+extern int ip_set_get_ipaddr4(struct nlattr *attr[], int type, __be32 *ipaddr);
extern int ip_set_get_ipaddr6(struct nlattr *attr[], int type,
union nf_inet_addr *ipaddr);
+static inline int
+ip_set_get_hostipaddr4(struct nlattr *attr[], int type, u32 *ipaddr)
+{
+ __be32 ip;
+ int ret = ip_set_get_ipaddr4(attr, type, &ip);
+
+ if (ret)
+ return ret;
+ *ipaddr = ntohl(ip);
+ return 0;
+}
+
/* Ignore IPSET_ERR_EXIST errors if asked to do so? */
static inline bool
ip_set_eexist(int ret, u32 flags)
@@ -335,33 +347,13 @@ ip_set_eexist(int ret, u32 flags)
static inline u32
ip_set_get_h32(const struct nlattr *attr)
{
- u32 value = nla_get_u32(attr);
-
- return attr->nla_type & NLA_F_NET_BYTEORDER ? ntohl(value) : value;
+ return ntohl(nla_get_be32(attr));
}
static inline u16
ip_set_get_h16(const struct nlattr *attr)
{
- u16 value = nla_get_u16(attr);
-
- return attr->nla_type & NLA_F_NET_BYTEORDER ? ntohs(value) : value;
-}
-
-static inline u32
-ip_set_get_n32(const struct nlattr *attr)
-{
- u32 value = nla_get_u32(attr);
-
- return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htonl(value);
-}
-
-static inline u16
-ip_set_get_n16(const struct nlattr *attr)
-{
- u16 value = nla_get_u16(attr);
-
- return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htons(value);
+ return ntohs(nla_get_be16(attr));
}
#define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED)
@@ -389,14 +381,14 @@ do { \
} while (0)
/* Get address from skbuff */
-static inline u32
+static inline __be32
ip4addr(const struct sk_buff *skb, bool src)
{
return src ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr;
}
static inline void
-ip4addrptr(const struct sk_buff *skb, bool src, u32 *addr)
+ip4addrptr(const struct sk_buff *skb, bool src, __be32 *addr)
{
*addr = src ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr;
}
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_getport.h b/kernel/include/linux/netfilter/ipset/ip_set_getport.h
index 8be8ecf..a5d243c 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_getport.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_getport.h
@@ -12,7 +12,7 @@
/* We must handle non-linear skbs */
static inline bool
get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
- bool src, u16 *port, u8 *proto)
+ bool src, __be16 *port, u8 *proto)
{
switch (protocol) {
case IPPROTO_TCP: {
@@ -47,7 +47,7 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
if (ic == NULL)
return false;
- *port = (ic->type << 8) & ic->code;
+ *port = (__force __be16)((ic->type << 8) & ic->code);
break;
}
case IPPROTO_ICMPV6: {
@@ -58,7 +58,7 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
if (ic == NULL)
return false;
- *port = (ic->icmp6_type << 8) & ic->icmp6_code;
+ *port = (__force __be16)((ic->icmp6_type << 8) & ic->icmp6_code);
break;
}
default:
@@ -70,7 +70,7 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
}
static inline bool
-get_ip4_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto)
+get_ip4_port(const struct sk_buff *skb, bool src, __be16 *port, u8 *proto)
{
const struct iphdr *iph = ip_hdr(skb);
unsigned int protooff = ip_hdrlen(skb);
@@ -84,7 +84,7 @@ get_ip4_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto)
}
static inline bool
-get_ip6_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto)
+get_ip6_port(const struct sk_buff *skb, bool src, __be16 *port, u8 *proto)
{
unsigned int protooff = 0;
int protocol;
@@ -98,7 +98,7 @@ get_ip6_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto)
}
static inline bool
-get_ip_port(const struct sk_buff *skb, u8 pf, bool src, u16 *port)
+get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
{
bool ret;
u8 proto;
diff --git a/kernel/include/linux/netfilter/ipset/pfxlen.h b/kernel/include/linux/netfilter/ipset/pfxlen.h
index 08e6059..0e1fb50 100644
--- a/kernel/include/linux/netfilter/ipset/pfxlen.h
