Hi Oliver,
On Tue, 3 Sep 2013, Oliver wrote:
> From: Oliver Smith <oliver@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>
> We now use an array in the structs for hash types so that they can be
> arbitrarily expanded to situate as many ip/cidr values as required.
>
> The primary purpose of this change is in preparation for the
> hash:net,net ipset type, it otherwise carries no change in
> functionality. As an aside, small comparison optimisations could
> additionally be made in the future by making a union from the compared
> types that encompasses them (such as bundling together cidr values).
>
> Signed-off-by: Oliver Smith <oliver@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> ---
> kernel/net/netfilter/ipset/ip_set_hash_gen.h | 90 +++++++++++--------
> kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 100 ++++++++++-----------
> kernel/net/netfilter/ipset/ip_set_hash_net.c | 78 ++++++++--------
> kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 88 +++++++++---------
> kernel/net/netfilter/ipset/ip_set_hash_netport.c | 74 +++++++--------
> 5 files changed, 220 insertions(+), 210 deletions(-)
>
> diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
> index cb6bba2..dff6295 100644
> --- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
> +++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
> @@ -37,6 +37,10 @@
> /* Max number of elements to store in an array block */
> #define AHASH_MAX_SIZE (3*AHASH_INIT_SIZE)
>
> +#ifndef IPSET_NET_COUNT
> +#define IPSET_NET_COUNT 1
> +#endif
> +
> /* Max number of elements can be tuned */
> #ifdef IP_SET_HASH_WITH_MULTI
> #define AHASH_MAX(h) ((h)->ahash_max)
> @@ -79,8 +83,8 @@ struct htable {
>
> /* Book-keeping of the prefixes added to the set */
> struct net_prefixes {
> - u8 cidr; /* the different cidr values in the set */
> - u32 nets; /* number of elements per cidr */
> + u8 cidr[IPSET_NET_COUNT]; /* cidr values in the set */
> + u32 nets[IPSET_NET_COUNT]; /* number of elements per cidr */
> };
>
> /* Compute the hash table size */
> @@ -296,46 +300,51 @@ struct htype {
> /* Network cidr size book keeping when the hash stores different
> * sized networks */
> static void
> -mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length)
> +mtype_add_cidr(struct htype *h, const u8 cidr[], u8 nets_length)
I do remember you asked it and I confused you: no, the hash types need not
be changed for this (see below), mtype_add_cidr requires just a new arg as
to which member of the cidr/net array of struct htype to be updated.
> {
> int i, j;
> + u8 x;
>
> - /* Add in increasing prefix order, so larger cidr first */
> - for (i = 0, j = -1; i < nets_length && h->nets[i].nets; i++) {
> - if (j != -1)
> - continue;
> - else if (h->nets[i].cidr < cidr)
> - j = i;
> - else if (h->nets[i].cidr == cidr) {
> - h->nets[i].nets++;
> - return;
> + for (x = 0; x < IPSET_NET_COUNT; x++) {
> + /* Add in increasing prefix order, so larger cidr first */
> + for (i = 0, j = -1; i < nets_length && h->nets[i].nets[x]; i++) {
> + if (j != -1)
> + continue;
> + else if (h->nets[i].cidr[x] < CIDR(cidr[x]))
> + j = i;
> + else if (h->nets[i].cidr[x] == CIDR(cidr[x])) {
> + h->nets[i].nets[x]++;
> + goto next;
> + }
> }
> - }
> - if (j != -1) {
> - for (; i > j; i--) {
> - h->nets[i].cidr = h->nets[i - 1].cidr;
> - h->nets[i].nets = h->nets[i - 1].nets;
> + if (j != -1) {
> + for (; i > j; i--) {
> + h->nets[i].cidr[x] = h->nets[i - 1].cidr[x];
> + h->nets[i].nets[x] = h->nets[i - 1].nets[x];
> + }
> }
> + h->nets[i].cidr[x] = CIDR(cidr[x]);
> + h->nets[i].nets[x] = 1;
> +next: ;
> }
> - h->nets[i].cidr = cidr;
> - h->nets[i].nets = 1;
> }
>
> static void
> -mtype_del_cidr(struct htype *h, u8 cidr, u8 nets_length)
> +mtype_del_cidr(struct htype *h, const u8 cidr[], u8 nets_length)
