Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
GfA
/
linux_kernel
5
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

netfilter: ipset: Check extensions attributes before getting extensions.

Make all extensions attributes checks within ip_set_get_extensions()
and reduce number of duplicated code.

Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Sergey Popovich 10 жил өмнө
parent
edda079174
commit
7dd37bc8e6
16 өөрчлөгдсөн 29 нэмэгдсэн , 170 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 1 7
      net/netfilter/ipset/ip_set_bitmap_ip.c
  2. 1 7
      net/netfilter/ipset/ip_set_bitmap_ipmac.c
  3. 1 7
      net/netfilter/ipset/ip_set_bitmap_port.c
  4. 9 0
      net/netfilter/ipset/ip_set_core.c
  5. 1 13
      net/netfilter/ipset/ip_set_hash_ip.c
  6. 1 13
      net/netfilter/ipset/ip_set_hash_ipmark.c
  7. 1 13
      net/netfilter/ipset/ip_set_hash_ipport.c
  8. 1 13
      net/netfilter/ipset/ip_set_hash_ipportip.c
  9. 1 13
      net/netfilter/ipset/ip_set_hash_ipportnet.c
  10. 1 7
      net/netfilter/ipset/ip_set_hash_mac.c
  11. 2 14
      net/netfilter/ipset/ip_set_hash_net.c
  12. 2 14
      net/netfilter/ipset/ip_set_hash_netiface.c
  13. 2 14
      net/netfilter/ipset/ip_set_hash_netnet.c
  14. 2 14
      net/netfilter/ipset/ip_set_hash_netport.c
  15. 2 14
      net/netfilter/ipset/ip_set_hash_netportnet.c
  16. 1 7
      net/netfilter/ipset/ip_set_list_set.c

+ 1 - 7
net/netfilter/ipset/ip_set_bitmap_ip.c
Файл харах 

@@ -138,13 +138,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
 
 	int ret = 0;
 
 
-	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+	if (unlikely(!tb[IPSET_ATTR_IP]))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])

+ 1 - 7
net/netfilter/ipset/ip_set_bitmap_ipmac.c
Файл харах 

@@ -239,13 +239,7 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	u32 ip = 0;
 
 	int ret = 0;
 
 
-	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+	if (unlikely(!tb[IPSET_ATTR_IP]))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])

+ 1 - 7
net/netfilter/ipset/ip_set_bitmap_port.c
Файл харах 

@@ -137,13 +137,7 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	int ret = 0;
 
 
 	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])

+ 9 - 0
net/netfilter/ipset/ip_set_core.c
Файл харах 

@@ -389,6 +389,15 @@ ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
 
 		      struct ip_set_ext *ext)
 
 {
 
 	u64 fullmark;
 
+
 
+	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		return -IPSET_ERR_PROTOCOL;
 
+
 
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 
 		if (!SET_WITH_TIMEOUT(set))
 
 			return -IPSET_ERR_TIMEOUT;

+ 1 - 13
net/netfilter/ipset/ip_set_hash_ip.c
Файл харах 

@@ -108,13 +108,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	u32 ip = 0, ip_to = 0, hosts;
 
 	int ret = 0;
 
 
-	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+	if (unlikely(!tb[IPSET_ATTR_IP]))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -247,12 +241,6 @@ hash_ip6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	int ret;
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||
 
 		     tb[IPSET_ATTR_IP_TO] ||
 
 		     tb[IPSET_ATTR_CIDR]))
 
 		return -IPSET_ERR_PROTOCOL;

+ 1 - 13
net/netfilter/ipset/ip_set_hash_ipmark.c
Файл харах 

@@ -109,13 +109,7 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	int ret;
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_attr_netorder(tb, IPSET_ATTR_MARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_attr_netorder(tb, IPSET_ATTR_MARK)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -242,12 +236,6 @@ hash_ipmark6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_MARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||
 
 		     tb[IPSET_ATTR_IP_TO] ||
 
 		     tb[IPSET_ATTR_CIDR]))
 
 		return -IPSET_ERR_PROTOCOL;

+ 1 - 13
net/netfilter/ipset/ip_set_hash_ipport.c
Файл харах 

@@ -118,13 +118,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -282,12 +276,6 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||
 
 		     tb[IPSET_ATTR_IP_TO] ||
 
 		     tb[IPSET_ATTR_CIDR]))
 
 		return -IPSET_ERR_PROTOCOL;

+ 1 - 13
net/netfilter/ipset/ip_set_hash_ipportip.c
Файл харах 

@@ -121,13 +121,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -293,12 +287,6 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||
 
 		     tb[IPSET_ATTR_IP_TO] ||
 
 		     tb[IPSET_ATTR_CIDR]))
 
 		return -IPSET_ERR_PROTOCOL;

+ 1 - 13
net/netfilter/ipset/ip_set_hash_ipportnet.c
Файл харах 

@@ -176,13 +176,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -429,13 +423,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||
 
 		     tb[IPSET_ATTR_IP_TO] ||
 
 		     tb[IPSET_ATTR_CIDR]))
 
 		return -IPSET_ERR_PROTOCOL;

+ 1 - 7
net/netfilter/ipset/ip_set_hash_mac.c
Файл харах 

@@ -107,13 +107,7 @@ hash_mac4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
 
 	int ret;
 
 
-	if (unlikely(!tb[IPSET_ATTR_ETHER] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+	if (unlikely(!tb[IPSET_ATTR_ETHER]))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])

+ 2 - 14
net/netfilter/ipset/ip_set_hash_net.c
Файл харах 

@@ -147,13 +147,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	int ret;
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -319,13 +313,7 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	int ret;
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 	if (unlikely(tb[IPSET_ATTR_IP_TO]))
 
 		return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;

+ 2 - 14
net/netfilter/ipset/ip_set_hash_netiface.c
Файл харах 

@@ -295,13 +295,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !tb[IPSET_ATTR_IFACE] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -531,13 +525,7 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !tb[IPSET_ATTR_IFACE] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 	if (unlikely(tb[IPSET_ATTR_IP_TO]))
 
 		return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;

+ 2 - 14
net/netfilter/ipset/ip_set_hash_netnet.c
Файл харах 

@@ -169,13 +169,7 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	e.cidr[0] = e.cidr[1] = HOST_MASK;
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -400,13 +394,7 @@ hash_netnet6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 
 	e.cidr[0] = e.cidr[1] = HOST_MASK;
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 	if (unlikely(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_IP2_TO]))
 
 		return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;

+ 2 - 14
net/netfilter/ipset/ip_set_hash_netport.c
Файл харах 

@@ -169,13 +169,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -387,13 +381,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 	if (unlikely(tb[IPSET_ATTR_IP_TO]))
 
 		return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;

+ 2 - 14
net/netfilter/ipset/ip_set_hash_netportnet.c
Файл харах 

@@ -187,13 +187,7 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])
 
@@ -463,13 +457,7 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
 
 		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
 
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 	if (unlikely(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_IP2_TO]))
 
 		return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;

+ 1 - 7
net/netfilter/ipset/ip_set_list_set.c
Файл харах 

@@ -384,13 +384,7 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[],
 
 	int ret = 0;
 
 
 	if (unlikely(!tb[IPSET_ATTR_NAME] ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
 
-		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
 
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
 
 		return -IPSET_ERR_PROTOCOL;
 
 
 	if (tb[IPSET_ATTR_LINENO])