From c8396bdc040f4b16e6f6e3f8b81b9fb67a499d9c Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Thu, 20 Jan 2011 14:48:23 +0100 Subject: Use annotated types and fix sparse warnings Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review) --- Makefile.am | 4 +++ kernel/include/linux/netfilter/ipset/ip_set.h | 42 +++++++++------------- .../include/linux/netfilter/ipset/ip_set_getport.h | 12 +++---- kernel/include/linux/netfilter/ipset/pfxlen.h | 4 +-- kernel/ip_set_bitmap_ip.c | 18 ++++------ kernel/ip_set_bitmap_ipmac.c | 15 ++++---- kernel/ip_set_bitmap_port.c | 16 +++++---- kernel/ip_set_core.c | 6 ++-- kernel/ip_set_hash_ip.c | 29 ++++++++------- kernel/ip_set_hash_ipport.c | 19 +++++----- kernel/ip_set_hash_ipportip.c | 23 ++++++------ kernel/ip_set_hash_ipportnet.c | 23 ++++++------ kernel/ip_set_hash_net.c | 4 +-- kernel/ip_set_hash_netport.c | 16 ++++----- kernel/pfxlen.c | 6 ++-- 15 files changed, 114 insertions(+), 123 deletions(-) diff --git a/Makefile.am b/Makefile.am index 7d91b8f..8f448ca 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,6 +22,10 @@ endif SUBDIRS = lib src +modules_sparse: + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel V=$V C=2 CF=-D__CHECK_ENDIAN__ \ + IP_SET_MAX=$(IP_SET_MAX) modules + modules: ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel V=$V \ IP_SET_MAX=$(IP_SET_MAX) modules diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index b35c5d9..7679b33 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -320,10 +320,22 @@ extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb, /* Utility functions */ extern void * ip_set_alloc(size_t size, gfp_t gfp_mask); extern void ip_set_free(void *members); -extern int ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr); +extern int ip_set_get_ipaddr4(struct nlattr *attr[], int type, __be32 *ipaddr); extern int ip_set_get_ipaddr6(struct nlattr *attr[], int type, union nf_inet_addr *ipaddr); +static inline int +ip_set_get_hostipaddr4(struct nlattr *attr[], int type, u32 *ipaddr) +{ + __be32 ip; + int ret = ip_set_get_ipaddr4(attr, type, &ip); + + if (ret) + return ret; + *ipaddr = ntohl(ip); + return 0; +} + /* Ignore IPSET_ERR_EXIST errors if asked to do so? */ static inline bool ip_set_eexist(int ret, u32 flags) @@ -335,33 +347,13 @@ ip_set_eexist(int ret, u32 flags) static inline u32 ip_set_get_h32(const struct nlattr *attr) { - u32 value = nla_get_u32(attr); - - return attr->nla_type & NLA_F_NET_BYTEORDER ? ntohl(value) : value; + return ntohl(nla_get_be32(attr)); } static inline u16 ip_set_get_h16(const struct nlattr *attr) { - u16 value = nla_get_u16(attr); - - return attr->nla_type & NLA_F_NET_BYTEORDER ? ntohs(value) : value; -} - -static inline u32 -ip_set_get_n32(const struct nlattr *attr) -{ - u32 value = nla_get_u32(attr); - - return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htonl(value); -} - -static inline u16 -ip_set_get_n16(const struct nlattr *attr) -{ - u16 value = nla_get_u16(attr); - - return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htons(value); + return ntohs(nla_get_be16(attr)); } #define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED) @@ -389,14 +381,14 @@ do { \ } while (0) /* Get address from skbuff */ -static inline u32 +static inline __be32 ip4addr(const struct sk_buff *skb, bool src) { return src ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr; } static inline void -ip4addrptr(const struct sk_buff *skb, bool src, u32 *addr) +ip4addrptr(const struct sk_buff *skb, bool src, __be32 *addr) { *addr = src ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr; } diff --git a/kernel/include/linux/netfilter/ipset/ip_set_getport.h b/kernel/include/linux/netfilter/ipset/ip_set_getport.h index 8be8ecf..a5d243c 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_getport.