> {
> - u8 i, j;
> -
> - for (i = 0; i < nets_length - 1 && h->nets[i].cidr != cidr; i++)
> - ;
> - h->nets[i].nets--;
> + u8 i, j, x;
> + for (x = 0; x < IPSET_NET_COUNT; x++) {
> + for (i = 0; i < nets_length - 1 && h->nets[i].cidr[x] != CIDR(cidr[x]); i++)
> + ;
> + h->nets[i].nets[x]--;
>
> - if (h->nets[i].nets != 0)
> - return;
> + if (h->nets[i].nets[x] != 0)
> + continue;
>
> - for (j = i; j < nets_length - 1 && h->nets[j].nets; j++) {
> - h->nets[j].cidr = h->nets[j + 1].cidr;
> - h->nets[j].nets = h->nets[j + 1].nets;
> + for (j = i; j < nets_length - 1 && h->nets[j].nets[x]; j++) {
> + h->nets[j].cidr[x] = h->nets[j + 1].cidr[x];
> + h->nets[j].nets[x] = h->nets[j + 1].nets[x];
> + }
> }
> }
> #endif
> @@ -454,8 +463,7 @@ mtype_expire(struct htype *h, u8 nets_length, size_t dsize)
> if (ip_set_timeout_expired(ext_timeout(data, h))) {
> pr_debug("expired %u/%u\n", i, j);
> #ifdef IP_SET_HASH_WITH_NETS
> - mtype_del_cidr(h, CIDR(data->cidr),
> - nets_length);
> + mtype_del_cidr(h, data->cidr, nets_length);
> #endif
> if (j != n->pos - 1)
> /* Not last one */
> @@ -641,8 +649,8 @@ reuse_slot:
> /* Fill out reused slot */
> data = ahash_data(n, j, h->dsize);
> #ifdef IP_SET_HASH_WITH_NETS
> - mtype_del_cidr(h, CIDR(data->cidr), NETS_LENGTH(set->family));
> - mtype_add_cidr(h, CIDR(d->cidr), NETS_LENGTH(set->family));
> + mtype_del_cidr(h, data->cidr, NETS_LENGTH(set->family));
> + mtype_add_cidr(h, d->cidr, NETS_LENGTH(set->family));
> #endif
> } else {
> /* Use/create a new slot */
> @@ -655,7 +663,7 @@ reuse_slot:
> }
> data = ahash_data(n, n->pos++, h->dsize);
> #ifdef IP_SET_HASH_WITH_NETS
> - mtype_add_cidr(h, CIDR(d->cidr), NETS_LENGTH(set->family));
> + mtype_add_cidr(h, d->cidr, NETS_LENGTH(set->family));
> #endif
> h->elements++;
> }
> @@ -707,7 +715,7 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
> n->pos--;
> h->elements--;
> #ifdef IP_SET_HASH_WITH_NETS
> - mtype_del_cidr(h, CIDR(d->cidr), NETS_LENGTH(set->family));
> + mtype_del_cidr(h, d->cidr, NETS_LENGTH(set->family));
> #endif
> if (n->pos + AHASH_INIT_SIZE < n->size) {
> void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
> @@ -759,8 +767,8 @@ mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d,
> u8 nets_length = NETS_LENGTH(set->family);
>
> pr_debug("test by nets\n");
> - for (; j < nets_length && h->nets[j].nets && !multi; j++) {
> - mtype_data_netmask(d, h->nets[j].cidr);
> + for (; j < nets_length && h->nets[j].nets[0] && !multi; j++) {
> + mtype_data_netmask(d, h->nets[j].cidr[0]);
> key = HKEY(d, h->initval, t->htable_bits);
> n = hbucket(t, key);
> for (i = 0; i < n->pos; i++) {
> @@ -803,7 +811,11 @@ mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext,
> #ifdef IP_SET_HASH_WITH_NETS
> /* If we test an IP address and not a network address,
> * try all possible network sizes */
> - if (CIDR(d->cidr) == SET_HOST_MASK(set->family)) {
> + for (i = 0; i < IPSET_NET_COUNT; i++) {
> + if (CIDR(d->cidr[i]) != SET_HOST_MASK(set->family))
> + break;
> + }
> + if (i == IPSET_NET_COUNT) {
> ret = mtype_test_cidrs(set, d, ext, mext, flags);
> goto out;
> }
> diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
> index 02ed91e..69e014f 100644
> --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
> +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
> @@ -50,10 +50,9 @@ MODULE_ALIAS("ip_set_hash:ip,port,net");
>
> /* Member elements */
> struct hash_ipportnet4_elem {
> - __be32 ip;
> - __be32 ip2;
> + __be32 ip[2];
> __be16 port;
> - u8 cidr:7;
> + u8 cidr[1];
> u8 nomatch:1;
> u8 proto;
> } __attribute__((aligned(sizeof(void*))));
Don't change the cidr to array in the member elemets: that way the
structure is enlarged unnecessary. This is the confusion I caused, sorry.
