Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp401526imm; Thu, 30 Aug 2018 01:33:57 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZxMPHT+T/kgjEq7FLqy7MFVYMsawNlkIq+706qrRxB4qXcu1miGewRzjOktHwzhsWS2ONn X-Received: by 2002:a17:902:c6:: with SMTP id a64-v6mr9336951pla.180.1535618037695; Thu, 30 Aug 2018 01:33:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535618037; cv=none; d=google.com; s=arc-20160816; b=mk3giw8JaIJN9WwihcL57p7y4v2fJ9S79kZ5ml0j2AduoK5kMeOYv5qq3ZlnQf3k2t u5kp3Rd1ddOjsXkWC2ddxuxO3gRIzlIPQ/iRMMA5NCCiVqh1r8WkbxHtyMxJo1smAZbo eV3J9WKu36i6hgMGttJdE3hBtQykAeqyoG/JF4tCgUl5FbGj5WgQ0iPN7WYB/a5o0+kS 8nfw1LxuKwpyJeitPLBUNwxxnnw8OkR5Utv1n3tt26nNZGoNpmsh+tZ9QRipgUROAFmf owK26j3gSKO8arunTQZ+NrfnqaUeqA7MDGsUlJse6AoHg6kRi8tOl2KpjYg7I1kmYVTS Momg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=YtlCXSIAjjxfnJOPZXNg8rooPSKiA71ycVA30yEKtqk=; b=bVeNfKk0VTibW7lcPEGqHLsaxx6XMjG6xpWlfG11nF+FWk+7bSu9TG0R9t1c0JPBmX kXCoHvjwjchXcd/XW/bSCGq2JQpYYjKl5h3dc7teEuZ823COvqLKz8BUGuMkD2UaBHEt eyygHtOyLxfeyVclxs9tMpyXPXV0L7VcWKqUw2VJMYInMaJUsmDK5Ui+X/DLvju6zr6B K9k8uk/Kjo41qVe3kMzKo0+IOuGVrRnEirRSD6xiYyzdibT0G/LQrbjF6znlh0O05MdW h/DtV0vTUQUWBTGeSru1sDNRQhbc2xw3NU05VpYu1EEFtxCgwA9T5Y09LMm7FfdpvLXN 60pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@blackhole.kfki.hu header.s=20151130 header.b=trmv4GOX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=blackhole.kfki.hu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i8-v6si5745924pfo.128.2018.08.30.01.33.42; Thu, 30 Aug 2018 01:33:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@blackhole.kfki.hu header.s=20151130 header.b=trmv4GOX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=blackhole.kfki.hu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728035AbeH3Md1 (ORCPT + 99 others); Thu, 30 Aug 2018 08:33:27 -0400 Received: from smtp-in.kfki.hu ([148.6.0.28]:56224 "EHLO smtp2.kfki.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727688AbeH3Md0 (ORCPT ); Thu, 30 Aug 2018 08:33:26 -0400 X-Greylist: delayed 546 seconds by postgrey-1.27 at vger.kernel.org; Thu, 30 Aug 2018 08:33:25 EDT Received: from localhost (localhost [127.0.0.1]) by smtp2.kfki.hu (Postfix) with ESMTP id 6CADACC00DC; Thu, 30 Aug 2018 10:23:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= blackhole.kfki.hu; h=mime-version:user-agent:references :message-id:in-reply-to:from:from:date:date:received:received :received; s=20151130; t=1535617397; x=1537431798; bh=YtlCXSIAjj xfnJOPZXNg8rooPSKiA71ycVA30yEKtqk=; b=trmv4GOXZUtO8OTK9tp66ut95c rdKMUaD8UsTCsCr8o3yUlvX4FsTQl57PuxP4r95WN1LDnEimtEJyuVgBzWvOTek4 bl95zoBAj7v/vkqxqYwaSjvQyndhz416f035UO6pzZzfnjvUVIM5qAjw4DnKFep3 mJiZexWQKWrUj9wWk= X-Virus-Scanned: Debian amavisd-new at smtp2.kfki.hu Received: from smtp2.kfki.hu ([127.0.0.1]) by localhost (smtp2.kfki.hu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP; Thu, 30 Aug 2018 10:23:17 +0200 (CEST) Received: from blackhole.kfki.hu (blackhole.kfki.hu [148.6.240.2]) by smtp2.kfki.hu (Postfix) with ESMTP id B7570CC00D4; Thu, 30 Aug 2018 10:23:16 +0200 (CEST) Received: by blackhole.kfki.hu (Postfix, from userid 1000) id 8A443211CC; Thu, 30 Aug 2018 10:23:16 +0200 (CEST) Date: Thu, 30 Aug 2018 10:23:16 +0200 (CEST) From: Jozsef Kadlecsik To: Eric Westbrook cc: Pablo Neira Ayuso , Florian Westphal , Netfilter Development , Netfilter Core Team , Linux Kernel Mailing List , Trivial Patch Monkey Subject: Re: [PATCH] netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net In-Reply-To: Message-ID: References: User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 28 Aug 2018, Eric Westbrook wrote: > Allow /0 as advertised for hash:net,port,net sets. > > For "hash:net,port,net", ipset(8) says that "either subnet > is permitted to be a /0 should you wish to match port > between all destinations." > > Make that statement true. > > Before: > > # ipset create cidrzero hash:net,port,net > # ipset add cidrzero 0.0.0.0/0,12345,0.0.0.0/0 > ipset v6.34: The value of the CIDR parameter of the IP address is invalid > > # ipset create cidrzero6 hash:net,port,net family inet6 > # ipset add cidrzero6 ::/0,12345,::/0 > ipset v6.34: The value of the CIDR parameter of the IP address is invalid > > After: > > # ipset create cidrzero hash:net,port,net > # ipset add cidrzero 0.0.0.0/0,12345,0.0.0.0/0 > # ipset test cidrzero 192.168.205.129,12345,172.16.205.129 > 192.168.205.129,tcp:12345,172.16.205.129 is in set cidrzero. > > # ipset create cidrzero6 hash:net,port,net family inet6 > # ipset add cidrzero6 ::/0,12345,::/0 > # ipset test cidrzero6 fe80::1,12345,ff00::1 > fe80::1,tcp:12345,ff00::1 is in set cidrzero6. > > See also: > > https://bugzilla.kernel.org/show_bug.cgi?id=200897 > https://github.com/ewestbrook/linux/commit/df7ff6efb0934ab6acc11f003ff1a7580d6c1d9c > > Signed-off-by: Eric Westbrook Patch is applied, thank you. Best regards, Jozsef > --- > net/netfilter/ipset/ip_set_hash_netportnet.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c > index d391485a6acd..613e18e720a4 100644 > --- a/net/netfilter/ipset/ip_set_hash_netportnet.c > +++ b/net/netfilter/ipset/ip_set_hash_netportnet.c > @@ -213,13 +213,13 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[], > > if (tb[IPSET_ATTR_CIDR]) { > e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); > - if (!e.cidr[0] || e.cidr[0] > HOST_MASK) > + if (e.cidr[0] > HOST_MASK) > return -IPSET_ERR_INVALID_CIDR; > } > > if (tb[IPSET_ATTR_CIDR2]) { > e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); > - if (!e.cidr[1] || e.cidr[1] > HOST_MASK) > + if (e.cidr[1] > HOST_MASK) > return -IPSET_ERR_INVALID_CIDR; > } > > @@ -493,13 +493,13 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[], > > if (tb[IPSET_ATTR_CIDR]) { > e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); > - if (!e.cidr[0] || e.cidr[0] > HOST_MASK) > + if (e.cidr[0] > HOST_MASK) > return -IPSET_ERR_INVALID_CIDR; > } > > if (tb[IPSET_ATTR_CIDR2]) { > e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); > - if (!e.cidr[1] || e.cidr[1] > HOST_MASK) > + if (e.cidr[1] > HOST_MASK) > return -IPSET_ERR_INVALID_CIDR; > } > > -- > 2.18.0 > > - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary