aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-04-08 17:11:02 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2013-04-29 14:09:01 -0400
commit00d71b270eedacd7d3d7b20fb93269853470d18e (patch)
tree5156cb860788bfd18401f015d83156e25adbdd0d /net/netfilter
parentf48d19db12e1cde296ce7a13c38303618e38e304 (diff)
netfilter: ipset: The hash types with counter support
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/ipset/ip_set_hash_gen.h65
-rw-r--r--net/netfilter/ipset/ip_set_hash_ip.c33
-rw-r--r--net/netfilter/ipset/ip_set_hash_ipport.c46
-rw-r--r--net/netfilter/ipset/ip_set_hash_ipportip.c50
-rw-r--r--net/netfilter/ipset/ip_set_hash_ipportnet.c53
-rw-r--r--net/netfilter/ipset/ip_set_hash_net.c47
-rw-r--r--net/netfilter/ipset/ip_set_hash_netiface.c55
-rw-r--r--net/netfilter/ipset/ip_set_hash_netport.c51
8 files changed, 381 insertions, 19 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 2ba7d4e76cde..57beb1762b2d 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -177,6 +177,8 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
177 177
178#define ext_timeout(e, h) \ 178#define ext_timeout(e, h) \
179(unsigned long *)(((void *)(e)) + (h)->offset[IPSET_OFFSET_TIMEOUT]) 179(unsigned long *)(((void *)(e)) + (h)->offset[IPSET_OFFSET_TIMEOUT])
180#define ext_counter(e, h) \
181(struct ip_set_counter *)(((void *)(e)) + (h)->offset[IPSET_OFFSET_COUNTER])
180 182
181#endif /* _IP_SET_HASH_GEN_H */ 183#endif /* _IP_SET_HASH_GEN_H */
182 184
@@ -660,6 +662,8 @@ reuse_slot:
660#endif 662#endif
661 if (SET_WITH_TIMEOUT(set)) 663 if (SET_WITH_TIMEOUT(set))
662 ip_set_timeout_set(ext_timeout(data, h), ext->timeout); 664 ip_set_timeout_set(ext_timeout(data, h), ext->timeout);
665 if (SET_WITH_COUNTER(set))
666 ip_set_init_counter(ext_counter(data, h), ext);
663 667
664out: 668out:
665 rcu_read_unlock_bh(); 669 rcu_read_unlock_bh();
@@ -721,6 +725,10 @@ static inline int
721mtype_data_match(struct mtype_elem *data, const struct ip_set_ext *ext, 725mtype_data_match(struct mtype_elem *data, const struct ip_set_ext *ext,
722 struct ip_set_ext *mext, struct ip_set *set, u32 flags) 726 struct ip_set_ext *mext, struct ip_set *set, u32 flags)
723{ 727{
728 if (SET_WITH_COUNTER(set))
729 ip_set_update_counter(ext_counter(data,
730 (struct htype *)(set->data)),
731 ext, mext, flags);
724 return mtype_do_data_match(data); 732 return mtype_do_data_match(data);
725} 733}
726 734
@@ -826,7 +834,10 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
826 if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || 834 if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
827 nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) || 835 nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
828 ((set->extensions & IPSET_EXT_TIMEOUT) && 836 ((set->extensions & IPSET_EXT_TIMEOUT) &&
829 nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout)))) 837 nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout))) ||
838 ((set->extensions & IPSET_EXT_COUNTER) &&
839 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS,
840 htonl(IPSET_FLAG_WITH_COUNTERS))))
830 goto nla_put_failure; 841 goto nla_put_failure;
831 ipset_nest_end(skb, nested); 842 ipset_nest_end(skb, nested);
832 843
@@ -880,6 +891,9 @@ mtype_list(const struct ip_set *set,
880 htonl(ip_set_timeout_get( 891 htonl(ip_set_timeout_get(
881 ext_timeout(e, h))))) 892 ext_timeout(e, h)))))
882 goto nla_put_failure; 893 goto nla_put_failure;
894 if (SET_WITH_COUNTER(set) &&
895 ip_set_put_counter(skb, ext_counter(e, h)))
896 goto nla_put_failure;
883 ipset_nest_end(skb, nested); 897 ipset_nest_end(skb, nested);
884 } 898 }
885 } 899 }
@@ -931,6 +945,7 @@ static int
931TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) 945TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
932{ 946{
933 u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; 947 u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
948 u32 cadt_flags = 0;
934 u8 hbits; 949 u8 hbits;
935#ifdef IP_SET_HASH_WITH_NETMASK 950#ifdef IP_SET_HASH_WITH_NETMASK
936 u8 netmask; 951 u8 netmask;
@@ -1007,7 +1022,53 @@ TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
1007 else 1022 else
1008 set->variant = &TOKEN(HTYPE, 6_variant); 1023 set->variant = &TOKEN(HTYPE, 6_variant);
1009 1024
1010 if (tb[IPSET_ATTR_TIMEOUT]) { 1025 if (tb[IPSET_ATTR_CADT_FLAGS])
