netfilter: xtables: remove xt_hashlimit revision 0

Superseded by xt_hashlimit revision 1 (linux v2.6.24-6212-g09e410d, iptables 1.4.1-rc1). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-03-22 14:28:53 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-03-25 12:04:57 -0400
commit: 779dd630d8e198a2dc5581a48efae546161cc726 (patch)
tree: da0b77ab42c43187a858590bb311cca8f0659974 /net/netfilter
parent: f95c74e33eff5e3fe9798e2dc0a7749150ea3f80 (diff)
1 files changed, 0 insertions, 221 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index c89fde7d123..5470bb097c4 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -193,76 +193,6 @@ dsthash_free(struct xt_hashlimit_htable *ht, struct dsthash_ent *ent)
 }
 static void htable_gc(unsigned long htlong);
-static int htable_create_v0(struct net *net, struct xt_hashlimit_info *minfo, u_int8_t family)
-{
-        struct hashlimit_net *hashlimit_net = hashlimit_pernet(net);
-        struct xt_hashlimit_htable *hinfo;
-        unsigned int size;
-        unsigned int i;
-        if (minfo->cfg.size)
-                size = minfo->cfg.size;
-        else {
-                size = ((totalram_pages << PAGE_SHIFT) / 16384) /
-                       sizeof(struct list_head);
-                if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE))
-                        size = 8192;
-                if (size < 16)
-                        size = 16;
-        }
-        /* FIXME: don't use vmalloc() here or anywhere else -HW */
-        hinfo = vmalloc(sizeof(struct xt_hashlimit_htable) +
-                        sizeof(struct list_head) * size);
-        if (!hinfo)
-                return -ENOMEM;
-        minfo->hinfo = hinfo;
-        /* copy match config into hashtable config */
-        hinfo->cfg.mode        = minfo->cfg.mode;
-        hinfo->cfg.avg         = minfo->cfg.avg;
-        hinfo->cfg.burst       = minfo->cfg.burst;
-        hinfo->cfg.max         = minfo->cfg.max;
-        hinfo->cfg.gc_interval = minfo->cfg.gc_interval;
-        hinfo->cfg.expire      = minfo->cfg.expire;
-        if (family == NFPROTO_IPV4)
-                hinfo->cfg.srcmask = hinfo->cfg.dstmask = 32;
-        else
-                hinfo->cfg.srcmask = hinfo->cfg.dstmask = 128;
-        hinfo->cfg.size = size;
-        if (!hinfo->cfg.max)
-                hinfo->cfg.max = 8 * hinfo->cfg.size;
-        else if (hinfo->cfg.max < hinfo->cfg.size)
-                hinfo->cfg.max = hinfo->cfg.size;
-        for (i = 0; i < hinfo->cfg.size; i++)
-                INIT_HLIST_HEAD(&hinfo->hash[i]);
-        hinfo->use = 1;
-        hinfo->count = 0;
-        hinfo->family = family;
-        hinfo->rnd_initialized = false;
-        spin_lock_init(&hinfo->lock);
-        hinfo->pde = proc_create_data(minfo->name, 0,
-                (family == NFPROTO_IPV4) ?
