Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ipset for openSUSE:Factory checked
in at 2023-01-07 17:16:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ipset (Old)
and /work/SRC/openSUSE:Factory/.ipset.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset"
Sat Jan 7 17:16:22 2023 rev:46 rq:1056416 version:7.17
Changes:
--------
--- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2022-11-23
09:48:01.687016946 +0100
+++ /work/SRC/openSUSE:Factory/.ipset.new.1563/ipset.changes 2023-01-07
17:16:49.881123980 +0100
@@ -1,0 +2,7 @@
+Fri Dec 30 14:50:44 UTC 2022 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 7.17
+ * No userspace changes (kernel modules are not generated
+ here for openSUSE, see kernel-default instead)
+
+-------------------------------------------------------------------
Old:
----
ipset-7.16.tar.bz2
New:
----
ipset-7.17.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ipset.spec ++++++
--- /var/tmp/diff_new_pack.rt7MKr/_old 2023-01-07 17:16:51.069131067 +0100
+++ /var/tmp/diff_new_pack.rt7MKr/_new 2023-01-07 17:16:51.077131115 +0100
@@ -25,7 +25,7 @@
%define ipset_build_kmp 0
%endif
Name: ipset
-Version: 7.16
+Version: 7.17
Release: 0
Summary: Netfilter ipset administration utility
License: GPL-2.0-only
++++++ ipset-7.16.tar.bz2 -> ipset-7.17.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/ChangeLog new/ipset-7.17/ChangeLog
--- old/ipset-7.16/ChangeLog 2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/ChangeLog 2022-12-30 12:57:30.000000000 +0100
@@ -1,3 +1,9 @@
+7.17
+ - Tests: When verifying comments/timeouts, make sure entries don't expire
+ - Tests: Make sure the internal batches add the correct number of elements
+ - Tests: Verify that hash:net,port,net type can handle 0/0 properly
+ - Makefile: Create LZMA-compressed dist-files (Phil Sutter)
+
7.16
- Add new ipset_parse_bitmask() function to the library interface
- test: Make sure no more than 64 clashing elements can be added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/Makefile.in new/ipset-7.17/Makefile.in
--- old/ipset-7.16/Makefile.in 2022-11-21 20:13:28.000000000 +0100
+++ new/ipset-7.17/Makefile.in 2022-12-30 12:59:42.000000000 +0100
@@ -282,9 +282,9 @@
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
-DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
-DIST_TARGETS = dist-gzip
+DIST_ARCHIVES = $(distdir).tar.xz
+DIST_TARGETS = dist-xz
# Exists only to be overridden by the user if desired.
AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
@@ -765,7 +765,6 @@
dist-lzip: distdir
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9}
>$(distdir).tar.lz
$(am__post_remove_distdir)
-
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c
>$(distdir).tar.xz
$(am__post_remove_distdir)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/configure new/ipset-7.17/configure
--- old/ipset-7.16/configure 2022-11-21 20:13:27.000000000 +0100
+++ new/ipset-7.17/configure 2022-12-30 12:59:42.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ipset 7.16.
+# Generated by GNU Autoconf 2.69 for ipset 7.17.
#
# Report bugs to <kad...@netfilter.org>.
#
@@ -594,8 +594,8 @@
# Identity of this package.
PACKAGE_NAME='ipset'
PACKAGE_TARNAME='ipset'
-PACKAGE_VERSION='7.16'
-PACKAGE_STRING='ipset 7.16'
+PACKAGE_VERSION='7.17'
+PACKAGE_STRING='ipset 7.17'
PACKAGE_BUGREPORT='kad...@netfilter.org'
PACKAGE_URL=''
@@ -1452,7 +1452,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ipset 7.16 to adapt to many kinds of systems.