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_getport.h @@ -12,7 +12,7 @@ /* We must handle non-linear skbs */ static inline bool get_port(const struct sk_buff *skb, int protocol, unsigned int protooff, - bool src, u16 *port, u8 *proto) + bool src, __be16 *port, u8 *proto) { switch (protocol) { case IPPROTO_TCP: { @@ -47,7 +47,7 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff, if (ic == NULL) return false; - *port = (ic->type << 8) & ic->code; + *port = (__force __be16)((ic->type << 8) & ic->code); break; } case IPPROTO_ICMPV6: { @@ -58,7 +58,7 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff, if (ic == NULL) return false; - *port = (ic->icmp6_type << 8) & ic->icmp6_code; + *port = (__force __be16)((ic->icmp6_type << 8) & ic->icmp6_code); break; } default: @@ -70,7 +70,7 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff, } static inline bool -get_ip4_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto) +get_ip4_port(const struct sk_buff *skb, bool src, __be16 *port, u8 *proto) { const struct iphdr *iph = ip_hdr(skb); unsigned int protooff = ip_hdrlen(skb); @@ -84,7 +84,7 @@ get_ip4_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto) } static inline bool -get_ip6_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto) +get_ip6_port(const struct sk_buff *skb, bool src, __be16 *port, u8 *proto) { unsigned int protooff = 0; int protocol; @@ -98,7 +98,7 @@ get_ip6_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto) } static inline bool -get_ip_port(const struct sk_buff *skb, u8 pf, bool src, u16 *port) +get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port) { bool ret; u8 proto; diff --git a/kernel/include/linux/netfilter/ipset/pfxlen.h b/kernel/include/linux/netfilter/ipset/pfxlen.h index 08e6059..0e1fb50 100644 --- a/kernel/include/linux/netfilter/ipset/pfxlen.h +++ b/kernel/include/linux/netfilter/ipset/pfxlen.h @@ -20,10 +20,10 @@ ip_set_netmask6(u8 pfxlen) return &ip_set_netmask_map[pfxlen].ip6[0]; } -static inline __be32 +static inline u32 ip_set_hostmask(u8 pfxlen) { - return ip_set_hostmask_map[pfxlen].ip; + return (__force u32) ip_set_hostmask_map[pfxlen].ip; } static inline const __be32 * diff --git a/kernel/ip_set_bitmap_ip.c b/kernel/ip_set_bitmap_ip.c index fba4f7b..7806ecc 100644 --- a/kernel/ip_set_bitmap_ip.c +++ b/kernel/ip_set_bitmap_ip.c @@ -124,10 +124,9 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip); if (ret) return ret; - ip = ntohl(ip); if (ip < map->first_ip || ip > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; @@ -141,10 +140,9 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *head, int len, return bitmap_ip_test(map, ip_to_id(map, ip)); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); if (ret) return ret; - ip_to = ntohl(ip_to); if (ip > ip_to) { swap(ip, ip_to); if (ip < map->first_ip) @@ -364,10 +362,9 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip); if (ret) return ret; - ip = ntohl(ip); if (ip < map->first_ip || ip > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; @@ -377,10 +374,9 @@ bitmap_ip_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, ip_to_id((const struct bitmap_ip *)map, ip)); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); if (ret) return ret; - ip_to = ntohl(ip_to); if (ip > ip_to) { swap(ip, ip_to); if (ip < map->first_ip) @@ -602,16 +598,14 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *head, int len, bitmap_ip_create_policy)) return -IPSET_ERR_PROTOCOL; - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &first_ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &first_ip); if (ret) return ret; - first_ip = ntohl(first_ip); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip); if (ret) return ret; - last_ip = htonl(last_ip); if (first_ip > last_ip) { u32 tmp = first_ip; diff --git a/kernel/ip_set_bitmap_ipmac.c b/kernel/ip_set_bitmap_ipmac.c index 81f646e..49e7ed1 100644 --- a/kernel/ip_set_bitmap_ipmac.c +++ b/kernel/ip_set_bitmap_ipmac.c @@ -383,10 +383,9 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &data.id); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &data.id); if (ret) return ret; - data.id = ntohl(data.id); if (data.id < map->first_ip || data.id > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; @@ -468,7 +467,7 @@ bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b) x->timeout == y->timeout; } -const struct ip_set_type_variant bitmap_ipmac = { +static const struct ip_set_type_variant bitmap_ipmac = { .kadt = bitmap_ipmac_kadt, .uadt = bitmap_ipmac_uadt, .adt = { @@ -483,7 +482,7 @@ const struct ip_set_type_variant bitmap_ipmac = { .same_set = bitmap_ipmac_same_set, }; -const struct ip_set_type_variant bitmap_tipmac = { +static const struct ip_set_type_variant bitmap_tipmac = { .kadt = bitmap_ipmac_kadt, .uadt = bitmap_ipmac_uadt, .adt = { @@ -573,16 +572,14 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len, bitmap_ipmac_create_policy)) return -IPSET_ERR_PROTOCOL; - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &first_ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &first_ip); if (ret) return ret; - first_ip = ntohl(first_ip); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &last_ip); if (ret) return ret; - last_ip = ntohl(last_ip); if (first_ip > last_ip) { u32 tmp = first_ip; @@ -633,7 +630,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *head, int len, return 0; } -struct ip_set_type bitmap_ipmac_type = { +static struct ip_set_type bitmap_ipmac_type = { .name = "bitmap:ip,mac", .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_MAC, diff --git a/kernel/ip_set_bitmap_port.c b/kernel/ip_set_bitmap_port.c index ae1b2b3..dfece55 100644 --- a/kernel/ip_set_bitmap_port.c +++ b/kernel/ip_set_bitmap_port.c @@ -70,12 +70,13 @@ bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb, enum ipset_adt adt, u8 pf, u8 dim, u8 flags) { struct bitmap_port *map = set->data; + __be16 __port; u16 port = 0; - if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &port)) + if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &__port)) return -EINVAL; - port = ntohs(port); + port = ntohs(__port); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -249,7 +250,7 @@ bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b) x->last_port == y->last_port; } -const struct ip_set_type_variant bitmap_port = { +static const struct ip_set_type_variant bitmap_port = { .kadt = bitmap_port_kadt, .uadt = bitmap_port_uadt, .destroy = bitmap_port_destroy, @@ -307,12 +308,13 @@ bitmap_port_timeout_kadt(struct ip_set *set, const struct sk_buff *skb, enum ipset_adt adt, u8 pf, u8 dim, u8 flags) { struct bitmap_port_timeout *map = set->data; + __be16 __port; u16 port = 0; - if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &port)) + if (!get_ip_port(skb, pf, flags & IPSET_DIM_ONE_SRC, &__port)) return -EINVAL; - port = ntohs(port); + port = ntohs(__port); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -487,7 +489,7 @@ bitmap_port_timeout_same_set(const struct ip_set *a, const struct ip_set *b) x->timeout == y->timeout; } -const struct ip_set_type_variant bitmap_port_timeout = { +static const struct ip_set_type_variant bitmap_port_timeout = { .kadt = bitmap_port_timeout_kadt, .uadt = bitmap_port_timeout_uadt, .destroy = bitmap_port_timeout_destroy, @@ -621,7 +623,7 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, return 0; } -struct ip_set_type bitmap_port_type = { +static struct ip_set_type bitmap_port_type = { .name = "bitmap:port", .