diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-06 18:43:52 -0400 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-30 15:33:27 -0400 |
commit | 03c8b234e61a9a3aab8d970b3bf681934ecfe443 (patch) | |
tree | 5c7626df64ebff04f451242dfec41a01e6dc22bb | |
parent | ca134ce86451f3f5ac45ffbf1494a1f42110bf93 (diff) |
netfilter: ipset: Generalize extensions support
Get rid of the structure based extensions and introduce a blob for
the extensions. Thus we can support more extension types easily.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
-rw-r--r-- | include/linux/netfilter/ipset/ip_set.h | 13 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_ip.c | 81 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_ipmac.c | 91 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_bitmap_port.c | 71 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 46 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_gen.h | 86 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ip.c | 36 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 54 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 60 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 66 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_net.c | 54 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_netiface.c | 68 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 60 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_list_set.c | 81 |
14 files changed, 118 insertions, 749 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index 992a2f58dbd3..66d6bd404d64 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h | |||
@@ -66,6 +66,17 @@ enum ip_set_ext_id { | |||
66 | IPSET_EXT_ID_MAX, | 66 | IPSET_EXT_ID_MAX, |
67 | }; | 67 | }; |
68 | 68 | ||
69 | /* Extension type */ | ||
70 | struct ip_set_ext_type { | ||
71 | enum ip_set_extension type; | ||
72 | enum ipset_cadt_flags flag; | ||
73 | /* Size and minimal alignment */ | ||
74 | u8 len; | ||
75 | u8 align; | ||
76 | }; | ||
77 | |||
78 | extern const struct ip_set_ext_type ip_set_extensions[]; | ||
79 | |||
69 | struct ip_set_ext { | 80 | struct ip_set_ext { |
70 | u64 packets; | 81 | u64 packets; |
71 | u64 bytes; | 82 | u64 bytes; |
@@ -283,6 +294,8 @@ extern void *ip_set_alloc(size_t size); | |||
283 | extern void ip_set_free(void *members); | 294 | extern void ip_set_free(void *members); |
284 | extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr); | 295 | extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr); |
285 | extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr); | 296 | extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr); |
297 | extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], | ||
298 | size_t len); | ||
286 | extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], | 299 | extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], |
287 | struct ip_set_ext *ext); | 300 | struct ip_set_ext *ext); |
288 | 301 | ||
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c index 363022edb8fb..94d985457c51 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c | |||
@@ -208,25 +208,6 @@ bitmap_ip_same_set(const struct ip_set *a, const struct ip_set *b) | |||
208 | struct bitmap_ip_elem { | 208 | struct bitmap_ip_elem { |
209 | }; | 209 | }; |
210 | 210 | ||
211 | /* Timeout variant */ | ||
212 | |||
213 | struct bitmap_ipt_elem { | ||
214 | unsigned long timeout; | ||
215 | }; | ||
216 | |||
217 | /* Plain variant with counter */ | ||
218 | |||
219 | struct bitmap_ipc_elem { | ||
220 | struct ip_set_counter counter; | ||
221 | }; | ||
222 | |||
223 | /* Timeout variant with counter */ | ||
224 | |||
225 | struct bitmap_ipct_elem { | ||
226 | unsigned long timeout; | ||
227 | struct ip_set_counter counter; | ||
228 | }; | ||
229 | |||
230 | #include "ip_set_bitmap_gen.h" | 211 | #include "ip_set_bitmap_gen.h" |
231 | 212 | ||
232 | /* Create bitmap:ip type of sets */ | 213 | /* Create bitmap:ip type of sets */ |
@@ -263,7 +244,7 @@ static int | |||
263 | bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | 244 | bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) |
264 | { | 245 | { |
265 | struct bitmap_ip *map; | 246 | struct bitmap_ip *map; |
266 | u32 first_ip = 0, last_ip = 0, hosts, cadt_flags = 0; | 247 | u32 first_ip = 0, last_ip = 0, hosts; |
267 | u64 elements; | 248 | u64 elements; |
268 | u8 netmask = 32; | 249 | u8 netmask = 32; |
269 | int ret; | 250 | int ret; |
@@ -335,61 +316,15 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
335 | 316 | ||
336 | map->memsize = bitmap_bytes(0, elements - 1); | 317 | map->memsize = bitmap_bytes(0, elements - 1); |
337 | set->variant = &bitmap_ip; | 318 | set->variant = &bitmap_ip; |
338 | if (tb[IPSET_ATTR_CADT_FLAGS]) | 319 | set->dsize = ip_set_elem_len(set, tb, 0); |
339 | cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | 320 | if (!init_map_ip(set, map, first_ip, last_ip, |
340 | if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | 321 | elements, hosts, netmask)) { |
341 | set->extensions |= IPSET_EXT_COUNTER; | 322 | kfree(map); |
342 | if (tb[IPSET_ATTR_TIMEOUT]) { | 323 | return -ENOMEM; |
343 | set->dsize = sizeof(struct bitmap_ipct_elem); | 324 | } |
344 | set->offset[IPSET_EXT_ID_TIMEOUT] = | 325 | if (tb[IPSET_ATTR_TIMEOUT]) { |
345 | offsetof(struct bitmap_ipct_elem, timeout); | ||
346 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
347 | offsetof(struct bitmap_ipct_elem, counter); | ||
348 | |||
349 | if (!init_map_ip(set, map, first_ip, last_ip, | ||
350 | elements, hosts, netmask)) { | ||
351 | kfree(map); | ||
352 | return -ENOMEM; | ||
353 | } | ||
354 | |||
355 | set->timeout = ip_set_timeout_uget( | ||
356 | tb[IPSET_ATTR_TIMEOUT]); | ||
357 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
358 | |||
359 | bitmap_ip_gc_init(set, bitmap_ip_gc); | ||
360 | } else { | ||
361 | set->dsize = sizeof(struct bitmap_ipc_elem); | ||
362 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
363 | offsetof(struct bitmap_ipc_elem, counter); | ||
364 | |||
365 | if (!init_map_ip(set, map, first_ip, last_ip, | ||