+++ b/kernel/include/linux/netfilter/ipset/pfxlen.h
@@ -20,10 +20,10 @@ ip_set_netmask6(u8 pfxlen)
return &ip_set_netmask_map[pfxlen].ip6[0];
}
-static inline __be32
+static inline u32
ip_set_hostmask(u8 pfxlen)
{
- return ip_set_hostmask_map[pfxlen].ip;
+ return (__force u32) ip_set_hostmask_map[pfxlen].ip;
}
static inline const __be32 *
diff --git a/kernel/ip_set_bitmap_ip.c b/kernel/ip_set_bitmap_ip.c
index fba4f7b..7806ecc 100644
--- a/kernel/ip_set_bitmap_ip.c
+++ b/kernel/ip_set_bitmap_ip.c
@@ -124,10 +124,9 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *head, int len,
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip);
if (ret)
return ret;
- ip = ntohl(ip);
if (ip < map->first_ip || ip > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
@@ -141,10 +140,9 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *head, int len,
return bitmap_ip_test(map, ip_to_id(map, ip));
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to) {
swap(ip, ip_to);
if (ip < map->first_ip)
@@ -364,10 +362,9 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len,
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip);
if (ret)
return ret;
- ip = ntohl(ip);
if (ip < map->first_ip || ip > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
@@ -377,10 +374,9 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len,
ip_to_id((const struct bitmap_ip *)map, ip));
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to) {
swap(ip, ip_to);
if (ip < map->first_ip)
@@ -602,16 +598,14 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len,
bitmap_ip_create_policy))
return -IPSET_ERR_PROTOCOL;
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &first_ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &first_ip);
if (ret)
return ret;
- first_ip = ntohl(first_ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip);
if (ret)
return ret;
- last_ip = htonl(last_ip);
if (first_ip > last_ip) {
u32 tmp = first_ip;
diff --git a/kernel/ip_set_bitmap_ipmac.c b/kernel/ip_set_bitmap_ipmac.c
index 81f646e..49e7ed1 100644
--- a/kernel/ip_set_bitmap_ipmac.c
+++ b/kernel/ip_set_bitmap_ipmac.c
@@ -383,10 +383,9 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *head, int len,
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &data.id);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &data.id);
if (ret)
return ret;
- data.id = ntohl(data.id);
if (data.id < map->first_ip || data.id > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
@@ -468,7 +467,7 @@ bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b)
x->timeout == y->timeout;
}
-const struct ip_set_type_variant bitmap_ipmac = {
+static const struct ip_set_type_variant bitmap_ipmac = {
.kadt = bitmap_ipmac_kadt,
.uadt = bitmap_ipmac_uadt,
.adt = {
@@ -483,7 +482,7 @@ const struct ip_set_type_variant bitmap_ipmac = {
.same_set = bitmap_ipmac_same_set,
};
-const struct ip_set_type_variant bitmap_tipmac = {
+static const struct ip_set_type_variant bitmap_tipmac = {
.kadt = bitmap_ipmac_kadt,
.uadt = bitmap_ipmac_uadt,
.adt = {
@@ -573,16 +572,14 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len,
bitmap_ipmac_create_policy))
return -IPSET_ERR_PROTOCOL;
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &first_ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &first_ip);
if (ret)
return ret;
- first_ip = ntohl(first_ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip);
if (ret)
return ret;
- last_ip = ntohl(last_ip);
if (first_ip > last_ip) {
u32 tmp = first_ip;
@@ -633,7 +630,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len,
return 0;
}
-struct ip_set_type bitmap_ipmac_type = {
+static struct ip_set_type bitmap_ipmac_type = {
.name = "bitmap:ip,mac",
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_MAC,
diff --git a/kernel/ip_set_bitmap_port.c b/kernel/ip_set_bitmap_port.c
index ae1b2b3..dfece55 100644
