summaryrefslogtreecommitdiffstats
path: root/kernel/ip_set_hash_ip.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/ip_set_hash_ip.c')
-rw-r--r--kernel/ip_set_hash_ip.c29
1 files changed, 16 insertions, 13 deletions
diff --git a/kernel/ip_set_hash_ip.c b/kernel/ip_set_hash_ip.c
index 7e6af42..e8ae8a5 100644
--- a/kernel/ip_set_hash_ip.c
+++ b/kernel/ip_set_hash_ip.c
@@ -45,12 +45,12 @@ hash_ip_same_set(const struct ip_set *a, const struct ip_set *b);
/* Member elements without timeout */
struct hash_ip4_elem {
- u32 ip;
+ __be32 ip;
};
/* Member elements with timeout support */
struct hash_ip4_telem {
- u32 ip;
+ __be32 ip;
unsigned long timeout;
};
@@ -123,7 +123,7 @@ hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb,
{
const struct ip_set_hash *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
- u32 ip;
+ __be32 ip;
ip4addrptr(skb, flags & IPSET_DIM_ONE_SRC, &ip);
ip &= ip_set_netmask(h->netmask);
@@ -148,7 +148,8 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
const struct ip_set_hash *h = set->data;
struct nlattr *tb[IPSET_ATTR_ADT_MAX+1];
ipset_adtfn adtfn = set->variant->adt[adt];
- u32 ip, nip, ip_to, hosts, timeout = h->timeout;
+ u32 ip, ip_to, hosts, timeout = h->timeout;
+ __be32 nip;
int ret = 0;
if (nla_parse(tb, IPSET_ATTR_ADT_MAX, head, len,
@@ -158,13 +159,11 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip);
if (ret)
return ret;
- ip &= ip_set_netmask(h->netmask);
- if (ip == 0)
- return -IPSET_ERR_HASH_ELEM;
+ ip &= ip_set_hostmask(h->netmask);
if (tb[IPSET_ATTR_TIMEOUT]) {
if (!with_timeout(h->timeout))
@@ -172,15 +171,17 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
}
- if (adt == IPSET_TEST)
- return adtfn(set, &ip, timeout);
+ if (adt == IPSET_TEST) {
+ nip = htonl(ip);
+ if (nip == 0)
+ return -IPSET_ERR_HASH_ELEM;
+ return adtfn(set, &nip, timeout);
+ }
- ip = ntohl(ip);
if (tb[IPSET_ATTR_IP_TO]) {
- ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
+ ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to);
if (ret)
return ret;
- ip_to = ntohl(ip_to);
if (ip > ip_to)
swap(ip, ip_to);
} else if (tb[IPSET_ATTR_CIDR]) {
@@ -197,6 +198,8 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len,
for (; !before(ip_to, ip); ip += hosts) {
nip = htonl(ip);
+ if (nip == 0)
+ return -IPSET_ERR_HASH_ELEM;
ret = adtfn(set, &nip, timeout);
if (ret && !ip_set_eexist(ret, flags))