-                hashlimit_net->ipt_hashlimit : hashlimit_net->ip6t_hashlimit,
-                &dl_file_ops, hinfo);
-        if (!hinfo->pde) {
-                vfree(hinfo);
-                return -ENOMEM;
-        }
-        hinfo->net = net;
-        setup_timer(&hinfo->timer, htable_gc, (unsigned long )hinfo);
-        hinfo->timer.expires = jiffies + msecs_to_jiffies(hinfo->cfg.gc_interval);
-        add_timer(&hinfo->timer);
-        hlist_add_head(&hinfo->node, &hashlimit_net->htables);
-        return 0;
-}
 static int htable_create(struct net *net, struct xt_hashlimit_mtinfo1 *minfo,
                         u_int8_t family)
 {
@@ -571,57 +501,6 @@ hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo,
 }
 static bool
-hashlimit_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
-{
-        const struct xt_hashlimit_info *r = par->matchinfo;
-        struct xt_hashlimit_htable *hinfo = r->hinfo;
-        unsigned long now = jiffies;
-        struct dsthash_ent *dh;
-        struct dsthash_dst dst;
-        if (hashlimit_init_dst(hinfo, &dst, skb, par->thoff) < 0)
-                goto hotdrop;
-        spin_lock_bh(&hinfo->lock);
-        dh = dsthash_find(hinfo, &dst);
-        if (!dh) {
-                dh = dsthash_alloc_init(hinfo, &dst);
-                if (!dh) {
-                        spin_unlock_bh(&hinfo->lock);
-                        goto hotdrop;
-                }
-                dh->expires = jiffies + msecs_to_jiffies(hinfo->cfg.expire);
-                dh->rateinfo.prev = jiffies;
-                dh->rateinfo.credit = user2credits(hinfo->cfg.avg *
-                                                   hinfo->cfg.burst);
-                dh->rateinfo.credit_cap = user2credits(hinfo->cfg.avg *
-                                                       hinfo->cfg.burst);
-                dh->rateinfo.cost = user2credits(hinfo->cfg.avg);
-        } else {
-                /* update expiration timeout */
-                dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire);
-                rateinfo_recalc(dh, now);
-        }
-        if (dh->rateinfo.credit >= dh->rateinfo.cost) {
-                /* We're underlimit. */
-                dh->rateinfo.credit -= dh->rateinfo.cost;
-                spin_unlock_bh(&hinfo->lock);
-                return true;
-        }
-        spin_unlock_bh(&hinfo->lock);
-        /* default case: we're overlimit, thus don't match */
-        return false;
-hotdrop:
-        *par->hotdrop = true;
-        return false;
-}
-static bool
 hashlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 {
        const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
@@ -671,45 +550,6 @@ hashlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return false;
 }
-static int hashlimit_mt_check_v0(const struct xt_mtchk_param *par)
-{
-        struct net *net = par->net;
-        struct xt_hashlimit_info *r = par->matchinfo;
-        int ret;
-        /* Check for overflow. */
-        if (r->cfg.burst == 0 ||
-            user2credits(r->cfg.avg * r->cfg.burst) < user2credits(r->cfg.avg)) {
-                pr_info("overflow, try lower: %u/%u\n",
-                        r->cfg.avg, r->cfg.burst);
-                return -ERANGE;
-        }
-        if (r->cfg.mode == 0 ||
-            r->cfg.mode > (XT_HASHLIMIT_HASH_DPT |
-                           XT_HASHLIMIT_HASH_DIP |
-                           XT_HASHLIMIT_HASH_SIP |
-                           XT_HASHLIMIT_HASH_SPT))
-                return -EINVAL;
-        if (!r->cfg.gc_interval)
-                return -EINVAL;
-        if (!r->cfg.expire)
-                return -EINVAL;
-        if (r->name[sizeof(r->name) - 1] != '\0')
-                return -EINVAL;
-        mutex_lock(&hashlimit_mutex);
-        r->hinfo = htable_find_get(net, r->name, par->family);
-        if (r->hinfo == NULL) {
-                ret = htable_create_v0(net, r, par->family);
-                if (ret < 0) {
-                        mutex_unlock(&hashlimit_mutex);
-                        return ret;
-                }
-        }
-        mutex_unlock(&hashlimit_mutex);
-        return 0;
-}
 static int hashlimit_mt_check(const struct xt_mtchk_param *par)
 {
        struct net *net = par->net;
@@ -749,14 +589,6 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par)
        return 0;
 }
-static void
-hashlimit_mt_destroy_v0(const struct xt_mtdtor_param *par)
-{
-        const struct xt_hashlimit_info *r = par->matchinfo;
-        htable_put(r->hinfo);
-}
 static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par)
 {
        const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
@@ -764,47 +596,8 @@ static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par)
        htable_put(info->hinfo);
 }