--- a/kernel/ip_set_bitmap_port.c
+++ b/kernel/ip_set_bitmap_port.c
@@ -70,12 +70,13 @@ bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb,
enum ipset_adt adt, u8 pf, u8 dim, u8 flags)
{
struct bitmap_port *map = set->data;
+ __be16 __port;
u16 port = 0;
- if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &port))
+ if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &__port))
return -EINVAL;
- port = ntohs(port);
+ port = ntohs(__port);
if (port < map->first_port || port > map->last_port)
return -IPSET_ERR_BITMAP_RANGE;
@@ -249,7 +250,7 @@ bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b)
x->last_port == y->last_port;
}
-const struct ip_set_type_variant bitmap_port = {
+static const struct ip_set_type_variant bitmap_port = {
.kadt = bitmap_port_kadt,
.uadt = bitmap_port_uadt,
.destroy = bitmap_port_destroy,
@@ -307,12 +308,13 @@ bitmap_port_timeout_kadt(struct ip_set *set, const struct sk_buff *skb,
enum ipset_adt adt, u8 pf, u8 dim, u8 flags)
{
struct bitmap_port_timeout *map = set->data;
+ __be16 __port;
u16 port = 0;
- if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &port))
+ if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &__port))
return -EINVAL;
- port = ntohs(port);
+ port = ntohs(__port);
if (port < map->first_port || port > map->last_port)
return -IPSET_ERR_BITMAP_RANGE;
@@ -487,7 +489,7 @@ bitmap_port_timeout_same_set(const struct ip_set *a, const struct ip_set *b)
x->timeout == y->timeout;
}
-const struct ip_set_type_variant bitmap_port_timeout = {
+static const struct ip_set_type_variant bitmap_port_timeout = {
.kadt = bitmap_port_timeout_kadt,
.uadt = bitmap_port_timeout_uadt,
.destroy = bitmap_port_timeout_destroy,
@@ -621,7 +623,7 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len,
return 0;
}
-struct ip_set_type bitmap_port_type = {
+static struct ip_set_type bitmap_port_type = {
.name = "bitmap:port",
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_PORT,
diff --git a/kernel/ip_set_core.c b/kernel/ip_set_core.c
index 733d3f3..e449740 100644
--- a/kernel/ip_set_core.c
+++ b/kernel/ip_set_core.c
@@ -216,7 +216,7 @@ static const struct nla_policy ipaddr_policy[IPSET_ATTR_IPADDR_MAX + 1] = {
};
int
-ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr)
+ip_set_get_ipaddr4(struct nlattr *attr[], int type, __be32 *ipaddr)
{
struct nlattr *tb[IPSET_ATTR_IPADDR_MAX+1];
@@ -230,7 +230,7 @@ ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr)
if (!tb[IPSET_ATTR_IPADDR_IPV4])
return -IPSET_ERR_IPADDR_IPV4;
- *ipaddr = ip_set_get_n32(tb[IPSET_ATTR_IPADDR_IPV4]);
+ *ipaddr = nla_get_be32(tb[IPSET_ATTR_IPADDR_IPV4]);
return 0;
}
EXPORT_SYMBOL_GPL(ip_set_get_ipaddr4);
@@ -1489,7 +1489,7 @@ static struct nfnetlink_subsystem ip_set_netlink_subsys __read_mostly = {
/* Interface to iptables/ip6tables */
static int
-ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len)
+ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
{
unsigned *op;
void *data;
diff --git a/kernel/ip_set_hash_ip.c b/kernel/ip_set_hash_ip.c
index 7e6af42..e8ae8a5 100644
--- a/kernel/ip_set_hash_ip.c
+++ b/kernel/ip_set_hash_ip.c
@@ -45,12 +45,12 @@ hash_ip_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_ip4_elem {
- u32 ip;
+ __be32 ip;
};
/* Member elements with timeout support */
struct hash_ip4_telem {
- u32 ip;
+ __be32 ip;
unsigned long timeout;
};
@@ -123,7 +123,7 @@ hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb,
{
const struct ip_set_hash *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
- u32 ip;
+ __be32 ip;
ip4addrptr(skb, flags & IPSET_DIM_ONE_SRC, &ip);
ip &= ip_set_netmask(h->netmask);
@@ -148,7 +148,8 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
const struct ip_set_hash *h = set->data;
struct nlattr *tb[IPSET_ATTR_ADT_MAX+1];
ipset_adtfn adtfn = set->variant->adt[adt];