1026 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
1027 if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) {
1028 set->extensions |= IPSET_EXT_COUNTER;
1029 if (tb[IPSET_ATTR_TIMEOUT]) {
1030 h->timeout =
1031 ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
1032 set->extensions |= IPSET_EXT_TIMEOUT;
1033 if (set->family == NFPROTO_IPV4) {
1034 h->dsize =
1035 sizeof(struct TOKEN(HTYPE, 4ct_elem));
1036 h->offset[IPSET_OFFSET_TIMEOUT] =
1037 offsetof(struct TOKEN(HTYPE, 4ct_elem),
1038 timeout);
1039 h->offset[IPSET_OFFSET_COUNTER] =
1040 offsetof(struct TOKEN(HTYPE, 4ct_elem),
1041 counter);
1042 TOKEN(HTYPE, 4_gc_init)(set,
1043 TOKEN(HTYPE, 4_gc));
1044 } else {
1045 h->dsize =
1046 sizeof(struct TOKEN(HTYPE, 6ct_elem));
1047 h->offset[IPSET_OFFSET_TIMEOUT] =
1048 offsetof(struct TOKEN(HTYPE, 6ct_elem),
1049 timeout);
1050 h->offset[IPSET_OFFSET_COUNTER] =
1051 offsetof(struct TOKEN(HTYPE, 6ct_elem),
1052 counter);
1053 TOKEN(HTYPE, 6_gc_init)(set,
1054 TOKEN(HTYPE, 6_gc));
1055 }
1056 } else {
1057 if (set->family == NFPROTO_IPV4) {
1058 h->dsize =
1059 sizeof(struct TOKEN(HTYPE, 4c_elem));
1060 h->offset[IPSET_OFFSET_COUNTER] =
1061 offsetof(struct TOKEN(HTYPE, 4c_elem),
1062 counter);
1063 } else {
1064 h->dsize =
1065 sizeof(struct TOKEN(HTYPE, 6c_elem));
1066 h->offset[IPSET_OFFSET_COUNTER] =
1067 offsetof(struct TOKEN(HTYPE, 6c_elem),
1068 counter);
1069 }
1070 }
1071 } else if (tb[IPSET_ATTR_TIMEOUT]) {
1011 h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 1072 h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
1012 set->extensions |= IPSET_EXT_TIMEOUT; 1073 set->extensions |= IPSET_EXT_TIMEOUT;
1013 if (set->family == NFPROTO_IPV4) { 1074 if (set->family == NFPROTO_IPV4) {
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index 2fcfb21d9f3c..c74e6e14cd93 100644
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -24,7 +24,7 @@
24#include <linux/netfilter/ipset/ip_set_hash.h> 24#include <linux/netfilter/ipset/ip_set_hash.h>
25 25
26#define REVISION_MIN 0 26#define REVISION_MIN 0
27#define REVISION_MAX 0 27#define REVISION_MAX 1 /* Counters support */
28 28
29MODULE_LICENSE("GPL"); 29MODULE_LICENSE("GPL");
30MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 30MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -48,6 +48,17 @@ struct hash_ip4t_elem {
48 unsigned long timeout; 48 unsigned long timeout;
49}; 49};
50 50
51struct hash_ip4c_elem {
52 __be32 ip;
53 struct ip_set_counter counter;
54};
55
56struct hash_ip4ct_elem {
57 __be32 ip;
58 struct ip_set_counter counter;
59 unsigned long timeout;
60};
61
51/* Common functions */ 62/* Common functions */
52 63
53static inline bool 64static inline bool
@@ -112,7 +123,9 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
112 int ret = 0; 123 int ret = 0;
113 124
114 if (unlikely(!tb[IPSET_ATTR_IP] || 125 if (unlikely(!tb[IPSET_ATTR_IP] ||
115 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) 126 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
127 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
128 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
116 return -IPSET_ERR_PROTOCOL; 129 return -IPSET_ERR_PROTOCOL;
117 130
118 if (tb[IPSET_ATTR_LINENO]) 131 if (tb[IPSET_ATTR_LINENO])
@@ -177,6 +190,17 @@ struct hash_ip6t_elem {
177 unsigned long timeout; 190 unsigned long timeout;
178}; 191};
179 192
193struct hash_ip6c_elem {
194 union nf_inet_addr ip;
195 struct ip_set_counter counter;
196};
197
198struct hash_ip6ct_elem {
199 union nf_inet_addr ip;
200 struct ip_set_counter counter;
201 unsigned long timeout;
202};
203
180/* Common functions */ 204/* Common functions */
181 205
182static inline bool 206static inline bool
@@ -251,6 +275,8 @@ hash_ip6_uadt(struct ip_set *set, struct nlattr *tb[],
251 275
252 if (unlikely(!tb[IPSET_ATTR_IP] || 276 if (unlikely(!tb[IPSET_ATTR_IP] ||
253 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 277 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
278 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
279 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
254 tb[IPSET_ATTR_IP_TO] || 280 tb[IPSET_ATTR_IP_TO] ||
255 tb[IPSET_ATTR_CIDR])) 281 tb[IPSET_ATTR_CIDR]))
256 return -IPSET_ERR_PROTOCOL; 282 return -IPSET_ERR_PROTOCOL;
@@ -288,6 +314,7 @@ static struct ip_set_type hash_ip_type __read_mostly = {