-#ifdef CONFIG_COMPAT
-struct compat_xt_hashlimit_info {
-        char name[IFNAMSIZ];
-        struct hashlimit_cfg cfg;
-        compat_uptr_t hinfo;
-        compat_uptr_t master;
-};
-static void hashlimit_mt_compat_from_user(void *dst, const void *src)
-{
-        int off = offsetof(struct compat_xt_hashlimit_info, hinfo);
-        memcpy(dst, src, off);
-        memset(dst + off, 0, sizeof(struct compat_xt_hashlimit_info) - off);
-}
-static int hashlimit_mt_compat_to_user(void __user *dst, const void *src)
-{
-        int off = offsetof(struct compat_xt_hashlimit_info, hinfo);
-        return copy_to_user(dst, src, off) ? -EFAULT : 0;
-}
-#endif
 static struct xt_match hashlimit_mt_reg[] __read_mostly = {
        {
-                .name           = "hashlimit",
-                .revision       = 0,
-                .family         = NFPROTO_IPV4,
-                .match          = hashlimit_mt_v0,
-                .matchsize      = sizeof(struct xt_hashlimit_info),
-#ifdef CONFIG_COMPAT
-                .compatsize     = sizeof(struct compat_xt_hashlimit_info),
-                .compat_from_user = hashlimit_mt_compat_from_user,
-                .compat_to_user = hashlimit_mt_compat_to_user,
-#endif
-                .checkentry     = hashlimit_mt_check_v0,
-                .destroy        = hashlimit_mt_destroy_v0,
-                .me             = THIS_MODULE
-        },
-        {
                .name           = "hashlimit",
                .revision       = 1,
                .family         = NFPROTO_IPV4,
@@ -816,20 +609,6 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
        },
 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
        {
-                .name           = "hashlimit",
-                .family         = NFPROTO_IPV6,
-                .match          = hashlimit_mt_v0,
-                .matchsize      = sizeof(struct xt_hashlimit_info),
-#ifdef CONFIG_COMPAT
-                .compatsize     = sizeof(struct compat_xt_hashlimit_info),
-                .compat_from_user = hashlimit_mt_compat_from_user,
-                .compat_to_user = hashlimit_mt_compat_to_user,
-#endif
-                .checkentry     = hashlimit_mt_check_v0,
-                .destroy        = hashlimit_mt_destroy_v0,
-                .me             = THIS_MODULE
-        },
-        {
                .name           = "hashlimit",
                .revision       = 1,
                .family         = NFPROTO_IPV6,
author	Jan Engelhardt <jengelh@medozas.de>	2010-03-22 14:28:53 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-03-25 12:04:57 -0400
commit	779dd630d8e198a2dc5581a48efae546161cc726 (patch)
tree	da0b77ab42c43187a858590bb311cca8f0659974 /net/netfilter
parent	f95c74e33eff5e3fe9798e2dc0a7749150ea3f80 (diff)

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index c89fde7d123..5470bb097c4 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c
@@ -193,76 +193,6 @@ dsthash_free(struct xt_hashlimit_htable ht, struct dsthash_ent ent)
193	}	193	}
194	static void htable_gc(unsigned long htlong);	194	static void htable_gc(unsigned long htlong);
195		195
196	static int htable_create_v0(struct net net, struct xt_hashlimit_info minfo, u_int8_t family)
197	{
198	struct hashlimit_net *hashlimit_net = hashlimit_pernet(net);
199	struct xt_hashlimit_htable *hinfo;
200	unsigned int size;
201	unsigned int i;
202
203	if (minfo->cfg.size)
204	size = minfo->cfg.size;
205	else {
206	size = ((totalram_pages << PAGE_SHIFT) / 16384) /
207	sizeof(struct list_head);
208	if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE))
209	size = 8192;
210	if (size < 16)
211	size = 16;
212	}
213	/* FIXME: don't use vmalloc() here or anywhere else -HW */
214	hinfo = vmalloc(sizeof(struct xt_hashlimit_htable) +
215	sizeof(struct list_head) * size);
216	if (!hinfo)
217	return -ENOMEM;
218	minfo->hinfo = hinfo;
219
220	/* copy match config into hashtable config */
221	hinfo->cfg.mode = minfo->cfg.mode;
222	hinfo->cfg.avg = minfo->cfg.avg;
223	hinfo->cfg.burst = minfo->cfg.burst;
224	hinfo->cfg.max = minfo->cfg.max;
225	hinfo->cfg.gc_interval = minfo->cfg.gc_interval;
226	hinfo->cfg.expire = minfo->cfg.expire;
227
228	if (family == NFPROTO_IPV4)
229	hinfo->cfg.srcmask = hinfo->cfg.dstmask = 32;
230	else
231	hinfo->cfg.srcmask = hinfo->cfg.dstmask = 128;
232
233	hinfo->cfg.size = size;
234	if (!hinfo->cfg.max)
235	hinfo->cfg.max = 8 * hinfo->cfg.size;
236	else if (hinfo->cfg.max < hinfo->cfg.size)
237	hinfo->cfg.max = hinfo->cfg.size;
238
239	for (i = 0; i < hinfo->cfg.size; i++)
240	INIT_HLIST_HEAD(&hinfo->hash[i]);
241
242	hinfo->use = 1;
243	hinfo->count = 0;
244	hinfo->family = family;
245	hinfo->rnd_initialized = false;
246	spin_lock_init(&hinfo->lock);
247	hinfo->pde = proc_create_data(minfo->name, 0,
248	(family == NFPROTO_IPV4) ?