- u32 ip, nip, ip_to, hosts, timeout = h->timeout;
+ u32 ip, ip_to, hosts, timeout = h->timeout;
+ __be32 nip;
int ret = 0;
if (nla_parse(tb, IPSET_ATTR_ADT_MAX, head, len,
@@ -158,13 +159,11 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip);
if (ret)
return ret;
- ip &= ip_set_netmask(h->netmask);
- if (ip == 0)
- return -IPSET_ERR_HASH_ELEM;
+ ip &= ip_set_hostmask(h->netmask);
if (tb[IPSET_ATTR_TIMEOUT]) {
if (!with_timeout(h->timeout))
@@ -172,15 +171,17 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
}
- if (adt == IPSET_TEST)
- return adtfn(set, &ip, timeout);
+ if (adt == IPSET_TEST) {
+ nip = htonl(ip);
+ if (nip == 0)
+ return -IPSET_ERR_HASH_ELEM;
+ return adtfn(set, &nip, timeout);
+ }
- ip = ntohl(ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to)
swap(ip, ip_to);
} else if (tb[IPSET_ATTR_CIDR]) {
@@ -197,6 +198,8 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
for (; !before(ip_to, ip); ip += hosts) {
nip = htonl(ip);
+ if (nip == 0)
+ return -IPSET_ERR_HASH_ELEM;
ret = adtfn(set, &nip, timeout);
if (ret && !ip_set_eexist(ret, flags))
diff --git a/kernel/ip_set_hash_ipport.c b/kernel/ip_set_hash_ipport.c
index 035dad1..4bc1f42 100644
--- a/kernel/ip_set_hash_ipport.c
+++ b/kernel/ip_set_hash_ipport.c
@@ -46,16 +46,16 @@ hash_ipport_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_ipport4_elem {
- u32 ip;
- u16 port;
+ __be32 ip;
+ __be16 port;
u8 proto;
u8 padding;
};
/* Member elements with timeout support */
struct hash_ipport4_telem {
- u32 ip;
- u16 port;
+ __be32 ip;
+ __be16 port;
u8 proto;
u8 padding;
unsigned long timeout;
@@ -189,7 +189,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *head, int len,
return ret;
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
@@ -227,10 +227,9 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *head, int len,
ip = ntohl(data.ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to)
swap(ip, ip_to);
} else if (tb[IPSET_ATTR_CIDR]) {
@@ -280,14 +279,14 @@ hash_ipport_same_set(const struct ip_set *a, const struct ip_set *b)
struct hash_ipport6_elem {
union nf_inet_addr ip;
- u16 port;
+ __be16 port;
u8 proto;
u8 padding;
};
struct hash_ipport6_telem {
union nf_inet_addr ip;
- u16 port;
+ __be16 port;
u8 proto;
u8 padding;
unsigned long timeout;
@@ -411,7 +410,7 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *head, int len,
return ret;
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
diff --git a/kernel/ip_set_hash_ipportip.c b/kernel/ip_set_hash_ipportip.c
index f7a9870..734529c 100644
--- a/kernel/ip_set_hash_ipportip.c
+++ b/kernel/ip_set_hash_ipportip.c
@@ -46,18 +46,18 @@ hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_ipportip4_elem {
- u32 ip;
- u32 ip2;
- u16 port;
+ __be32 ip;
+ __be32 ip2;
+ __be16 port;
u8 proto;
u8 padding;
};
/* Member elements with timeout support */
struct hash_ipportip4_telem {
- u32 ip;
- u32 ip2;
- u16 port;
+ __be32 ip;
+ __be32 ip2;
+ __be16 port;
u8 proto;
u8 padding;
unsigned long timeout;
@@ -200,7 +200,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *head, int len,
return ret;
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
@@ -238,10 +238,9 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *head, int len,
ip = ntohl(data.ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to)
swap(ip, ip_to);
} else if (tb[IPSET_ATTR_CIDR]) {
@@ -292,7 +291,7 @@ hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b)
struct hash_ipportip6_elem {
union nf_inet_addr ip;
union nf_inet_addr ip2;
- u16 port;
+ __be16 port;
u8 proto;
u8 padding;
};
@@ -300,7 +299,7 @@ struct hash_ipportip6_elem {
struct hash_ipportip6_telem {
union nf_inet_addr ip;
union nf_inet_addr ip2;
- u16 port;
+ __be16 port;
u8 proto;
u8 padding;
unsigned long timeout;
@@ -432,7 +431,7 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *head, int len,
return ret;
