From 584e8d0604a55fcda68848bef82a2954d8af71f5 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Sun, 24 Jan 2010 15:49:16 +0100 Subject: New version 4.2 released: kernel: - nethash and ipportnethash types counted every entry twice which could produce bogus entries when listing/saving these types of sets (bug reported by Husnu Demir) userspace: - Checking null entries when listing/saving hash types of sets deleted because it's unnecessary and can mask possible errors. --- ChangeLog | 4 ++++ Makefile | 2 +- ipset_iphash.c | 7 ++----- ipset_ipporthash.c | 24 ++++++++++-------------- ipset_ipportiphash.c | 32 ++++++++++++++------------------ ipset_ipportnethash.c | 32 ++++++++++++++------------------ ipset_nethash.c | 8 +++----- kernel/ChangeLog | 5 +++++ kernel/ip_set_ipportnethash.c | 1 - kernel/ip_set_nethash.c | 1 - 10 files changed, 53 insertions(+), 63 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13707ed..354df0b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +4.2 + - Checking null entries when listing/saving hash types of sets + deleted because it's unnecessary and can mask possible errors. + 4.1 - Manpage fixes and corrections (Jan Engelhardt) diff --git a/Makefile b/Makefile index b0f337e..bbec449 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ ifndef V V=0 endif -IPSET_VERSION:=4.1 +IPSET_VERSION:=4.2 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib diff --git a/ipset_iphash.c b/ipset_iphash.c index b352df4..0bc5bd1 100644 --- a/ipset_iphash.c +++ b/ipset_iphash.c @@ -200,8 +200,7 @@ iphash_printips(struct set *set UNUSED, void *data, u_int32_t len, while (offset < len) { ip = data + offset; - if (*ip) - printf("%s\n", ip_tostring(*ip, options)); + printf("%s\n", ip_tostring(*ip, options)); offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); } } @@ -230,9 +229,7 @@ iphash_saveips(struct set *set UNUSED, void *data, u_int32_t len, while (offset < len) { ip = data + offset; - if (*ip) - printf("-A %s %s\n", set->name, - ip_tostring(*ip, options)); + printf("-A %s %s\n", set->name, ip_tostring(*ip, options)); offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); } } diff --git a/ipset_ipporthash.c b/ipset_ipporthash.c index ce783ee..9249b2a 100644 --- a/ipset_ipporthash.c +++ b/ipset_ipporthash.c @@ -259,13 +259,11 @@ ipporthash_printips(struct set *set, void *data, u_int32_t len, while (offset < len) { ipptr = data + offset; - if (*ipptr) { - ip = (*ipptr>>16) + mysetdata->first_ip; - port = (uint16_t) *ipptr; - printf("%s,%s\n", - ip_tostring(ip, options), - port_tostring(port, options)); - } + ip = (*ipptr>>16) + mysetdata->first_ip; + port = (uint16_t) *ipptr; + printf("%s,%s\n", + ip_tostring(ip, options), + port_tostring(port, options)); offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); } } @@ -296,13 +294,11 @@ ipporthash_saveips(struct set *set, void *data, u_int32_t len, while (offset < len) { ipptr = data + offset; - if (*ipptr) { - ip = (*ipptr>>16) + mysetdata->first_ip; - port = (uint16_t) *ipptr; - printf("-A %s %s,%s\n", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - } + ip = (*ipptr>>16) + mysetdata->first_ip; + port = (uint16_t) *ipptr; + printf("-A %s %s,%s\n", set->name, + ip_tostring(ip, options), + port_tostring(port, options)); offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); } } diff --git a/ipset_ipportiphash.c b/ipset_ipportiphash.c index 95cbcfd..49861bf 100644 --- a/ipset_ipportiphash.c +++ b/ipset_ipportiphash.c @@ -265,15 +265,13 @@ ipportiphash_printips(struct set *set, void *data, u_int32_t len, while (offset < len) { ipptr = data + offset; - if (ipptr->ip && ipptr->ip1) { - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - ip_tostring(ipptr->ip1, options)); - } + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("%s,%s,", + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + ip_tostring(ipptr->ip1, options)); offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); } } @@ -305,15 +303,13 @@ ipportiphash_saveips(struct set *set, void *data, u_int32_t len, while (offset < len) { ipptr = data + offset; - if (ipptr->ip && ipptr->ip1) { - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - ip_tostring(ipptr->ip1, options)); - } + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("-A %s %s,%s,", set->name, + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + ip_tostring(ipptr->ip1, options)); offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); } } diff --git a/ipset_ipportnethash.c b/ipset_ipportnethash.c index 3485711..3a60bf1 100644 --- a/ipset_ipportnethash.c +++ b/ipset_ipportnethash.c @@ -330,15 +330,13 @@ ipportnethash_printips(struct set *set, void *data, u_int32_t len, while (offset < len) { ipptr = data + offset; - if (ipptr->ip || ipptr->ip1) { - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip1, options)); - } + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("%s,%s,", + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + unpack_ip_tostring(ipptr->ip1, options)); offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); } } @@ -370,15 +368,13 @@ ipportnethash_saveips(struct set *set, void *data, u_int32_t len, while (offset < len) { ipptr = data + offset; - if (ipptr) { - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip, options)); - } + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("-A %s %s,%s,", set->name, + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + unpack_ip_tostring(ipptr->ip, options)); offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); } } diff --git a/ipset_nethash.c b/ipset_nethash.c index 50ca1bd..c7891cf 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -232,8 +232,7 @@ nethash_printips(struct set *set UNUSED, void *data, u_int32_t len, while (offset < len) { ip = data + offset; - if (*ip) - printf("%s\n", unpack_ip_tostring(*ip, options)); + printf("%s\n", unpack_ip_tostring(*ip, options)); offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); } } @@ -258,9 +257,8 @@ nethash_saveips(struct set *set UNUSED, void *data, u_int32_t len, while (offset < len) { ip = data + offset; - if (*ip) - printf("-A %s %s\n", set->name, - unpack_ip_tostring(*ip, options)); + printf("-A %s %s\n", set->name, + unpack_ip_tostring(*ip, options)); offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); } } diff --git a/kernel/ChangeLog b/kernel/ChangeLog index f613c94..1ad54cd 100644 --- a/kernel/ChangeLog +++ b/kernel/ChangeLog @@ -1,3 +1,8 @@ +4.2 + - nethash and ipportnethash types counted every entry twice + which could produce bogus entries when listing/saving these types + of sets (bug reported by Husnu Demir) + 4.1 - Do not use init_MUTEX either (Jan Engelhardt) - Improve listing/saving hash type of sets by not copying empty diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c index f328972..e0bb352 100644 --- a/kernel/ip_set_ipportnethash.c +++ b/kernel/ip_set_ipportnethash.c @@ -185,7 +185,6 @@ ipportnethash_add(struct ip_set *set, if (ret == 0) { if (!map->nets[cidr-1]++) add_cidr_size(map->cidr, cidr); - map->elements++; } return ret; } diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c index bf87f5c..e3b09e0 100644 --- a/kernel/ip_set_nethash.c +++ b/kernel/ip_set_nethash.c @@ -136,7 +136,6 @@ nethash_add(struct ip_set *set, ip_set_ip_t ip, uint8_t cidr) if (ret == 0) { if (!map->nets[cidr-1]++) add_cidr_size(map->cidr, cidr); - map->elements++; } return ret; -- cgit v1.2.3