+\`configure' configures ipset 7.17 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1523,7 +1523,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ipset 7.16:";;
+ short | recursive ) echo "Configuration of ipset 7.17:";;
esac
cat <<\_ACEOF
@@ -1661,7 +1661,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ipset configure 7.16
+ipset configure 7.17
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2039,7 +2039,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ipset $as_me 7.16, which was
+It was created by ipset $as_me 7.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2971,7 +2971,7 @@
# Define the identity of the package.
PACKAGE='ipset'
- VERSION='7.16'
+ VERSION='7.17'
cat >>confdefs.h <<_ACEOF
@@ -18280,7 +18280,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ipset $as_me 7.16, which was
+This file was extended by ipset $as_me 7.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18346,7 +18346,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ipset config.status 7.16
+ipset config.status 7.17
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/configure.ac new/ipset-7.17/configure.ac
--- old/ipset-7.16/configure.ac 2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/configure.ac 2022-12-30 12:57:30.000000000 +0100
@@ -1,10 +1,10 @@
dnl Boilerplate
-AC_INIT([ipset], [7.16], [kad...@netfilter.org])
+AC_INIT([ipset], [7.17], [kad...@netfilter.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADER([config.h])
-AM_INIT_AUTOMAKE([foreign subdir-objects tar-pax])
+AM_INIT_AUTOMAKE([foreign subdir-objects tar-pax no-dist-gzip dist-xz])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_PROG_LN_S
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/kernel/ChangeLog
new/ipset-7.17/kernel/ChangeLog
--- old/ipset-7.16/kernel/ChangeLog 2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/ChangeLog 2022-12-30 12:57:30.000000000 +0100
@@ -1,3 +1,7 @@
+7.17
+ - netfilter: ipset: Rework long task execution when adding/deleting entries
+ - netfilter: ipset: fix hash:net,port,net hang with /0 subnet
+
7.16
- netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
- Fix all debug mode warnings
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/include/linux/netfilter/ipset/ip_set.h
new/ipset-7.17/kernel/include/linux/netfilter/ipset/ip_set.h
--- old/ipset-7.16/kernel/include/linux/netfilter/ipset/ip_set.h
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/include/linux/netfilter/ipset/ip_set.h
2022-12-30 12:57:30.000000000 +0100
@@ -200,7 +200,7 @@
};
/* Max range where every element is added/deleted in one step */
-#define IPSET_MAX_RANGE (1<<20)
+#define IPSET_MAX_RANGE (1<<14)
/* The max revision number supported by any set type + 1 */
#define IPSET_REVISION_MAX 9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_core.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_core.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_core.c 2022-11-21
13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_core.c 2022-12-30
12:57:30.000000000 +0100
@@ -1754,9 +1754,10 @@
ret = set->variant->uadt(set, tb, adt, &lineno, flags, retried);
ip_set_unlock(set);
retried = true;
- } while (ret == -EAGAIN &&
- set->variant->resize &&
- (ret = set->variant->resize(set, retried)) == 0);
+ } while (ret == -ERANGE ||
+ (ret == -EAGAIN &&
+ set->variant->resize &&
+ (ret = set->variant->resize(set, retried)) == 0));
if (!ret || (ret == -IPSET_ERR_EXIST && eexist))
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ip.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ip.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ip.c 2022-11-21
13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ip.c 2022-12-30
12:57:30.000000000 +0100
@@ -101,11 +101,11 @@
hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_ip4 *h = set->data;
+ struct hash_ip4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ip4_elem e = { 0 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip = 0, ip_to = 0, hosts;
+ u32 ip = 0, ip_to = 0, hosts, i = 0;
int ret = 0;
if (tb[IPSET_ATTR_LINENO])
@@ -150,14 +150,14 @@
hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1);
