netfilter: ipset: use unified from/to address masking and check the usage

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>

netfilter: ipset: use unified from/to address masking and check the usage
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
Jozsef Kadlecsik · Patrick McHardy
1 parent f3dfd1538f
Showing 8 changed files with 15 additions and 17 deletions Side-by-side Diff
include/linux/netfilter/ipset/pfxlen.h
net/netfilter/ipset/ip_set_bitmap_ip.c
net/netfilter/ipset/ip_set_bitmap_ipmac.c
net/netfilter/ipset/ip_set_hash_ip.c
net/netfilter/ipset/ip_set_hash_ipport.c
net/netfilter/ipset/ip_set_hash_ipportip.c
net/netfilter/ipset/ip_set_hash_ipportnet.c
net/netfilter/ipset/ip_set_hash_netport.c
@@ -35,5 +35,11 @@
  
 extern u32 ip_set_range_to_cidr(u32 from, u32 to, u8 *cidr);
  
+#define ip_set_mask_from_to(from, to, cidr)	\
+do {						\
+	from &= ip_set_hostmask(cidr);		\
+	to = from | ~ip_set_hostmask(cidr);	\
+} while (0)
+
 #endif /*_PFXLEN_H */
@@ -283,8 +283,7 @@
  
 		if (cidr > 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		ip &= ip_set_hostmask(cidr);
-		ip_to = ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(ip, ip_to, cidr);
 	} else
 		ip_to = ip;
  
@@ -478,8 +477,7 @@
  
 		if (cidr >= 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		first_ip &= ip_set_hostmask(cidr);
-		last_ip = first_ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(first_ip, last_ip, cidr);
 	} else
 		return -IPSET_ERR_PROTOCOL;
  
@@ -578,7 +578,7 @@
  
 		if (cidr >= 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		last_ip = first_ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(first_ip, last_ip, cidr);
 	} else
 		return -IPSET_ERR_PROTOCOL;
  
@@ -177,8 +177,7 @@
  
 		if (cidr > 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		ip &= ip_set_hostmask(cidr);
-		ip_to = ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(ip, ip_to, cidr);
 	} else
 		ip_to = ip;
  
@@ -216,8 +216,7 @@
  
 		if (cidr > 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		ip &= ip_set_hostmask(cidr);
-		ip_to = ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(ip, ip_to, cidr);
 	} else
 		ip_to = ip;
  
@@ -224,8 +224,7 @@
  
 		if (cidr > 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		ip &= ip_set_hostmask(cidr);
-		ip_to = ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(ip, ip_to, cidr);
 	} else
 		ip_to = ip;
  
@@ -254,8 +254,7 @@
  
 		if (cidr > 32)
 			return -IPSET_ERR_INVALID_CIDR;
-		ip &= ip_set_hostmask(cidr);
-		ip_to = ip | ~ip_set_hostmask(cidr);
+		ip_set_mask_from_to(ip, ip_to, cidr);
 	}
  
 	port_to = port = ntohs(data.port);
@@ -273,8 +272,7 @@
 		if (ip2_from + UINT_MAX == ip2_to)
 			return -IPSET_ERR_HASH_RANGE;
 	} else {
-		ip2_from &= ip_set_hostmask(data.cidr);
-		ip2_to = ip2_from | ~ip_set_hostmask(data.cidr);
+		ip_set_mask_from_to(ip2_from, ip2_to, data.cidr);
 	}
  
 	if (retried)
@@ -245,8 +245,7 @@
 		if (ip + UINT_MAX == ip_to)
 			return -IPSET_ERR_HASH_RANGE;
 	} else {
-		ip &= ip_set_hostmask(data.cidr);
-		ip_to = ip | ~ip_set_hostmask(data.cidr);
+		ip_set_mask_from_to(ip, ip_to, data.cidr);
 	}
  
