lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 8 Aug 2019 20:49:22 +0200 (CEST)
From:   Jozsef Kadlecsik <kadlec@...filter.org>
To:     Jeremy Sowden <jeremy@...zel.net>
cc:     Pablo Neira Ayuso <pablo@...filter.org>,
        Netfilter Devel <netfilter-devel@...r.kernel.org>,
        Net Dev <netdev@...r.kernel.org>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>
Subject: Re: [PATCH net-next v1 1/8] netfilter: inlined four headers files
 into another one.

Hi Jeremy,

On Wed, 7 Aug 2019, Jeremy Sowden wrote:

> linux/netfilter/ipset/ip_set.h included four other header files:
> 
>   include/linux/netfilter/ipset/ip_set_comment.h
>   include/linux/netfilter/ipset/ip_set_counter.h
>   include/linux/netfilter/ipset/ip_set_skbinfo.h
>   include/linux/netfilter/ipset/ip_set_timeout.h
> 
> Of these the first three were not included anywhere else.  The last,
> ip_set_timeout.h, was included in a couple of other places, but defined
> inline functions which call other inline functions defined in ip_set.h,
> so ip_set.h had to be included before it.
> 
> Inlined all four into ip_set.h, and updated the other files that
> included ip_set_timeout.h.
> 
> Signed-off-by: Jeremy Sowden <jeremy@...zel.net>

Acked-by: Jozsef Kadlecsik <kadlec@...filter.org>

Also, for the ipset part of patch 2/8, thank!

Best regards,
Jozsef

> ---
>  include/linux/netfilter/ipset/ip_set.h        | 238 +++++++++++++++++-
>  .../linux/netfilter/ipset/ip_set_comment.h    |  73 ------
>  .../linux/netfilter/ipset/ip_set_counter.h    |  84 -------
>  .../linux/netfilter/ipset/ip_set_skbinfo.h    |  42 ----
>  .../linux/netfilter/ipset/ip_set_timeout.h    |  77 ------
>  net/netfilter/ipset/ip_set_hash_gen.h         |   2 +-
>  net/netfilter/xt_set.c                        |   1 -
>  7 files changed, 235 insertions(+), 282 deletions(-)
>  delete mode 100644 include/linux/netfilter/ipset/ip_set_comment.h
>  delete mode 100644 include/linux/netfilter/ipset/ip_set_counter.h
>  delete mode 100644 include/linux/netfilter/ipset/ip_set_skbinfo.h
>  delete mode 100644 include/linux/netfilter/ipset/ip_set_timeout.h
> 
> diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
> index 12ad9b1853b4..9bc255a8461b 100644
> --- a/include/linux/netfilter/ipset/ip_set.h
> +++ b/include/linux/netfilter/ipset/ip_set.h
> @@ -452,10 +452,240 @@ bitmap_bytes(u32 a, u32 b)
>  	return 4 * ((((b - a + 8) / 8) + 3) / 4);
>  }
>  
> -#include <linux/netfilter/ipset/ip_set_timeout.h>
> -#include <linux/netfilter/ipset/ip_set_comment.h>
> -#include <linux/netfilter/ipset/ip_set_counter.h>
> -#include <linux/netfilter/ipset/ip_set_skbinfo.h>
> +/* How often should the gc be run by default */
> +#define IPSET_GC_TIME			(3 * 60)
> +
> +/* Timeout period depending on the timeout value of the given set */
> +#define IPSET_GC_PERIOD(timeout) \
> +	((timeout/3) ? min_t(u32, (timeout)/3, IPSET_GC_TIME) : 1)
> +
> +/* Entry is set with no timeout value */
