diff options
| -rw-r--r-- | include/linux/netfilter/ipset/ip_set_ahash.h | 30 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 18 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_net.c | 22 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netiface.c | 22 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 18 |
5 files changed, 99 insertions, 11 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h index 01d25e6fc792..0214c4c146fa 100644 --- a/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/include/linux/netfilter/ipset/ip_set_ahash.h | |||
| @@ -291,6 +291,7 @@ ip_set_hash_destroy(struct ip_set *set) | |||
| 291 | #define type_pf_data_tlist TOKEN(TYPE, PF, _data_tlist) | 291 | #define type_pf_data_tlist TOKEN(TYPE, PF, _data_tlist) |
| 292 | #define type_pf_data_next TOKEN(TYPE, PF, _data_next) | 292 | #define type_pf_data_next TOKEN(TYPE, PF, _data_next) |
| 293 | #define type_pf_data_flags TOKEN(TYPE, PF, _data_flags) | 293 | #define type_pf_data_flags TOKEN(TYPE, PF, _data_flags) |
| 294 | #define type_pf_data_reset_flags TOKEN(TYPE, PF, _data_reset_flags) | ||
| 294 | #ifdef IP_SET_HASH_WITH_NETS | 295 | #ifdef IP_SET_HASH_WITH_NETS |
| 295 | #define type_pf_data_match TOKEN(TYPE, PF, _data_match) | 296 | #define type_pf_data_match TOKEN(TYPE, PF, _data_match) |
| 296 | #else | 297 | #else |
| @@ -385,9 +386,9 @@ type_pf_resize(struct ip_set *set, bool retried) | |||
| 385 | struct ip_set_hash *h = set->data; | 386 | struct ip_set_hash *h = set->data; |
| 386 | struct htable *t, *orig = h->table; | 387 | struct htable *t, *orig = h->table; |
| 387 | u8 htable_bits = orig->htable_bits; | 388 | u8 htable_bits = orig->htable_bits; |
| 388 | const struct type_pf_elem *data; | 389 | struct type_pf_elem *data; |
| 389 | struct hbucket *n, *m; | 390 | struct hbucket *n, *m; |
| 390 | u32 i, j; | 391 | u32 i, j, flags = 0; |
| 391 | int ret; | 392 | int ret; |
| 392 | 393 | ||
| 393 | retry: | 394 | retry: |
| @@ -412,9 +413,16 @@ retry: | |||
| 412 | n = hbucket(orig, i); | 413 | n = hbucket(orig, i); |
| 413 | for (j = 0; j < n->pos; j++) { | 414 | for (j = 0; j < n->pos; j++) { |
| 414 | data = ahash_data(n, j); | 415 | data = ahash_data(n, j); |
| 416 | #ifdef IP_SET_HASH_WITH_NETS | ||
| 417 | flags = 0; | ||
| 418 | type_pf_data_reset_flags(data, &flags); | ||
| 419 | #endif | ||
| 415 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); | 420 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); |
| 416 | ret = type_pf_elem_add(m, data, AHASH_MAX(h), 0); | 421 | ret = type_pf_elem_add(m, data, AHASH_MAX(h), flags); |
| 417 | if (ret < 0) { | 422 | if (ret < 0) { |
| 423 | #ifdef IP_SET_HASH_WITH_NETS | ||
| 424 | type_pf_data_flags(data, flags); | ||
| 425 | #endif | ||
| 418 | read_unlock_bh(&set->lock); | 426 | read_unlock_bh(&set->lock); |
| 419 | ahash_destroy(t); | 427 | ahash_destroy(t); |
| 420 | if (ret == -EAGAIN) | 428 | if (ret == -EAGAIN) |
| @@ -836,9 +844,9 @@ type_pf_tresize(struct ip_set *set, bool retried) | |||
| 836 | struct ip_set_hash *h = set->data; | 844 | struct ip_set_hash *h = set->data; |
| 837 | struct htable *t, *orig = h->table; | 845 | struct htable *t, *orig = h->table; |
| 838 | u8 htable_bits = orig->htable_bits; | 846 | u8 htable_bits = orig->htable_bits; |
| 839 | const struct type_pf_elem *data; | 847 | struct type_pf_elem *data; |
| 840 | struct hbucket *n, *m; | 848 | struct hbucket *n, *m; |
| 841 | u32 i, j; | 849 | u32 i, j, flags = 0; |
| 842 | int ret; | 850 | int ret; |
| 843 | 851 | ||
| 844 | /* Try to cleanup once */ | 852 | /* Try to cleanup once */ |
| @@ -873,10 +881,17 @@ retry: | |||
| 873 | n = hbucket(orig, i); | 881 | n = hbucket(orig, i); |
| 874 | for (j = 0; j < n->pos; j++) { | 882 | for (j = 0; j < n->pos; j++) { |
| 875 | data = ahash_tdata(n, j); | 883 | data = ahash_tdata(n, j); |
| 884 | #ifdef IP_SET_HASH_WITH_NETS | ||
| 885 | flags = 0; | ||
| 886 | type_pf_data_reset_flags(data, &flags); | ||
| 887 | #endif | ||
| 876 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); | 888 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); |
