diff options
| author | Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> | 2013-09-22 14:56:31 -0400 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-30 15:33:29 -0400 |
| commit | fda75c6d9e31a901e25b922e86c8fd505c899873 (patch) | |
| tree | 41dbcf84c9dadac6c91318f28e8ad206d5a4ce83 /net/netfilter | |
| parent | 81b10bb4bd16ea975c007f9bb2c2676cef6ade10 (diff) | |
netfilter: ipset: Support comments in hash-type ipsets.
This provides kernel support for creating ipsets with comment support.
This does incur a penalty to flushing/destroying an ipset since all
entries are walked in order to free the allocated strings, this penalty
is of course less expensive than the operation of listing an ipset to
userspace, so for general-purpose usage the overall impact is expected
to be little to none.
Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_gen.h | 14 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ip.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_net.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netiface.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netnet.c | 1 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 4 |
9 files changed, 30 insertions, 13 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index 6bd2eef4f5d0..6efb65569e88 100644 --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h | |||
| @@ -701,6 +701,8 @@ reuse_slot: | |||
| 701 | ip_set_timeout_set(ext_timeout(data, set), ext->timeout); | 701 | ip_set_timeout_set(ext_timeout(data, set), ext->timeout); |
| 702 | if (SET_WITH_COUNTER(set)) | 702 | if (SET_WITH_COUNTER(set)) |
| 703 | ip_set_init_counter(ext_counter(data, set), ext); | 703 | ip_set_init_counter(ext_counter(data, set), ext); |
| 704 | if (SET_WITH_COMMENT(set)) | ||
| 705 | ip_set_init_comment(ext_comment(data, set), ext); | ||
| 704 | 706 | ||
| 705 | out: | 707 | out: |
| 706 | rcu_read_unlock_bh(); | 708 | rcu_read_unlock_bh(); |
| @@ -908,12 +910,9 @@ mtype_head(struct ip_set *set, struct sk_buff *skb) | |||
| 908 | goto nla_put_failure; | 910 | goto nla_put_failure; |
| 909 | #endif | 911 | #endif |
| 910 | if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | 912 | if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || |
| 911 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) || | 913 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize))) |
| 912 | ((set->extensions & IPSET_EXT_TIMEOUT) && | 914 | goto nla_put_failure; |
| 913 | nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(set->timeout))) || | 915 | if (unlikely(ip_set_put_flags(skb, set))) |
| 914 | ((set->extensions & IPSET_EXT_COUNTER) && | ||
| 915 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, | ||
| 916 | htonl(IPSET_FLAG_WITH_COUNTERS)))) | ||
| 917 | goto nla_put_failure; | 916 | goto nla_put_failure; |
| 918 | ipset_nest_end(skb, nested); | 917 | ipset_nest_end(skb, nested); |
| 919 | 918 | ||
| @@ -970,6 +969,9 @@ mtype_list(const struct ip_set *set, | |||
| 970 | if (SET_WITH_COUNTER(set) && | 969 | if (SET_WITH_COUNTER(set) && |
| 971 | ip_set_put_counter(skb, ext_counter(e, set))) | 970 | ip_set_put_counter(skb, ext_counter(e, set))) |
| 972 | goto nla_put_failure; | 971 | goto nla_put_failure; |
| 972 | if (SET_WITH_COMMENT(set) && | ||
| 973 | ip_set_put_comment(skb, ext_comment(e, set))) | ||
| 974 | goto nla_put_failure; | ||
| 973 | ipset_nest_end(skb, nested); | 975 | ipset_nest_end(skb, nested); |
| 974 | } | 976 | } |
| 975 | } | 977 | } |
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index a111ffe40b46..e65fc2423d56 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c | |||
| @@ -24,7 +24,8 @@ | |||
| 24 | #include <linux/netfilter/ipset/ip_set_hash.h> | 24 | #include <linux/netfilter/ipset/ip_set_hash.h> |
| 25 | 25 | ||
| 26 | #define IPSET_TYPE_REV_MIN 0 | 26 | #define IPSET_TYPE_REV_MIN 0 |
| 27 | #define IPSET_TYPE_REV_MAX 1 /* Counters support */ | 27 | /* 1 Counters support */ |
| 28 | #define IPSET_TYPE_REV_MAX 2 /* Comments support */ | ||
| 28 | 29 | ||
| 29 | MODULE_LICENSE("GPL"); | 30 | MODULE_LICENSE("GPL"); |
| 30 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 31 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -292,6 +293,7 @@ static struct ip_set_type hash_ip_type __read_mostly = { | |||
| 292 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | 293 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, |
| 293 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 294 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 294 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 295 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 296 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 295 | }, | 297 | }, |
