diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-06-16 18:56:47 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2011-06-16 18:56:47 +0200 |
commit | b66554cf03fe866b3fb7b9f40f430b8ba09f41c8 (patch) | |
tree | 14797f02748576a30284c3d7b545fe05fbbf05d4 /net/netfilter/xt_set.c | |
parent | e6146e8684ed6dd4c0ff85ca21bf4324114fbbfa (diff) | |
download | op-kernel-dev-b66554cf03fe866b3fb7b9f40f430b8ba09f41c8.zip op-kernel-dev-b66554cf03fe866b3fb7b9f40f430b8ba09f41c8.tar.gz |
netfilter: ipset: add xt_action_param to the variant level kadt functions, ipset API change
With the change the sets can use any parameter available for the match
and target extensions, like input/output interface. It's required for
the hash:net,iface set type.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/xt_set.c')
-rw-r--r-- | net/netfilter/xt_set.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c index eb265bd..453847f 100644 --- a/net/netfilter/xt_set.c +++ b/net/netfilter/xt_set.c @@ -29,9 +29,10 @@ MODULE_ALIAS("ip6t_SET"); static inline int match_set(ip_set_id_t index, const struct sk_buff *skb, + const struct xt_action_param *par, const struct ip_set_adt_opt *opt, int inv) { - if (ip_set_test(index, skb, opt)) + if (ip_set_test(index, skb, par, opt)) inv = !inv; return inv; } @@ -54,7 +55,7 @@ set_match_v0(const struct sk_buff *skb, struct xt_action_param *par) ADT_OPT(opt, par->family, info->match_set.u.compat.dim, info->match_set.u.compat.flags, 0, UINT_MAX); - return match_set(info->match_set.index, skb, &opt, + return match_set(info->match_set.index, skb, par, &opt, info->match_set.u.compat.flags & IPSET_INV_MATCH); } @@ -118,9 +119,9 @@ set_target_v0(struct sk_buff *skb, const struct xt_action_param *par) info->del_set.u.compat.flags, 0, UINT_MAX); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_add(info->add_set.index, skb, &add_opt); + ip_set_add(info->add_set.index, skb, par, &add_opt); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_del(info->del_set.index, skb, &del_opt); + ip_set_del(info->del_set.index, skb, par, &del_opt); return XT_CONTINUE; } @@ -188,7 +189,7 @@ set_match_v1(const struct sk_buff *skb, struct xt_action_param *par) ADT_OPT(opt, par->family, info->match_set.dim, info->match_set.flags, 0, UINT_MAX); - return match_set(info->match_set.index, skb, &opt, + return match_set(info->match_set.index, skb, par, &opt, info->match_set.flags & IPSET_INV_MATCH); } @@ -233,9 +234,9 @@ set_target_v1(struct sk_buff *skb, const struct xt_action_param *par) info->del_set.flags, 0, UINT_MAX); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_add(info->add_set.index, skb, &add_opt); + ip_set_add(info->add_set.index, skb, par, &add_opt); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_del(info->del_set.index, skb, &del_opt); + ip_set_del(info->del_set.index, skb, par, &del_opt); return XT_CONTINUE; } @@ -302,9 +303,9 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par) info->del_set.flags, 0, UINT_MAX); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_add(info->add_set.index, skb, &add_opt); + ip_set_add(info->add_set.index, skb, par, &add_opt); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_del(info->del_set.index, skb, &del_opt); + ip_set_del(info->del_set.index, skb, par, &del_opt); return XT_CONTINUE; } |