aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-09-06 18:43:52 -0400
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-09-30 15:33:27 -0400
commit03c8b234e61a9a3aab8d970b3bf681934ecfe443 (patch)
tree5c7626df64ebff04f451242dfec41a01e6dc22bb /net/netfilter
parentca134ce86451f3f5ac45ffbf1494a1f42110bf93 (diff)
netfilter: ipset: Generalize extensions support
Get rid of the structure based extensions and introduce a blob for the extensions. Thus we can support more extension types easily. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/ipset/ip_set_bitmap_ip.c81
-rw-r--r--net/netfilter/ipset/ip_set_bitmap_ipmac.c91
-rw-r--r--net/netfilter/ipset/ip_set_bitmap_port.c71
-rw-r--r--net/netfilter/ipset/ip_set_core.c46
-rw-r--r--net/netfilter/ipset/ip_set_hash_gen.h86
-rw-r--r--net/netfilter/ipset/ip_set_hash_ip.c36
-rw-r--r--net/netfilter/ipset/ip_set_hash_ipport.c54
-rw-r--r--net/netfilter/ipset/ip_set_hash_ipportip.c60
-rw-r--r--net/netfilter/ipset/ip_set_hash_ipportnet.c66
-rw-r--r--net/netfilter/ipset/ip_set_hash_net.c54
-rw-r--r--net/netfilter/ipset/ip_set_hash_netiface.c68
-rw-r--r--net/netfilter/ipset/ip_set_hash_netport.c60
-rw-r--r--net/netfilter/ipset/ip_set_list_set.c81
13 files changed, 105 insertions, 749 deletions
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
index 363022edb8fb..94d985457c51 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -208,25 +208,6 @@ bitmap_ip_same_set(const struct ip_set *a, const struct ip_set *b)
208struct bitmap_ip_elem { 208struct bitmap_ip_elem {
209}; 209};
210 210
211/* Timeout variant */
212
213struct bitmap_ipt_elem {
214 unsigned long timeout;
215};
216
217/* Plain variant with counter */
218
219struct bitmap_ipc_elem {
220 struct ip_set_counter counter;
221};
222
223/* Timeout variant with counter */
224
225struct bitmap_ipct_elem {
226 unsigned long timeout;
227 struct ip_set_counter counter;
228};
229
230#include "ip_set_bitmap_gen.h" 211#include "ip_set_bitmap_gen.h"
231 212
232/* Create bitmap:ip type of sets */ 213/* Create bitmap:ip type of sets */
@@ -263,7 +244,7 @@ static int
263bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) 244bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
264{ 245{
265 struct bitmap_ip *map; 246 struct bitmap_ip *map;
266 u32 first_ip = 0, last_ip = 0, hosts, cadt_flags = 0; 247 u32 first_ip = 0, last_ip = 0, hosts;
267 u64 elements; 248 u64 elements;
268 u8 netmask = 32; 249 u8 netmask = 32;
269 int ret; 250 int ret;
@@ -335,61 +316,15 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
335 316
336 map->memsize = bitmap_bytes(0, elements - 1); 317 map->memsize = bitmap_bytes(0, elements - 1);
337 set->variant = &bitmap_ip; 318 set->variant = &bitmap_ip;
338 if (tb[IPSET_ATTR_CADT_FLAGS]) 319 set->dsize = ip_set_elem_len(set, tb, 0);
339 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 320 if (!init_map_ip(set, map, first_ip, last_ip,
340 if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { 321 elements, hosts, netmask)) {
341 set->extensions |= IPSET_EXT_COUNTER; 322 kfree(map);
342 if (tb[IPSET_ATTR_TIMEOUT]) { 323 return -ENOMEM;
343 set->dsize = sizeof(struct bitmap_ipct_elem); 324 }
344 set->offset[IPSET_EXT_ID_TIMEOUT] = 325 if (tb[IPSET_ATTR_TIMEOUT]) {
345 offsetof(struct bitmap_ipct_elem, timeout);
346 set->offset[IPSET_EXT_ID_COUNTER] =
347 offsetof(struct bitmap_ipct_elem, counter);
348
349 if (!init_map_ip(set, map, first_ip, last_ip,
350 elements, hosts, netmask)) {
351 kfree(map);
352 return -ENOMEM;
353 }
354
355 set->timeout = ip_set_timeout_uget(
356 tb[IPSET_ATTR_TIMEOUT]);
357 set->extensions |= IPSET_EXT_TIMEOUT;
358
359 bitmap_ip_gc_init(set, bitmap_ip_gc);
360 } else {
361 set->dsize = sizeof(struct bitmap_ipc_elem);
362 set->offset[IPSET_EXT_ID_COUNTER] =
363 offsetof(struct bitmap_ipc_elem, counter);
364
365 if (!init_map_ip(set, map, first_ip, last_ip,
366 elements, hosts, netmask)) {
367 kfree(map);
368 return -ENOMEM;
369 }
370 }
371 } else if (tb[IPSET_ATTR_TIMEOUT]) {
372 set->dsize = sizeof(struct bitmap_ipt_elem);
373 set->offset[IPSET_EXT_ID_TIMEOUT] =
374 offsetof(struct bitmap_ipt_elem, timeout);
375
376 if (!init_map_ip(set, map, first_ip, last_ip,
377 elements, hosts, netmask)) {
378 kfree(map);
379 return -ENOMEM;
380 }
381
382 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 326 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
383 set->extensions |= IPSET_EXT_TIMEOUT;
384
385 bitmap_ip_gc_init(set, bitmap_ip_gc); 327 bitmap_ip_gc_init(set, bitmap_ip_gc);