> +#define IPSET_ELEM_PERMANENT	0
> +
> +/* Set is defined with timeout support: timeout value may be 0 */
> +#define IPSET_NO_TIMEOUT	UINT_MAX
> +
> +/* Max timeout value, see msecs_to_jiffies() in jiffies.h */
> +#define IPSET_MAX_TIMEOUT	(UINT_MAX >> 1)/MSEC_PER_SEC
> +
> +#define ip_set_adt_opt_timeout(opt, set)	\
> +((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout)
> +
> +static inline unsigned int
> +ip_set_timeout_uget(struct nlattr *tb)
> +{
> +	unsigned int timeout = ip_set_get_h32(tb);
> +
> +	/* Normalize to fit into jiffies */
> +	if (timeout > IPSET_MAX_TIMEOUT)
> +		timeout = IPSET_MAX_TIMEOUT;
> +
> +	return timeout;
> +}
> +
> +static inline bool
> +ip_set_timeout_expired(const unsigned long *t)
> +{
> +	return *t != IPSET_ELEM_PERMANENT && time_is_before_jiffies(*t);
> +}
> +
> +static inline void
> +ip_set_timeout_set(unsigned long *timeout, u32 value)
> +{
> +	unsigned long t;
> +
> +	if (!value) {
> +		*timeout = IPSET_ELEM_PERMANENT;
> +		return;
> +	}
> +
> +	t = msecs_to_jiffies(value * MSEC_PER_SEC) + jiffies;
> +	if (t == IPSET_ELEM_PERMANENT)
> +		/* Bingo! :-) */
> +		t--;
> +	*timeout = t;
> +}
> +
> +static inline u32
> +ip_set_timeout_get(const unsigned long *timeout)
> +{
> +	u32 t;
> +
> +	if (*timeout == IPSET_ELEM_PERMANENT)
> +		return 0;
> +
> +	t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
> +	/* Zero value in userspace means no timeout */
> +	return t == 0 ? 1 : t;
> +}
> +
> +static inline char*
> +ip_set_comment_uget(struct nlattr *tb)
> +{
> +	return nla_data(tb);
> +}
> +
> +/* Called from uadd only, protected by the set spinlock.
> + * The kadt functions don't use the comment extensions in any way.
> + */
> +static inline void
> +ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,
> +		    const struct ip_set_ext *ext)
> +{
> +	struct ip_set_comment_rcu *c = rcu_dereference_protected(comment->c, 1);
> +	size_t len = ext->comment ? strlen(ext->comment) : 0;
> +
> +	if (unlikely(c)) {
> +		set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
> +		kfree_rcu(c, rcu);
> +		rcu_assign_pointer(comment->c, NULL);
> +	}
> +	if (!len)
> +		return;
> +	if (unlikely(len > IPSET_MAX_COMMENT_SIZE))
> +		len = IPSET_MAX_COMMENT_SIZE;
> +	c = kmalloc(sizeof(*c) + len + 1, GFP_ATOMIC);
> +	if (unlikely(!c))
> +		return;
> +	strlcpy(c->str, ext->comment, len + 1);
> +	set->ext_size += sizeof(*c) + strlen(c->str) + 1;
> +	rcu_assign_pointer(comment->c, c);
> +}
> +
> +/* Used only when dumping a set, protected by rcu_read_lock() */
> +static inline int
> +ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment)
> +{
> +	struct ip_set_comment_rcu *c = rcu_dereference(comment->c);
> +
> +	if (!c)
> +		return 0;
> +	return nla_put_string(skb, IPSET_ATTR_COMMENT, c->str);
> +}
> +
> +/* Called from uadd/udel, flush or the garbage collectors protected
> + * by the set spinlock.
> + * Called when the set is destroyed and when there can't be any user
> + * of the set data anymore.