| 296 | .me = THIS_MODULE, | 298 | .me = THIS_MODULE, |
| 297 | }; | 299 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index 5dc735c4dac2..525a595dd1fe 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
| @@ -26,7 +26,8 @@ | |||
| 26 | 26 | ||
| 27 | #define IPSET_TYPE_REV_MIN 0 | 27 | #define IPSET_TYPE_REV_MIN 0 |
| 28 | /* 1 SCTP and UDPLITE support added */ | 28 | /* 1 SCTP and UDPLITE support added */ |
| 29 | #define IPSET_TYPE_REV_MAX 2 /* Counters support added */ | 29 | /* 2 Counters support added */ |
| 30 | #define IPSET_TYPE_REV_MAX 3 /* Comments support added */ | ||
| 30 | 31 | ||
| 31 | MODULE_LICENSE("GPL"); | 32 | MODULE_LICENSE("GPL"); |
| 32 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 33 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -367,6 +368,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = { | |||
| 367 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | 368 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, |
| 368 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 369 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 369 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 370 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 371 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 370 | }, | 372 | }, |
| 371 | .me = THIS_MODULE, | 373 | .me = THIS_MODULE, |
| 372 | }; | 374 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index 8c43dc7811cb..f5636631466e 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
| @@ -26,7 +26,8 @@ | |||
| 26 | 26 | ||
| 27 | #define IPSET_TYPE_REV_MIN 0 | 27 | #define IPSET_TYPE_REV_MIN 0 |
| 28 | /* 1 SCTP and UDPLITE support added */ | 28 | /* 1 SCTP and UDPLITE support added */ |
| 29 | #define IPSET_TYPE_REV_MAX 2 /* Counters support added */ | 29 | /* 2 Counters support added */ |
| 30 | #define IPSET_TYPE_REV_MAX 3 /* Comments support added */ | ||
| 30 | 31 | ||
| 31 | MODULE_LICENSE("GPL"); | 32 | MODULE_LICENSE("GPL"); |
| 32 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 33 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -379,6 +380,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { | |||
| 379 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | 380 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, |
| 380 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 381 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 381 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 382 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 383 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 382 | }, | 384 | }, |
| 383 | .me = THIS_MODULE, | 385 | .me = THIS_MODULE, |
| 384 | }; | 386 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index 34890452366c..5d87fe8a41ff 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
| @@ -28,7 +28,8 @@ | |||
| 28 | /* 1 SCTP and UDPLITE support added */ | 28 | /* 1 SCTP and UDPLITE support added */ |
| 29 | /* 2 Range as input support for IPv4 added */ | 29 | /* 2 Range as input support for IPv4 added */ |
| 30 | /* 3 nomatch flag support added */ | 30 | /* 3 nomatch flag support added */ |
| 31 | #define IPSET_TYPE_REV_MAX 4 /* Counters support added */ | 31 | /* 4 Counters support added */ |
| 32 | #define IPSET_TYPE_REV_MAX 5 /* Comments support added */ | ||
| 32 | 33 | ||
| 33 | MODULE_LICENSE("GPL"); | 34 | MODULE_LICENSE("GPL"); |
| 34 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 35 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -538,6 +539,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { | |||
| 538 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | 539 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, |
| 539 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 540 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 540 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 541 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 542 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 541 | }, | 543 | }, |
| 542 | .me = THIS_MODULE, | 544 | .me = THIS_MODULE, |
| 543 | }; | 545 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c index d5598557f4a9..8295cf4f9fdc 100644 --- a/net/netfilter/ipset/ip_set_hash_net.c +++ b/net/netfilter/ipset/ip_set_hash_net.c | |||
| @@ -25,7 +25,8 @@ | |||
| 25 | #define IPSET_TYPE_REV_MIN 0 | 25 | #define IPSET_TYPE_REV_MIN 0 |
| 26 | /* 1 Range as input support for IPv4 added */ | 26 | /* 1 Range as input support for IPv4 added */ |
| 27 | /* 2 nomatch flag support added */ | 27 | /* 2 nomatch flag support added */ |