386 } else {
387 set->dsize = 0;
388 if (!init_map_ip(set, map, first_ip, last_ip,
389 elements, hosts, netmask)) {
390 kfree(map);
391 return -ENOMEM;
392 }
393 } 328 }
394 return 0; 329 return 0;
395} 330}
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 74576cb19264..654a97bedfe9 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -289,37 +289,6 @@ bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b)
289 289
290/* Plain variant */ 290/* Plain variant */
291 291
292/* Timeout variant */
293
294struct bitmap_ipmact_elem {
295 struct {
296 unsigned char ether[ETH_ALEN];
297 unsigned char filled;
298 } __attribute__ ((aligned));
299 unsigned long timeout;
300};
301
302/* Plain variant with counter */
303
304struct bitmap_ipmacc_elem {
305 struct {
306 unsigned char ether[ETH_ALEN];
307 unsigned char filled;
308 } __attribute__ ((aligned));
309 struct ip_set_counter counter;
310};
311
312/* Timeout variant with counter */
313
314struct bitmap_ipmacct_elem {
315 struct {
316 unsigned char ether[ETH_ALEN];
317 unsigned char filled;
318 } __attribute__ ((aligned));
319 unsigned long timeout;
320 struct ip_set_counter counter;
321};
322
323#include "ip_set_bitmap_gen.h" 292#include "ip_set_bitmap_gen.h"
324 293
325/* Create bitmap:ip,mac type of sets */ 294/* Create bitmap:ip,mac type of sets */
@@ -328,7 +297,7 @@ static bool
328init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, 297init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
329 u32 first_ip, u32 last_ip, u32 elements) 298 u32 first_ip, u32 last_ip, u32 elements)
330{ 299{
331 map->members = ip_set_alloc((last_ip - first_ip + 1) * set->dsize); 300 map->members = ip_set_alloc(map->memsize);
332 if (!map->members) 301 if (!map->members)
333 return false; 302 return false;
334 if (set->dsize) { 303 if (set->dsize) {
@@ -353,7 +322,7 @@ static int
353bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], 322bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],
354 u32 flags) 323 u32 flags)
355{ 324{
356 u32 first_ip = 0, last_ip = 0, cadt_flags = 0; 325 u32 first_ip = 0, last_ip = 0;
357 u64 elements; 326 u64 elements;
358 struct bitmap_ipmac *map; 327 struct bitmap_ipmac *map;
359 int ret; 328 int ret;
@@ -397,57 +366,15 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],
397 366
398 map->memsize = bitmap_bytes(0, elements - 1); 367 map->memsize = bitmap_bytes(0, elements - 1);
399 set->variant = &bitmap_ipmac; 368 set->variant = &bitmap_ipmac;
400 if (tb[IPSET_ATTR_CADT_FLAGS]) 369 set->dsize = ip_set_elem_len(set, tb,
401 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 370 sizeof(struct bitmap_ipmac_elem));
402 if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { 371 if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {
403 set->extensions |= IPSET_EXT_COUNTER; 372 kfree(map);
404 if (tb[IPSET_ATTR_TIMEOUT]) { 373 return -ENOMEM;
405 set->dsize = sizeof(struct bitmap_ipmacct_elem); 374 }
406 set->offset[IPSET_EXT_ID_TIMEOUT] = 375 if (tb[IPSET_ATTR_TIMEOUT]) {
407 offsetof(struct bitmap_ipmacct_elem, timeout);
408 set->offset[IPSET_EXT_ID_COUNTER] =
409 offsetof(struct bitmap_ipmacct_elem, counter);
410
411 if (!init_map_ipmac(set, map, first_ip, last_ip,
412 elements)) {
413 kfree(map);
414 return -ENOMEM;
415 }
416 set->timeout = ip_set_timeout_uget(
417 tb[IPSET_ATTR_TIMEOUT]);
418 set->extensions |= IPSET_EXT_TIMEOUT;
419 bitmap_ipmac_gc_init(set, bitmap_ipmac_gc);
420 } else {
421 set->dsize = sizeof(struct bitmap_ipmacc_elem);
422 set->offset[IPSET_EXT_ID_COUNTER] =
423 offsetof(struct bitmap_ipmacc_elem, counter);
424
425 if (!init_map_ipmac(set, map, first_ip, last_ip,
426 elements)) {
427 kfree(map);
428 return -ENOMEM;
429 }
430 }
431 } else if (tb[IPSET_ATTR_TIMEOUT]) {
432 set->dsize = sizeof(struct bitmap_ipmact_elem);
433 set->offset[IPSET_EXT_ID_TIMEOUT] =
434 offsetof(struct bitmap_ipmact_elem, timeout);
435
436 if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {
437 kfree(map);
438 return -ENOMEM;
439 }
440 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 376 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
441 set->extensions |= IPSET_EXT_TIMEOUT;
442 bitmap_ipmac_gc_init(set, bitmap_ipmac_gc); 377 bitmap_ipmac_gc_init(set, bitmap_ipmac_gc);
443 } else {
444 set->dsize = sizeof(struct bitmap_ipmac_elem);
445
446 if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {
447 kfree(map);
448 return -ENOMEM;
449 }
450 set->variant = &bitmap_ipmac;
451 } 378 }
452 return 0; 379 return 0;
453} 380}