249	hashlimit_net->ipt_hashlimit : hashlimit_net->ip6t_hashlimit,
250	&dl_file_ops, hinfo);
251	if (!hinfo->pde) {
252	vfree(hinfo);
253	return -ENOMEM;
254	}
255	hinfo->net = net;
256
257	setup_timer(&hinfo->timer, htable_gc, (unsigned long )hinfo);
258	hinfo->timer.expires = jiffies + msecs_to_jiffies(hinfo->cfg.gc_interval);
259	add_timer(&hinfo->timer);
260
261	hlist_add_head(&hinfo->node, &hashlimit_net->htables);
262
263	return 0;
264	}
265
266	static int htable_create(struct net net, struct xt_hashlimit_mtinfo1 minfo,	196	static int htable_create(struct net net, struct xt_hashlimit_mtinfo1 minfo,
267	u_int8_t family)	197	u_int8_t family)
268	{	198	{
@@ -571,57 +501,6 @@ hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo,
571	}	501	}
572		502
573	static bool	503	static bool
574	hashlimit_mt_v0(const struct sk_buff skb, const struct xt_match_param par)
575	{
576	const struct xt_hashlimit_info *r = par->matchinfo;
577	struct xt_hashlimit_htable *hinfo = r->hinfo;
578	unsigned long now = jiffies;
579	struct dsthash_ent *dh;
580	struct dsthash_dst dst;
581
582	if (hashlimit_init_dst(hinfo, &dst, skb, par->thoff) < 0)
583	goto hotdrop;
584
585	spin_lock_bh(&hinfo->lock);
586	dh = dsthash_find(hinfo, &dst);
587	if (!dh) {
588	dh = dsthash_alloc_init(hinfo, &dst);
589	if (!dh) {
590	spin_unlock_bh(&hinfo->lock);
591	goto hotdrop;
592	}
593
594	dh->expires = jiffies + msecs_to_jiffies(hinfo->cfg.expire);
595	dh->rateinfo.prev = jiffies;
596	dh->rateinfo.credit = user2credits(hinfo->cfg.avg *
597	hinfo->cfg.burst);
598	dh->rateinfo.credit_cap = user2credits(hinfo->cfg.avg *
599	hinfo->cfg.burst);
600	dh->rateinfo.cost = user2credits(hinfo->cfg.avg);
601	} else {
602	/* update expiration timeout */
603	dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire);
604	rateinfo_recalc(dh, now);
605	}
606
607	if (dh->rateinfo.credit >= dh->rateinfo.cost) {
608	/* We're underlimit. */
609	dh->rateinfo.credit -= dh->rateinfo.cost;
610	spin_unlock_bh(&hinfo->lock);
611	return true;
612	}
613
614	spin_unlock_bh(&hinfo->lock);
615
616	/* default case: we're overlimit, thus don't match */
617	return false;
618
619	hotdrop:
620	*par->hotdrop = true;
621	return false;
622	}
623
624	static bool
625	hashlimit_mt(const struct sk_buff skb, const struct xt_match_param par)	504	hashlimit_mt(const struct sk_buff skb, const struct xt_match_param par)
626	{	505	{
627	const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;	506	const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
@@ -671,45 +550,6 @@ hashlimit_mt(const struct sk_buff skb, const struct xt_match_param par)
671	return false;	550	return false;
672	}	551	}
673		552
674	static int hashlimit_mt_check_v0(const struct xt_mtchk_param *par)
675	{
676	struct net *net = par->net;
677	struct xt_hashlimit_info *r = par->matchinfo;
678	int ret;
679
680	/* Check for overflow. */
681	if (r->cfg.burst == 0 \|\|
682	user2credits(r->cfg.avg * r->cfg.burst) < user2credits(r->cfg.avg)) {
683	pr_info("overflow, try lower: %u/%u\n",
684	r->cfg.avg, r->cfg.burst);
685	return -ERANGE;
686	}
687	if (r->cfg.mode == 0 \|\|
688	r->cfg.mode > (XT_HASHLIMIT_HASH_DPT \|
689	XT_HASHLIMIT_HASH_DIP \|
690	XT_HASHLIMIT_HASH_SIP \|
691	XT_HASHLIMIT_HASH_SPT))
692	return -EINVAL;
693	if (!r->cfg.gc_interval)
694	return -EINVAL;
695	if (!r->cfg.expire)
696	return -EINVAL;
697	if (r->name[sizeof(r->name) - 1] != '\0')
698	return -EINVAL;
699
700	mutex_lock(&hashlimit_mutex);
701	r->hinfo = htable_find_get(net, r->name, par->family);