366 | elements, hosts, netmask)) { | ||
367 | kfree(map); | ||
368 | return -ENOMEM; | ||
369 | } | ||
370 | } | ||
371 | } else if (tb[IPSET_ATTR_TIMEOUT]) { | ||
372 | set->dsize = sizeof(struct bitmap_ipt_elem); | ||
373 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
374 | offsetof(struct bitmap_ipt_elem, timeout); | ||
375 | |||
376 | if (!init_map_ip(set, map, first_ip, last_ip, | ||
377 | elements, hosts, netmask)) { | ||
378 | kfree(map); | ||
379 | return -ENOMEM; | ||
380 | } | ||
381 | |||
382 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | 326 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
383 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
384 | |||
385 | bitmap_ip_gc_init(set, bitmap_ip_gc); | 327 | bitmap_ip_gc_init(set, bitmap_ip_gc); |
386 | } else { | ||
387 | set->dsize = 0; | ||
388 | if (!init_map_ip(set, map, first_ip, last_ip, | ||
389 | elements, hosts, netmask)) { | ||
390 | kfree(map); | ||
391 | return -ENOMEM; | ||
392 | } | ||
393 | } | 328 | } |
394 | return 0; | 329 | return 0; |
395 | } | 330 | } |
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 74576cb19264..654a97bedfe9 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | |||
@@ -289,37 +289,6 @@ bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b) | |||
289 | 289 | ||
290 | /* Plain variant */ | 290 | /* Plain variant */ |
291 | 291 | ||
292 | /* Timeout variant */ | ||
293 | |||
294 | struct bitmap_ipmact_elem { | ||
295 | struct { | ||
296 | unsigned char ether[ETH_ALEN]; | ||
297 | unsigned char filled; | ||
298 | } __attribute__ ((aligned)); | ||
299 | unsigned long timeout; | ||
300 | }; | ||
301 | |||
302 | /* Plain variant with counter */ | ||
303 | |||
304 | struct bitmap_ipmacc_elem { | ||
305 | struct { | ||
306 | unsigned char ether[ETH_ALEN]; | ||
307 | unsigned char filled; | ||
308 | } __attribute__ ((aligned)); | ||
309 | struct ip_set_counter counter; | ||
310 | }; | ||
311 | |||
312 | /* Timeout variant with counter */ | ||
313 | |||
314 | struct bitmap_ipmacct_elem { | ||
315 | struct { | ||
316 | unsigned char ether[ETH_ALEN]; | ||
317 | unsigned char filled; | ||
318 | } __attribute__ ((aligned)); | ||
319 | unsigned long timeout; | ||
320 | struct ip_set_counter counter; | ||
321 | }; | ||
322 | |||
323 | #include "ip_set_bitmap_gen.h" | 292 | #include "ip_set_bitmap_gen.h" |
324 | 293 | ||
325 | /* Create bitmap:ip,mac type of sets */ | 294 | /* Create bitmap:ip,mac type of sets */ |
@@ -328,7 +297,7 @@ static bool | |||
328 | init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, | 297 | init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, |
329 | u32 first_ip, u32 last_ip, u32 elements) | 298 | u32 first_ip, u32 last_ip, u32 elements) |
330 | { | 299 | { |
331 | map->members = ip_set_alloc((last_ip - first_ip + 1) * set->dsize); | 300 | map->members = ip_set_alloc(map->memsize); |
332 | if (!map->members) | 301 | if (!map->members) |
333 | return false; | 302 | return false; |
334 | if (set->dsize) { | 303 | if (set->dsize) { |
@@ -353,7 +322,7 @@ static int | |||
353 | bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | 322 | bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], |
354 | u32 flags) | 323 | u32 flags) |
355 | { | 324 | { |
356 | u32 first_ip = 0, last_ip = 0, cadt_flags = 0; | 325 | u32 first_ip = 0, last_ip = 0; |
357 | u64 elements; | 326 | u64 elements; |
358 | struct bitmap_ipmac *map; | 327 | struct bitmap_ipmac *map; |
359 | int ret; | 328 | int ret; |
@@ -397,57 +366,15 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | |||
397 | 366 | ||
398 | map->memsize = bitmap_bytes(0, elements - 1); | 367 | map->memsize = bitmap_bytes(0, elements - 1); |
399 | set->variant = &bitmap_ipmac; | 368 | set->variant = &bitmap_ipmac; |
400 | if (tb[IPSET_ATTR_CADT_FLAGS]) | 369 | set->dsize = ip_set_elem_len(set, tb, |
401 | cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | 370 | sizeof(struct bitmap_ipmac_elem)); |
402 | if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | 371 | if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { |
403 | set->extensions |= IPSET_EXT_COUNTER; | 372 | kfree(map); |
404 | if (tb[IPSET_ATTR_TIMEOUT]) { | 373 | return -ENOMEM; |
405 | set->dsize = sizeof(struct bitmap_ipmacct_elem); | 374 | } |
406 | set->offset[IPSET_EXT_ID_TIMEOUT] = | 375 | if (tb[IPSET_ATTR_TIMEOUT]) { |
407 | offsetof(struct bitmap_ipmacct_elem, timeout); | ||
408 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
409 | offsetof(struct bitmap_ipmacct_elem, counter); | ||
410 | |||
411 | if (!init_map_ipmac(set, map, first_ip, last_ip, | ||
412 | elements)) { | ||
413 | kfree(map); | ||
414 | return -ENOMEM; | ||
415 | } | ||
416 | set->timeout = ip_set_timeout_uget( | ||
417 | tb[IPSET_ATTR_TIMEOUT]); | ||
418 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
419 | bitmap_ipmac_gc_init(set, bitmap_ipmac_gc); | ||
420 | } else { | ||
421 | set->dsize = sizeof(struct bitmap_ipmacc_elem); | ||
422 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
423 | offsetof(struct bitmap_ipmacc_elem, counter); | ||
424 | |||
425 | if (!init_map_ipmac(set, map, first_ip, last_ip, | ||
426 | elements)) { | ||
427 | kfree(map); | ||
428 | return -ENOMEM; | ||
429 | } | ||
430 | } | ||
431 | } else if (tb[IPSET_ATTR_TIMEOUT]) { | ||
432 | set->dsize = sizeof(struct bitmap_ipmact_elem); | ||
433 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
434 | offsetof(struct bitmap_ipmact_elem, timeout); | ||
435 | |||
436 | if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | ||
437 | kfree(map); | ||
438 | return -ENOMEM; | ||
439 | } | ||
440 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | 376 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
441 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
442 | bitmap_ipmac_gc_init(set, bitmap_ipmac_gc); | 377 | bitmap_ipmac_gc_init(set, bitmap_ipmac_gc); |
443 | } else { | ||
444 | set->dsize = sizeof(struct bitmap_ipmac_elem); | ||
445 | |||
446 | if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | ||
447 | kfree(map); | ||
448 | return -ENOMEM; | ||