Best regards,
Jozsef
> @@ -65,9 +64,9 @@ hash_ipportnet4_data_equal(const struct hash_ipportnet4_elem *ip1,
> const struct hash_ipportnet4_elem *ip2,
> u32 *multi)
> {
> - return ip1->ip == ip2->ip &&
> - ip1->ip2 == ip2->ip2 &&
> - ip1->cidr == ip2->cidr &&
> + return ip1->ip[0] == ip2->ip[0] &&
> + ip1->ip[1] == ip2->ip[1] &&
> + ip1->cidr[0] == ip2->cidr[0] &&
> ip1->port == ip2->port &&
> ip1->proto == ip2->proto;
> }
> @@ -93,8 +92,8 @@ hash_ipportnet4_data_reset_flags(struct hash_ipportnet4_elem *elem, u8 *flags)
> static inline void
> hash_ipportnet4_data_netmask(struct hash_ipportnet4_elem *elem, u8 cidr)
> {
> - elem->ip2 &= ip_set_netmask(cidr);
> - elem->cidr = cidr - 1;
> + elem->ip[0] &= ip_set_netmask(cidr);
> + elem->cidr[0] = cidr - 1;
> }
>
> static bool
> @@ -103,10 +102,10 @@ hash_ipportnet4_data_list(struct sk_buff *skb,
> {
> u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
>
> - if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
> - nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) ||
> + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip[0]) ||
> + nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip[1]) ||
> nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr[0] + 1) ||
> nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> @@ -121,9 +120,9 @@ static inline void
> hash_ipportnet4_data_next(struct hash_ipportnet4_elem *next,
> const struct hash_ipportnet4_elem *d)
> {
> - next->ip = d->ip;
> + next->ip[0] = d->ip[0];
> next->port = d->port;
> - next->ip2 = d->ip2;
> + next->ip[1] = d->ip[1];
> }
>
> #define MTYPE hash_ipportnet4
> @@ -139,20 +138,20 @@ hash_ipportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
> const struct hash_ipportnet *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_ipportnet4_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr - 1 : HOST_MASK - 1
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] - 1 : HOST_MASK - 1
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
>
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK - 1;
> + e.cidr[0] = HOST_MASK - 1;
>
> if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
> &e.port, &e.proto))
> return -EINVAL;
>
> - ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
> - ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2);
> - e.ip2 &= ip_set_netmask(e.cidr + 1);
> + ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0]);
> + ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip[1]);
> + e.ip[1] &= ip_set_netmask(e.cidr[0] + 1);
>
> return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
> }
> @@ -163,7 +162,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> const struct hash_ipportnet *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_ipportnet4_elem e = { .cidr = HOST_MASK - 1 };
> + struct hash_ipportnet4_elem e = { .cidr[0] = HOST_MASK - 1 };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> u32 ip = 0, ip_to = 0, p = 0, port, port_to;
> u32 ip2_from = 0, ip2_to = 0, ip2_last, ip2;
> @@ -196,7 +195,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> cidr = nla_get_u8(tb[IPSET_ATTR_CIDR2]);
> if (!cidr || cidr > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> - e.cidr = cidr - 1;
> + e.cidr[0] = cidr - 1;
> }
>
> if (tb[IPSET_ATTR_PORT])
> @@ -226,8 +225,8 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> if (adt == IPSET_TEST ||
> !(tb[IPSET_ATTR_CIDR] || tb[IPSET_ATTR_IP_TO] || with_ports ||
> tb[IPSET_ATTR_IP2_TO])) {
> - e.ip = htonl(ip);
> - e.ip2 = htonl(ip2_from & ip_set_hostmask(e.cidr + 1));
> + e.ip[0] = htonl(ip);
> + e.ip[1] = htonl(ip2_from & ip_set_hostmask(e.cidr[0] + 1));
> ret = adtfn(set, &e, &ext, &ext, flags);
> return ip_set_enomatch(ret, flags, adt, set) ? -ret :
> ip_set_eexist(ret, flags) ? 0 : ret;
> @@ -265,25 +264,25 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> if (ip2_from + UINT_MAX == ip2_to)
> return -IPSET_ERR_HASH_RANGE;
> } else
> - ip_set_mask_from_to(ip2_from, ip2_to, e.cidr + 1);
> + ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[0] + 1);
>
> if (retried)
> - ip = ntohl(h->next.ip);
> + ip = ntohl(h->next.ip[0]);
> for (; !before(ip_to, ip); ip++) {
> - e.ip = htonl(ip);
> - p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
> + e.ip[0] = htonl(ip);
> + p = retried && ip == ntohl(h->next.ip[0]) ? ntohs(h->next.port)
> : port;
> for (; p <= port_to; p++) {
> e.port = htons(p);
> ip2 = retried
> - && ip == ntohl(h->next.ip)
> + && ip == ntohl(h->next.ip[0])
> && p == ntohs(h->next.port)
> - ? ntohl(h->next.ip2) : ip2_from;
> + ? ntohl(h->next.ip[1]) : ip2_from;
> while (!after(ip2, ip2_to)) {
> - e.ip2 = htonl(ip2);
> + e.ip[1] = htonl(ip2);
> ip2_last = ip_set_range_to_cidr(ip2, ip2_to,
> &cidr);
> - e.cidr = cidr - 1;
> + e.cidr[0] = cidr - 1;
> ret = adtfn(set, &e, &ext, &ext, flags);
>
> if (ret && !ip_set_eexist(ret, flags))
> @@ -300,10 +299,9 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> /* IPv6 variants */
>
> struct hash_ipportnet6_elem {
> - union nf_inet_addr ip;
> - union nf_inet_addr ip2;
> + union nf_inet_addr ip[2];
> __be16 port;
> - u8 cidr:7;
> + u8 cidr[1];
> u8 nomatch:1;
> u8 proto;
> } __attribute__((aligned(sizeof(void*))));
> @@ -315,9 +313,9 @@ hash_ipportnet6_data_equal(const struct hash_ipportnet6_elem *ip1,
> const struct hash_ipportnet6_elem *ip2,
> u32 *multi)