702	if (r->hinfo == NULL) {
703	ret = htable_create_v0(net, r, par->family);
704	if (ret < 0) {
705	mutex_unlock(&hashlimit_mutex);
706	return ret;
707	}
708	}
709	mutex_unlock(&hashlimit_mutex);
710	return 0;
711	}
712
713	static int hashlimit_mt_check(const struct xt_mtchk_param *par)	553	static int hashlimit_mt_check(const struct xt_mtchk_param *par)
714	{	554	{
715	struct net *net = par->net;	555	struct net *net = par->net;
@@ -749,14 +589,6 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par)
749	return 0;	589	return 0;
750	}	590	}
751		591
752	static void
753	hashlimit_mt_destroy_v0(const struct xt_mtdtor_param *par)
754	{
755	const struct xt_hashlimit_info *r = par->matchinfo;
756
757	htable_put(r->hinfo);
758	}
759
760	static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par)	592	static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par)
761	{	593	{
762	const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;	594	const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
@@ -764,47 +596,8 @@ static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par)
764	htable_put(info->hinfo);	596	htable_put(info->hinfo);
765	}	597	}
766		598
767	#ifdef CONFIG_COMPAT
768	struct compat_xt_hashlimit_info {
769	char name[IFNAMSIZ];
770	struct hashlimit_cfg cfg;
771	compat_uptr_t hinfo;
772	compat_uptr_t master;
773	};
774
775	static void hashlimit_mt_compat_from_user(void dst, const void src)
776	{
777	int off = offsetof(struct compat_xt_hashlimit_info, hinfo);
778
779	memcpy(dst, src, off);
780	memset(dst + off, 0, sizeof(struct compat_xt_hashlimit_info) - off);
781	}
782
783	static int hashlimit_mt_compat_to_user(void __user dst, const void src)
784	{
785	int off = offsetof(struct compat_xt_hashlimit_info, hinfo);
786
787	return copy_to_user(dst, src, off) ? -EFAULT : 0;
788	}
789	#endif
790
791	static struct xt_match hashlimit_mt_reg[] __read_mostly = {	599	static struct xt_match hashlimit_mt_reg[] __read_mostly = {
792	{	600	{
793	.name = "hashlimit",
794	.revision = 0,
795	.family = NFPROTO_IPV4,
796	.match = hashlimit_mt_v0,
797	.matchsize = sizeof(struct xt_hashlimit_info),
798	#ifdef CONFIG_COMPAT
799	.compatsize = sizeof(struct compat_xt_hashlimit_info),
800	.compat_from_user = hashlimit_mt_compat_from_user,
801	.compat_to_user = hashlimit_mt_compat_to_user,
802	#endif
803	.checkentry = hashlimit_mt_check_v0,
804	.destroy = hashlimit_mt_destroy_v0,
805	.me = THIS_MODULE
806	},
807	{
808	.name = "hashlimit",	601	.name = "hashlimit",
809	.revision = 1,	602	.revision = 1,
810	.family = NFPROTO_IPV4,	603	.family = NFPROTO_IPV4,
@@ -816,20 +609,6 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
816	},	609	},
817	#if defined(CONFIG_IP6_NF_IPTABLES) \|\| defined(CONFIG_IP6_NF_IPTABLES_MODULE)	610	#if defined(CONFIG_IP6_NF_IPTABLES) \|\| defined(CONFIG_IP6_NF_IPTABLES_MODULE)
818	{	611	{
819	.name = "hashlimit",
820	.family = NFPROTO_IPV6,
821	.match = hashlimit_mt_v0,
822	.matchsize = sizeof(struct xt_hashlimit_info),
823	#ifdef CONFIG_COMPAT
824	.compatsize = sizeof(struct compat_xt_hashlimit_info),
825	.compat_from_user = hashlimit_mt_compat_from_user,
826	.compat_to_user = hashlimit_mt_compat_to_user,
827	#endif
828	.checkentry = hashlimit_mt_check_v0,
829	.destroy = hashlimit_mt_destroy_v0,
830	.me = THIS_MODULE
831	},
832	{
833	.name = "hashlimit",	612	.name = "hashlimit",
834	.revision = 1,	613	.revision = 1,
835	.family = NFPROTO_IPV6,	614	.family = NFPROTO_IPV6,