> + */
> +static inline void
> +ip_set_comment_free(struct ip_set *set, struct ip_set_comment *comment)
> +{
> +	struct ip_set_comment_rcu *c;
> +
> +	c = rcu_dereference_protected(comment->c, 1);
> +	if (unlikely(!c))
> +		return;
> +	set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
> +	kfree_rcu(c, rcu);
> +	rcu_assign_pointer(comment->c, NULL);
> +}
> +
> +static inline void
> +ip_set_add_bytes(u64 bytes, struct ip_set_counter *counter)
> +{
> +	atomic64_add((long long)bytes, &(counter)->bytes);
> +}
> +
> +static inline void
> +ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
> +{
> +	atomic64_add((long long)packets, &(counter)->packets);
> +}
> +
> +static inline u64
> +ip_set_get_bytes(const struct ip_set_counter *counter)
> +{
> +	return (u64)atomic64_read(&(counter)->bytes);
> +}
> +
> +static inline u64
> +ip_set_get_packets(const struct ip_set_counter *counter)
> +{
> +	return (u64)atomic64_read(&(counter)->packets);
> +}
> +
> +static inline bool
> +ip_set_match_counter(u64 counter, u64 match, u8 op)
> +{
> +	switch (op) {
> +	case IPSET_COUNTER_NONE:
> +		return true;
> +	case IPSET_COUNTER_EQ:
> +		return counter == match;
> +	case IPSET_COUNTER_NE:
> +		return counter != match;
> +	case IPSET_COUNTER_LT:
> +		return counter < match;
> +	case IPSET_COUNTER_GT:
> +		return counter > match;
> +	}
> +	return false;
> +}
> +
> +static inline void
> +ip_set_update_counter(struct ip_set_counter *counter,
> +		      const struct ip_set_ext *ext, u32 flags)
> +{
> +	if (ext->packets != ULLONG_MAX &&
> +	    !(flags & IPSET_FLAG_SKIP_COUNTER_UPDATE)) {
> +		ip_set_add_bytes(ext->bytes, counter);
> +		ip_set_add_packets(ext->packets, counter);
> +	}
> +}
> +
> +static inline bool
> +ip_set_put_counter(struct sk_buff *skb, const struct ip_set_counter *counter)
> +{
> +	return nla_put_net64(skb, IPSET_ATTR_BYTES,
> +			     cpu_to_be64(ip_set_get_bytes(counter)),
> +			     IPSET_ATTR_PAD) ||
> +	       nla_put_net64(skb, IPSET_ATTR_PACKETS,
> +			     cpu_to_be64(ip_set_get_packets(counter)),
> +			     IPSET_ATTR_PAD);
> +}
> +
> +static inline void
> +ip_set_init_counter(struct ip_set_counter *counter,
> +		    const struct ip_set_ext *ext)
> +{
> +	if (ext->bytes != ULLONG_MAX)
> +		atomic64_set(&(counter)->bytes, (long long)(ext->bytes));
> +	if (ext->packets != ULLONG_MAX)
> +		atomic64_set(&(counter)->packets, (long long)(ext->packets));
> +}
> +
> +static inline void
> +ip_set_get_skbinfo(struct ip_set_skbinfo *skbinfo,
> +		   const struct ip_set_ext *ext,
> +		   struct ip_set_ext *mext, u32 flags)
> +{
> +	mext->skbinfo = *skbinfo;
> +}
> +
> +static inline bool
> +ip_set_put_skbinfo(struct sk_buff *skb, const struct ip_set_skbinfo *skbinfo)
> +{
> +	/* Send nonzero parameters only */
> +	return ((skbinfo->skbmark || skbinfo->skbmarkmask) &&
> +		nla_put_net64(skb, IPSET_ATTR_SKBMARK,
> +			      cpu_to_be64((u64)skbinfo->skbmark << 32 |
> +					  skbinfo->skbmarkmask),
> +			      IPSET_ATTR_PAD)) ||
> +	       (skbinfo->skbprio &&
> +		nla_put_net32(skb, IPSET_ATTR_SKBPRIO,
> +			      cpu_to_be32(skbinfo->skbprio))) ||
> +	       (skbinfo->skbqueue &&
> +		nla_put_net16(skb, IPSET_ATTR_SKBQUEUE,
> +			      cpu_to_be16(skbinfo->skbqueue)));
> +}
> +
> +static inline void
> +ip_set_init_skbinfo(struct ip_set_skbinfo *skbinfo,
> +		    const struct ip_set_ext *ext)
> +{
> +	*skbinfo = ext->skbinfo;
> +}
>  
>  #define IP_SET_INIT_KEXT(skb, opt, set)			\
>  	{ .bytes = (skb)->len, .packets = 1,		\
> diff --git a/include/linux/netfilter/ipset/ip_set_comment.h b/include/linux/netfilter/ipset/ip_set_comment.h
> deleted file mode 100644
> index 0b894d81bbf2..000000000000
> --- a/include/linux/netfilter/ipset/ip_set_comment.h
> +++ /dev/null
> @@ -1,73 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0-only */
> -#ifndef _IP_SET_COMMENT_H
> -#define _IP_SET_COMMENT_H
> -
> -/* Copyright (C) 2013 Oliver Smith <oliver@....9.b.0.7.4.0.1.0.0.2.ip6.arpa>
> - */
> -
> -#ifdef __KERNEL__
> -
> -static inline char*
> -ip_set_comment_uget(struct nlattr *tb)
> -{
> -	return nla_data(tb);
> -}
> -
> -/* Called from uadd only, protected by the set spinlock.