> {
> - return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
> - ipv6_addr_equal(&ip1->ip2.in6, &ip2->ip2.in6) &&
> - ip1->cidr == ip2->cidr &&
> + return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) &&
> + ipv6_addr_equal(&ip1->ip[1].in6, &ip2->ip[1].in6) &&
> + ip1->cidr[0] == ip2->cidr[0] &&
> ip1->port == ip2->port &&
> ip1->proto == ip2->proto;
> }
> @@ -343,8 +341,8 @@ hash_ipportnet6_data_reset_flags(struct hash_ipportnet6_elem *elem, u8 *flags)
> static inline void
> hash_ipportnet6_data_netmask(struct hash_ipportnet6_elem *elem, u8 cidr)
> {
> - ip6_netmask(&elem->ip2, cidr);
> - elem->cidr = cidr - 1;
> + ip6_netmask(&elem->ip[1], cidr);
> + elem->cidr[0] = cidr - 1;
> }
>
> static bool
> @@ -353,10 +351,10 @@ hash_ipportnet6_data_list(struct sk_buff *skb,
> {
> u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
>
> - if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
> - nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
> + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip[0].in6) ||
> + nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip[1].in6) ||
> nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr[0] + 1) ||
> nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> @@ -392,20 +390,20 @@ hash_ipportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
> const struct hash_ipportnet *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_ipportnet6_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr - 1 : HOST_MASK - 1
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] - 1 : HOST_MASK - 1
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
>
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK - 1;
> + e.cidr[0] = HOST_MASK - 1;
>
> if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
> &e.port, &e.proto))
> return -EINVAL;
>
> - ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
> - ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6);
> - ip6_netmask(&e.ip2, e.cidr + 1);
> + ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6);
> + ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip[1].in6);
> + ip6_netmask(&e.ip[1], e.cidr[0] + 1);
>
> return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
> }
> @@ -416,7 +414,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> const struct hash_ipportnet *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_ipportnet6_elem e = { .cidr = HOST_MASK - 1 };
> + struct hash_ipportnet6_elem e = { .cidr[0] = HOST_MASK - 1 };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> u32 port, port_to;
> bool with_ports = false;
> @@ -439,12 +437,12 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
> if (tb[IPSET_ATTR_LINENO])
> *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
>
> - ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) ||
> + ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]) ||
> ip_set_get_extensions(set, tb, &ext);
> if (ret)
> return ret;
>
> - ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip2);
> + ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]);
> if (ret)
> return ret;
>
> @@ -452,10 +450,10 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
> cidr = nla_get_u8(tb[IPSET_ATTR_CIDR2]);
> if (!cidr || cidr > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> - e.cidr = cidr - 1;
> + e.cidr[0] = cidr - 1;
> }
>
> - ip6_netmask(&e.ip2, e.cidr + 1);
> + ip6_netmask(&e.ip[1], e.cidr[0] + 1);
>
> if (tb[IPSET_ATTR_PORT])
> e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
> diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c
> index 3d2ea5d..adbbca5 100644
> --- a/kernel/net/netfilter/ipset/ip_set_hash_net.c
> +++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c
> @@ -40,10 +40,10 @@ MODULE_ALIAS("ip_set_hash:net");
>
> /* Member elements */
> struct hash_net4_elem {
> - __be32 ip;
> + __be32 ip[1];
> u16 padding0;
> u8 nomatch;
> - u8 cidr;
> + u8 cidr[1];
> } __attribute__((aligned(sizeof(void*))));
>
> /* Common functions */
> @@ -53,8 +53,8 @@ hash_net4_data_equal(const struct hash_net4_elem *ip1,
> const struct hash_net4_elem *ip2,
> u32 *multi)
> {
> - return ip1->ip == ip2->ip &&
> - ip1->cidr == ip2->cidr;
> + return ip1->ip[0] == ip2->ip[0] &&
> + ip1->cidr[0] == ip2->cidr[0];
> }
>
> static inline int
> @@ -78,8 +78,8 @@ hash_net4_data_reset_flags(struct hash_net4_elem *elem, u8 *flags)
> static inline void
> hash_net4_data_netmask(struct hash_net4_elem *elem, u8 cidr)
> {
> - elem->ip &= ip_set_netmask(cidr);
> - elem->cidr = cidr;
> + elem->ip[0] &= ip_set_netmask(cidr);
> + elem->cidr[0] = cidr;
> }
>
> static bool
> @@ -87,8 +87,8 @@ hash_net4_data_list(struct sk_buff *skb, const struct hash_net4_elem *data)
> {
> u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
>
> - if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
> + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip[0]) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> goto nla_put_failure;
> @@ -102,7 +102,7 @@ static inline void
> hash_net4_data_next(struct hash_net4_elem *next,
> const struct hash_net4_elem *d)
> {
> - next->ip = d->ip;
> + next->ip[0] = d->ip[0];
> }
>
> #define MTYPE hash_net4
> @@ -118,17 +118,17 @@ hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb,
> const struct hash_net *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_net4_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] : HOST_MASK