| 877 | ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), 0, | 889 | ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), flags, |
| 878 | ip_set_timeout_get(type_pf_data_timeout(data))); | 890 | ip_set_timeout_get(type_pf_data_timeout(data))); |
| 879 | if (ret < 0) { | 891 | if (ret < 0) { |
| 892 | #ifdef IP_SET_HASH_WITH_NETS | ||
| 893 | type_pf_data_flags(data, flags); | ||
| 894 | #endif | ||
| 880 | read_unlock_bh(&set->lock); | 895 | read_unlock_bh(&set->lock); |
| 881 | ahash_destroy(t); | 896 | ahash_destroy(t); |
| 882 | if (ret == -EAGAIN) | 897 | if (ret == -EAGAIN) |
| @@ -1187,6 +1202,7 @@ type_pf_gc_init(struct ip_set *set) | |||
| 1187 | #undef type_pf_data_tlist | 1202 | #undef type_pf_data_tlist |
| 1188 | #undef type_pf_data_next | 1203 | #undef type_pf_data_next |
| 1189 | #undef type_pf_data_flags | 1204 | #undef type_pf_data_flags |
| 1205 | #undef type_pf_data_reset_flags | ||
| 1190 | #undef type_pf_data_match | 1206 | #undef type_pf_data_match |
| 1191 | 1207 | ||
| 1192 | #undef type_pf_elem | 1208 | #undef type_pf_elem |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index f2627226a087..10a30b4fc7db 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
| @@ -104,6 +104,15 @@ hash_ipportnet4_data_flags(struct hash_ipportnet4_elem *dst, u32 flags) | |||
| 104 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); | 104 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 105 | } | 105 | } |
| 106 | 106 | ||
| 107 | static inline void | ||
| 108 | hash_ipportnet4_data_reset_flags(struct hash_ipportnet4_elem *dst, u32 *flags) | ||
| 109 | { | ||
| 110 | if (dst->nomatch) { | ||
| 111 | *flags = IPSET_FLAG_NOMATCH; | ||
| 112 | dst->nomatch = 0; | ||
| 113 | } | ||
| 114 | } | ||
| 115 | |||
| 107 | static inline int | 116 | static inline int |
| 108 | hash_ipportnet4_data_match(const struct hash_ipportnet4_elem *elem) | 117 | hash_ipportnet4_data_match(const struct hash_ipportnet4_elem *elem) |
| 109 | { | 118 | { |
| @@ -414,6 +423,15 @@ hash_ipportnet6_data_flags(struct hash_ipportnet6_elem *dst, u32 flags) | |||
| 414 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); | 423 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 415 | } | 424 | } |
| 416 | 425 | ||
| 426 | static inline void | ||
| 427 | hash_ipportnet6_data_reset_flags(struct hash_ipportnet6_elem *dst, u32 *flags) | ||
| 428 | { | ||
| 429 | if (dst->nomatch) { | ||
| 430 | *flags = IPSET_FLAG_NOMATCH; | ||
| 431 | dst->nomatch = 0; | ||
| 432 | } | ||
| 433 | } | ||
| 434 | |||
| 417 | static inline int | 435 | static inline int |
| 418 | hash_ipportnet6_data_match(const struct hash_ipportnet6_elem *elem) | 436 | hash_ipportnet6_data_match(const struct hash_ipportnet6_elem *elem) |
| 419 | { | 437 | { |
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c index 4b677cf6bf7d..d6a59154d710 100644 --- a/net/netfilter/ipset/ip_set_hash_net.c +++ b/net/netfilter/ipset/ip_set_hash_net.c | |||
| @@ -87,7 +87,16 @@ hash_net4_data_copy(struct hash_net4_elem *dst, | |||
| 87 | static inline void | 87 | static inline void |
| 88 | hash_net4_data_flags(struct hash_net4_elem *dst, u32 flags) | 88 | hash_net4_data_flags(struct hash_net4_elem *dst, u32 flags) |
| 89 | { | 89 | { |
| 90 | dst->nomatch = flags & IPSET_FLAG_NOMATCH; | 90 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 91 | } | ||
| 92 | |||
| 93 | static inline void | ||
| 94 | hash_net4_data_reset_flags(struct hash_net4_elem *dst, u32 *flags) | ||
| 95 | { | ||
| 96 | if (dst->nomatch) { | ||
| 97 | *flags = IPSET_FLAG_NOMATCH; | ||
| 98 | dst->nomatch = 0; | ||
| 99 | } | ||
| 91 | } | 100 | } |
| 92 | 101 | ||
| 93 | static inline int | 102 | static inline int |
| @@ -308,7 +317,16 @@ hash_net6_data_copy(struct hash_net6_elem *dst, | |||
| 308 | static inline void | 317 | static inline void |
| 309 | hash_net6_data_flags(struct hash_net6_elem *dst, u32 flags) | 318 | hash_net6_data_flags(struct hash_net6_elem *dst, u32 flags) |
| 310 | { | 319 | { |
| 311 | dst->nomatch = flags & IPSET_FLAG_NOMATCH; | 320 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 321 | } | ||
| 322 | |||
| 323 | static inline void | ||
| 324 | hash_net6_data_reset_flags(struct hash_net6_elem *dst, u32 *flags) | ||
