diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | ipset.c | 25 | ||||
| -rw-r--r-- | ipset.h | 1 | ||||
| -rw-r--r-- | ipset_ipporthash.c | 25 | ||||
| -rw-r--r-- | ipset_iptree.c | 2 | ||||
| -rw-r--r-- | ipset_macipmap.c | 2 | ||||
| -rw-r--r-- | ipset_nethash.c | 4 |
8 files changed, 43 insertions, 26 deletions
@@ -1,3 +1,11 @@ +2.2.7 + All patches were submitted by Jones Desougi + - missing or confusing error message fixes for ipporthash + - minor correction in debugging in nethash + - copy-paste bug in kernel set types at memory allocation + checking fixed + - unified memory allocations in ipset + 2.2.6 - memory allocation in iptree is changed to GFP_ATOMIC because we hold a lock (bug reported by Radek Hladik) @@ -8,7 +8,7 @@ ifndef KERNEL_DIR KERNEL_DIR=/usr/src/linux endif -IPSET_VERSION:=2.2.6 +IPSET_VERSION:=2.2.7 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib @@ -417,6 +417,17 @@ void *ipset_malloc(size_t size) return p; } +char *ipset_strdup(const char *s) +{ + char *p; + + if ((p = strdup(s)) == NULL) { + perror("ipset: not enough memory"); + exit(1); + } + return p; +} + void ipset_free(void **data) { if (*data == NULL) @@ -439,7 +450,7 @@ static struct option *merge_options(struct option *oldopts, global_option_offset += OPTION_OFFSET; *option_offset = global_option_offset; - merge = malloc(sizeof(struct option) * (num_new + num_old + 1)); + merge = ipset_malloc(sizeof(struct option) * (num_new + num_old + 1)); memcpy(merge, oldopts, num_old * sizeof(struct option)); for (i = 0; i < num_new; i++) { merge[num_old + i] = newopts[i]; @@ -1207,10 +1218,10 @@ static void build_argv(int line, char *buffer) { newargc = 1; ptr = strtok(buffer, " \t\n"); - newargv[newargc++] = strdup(ptr); + newargv[newargc++] = ipset_strdup(ptr); while ((ptr = strtok(NULL, " \t\n")) != NULL) { if ((newargc + 1) < sizeof(newargv)/sizeof(char *)) - newargv[newargc++] = strdup(ptr); + newargv[newargc++] = ipset_strdup(ptr); else exit_error(PARAMETER_PROBLEM, "Line %d is too long to restore\n", line); @@ -1227,11 +1238,9 @@ static FILE *create_tempfile(void) if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP"))) tmpdir = "/tmp"; - filename = malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1); - if (!filename) - exit_error(OTHER_PROBLEM, "Could not malloc temporary filename."); + filename = ipset_malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1); strcpy(filename, tmpdir); - strcpy(filename, TEMPFILE_PATTERN); + strcat(filename, TEMPFILE_PATTERN); (void) umask(077); /* Create with restrictive permissions */ fd = mkstemp(filename); @@ -1376,7 +1385,7 @@ static void set_restore(char *argv0) line = 0; /* Initialize newargv/newargc */ - newargv[newargc++] = strdup(argv0); + newargv[newargc++] = ipset_strdup(argv0); /* Second pass: build up restore request */ while (fgets(buffer, sizeof(buffer), in)) { @@ -181,6 +181,7 @@ extern int string_to_number(const char *str, unsigned int min, unsigned int max, ip_set_ip_t *port); extern void *ipset_malloc(size_t size); +extern char *ipset_strdup(const char *); extern void ipset_free(void **data); #endif /* __IPSET_H */ diff --git a/ipset_ipporthash.c b/ipset_ipporthash.c index e615cea..1ebbc50 100644 --- a/ipset_ipporthash.c +++ b/ipset_ipporthash.c @@ -38,7 +38,7 @@ #define OPT_CREATE_RESIZE 0x04U #define OPT_CREATE_NETWORK 0x08U #define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x10U +#define OPT_CREATE_TO 0x20U /* Initialize the create. */ void create_init(void *data) @@ -156,21 +156,20 @@ void create_final(void *data, unsigned int flags) mydata->hashsize, mydata->probes, mydata->resize); #endif - if (flags == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - if (flags & OPT_CREATE_NETWORK) { /* --network */ if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) exit_error(PARAMETER_PROBLEM, "Can't specify --from or --to with --network\n"); - } else { + } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { /* --from --to */ - if ((flags & OPT_CREATE_FROM) == 0 - || (flags & OPT_CREATE_TO) == 0) + if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) exit_error(PARAMETER_PROBLEM, "Need to specify both --from and --to\n"); + } else { + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to, or --network\n"); + } DP("from : %x to: %x diff: %x", @@ -179,7 +178,7 @@ void create_final(void *data, unsigned int flags) if (mydata->from > mydata->to) exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); + "From can't be higher than to.\n"); if (mydata->to - mydata->from > MAX_RANGE) exit_error(PARAMETER_PROBLEM, @@ -203,7 +202,7 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_ipporthash *mydata = (struct ip_set_req_ipporthash *) data; - char *saved = strdup(optarg); + char *saved = ipset_strdup(optarg); char *ptr, *tmp = saved; DP("ipporthash: %p %p", optarg, data); @@ -331,9 +330,9 @@ void usage(void) " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" "-N set ipporthash --network IP/mask\n" " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP\n" - "-D set IP\n" - "-T set IP\n"); + "-A set IP%%port\n" + "-D set IP%%port\n" + "-T set IP%%port\n"); } static struct settype settype_ipporthash = { diff --git a/ipset_iptree.c b/ipset_iptree.c index ef85dc5..cce9884 100644 --- a/ipset_iptree.c +++ b/ipset_iptree.c @@ -79,7 +79,7 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_iptree *mydata = (struct ip_set_req_iptree *) data; - char *saved = strdup(optarg); + char *saved = ipset_strdup(optarg); char *ptr, *tmp = saved; DP("iptree: %p %p", optarg, data); diff --git a/ipset_macipmap.c b/ipset_macipmap.c index a0b609d..3ef8fb1 100644 --- a/ipset_macipmap.c +++ b/ipset_macipmap.c @@ -180,7 +180,7 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_macipmap *mydata = (struct ip_set_req_macipmap *) data; - char *saved = strdup(optarg); + char *saved = ipset_strdup(optarg); char *ptr, *tmp = saved; DP("macipmap: %p %p", optarg, data); diff --git a/ipset_nethash.c b/ipset_nethash.c index 6be0dce..758c4c1 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -130,7 +130,7 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_nethash *mydata = (struct ip_set_req_nethash *) data; - char *saved = strdup(optarg); + char *saved = ipset_strdup(optarg); char *ptr, *tmp = saved; ip_set_ip_t cidr; @@ -249,7 +249,7 @@ static char * unpack_ip_tostring(ip_set_ip_t ip, unsigned options) ((unsigned char *)&ip)[3], b); - DP("%s %s", ip_tostring(htonl(ip), options), buf); + DP("%s %s", ip_tostring(ntohl(ip), options), buf); return buf; } |