449 | } | ||
450 | set->variant = &bitmap_ipmac; | ||
451 | } | 378 | } |
452 | return 0; | 379 | return 0; |
453 | } | 380 | } |
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c index 71da31935499..1ef2f3186b80 100644 --- a/net/netfilter/ipset/ip_set_bitmap_port.c +++ b/net/netfilter/ipset/ip_set_bitmap_port.c | |||
@@ -198,25 +198,6 @@ bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b) | |||
198 | struct bitmap_port_elem { | 198 | struct bitmap_port_elem { |
199 | }; | 199 | }; |
200 | 200 | ||
201 | /* Timeout variant */ | ||
202 | |||
203 | struct bitmap_portt_elem { | ||
204 | unsigned long timeout; | ||
205 | }; | ||
206 | |||
207 | /* Plain variant with counter */ | ||
208 | |||
209 | struct bitmap_portc_elem { | ||
210 | struct ip_set_counter counter; | ||
211 | }; | ||
212 | |||
213 | /* Timeout variant with counter */ | ||
214 | |||
215 | struct bitmap_portct_elem { | ||
216 | unsigned long timeout; | ||
217 | struct ip_set_counter counter; | ||
218 | }; | ||
219 | |||
220 | #include "ip_set_bitmap_gen.h" | 201 | #include "ip_set_bitmap_gen.h" |
221 | 202 | ||
222 | /* Create bitmap:ip type of sets */ | 203 | /* Create bitmap:ip type of sets */ |
@@ -250,7 +231,6 @@ bitmap_port_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
250 | { | 231 | { |
251 | struct bitmap_port *map; | 232 | struct bitmap_port *map; |
252 | u16 first_port, last_port; | 233 | u16 first_port, last_port; |
253 | u32 cadt_flags = 0; | ||
254 | 234 | ||
255 | if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || | 235 | if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || |
256 | !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) || | 236 | !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) || |
@@ -274,53 +254,14 @@ bitmap_port_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
274 | map->elements = last_port - first_port + 1; | 254 | map->elements = last_port - first_port + 1; |
275 | map->memsize = map->elements * sizeof(unsigned long); | 255 | map->memsize = map->elements * sizeof(unsigned long); |
276 | set->variant = &bitmap_port; | 256 | set->variant = &bitmap_port; |
277 | if (tb[IPSET_ATTR_CADT_FLAGS]) | 257 | set->dsize = ip_set_elem_len(set, tb, 0); |
278 | cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | 258 | if (!init_map_port(set, map, first_port, last_port)) { |
279 | if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | 259 | kfree(map); |
280 | set->extensions |= IPSET_EXT_COUNTER; | 260 | return -ENOMEM; |
281 | if (tb[IPSET_ATTR_TIMEOUT]) { | 261 | } |
282 | set->dsize = sizeof(struct bitmap_portct_elem); | 262 | if (tb[IPSET_ATTR_TIMEOUT]) { |
283 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
284 | offsetof(struct bitmap_portct_elem, timeout); | ||
285 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
286 | offsetof(struct bitmap_portct_elem, counter); | ||
287 | if (!init_map_port(set, map, first_port, last_port)) { | ||
288 | kfree(map); | ||
289 | return -ENOMEM; | ||
290 | } | ||
291 | |||
292 | set->timeout = | ||
293 | ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | ||
294 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
295 | bitmap_port_gc_init(set, bitmap_port_gc); | ||
296 | } else { | ||
297 | set->dsize = sizeof(struct bitmap_portc_elem); | ||
298 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
299 | offsetof(struct bitmap_portc_elem, counter); | ||
300 | if (!init_map_port(set, map, first_port, last_port)) { | ||
301 | kfree(map); | ||
302 | return -ENOMEM; | ||
303 | } | ||
304 | } | ||
305 | } else if (tb[IPSET_ATTR_TIMEOUT]) { | ||
306 | set->dsize = sizeof(struct bitmap_portt_elem); | ||
307 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
308 | offsetof(struct bitmap_portt_elem, timeout); | ||
309 | if (!init_map_port(set, map, first_port, last_port)) { | ||
310 | kfree(map); | ||
311 | return -ENOMEM; | ||
312 | } | ||
313 | |||
314 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | 263 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
315 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
316 | bitmap_port_gc_init(set, bitmap_port_gc); | 264 | bitmap_port_gc_init(set, bitmap_port_gc); |
317 | } else { | ||
318 | set->dsize = 0; | ||
319 | if (!init_map_port(set, map, first_port, last_port)) { | ||
320 | kfree(map); | ||
321 | return -ENOMEM; | ||
322 | } | ||
323 | |||
324 | } | 265 | } |
325 | return 0; | 266 | return 0; |
326 | } | 267 | } |
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 428c30a8586f..f35afed3814f 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c | |||
@@ -315,6 +315,52 @@ ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr) | |||
315 | } | 315 | } |
316 | EXPORT_SYMBOL_GPL(ip_set_get_ipaddr6); | 316 | EXPORT_SYMBOL_GPL(ip_set_get_ipaddr6); |
317 | 317 | ||
318 | /* ipset data extension types, in size order */ | ||
319 | |||
320 | const struct ip_set_ext_type ip_set_extensions[] = { | ||
321 | [IPSET_EXT_ID_COUNTER] = { | ||
322 | .type = IPSET_EXT_COUNTER, | ||
323 | .flag = IPSET_FLAG_WITH_COUNTERS, | ||
324 | .len = sizeof(struct ip_set_counter), | ||
325 | .align = __alignof__(struct ip_set_counter), | ||
326 | }, | ||
327 | [IPSET_EXT_ID_TIMEOUT] = { | ||
328 | .type = IPSET_EXT_TIMEOUT, | ||
329 | .len = sizeof(unsigned long), | ||
330 | .align = __alignof__(unsigned long), | ||
331 | }, | ||
332 | }; | ||
333 | EXPORT_SYMBOL_GPL(ip_set_extensions); | ||
334 | |||
335 | static inline bool | ||
336 | add_extension(enum ip_set_ext_id id, u32 flags, struct nlattr *tb[]) | ||
337 | { | ||
338 | return ip_set_extensions[id].flag ? | ||
339 | (flags & ip_set_extensions[id].flag) : | ||
340 | !!tb[IPSET_ATTR_TIMEOUT]; | ||
341 | } | ||
342 | |||
343 | size_t | ||
344 | ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len) | ||
345 | { | ||
346 | enum ip_set_ext_id id; | ||
347 | size_t offset = 0; | ||
348 | u32 cadt_flags = 0; | ||
349 | |||
350 | if (tb[IPSET_ATTR_CADT_FLAGS]) | ||
351 | cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | ||
352 | for (id = 0; id < IPSET_EXT_ID_MAX; id++) { | ||
353 | if (!add_extension(id, cadt_flags, tb)) | ||
