These changes are the raw update to linux-4.4.6-rt14. Kernel sources

[kvmfornfv.git] / kernel / net / netfilter / xt_set.c

diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index 8904598..5669e5b 100644 (file)
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -9,14 +9,16 @@
  */
 
 /* Kernel module which implements the set match and SET target
- * for netfilter/iptables. */
+ * for netfilter/iptables.
+ */
 
 #include <linux/module.h>
 #include <linux/skbuff.h>
 
 #include <linux/netfilter/x_tables.h>
-#include <linux/netfilter/xt_set.h>
+#include <linux/netfilter/ipset/ip_set.h>
 #include <linux/netfilter/ipset/ip_set_timeout.h>
+#include <uapi/linux/netfilter/xt_set.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -52,6 +54,7 @@ static bool
 set_match_v0(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct xt_set_info_match_v0 *info = par->matchinfo;
+
        ADT_OPT(opt, par->family, info->match_set.u.compat.dim,
                info->match_set.u.compat.flags, 0, UINT_MAX);
 
@@ -68,10 +71,10 @@ compat_flags(struct xt_set_info_v0 *info)
        info->u.compat.dim = IPSET_DIM_ZERO;
        if (info->u.flags[0] & IPSET_MATCH_INV)
                info->u.compat.flags |= IPSET_INV_MATCH;
-       for (i = 0; i < IPSET_DIM_MAX-1 && info->u.flags[i]; i++) {
+       for (i = 0; i < IPSET_DIM_MAX - 1 && info->u.flags[i]; i++) {
                info->u.compat.dim++;
                if (info->u.flags[i] & IPSET_SRC)
-                       info->u.compat.flags |= (1<<info->u.compat.dim);
+                       info->u.compat.flags |= (1 << info->u.compat.dim);
        }
 }
 
@@ -88,7 +91,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
                        info->match_set.index);
                return -ENOENT;
        }
-       if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
+       if (info->match_set.u.flags[IPSET_DIM_MAX - 1] != 0) {
                pr_warn("Protocol error: set match dimension is over the limit!\n");
                ip_set_nfnl_put(par->net, info->match_set.index);
                return -ERANGE;
@@ -114,6 +117,7 @@ static bool
 set_match_v1(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct xt_set_info_match_v1 *info = par->matchinfo;
+
        ADT_OPT(opt, par->family, info->match_set.dim,
                info->match_set.flags, 0, UINT_MAX);
 
@@ -178,9 +182,10 @@ static bool
 set_match_v3(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct xt_set_info_match_v3 *info = par->matchinfo;
+       int ret;
+
        ADT_OPT(opt, par->family, info->match_set.dim,
                info->match_set.flags, info->flags, UINT_MAX);
-       int ret;
 
        if (info->packets.op != IPSET_COUNTER_NONE ||
            info->bytes.op != IPSET_COUNTER_NONE)
@@ -224,9 +229,10 @@ static bool
 set_match_v4(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct xt_set_info_match_v4 *info = par->matchinfo;
+       int ret;
+
        ADT_OPT(opt, par->family, info->match_set.dim,
                info->match_set.flags, info->flags, UINT_MAX);
-       int ret;
 
        if (info->packets.op != IPSET_COUNTER_NONE ||
            info->bytes.op != IPSET_COUNTER_NONE)
@@ -252,6 +258,7 @@ static unsigned int
 set_target_v0(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_set_info_target_v0 *info = par->targinfo;
+
        ADT_OPT(add_opt, par->family, info->add_set.u.compat.dim,
                info->add_set.u.compat.flags, 0, UINT_MAX);
        ADT_OPT(del_opt, par->family, info->del_set.u.compat.dim,
@@ -290,8 +297,8 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
                        return -ENOENT;
                }
        }
-       if (info->add_set.u.flags[IPSET_DIM_MAX-1] != 0 ||
-           info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) {
+       if (info->add_set.u.flags[IPSET_DIM_MAX - 1] != 0 ||
+           info->del_set.u.flags[IPSET_DIM_MAX - 1] != 0) {
                pr_warn("Protocol error: SET target dimension is over the limit!\n");
                if (info->add_set.index != IPSET_INVALID_ID)
                        ip_set_nfnl_put(par->net, info->add_set.index);
@@ -324,6 +331,7 @@ static unsigned int
 set_target_v1(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_set_info_target_v1 *info = par->targinfo;
+
        ADT_OPT(add_opt, par->family, info->add_set.dim,
                info->add_set.flags, 0, UINT_MAX);
        ADT_OPT(del_opt, par->family, info->del_set.dim,
@@ -392,6 +400,7 @@ static unsigned int
 set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_set_info_target_v2 *info = par->targinfo;
+
        ADT_OPT(add_opt, par->family, info->add_set.dim,
                info->add_set.flags, info->flags, info->timeout);
        ADT_OPT(del_opt, par->family, info->del_set.dim,
@@ -399,8 +408,8 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
 
