Commit e6146e8684ed6dd4c0ff85ca21bf4324114fbbfa
Committed by
Patrick McHardy
1 parent
f3dfd1538f
Exists in
master
and in
4 other branches
netfilter: ipset: use unified from/to address masking and check the usage
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
Showing 8 changed files with 15 additions and 17 deletions Side-by-side Diff
- include/linux/netfilter/ipset/pfxlen.h
- net/netfilter/ipset/ip_set_bitmap_ip.c
- net/netfilter/ipset/ip_set_bitmap_ipmac.c
- net/netfilter/ipset/ip_set_hash_ip.c
- net/netfilter/ipset/ip_set_hash_ipport.c
- net/netfilter/ipset/ip_set_hash_ipportip.c
- net/netfilter/ipset/ip_set_hash_ipportnet.c
- net/netfilter/ipset/ip_set_hash_netport.c
include/linux/netfilter/ipset/pfxlen.h
net/netfilter/ipset/ip_set_bitmap_ip.c
... | ... | @@ -283,8 +283,7 @@ |
283 | 283 | |
284 | 284 | if (cidr > 32) |
285 | 285 | return -IPSET_ERR_INVALID_CIDR; |
286 | - ip &= ip_set_hostmask(cidr); | |
287 | - ip_to = ip | ~ip_set_hostmask(cidr); | |
286 | + ip_set_mask_from_to(ip, ip_to, cidr); | |
288 | 287 | } else |
289 | 288 | ip_to = ip; |
290 | 289 | |
... | ... | @@ -478,8 +477,7 @@ |
478 | 477 | |
479 | 478 | if (cidr >= 32) |
480 | 479 | return -IPSET_ERR_INVALID_CIDR; |
481 | - first_ip &= ip_set_hostmask(cidr); | |
482 | - last_ip = first_ip | ~ip_set_hostmask(cidr); | |
480 | + ip_set_mask_from_to(first_ip, last_ip, cidr); | |
483 | 481 | } else |
484 | 482 | return -IPSET_ERR_PROTOCOL; |
485 | 483 |
net/netfilter/ipset/ip_set_bitmap_ipmac.c
net/netfilter/ipset/ip_set_hash_ip.c
net/netfilter/ipset/ip_set_hash_ipport.c
net/netfilter/ipset/ip_set_hash_ipportip.c
net/netfilter/ipset/ip_set_hash_ipportnet.c
... | ... | @@ -254,8 +254,7 @@ |
254 | 254 | |
255 | 255 | if (cidr > 32) |
256 | 256 | return -IPSET_ERR_INVALID_CIDR; |
257 | - ip &= ip_set_hostmask(cidr); | |
258 | - ip_to = ip | ~ip_set_hostmask(cidr); | |
257 | + ip_set_mask_from_to(ip, ip_to, cidr); | |
259 | 258 | } |
260 | 259 | |
261 | 260 | port_to = port = ntohs(data.port); |
... | ... | @@ -273,8 +272,7 @@ |
273 | 272 | if (ip2_from + UINT_MAX == ip2_to) |
274 | 273 | return -IPSET_ERR_HASH_RANGE; |
275 | 274 | } else { |
276 | - ip2_from &= ip_set_hostmask(data.cidr); | |
277 | - ip2_to = ip2_from | ~ip_set_hostmask(data.cidr); | |
275 | + ip_set_mask_from_to(ip2_from, ip2_to, data.cidr); | |
278 | 276 | } |
279 | 277 | |
280 | 278 | if (retried) |
net/netfilter/ipset/ip_set_hash_netport.c