354 | continue; | ||
355 | offset += ALIGN(len + offset, ip_set_extensions[id].align); | ||
356 | set->offset[id] = offset; | ||
357 | set->extensions |= ip_set_extensions[id].type; | ||
358 | offset += ip_set_extensions[id].len; | ||
359 | } | ||
360 | return len + offset; | ||
361 | } | ||
362 | EXPORT_SYMBOL_GPL(ip_set_elem_len); | ||
363 | |||
318 | int | 364 | int |
319 | ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], | 365 | ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], |
320 | struct ip_set_ext *ext) | 366 | struct ip_set_ext *ext) |
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index 0cb840e1f8ae..3999f1719f69 100644 --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h | |||
@@ -960,7 +960,6 @@ static int | |||
960 | IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) | 960 | IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) |
961 | { | 961 | { |
962 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; | 962 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; |
963 | u32 cadt_flags = 0; | ||
964 | u8 hbits; | 963 | u8 hbits; |
965 | #ifdef IP_SET_HASH_WITH_NETMASK | 964 | #ifdef IP_SET_HASH_WITH_NETMASK |
966 | u8 netmask; | 965 | u8 netmask; |
@@ -1034,88 +1033,23 @@ IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
1034 | rcu_assign_pointer(h->table, t); | 1033 | rcu_assign_pointer(h->table, t); |
1035 | 1034 | ||
1036 | set->data = h; | 1035 | set->data = h; |
1037 | if (set->family == NFPROTO_IPV4) | 1036 | if (set->family == NFPROTO_IPV4) { |
1038 | set->variant = &IPSET_TOKEN(HTYPE, 4_variant); | 1037 | set->variant = &IPSET_TOKEN(HTYPE, 4_variant); |
1039 | else | 1038 | set->dsize = ip_set_elem_len(set, tb, |
1039 | sizeof(struct IPSET_TOKEN(HTYPE, 4_elem))); | ||
1040 | } else { | ||
1040 | set->variant = &IPSET_TOKEN(HTYPE, 6_variant); | 1041 | set->variant = &IPSET_TOKEN(HTYPE, 6_variant); |
1041 | 1042 | set->dsize = ip_set_elem_len(set, tb, | |
1042 | if (tb[IPSET_ATTR_CADT_FLAGS]) | 1043 | sizeof(struct IPSET_TOKEN(HTYPE, 6_elem))); |
1043 | cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | 1044 | } |
1044 | if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | 1045 | if (tb[IPSET_ATTR_TIMEOUT]) { |
1045 | set->extensions |= IPSET_EXT_COUNTER; | ||
1046 | if (tb[IPSET_ATTR_TIMEOUT]) { | ||
1047 | set->timeout = | ||
1048 | ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | ||
1049 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
1050 | if (set->family == NFPROTO_IPV4) { | ||
1051 | set->dsize = sizeof(struct | ||
1052 | IPSET_TOKEN(HTYPE, 4ct_elem)); | ||
1053 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
1054 | offsetof(struct | ||
1055 | IPSET_TOKEN(HTYPE, 4ct_elem), | ||
1056 | timeout); | ||
1057 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
1058 | offsetof(struct | ||
1059 | IPSET_TOKEN(HTYPE, 4ct_elem), | ||
1060 | counter); | ||
1061 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, | ||
1062 | IPSET_TOKEN(HTYPE, 4_gc)); | ||
1063 | } else { | ||
1064 | set->dsize = sizeof(struct | ||
1065 | IPSET_TOKEN(HTYPE, 6ct_elem)); | ||
1066 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
1067 | offsetof(struct | ||
1068 | IPSET_TOKEN(HTYPE, 6ct_elem), | ||
1069 | timeout); | ||
1070 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
1071 | offsetof(struct | ||
1072 | IPSET_TOKEN(HTYPE, 6ct_elem), | ||
1073 | counter); | ||
1074 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, | ||
1075 | IPSET_TOKEN(HTYPE, 6_gc)); | ||
1076 | } | ||
1077 | } else { | ||
1078 | if (set->family == NFPROTO_IPV4) { | ||
1079 | set->dsize = | ||
1080 | sizeof(struct | ||
1081 | IPSET_TOKEN(HTYPE, 4c_elem)); | ||
1082 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
1083 | offsetof(struct | ||
1084 | IPSET_TOKEN(HTYPE, 4c_elem), | ||
1085 | counter); | ||
1086 | } else { | ||
1087 | set->dsize = | ||
1088 | sizeof(struct | ||
1089 | IPSET_TOKEN(HTYPE, 6c_elem)); | ||
1090 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
1091 | offsetof(struct | ||
1092 | IPSET_TOKEN(HTYPE, 6c_elem), | ||
1093 | counter); | ||
1094 | } | ||
1095 | } | ||
1096 | } else if (tb[IPSET_ATTR_TIMEOUT]) { | ||
1097 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | 1046 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
1098 | set->extensions |= IPSET_EXT_TIMEOUT; | 1047 | if (set->family == NFPROTO_IPV4) |
1099 | if (set->family == NFPROTO_IPV4) { | ||
1100 | set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 4t_elem)); | ||
1101 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
1102 | offsetof(struct IPSET_TOKEN(HTYPE, 4t_elem), | ||
1103 | timeout); | ||
1104 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, | 1048 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, |
1105 | IPSET_TOKEN(HTYPE, 4_gc)); | 1049 | IPSET_TOKEN(HTYPE, 4_gc)); |
1106 | } else { | 1050 | else |
1107 | set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 6t_elem)); | ||
1108 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
1109 | offsetof(struct IPSET_TOKEN(HTYPE, 6t_elem), | ||
1110 | timeout); | ||
1111 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, | 1051 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, |
1112 | IPSET_TOKEN(HTYPE, 6_gc)); | 1052 | IPSET_TOKEN(HTYPE, 6_gc)); |
1113 | } | ||
1114 | } else { | ||
1115 | if (set->family == NFPROTO_IPV4) | ||
1116 | set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)); | ||
1117 | else | ||
1118 | set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)); | ||
1119 | } | 1053 | } |
1120 | 1054 | ||
1121 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", | 1055 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", |
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index bbde7c304622..a111ffe40b46 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c | |||
@@ -35,7 +35,7 @@ MODULE_ALIAS("ip_set_hash:ip"); | |||
35 | #define HTYPE hash_ip | 35 | #define HTYPE hash_ip |
36 | #define IP_SET_HASH_WITH_NETMASK | 36 | #define IP_SET_HASH_WITH_NETMASK |
37 | 37 | ||
38 | /* IPv4 variants */ | 38 | /* IPv4 variant */ |