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
index 71da31935499..1ef2f3186b80 100644
--- a/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -198,25 +198,6 @@ bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b)
198struct bitmap_port_elem { 198struct bitmap_port_elem {
199}; 199};
200 200
201/* Timeout variant */
202
203struct bitmap_portt_elem {
204 unsigned long timeout;
205};
206
207/* Plain variant with counter */
208
209struct bitmap_portc_elem {
210 struct ip_set_counter counter;
211};
212
213/* Timeout variant with counter */
214
215struct bitmap_portct_elem {
216 unsigned long timeout;
217 struct ip_set_counter counter;
218};
219
220#include "ip_set_bitmap_gen.h" 201#include "ip_set_bitmap_gen.h"
221 202
222/* Create bitmap:ip type of sets */ 203/* Create bitmap:ip type of sets */
@@ -250,7 +231,6 @@ bitmap_port_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
250{ 231{
251 struct bitmap_port *map; 232 struct bitmap_port *map;
252 u16 first_port, last_port; 233 u16 first_port, last_port;
253 u32 cadt_flags = 0;
254 234
255 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 235 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
256 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) || 236 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||
@@ -274,53 +254,14 @@ bitmap_port_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
274 map->elements = last_port - first_port + 1; 254 map->elements = last_port - first_port + 1;
275 map->memsize = map->elements * sizeof(unsigned long); 255 map->memsize = map->elements * sizeof(unsigned long);
276 set->variant = &bitmap_port; 256 set->variant = &bitmap_port;
277 if (tb[IPSET_ATTR_CADT_FLAGS]) 257 set->dsize = ip_set_elem_len(set, tb, 0);
278 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 258 if (!init_map_port(set, map, first_port, last_port)) {
279 if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { 259 kfree(map);
280 set->extensions |= IPSET_EXT_COUNTER; 260 return -ENOMEM;
281 if (tb[IPSET_ATTR_TIMEOUT]) { 261 }
282 set->dsize = sizeof(struct bitmap_portct_elem); 262 if (tb[IPSET_ATTR_TIMEOUT]) {
283 set->offset[IPSET_EXT_ID_TIMEOUT] =
284 offsetof(struct bitmap_portct_elem, timeout);
285 set->offset[IPSET_EXT_ID_COUNTER] =
286 offsetof(struct bitmap_portct_elem, counter);
287 if (!init_map_port(set, map, first_port, last_port)) {
288 kfree(map);
289 return -ENOMEM;
290 }
291
292 set->timeout =
293 ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
294 set->extensions |= IPSET_EXT_TIMEOUT;
295 bitmap_port_gc_init(set, bitmap_port_gc);
296 } else {
297 set->dsize = sizeof(struct bitmap_portc_elem);
298 set->offset[IPSET_EXT_ID_COUNTER] =
299 offsetof(struct bitmap_portc_elem, counter);
300 if (!init_map_port(set, map, first_port, last_port)) {
301 kfree(map);
302 return -ENOMEM;
303 }
304 }
305 } else if (tb[IPSET_ATTR_TIMEOUT]) {
306 set->dsize = sizeof(struct bitmap_portt_elem);
307 set->offset[IPSET_EXT_ID_TIMEOUT] =
308 offsetof(struct bitmap_portt_elem, timeout);
309 if (!init_map_port(set, map, first_port, last_port)) {
310 kfree(map);
311 return -ENOMEM;
312 }
313
314 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 263 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
315 set->extensions |= IPSET_EXT_TIMEOUT;
316 bitmap_port_gc_init(set, bitmap_port_gc); 264 bitmap_port_gc_init(set, bitmap_port_gc);
317 } else {
318 set->dsize = 0;
319 if (!init_map_port(set, map, first_port, last_port)) {
320 kfree(map);
321 return -ENOMEM;
322 }
323
324 } 265 }
325 return 0; 266 return 0;
326} 267}
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 428c30a8586f..f35afed3814f 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -315,6 +315,52 @@ ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr)
315} 315}
316EXPORT_SYMBOL_GPL(ip_set_get_ipaddr6); 316EXPORT_SYMBOL_GPL(ip_set_get_ipaddr6);
317 317
318/* ipset data extension types, in size order */
319
320const struct ip_set_ext_type ip_set_extensions[] = {
321 [IPSET_EXT_ID_COUNTER] = {
322 .type = IPSET_EXT_COUNTER,
323 .flag = IPSET_FLAG_WITH_COUNTERS,
324 .len = sizeof(struct ip_set_counter),
325 .align = __alignof__(struct ip_set_counter),
326 },
327 [IPSET_EXT_ID_TIMEOUT] = {
328 .type = IPSET_EXT_TIMEOUT,
329 .len = sizeof(unsigned long),
330 .align = __alignof__(unsigned long),
331 },
332};
333EXPORT_SYMBOL_GPL(ip_set_extensions);
334
335static inline bool
336add_extension(enum ip_set_ext_id id, u32 flags, struct nlattr *tb[])
337{
338 return ip_set_extensions[id].flag ?