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
>
> - if (e.cidr == 0)
> + if (e.cidr[0] == 0)
> return -EINVAL;
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK;
> + e.cidr[0] = HOST_MASK;
>
> - ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
> - e.ip &= ip_set_netmask(e.cidr);
> + ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0]);
> + e.ip[0] &= ip_set_netmask(e.cidr[0]);
>
> return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
> }
> @@ -139,7 +139,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> const struct hash_net *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_net4_elem e = { .cidr = HOST_MASK };
> + struct hash_net4_elem e = { .cidr[0] = HOST_MASK };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> u32 ip = 0, ip_to = 0, last;
> int ret;
> @@ -160,8 +160,8 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
> return ret;
>
> if (tb[IPSET_ATTR_CIDR]) {
> - e.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> - if (!e.cidr || e.cidr > HOST_MASK)
> + e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> + if (!e.cidr[0] || e.cidr[0] > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> }
>
> @@ -172,7 +172,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
> }
>
> if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
> - e.ip = htonl(ip & ip_set_hostmask(e.cidr));
> + e.ip[0] = htonl(ip & ip_set_hostmask(e.cidr[0]));
> ret = adtfn(set, &e, &ext, &ext, flags);
> return ip_set_enomatch(ret, flags, adt, set) ? -ret:
> ip_set_eexist(ret, flags) ? 0 : ret;
> @@ -189,10 +189,10 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
> return -IPSET_ERR_HASH_RANGE;
> }
> if (retried)
> - ip = ntohl(h->next.ip);
> + ip = ntohl(h->next.ip[0]);
> while (!after(ip, ip_to)) {
> - e.ip = htonl(ip);
> - last = ip_set_range_to_cidr(ip, ip_to, &e.cidr);
> + e.ip[0] = htonl(ip);
> + last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]);
> ret = adtfn(set, &e, &ext, &ext, flags);
> if (ret && !ip_set_eexist(ret, flags))
> return ret;
> @@ -206,10 +206,10 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
> /* IPv6 variants */
>
> struct hash_net6_elem {
> - union nf_inet_addr ip;
> + union nf_inet_addr ip[1];
> u16 padding0;
> u8 nomatch;
> - u8 cidr;
> + u8 cidr[1];
> } __attribute__((aligned(sizeof(void*))));
>
> /* Common functions */
> @@ -219,8 +219,8 @@ hash_net6_data_equal(const struct hash_net6_elem *ip1,
> const struct hash_net6_elem *ip2,
> u32 *multi)
> {
> - return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
> - ip1->cidr == ip2->cidr;
> + return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) &&
> + ip1->cidr[0] == ip2->cidr[0];
> }
>
> static inline int
> @@ -244,8 +244,8 @@ hash_net6_data_reset_flags(struct hash_net6_elem *elem, u8 *flags)
> static inline void
> hash_net6_data_netmask(struct hash_net6_elem *elem, u8 cidr)
> {
> - ip6_netmask(&elem->ip, cidr);
> - elem->cidr = cidr;
> + ip6_netmask(&elem->ip[0], cidr);
> + elem->cidr[0] = cidr;
> }
>
> static bool
> @@ -253,8 +253,8 @@ hash_net6_data_list(struct sk_buff *skb, const struct hash_net6_elem *data)
> {
> u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
>
> - if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
> + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip[0].in6) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> goto nla_put_failure;
> @@ -288,17 +288,17 @@ hash_net6_kadt(struct ip_set *set, const struct sk_buff *skb,
> const struct hash_net *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_net6_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] : HOST_MASK
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
>
> - if (e.cidr == 0)
> + if (e.cidr[0] == 0)
> return -EINVAL;
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK;
> + e.cidr[0] = HOST_MASK;
>
> - ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
> - ip6_netmask(&e.ip, e.cidr);
> + ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6);
> + ip6_netmask(&e.ip[0], e.cidr[0]);
>
> return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
> }
> @@ -309,7 +309,7 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> const struct hash_net *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_net6_elem e = { .cidr = HOST_MASK };
> + struct hash_net6_elem e = { .cidr[0] = HOST_MASK };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> int ret;
>
> @@ -325,18 +325,18 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *tb[],
> if (tb[IPSET_ATTR_LINENO])
> *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
>
> - ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) ||
> + ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]) ||
> ip_set_get_extensions(set, tb, &ext);
> if (ret)
> return ret;
>
> if (tb[IPSET_ATTR_CIDR])
> - e.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> + e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]);
>
> - if (!e.cidr || e.cidr > HOST_MASK)
> + if (!e.cidr[0] || e.cidr[0] > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
>
> - ip6_netmask(&e.ip, e.cidr);
> + ip6_netmask(&e.ip[0], e.cidr[0]);
>
> if (tb[IPSET_ATTR_CADT_FLAGS]) {
> u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
> diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
> index 06cc27b..d41fba1 100644
