Pandora Sourcecodes - pandora-kernel.git/commit

author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Thu, 21 Jul 2011 10:06:18 +0000 (12:06 +0200)
committer	Patrick McHardy <kaber@trash.net>
	Thu, 21 Jul 2011 10:06:18 +0000 (12:06 +0200)
commit	89dc79b787d20e4b6c4077dcee1c5b1be4ab55b8
tree	24ebd4da0fe7e239e45cbc5a4ec599ee1abba94d	tree \| snapshot
parent	a6a7b759ba62e62542308e091f7fc9cfac4f978e	commit \| diff

netfilter: ipset: hash:net,iface fixed to handle overlapping nets behind different interfaces

If overlapping networks with different interfaces was added to
the set, the type did not handle it properly. Example

    ipset create test hash:net,iface
    ipset add test 192.168.0.0/16,eth0
    ipset add test 192.168.0.0/24,eth1

Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned
a match.

In the patch the algorithm is fixed in order to correctly handle
overlapping networks.

Limitation: the same network cannot be stored with more than 64 different
interfaces in a single set.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

include/linux/netfilter/ipset/ip_set_ahash.h		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_ip.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_ipport.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_ipportip.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_ipportnet.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_net.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netiface.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netport.c		diff \| blob \| history