39 | 39 | ||
40 | /* Member elements */ | 40 | /* Member elements */ |
41 | struct hash_ip4_elem { | 41 | struct hash_ip4_elem { |
@@ -43,22 +43,6 @@ struct hash_ip4_elem { | |||
43 | __be32 ip; | 43 | __be32 ip; |
44 | }; | 44 | }; |
45 | 45 | ||
46 | struct hash_ip4t_elem { | ||
47 | __be32 ip; | ||
48 | unsigned long timeout; | ||
49 | }; | ||
50 | |||
51 | struct hash_ip4c_elem { | ||
52 | __be32 ip; | ||
53 | struct ip_set_counter counter; | ||
54 | }; | ||
55 | |||
56 | struct hash_ip4ct_elem { | ||
57 | __be32 ip; | ||
58 | struct ip_set_counter counter; | ||
59 | unsigned long timeout; | ||
60 | }; | ||
61 | |||
62 | /* Common functions */ | 46 | /* Common functions */ |
63 | 47 | ||
64 | static inline bool | 48 | static inline bool |
@@ -178,29 +162,13 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
178 | return ret; | 162 | return ret; |
179 | } | 163 | } |
180 | 164 | ||
181 | /* IPv6 variants */ | 165 | /* IPv6 variant */ |
182 | 166 | ||
183 | /* Member elements */ | 167 | /* Member elements */ |
184 | struct hash_ip6_elem { | 168 | struct hash_ip6_elem { |
185 | union nf_inet_addr ip; | 169 | union nf_inet_addr ip; |
186 | }; | 170 | }; |
187 | 171 | ||
188 | struct hash_ip6t_elem { | ||
189 | union nf_inet_addr ip; | ||
190 | unsigned long timeout; | ||
191 | }; | ||
192 | |||
193 | struct hash_ip6c_elem { | ||
194 | union nf_inet_addr ip; | ||
195 | struct ip_set_counter counter; | ||
196 | }; | ||
197 | |||
198 | struct hash_ip6ct_elem { | ||
199 | union nf_inet_addr ip; | ||
200 | struct ip_set_counter counter; | ||
201 | unsigned long timeout; | ||
202 | }; | ||
203 | |||
204 | /* Common functions */ | 172 | /* Common functions */ |
205 | 173 | ||
206 | static inline bool | 174 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index dd175d6f3965..5dc735c4dac2 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
@@ -36,7 +36,7 @@ MODULE_ALIAS("ip_set_hash:ip,port"); | |||
36 | /* Type specific function prefix */ | 36 | /* Type specific function prefix */ |
37 | #define HTYPE hash_ipport | 37 | #define HTYPE hash_ipport |
38 | 38 | ||
39 | /* IPv4 variants */ | 39 | /* IPv4 variant */ |
40 | 40 | ||
41 | /* Member elements */ | 41 | /* Member elements */ |
42 | struct hash_ipport4_elem { | 42 | struct hash_ipport4_elem { |
@@ -46,31 +46,6 @@ struct hash_ipport4_elem { | |||
46 | u8 padding; | 46 | u8 padding; |
47 | }; | 47 | }; |
48 | 48 | ||
49 | struct hash_ipport4t_elem { | ||
50 | __be32 ip; | ||
51 | __be16 port; | ||
52 | u8 proto; | ||
53 | u8 padding; | ||
54 | unsigned long timeout; | ||
55 | }; | ||
56 | |||
57 | struct hash_ipport4c_elem { | ||
58 | __be32 ip; | ||
59 | __be16 port; | ||
60 | u8 proto; | ||
61 | u8 padding; | ||
62 | struct ip_set_counter counter; | ||
63 | }; | ||
64 | |||
65 | struct hash_ipport4ct_elem { | ||
66 | __be32 ip; | ||
67 | __be16 port; | ||
68 | u8 proto; | ||
69 | u8 padding; | ||
70 | struct ip_set_counter counter; | ||
71 | unsigned long timeout; | ||
72 | }; | ||
73 | |||
74 | /* Common functions */ | 49 | /* Common functions */ |
75 | 50 | ||
76 | static inline bool | 51 | static inline bool |
@@ -221,7 +196,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
221 | return ret; | 196 | return ret; |
222 | } | 197 | } |
223 | 198 | ||
224 | /* IPv6 variants */ | 199 | /* IPv6 variant */ |
225 | 200 | ||
226 | struct hash_ipport6_elem { | 201 | struct hash_ipport6_elem { |
227 | union nf_inet_addr ip; | 202 | union nf_inet_addr ip; |
@@ -230,31 +205,6 @@ struct hash_ipport6_elem { | |||
230 | u8 padding; | 205 | u8 padding; |
231 | }; | 206 | }; |
232 | 207 | ||
233 | struct hash_ipport6t_elem { | ||
234 | union nf_inet_addr ip; | ||
235 | __be16 port; | ||
236 | u8 proto; | ||
237 | u8 padding; | ||
238 | unsigned long timeout; | ||
239 | }; | ||
240 | |||
241 | struct hash_ipport6c_elem { | ||
242 | union nf_inet_addr ip; | ||
243 | __be16 port; | ||
244 | u8 proto; | ||
245 | u8 padding; | ||
246 | struct ip_set_counter counter; | ||
247 | }; | ||
248 | |||
249 | struct hash_ipport6ct_elem { | ||
250 | union nf_inet_addr ip; | ||
251 | __be16 port; | ||
252 | u8 proto; | ||
253 | u8 padding; | ||
254 | struct ip_set_counter counter; | ||
255 | unsigned long timeout; | ||
256 | }; | ||
257 | |||
258 | /* Common functions */ | 208 | /* Common functions */ |
259 | 209 | ||
260 | static inline bool | 210 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index 87a2cfab2568..8c43dc7811cb 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
@@ -36,7 +36,7 @@ MODULE_ALIAS("ip_set_hash:ip,port,ip"); | |||
36 | /* Type specific function prefix */ | 36 | /* Type specific function prefix */ |
37 | #define HTYPE hash_ipportip | 37 | #define HTYPE hash_ipportip |
38 | 38 | ||
39 | /* IPv4 variants */ | 39 | /* IPv4 variant */ |
40 | 40 | ||
41 | /* Member elements */ | 41 | /* Member elements */ |
42 | struct hash_ipportip4_elem { | 42 | struct hash_ipportip4_elem { |
@@ -47,34 +47,6 @@ struct hash_ipportip4_elem { | |||
47 | u8 padding; | 47 | u8 padding; |
48 | }; | 48 | }; |
49 | 49 | ||
50 | struct hash_ipportip4t_elem { | ||
51 | __be32 ip; | ||
52 | __be32 ip2; | ||
53 | __be16 port; | ||
54 | u8 proto; | ||
55 | u8 padding; | ||
56 | unsigned long timeout; | ||
57 | }; | ||
58 | |||
59 | struct hash_ipportip4c_elem { | ||
60 | __be32 ip; | ||
61 | __be32 ip2; | ||
62 | __be16 port; | ||
63 | u8 proto; | ||
64 | u8 padding; | ||
65 | struct ip_set_counter counter; | ||
66 | }; | ||
67 | |||
68 | struct hash_ipportip4ct_elem { | ||
69 | __be32 ip; | ||
70 | __be32 ip2; | ||
71 | __be16 port; | ||
72 | u8 proto; | ||
73 | u8 padding; | ||
74 | struct ip_set_counter counter; | ||
75 | unsigned long timeout; | ||
76 | }; | ||
77 | |||
78 | static inline bool | 50 | static inline bool |
79 | hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1, | 51 | hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1, |
80 | const struct hash_ipportip4_elem *ip2, | 52 | const struct hash_ipportip4_elem *ip2, |
@@ -230,7 +202,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
230 | return ret; | 202 | return ret; |