339 (flags & ip_set_extensions[id].flag) :
340 !!tb[IPSET_ATTR_TIMEOUT];
341}
342
343size_t
344ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
345{
346 enum ip_set_ext_id id;
347 size_t offset = 0;
348 u32 cadt_flags = 0;
349
350 if (tb[IPSET_ATTR_CADT_FLAGS])
351 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
352 for (id = 0; id < IPSET_EXT_ID_MAX; id++) {
353 if (!add_extension(id, cadt_flags, tb))
354 continue;
355 offset += ALIGN(len + offset, ip_set_extensions[id].align);
356 set->offset[id] = offset;
357 set->extensions |= ip_set_extensions[id].type;
358 offset += ip_set_extensions[id].len;
359 }
360 return len + offset;
361}
362EXPORT_SYMBOL_GPL(ip_set_elem_len);
363
318int 364int
319ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], 365ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
320 struct ip_set_ext *ext) 366 struct ip_set_ext *ext)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 0cb840e1f8ae..3999f1719f69 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -960,7 +960,6 @@ static int
960IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) 960IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
961{ 961{
962 u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; 962 u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
963 u32 cadt_flags = 0;
964 u8 hbits; 963 u8 hbits;
965#ifdef IP_SET_HASH_WITH_NETMASK 964#ifdef IP_SET_HASH_WITH_NETMASK
966 u8 netmask; 965 u8 netmask;
@@ -1034,88 +1033,23 @@ IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
1034 rcu_assign_pointer(h->table, t); 1033 rcu_assign_pointer(h->table, t);
1035 1034
1036 set->data = h; 1035 set->data = h;
1037 if (set->family == NFPROTO_IPV4) 1036 if (set->family == NFPROTO_IPV4) {
1038 set->variant = &IPSET_TOKEN(HTYPE, 4_variant); 1037 set->variant = &IPSET_TOKEN(HTYPE, 4_variant);
1039 else 1038 set->dsize = ip_set_elem_len(set, tb,
1039 sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)));
1040 } else {
1040 set->variant = &IPSET_TOKEN(HTYPE, 6_variant); 1041 set->variant = &IPSET_TOKEN(HTYPE, 6_variant);
1041 1042 set->dsize = ip_set_elem_len(set, tb,
1042 if (tb[IPSET_ATTR_CADT_FLAGS]) 1043 sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)));
1043 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 1044 }
1044 if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { 1045 if (tb[IPSET_ATTR_TIMEOUT]) {
1045 set->extensions |= IPSET_EXT_COUNTER;
1046 if (tb[IPSET_ATTR_TIMEOUT]) {
1047 set->timeout =
1048 ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
1049 set->extensions |= IPSET_EXT_TIMEOUT;
1050 if (set->family == NFPROTO_IPV4) {
1051 set->dsize = sizeof(struct
1052 IPSET_TOKEN(HTYPE, 4ct_elem));
1053 set->offset[IPSET_EXT_ID_TIMEOUT] =
1054 offsetof(struct
1055 IPSET_TOKEN(HTYPE, 4ct_elem),
1056 timeout);
1057 set->offset[IPSET_EXT_ID_COUNTER] =
1058 offsetof(struct
1059 IPSET_TOKEN(HTYPE, 4ct_elem),
1060 counter);
1061 IPSET_TOKEN(HTYPE, 4_gc_init)(set,
1062 IPSET_TOKEN(HTYPE, 4_gc));
1063 } else {
1064 set->dsize = sizeof(struct
1065 IPSET_TOKEN(HTYPE, 6ct_elem));
1066 set->offset[IPSET_EXT_ID_TIMEOUT] =
1067 offsetof(struct
1068 IPSET_TOKEN(HTYPE, 6ct_elem),
1069 timeout);
1070 set->offset[IPSET_EXT_ID_COUNTER] =
1071 offsetof(struct
1072 IPSET_TOKEN(HTYPE, 6ct_elem),
1073 counter);
1074 IPSET_TOKEN(HTYPE, 6_gc_init)(set,
1075 IPSET_TOKEN(HTYPE, 6_gc));
1076 }
1077 } else {
1078 if (set->family == NFPROTO_IPV4) {
1079 set->dsize =
1080 sizeof(struct
1081 IPSET_TOKEN(HTYPE, 4c_elem));
1082 set->offset[IPSET_EXT_ID_COUNTER] =
1083 offsetof(struct
1084 IPSET_TOKEN(HTYPE, 4c_elem),
1085 counter);
1086 } else {
1087 set->dsize =
1088 sizeof(struct
1089 IPSET_TOKEN(HTYPE, 6c_elem));
1090 set->offset[IPSET_EXT_ID_COUNTER] =
1091 offsetof(struct
1092 IPSET_TOKEN(HTYPE, 6c_elem),
1093 counter);
1094 }
1095 }
1096 } else if (tb[IPSET_ATTR_TIMEOUT]) {
1097 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); 1046 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
1098 set->extensions |= IPSET_EXT_TIMEOUT; 1047 if (set->family == NFPROTO_IPV4)
1099 if (set->family == NFPROTO_IPV4) {
1100 set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 4t_elem));
1101 set->offset[IPSET_EXT_ID_TIMEOUT] =
1102 offsetof(struct IPSET_TOKEN(HTYPE, 4t_elem),
1103 timeout);
1104 IPSET_TOKEN(HTYPE, 4_gc_init)(set, 1048 IPSET_TOKEN(HTYPE, 4_gc_init)(set,
1105 IPSET_TOKEN(HTYPE, 4_gc)); 1049 IPSET_TOKEN(HTYPE, 4_gc));
1106 } else { 1050 else
1107 set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 6t_elem));
1108 set->offset[IPSET_EXT_ID_TIMEOUT] =
1109 offsetof(struct IPSET_TOKEN(HTYPE, 6t_elem),
1110 timeout);
1111 IPSET_TOKEN(HTYPE, 6_gc_init)(set, 1051 IPSET_TOKEN(HTYPE, 6_gc_init)(set,
1112 IPSET_TOKEN(HTYPE, 6_gc)); 1052 IPSET_TOKEN(HTYPE, 6_gc));
1113 }
1114 } else {
1115 if (set->family == NFPROTO_IPV4)
1116 set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 4_elem));
1117 else