288 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, 314 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
289 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 315 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
290 [IPSET_ATTR_NETMASK] = { .type = NLA_U8 }, 316 [IPSET_ATTR_NETMASK] = { .type = NLA_U8 },
317 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
291 }, 318 },
292 .adt_policy = { 319 .adt_policy = {
293 [IPSET_ATTR_IP] = { .type = NLA_NESTED }, 320 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
@@ -295,6 +322,8 @@ static struct ip_set_type hash_ip_type __read_mostly = {
295 [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, 322 [IPSET_ATTR_CIDR] = { .type = NLA_U8 },
296 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 323 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
297 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 324 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
325 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
326 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
298 }, 327 },
299 .me = THIS_MODULE, 328 .me = THIS_MODULE,
300}; 329};
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c
index d89cf41c657e..7a2d2bd98d04 100644
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -25,7 +25,8 @@
25#include <linux/netfilter/ipset/ip_set_hash.h> 25#include <linux/netfilter/ipset/ip_set_hash.h>
26 26
27#define REVISION_MIN 0 27#define REVISION_MIN 0
28#define REVISION_MAX 1 /* SCTP and UDPLITE support added */ 28/* 1 SCTP and UDPLITE support added */
29#define REVISION_MAX 2 /* Counters support added */
29 30
30MODULE_LICENSE("GPL"); 31MODULE_LICENSE("GPL");
31MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 32MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -53,6 +54,23 @@ struct hash_ipport4t_elem {
53 unsigned long timeout; 54 unsigned long timeout;
54}; 55};
55 56
57struct hash_ipport4c_elem {
58 __be32 ip;
59 __be16 port;
60 u8 proto;
61 u8 padding;
62 struct ip_set_counter counter;
63};
64
65struct hash_ipport4ct_elem {
66 __be32 ip;
67 __be16 port;
68 u8 proto;
69 u8 padding;
70 struct ip_set_counter counter;
71 unsigned long timeout;
72};
73
56/* Common functions */ 74/* Common functions */
57 75
58static inline bool 76static inline bool
@@ -126,7 +144,9 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
126 if (unlikely(!tb[IPSET_ATTR_IP] || 144 if (unlikely(!tb[IPSET_ATTR_IP] ||
127 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 145 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
128 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 146 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
129 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) 147 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
148 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
149 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
130 return -IPSET_ERR_PROTOCOL; 150 return -IPSET_ERR_PROTOCOL;
131 151
132 if (tb[IPSET_ATTR_LINENO]) 152 if (tb[IPSET_ATTR_LINENO])
@@ -219,6 +239,23 @@ struct hash_ipport6t_elem {
219 unsigned long timeout; 239 unsigned long timeout;
220}; 240};
221 241
242struct hash_ipport6c_elem {
243 union nf_inet_addr ip;
244 __be16 port;
245 u8 proto;
246 u8 padding;
247 struct ip_set_counter counter;
248};
249
250struct hash_ipport6ct_elem {
251 union nf_inet_addr ip;
252 __be16 port;
253 u8 proto;
254 u8 padding;
255 struct ip_set_counter counter;
256 unsigned long timeout;
257};
258
222/* Common functions */ 259/* Common functions */
223 260
224static inline bool 261static inline bool
@@ -298,6 +335,8 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *tb[],
298 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 335 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
299 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 336 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
300 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 337 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
338 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
339 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
301 tb[IPSET_ATTR_IP_TO] || 340 tb[IPSET_ATTR_IP_TO] ||
302 tb[IPSET_ATTR_CIDR])) 341 tb[IPSET_ATTR_CIDR]))
303 return -IPSET_ERR_PROTOCOL; 342 return -IPSET_ERR_PROTOCOL;