231 | } | 203 | } |
232 | 204 | ||
233 | /* IPv6 variants */ | 205 | /* IPv6 variant */ |
234 | 206 | ||
235 | struct hash_ipportip6_elem { | 207 | struct hash_ipportip6_elem { |
236 | union nf_inet_addr ip; | 208 | union nf_inet_addr ip; |
@@ -240,34 +212,6 @@ struct hash_ipportip6_elem { | |||
240 | u8 padding; | 212 | u8 padding; |
241 | }; | 213 | }; |
242 | 214 | ||
243 | struct hash_ipportip6t_elem { | ||
244 | union nf_inet_addr ip; | ||
245 | union nf_inet_addr ip2; | ||
246 | __be16 port; | ||
247 | u8 proto; | ||
248 | u8 padding; | ||
249 | unsigned long timeout; | ||
250 | }; | ||
251 | |||
252 | struct hash_ipportip6c_elem { | ||
253 | union nf_inet_addr ip; | ||
254 | union nf_inet_addr ip2; | ||
255 | __be16 port; | ||
256 | u8 proto; | ||
257 | u8 padding; | ||
258 | struct ip_set_counter counter; | ||
259 | }; | ||
260 | |||
261 | struct hash_ipportip6ct_elem { | ||
262 | union nf_inet_addr ip; | ||
263 | union nf_inet_addr ip2; | ||
264 | __be16 port; | ||
265 | u8 proto; | ||
266 | u8 padding; | ||
267 | struct ip_set_counter counter; | ||
268 | unsigned long timeout; | ||
269 | }; | ||
270 | |||
271 | /* Common functions */ | 215 | /* Common functions */ |
272 | 216 | ||
273 | static inline bool | 217 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index 0b9a28d7c740..34890452366c 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
@@ -46,7 +46,7 @@ MODULE_ALIAS("ip_set_hash:ip,port,net"); | |||
46 | #define IP_SET_HASH_WITH_PROTO | 46 | #define IP_SET_HASH_WITH_PROTO |
47 | #define IP_SET_HASH_WITH_NETS | 47 | #define IP_SET_HASH_WITH_NETS |
48 | 48 | ||
49 | /* IPv4 variants */ | 49 | /* IPv4 variant */ |
50 | 50 | ||
51 | /* Member elements */ | 51 | /* Member elements */ |
52 | struct hash_ipportnet4_elem { | 52 | struct hash_ipportnet4_elem { |
@@ -58,37 +58,6 @@ struct hash_ipportnet4_elem { | |||
58 | u8 proto; | 58 | u8 proto; |
59 | }; | 59 | }; |
60 | 60 | ||
61 | struct hash_ipportnet4t_elem { | ||
62 | __be32 ip; | ||
63 | __be32 ip2; | ||
64 | __be16 port; | ||
65 | u8 cidr:7; | ||
66 | u8 nomatch:1; | ||
67 | u8 proto; | ||
68 | unsigned long timeout; | ||
69 | }; | ||
70 | |||
71 | struct hash_ipportnet4c_elem { | ||
72 | __be32 ip; | ||
73 | __be32 ip2; | ||
74 | __be16 port; | ||
75 | u8 cidr:7; | ||
76 | u8 nomatch:1; | ||
77 | u8 proto; | ||
78 | struct ip_set_counter counter; | ||
79 | }; | ||
80 | |||
81 | struct hash_ipportnet4ct_elem { | ||
82 | __be32 ip; | ||
83 | __be32 ip2; | ||
84 | __be16 port; | ||
85 | u8 cidr:7; | ||
86 | u8 nomatch:1; | ||
87 | u8 proto; | ||
88 | struct ip_set_counter counter; | ||
89 | unsigned long timeout; | ||
90 | }; | ||
91 | |||
92 | /* Common functions */ | 61 | /* Common functions */ |
93 | 62 | ||
94 | static inline bool | 63 | static inline bool |
@@ -328,7 +297,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
328 | return ret; | 297 | return ret; |
329 | } | 298 | } |
330 | 299 | ||
331 | /* IPv6 variants */ | 300 | /* IPv6 variant */ |
332 | 301 | ||
333 | struct hash_ipportnet6_elem { | 302 | struct hash_ipportnet6_elem { |
334 | union nf_inet_addr ip; | 303 | union nf_inet_addr ip; |
@@ -339,37 +308,6 @@ struct hash_ipportnet6_elem { | |||
339 | u8 proto; | 308 | u8 proto; |
340 | }; | 309 | }; |
341 | 310 | ||
342 | struct hash_ipportnet6t_elem { | ||
343 | union nf_inet_addr ip; | ||
344 | union nf_inet_addr ip2; | ||
345 | __be16 port; | ||
346 | u8 cidr:7; | ||
347 | u8 nomatch:1; | ||
348 | u8 proto; | ||
349 | unsigned long timeout; | ||
350 | }; | ||
351 | |||
352 | struct hash_ipportnet6c_elem { | ||
353 | union nf_inet_addr ip; | ||
354 | union nf_inet_addr ip2; | ||
355 | __be16 port; | ||
356 | u8 cidr:7; | ||
357 | u8 nomatch:1; | ||
358 | u8 proto; | ||
359 | struct ip_set_counter counter; | ||
360 | }; | ||
361 | |||
362 | struct hash_ipportnet6ct_elem { | ||
363 | union nf_inet_addr ip; | ||
364 | union nf_inet_addr ip2; | ||
365 | __be16 port; | ||
366 | u8 cidr:7; | ||
367 | u8 nomatch:1; | ||
368 | u8 proto; | ||
369 | struct ip_set_counter counter; | ||
370 | unsigned long timeout; | ||
371 | }; | ||
372 | |||
373 | /* Common functions */ | 311 | /* Common functions */ |
374 | 312 | ||
375 | static inline bool | 313 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c index 1d4caa50dacb..d5598557f4a9 100644 --- a/net/netfilter/ipset/ip_set_hash_net.c +++ b/net/netfilter/ipset/ip_set_hash_net.c | |||
@@ -36,7 +36,7 @@ MODULE_ALIAS("ip_set_hash:net"); | |||
36 | #define HTYPE hash_net | 36 | #define HTYPE hash_net |
37 | #define IP_SET_HASH_WITH_NETS | 37 | #define IP_SET_HASH_WITH_NETS |
38 | 38 | ||
39 | /* IPv4 variants */ | 39 | /* IPv4 variant */ |
40 | 40 | ||
41 | /* Member elements */ | 41 | /* Member elements */ |
42 | struct hash_net4_elem { | 42 | struct hash_net4_elem { |
@@ -46,31 +46,6 @@ struct hash_net4_elem { | |||
46 | u8 cidr; | 46 | u8 cidr; |
47 | }; | 47 | }; |
48 | 48 | ||
49 | struct hash_net4t_elem { | ||
50 | __be32 ip; | ||
51 | u16 padding0; | ||
52 | u8 nomatch; | ||
53 | u8 cidr; | ||
54 | unsigned long timeout; | ||
55 | }; | ||
56 | |||
57 | struct hash_net4c_elem { | ||
58 | __be32 ip; | ||
59 | u16 padding0; | ||
60 | u8 nomatch; | ||
61 | u8 cidr; | ||
62 | struct ip_set_counter counter; | ||
63 | }; | ||
64 | |||
65 | struct hash_net4ct_elem { | ||
66 | __be32 ip; | ||
67 | u16 padding0; | ||
68 | u8 nomatch; | ||
69 | u8 cidr; | ||
70 | struct ip_set_counter counter; | ||
71 | unsigned long timeout; | ||
72 | }; | ||
73 | |||
74 | /* Common functions */ | 49 | /* Common functions */ |
75 | 50 | ||
76 | static inline bool | 51 | static inline bool |
@@ -228,7 +203,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
228 | return ret; | 203 | return ret; |
229 | } | 204 | } |
230 | 205 | ||
231 | /* IPv6 variants */ | 206 | /* IPv6 variant */ |
232 | 207 | ||
233 | struct hash_net6_elem { | 208 | struct hash_net6_elem { |
234 | union nf_inet_addr ip; | 209 | union nf_inet_addr ip; |
@@ -237,31 +212,6 @@ struct hash_net6_elem { | |||
237 | u8 cidr; | 212 | u8 cidr; |
238 | }; | 213 | }; |
239 | 214 | ||