1118 set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 6_elem));
1119 } 1053 }
1120 1054
1121 pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", 1055 pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n",
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index bbde7c304622..a111ffe40b46 100644
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -35,7 +35,7 @@ MODULE_ALIAS("ip_set_hash:ip");
35#define HTYPE hash_ip 35#define HTYPE hash_ip
36#define IP_SET_HASH_WITH_NETMASK 36#define IP_SET_HASH_WITH_NETMASK
37 37
38/* IPv4 variants */ 38/* IPv4 variant */
39 39
40/* Member elements */ 40/* Member elements */
41struct hash_ip4_elem { 41struct hash_ip4_elem {
@@ -43,22 +43,6 @@ struct hash_ip4_elem {
43 __be32 ip; 43 __be32 ip;
44}; 44};
45 45
46struct hash_ip4t_elem {
47 __be32 ip;
48 unsigned long timeout;
49};
50
51struct hash_ip4c_elem {
52 __be32 ip;
53 struct ip_set_counter counter;
54};
55
56struct hash_ip4ct_elem {
57 __be32 ip;
58 struct ip_set_counter counter;
59 unsigned long timeout;
60};
61
62/* Common functions */ 46/* Common functions */
63 47
64static inline bool 48static inline bool
@@ -178,29 +162,13 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
178 return ret; 162 return ret;
179} 163}
180 164
181/* IPv6 variants */ 165/* IPv6 variant */
182 166
183/* Member elements */ 167/* Member elements */
184struct hash_ip6_elem { 168struct hash_ip6_elem {
185 union nf_inet_addr ip; 169 union nf_inet_addr ip;
186}; 170};
187 171
188struct hash_ip6t_elem {
189 union nf_inet_addr ip;
190 unsigned long timeout;
191};
192
193struct hash_ip6c_elem {
194 union nf_inet_addr ip;
195 struct ip_set_counter counter;
196};
197
198struct hash_ip6ct_elem {
199 union nf_inet_addr ip;
200 struct ip_set_counter counter;
201 unsigned long timeout;
202};
203
204/* Common functions */ 172/* Common functions */
205 173
206static inline bool 174static inline bool
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c
index dd175d6f3965..5dc735c4dac2 100644
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -36,7 +36,7 @@ MODULE_ALIAS("ip_set_hash:ip,port");
36/* Type specific function prefix */ 36/* Type specific function prefix */
37#define HTYPE hash_ipport 37#define HTYPE hash_ipport
38 38
39/* IPv4 variants */ 39/* IPv4 variant */
40 40
41/* Member elements */ 41/* Member elements */
42struct hash_ipport4_elem { 42struct hash_ipport4_elem {
@@ -46,31 +46,6 @@ struct hash_ipport4_elem {
46 u8 padding; 46 u8 padding;
47}; 47};
48 48
49struct hash_ipport4t_elem {
50 __be32 ip;
51 __be16 port;
52 u8 proto;
53 u8 padding;
54 unsigned long timeout;
55};
56
57struct hash_ipport4c_elem {
58 __be32 ip;
59 __be16 port;
60 u8 proto;
61 u8 padding;
62 struct ip_set_counter counter;
63};
64
65struct hash_ipport4ct_elem {
66 __be32 ip;
67 __be16 port;
68 u8 proto;
69 u8 padding;
70 struct ip_set_counter counter;
71 unsigned long timeout;
72};
73
74/* Common functions */ 49/* Common functions */
75 50
76static inline bool 51static inline bool
@@ -221,7 +196,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
221 return ret; 196 return ret;
222} 197}
223 198
224/* IPv6 variants */ 199/* IPv6 variant */
225 200
226struct hash_ipport6_elem { 201struct hash_ipport6_elem {
227 union nf_inet_addr ip; 202 union nf_inet_addr ip;
@@ -230,31 +205,6 @@ struct hash_ipport6_elem {
230 u8 padding; 205 u8 padding;
231}; 206};
232 207
233struct hash_ipport6t_elem {
234 union nf_inet_addr ip;
235 __be16 port;
236 u8 proto;
237 u8 padding;
238 unsigned long timeout;
239};
240
241struct hash_ipport6c_elem {
242 union nf_inet_addr ip;
243 __be16 port;
244 u8 proto;
245 u8 padding;
246 struct ip_set_counter counter;
247};
248
249struct hash_ipport6ct_elem {
250 union nf_inet_addr ip;
251 __be16 port;
252 u8 proto;
253 u8 padding;
254 struct ip_set_counter counter;
255 unsigned long timeout;
256};
257
258/* Common functions */ 208/* Common functions */
259 209
260static inline bool 210static inline bool
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c
index 87a2cfab2568..8c43dc7811cb 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -36,7 +36,7 @@ MODULE_ALIAS("ip_set_hash:ip,port,ip");
36/* Type specific function prefix */ 36/* Type specific function prefix */
37#define HTYPE hash_ipportip 37#define HTYPE hash_ipportip
38 38
39/* IPv4 variants */ 39/* IPv4 variant */
40 40
41/* Member elements */ 41/* Member elements */
42struct hash_ipportip4_elem { 42struct hash_ipportip4_elem {
@@ -47,34 +47,6 @@ struct hash_ipportip4_elem {
47 u8 padding; 47 u8 padding;
48}; 48};
49 49
50struct hash_ipportip4t_elem {
51 __be32 ip;
52 __be32 ip2;
53 __be16 port;
54 u8 proto;
55 u8 padding;
56 unsigned long timeout;
57};
58
59struct hash_ipportip4c_elem {
60 __be32 ip;
61 __be32 ip2;
62 __be16 port;
63 u8 proto;
64 u8 padding;
65 struct ip_set_counter counter;
66};
67
68struct hash_ipportip4ct_elem {
69 __be32 ip;
70 __be32 ip2;
71 __be16 port;
72 u8 proto;
73 u8 padding;