- /* 64bit division is not allowed on 32bit */
- if (((u64)ip_to - ip + 1) >> (32 - h->netmask) > IPSET_MAX_RANGE)
- return -ERANGE;
-
if (retried)
ip = ntohl(h->next.ip);
- for (; ip <= ip_to;) {
+ for (; ip <= ip_to; i++) {
e.ip = htonl(ip);
+ if (i > IPSET_MAX_RANGE) {
+ hash_ip4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
return ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
2022-12-30 12:57:30.000000000 +0100
@@ -99,11 +99,11 @@
hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_ipmark4 *h = set->data;
+ struct hash_ipmark4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipmark4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip, ip_to = 0;
+ u32 ip, ip_to = 0, i = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -150,13 +150,14 @@
ip_set_mask_from_to(ip, ip_to, cidr);
}
- if (((u64)ip_to - ip + 1) > IPSET_MAX_RANGE)
- return -ERANGE;
-
if (retried)
ip = ntohl(h->next.ip);
- for (; ip <= ip_to; ip++) {
+ for (; ip <= ip_to; ip++, i++) {
e.ip = htonl(ip);
+ if (i > IPSET_MAX_RANGE) {
+ hash_ipmark4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
2022-12-30 12:57:30.000000000 +0100
@@ -113,11 +113,11 @@
hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_ipport4 *h = set->data;
+ struct hash_ipport4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipport4_elem e = { .ip = 0 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip, ip_to = 0, p = 0, port, port_to;
+ u32 ip, ip_to = 0, p = 0, port, port_to, i = 0;
bool with_ports = false;
int ret;
@@ -185,17 +185,18 @@
swap(port, port_to);
}
- if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
- return -ERANGE;
-
if (retried)
ip = ntohl(h->next.ip);
for (; ip <= ip_to; ip++) {
p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
: port;
- for (; p <= port_to; p++) {
+ for (; p <= port_to; p++, i++) {
e.ip = htonl(ip);
e.port = htons(p);
+ if (i > IPSET_MAX_RANGE) {
+ hash_ipport4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
2022-12-30 12:57:30.000000000 +0100
@@ -109,11 +109,11 @@
hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_ipportip4 *h = set->data;
+ struct hash_ipportip4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipportip4_elem e = { .ip = 0 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip, ip_to = 0, p = 0, port, port_to;
+ u32 ip, ip_to = 0, p = 0, port, port_to, i = 0;
bool with_ports = false;
int ret;
@@ -181,17 +181,18 @@
swap(port, port_to);
}
- if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
- return -ERANGE;
-
if (retried)
ip = ntohl(h->next.ip);
for (; ip <= ip_to; ip++) {
p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
: port;
- for (; p <= port_to; p++) {
+ for (; p <= port_to; p++, i++) {
e.ip = htonl(ip);
e.port = htons(p);
+ if (i > IPSET_MAX_RANGE) {
+ hash_ipportip4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
2022-12-30 12:57:30.000000000 +0100
@@ -161,12 +161,12 @@
hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_ipportnet4 *h = set->data;
+ struct hash_ipportnet4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipportnet4_elem e = { .cidr = HOST_MASK - 1 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0, p = 0, port, port_to;
- u32 ip2_from = 0, ip2_to = 0, ip2;
+ u32 ip2_from = 0, ip2_to = 0, ip2, i = 0;
bool with_ports = false;
u8 cidr;
int ret;
@@ -254,9 +254,6 @@
swap(port, port_to);
}
- if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
- return -ERANGE;
-
ip2_to = ip2_from;
if (tb[IPSET_ATTR_IP2_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to);
@@ -283,9 +280,15 @@
for (; p <= port_to; p++) {
e.port = htons(p);
do {
+ i++;
e.ip2 = htonl(ip2);
ip2 = ip_set_range_to_cidr(ip2, ip2_to, &cidr);
e.cidr = cidr - 1;
+ if (i > IPSET_MAX_RANGE) {
+ hash_ipportnet4_data_next(&h->next,
+ &e);
+ return -ERANGE;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_net.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_net.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_net.c 2022-11-21
13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_net.c 2022-12-30
12:57:30.000000000 +0100
@@ -137,11 +137,11 @@
hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_net4 *h = set->data;