@@ -367,6 +406,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
367 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, 406 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
368 [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, 407 [IPSET_ATTR_PROTO] = { .type = NLA_U8 },
369 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 408 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
409 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
370 }, 410 },
371 .adt_policy = { 411 .adt_policy = {
372 [IPSET_ATTR_IP] = { .type = NLA_NESTED }, 412 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
@@ -377,6 +417,8 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
377 [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, 417 [IPSET_ATTR_PROTO] = { .type = NLA_U8 },
378 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 418 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
379 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 419 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
420 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
421 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
380 }, 422 },
381 .me = THIS_MODULE, 423 .me = THIS_MODULE,
382}; 424};
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c
index 4b58e5c50fff..34e8a1acce42 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -25,7 +25,8 @@
25#include <linux/netfilter/ipset/ip_set_hash.h> 25#include <linux/netfilter/ipset/ip_set_hash.h>
26 26
27#define REVISION_MIN 0 27#define REVISION_MIN 0
28#define REVISION_MAX 1 /* SCTP and UDPLITE support added */ 28/* 1 SCTP and UDPLITE support added */
29#define REVISION_MAX 2 /* Counters support added */
29 30
30MODULE_LICENSE("GPL"); 31MODULE_LICENSE("GPL");
31MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 32MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -55,6 +56,25 @@ struct hash_ipportip4t_elem {
55 unsigned long timeout; 56 unsigned long timeout;
56}; 57};
57 58
59struct hash_ipportip4c_elem {
60 __be32 ip;
61 __be32 ip2;
62 __be16 port;
63 u8 proto;
64 u8 padding;
65 struct ip_set_counter counter;
66};
67
68struct hash_ipportip4ct_elem {
69 __be32 ip;
70 __be32 ip2;
71 __be16 port;
72 u8 proto;
73 u8 padding;
74 struct ip_set_counter counter;
75 unsigned long timeout;
76};
77
58static inline bool 78static inline bool
59hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1, 79hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1,
60 const struct hash_ipportip4_elem *ip2, 80 const struct hash_ipportip4_elem *ip2,
@@ -129,7 +149,9 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
129 if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || 149 if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
130 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 150 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
131 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 151 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
132 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) 152 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
153 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
154 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
133 return -IPSET_ERR_PROTOCOL; 155 return -IPSET_ERR_PROTOCOL;
134 156
135 if (tb[IPSET_ATTR_LINENO]) 157 if (tb[IPSET_ATTR_LINENO])
@@ -228,6 +250,25 @@ struct hash_ipportip6t_elem {
228 unsigned long timeout; 250 unsigned long timeout;
229}; 251};
230 252
253struct hash_ipportip6c_elem {
254 union nf_inet_addr ip;
255 union nf_inet_addr ip2;
256 __be16 port;
257 u8 proto;
258 u8 padding;
259 struct ip_set_counter counter;
260};
261
262struct hash_ipportip6ct_elem {
263 union nf_inet_addr ip;
264 union nf_inet_addr ip2;
265 __be16 port;
266 u8 proto;
267 u8 padding;
268 struct ip_set_counter counter;
269 unsigned long timeout;
270};
271
231/* Common functions */ 272/* Common functions */
232 273
233static inline bool 274static inline bool
@@ -308,6 +349,8 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[],
308 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 349 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
309 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 350 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
310 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 351 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