74 struct ip_set_counter counter;
75 unsigned long timeout;
76};
77
78static inline bool 50static inline bool
79hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1, 51hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1,
80 const struct hash_ipportip4_elem *ip2, 52 const struct hash_ipportip4_elem *ip2,
@@ -230,7 +202,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
230 return ret; 202 return ret;
231} 203}
232 204
233/* IPv6 variants */ 205/* IPv6 variant */
234 206
235struct hash_ipportip6_elem { 207struct hash_ipportip6_elem {
236 union nf_inet_addr ip; 208 union nf_inet_addr ip;
@@ -240,34 +212,6 @@ struct hash_ipportip6_elem {
240 u8 padding; 212 u8 padding;
241}; 213};
242 214
243struct hash_ipportip6t_elem {
244 union nf_inet_addr ip;
245 union nf_inet_addr ip2;
246 __be16 port;
247 u8 proto;
248 u8 padding;
249 unsigned long timeout;
250};
251
252struct hash_ipportip6c_elem {
253 union nf_inet_addr ip;
254 union nf_inet_addr ip2;
255 __be16 port;
256 u8 proto;
257 u8 padding;
258 struct ip_set_counter counter;
259};
260
261struct hash_ipportip6ct_elem {
262 union nf_inet_addr ip;
263 union nf_inet_addr ip2;
264 __be16 port;
265 u8 proto;
266 u8 padding;
267 struct ip_set_counter counter;
268 unsigned long timeout;
269};
270
271/* Common functions */ 215/* Common functions */
272 216
273static inline bool 217static inline bool
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 0b9a28d7c740..34890452366c 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -46,7 +46,7 @@ MODULE_ALIAS("ip_set_hash:ip,port,net");
46#define IP_SET_HASH_WITH_PROTO 46#define IP_SET_HASH_WITH_PROTO
47#define IP_SET_HASH_WITH_NETS 47#define IP_SET_HASH_WITH_NETS
48 48
49/* IPv4 variants */ 49/* IPv4 variant */
50 50
51/* Member elements */ 51/* Member elements */
52struct hash_ipportnet4_elem { 52struct hash_ipportnet4_elem {
@@ -58,37 +58,6 @@ struct hash_ipportnet4_elem {
58 u8 proto; 58 u8 proto;
59}; 59};
60 60
61struct hash_ipportnet4t_elem {
62 __be32 ip;
63 __be32 ip2;
64 __be16 port;
65 u8 cidr:7;
66 u8 nomatch:1;
67 u8 proto;
68 unsigned long timeout;
69};
70
71struct hash_ipportnet4c_elem {
72 __be32 ip;
73 __be32 ip2;
74 __be16 port;
75 u8 cidr:7;
76 u8 nomatch:1;
77 u8 proto;
78 struct ip_set_counter counter;
79};
80
81struct hash_ipportnet4ct_elem {
82 __be32 ip;
83 __be32 ip2;
84 __be16 port;
85 u8 cidr:7;
86 u8 nomatch:1;
87 u8 proto;
88 struct ip_set_counter counter;
89 unsigned long timeout;
90};
91
92/* Common functions */ 61/* Common functions */
93 62
94static inline bool 63static inline bool
@@ -328,7 +297,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
328 return ret; 297 return ret;
329} 298}
330 299
331/* IPv6 variants */ 300/* IPv6 variant */
332 301
333struct hash_ipportnet6_elem { 302struct hash_ipportnet6_elem {
334 union nf_inet_addr ip; 303 union nf_inet_addr ip;
@@ -339,37 +308,6 @@ struct hash_ipportnet6_elem {
339 u8 proto; 308 u8 proto;
340}; 309};
341 310
342struct hash_ipportnet6t_elem {
343 union nf_inet_addr ip;
344 union nf_inet_addr ip2;
345 __be16 port;
346 u8 cidr:7;
347 u8 nomatch:1;
348 u8 proto;
349 unsigned long timeout;
350};
351
352struct hash_ipportnet6c_elem {
353 union nf_inet_addr ip;
354 union nf_inet_addr ip2;
355 __be16 port;
356 u8 cidr:7;
357 u8 nomatch:1;
358 u8 proto;
359 struct ip_set_counter counter;
360};
361
362struct hash_ipportnet6ct_elem {
363 union nf_inet_addr ip;
364 union nf_inet_addr ip2;
365 __be16 port;
366 u8 cidr:7;
367 u8 nomatch:1;
368 u8 proto;
369 struct ip_set_counter counter;
370 unsigned long timeout;
371};
372
373/* Common functions */ 311/* Common functions */
374 312
375static inline bool 313static inline bool
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index 1d4caa50dacb..d5598557f4a9 100644
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -36,7 +36,7 @@ MODULE_ALIAS("ip_set_hash:net");
36#define HTYPE hash_net 36#define HTYPE hash_net
37#define IP_SET_HASH_WITH_NETS 37#define IP_SET_HASH_WITH_NETS
38 38
39/* IPv4 variants */ 39/* IPv4 variant */
40 40
41/* Member elements */ 41/* Member elements */
42struct hash_net4_elem { 42struct hash_net4_elem {
@@ -46,31 +46,6 @@ struct hash_net4_elem {
46 u8 cidr; 46 u8 cidr;
47}; 47};
48 48
49struct hash_net4t_elem {
50 __be32 ip;
51 u16 padding0;
52 u8 nomatch;
53 u8 cidr;
54 unsigned long timeout;
55};
56
57struct hash_net4c_elem {
58 __be32 ip;
59 u16 padding0;
60 u8 nomatch;
61 u8 cidr;
62 struct ip_set_counter counter;
63};
64
65struct hash_net4ct_elem {
66 __be32 ip;
67 u16 padding0;
68 u8 nomatch;
69 u8 cidr;
70 struct ip_set_counter counter;
71 unsigned long timeout;
72};
73
74/* Common functions */ 49/* Common functions */
75 50
76static inline bool 51static inline bool
@@ -228,7 +203,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
228 return ret; 203 return ret;
229} 204}
230 205
231/* IPv6 variants */ 206/* IPv6 variant */
232 207
233struct hash_net6_elem { 208struct hash_net6_elem {
