netfilter: ipset: SCTP, UDPLITE support added

author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Wed, 13 Apr 2011 11:51:38 +0000 (13:51 +0200)

committer Patrick McHardy <kaber@trash.net>

Wed, 13 Apr 2011 11:51:38 +0000 (13:51 +0200)
author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Wed, 13 Apr 2011 11:51:38 +0000 (13:51 +0200)
committer Patrick McHardy <kaber@trash.net>
Wed, 13 Apr 2011 11:51:38 +0000 (13:51 +0200)
diff --git a/include/linux/netfilter/ipset/ip_set_getport.h b/include/linux/netfilter/ipset/ip_set_getport.h

index 5aebd170f899f76b9f3231d3aaf5c1066c73870a..90d09300e9541381cffc5aee6a6d7b03e49e607f 100644 (file)
--- a/include/linux/netfilter/ipset/ip_set_getport.h
+++ b/include/linux/netfilter/ipset/ip_set_getport.h
@@ -22,7 +22,9 @@ static inline bool ip_set_proto_with_ports(u8 proto)
  {
         switch (proto) {
         case IPPROTO_TCP:
+       case IPPROTO_SCTP:
         case IPPROTO_UDP:
+       case IPPROTO_UDPLITE:
                 return true;
         }
         return false;
diff --git a/net/netfilter/ipset/ip_set_getport.c b/net/netfilter/ipset/ip_set_getport.c

index 8d52272126867c5637fe644158338a63f98216b6..757143b2240af36395e71f6561e3809f3394e688 100644 (file)
--- a/net/netfilter/ipset/ip_set_getport.c
+++ b/net/netfilter/ipset/ip_set_getport.c
@@ -11,6 +11,7 @@
  #include <linux/skbuff.h>
  #include <linux/icmp.h>
  #include <linux/icmpv6.h>
+#include <linux/sctp.h>
  #include <linux/netfilter_ipv6/ip6_tables.h>
  #include <net/ip.h>
  #include <net/ipv6.h>
@@ -35,7 +36,20 @@ get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
                 *port = src ? th->source : th->dest;
                 break;
         }
-       case IPPROTO_UDP: {
+       case IPPROTO_SCTP: {
+               sctp_sctphdr_t _sh;
+               const sctp_sctphdr_t *sh;
+
+               sh = skb_header_pointer(skb, protooff, sizeof(_sh), &_sh);
+               if (sh == NULL)
+                       /* No choice either */
+                       return false;
+
+               *port = src ? sh->source : sh->dest;
+               break;
+       }
+       case IPPROTO_UDP:
+       case IPPROTO_UDPLITE: {
                 struct udphdr _udph;
                 const struct udphdr *uh;
  
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c

index b9214145d357ff7b4cfd8731f62f21970d7c8463..14281b6b8074142aab9e300b408fc7f4b9b86ae9 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -491,7 +491,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
         .features       = IPSET_TYPE_IP | IPSET_TYPE_PORT,
         .dimension      = IPSET_DIM_TWO,
         .family         = AF_UNSPEC,
-       .revision       = 0,
+       .revision       = 1,
         .create         = hash_ipport_create,
         .create_policy  = {
                 [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c

index 4642872df6e131818a9486ad99aa215a0b997fc8..401c8a2531dbf471677ba4cb13923fda61e6d7cd 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -509,7 +509,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
         .features       = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
         .dimension      = IPSET_DIM_THREE,
         .family         = AF_UNSPEC,
-       .revision       = 0,
+       .revision       = 1,
         .create         = hash_ipportip_create,
         .create_policy  = {
                 [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c

index 2cb84a54b7adbc9d651ed4f8117ad9119419de08..4743e5402522fb6793c2022ade4bed020b240295 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -574,7 +574,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
         .features       = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
         .dimension      = IPSET_DIM_THREE,
         .family         = AF_UNSPEC,
-       .revision       = 0,
+       .revision       = 1,
         .create         = hash_ipportnet_create,
         .create_policy  = {
                 [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c

index 8598676f2a053724f523d800410f72857700f305..d2a40362dd3aadb6510ff1603a42e132eeeb5c7a 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -526,7 +526,7 @@ static struct ip_set_type hash_netport_type __read_mostly = {
         .features       = IPSET_TYPE_IP | IPSET_TYPE_PORT,
         .dimension      = IPSET_DIM_TWO,
         .family         = AF_UNSPEC,
-       .revision       = 0,
+       .revision       = 1,
         .create         = hash_netport_create,
         .create_policy  = {
                 [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Wed, 13 Apr 2011 11:51:38 +0000 (13:51 +0200)
committer	Patrick McHardy <kaber@trash.net>
	Wed, 13 Apr 2011 11:51:38 +0000 (13:51 +0200)
include/linux/netfilter/ipset/ip_set_getport.h		patch \| blob \| history
net/netfilter/ipset/ip_set_getport.c		patch \| blob \| history
net/netfilter/ipset/ip_set_hash_ipport.c		patch \| blob \| history
net/netfilter/ipset/ip_set_hash_ipportip.c		patch \| blob \| history
net/netfilter/ipset/ip_set_hash_ipportnet.c		patch \| blob \| history
net/netfilter/ipset/ip_set_hash_netport.c		patch \| blob \| history