352 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
353 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
311 tb[IPSET_ATTR_IP_TO] || 354 tb[IPSET_ATTR_IP_TO] ||
312 tb[IPSET_ATTR_CIDR])) 355 tb[IPSET_ATTR_CIDR]))
313 return -IPSET_ERR_PROTOCOL; 356 return -IPSET_ERR_PROTOCOL;
@@ -380,6 +423,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
380 [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, 423 [IPSET_ATTR_PROBES] = { .type = NLA_U8 },
381 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, 424 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
382 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 425 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
426 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
383 }, 427 },
384 .adt_policy = { 428 .adt_policy = {
385 [IPSET_ATTR_IP] = { .type = NLA_NESTED }, 429 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
@@ -391,6 +435,8 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
391 [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, 435 [IPSET_ATTR_PROTO] = { .type = NLA_U8 },
392 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 436 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
393 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 437 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
438 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
439 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
394 }, 440 },
395 .me = THIS_MODULE, 441 .me = THIS_MODULE,
396}; 442};
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index bfde4ead9bbc..c6a525373be4 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -27,7 +27,8 @@
27#define REVISION_MIN 0 27#define REVISION_MIN 0
28/* 1 SCTP and UDPLITE support added */ 28/* 1 SCTP and UDPLITE support added */
29/* 2 Range as input support for IPv4 added */ 29/* 2 Range as input support for IPv4 added */
30#define REVISION_MAX 3 /* nomatch flag support added */ 30/* 3 nomatch flag support added */
31#define REVISION_MAX 4 /* Counters support added */
31 32
32MODULE_LICENSE("GPL"); 33MODULE_LICENSE("GPL");
33MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 34MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -67,6 +68,27 @@ struct hash_ipportnet4t_elem {
67 unsigned long timeout; 68 unsigned long timeout;
68}; 69};
69 70
71struct hash_ipportnet4c_elem {
72 __be32 ip;
73 __be32 ip2;
74 __be16 port;
75 u8 cidr:7;
76 u8 nomatch:1;
77 u8 proto;
78 struct ip_set_counter counter;
79};
80
81struct hash_ipportnet4ct_elem {
82 __be32 ip;
83 __be32 ip2;
84 __be16 port;
85 u8 cidr:7;
86 u8 nomatch:1;
87 u8 proto;
88 struct ip_set_counter counter;
89 unsigned long timeout;
90};
91
70/* Common functions */ 92/* Common functions */
71 93
72static inline bool 94static inline bool
@@ -184,7 +206,9 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
184 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 206 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
185 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 207 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
186 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 208 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
187 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 209 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
210 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
211 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
188 return -IPSET_ERR_PROTOCOL; 212 return -IPSET_ERR_PROTOCOL;
189 213
190 if (tb[IPSET_ATTR_LINENO]) 214 if (tb[IPSET_ATTR_LINENO])
@@ -325,6 +349,27 @@ struct hash_ipportnet6t_elem {
325 unsigned long timeout; 349 unsigned long timeout;
326}; 350};
327 351
352struct hash_ipportnet6c_elem {
353 union nf_inet_addr ip;
354 union nf_inet_addr ip2;
355 __be16 port;
356 u8 cidr:7;
357 u8 nomatch:1;
358 u8 proto;
359 struct ip_set_counter counter;
360};
361
362struct hash_ipportnet6ct_elem {
363 union nf_inet_addr ip;
364 union nf_inet_addr ip2;
365 __be16 port;
366 u8 cidr:7;
367 u8 nomatch:1;
368 u8 proto;
369 struct ip_set_counter counter;
370 unsigned long timeout;
371};
372
328/* Common functions */ 373/* Common functions */
329 374
330static inline bool 375static inline bool
@@ -445,6 +490,8 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