240 | struct hash_net6t_elem { | ||
241 | union nf_inet_addr ip; | ||
242 | u16 padding0; | ||
243 | u8 nomatch; | ||
244 | u8 cidr; | ||
245 | unsigned long timeout; | ||
246 | }; | ||
247 | |||
248 | struct hash_net6c_elem { | ||
249 | union nf_inet_addr ip; | ||
250 | u16 padding0; | ||
251 | u8 nomatch; | ||
252 | u8 cidr; | ||
253 | struct ip_set_counter counter; | ||
254 | }; | ||
255 | |||
256 | struct hash_net6ct_elem { | ||
257 | union nf_inet_addr ip; | ||
258 | u16 padding0; | ||
259 | u8 nomatch; | ||
260 | u8 cidr; | ||
261 | struct ip_set_counter counter; | ||
262 | unsigned long timeout; | ||
263 | }; | ||
264 | |||
265 | /* Common functions */ | 215 | /* Common functions */ |
266 | 216 | ||
267 | static inline bool | 217 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c index 2f0ffe35c408..26703e9e5082 100644 --- a/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/net/netfilter/ipset/ip_set_hash_netiface.c | |||
@@ -134,7 +134,7 @@ iface_add(struct rb_root *root, const char **iface) | |||
134 | 134 | ||
135 | #define STREQ(a, b) (strcmp(a, b) == 0) | 135 | #define STREQ(a, b) (strcmp(a, b) == 0) |
136 | 136 | ||
137 | /* IPv4 variants */ | 137 | /* IPv4 variant */ |
138 | 138 | ||
139 | struct hash_netiface4_elem_hashed { | 139 | struct hash_netiface4_elem_hashed { |
140 | __be32 ip; | 140 | __be32 ip; |
@@ -144,7 +144,7 @@ struct hash_netiface4_elem_hashed { | |||
144 | u8 elem; | 144 | u8 elem; |
145 | }; | 145 | }; |
146 | 146 | ||
147 | /* Member elements without timeout */ | 147 | /* Member elements */ |
148 | struct hash_netiface4_elem { | 148 | struct hash_netiface4_elem { |
149 | __be32 ip; | 149 | __be32 ip; |
150 | u8 physdev; | 150 | u8 physdev; |
@@ -154,37 +154,6 @@ struct hash_netiface4_elem { | |||
154 | const char *iface; | 154 | const char *iface; |
155 | }; | 155 | }; |
156 | 156 | ||
157 | struct hash_netiface4t_elem { | ||
158 | __be32 ip; | ||
159 | u8 physdev; | ||
160 | u8 cidr; | ||
161 | u8 nomatch; | ||
162 | u8 elem; | ||
163 | const char *iface; | ||
164 | unsigned long timeout; | ||
165 | }; | ||
166 | |||
167 | struct hash_netiface4c_elem { | ||
168 | __be32 ip; | ||
169 | u8 physdev; | ||
170 | u8 cidr; | ||
171 | u8 nomatch; | ||
172 | u8 elem; | ||
173 | const char *iface; | ||
174 | struct ip_set_counter counter; | ||
175 | }; | ||
176 | |||
177 | struct hash_netiface4ct_elem { | ||
178 | __be32 ip; | ||
179 | u8 physdev; | ||
180 | u8 cidr; | ||
181 | u8 nomatch; | ||
182 | u8 elem; | ||
183 | const char *iface; | ||
184 | struct ip_set_counter counter; | ||
185 | unsigned long timeout; | ||
186 | }; | ||
187 | |||
188 | /* Common functions */ | 157 | /* Common functions */ |
189 | 158 | ||
190 | static inline bool | 159 | static inline bool |
@@ -399,7 +368,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
399 | return ret; | 368 | return ret; |
400 | } | 369 | } |
401 | 370 | ||
402 | /* IPv6 variants */ | 371 | /* IPv6 variant */ |
403 | 372 | ||
404 | struct hash_netiface6_elem_hashed { | 373 | struct hash_netiface6_elem_hashed { |
405 | union nf_inet_addr ip; | 374 | union nf_inet_addr ip; |
@@ -418,37 +387,6 @@ struct hash_netiface6_elem { | |||
418 | const char *iface; | 387 | const char *iface; |
419 | }; | 388 | }; |
420 | 389 | ||
421 | struct hash_netiface6t_elem { | ||
422 | union nf_inet_addr ip; | ||
423 | u8 physdev; | ||
424 | u8 cidr; | ||
425 | u8 nomatch; | ||
426 | u8 elem; | ||
427 | const char *iface; | ||
428 | unsigned long timeout; | ||
429 | }; | ||
430 | |||
431 | struct hash_netiface6c_elem { | ||
432 | union nf_inet_addr ip; | ||
433 | u8 physdev; | ||
434 | u8 cidr; | ||
435 | u8 nomatch; | ||
436 | u8 elem; | ||
437 | const char *iface; | ||
438 | struct ip_set_counter counter; | ||
439 | }; | ||
440 | |||
441 | struct hash_netiface6ct_elem { | ||
442 | union nf_inet_addr ip; | ||
443 | u8 physdev; | ||
444 | u8 cidr; | ||
445 | u8 nomatch; | ||
446 | u8 elem; | ||
447 | const char *iface; | ||
448 | struct ip_set_counter counter; | ||
449 | unsigned long timeout; | ||
450 | }; | ||
451 | |||
452 | /* Common functions */ | 390 | /* Common functions */ |
453 | 391 | ||
454 | static inline bool | 392 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index cab236625f97..45b6e91b0636 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c | |||
@@ -45,7 +45,7 @@ MODULE_ALIAS("ip_set_hash:net,port"); | |||
45 | */ | 45 | */ |
46 | #define IP_SET_HASH_WITH_NETS_PACKED | 46 | #define IP_SET_HASH_WITH_NETS_PACKED |
47 | 47 | ||
48 | /* IPv4 variants */ | 48 | /* IPv4 variant */ |
49 | 49 | ||
50 | /* Member elements */ | 50 | /* Member elements */ |
51 | struct hash_netport4_elem { | 51 | struct hash_netport4_elem { |
@@ -56,34 +56,6 @@ struct hash_netport4_elem { | |||
56 | u8 nomatch:1; | 56 | u8 nomatch:1; |
57 | }; | 57 | }; |
58 | 58 | ||
59 | struct hash_netport4t_elem { | ||
60 | __be32 ip; | ||
61 | __be16 port; | ||
62 | u8 proto; | ||
63 | u8 cidr:7; | ||
64 | u8 nomatch:1; | ||
65 | unsigned long timeout; | ||
66 | }; | ||
67 | |||
68 | struct hash_netport4c_elem { | ||
69 | __be32 ip; | ||
70 | __be16 port; | ||
71 | u8 proto; | ||
72 | u8 cidr:7; | ||
73 | u8 nomatch:1; | ||
74 | struct ip_set_counter counter; | ||
75 | }; | ||
76 | |||
77 | struct hash_netport4ct_elem { | ||
78 | __be32 ip; | ||
79 | __be16 port; | ||
80 | u8 proto; | ||
81 | u8 cidr:7; | ||
82 | u8 nomatch:1; | ||
83 | struct ip_set_counter counter; | ||
84 | unsigned long timeout; | ||
85 | }; | ||
86 | |||
87 | /* Common functions */ | 59 | /* Common functions */ |
88 | 60 | ||
89 | static inline bool | 61 | static inline bool |
@@ -287,7 +259,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
287 | return ret; | 259 | return ret; |
288 | } | 260 | } |
289 | 261 | ||
290 | /* IPv6 variants */ | 262 | /* IPv6 variant */ |
291 | 263 | ||
292 | struct hash_netport6_elem { | 264 | struct hash_netport6_elem { |
293 | union nf_inet_addr ip; | 265 | union nf_inet_addr ip; |
@@ -297,34 +269,6 @@ struct hash_netport6_elem { | |||
297 | u8 nomatch:1; | 269 | u8 nomatch:1; |
298 | }; | 270 | }; |
299 | 271 | ||