> - * The kadt functions don't use the comment extensions in any way.
> - */
> -static inline void
> -ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,
> -		    const struct ip_set_ext *ext)
> -{
> -	struct ip_set_comment_rcu *c = rcu_dereference_protected(comment->c, 1);
> -	size_t len = ext->comment ? strlen(ext->comment) : 0;
> -
> -	if (unlikely(c)) {
> -		set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
> -		kfree_rcu(c, rcu);
> -		rcu_assign_pointer(comment->c, NULL);
> -	}
> -	if (!len)
> -		return;
> -	if (unlikely(len > IPSET_MAX_COMMENT_SIZE))
> -		len = IPSET_MAX_COMMENT_SIZE;
> -	c = kmalloc(sizeof(*c) + len + 1, GFP_ATOMIC);
> -	if (unlikely(!c))
> -		return;
> -	strlcpy(c->str, ext->comment, len + 1);
> -	set->ext_size += sizeof(*c) + strlen(c->str) + 1;
> -	rcu_assign_pointer(comment->c, c);
> -}
> -
> -/* Used only when dumping a set, protected by rcu_read_lock() */
> -static inline int
> -ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment)
> -{
> -	struct ip_set_comment_rcu *c = rcu_dereference(comment->c);
> -
> -	if (!c)
> -		return 0;
> -	return nla_put_string(skb, IPSET_ATTR_COMMENT, c->str);
> -}
> -
> -/* Called from uadd/udel, flush or the garbage collectors protected
> - * by the set spinlock.
> - * Called when the set is destroyed and when there can't be any user
> - * of the set data anymore.
> - */
> -static inline void
> -ip_set_comment_free(struct ip_set *set, struct ip_set_comment *comment)
> -{
> -	struct ip_set_comment_rcu *c;
> -
> -	c = rcu_dereference_protected(comment->c, 1);
> -	if (unlikely(!c))
> -		return;
> -	set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
> -	kfree_rcu(c, rcu);
> -	rcu_assign_pointer(comment->c, NULL);
> -}
> -
> -#endif
> -#endif
> diff --git a/include/linux/netfilter/ipset/ip_set_counter.h b/include/linux/netfilter/ipset/ip_set_counter.h
> deleted file mode 100644
> index 3400958c07be..000000000000
> --- a/include/linux/netfilter/ipset/ip_set_counter.h
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0-only */
> -#ifndef _IP_SET_COUNTER_H
> -#define _IP_SET_COUNTER_H
> -
> -/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@...filter.org> */
> -
> -#ifdef __KERNEL__
> -
> -static inline void
> -ip_set_add_bytes(u64 bytes, struct ip_set_counter *counter)
> -{
> -	atomic64_add((long long)bytes, &(counter)->bytes);
> -}
> -
> -static inline void
> -ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
> -{
> -	atomic64_add((long long)packets, &(counter)->packets);
> -}
> -
> -static inline u64
> -ip_set_get_bytes(const struct ip_set_counter *counter)
> -{
> -	return (u64)atomic64_read(&(counter)->bytes);
> -}
> -
> -static inline u64
> -ip_set_get_packets(const struct ip_set_counter *counter)
> -{
> -	return (u64)atomic64_read(&(counter)->packets);
> -}
> -
> -static inline bool
> -ip_set_match_counter(u64 counter, u64 match, u8 op)
> -{
> -	switch (op) {
> -	case IPSET_COUNTER_NONE:
> -		return true;
> -	case IPSET_COUNTER_EQ:
> -		return counter == match;
> -	case IPSET_COUNTER_NE:
> -		return counter != match;
> -	case IPSET_COUNTER_LT:
> -		return counter < match;
> -	case IPSET_COUNTER_GT:
> -		return counter > match;
> -	}
> -	return false;
> -}
> -
> -static inline void
> -ip_set_update_counter(struct ip_set_counter *counter,
> -		      const struct ip_set_ext *ext, u32 flags)
> -{
> -	if (ext->packets != ULLONG_MAX &&
> -	    !(flags & IPSET_FLAG_SKIP_COUNTER_UPDATE)) {
> -		ip_set_add_bytes(ext->bytes, counter);
> -		ip_set_add_packets(ext->packets, counter);
> -	}
> -}
> -
> -static inline bool
> -ip_set_put_counter(struct sk_buff *skb, const struct ip_set_counter *counter)
> -{
> -	return nla_put_net64(skb, IPSET_ATTR_BYTES,
> -			     cpu_to_be64(ip_set_get_bytes(counter)),
> -			     IPSET_ATTR_PAD) ||
> -	       nla_put_net64(skb, IPSET_ATTR_PACKETS,
> -			     cpu_to_be64(ip_set_get_packets(counter)),
> -			     IPSET_ATTR_PAD);
> -}
> -
> -static inline void
> -ip_set_init_counter(struct ip_set_counter *counter,
> -		    const struct ip_set_ext *ext)
> -{
> -	if (ext->bytes != ULLONG_MAX)
> -		atomic64_set(&(counter)->bytes, (long long)(ext->bytes));
> -	if (ext->packets != ULLONG_MAX)
> -		atomic64_set(&(counter)->packets, (long long)(ext->packets));
> -}
> -
> -#endif /* __KERNEL__ */
> -#endif /* _IP_SET_COUNTER_H */
> diff --git a/include/linux/netfilter/ipset/ip_set_skbinfo.h b/include/linux/netfilter/ipset/ip_set_skbinfo.h
> deleted file mode 100644
> index 3a2df02dbd55..000000000000
> --- a/include/linux/netfilter/ipset/ip_set_skbinfo.h
> +++ /dev/null
> @@ -1,42 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0-only */
> -#ifndef _IP_SET_SKBINFO_H
> -#define _IP_SET_SKBINFO_H
> -
> -/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@...filter.org> */
> -
> -#ifdef __KERNEL__
> -
> -static inline void
> -ip_set_get_skbinfo(struct ip_set_skbinfo *skbinfo,
> -		   const struct ip_set_ext *ext,
> -		   struct ip_set_ext *mext, u32 flags)
> -{
> -	mext->skbinfo = *skbinfo;
> -}
> -
> -static inline bool
> -ip_set_put_skbinfo(struct sk_buff *skb, const struct ip_set_skbinfo *skbinfo)
> -{
> -	/* Send nonzero parameters only */
> -	return ((skbinfo->skbmark || skbinfo->skbmarkmask) &&
> -		nla_put_net64(skb, IPSET_ATTR_SKBMARK,
> -			      cpu_to_be64((u64)skbinfo->skbmark << 32 |
> -					  skbinfo->skbmarkmask),
> -			      IPSET_ATTR_PAD)) ||
> -	       (skbinfo->skbprio &&
> -		nla_put_net32(skb, IPSET_ATTR_SKBPRIO,
> -			      cpu_to_be32(skbinfo->skbprio))) ||
> -	       (skbinfo->skbqueue &&
> -		nla_put_net16(skb, IPSET_ATTR_SKBQUEUE,
> -			      cpu_to_be16(skbinfo->skbqueue)));
> -}
> -
> -static inline void
> -ip_set_init_skbinfo(struct ip_set_skbinfo *skbinfo,
> -		    const struct ip_set_ext *ext)
> -{
> -	*skbinfo = ext->skbinfo;
> -}
> -
> -#endif /* __KERNEL__ */
> -#endif /* _IP_SET_SKBINFO_H */
> diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
> deleted file mode 100644
> index 2be60e379ecf..000000000000
> --- a/include/linux/netfilter/ipset/ip_set_timeout.h
> +++ /dev/null
> @@ -1,77 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0-only */