445 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 490 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
446 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 491 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
447 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) || 492 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
493 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
494 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
448 tb[IPSET_ATTR_IP_TO] || 495 tb[IPSET_ATTR_IP_TO] ||
449 tb[IPSET_ATTR_CIDR])) 496 tb[IPSET_ATTR_CIDR]))
450 return -IPSET_ERR_PROTOCOL; 497 return -IPSET_ERR_PROTOCOL;
@@ -551,6 +598,8 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
551 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, 598 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
552 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 599 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
553 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 600 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
601 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
602 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
554 }, 603 },
555 .me = THIS_MODULE, 604 .me = THIS_MODULE,
556}; 605};
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index cfbcdd407064..da740ceb56ae 100644
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -24,7 +24,8 @@
24 24
25#define REVISION_MIN 0 25#define REVISION_MIN 0
26/* 1 Range as input support for IPv4 added */ 26/* 1 Range as input support for IPv4 added */
27#define REVISION_MAX 2 /* nomatch flag support added */ 27/* 2 nomatch flag support added */
28#define REVISION_MAX 3 /* Counters support added */
28 29
29MODULE_LICENSE("GPL"); 30MODULE_LICENSE("GPL");
30MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 31MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -53,6 +54,23 @@ struct hash_net4t_elem {
53 unsigned long timeout; 54 unsigned long timeout;
54}; 55};
55 56
57struct hash_net4c_elem {
58 __be32 ip;
59 u16 padding0;
60 u8 nomatch;
61 u8 cidr;
62 struct ip_set_counter counter;
63};
64
65struct hash_net4ct_elem {
66 __be32 ip;
67 u16 padding0;
68 u8 nomatch;
69 u8 cidr;
70 struct ip_set_counter counter;
71 unsigned long timeout;
72};
73
56/* Common functions */ 74/* Common functions */
57 75
58static inline bool 76static inline bool
@@ -153,7 +171,9 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
153 171
154 if (unlikely(!tb[IPSET_ATTR_IP] || 172 if (unlikely(!tb[IPSET_ATTR_IP] ||
155 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 173 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
156 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 174 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
175 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
176 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
157 return -IPSET_ERR_PROTOCOL; 177 return -IPSET_ERR_PROTOCOL;
158 178
159 if (tb[IPSET_ATTR_LINENO]) 179 if (tb[IPSET_ATTR_LINENO])
@@ -225,6 +245,23 @@ struct hash_net6t_elem {
225 unsigned long timeout; 245 unsigned long timeout;
226}; 246};
227 247
248struct hash_net6c_elem {
249 union nf_inet_addr ip;
250 u16 padding0;
251 u8 nomatch;
252 u8 cidr;
253 struct ip_set_counter counter;
254};
255
256struct hash_net6ct_elem {
257 union nf_inet_addr ip;
258 u16 padding0;
259 u8 nomatch;
260 u8 cidr;
261 struct ip_set_counter counter;
262 unsigned long timeout;
263};
264
228/* Common functions */ 265/* Common functions */
229 266
230static inline bool 267static inline bool
@@ -328,7 +365,9 @@ hash_net6_uadt(struct ip_set *set, struct nlattr *tb[],
328 365
329 if (unlikely(!tb[IPSET_ATTR_IP] || 366 if (unlikely(!tb[IPSET_ATTR_IP] ||
330 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 367 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
331 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 368 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
369 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
370 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
332 return -IPSET_ERR_PROTOCOL; 371 return -IPSET_ERR_PROTOCOL;
333 if (unlikely(tb[IPSET_ATTR_IP_TO])) 372 if (unlikely(tb[IPSET_ATTR_IP_TO]))
334 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; 373 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;
@@ -384,6 +423,8 @@ static struct ip_set_type hash_net_type __read_mostly = {