> --- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
> +++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
> @@ -137,17 +137,17 @@ iface_add(struct rb_root *root, const char **iface)
> /* IPv4 variants */
>
> struct hash_netiface4_elem_hashed {
> - __be32 ip;
> + __be32 ip[1];
> u8 physdev;
> - u8 cidr;
> + u8 cidr[1];
> u8 nomatch;
> u8 elem;
> };
>
> struct hash_netiface4_elem {
> - __be32 ip;
> + __be32 ip[1];
> u8 physdev;
> - u8 cidr;
> + u8 cidr[1];
> u8 nomatch;
> u8 elem;
> const char *iface;
> @@ -160,8 +160,8 @@ hash_netiface4_data_equal(const struct hash_netiface4_elem *ip1,
> const struct hash_netiface4_elem *ip2,
> u32 *multi)
> {
> - return ip1->ip == ip2->ip &&
> - ip1->cidr == ip2->cidr &&
> + return ip1->ip[0] == ip2->ip[0] &&
> + ip1->cidr[0] == ip2->cidr[0] &&
> (++*multi) &&
> ip1->physdev == ip2->physdev &&
> ip1->iface == ip2->iface;
> @@ -188,8 +188,8 @@ hash_netiface4_data_reset_flags(struct hash_netiface4_elem *elem, u8 *flags)
> static inline void
> hash_netiface4_data_netmask(struct hash_netiface4_elem *elem, u8 cidr)
> {
> - elem->ip &= ip_set_netmask(cidr);
> - elem->cidr = cidr;
> + elem->ip[0] &= ip_set_netmask(cidr);
> + elem->cidr[0] = cidr;
> }
>
> static bool
> @@ -200,8 +200,8 @@ hash_netiface4_data_list(struct sk_buff *skb,
>
> if (data->nomatch)
> flags |= IPSET_FLAG_NOMATCH;
> - if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
> + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip[0]) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) ||
> nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> @@ -216,7 +216,7 @@ static inline void
> hash_netiface4_data_next(struct hash_netiface4_elem *next,
> const struct hash_netiface4_elem *d)
> {
> - next->ip = d->ip;
> + next->ip[0] = d->ip[0];
> }
>
> #define MTYPE hash_netiface4
> @@ -233,19 +233,19 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb,
> struct hash_netiface *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_netiface4_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK,
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] : HOST_MASK,
> .elem = 1,
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
> int ret;
>
> - if (e.cidr == 0)
> + if (e.cidr[0] == 0)
> return -EINVAL;
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK;
> + e.cidr[0] = HOST_MASK;
>
> - ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
> - e.ip &= ip_set_netmask(e.cidr);
> + ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0]);
> + e.ip[0] &= ip_set_netmask(e.cidr[0]);
>
> #define IFACE(dir) (par->dir ? par->dir->name : NULL)
> #define PHYSDEV(dir) (nf_bridge->dir ? nf_bridge->dir->name : NULL)
> @@ -286,7 +286,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> struct hash_netiface *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_netiface4_elem e = { .cidr = HOST_MASK, .elem = 1 };
> + struct hash_netiface4_elem e = { .cidr[0] = HOST_MASK, .elem = 1 };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> u32 ip = 0, ip_to = 0, last;
> char iface[IFNAMSIZ];
> @@ -309,8 +309,8 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
> return ret;
>
> if (tb[IPSET_ATTR_CIDR]) {
> - e.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> - if (e.cidr > HOST_MASK)
> + e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> + if (e.cidr[0] > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> }
>
> @@ -334,7 +334,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
> flags |= (IPSET_FLAG_NOMATCH << 16);
> }
> if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) {
> - e.ip = htonl(ip & ip_set_hostmask(e.cidr));
> + e.ip[0] = htonl(ip & ip_set_hostmask(e.cidr[0]));
> ret = adtfn(set, &e, &ext, &ext, flags);
> return ip_set_enomatch(ret, flags, adt, set) ? -ret :
> ip_set_eexist(ret, flags) ? 0 : ret;
> @@ -349,13 +349,13 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
> if (ip + UINT_MAX == ip_to)
> return -IPSET_ERR_HASH_RANGE;
> } else
> - ip_set_mask_from_to(ip, ip_to, e.cidr);
> + ip_set_mask_from_to(ip, ip_to, e.cidr[0]);
>
> if (retried)
> - ip = ntohl(h->next.ip);
> + ip = ntohl(h->next.ip[0]);
> while (!after(ip, ip_to)) {
> - e.ip = htonl(ip);
> - last = ip_set_range_to_cidr(ip, ip_to, &e.cidr);
> + e.ip[0] = htonl(ip);
> + last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]);
> ret = adtfn(set, &e, &ext, &ext, flags);
>
> if (ret && !ip_set_eexist(ret, flags))
> @@ -370,17 +370,17 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
> /* IPv6 variants */
>
> struct hash_netiface6_elem_hashed {
> - union nf_inet_addr ip;
> + union nf_inet_addr ip[1];
> u8 physdev;
> - u8 cidr;
> + u8 cidr[1];
> u8 nomatch;
> u8 elem;
> };
>
> struct hash_netiface6_elem {
> - union nf_inet_addr ip;
> + union nf_inet_addr ip[1];
> u8 physdev;
> - u8 cidr;
> + u8 cidr[1];
> u8 nomatch;
> u8 elem;
> const char *iface;
> @@ -393,8 +393,8 @@ hash_netiface6_data_equal(const struct hash_netiface6_elem *ip1,
> const struct hash_netiface6_elem *ip2,
> u32 *multi)
> {
> - return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
> - ip1->cidr == ip2->cidr &&
> + return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) &&
> + ip1->cidr[0] == ip2->cidr[0] &&
> (++*multi) &&
> ip1->physdev == ip2->physdev &&
> ip1->iface == ip2->iface;
> @@ -421,8 +421,8 @@ hash_netiface6_data_reset_flags(struct hash_netiface6_elem *elem, u8 *flags)