| 325 | { | ||
| 326 | if (dst->nomatch) { | ||
| 327 | *flags = IPSET_FLAG_NOMATCH; | ||
| 328 | dst->nomatch = 0; | ||
| 329 | } | ||
| 312 | } | 330 | } |
| 313 | 331 | ||
| 314 | static inline int | 332 | static inline int |
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c index 6ba985f1c96f..f2b0a3c30130 100644 --- a/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/net/netfilter/ipset/ip_set_hash_netiface.c | |||
| @@ -198,7 +198,16 @@ hash_netiface4_data_copy(struct hash_netiface4_elem *dst, | |||
| 198 | static inline void | 198 | static inline void |
| 199 | hash_netiface4_data_flags(struct hash_netiface4_elem *dst, u32 flags) | 199 | hash_netiface4_data_flags(struct hash_netiface4_elem *dst, u32 flags) |
| 200 | { | 200 | { |
| 201 | dst->nomatch = flags & IPSET_FLAG_NOMATCH; | 201 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 202 | } | ||
| 203 | |||
| 204 | static inline void | ||
| 205 | hash_netiface4_data_reset_flags(struct hash_netiface4_elem *dst, u32 *flags) | ||
| 206 | { | ||
| 207 | if (dst->nomatch) { | ||
| 208 | *flags = IPSET_FLAG_NOMATCH; | ||
| 209 | dst->nomatch = 0; | ||
| 210 | } | ||
| 202 | } | 211 | } |
| 203 | 212 | ||
| 204 | static inline int | 213 | static inline int |
| @@ -494,7 +503,7 @@ hash_netiface6_data_copy(struct hash_netiface6_elem *dst, | |||
| 494 | static inline void | 503 | static inline void |
| 495 | hash_netiface6_data_flags(struct hash_netiface6_elem *dst, u32 flags) | 504 | hash_netiface6_data_flags(struct hash_netiface6_elem *dst, u32 flags) |
| 496 | { | 505 | { |
| 497 | dst->nomatch = flags & IPSET_FLAG_NOMATCH; | 506 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 498 | } | 507 | } |
| 499 | 508 | ||
| 500 | static inline int | 509 | static inline int |
| @@ -504,6 +513,15 @@ hash_netiface6_data_match(const struct hash_netiface6_elem *elem) | |||
| 504 | } | 513 | } |
| 505 | 514 | ||
| 506 | static inline void | 515 | static inline void |
| 516 | hash_netiface6_data_reset_flags(struct hash_netiface6_elem *dst, u32 *flags) | ||
| 517 | { | ||
| 518 | if (dst->nomatch) { | ||
| 519 | *flags = IPSET_FLAG_NOMATCH; | ||
| 520 | dst->nomatch = 0; | ||
| 521 | } | ||
| 522 | } | ||
| 523 | |||
| 524 | static inline void | ||
| 507 | hash_netiface6_data_zero_out(struct hash_netiface6_elem *elem) | 525 | hash_netiface6_data_zero_out(struct hash_netiface6_elem *elem) |
| 508 | { | 526 | { |
| 509 | elem->elem = 0; | 527 | elem->elem = 0; |
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index af20c0c5ced2..349deb672a2d 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c | |||
| @@ -104,6 +104,15 @@ hash_netport4_data_flags(struct hash_netport4_elem *dst, u32 flags) | |||
| 104 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); | 104 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 105 | } | 105 | } |
| 106 | 106 | ||
| 107 | static inline void | ||
| 108 | hash_netport4_data_reset_flags(struct hash_netport4_elem *dst, u32 *flags) | ||
| 109 | { | ||
| 110 | if (dst->nomatch) { | ||
| 111 | *flags = IPSET_FLAG_NOMATCH; | ||
| 112 | dst->nomatch = 0; | ||
| 113 | } | ||
| 114 | } | ||
| 115 | |||
| 107 | static inline int | 116 | static inline int |
| 108 | hash_netport4_data_match(const struct hash_netport4_elem *elem) | 117 | hash_netport4_data_match(const struct hash_netport4_elem *elem) |
| 109 | { | 118 | { |
| @@ -375,6 +384,15 @@ hash_netport6_data_flags(struct hash_netport6_elem *dst, u32 flags) | |||
| 375 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); | 384 | dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); |
| 376 | } | 385 | } |
| 377 | 386 | ||
| 387 | static inline void | ||
| 388 | hash_netport6_data_reset_flags(struct hash_netport6_elem *dst, u32 *flags) | ||
| 389 | { | ||
| 390 | if (dst->nomatch) { | ||
| 391 | *flags = IPSET_FLAG_NOMATCH; | ||
| 392 | dst->nomatch = 0; | ||
| 393 | } | ||
| 394 | } | ||
| 395 | |||
| 378 | static inline int | 396 | static inline int |
| 379 | hash_netport6_data_match(const struct hash_netport6_elem *elem) | 397 | hash_netport6_data_match(const struct hash_netport6_elem *elem) |
| 380 | { | 398 | { |