From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Thu, 21 Jul 2011 10:06:18 +0000 (+0200)
Subject: netfilter: ipset: hash:net,iface fixed to handle overlapping nets behind different... 
X-Git-Tag: v3.1-rc1~316^2~70^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89dc79b787d20e4b6c4077dcee1c5b1be4ab55b8;p=pandora-kernel.git

netfilter: ipset: hash:net,iface fixed to handle overlapping nets behind different interfaces

If overlapping networks with different interfaces was added to
the set, the type did not handle it properly. Example

    ipset create test hash:net,iface
    ipset add test 192.168.0.0/16,eth0
    ipset add test 192.168.0.0/24,eth1

Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned
a match.

In the patch the algorithm is fixed in order to correctly handle
overlapping networks.

Limitation: the same network cannot be stored with more than 64 different
interfaces in a single set.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed