diff options
author | Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> | 2013-09-22 14:56:33 -0400 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-30 15:33:29 -0400 |
commit | 81b10bb4bd16ea975c007f9bb2c2676cef6ade10 (patch) | |
tree | bfa791867f0eae219f1faf967dc7d11445918edc /net | |
parent | b90cb8ba19dac9b98add5e64adb583fccbf63f94 (diff) |
netfilter: ipset: Support comments in the list-type ipset.
This provides kernel support for creating list ipsets with the comment
annotation extension.
Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/ipset/ip_set_list_set.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c index 30bf1dd11f04..f9681dcf7476 100644 --- a/net/netfilter/ipset/ip_set_list_set.c +++ b/net/netfilter/ipset/ip_set_list_set.c | |||
@@ -16,7 +16,8 @@ | |||
16 | #include <linux/netfilter/ipset/ip_set_list.h> | 16 | #include <linux/netfilter/ipset/ip_set_list.h> |
17 | 17 | ||
18 | #define IPSET_TYPE_REV_MIN 0 | 18 | #define IPSET_TYPE_REV_MIN 0 |
19 | #define IPSET_TYPE_REV_MAX 1 /* Counters support added */ | 19 | /* 1 Counters support added */ |
20 | #define IPSET_TYPE_REV_MAX 2 /* Comments support added */ | ||
20 | 21 | ||
21 | MODULE_LICENSE("GPL"); | 22 | MODULE_LICENSE("GPL"); |
22 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 23 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
@@ -191,6 +192,8 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d, | |||
191 | ip_set_timeout_set(ext_timeout(e, set), ext->timeout); | 192 | ip_set_timeout_set(ext_timeout(e, set), ext->timeout); |
192 | if (SET_WITH_COUNTER(set)) | 193 | if (SET_WITH_COUNTER(set)) |
193 | ip_set_init_counter(ext_counter(e, set), ext); | 194 | ip_set_init_counter(ext_counter(e, set), ext); |
195 | if (SET_WITH_COMMENT(set) && ext->comment) | ||
196 | ip_set_init_comment(ext_comment(e, set), ext); | ||
194 | return 0; | 197 | return 0; |
195 | } | 198 | } |
196 | 199 | ||
@@ -299,6 +302,8 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |||
299 | ip_set_timeout_set(ext_timeout(e, set), ext->timeout); | 302 | ip_set_timeout_set(ext_timeout(e, set), ext->timeout); |
300 | if (SET_WITH_COUNTER(set)) | 303 | if (SET_WITH_COUNTER(set)) |
301 | ip_set_init_counter(ext_counter(e, set), ext); | 304 | ip_set_init_counter(ext_counter(e, set), ext); |
305 | if (SET_WITH_COMMENT(set)) | ||
306 | ip_set_init_comment(ext_comment(e, set), ext); | ||
302 | /* Set is already added to the list */ | 307 | /* Set is already added to the list */ |
303 | ip_set_put_byindex(d->id); | 308 | ip_set_put_byindex(d->id); |
304 | return 0; | 309 | return 0; |
@@ -461,15 +466,12 @@ list_set_head(struct ip_set *set, struct sk_buff *skb) | |||
461 | if (!nested) | 466 | if (!nested) |
462 | goto nla_put_failure; | 467 | goto nla_put_failure; |
463 | if (nla_put_net32(skb, IPSET_ATTR_SIZE, htonl(map->size)) || | 468 | if (nla_put_net32(skb, IPSET_ATTR_SIZE, htonl(map->size)) || |
464 | (SET_WITH_TIMEOUT(set) && | ||
465 | nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(set->timeout))) || | ||
466 | (SET_WITH_COUNTER(set) && | ||
467 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, | ||
468 | htonl(IPSET_FLAG_WITH_COUNTERS))) || | ||
469 | nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | 469 | nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || |
470 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, | 470 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, |
471 | htonl(sizeof(*map) + map->size * set->dsize))) | 471 | htonl(sizeof(*map) + map->size * set->dsize))) |
472 | goto nla_put_failure; | 472 | goto nla_put_failure; |
473 | if (unlikely(ip_set_put_flags(skb, set))) | ||
474 | goto nla_put_failure; | ||
473 | ipset_nest_end(skb, nested); | 475 | ipset_nest_end(skb, nested); |
474 | 476 | ||
475 | return 0; | 477 | return 0; |
@@ -516,6 +518,9 @@ list_set_list(const struct ip_set *set, | |||
516 | if (SET_WITH_COUNTER(set) && | 518 | if (SET_WITH_COUNTER(set) && |
517 | ip_set_put_counter(skb, ext_counter(e, set))) | 519 | ip_set_put_counter(skb, ext_counter(e, set))) |
518 | goto nla_put_failure; | 520 | goto nla_put_failure; |
521 | if (SET_WITH_COMMENT(set) && | ||
522 | ip_set_put_comment(skb, ext_comment(e, set))) | ||
523 | goto nla_put_failure; | ||
519 | ipset_nest_end(skb, nested); | 524 | ipset_nest_end(skb, nested); |
520 | } | 525 | } |
521 | finish: | 526 | finish: |
@@ -660,6 +665,7 @@ static struct ip_set_type list_set_type __read_mostly = { | |||
660 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, | 665 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
661 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | 666 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
662 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | 667 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, |
668 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING }, | ||
663 | }, | 669 | }, |
664 | .me = THIS_MODULE, | 670 | .me = THIS_MODULE, |
665 | }; | 671 | }; |