384 [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, 423 [IPSET_ATTR_CIDR] = { .type = NLA_U8 },
385 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 424 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
386 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, 425 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
426 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
427 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
387 }, 428 },
388 .me = THIS_MODULE, 429 .me = THIS_MODULE,
389}; 430};
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index 555ebb76bc8e..84ae6f6ce624 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -25,7 +25,8 @@
25 25
26#define REVISION_MIN 0 26#define REVISION_MIN 0
27/* 1 nomatch flag support added */ 27/* 1 nomatch flag support added */
28#define REVISION_MAX 2 /* /0 support added */ 28/* 2 /0 support added */
29#define REVISION_MAX 3 /* Counters support added */
29 30
30MODULE_LICENSE("GPL"); 31MODULE_LICENSE("GPL");
31MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 32MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -163,6 +164,27 @@ struct hash_netiface4t_elem {
163 unsigned long timeout; 164 unsigned long timeout;
164}; 165};
165 166
167struct hash_netiface4c_elem {
168 __be32 ip;
169 u8 physdev;
170 u8 cidr;
171 u8 nomatch;
172 u8 elem;
173 const char *iface;
174 struct ip_set_counter counter;
175};
176
177struct hash_netiface4ct_elem {
178 __be32 ip;
179 u8 physdev;
180 u8 cidr;
181 u8 nomatch;
182 u8 elem;
183 const char *iface;
184 struct ip_set_counter counter;
185 unsigned long timeout;
186};
187
166/* Common functions */ 188/* Common functions */
167 189
168static inline bool 190static inline bool
@@ -305,7 +327,9 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
305 if (unlikely(!tb[IPSET_ATTR_IP] || 327 if (unlikely(!tb[IPSET_ATTR_IP] ||
306 !tb[IPSET_ATTR_IFACE] || 328 !tb[IPSET_ATTR_IFACE] ||
307 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 329 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
308 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 330 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
331 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
332 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
309 return -IPSET_ERR_PROTOCOL; 333 return -IPSET_ERR_PROTOCOL;
310 334
311 if (tb[IPSET_ATTR_LINENO]) 335 if (tb[IPSET_ATTR_LINENO])
@@ -404,6 +428,27 @@ struct hash_netiface6t_elem {
404 unsigned long timeout; 428 unsigned long timeout;
405}; 429};
406 430
431struct hash_netiface6c_elem {
432 union nf_inet_addr ip;
433 u8 physdev;
434 u8 cidr;
435 u8 nomatch;
436 u8 elem;
437 const char *iface;
438 struct ip_set_counter counter;
439};
440
441struct hash_netiface6ct_elem {
442 union nf_inet_addr ip;
443 u8 physdev;
444 u8 cidr;
445 u8 nomatch;
446 u8 elem;
447 const char *iface;
448 struct ip_set_counter counter;
449 unsigned long timeout;
450};
451
407/* Common functions */ 452/* Common functions */
408 453
409static inline bool 454static inline bool
@@ -546,7 +591,9 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
546 if (unlikely(!tb[IPSET_ATTR_IP] || 591 if (unlikely(!tb[IPSET_ATTR_IP] ||
547 !tb[IPSET_ATTR_IFACE] || 592 !tb[IPSET_ATTR_IFACE] ||
548 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 593 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
549 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 594 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
595 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
596 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
550 return -IPSET_ERR_PROTOCOL; 597 return -IPSET_ERR_PROTOCOL;
551 if (unlikely(tb[IPSET_ATTR_IP_TO])) 598 if (unlikely(tb[IPSET_ATTR_IP_TO]))
552 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; 599 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;
@@ -619,6 +666,8 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
619 [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, 666 [IPSET_ATTR_CIDR] = { .type = NLA_U8 },
620 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 667 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
621 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 668 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
669 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