+ struct hash_net4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_net4_elem e = { .cidr = HOST_MASK };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip = 0, ip_to = 0, ipn, n = 0;
+ u32 ip = 0, ip_to = 0, i = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -189,19 +189,16 @@
if (ip + UINT_MAX == ip_to)
return -IPSET_ERR_HASH_RANGE;
}
- ipn = ip;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr);
- n++;
- } while (ipn++ < ip_to);
-
- if (n > IPSET_MAX_RANGE)
- return -ERANGE;
if (retried)
ip = ntohl(h->next.ip);
do {
+ i++;
e.ip = htonl(ip);
+ if (i > IPSET_MAX_RANGE) {
+ hash_net4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr);
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
2022-12-30 12:57:30.000000000 +0100
@@ -203,7 +203,7 @@
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_netiface4_elem e = { .cidr = HOST_MASK, .elem = 1 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip = 0, ip_to = 0, ipn, n = 0;
+ u32 ip = 0, ip_to = 0, i = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -257,19 +257,16 @@
} else {
ip_set_mask_from_to(ip, ip_to, e.cidr);
}
- ipn = ip;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr);
- n++;
- } while (ipn++ < ip_to);
-
- if (n > IPSET_MAX_RANGE)
- return -ERANGE;
if (retried)
ip = ntohl(h->next.ip);
do {
+ i++;
e.ip = htonl(ip);
+ if (i > IPSET_MAX_RANGE) {
+ hash_netiface4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr);
ret = adtfn(set, &e, &ext, &ext, flags);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
2022-12-30 12:57:30.000000000 +0100
@@ -166,13 +166,12 @@
hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_netnet4 *h = set->data;
+ struct hash_netnet4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_netnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0;
- u32 ip2 = 0, ip2_from = 0, ip2_to = 0, ipn;
- u64 n = 0, m = 0;
+ u32 ip2 = 0, ip2_from = 0, ip2_to = 0, i = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -248,19 +247,6 @@
} else {
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]);
}
- ipn = ip;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr[0]);
- n++;
- } while (ipn++ < ip_to);
- ipn = ip2_from;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip2_to, &e.cidr[1]);
- m++;
- } while (ipn++ < ip2_to);
-
- if (n*m > IPSET_MAX_RANGE)
- return -ERANGE;
if (retried) {
ip = ntohl(h->next.ip[0]);
@@ -273,7 +259,12 @@
e.ip[0] = htonl(ip);
ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]);
do {
+ i++;
e.ip[1] = htonl(ip2);
+ if (i > IPSET_MAX_RANGE) {
+ hash_netnet4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ip2 = ip_set_range_to_cidr(ip2, ip2_to, &e.cidr[1]);
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netport.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netport.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netport.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netport.c
2022-12-30 12:57:30.000000000 +0100
@@ -155,12 +155,11 @@
hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_netport4 *h = set->data;
+ struct hash_netport4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_netport4_elem e = { .cidr = HOST_MASK - 1 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 port, port_to, p = 0, ip = 0, ip_to = 0, ipn;
- u64 n = 0;
+ u32 port, port_to, p = 0, ip = 0, ip_to = 0, i = 0;
bool with_ports = false;
u8 cidr;
int ret;
@@ -237,14 +236,6 @@
} else {
ip_set_mask_from_to(ip, ip_to, e.cidr + 1);
}
- ipn = ip;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip_to, &cidr);
- n++;
- } while (ipn++ < ip_to);
-
- if (n*(port_to - port + 1) > IPSET_MAX_RANGE)
- return -ERANGE;
if (retried) {
ip = ntohl(h->next.ip);
@@ -256,8 +247,12 @@
e.ip = htonl(ip);
ip = ip_set_range_to_cidr(ip, ip_to, &cidr);
e.cidr = cidr - 1;
- for (; p <= port_to; p++) {
+ for (; p <= port_to; p++, i++) {
e.port = htons(p);
+ if (i > IPSET_MAX_RANGE) {
+ hash_netport4_data_next(&h->next, &e);
+ return -ERANGE;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
return ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
--- old/ipset-7.16/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
2022-12-30 12:57:30.000000000 +0100