> static inline void
> hash_netiface6_data_netmask(struct hash_netiface6_elem *elem, u8 cidr)
> {
> - ip6_netmask(&elem->ip, cidr);
> - elem->cidr = cidr;
> + ip6_netmask(&elem->ip[0], cidr);
> + elem->cidr[0] = cidr;
> }
>
> static bool
> @@ -433,8 +433,8 @@ hash_netiface6_data_list(struct sk_buff *skb,
>
> if (data->nomatch)
> flags |= IPSET_FLAG_NOMATCH;
> - if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
> + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip[0].in6) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) ||
> nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> @@ -471,19 +471,19 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb,
> struct hash_netiface *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_netiface6_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK,
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] : HOST_MASK,
> .elem = 1,
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
> int ret;
>
> - if (e.cidr == 0)
> + if (e.cidr[0] == 0)
> return -EINVAL;
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK;
> + e.cidr[0] = HOST_MASK;
>
> - ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
> - ip6_netmask(&e.ip, e.cidr);
> + ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6);
> + ip6_netmask(&e.ip[0], e.cidr[0]);
>
> if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
> #ifdef CONFIG_BRIDGE_NETFILTER
> @@ -520,7 +520,7 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> struct hash_netiface *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_netiface6_elem e = { .cidr = HOST_MASK, .elem = 1 };
> + struct hash_netiface6_elem e = { .cidr[0] = HOST_MASK, .elem = 1 };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> char iface[IFNAMSIZ];
> int ret;
> @@ -538,16 +538,16 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
> if (tb[IPSET_ATTR_LINENO])
> *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
>
> - ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) ||
> + ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]) ||
> ip_set_get_extensions(set, tb, &ext);
> if (ret)
> return ret;
>
> if (tb[IPSET_ATTR_CIDR])
> - e.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> - if (e.cidr > HOST_MASK)
> + e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> + if (e.cidr[0] > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> - ip6_netmask(&e.ip, e.cidr);
> + ip6_netmask(&e.ip[0], e.cidr[0]);
>
> strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE]));
> e.iface = iface;
> diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
> index 570e6b5..cc8a330 100644
> --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c
> +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
> @@ -49,10 +49,10 @@ MODULE_ALIAS("ip_set_hash:net,port");
>
> /* Member elements */
> struct hash_netport4_elem {
> - __be32 ip;
> + __be32 ip[1];
> __be16 port;
> u8 proto;
> - u8 cidr:7;
> + u8 cidr[1];
> u8 nomatch:1;
> } __attribute__((aligned(sizeof(void*))));
>
> @@ -63,10 +63,10 @@ hash_netport4_data_equal(const struct hash_netport4_elem *ip1,
> const struct hash_netport4_elem *ip2,
> u32 *multi)
> {
> - return ip1->ip == ip2->ip &&
> + return ip1->ip[0] == ip2->ip[0] &&
> ip1->port == ip2->port &&
> ip1->proto == ip2->proto &&
> - ip1->cidr == ip2->cidr;
> + ip1->cidr[0] == ip2->cidr[0];
> }
>
> static inline int
> @@ -90,8 +90,8 @@ hash_netport4_data_reset_flags(struct hash_netport4_elem *elem, u8 *flags)
> static inline void
> hash_netport4_data_netmask(struct hash_netport4_elem *elem, u8 cidr)
> {
> - elem->ip &= ip_set_netmask(cidr);
> - elem->cidr = cidr - 1;
> + elem->ip[0] &= ip_set_netmask(cidr);
> + elem->cidr[0] = cidr - 1;
> }
>
> static bool
> @@ -100,9 +100,9 @@ hash_netport4_data_list(struct sk_buff *skb,
> {
> u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
>
> - if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
> + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip[0]) ||
> nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0] + 1) ||
> nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> @@ -117,7 +117,7 @@ static inline void
> hash_netport4_data_next(struct hash_netport4_elem *next,
> const struct hash_netport4_elem *d)
> {
> - next->ip = d->ip;
> + next->ip[0] = d->ip[0];
> next->port = d->port;
> }
>
> @@ -134,19 +134,19 @@ hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb,
> const struct hash_netport *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_netport4_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr - 1 : HOST_MASK - 1
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] - 1 : HOST_MASK - 1
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
>
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK - 1;
> + e.cidr[0] = HOST_MASK - 1;
>
> if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
> &e.port, &e.proto))
> return -EINVAL;
>
> - ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
> - e.ip &= ip_set_netmask(e.cidr + 1);
> + ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0]);
> + e.ip[0] &= ip_set_netmask(e.cidr[0] + 1);
>
> return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
> }
> @@ -157,7 +157,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> const struct hash_netport *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_netport4_elem e = { .cidr = HOST_MASK - 1 };