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_PORT, diff --git a/kernel/ip_set_core.c b/kernel/ip_set_core.c index 733d3f3..e449740 100644 --- a/kernel/ip_set_core.c +++ b/kernel/ip_set_core.c @@ -216,7 +216,7 @@ static const struct nla_policy ipaddr_policy[IPSET_ATTR_IPADDR_MAX + 1] = { }; int -ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr) +ip_set_get_ipaddr4(struct nlattr *attr[], int type, __be32 *ipaddr) { struct nlattr *tb[IPSET_ATTR_IPADDR_MAX+1]; @@ -230,7 +230,7 @@ ip_set_get_ipaddr4(struct nlattr *attr[], int type, u32 *ipaddr) if (!tb[IPSET_ATTR_IPADDR_IPV4]) return -IPSET_ERR_IPADDR_IPV4; - *ipaddr = ip_set_get_n32(tb[IPSET_ATTR_IPADDR_IPV4]); + *ipaddr = nla_get_be32(tb[IPSET_ATTR_IPADDR_IPV4]); return 0; } EXPORT_SYMBOL_GPL(ip_set_get_ipaddr4); @@ -1489,7 +1489,7 @@ static struct nfnetlink_subsystem ip_set_netlink_subsys __read_mostly = { /* Interface to iptables/ip6tables */ static int -ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) +ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) { unsigned *op; void *data; diff --git a/kernel/ip_set_hash_ip.c b/kernel/ip_set_hash_ip.c index 7e6af42..e8ae8a5 100644 --- a/kernel/ip_set_hash_ip.c +++ b/kernel/ip_set_hash_ip.c @@ -45,12 +45,12 @@ hash_ip_same_set(const struct ip_set *a, const struct ip_set *b); /* Member elements without timeout */ struct hash_ip4_elem { - u32 ip; + __be32 ip; }; /* Member elements with timeout support */ struct hash_ip4_telem { - u32 ip; + __be32 ip; unsigned long timeout; }; @@ -123,7 +123,7 @@ hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb, { const struct ip_set_hash *h = set->data; ipset_adtfn adtfn = set->variant->adt[adt]; - u32 ip; + __be32 ip; ip4addrptr(skb, flags & IPSET_DIM_ONE_SRC, &ip); ip &= ip_set_netmask(h->netmask); @@ -148,7 +148,8 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len, const struct ip_set_hash *h = set->data; struct nlattr *tb[IPSET_ATTR_ADT_MAX+1]; ipset_adtfn adtfn = set->variant->adt[adt]; - u32 ip, nip, ip_to, hosts, timeout = h->timeout; + u32 ip, ip_to, hosts, timeout = h->timeout; + __be32 nip; int ret = 0; if (nla_parse(tb, IPSET_ATTR_ADT_MAX, head, len, @@ -158,13 +159,11 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len, if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP, &ip); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP, &ip); if (ret) return ret; - ip &= ip_set_netmask(h->netmask); - if (ip == 0) - return -IPSET_ERR_HASH_ELEM; + ip &= ip_set_hostmask(h->netmask); if (tb[IPSET_ATTR_TIMEOUT]) { if (!with_timeout(h->timeout)) @@ -172,15 +171,17 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len, timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); } - if (adt == IPSET_TEST) - return adtfn(set, &ip, timeout); + if (adt == IPSET_TEST) { + nip = htonl(ip); + if (nip == 0) + return -IPSET_ERR_HASH_ELEM; + return adtfn(set, &nip, timeout); + } - ip = ntohl(ip); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); if (ret) return ret; - ip_to = ntohl(ip_to); if (ip > ip_to) swap(ip, ip_to); } else if (tb[IPSET_ATTR_CIDR]) { @@ -197,6 +198,8 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *head, int len, for (; !before(ip_to, ip); ip += hosts) { nip = htonl(ip); + if (nip == 0) + return -IPSET_ERR_HASH_ELEM; ret = adtfn(set, &nip, timeout); if (ret && !ip_set_eexist(ret, flags)) diff --git a/kernel/ip_set_hash_ipport.c b/kernel/ip_set_hash_ipport.c index 035dad1..4bc1f42 100644 --- a/kernel/ip_set_hash_ipport.c +++ b/kernel/ip_set_hash_ipport.c @@ -46,16 +46,16 @@ hash_ipport_same_set(const struct ip_set *a, const struct ip_set *b); /* Member elements without timeout */ struct hash_ipport4_elem { - u32 ip; - u16 port; + __be32 ip; + __be16 port; u8 proto; u8 padding; }; /* Member elements with timeout support */ struct hash_ipport4_telem { - u32 ip; - u16 port; + __be32 ip; + __be16 port; u8 proto; u8 padding; unsigned long timeout; @@ -189,7 +189,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *head, int len, return ret; if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; @@ -227,10 +227,9 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *head, int len, ip = ntohl(data.ip); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); if (ret) return ret; - ip_to = ntohl(ip_to); if (ip > ip_to) swap(ip, ip_to); } else if (tb[IPSET_ATTR_CIDR]) { @@ -280,14 +279,14 @@ hash_ipport_same_set(const struct ip_set *a, const struct ip_set *b) struct hash_ipport6_elem { union nf_inet_addr ip; - u16 port; + __be16 port; u8 proto; u8 padding; }; struct hash_ipport6_telem { union nf_inet_addr ip; - u16 port; + __be16 port; u8 proto; u8 padding; unsigned long timeout; @@ -411,7 +410,7 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *head, int len, return ret; if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; diff --git a/kernel/ip_set_hash_ipportip.c b/kernel/ip_set_hash_ipportip.c index f7a9870..734529c 100644 --- a/kernel/ip_set_hash_ipportip.c +++ b/kernel/ip_set_hash_ipportip.c @@ -46,18 +46,18 @@ hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b); /* Member elements without timeout */ struct hash_ipportip4_elem { - u32 ip; - u32 ip2; - u16 port; + __be32 ip; + __be32 ip2; + __be16 port; u8 proto; u8 padding; }; /* Member elements with timeout support */ struct hash_ipportip4_telem { - u32 ip; - u32 ip2; - u16 port; + __be32 ip; + __be32 ip2; + __be16 port; u8 proto; u8 padding; unsigned long timeout; @@ -200,7 +200,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *head, int len, return ret; if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; @@ -238,10 +238,9 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *head, int len, ip = ntohl(data.ip); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); if (ret) return ret; - ip_to = ntohl(ip_to); if (ip > ip_to) swap(ip, ip_to); } else if (tb[IPSET_ATTR_CIDR]) { @@ -292,7 +291,7 @@ hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b) struct hash_ipportip6_elem { union nf_inet_addr ip; union nf_inet_addr ip2; - u16 port; + __be16 port; u8 proto; u8 padding; }; @@ -300,7 +299,7 @@ struct hash_ipportip6_elem { struct hash_ipportip6_telem { union nf_inet_addr ip; union nf_inet_addr ip2; - u16 port; + __be16 port; u8 proto; u8 padding; unsigned long timeout; @@ -432,7 +431,7 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *head, int len, return ret; if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; diff --git a/kernel/ip_set_hash_ipportnet.c b/kernel/ip_set_hash_ipportnet.c index 2200b14..b6bc5c9 100644 --- a/kernel/ip_set_hash_ipportnet.c +++ b/kernel/ip_set_hash_ipportnet.c @@ -46,18 +46,18 @@ hash_ipportnet_same_set(const struct ip_set *a, const struct ip_set *b); /* Member elements without timeout */ struct hash_ipportnet4_elem { - u32 ip; - u32 ip2; - u16 port; + __be32 ip; + __be32 ip2; + __be16 port; u8 cidr; u8 proto; }; /* Member elements with timeout support */ struct hash_ipportnet4_telem { - u32 ip; - u32 ip2; - u16 port; + __be32 ip; + __be32 ip2; + __be16 port; u8 cidr; u8 proto; unsigned long timeout; @@ -229,7 +229,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *head, int len, data.ip2 &= ip_set_netmask(data.cidr); if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; @@ -267,10 +267,9 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *head, int len, ip = ntohl(data.ip); if (tb[IPSET_ATTR_IP_TO]) { - ret = ip_set_get_ipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); + ret = ip_set_get_hostipaddr4(tb, IPSET_ATTR_IP_TO, &ip_to); if (ret) return ret; - ip_to = ntohl(ip_to); if (ip > ip_to) swap(ip, ip_to); } else if (tb[IPSET_ATTR_CIDR]) { @@ -321,7 +320,7 @@ hash_ipportnet_same_set(const struct ip_set *a, const struct ip_set *b) struct hash_ipportnet6_elem { union nf_inet_addr ip; union nf_inet_addr ip2; - u16 port; + __be16 port; u8 cidr; u8 proto; }; @@ -329,7 +328,7 @@ struct hash_ipportnet6_elem { struct hash_ipportnet6_telem { union nf_inet_addr ip; union nf_inet_addr ip2; - u16 port; + __be16 port; u8 cidr; u8 proto; unsigned long timeout; @@ -495,7 +494,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *head, int len, ip6_netmask(&data.ip2, data.cidr); if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; diff --git a/kernel/ip_set_hash_net.c b/kernel/ip_set_hash_net.c index 693eaf3..61c4b4f 100644 --- a/kernel/ip_set_hash_net.c +++ b/kernel/ip_set_hash_net.c @@ -44,7 +44,7 @@ hash_net_same_set(const struct ip_set *a, const struct ip_set *b); /* Member elements without timeout */ struct hash_net4_elem { - u32 ip; + __be32 ip; u16 padding0; u8 padding1; u8 cidr; @@ -52,7 +52,7 @@ struct hash_net4_elem { /* Member elements with timeout support */ struct hash_net4_telem { - u32 ip; + __be32 ip; u16 padding0; u8 padding1; u8 cidr; diff --git a/kernel/ip_set_hash_netport.c b/kernel/ip_set_hash_netport.c index 93cc0e8..ca17f1c 100644 --- a/kernel/ip_set_hash_netport.c +++ b/kernel/ip_set_hash_netport.c @@ -45,16 +45,16 @@ hash_netport_same_set(const struct ip_set *a, const struct ip_set *b); /* Member elements without timeout */ struct hash_netport4_elem { - u32 ip; - u16 port; + __be32 ip; + __be16 port; u8 proto; u8 cidr; }; /* Member elements with timeout support */ struct hash_netport4_telem { - u32 ip; - u16 port; + __be32 ip; + __be16 port; u8 proto; u8 cidr; unsigned long timeout; @@ -215,7 +215,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *head, int len, data.ip &= ip_set_netmask(data.cidr); if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; @@ -282,14 +282,14 @@ hash_netport_same_set(const struct ip_set *a, const struct ip_set *b) struct hash_netport6_elem { union nf_inet_addr ip; - u16 port; + __be16 port; u8 proto; u8 cidr; }; struct hash_netport6_telem { union nf_inet_addr ip; - u16 port; + __be16 port; u8 proto; u8 cidr; unsigned long timeout; @@ -445,7 +445,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *head, int len, ip6_netmask(&data.ip, data.cidr); if (tb[IPSET_ATTR_PORT]) - data.port = ip_set_get_n16(tb[IPSET_ATTR_PORT]); + data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); else return -IPSET_ERR_PROTOCOL; diff --git a/kernel/pfxlen.c b/kernel/pfxlen.c index c6c9dcc..23f8c81 100644 --- a/kernel/pfxlen.c +++ b/kernel/pfxlen.c @@ -148,8 +148,10 @@ const union nf_inet_addr ip_set_netmask_map[] = { EXPORT_SYMBOL_GPL(ip_set_netmask_map); #undef E -#define E(a, b, c, d) \ - {.ip6 = { a, b, c, d } } +#define E(a, b, c, d) \ + {.ip6 = { (__force __be32) a, (__force __be32) b, \ + (__force __be32) c, (__force __be32) d, \ + } } /* * This table works for both IPv4 and IPv6; -- cgit v1.2.3