> -#ifndef _IP_SET_TIMEOUT_H
> -#define _IP_SET_TIMEOUT_H
> -
> -/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@...filter.org> */
> -
> -#ifdef __KERNEL__
> -
> -/* How often should the gc be run by default */
> -#define IPSET_GC_TIME			(3 * 60)
> -
> -/* Timeout period depending on the timeout value of the given set */
> -#define IPSET_GC_PERIOD(timeout) \
> -	((timeout/3) ? min_t(u32, (timeout)/3, IPSET_GC_TIME) : 1)
> -
> -/* Entry is set with no timeout value */
> -#define IPSET_ELEM_PERMANENT	0
> -
> -/* Set is defined with timeout support: timeout value may be 0 */
> -#define IPSET_NO_TIMEOUT	UINT_MAX
> -
> -/* Max timeout value, see msecs_to_jiffies() in jiffies.h */
> -#define IPSET_MAX_TIMEOUT	(UINT_MAX >> 1)/MSEC_PER_SEC
> -
> -#define ip_set_adt_opt_timeout(opt, set)	\
> -((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout)
> -
> -static inline unsigned int
> -ip_set_timeout_uget(struct nlattr *tb)
> -{
> -	unsigned int timeout = ip_set_get_h32(tb);
> -
> -	/* Normalize to fit into jiffies */
> -	if (timeout > IPSET_MAX_TIMEOUT)
> -		timeout = IPSET_MAX_TIMEOUT;
> -
> -	return timeout;
> -}
> -
> -static inline bool
> -ip_set_timeout_expired(const unsigned long *t)
> -{
> -	return *t != IPSET_ELEM_PERMANENT && time_is_before_jiffies(*t);
> -}
> -
> -static inline void
> -ip_set_timeout_set(unsigned long *timeout, u32 value)
> -{
> -	unsigned long t;
> -
> -	if (!value) {
> -		*timeout = IPSET_ELEM_PERMANENT;
> -		return;
> -	}
> -
> -	t = msecs_to_jiffies(value * MSEC_PER_SEC) + jiffies;
> -	if (t == IPSET_ELEM_PERMANENT)
> -		/* Bingo! :-) */
> -		t--;
> -	*timeout = t;
> -}
> -
> -static inline u32
> -ip_set_timeout_get(const unsigned long *timeout)
> -{
> -	u32 t;
> -
> -	if (*timeout == IPSET_ELEM_PERMANENT)
> -		return 0;
> -
> -	t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
> -	/* Zero value in userspace means no timeout */
> -	return t == 0 ? 1 : t;
> -}
> -
> -#endif	/* __KERNEL__ */
> -#endif /* _IP_SET_TIMEOUT_H */
> diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
> index 0feb77fa9edc..2e541cb3b37d 100644
> --- a/net/netfilter/ipset/ip_set_hash_gen.h
> +++ b/net/netfilter/ipset/ip_set_hash_gen.h
> @@ -7,7 +7,7 @@
>  #include <linux/rcupdate.h>
>  #include <linux/jhash.h>
>  #include <linux/types.h>
> -#include <linux/netfilter/ipset/ip_set_timeout.h>
> +#include <linux/netfilter/ipset/ip_set.h>
>  
>  #define __ipset_dereference_protected(p, c)	rcu_dereference_protected(p, c)
>  #define ipset_dereference_protected(p, set) \
> diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c
> index ecbfa291fb70..731bc2cafae4 100644
> --- a/net/netfilter/xt_set.c
> +++ b/net/netfilter/xt_set.c
> @@ -14,7 +14,6 @@
>  
>  #include <linux/netfilter/x_tables.h>
>  #include <linux/netfilter/ipset/ip_set.h>
> -#include <linux/netfilter/ipset/ip_set_timeout.h>
>  #include <uapi/linux/netfilter/xt_set.h>
>  
>  MODULE_LICENSE("GPL");
> -- 
> 2.20.1
> 
> 

-
E-mail  : kadlec@...ckhole.kfki.hu, kadlecsik.jozsef@...ner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