> + struct hash_netport4_elem e = { .cidr[0] = HOST_MASK - 1 };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> u32 port, port_to, p = 0, ip = 0, ip_to = 0, last;
> bool with_ports = false;
> @@ -185,7 +185,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
> cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> if (!cidr || cidr > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> - e.cidr = cidr - 1;
> + e.cidr[0] = cidr - 1;
> }
>
> if (tb[IPSET_ATTR_PORT])
> @@ -214,7 +214,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
> }
>
> if (adt == IPSET_TEST || !(with_ports || tb[IPSET_ATTR_IP_TO])) {
> - e.ip = htonl(ip & ip_set_hostmask(e.cidr + 1));
> + e.ip[0] = htonl(ip & ip_set_hostmask(e.cidr[0] + 1));
> ret = adtfn(set, &e, &ext, &ext, flags);
> return ip_set_enomatch(ret, flags, adt, set) ? -ret :
> ip_set_eexist(ret, flags) ? 0 : ret;
> @@ -235,15 +235,15 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
> if (ip + UINT_MAX == ip_to)
> return -IPSET_ERR_HASH_RANGE;
> } else
> - ip_set_mask_from_to(ip, ip_to, e.cidr + 1);
> + ip_set_mask_from_to(ip, ip_to, e.cidr[0] + 1);
>
> if (retried)
> - ip = ntohl(h->next.ip);
> + ip = ntohl(h->next.ip[0]);
> while (!after(ip, ip_to)) {
> - e.ip = htonl(ip);
> + e.ip[0] = htonl(ip);
> last = ip_set_range_to_cidr(ip, ip_to, &cidr);
> - e.cidr = cidr - 1;
> - p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
> + e.cidr[0] = cidr - 1;
> + p = retried && ip == ntohl(h->next.ip[0]) ? ntohs(h->next.port)
> : port;
> for (; p <= port_to; p++) {
> e.port = htons(p);
> @@ -262,10 +262,10 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
> /* IPv6 variants */
>
> struct hash_netport6_elem {
> - union nf_inet_addr ip;
> + union nf_inet_addr ip[1];
> __be16 port;
> u8 proto;
> - u8 cidr:7;
> + u8 cidr[1];
> u8 nomatch:1;
> } __attribute__((aligned(sizeof(void*))));
>
> @@ -276,10 +276,10 @@ hash_netport6_data_equal(const struct hash_netport6_elem *ip1,
> const struct hash_netport6_elem *ip2,
> u32 *multi)
> {
> - return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
> + return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) &&
> ip1->port == ip2->port &&
> ip1->proto == ip2->proto &&
> - ip1->cidr == ip2->cidr;
> + ip1->cidr[0] == ip2->cidr[0];
> }
>
> static inline int
> @@ -303,8 +303,8 @@ hash_netport6_data_reset_flags(struct hash_netport6_elem *elem, u8 *flags)
> static inline void
> hash_netport6_data_netmask(struct hash_netport6_elem *elem, u8 cidr)
> {
> - ip6_netmask(&elem->ip, cidr);
> - elem->cidr = cidr - 1;
> + ip6_netmask(&elem->ip[0], cidr);
> + elem->cidr[0] = cidr - 1;
> }
>
> static bool
> @@ -313,9 +313,9 @@ hash_netport6_data_list(struct sk_buff *skb,
> {
> u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
>
> - if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
> + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip[0].in6) ||
> nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
> - nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) ||
> + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0] + 1) ||
> nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
> (flags &&
> nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
> @@ -351,19 +351,19 @@ hash_netport6_kadt(struct ip_set *set, const struct sk_buff *skb,
> const struct hash_netport *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> struct hash_netport6_elem e = {
> - .cidr = h->nets[0].cidr ? h->nets[0].cidr - 1 : HOST_MASK - 1,
> + .cidr[0] = h->nets[0].cidr[0] ? h->nets[0].cidr[0] - 1 : HOST_MASK - 1,
> };
> struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, h);
>
> if (adt == IPSET_TEST)
> - e.cidr = HOST_MASK - 1;
> + e.cidr[0] = HOST_MASK - 1;
>
> if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
> &e.port, &e.proto))
> return -EINVAL;
>
> - ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
> - ip6_netmask(&e.ip, e.cidr + 1);
> + ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6);
> + ip6_netmask(&e.ip[0], e.cidr[0] + 1);
>
> return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
> }
> @@ -374,7 +374,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
> {
> const struct hash_netport *h = set->data;
> ipset_adtfn adtfn = set->variant->adt[adt];
> - struct hash_netport6_elem e = { .cidr = HOST_MASK - 1 };
> + struct hash_netport6_elem e = { .cidr[0] = HOST_MASK - 1 };
> struct ip_set_ext ext = IP_SET_INIT_UEXT(h);
> u32 port, port_to;
> bool with_ports = false;
> @@ -395,7 +395,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
> if (tb[IPSET_ATTR_LINENO])
> *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
>
> - ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip) ||
> + ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]) ||
> ip_set_get_extensions(set, tb, &ext);
> if (ret)
> return ret;
> @@ -404,9 +404,9 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
> cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
> if (!cidr || cidr > HOST_MASK)
> return -IPSET_ERR_INVALID_CIDR;
> - e.cidr = cidr - 1;
> + e.cidr[0] = cidr - 1;
> }
> - ip6_netmask(&e.ip, e.cidr + 1);
> + ip6_netmask(&e.ip[0], e.cidr[0] + 1);
>
> if (tb[IPSET_ATTR_PORT])
> e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
> --
> 1.8.3.2
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