        /* Normalize to fit into jiffies */
        if (add_opt.ext.timeout != IPSET_NO_TIMEOUT &&
-           add_opt.ext.timeout > UINT_MAX/MSEC_PER_SEC)
-               add_opt.ext.timeout = UINT_MAX/MSEC_PER_SEC;
+           add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC)
+               add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC;
        if (info->add_set.index != IPSET_INVALID_ID)
                ip_set_add(info->add_set.index, skb, par, &add_opt);
        if (info->del_set.index != IPSET_INVALID_ID)
@@ -418,6 +427,8 @@ static unsigned int
 set_target_v3(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_set_info_target_v3 *info = par->targinfo;
+       int ret;
+
        ADT_OPT(add_opt, par->family, info->add_set.dim,
                info->add_set.flags, info->flags, info->timeout);
        ADT_OPT(del_opt, par->family, info->del_set.dim,
@@ -425,12 +436,10 @@ set_target_v3(struct sk_buff *skb, const struct xt_action_param *par)
        ADT_OPT(map_opt, par->family, info->map_set.dim,
                info->map_set.flags, 0, UINT_MAX);
 
-       int ret;
-
        /* Normalize to fit into jiffies */
        if (add_opt.ext.timeout != IPSET_NO_TIMEOUT &&
-           add_opt.ext.timeout > UINT_MAX/MSEC_PER_SEC)
-               add_opt.ext.timeout = UINT_MAX/MSEC_PER_SEC;
+           add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC)
+               add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC;
        if (info->add_set.index != IPSET_INVALID_ID)
                ip_set_add(info->add_set.index, skb, par, &add_opt);
        if (info->del_set.index != IPSET_INVALID_ID)
@@ -456,7 +465,6 @@ set_target_v3(struct sk_buff *skb, const struct xt_action_param *par)
        return XT_CONTINUE;
 }
 
-
 static int
 set_target_v3_checkentry(const struct xt_tgchk_param *par)
 {
@@ -496,8 +504,7 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
                     !(par->hook_mask & (1 << NF_INET_FORWARD |
                                         1 << NF_INET_LOCAL_OUT |
                                         1 << NF_INET_POST_ROUTING))) {
-                       pr_warn("mapping of prio or/and queue is allowed only"
-                               "from OUTPUT/FORWARD/POSTROUTING chains\n");
+                       pr_warn("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
                        return -EINVAL;
                }
                index = ip_set_nfnl_get_byindex(par->net,
@@ -518,8 +525,7 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
        if (info->add_set.dim > IPSET_DIM_MAX ||
            info->del_set.dim > IPSET_DIM_MAX ||
            info->map_set.dim > IPSET_DIM_MAX) {
-               pr_warn("Protocol error: SET target dimension "
-                       "is over the limit!\n");
+               pr_warn("Protocol error: SET target dimension is over the limit!\n");
                if (info->add_set.index != IPSET_INVALID_ID)
                        ip_set_nfnl_put(par->net, info->add_set.index);
                if (info->del_set.index != IPSET_INVALID_ID)
@@ -545,7 +551,6 @@ set_target_v3_destroy(const struct xt_tgdtor_param *par)
                ip_set_nfnl_put(par->net, info->map_set.index);
 }
 
-
 static struct xt_match set_matches[] __read_mostly = {
        {
                .name           = "set",