234 union nf_inet_addr ip; 209 union nf_inet_addr ip;
@@ -237,31 +212,6 @@ struct hash_net6_elem {
237 u8 cidr; 212 u8 cidr;
238}; 213};
239 214
240struct hash_net6t_elem {
241 union nf_inet_addr ip;
242 u16 padding0;
243 u8 nomatch;
244 u8 cidr;
245 unsigned long timeout;
246};
247
248struct hash_net6c_elem {
249 union nf_inet_addr ip;
250 u16 padding0;
251 u8 nomatch;
252 u8 cidr;
253 struct ip_set_counter counter;
254};
255
256struct hash_net6ct_elem {
257 union nf_inet_addr ip;
258 u16 padding0;
259 u8 nomatch;
260 u8 cidr;
261 struct ip_set_counter counter;
262 unsigned long timeout;
263};
264
265/* Common functions */ 215/* Common functions */
266 216
267static inline bool 217static inline bool
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index 2f0ffe35c408..26703e9e5082 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -134,7 +134,7 @@ iface_add(struct rb_root *root, const char **iface)
134 134
135#define STREQ(a, b) (strcmp(a, b) == 0) 135#define STREQ(a, b) (strcmp(a, b) == 0)
136 136
137/* IPv4 variants */ 137/* IPv4 variant */
138 138
139struct hash_netiface4_elem_hashed { 139struct hash_netiface4_elem_hashed {
140 __be32 ip; 140 __be32 ip;
@@ -144,7 +144,7 @@ struct hash_netiface4_elem_hashed {
144 u8 elem; 144 u8 elem;
145}; 145};
146 146
147/* Member elements without timeout */ 147/* Member elements */
148struct hash_netiface4_elem { 148struct hash_netiface4_elem {
149 __be32 ip; 149 __be32 ip;
150 u8 physdev; 150 u8 physdev;
@@ -154,37 +154,6 @@ struct hash_netiface4_elem {
154 const char *iface; 154 const char *iface;
155}; 155};
156 156
157struct hash_netiface4t_elem {
158 __be32 ip;
159 u8 physdev;
160 u8 cidr;
161 u8 nomatch;
162 u8 elem;
163 const char *iface;
164 unsigned long timeout;
165};
166
167struct hash_netiface4c_elem {
168 __be32 ip;
169 u8 physdev;
170 u8 cidr;
171 u8 nomatch;
172 u8 elem;
173 const char *iface;
174 struct ip_set_counter counter;
175};
176
177struct hash_netiface4ct_elem {
178 __be32 ip;
179 u8 physdev;
180 u8 cidr;
181 u8 nomatch;
182 u8 elem;
183 const char *iface;
184 struct ip_set_counter counter;
185 unsigned long timeout;
186};
187
188/* Common functions */ 157/* Common functions */
189 158
190static inline bool 159static inline bool
@@ -399,7 +368,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
399 return ret; 368 return ret;
400} 369}
401 370
402/* IPv6 variants */ 371/* IPv6 variant */
403 372
404struct hash_netiface6_elem_hashed { 373struct hash_netiface6_elem_hashed {
405 union nf_inet_addr ip; 374 union nf_inet_addr ip;
@@ -418,37 +387,6 @@ struct hash_netiface6_elem {
418 const char *iface; 387 const char *iface;
419}; 388};
420 389
421struct hash_netiface6t_elem {
422 union nf_inet_addr ip;
423 u8 physdev;
424 u8 cidr;
425 u8 nomatch;
426 u8 elem;
427 const char *iface;
428 unsigned long timeout;
429};
430
431struct hash_netiface6c_elem {
432 union nf_inet_addr ip;
433 u8 physdev;
434 u8 cidr;
435 u8 nomatch;
436 u8 elem;
437 const char *iface;
438 struct ip_set_counter counter;
439};
440
441struct hash_netiface6ct_elem {
442 union nf_inet_addr ip;
443 u8 physdev;
444 u8 cidr;
445 u8 nomatch;
446 u8 elem;
447 const char *iface;
448 struct ip_set_counter counter;
449 unsigned long timeout;
450};
451
452/* Common functions */ 390/* Common functions */
453 391
454static inline bool 392static inline bool
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index cab236625f97..45b6e91b0636 100644
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -45,7 +45,7 @@ MODULE_ALIAS("ip_set_hash:net,port");
45 */ 45 */
46#define IP_SET_HASH_WITH_NETS_PACKED 46#define IP_SET_HASH_WITH_NETS_PACKED
47 47
48/* IPv4 variants */ 48/* IPv4 variant */
49 49
50/* Member elements */ 50/* Member elements */
51struct hash_netport4_elem { 51struct hash_netport4_elem {
@@ -56,34 +56,6 @@ struct hash_netport4_elem {
56 u8 nomatch:1; 56 u8 nomatch:1;
57}; 57};
58 58
59struct hash_netport4t_elem {
60 __be32 ip;
61 __be16 port;
62 u8 proto;
63 u8 cidr:7;
64 u8 nomatch:1;
65 unsigned long timeout;
66};
67
68struct hash_netport4c_elem {
69 __be32 ip;
70 __be16 port;
71 u8 proto;
72 u8 cidr:7;
73 u8 nomatch:1;
74 struct ip_set_counter counter;
75};
76
77struct hash_netport4ct_elem {
78 __be32 ip;
79 __be16 port;
80 u8 proto;
81 u8 cidr:7;
82 u8 nomatch:1;
83 struct ip_set_counter counter;
84 unsigned long timeout;
85};
86
87/* Common functions */ 59/* Common functions */
88 60
89static inline bool 61static inline bool
@@ -287,7 +259,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
287 return ret; 259 return ret;
288} 260}
289 261
290/* IPv6 variants */ 262/* IPv6 variant */
291 263
292struct hash_netport6_elem { 264struct hash_netport6_elem {
293 union nf_inet_addr ip; 265 union nf_inet_addr ip;
@@ -297,34 +269,6 @@ struct hash_netport6_elem {
297 u8 nomatch:1; 269 u8 nomatch:1;
298}; 270};
299 271
300struct hash_netport6t_elem {
301 union nf_inet_addr ip;
302 __be16 port;
303 u8 proto;
304 u8 cidr:7;