 	if (retried)
...	...	@@ -35,5 +35,11 @@
35	35
36	36	extern u32 ip_set_range_to_cidr(u32 from, u32 to, u8 *cidr);
37	37
	38	+#define ip_set_mask_from_to(from, to, cidr) \
	39	+do { \
	40	+ from &= ip_set_hostmask(cidr); \
	41	+ to = from \| ~ip_set_hostmask(cidr); \
	42	+} while (0)
	43	+
38	44	#endif /_PFXLEN_H /
...	...	@@ -283,8 +283,7 @@
283	283
284	284	if (cidr > 32)
285	285	return -IPSET_ERR_INVALID_CIDR;
286		- ip &= ip_set_hostmask(cidr);
287		- ip_to = ip \| ~ip_set_hostmask(cidr);
	286	+ ip_set_mask_from_to(ip, ip_to, cidr);
288	287	} else
289	288	ip_to = ip;
290	289
...	...	@@ -478,8 +477,7 @@
478	477
479	478	if (cidr >= 32)
480	479	return -IPSET_ERR_INVALID_CIDR;
481		- first_ip &= ip_set_hostmask(cidr);
482		- last_ip = first_ip \| ~ip_set_hostmask(cidr);
	480	+ ip_set_mask_from_to(first_ip, last_ip, cidr);
483	481	} else
484	482	return -IPSET_ERR_PROTOCOL;
485	483
...	...	@@ -578,7 +578,7 @@
578	578
579	579	if (cidr >= 32)
580	580	return -IPSET_ERR_INVALID_CIDR;
581		- last_ip = first_ip \| ~ip_set_hostmask(cidr);
	581	+ ip_set_mask_from_to(first_ip, last_ip, cidr);
582	582	} else
583	583	return -IPSET_ERR_PROTOCOL;
584	584
...	...	@@ -177,8 +177,7 @@
177	177
178	178	if (cidr > 32)
179	179	return -IPSET_ERR_INVALID_CIDR;
180		- ip &= ip_set_hostmask(cidr);
181		- ip_to = ip \| ~ip_set_hostmask(cidr);
	180	+ ip_set_mask_from_to(ip, ip_to, cidr);
182	181	} else
183	182	ip_to = ip;
184	183
...	...	@@ -216,8 +216,7 @@
216	216
217	217	if (cidr > 32)
218	218	return -IPSET_ERR_INVALID_CIDR;
219		- ip &= ip_set_hostmask(cidr);
220		- ip_to = ip \| ~ip_set_hostmask(cidr);
	219	+ ip_set_mask_from_to(ip, ip_to, cidr);
221	220	} else
222	221	ip_to = ip;
223	222
...	...	@@ -224,8 +224,7 @@
224	224
225	225	if (cidr > 32)
226	226	return -IPSET_ERR_INVALID_CIDR;
227		- ip &= ip_set_hostmask(cidr);
228		- ip_to = ip \| ~ip_set_hostmask(cidr);
	227	+ ip_set_mask_from_to(ip, ip_to, cidr);
229	228	} else
230	229	ip_to = ip;
231	230
...	...	@@ -254,8 +254,7 @@
254	254
255	255	if (cidr > 32)
256	256	return -IPSET_ERR_INVALID_CIDR;
257		- ip &= ip_set_hostmask(cidr);
258		- ip_to = ip \| ~ip_set_hostmask(cidr);
	257	+ ip_set_mask_from_to(ip, ip_to, cidr);
259	258	}
260	259
261	260	port_to = port = ntohs(data.port);
...	...	@@ -273,8 +272,7 @@
273	272	if (ip2_from + UINT_MAX == ip2_to)
274	273	return -IPSET_ERR_HASH_RANGE;
275	274	} else {
276		- ip2_from &= ip_set_hostmask(data.cidr);
277		- ip2_to = ip2_from \| ~ip_set_hostmask(data.cidr);
	275	+ ip_set_mask_from_to(ip2_from, ip2_to, data.cidr);
278	276	}
279	277
280	278	if (retried)
...	...	@@ -245,8 +245,7 @@
245	245	if (ip + UINT_MAX == ip_to)
246	246	return -IPSET_ERR_HASH_RANGE;
247	247	} else {
248		- ip &= ip_set_hostmask(data.cidr);
249		- ip_to = ip \| ~ip_set_hostmask(data.cidr);
	248	+ ip_set_mask_from_to(ip, ip_to, data.cidr);
250	249	}
251	250
252	251	if (retried)