670 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
622 }, 671 },
623 .me = THIS_MODULE, 672 .me = THIS_MODULE,
624}; 673};
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index 43b1f1e8727f..9a0869853be5 100644
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -26,7 +26,8 @@
26#define REVISION_MIN 0 26#define REVISION_MIN 0
27/* 1 SCTP and UDPLITE support added */ 27/* 1 SCTP and UDPLITE support added */
28/* 2 Range as input support for IPv4 added */ 28/* 2 Range as input support for IPv4 added */
29#define REVISION_MAX 3 /* nomatch flag support added */ 29/* 3 nomatch flag support added */
30#define REVISION_MAX 4 /* Counters support added */
30 31
31MODULE_LICENSE("GPL"); 32MODULE_LICENSE("GPL");
32MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 33MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -64,6 +65,25 @@ struct hash_netport4t_elem {
64 unsigned long timeout; 65 unsigned long timeout;
65}; 66};
66 67
68struct hash_netport4c_elem {
69 __be32 ip;
70 __be16 port;
71 u8 proto;
72 u8 cidr:7;
73 u8 nomatch:1;
74 struct ip_set_counter counter;
75};
76
77struct hash_netport4ct_elem {
78 __be32 ip;
79 __be16 port;
80 u8 proto;
81 u8 cidr:7;
82 u8 nomatch:1;
83 struct ip_set_counter counter;
84 unsigned long timeout;
85};
86
67/* Common functions */ 87/* Common functions */
68 88
69static inline bool 89static inline bool
@@ -176,7 +196,9 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
176 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 196 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
177 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 197 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
178 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 198 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
179 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 199 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
200 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
201 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
180 return -IPSET_ERR_PROTOCOL; 202 return -IPSET_ERR_PROTOCOL;
181 203
182 if (tb[IPSET_ATTR_LINENO]) 204 if (tb[IPSET_ATTR_LINENO])
@@ -284,6 +306,25 @@ struct hash_netport6t_elem {
284 unsigned long timeout; 306 unsigned long timeout;
285}; 307};
286 308
309struct hash_netport6c_elem {
310 union nf_inet_addr ip;
311 __be16 port;
312 u8 proto;
313 u8 cidr:7;
314 u8 nomatch:1;
315 struct ip_set_counter counter;
316};
317
318struct hash_netport6ct_elem {
319 union nf_inet_addr ip;
320 __be16 port;
321 u8 proto;
322 u8 cidr:7;
323 u8 nomatch:1;
324 struct ip_set_counter counter;
325 unsigned long timeout;
326};
327
287/* Common functions */ 328/* Common functions */
288 329
289static inline bool 330static inline bool
@@ -400,7 +441,9 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
400 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 441 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
401 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 442 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
402 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 443 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
403 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 444 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
445 !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
446 !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)))
404 return -IPSET_ERR_PROTOCOL; 447 return -IPSET_ERR_PROTOCOL;
405 if (unlikely(tb[IPSET_ATTR_IP_TO])) 448 if (unlikely(tb[IPSET_ATTR_IP_TO]))
406 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; 449 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;
@@ -497,6 +540,8 @@ static struct ip_set_type hash_netport_type __read_mostly = {
497 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 540 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
498 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 541 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
499 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, 542 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
543 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
544 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
500 }, 545 },
501 .me = THIS_MODULE, 546 .me = THIS_MODULE,
502}; 547};
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-22 11:29:09 -0500