305 u8 nomatch:1;
306 unsigned long timeout;
307};
308
309struct hash_netport6c_elem {
310 union nf_inet_addr ip;
311 __be16 port;
312 u8 proto;
313 u8 cidr:7;
314 u8 nomatch:1;
315 struct ip_set_counter counter;
316};
317
318struct hash_netport6ct_elem {
319 union nf_inet_addr ip;
320 __be16 port;
321 u8 proto;
322 u8 cidr:7;
323 u8 nomatch:1;
324 struct ip_set_counter counter;
325 unsigned long timeout;
326};
327
328/* Common functions */ 272/* Common functions */
329 273
330static inline bool 274static inline bool
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index f22d05d6e366..7fd11c79aff4 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -28,28 +28,6 @@ struct set_elem {
28 ip_set_id_t id; 28 ip_set_id_t id;
29}; 29};
30 30
31struct sett_elem {
32 struct {
33 ip_set_id_t id;
34 } __attribute__ ((aligned));
35 unsigned long timeout;
36};
37
38struct setc_elem {
39 struct {
40 ip_set_id_t id;
41 } __attribute__ ((aligned));
42 struct ip_set_counter counter;
43};
44
45struct setct_elem {
46 struct {
47 ip_set_id_t id;
48 } __attribute__ ((aligned));
49 struct ip_set_counter counter;
50 unsigned long timeout;
51};
52
53struct set_adt_elem { 31struct set_adt_elem {
54 ip_set_id_t id; 32 ip_set_id_t id;
55 ip_set_id_t refid; 33 ip_set_id_t refid;
@@ -600,21 +578,18 @@ list_set_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set))
600 578
601/* Create list:set type of sets */ 579/* Create list:set type of sets */
602 580
603static struct list_set * 581static bool
604init_list_set(struct ip_set *set, u32 size, size_t dsize, 582init_list_set(struct ip_set *set, u32 size)
605 unsigned long timeout)
606{ 583{
607 struct list_set *map; 584 struct list_set *map;
608 struct set_elem *e; 585 struct set_elem *e;
609 u32 i; 586 u32 i;
610 587
611 map = kzalloc(sizeof(*map) + size * dsize, GFP_KERNEL); 588 map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL);
612 if (!map) 589 if (!map)
613 return NULL; 590 return false;
614 591
615 map->size = size; 592 map->size = size;
616 set->dsize = dsize;
617 set->timeout = timeout;
618 set->data = map; 593 set->data = map;
619 594
620 for (i = 0; i < size; i++) { 595 for (i = 0; i < size; i++) {
@@ -622,15 +597,13 @@ init_list_set(struct ip_set *set, u32 size, size_t dsize,
622 e->id = IPSET_INVALID_ID; 597 e->id = IPSET_INVALID_ID;
623 } 598 }
624 599
625 return map; 600 return true;
626} 601}
627 602
628static int 603static int
629list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) 604list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
630{ 605{
631 struct list_set *map; 606 u32 size = IP_SET_LIST_DEFAULT_SIZE;
632 u32 size = IP_SET_LIST_DEFAULT_SIZE, cadt_flags = 0;
633 unsigned long timeout = 0;
634 607
635 if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) || 608 if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) ||
636 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || 609 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
@@ -642,45 +615,13 @@ list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
642 if (size < IP_SET_LIST_MIN_SIZE) 615 if (size < IP_SET_LIST_MIN_SIZE)
643 size = IP_SET_LIST_MIN_SIZE; 616 size = IP_SET_LIST_MIN_SIZE;
644 617
645 if (tb[IPSET_ATTR_CADT_FLAGS])
646 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
647 if (tb[IPSET_ATTR_TIMEOUT])
648 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
649 set->variant = &set_variant; 618 set->variant = &set_variant;
650 if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { 619 set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem));
651 set->extensions |= IPSET_EXT_COUNTER; 620 if (!init_list_set(set, size))
652 if (tb[IPSET_ATTR_TIMEOUT]) { 621 return -ENOMEM;
653 map = init_list_set(set, size, 622 if (tb[IPSET_ATTR_TIMEOUT]) {
654 sizeof(struct setct_elem), timeout); 623 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
655 if (!map)
656 return -ENOMEM;
657 set->extensions |= IPSET_EXT_TIMEOUT;
658 set->offset[IPSET_EXT_ID_TIMEOUT] =
659 offsetof(struct setct_elem, timeout);
660 set->offset[IPSET_EXT_ID_COUNTER] =
661 offsetof(struct setct_elem, counter);
662 list_set_gc_init(set, list_set_gc);
663 } else {
664 map = init_list_set(set, size,
665 sizeof(struct setc_elem), 0);
666 if (!map)
667 return -ENOMEM;
668 set->offset[IPSET_EXT_ID_COUNTER] =
669 offsetof(struct setc_elem, counter);
670 }
671 } else if (tb[IPSET_ATTR_TIMEOUT]) {
672 map = init_list_set(set, size,
673 sizeof(struct sett_elem), timeout);
674 if (!map)
675 return -ENOMEM;
676 set->extensions |= IPSET_EXT_TIMEOUT;
677 set->offset[IPSET_EXT_ID_TIMEOUT] =
678 offsetof(struct sett_elem, timeout);
679 list_set_gc_init(set, list_set_gc); 624 list_set_gc_init(set, list_set_gc);
680 } else {
681 map = init_list_set(set, size, sizeof(struct set_elem), 0);
682 if (!map)
683 return -ENOMEM;
684 } 625 }
685 return 0; 626 return 0;
686} 627}
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-13 23:24:05 -0400