| 28 | #define IPSET_TYPE_REV_MAX 3 /* Counters support added */ | 28 | /* 3 Counters support added */ |
| 29 | #define IPSET_TYPE_REV_MAX 4 /* Comments support added */ | ||
| 29 | 30 | ||
| 30 | MODULE_LICENSE("GPL"); | 31 | MODULE_LICENSE("GPL"); |
| 31 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 32 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -374,6 +375,7 @@ static struct ip_set_type hash_net_type __read_mostly = { | |||
| 374 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, | 375 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
| 375 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 376 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 376 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 377 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 378 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 377 | }, | 379 | }, |
| 378 | .me = THIS_MODULE, | 380 | .me = THIS_MODULE, |
| 379 | }; | 381 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c index 26703e9e5082..3f64a66bf5d9 100644 --- a/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/net/netfilter/ipset/ip_set_hash_netiface.c | |||
| @@ -26,7 +26,8 @@ | |||
| 26 | #define IPSET_TYPE_REV_MIN 0 | 26 | #define IPSET_TYPE_REV_MIN 0 |
| 27 | /* 1 nomatch flag support added */ | 27 | /* 1 nomatch flag support added */ |
| 28 | /* 2 /0 support added */ | 28 | /* 2 /0 support added */ |
| 29 | #define IPSET_TYPE_REV_MAX 3 /* Counters support added */ | 29 | /* 3 Counters support added */ |
| 30 | #define IPSET_TYPE_REV_MAX 4 /* Comments support added */ | ||
| 30 | 31 | ||
| 31 | MODULE_LICENSE("GPL"); | 32 | MODULE_LICENSE("GPL"); |
| 32 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 33 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -606,6 +607,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = { | |||
| 606 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | 607 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, |
| 607 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 608 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 608 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 609 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 610 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 609 | }, | 611 | }, |
| 610 | .me = THIS_MODULE, | 612 | .me = THIS_MODULE, |
| 611 | }; | 613 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_netnet.c b/net/netfilter/ipset/ip_set_hash_netnet.c index 771ce2b565a6..426032706ca9 100644 --- a/net/netfilter/ipset/ip_set_hash_netnet.c +++ b/net/netfilter/ipset/ip_set_hash_netnet.c | |||
| @@ -462,6 +462,7 @@ static struct ip_set_type hash_netnet_type __read_mostly = { | |||
| 462 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, | 462 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
| 463 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 463 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 464 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 464 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 465 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 465 | }, | 466 | }, |
| 466 | .me = THIS_MODULE, | 467 | .me = THIS_MODULE, |
| 467 | }; | 468 | }; |
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index 45b6e91b0636..7097fb0141bf 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c | |||
| @@ -27,7 +27,8 @@ | |||
| 27 | /* 1 SCTP and UDPLITE support added */ | 27 | /* 1 SCTP and UDPLITE support added */ |
| 28 | /* 2 Range as input support for IPv4 added */ | 28 | /* 2 Range as input support for IPv4 added */ |
| 29 | /* 3 nomatch flag support added */ | 29 | /* 3 nomatch flag support added */ |
| 30 | #define IPSET_TYPE_REV_MAX 4 /* Counters support added */ | 30 | /* 4 Counters support added */ |
| 31 | #define IPSET_TYPE_REV_MAX 5 /* Comments support added */ | ||
| 31 | 32 | ||
| 32 | MODULE_LICENSE("GPL"); | 33 | MODULE_LICENSE("GPL"); |
| 33 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 34 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
| @@ -486,6 +487,7 @@ static struct ip_set_type hash_netport_type __read_mostly = { | |||
| 486 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, | 487 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
| 487 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 488 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
| 488 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 489 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
| 490 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
| 489 | }, | 491 | }, |
| 490 | .me = THIS_MODULE, | 492 | .me = THIS_MODULE, |
| 491 | }; | 493 | }; |