@@ -174,17 +174,26 @@
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
+static u32
+hash_netportnet4_range_to_cidr(u32 from, u32 to, u8 *cidr)
+{
+ if (from == 0 && to == UINT_MAX) {
+ *cidr = 0;
+ return to;
+ }
+ return ip_set_range_to_cidr(from, to, cidr);
+}
+
static int
hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
- const struct hash_netportnet4 *h = set->data;
+ struct hash_netportnet4 *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_netportnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0, p = 0, port, port_to;
- u32 ip2_from = 0, ip2_to = 0, ip2, ipn;
- u64 n = 0, m = 0;
+ u32 ip2_from = 0, ip2_to = 0, ip2, i = 0;
bool with_ports = false;
int ret;
@@ -286,19 +295,6 @@
} else {
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]);
}
- ipn = ip;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr[0]);
- n++;
- } while (ipn++ < ip_to);
- ipn = ip2_from;
- do {
- ipn = ip_set_range_to_cidr(ipn, ip2_to, &e.cidr[1]);
- m++;
- } while (ipn++ < ip2_to);
-
- if (n*m*(port_to - port + 1) > IPSET_MAX_RANGE)
- return -ERANGE;
if (retried) {
ip = ntohl(h->next.ip[0]);
@@ -311,13 +307,19 @@
do {
e.ip[0] = htonl(ip);
- ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]);
+ ip = hash_netportnet4_range_to_cidr(ip, ip_to, &e.cidr[0]);
for (; p <= port_to; p++) {
e.port = htons(p);
do {
+ i++;
e.ip[1] = htonl(ip2);
- ip2 = ip_set_range_to_cidr(ip2, ip2_to,
- &e.cidr[1]);
+ if (i > IPSET_MAX_RANGE) {
+ hash_netportnet4_data_next(&h->next,
+ &e);
+ return -ERANGE;
+ }
+ ip2 = hash_netportnet4_range_to_cidr(ip2,
+ ip2_to, &e.cidr[1]);
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
return ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/tests/comment.t
new/ipset-7.17/tests/comment.t
--- old/ipset-7.16/tests/comment.t 2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/tests/comment.t 2022-12-30 12:57:30.000000000 +0100
@@ -113,7 +113,7 @@
# Hash comment: Stress test with comments and timeout
0 ./netnetgen.sh comment timeout | ipset restore
# Hash comment: List set and check the number of elements
-0 n=`ipset -L test|grep '^10.'|wc -l` && test $n -eq 87040
+0 n=`ipset save test|grep 'add test 10.'|wc -l` && test $n -eq 87040
# Hash comment: Destroy test set
0 ipset destroy test
# Hash comment: create set with timeout
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/tests/hash:ip.t
new/ipset-7.17/tests/hash:ip.t
--- old/ipset-7.16/tests/hash:ip.t 2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/tests/hash:ip.t 2022-12-30 12:57:30.000000000 +0100
@@ -136,6 +136,12 @@
0 ipset del test 10.0.0.1-10.0.0.10
# Range: Check number of elements
0 n=`ipset save test|wc -l` && test $n -eq 1
+# Range: Flush set
+0 ipset flush test
+# Range: Add elements in multiple internal batches
+0 ipset add test 10.1.0.0-10.1.64.255
+# Range: Check number of elements
+0 n=`ipset save test|grep '^add test 10.1' | wc -l` && test $n -eq 16640
# Range: Delete test set
0 ipset destroy test
# Timeout: Check that resizing keeps timeout values
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/tests/hash:net,port,net.t
new/ipset-7.17/tests/hash:net,port,net.t
--- old/ipset-7.16/tests/hash:net,port,net.t 2022-11-21 13:39:47.000000000
+0100
+++ new/ipset-7.17/tests/hash:net,port,net.t 2022-12-30 12:57:30.000000000
+0100
@@ -52,6 +52,12 @@
0 ipset add test 10.0.0.0-10.0.3.255,tcp:80-82,192.168.0.0-192.168.2.255
# Check that correct number of elements are added
0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 6
+# Flush set
+0 ipset flush test
+# Add 0/0 networks
+0 ipset add test 0.0.0.0/0,tcp:1-2,192.168.230.128/25
+# Check that correct number of elements are added
+0 n=`ipset list test|grep '^0'|wc -l` && test $n -eq 2
# Destroy set
0 ipset -X test
# Create test set with timeout support
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.16/tests/netnetgen.sh
new/ipset-7.17/tests/netnetgen.sh
--- old/ipset-7.16/tests/netnetgen.sh 2022-11-21 13:39:47.000000000 +0100
+++ new/ipset-7.17/tests/netnetgen.sh 2022-12-30 12:57:30.000000000 +0100
@@ -6,7 +6,7 @@
comment=" comment"
;;
timeout)
- timeout=" timeout 5"
+ timeout=" timeout 10"
;;
*)
;;
