| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
The kernel/ subdirectory is reorganized to follow the kernel directory
structure.
|
| |
|
|
|
|
|
|
|
|
|
| |
When a message carries multiple commands and one of them triggers
an error, we have to report to the userspace which one was that.
The line number of the command plays this role and there's an attribute
reserved in the header part of the message to be filled out with the error
line number. In order not to modify the original message received from
the userspace, we construct a new, complete netlink error message and
modifies the attribute there, then send it.
Netlink is notified not to send its ACK/error message.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace calls of the form:
nla_parse(tb, ATTR_MAX, nla_data(attr), nla_len(attr), policy)
by:
nla_parse_nested(tb, ATTR_MAX, attr, policy)
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
|
| |
|
|
|
|
| |
The type specific attribute validation can be moved to the ipset core.
That way it's done centrally and thus can be eliminated from the individual
set types (suggested by Patrick McHardy).
|
| |
|
|
| |
Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
|
| |
|
|
|
|
| |
Attribute is const so a little bit more work is needed to return
the error line number. A test is also added in order to check
the functionality. (Patrick McHardy's review)
|
| |
|
|
|
| |
Missing check of the flag NLM_F_ACK is added to the kernel -
and userspace does set it too (Patrick McHardy's review)
|
| |
|
|
| |
Use correct error codes (Patrick McHardy's review)
|
| |
|
|
|
|
| |
Some trailing whitespace slipped in, those are removed. With the deleted
ip_set_kernel.h, the pr_* messages lost the trailing "\n" character.
The messages were completed with it.
|
| | |
|
| |
|
|
|
| |
While holding the nfnl_mutex, module loading is not allowed.
Bug spotted by Patrick McHardy in his reviewing.
|
| |
|
|
|
| |
We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc
with vzalloc. Missing flag was noticed by Eric Dumazet.
|
| |
|
|
|
|
| |
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
|
| |
|
|
|
|
| |
Annotated types are introduced and sparse warnings fixed.
Two warnings remained in ip_set_core.c but those are false ones.
(Patrick McHardy's review)
|
| |
|
|
|
|
| |
The functions are too large to be inlined, so move them into the core.
Also, fix the unnecessary initializations in ip_set_get_ipaddr*.
(Patrick McHardy's review)
|
| |
|
|
|
| |
Avoid the need for explicit initialization during runtime
(Patrick McHardy's review)
|
| |
|
|
| |
Negative set numbers are strange :-) (Patrick McHardy's review)
|
| |
|
|
|
| |
The header file was useful at deep debugging only, we can get rid of now.
(Patrick McHardy's review)
|
| |
|
|
| |
Fix "&&" and "||" continuation style (Patrick McHardy's review)
|
| |
|
|
|
|
| |
Ongoing add/del can happen to referenced sets and delete can be issued
to unreferenced sets. So the bogus call to synchronize_net() can safely
be removed.
|
| |
|
|
| |
Better add more safety nets against user input.
|
| | |
|
|
|
Separate prefixlens from ip_set core for better readibility and honoring
the independence.
Also, comment that prefixlens were borrowed from Jan Engelhardt.
|