300 | struct hash_netport6t_elem { | ||
301 | union nf_inet_addr ip; | ||
302 | __be16 port; | ||
303 | u8 proto; | ||
304 | u8 cidr:7; | ||
305 | u8 nomatch:1; | ||
306 | unsigned long timeout; | ||
307 | }; | ||
308 | |||
309 | struct hash_netport6c_elem { | ||
310 | union nf_inet_addr ip; | ||
311 | __be16 port; | ||
312 | u8 proto; | ||
313 | u8 cidr:7; | ||
314 | u8 nomatch:1; | ||
315 | struct ip_set_counter counter; | ||
316 | }; | ||
317 | |||
318 | struct hash_netport6ct_elem { | ||
319 | union nf_inet_addr ip; | ||
320 | __be16 port; | ||
321 | u8 proto; | ||
322 | u8 cidr:7; | ||
323 | u8 nomatch:1; | ||
324 | struct ip_set_counter counter; | ||
325 | unsigned long timeout; | ||
326 | }; | ||
327 | |||
328 | /* Common functions */ | 272 | /* Common functions */ |
329 | 273 | ||
330 | static inline bool | 274 | static inline bool |
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c index f22d05d6e366..7fd11c79aff4 100644 --- a/net/netfilter/ipset/ip_set_list_set.c +++ b/net/netfilter/ipset/ip_set_list_set.c | |||
@@ -28,28 +28,6 @@ struct set_elem { | |||
28 | ip_set_id_t id; | 28 | ip_set_id_t id; |
29 | }; | 29 | }; |
30 | 30 | ||
31 | struct sett_elem { | ||
32 | struct { | ||
33 | ip_set_id_t id; | ||
34 | } __attribute__ ((aligned)); | ||
35 | unsigned long timeout; | ||
36 | }; | ||
37 | |||
38 | struct setc_elem { | ||
39 | struct { | ||
40 | ip_set_id_t id; | ||
41 | } __attribute__ ((aligned)); | ||
42 | struct ip_set_counter counter; | ||
43 | }; | ||
44 | |||
45 | struct setct_elem { | ||
46 | struct { | ||
47 | ip_set_id_t id; | ||
48 | } __attribute__ ((aligned)); | ||
49 | struct ip_set_counter counter; | ||
50 | unsigned long timeout; | ||
51 | }; | ||
52 | |||
53 | struct set_adt_elem { | 31 | struct set_adt_elem { |
54 | ip_set_id_t id; | 32 | ip_set_id_t id; |
55 | ip_set_id_t refid; | 33 | ip_set_id_t refid; |
@@ -600,21 +578,18 @@ list_set_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set)) | |||
600 | 578 | ||
601 | /* Create list:set type of sets */ | 579 | /* Create list:set type of sets */ |
602 | 580 | ||
603 | static struct list_set * | 581 | static bool |
604 | init_list_set(struct ip_set *set, u32 size, size_t dsize, | 582 | init_list_set(struct ip_set *set, u32 size) |
605 | unsigned long timeout) | ||
606 | { | 583 | { |
607 | struct list_set *map; | 584 | struct list_set *map; |
608 | struct set_elem *e; | 585 | struct set_elem *e; |
609 | u32 i; | 586 | u32 i; |
610 | 587 | ||
611 | map = kzalloc(sizeof(*map) + size * dsize, GFP_KERNEL); | 588 | map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL); |
612 | if (!map) | 589 | if (!map) |
613 | return NULL; | 590 | return false; |
614 | 591 | ||
615 | map->size = size; | 592 | map->size = size; |
616 | set->dsize = dsize; | ||
617 | set->timeout = timeout; | ||
618 | set->data = map; | 593 | set->data = map; |
619 | 594 | ||
620 | for (i = 0; i < size; i++) { | 595 | for (i = 0; i < size; i++) { |
@@ -622,15 +597,13 @@ init_list_set(struct ip_set *set, u32 size, size_t dsize, | |||
622 | e->id = IPSET_INVALID_ID; | 597 | e->id = IPSET_INVALID_ID; |
623 | } | 598 | } |
624 | 599 | ||
625 | return map; | 600 | return true; |
626 | } | 601 | } |
627 | 602 | ||
628 | static int | 603 | static int |
629 | list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | 604 | list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) |
630 | { | 605 | { |
631 | struct list_set *map; | 606 | u32 size = IP_SET_LIST_DEFAULT_SIZE; |
632 | u32 size = IP_SET_LIST_DEFAULT_SIZE, cadt_flags = 0; | ||
633 | unsigned long timeout = 0; | ||
634 | 607 | ||
635 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) || | 608 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) || |
636 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || | 609 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || |
@@ -642,45 +615,13 @@ list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||
642 | if (size < IP_SET_LIST_MIN_SIZE) | 615 | if (size < IP_SET_LIST_MIN_SIZE) |
643 | size = IP_SET_LIST_MIN_SIZE; | 616 | size = IP_SET_LIST_MIN_SIZE; |
644 | 617 | ||
645 | if (tb[IPSET_ATTR_CADT_FLAGS]) | ||
646 | cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | ||
647 | if (tb[IPSET_ATTR_TIMEOUT]) | ||
648 | timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | ||
649 | set->variant = &set_variant; | 618 | set->variant = &set_variant; |
650 | if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | 619 | set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem)); |
651 | set->extensions |= IPSET_EXT_COUNTER; | 620 | if (!init_list_set(set, size)) |
652 | if (tb[IPSET_ATTR_TIMEOUT]) { | 621 | return -ENOMEM; |
653 | map = init_list_set(set, size, | 622 | if (tb[IPSET_ATTR_TIMEOUT]) { |
654 | sizeof(struct setct_elem), timeout); | 623 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
655 | if (!map) | ||
656 | return -ENOMEM; | ||
657 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
658 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
659 | offsetof(struct setct_elem, timeout); | ||
660 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
661 | offsetof(struct setct_elem, counter); | ||
662 | list_set_gc_init(set, list_set_gc); | ||
663 | } else { | ||
664 | map = init_list_set(set, size, | ||
665 | sizeof(struct setc_elem), 0); | ||
666 | if (!map) | ||
667 | return -ENOMEM; | ||
668 | set->offset[IPSET_EXT_ID_COUNTER] = | ||
669 | offsetof(struct setc_elem, counter); | ||
670 | } | ||
671 | } else if (tb[IPSET_ATTR_TIMEOUT]) { | ||
672 | map = init_list_set(set, size, | ||
673 | sizeof(struct sett_elem), timeout); | ||
674 | if (!map) | ||
675 | return -ENOMEM; | ||
676 | set->extensions |= IPSET_EXT_TIMEOUT; | ||
677 | set->offset[IPSET_EXT_ID_TIMEOUT] = | ||
678 | offsetof(struct sett_elem, timeout); | ||
679 | list_set_gc_init(set, list_set_gc); | 624 | list_set_gc_init(set, list_set_gc); |
680 | } else { | ||
681 | map = init_list_set(set, size, sizeof(struct set_elem), 0); | ||
682 | if (!map) | ||
683 | return -ENOMEM; | ||
684 | } | 625 | } |
685 | return 0; | 626 | return 0; |
686 | } | 627 | } |