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
diff --git a/kernel/ip_set_hash_ipportnet.c b/kernel/ip_set_hash_ipportnet.c
index 2200b14..b6bc5c9 100644
--- a/kernel/ip_set_hash_ipportnet.c
+++ b/kernel/ip_set_hash_ipportnet.c
@@ -46,18 +46,18 @@ hash_ipportnet_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_ipportnet4_elem {
- u32 ip;
- u32 ip2;
- u16 port;
+ __be32 ip;
+ __be32 ip2;
+ __be16 port;
u8 cidr;
u8 proto;
};
/* Member elements with timeout support */
struct hash_ipportnet4_telem {
- u32 ip;
- u32 ip2;
- u16 port;
+ __be32 ip;
+ __be32 ip2;
+ __be16 port;
u8 cidr;
u8 proto;
unsigned long timeout;
@@ -229,7 +229,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *head, int len,
data.ip2 &= ip_set_netmask(data.cidr);
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
@@ -267,10 +267,9 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *head, int len,
ip = ntohl(data.ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to)
swap(ip, ip_to);
} else if (tb[IPSET_ATTR_CIDR]) {
@@ -321,7 +320,7 @@ hash_ipportnet_same_set(const struct ip_set *a, const struct ip_set *b)
struct hash_ipportnet6_elem {
union nf_inet_addr ip;
union nf_inet_addr ip2;
- u16 port;
+ __be16 port;
u8 cidr;
u8 proto;
};
@@ -329,7 +328,7 @@ struct hash_ipportnet6_elem {
struct hash_ipportnet6_telem {
union nf_inet_addr ip;
union nf_inet_addr ip2;
- u16 port;
+ __be16 port;
u8 cidr;
u8 proto;
unsigned long timeout;
@@ -495,7 +494,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *head, int len,
ip6_netmask(&data.ip2, data.cidr);
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
diff --git a/kernel/ip_set_hash_net.c b/kernel/ip_set_hash_net.c
index 693eaf3..61c4b4f 100644
--- a/kernel/ip_set_hash_net.c
+++ b/kernel/ip_set_hash_net.c
@@ -44,7 +44,7 @@ hash_net_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_net4_elem {
- u32 ip;
+ __be32 ip;
u16 padding0;
u8 padding1;
u8 cidr;
@@ -52,7 +52,7 @@ struct hash_net4_elem {
/* Member elements with timeout support */
struct hash_net4_telem {
- u32 ip;
+ __be32 ip;
u16 padding0;
u8 padding1;
u8 cidr;
diff --git a/kernel/ip_set_hash_netport.c b/kernel/ip_set_hash_netport.c
index 93cc0e8..ca17f1c 100644
--- a/kernel/ip_set_hash_netport.c
+++ b/kernel/ip_set_hash_netport.c
@@ -45,16 +45,16 @@ hash_netport_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_netport4_elem {
- u32 ip;
- u16 port;
+ __be32 ip;
+ __be16 port;
u8 proto;
u8 cidr;
};
/* Member elements with timeout support */
struct hash_netport4_telem {
- u32 ip;
- u16 port;
+ __be32 ip;
+ __be16 port;
u8 proto;
u8 cidr;
unsigned long timeout;
@@ -215,7 +215,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *head, int len,
data.ip &= ip_set_netmask(data.cidr);
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
@@ -282,14 +282,14 @@ hash_netport_same_set(const struct ip_set *a, const struct ip_set *b)
struct hash_netport6_elem {
union nf_inet_addr ip;
- u16 port;
+ __be16 port;
u8 proto;
u8 cidr;
};
struct hash_netport6_telem {
union nf_inet_addr ip;
- u16 port;
+ __be16 port;
u8 proto;
u8 cidr;
unsigned long timeout;
@@ -445,7 +445,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *head, int len,
ip6_netmask(&data.ip, data.cidr);
if (tb[IPSET_ATTR_PORT])
- data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]);
+ data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
else
return -IPSET_ERR_PROTOCOL;
diff --git a/kernel/pfxlen.c b/kernel/pfxlen.c
index c6c9dcc..23f8c81 100644
--- a/kernel/pfxlen.c
+++ b/kernel/pfxlen.c
@@ -148,8 +148,10 @@ const union nf_inet_addr ip_set_netmask_map[] = {
EXPORT_SYMBOL_GPL(ip_set_netmask_map);
#undef E
-#define E(a, b, c, d) \
- {.ip6 = { a, b, c, d } }
+#define E(a, b, c, d) \
+ {.ip6 = { (__force __be32) a, (__force __be32) b, \
+ (__force __be32) c, (__force __be32) d, \
+ } }
/*
* This table works for both IPv4 and IPv6;