Commit | Line | Data |
---|---|---|
1feab10d JK |
1 | /* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
2 | * | |
3 | * This program is free software; you can redistribute it and/or modify | |
4 | * it under the terms of the GNU General Public License version 2 as | |
5 | * published by the Free Software Foundation. | |
6 | */ | |
7 | ||
8 | #ifndef _IP_SET_HASH_GEN_H | |
9 | #define _IP_SET_HASH_GEN_H | |
10 | ||
11 | #include <linux/rcupdate.h> | |
12 | #include <linux/jhash.h> | |
13 | #include <linux/netfilter/ipset/ip_set_timeout.h> | |
14 | #ifndef rcu_dereference_bh | |
15 | #define rcu_dereference_bh(p) rcu_dereference(p) | |
16 | #endif | |
17 | ||
a0f28dc7 JK |
18 | #define rcu_dereference_bh_nfnl(p) rcu_dereference_bh_check(p, 1) |
19 | ||
1feab10d JK |
20 | /* Hashing which uses arrays to resolve clashing. The hash table is resized |
21 | * (doubled) when searching becomes too long. | |
22 | * Internally jhash is used with the assumption that the size of the | |
23 | * stored data is a multiple of sizeof(u32). If storage supports timeout, | |
24 | * the timeout field must be the last one in the data structure - that field | |
25 | * is ignored when computing the hash key. | |
26 | * | |
27 | * Readers and resizing | |
28 | * | |
29 | * Resizing can be triggered by userspace command only, and those | |
30 | * are serialized by the nfnl mutex. During resizing the set is | |
31 | * read-locked, so the only possible concurrent operations are | |
32 | * the kernel side readers. Those must be protected by proper RCU locking. | |
33 | */ | |
34 | ||
35 | /* Number of elements to store in an initial array block */ | |
36 | #define AHASH_INIT_SIZE 4 | |
37 | /* Max number of elements to store in an array block */ | |
38 | #define AHASH_MAX_SIZE (3*AHASH_INIT_SIZE) | |
39 | ||
40 | /* Max number of elements can be tuned */ | |
41 | #ifdef IP_SET_HASH_WITH_MULTI | |
42 | #define AHASH_MAX(h) ((h)->ahash_max) | |
43 | ||
44 | static inline u8 | |
45 | tune_ahash_max(u8 curr, u32 multi) | |
46 | { | |
47 | u32 n; | |
48 | ||
49 | if (multi < curr) | |
50 | return curr; | |
51 | ||
52 | n = curr + AHASH_INIT_SIZE; | |
53 | /* Currently, at listing one hash bucket must fit into a message. | |
54 | * Therefore we have a hard limit here. | |
55 | */ | |
56 | return n > curr && n <= 64 ? n : curr; | |
57 | } | |
58 | #define TUNE_AHASH_MAX(h, multi) \ | |
59 | ((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi)) | |
60 | #else | |
61 | #define AHASH_MAX(h) AHASH_MAX_SIZE | |
62 | #define TUNE_AHASH_MAX(h, multi) | |
63 | #endif | |
64 | ||
65 | /* A hash bucket */ | |
66 | struct hbucket { | |
67 | void *value; /* the array of the values */ | |
68 | u8 size; /* size of the array */ | |
69 | u8 pos; /* position of the first free entry */ | |
70 | }; | |
71 | ||
72 | /* The hash table: the table size stored here in order to make resizing easy */ | |
73 | struct htable { | |
c4c99783 JK |
74 | atomic_t ref; /* References for resizing */ |
75 | atomic_t uref; /* References for dumping */ | |
1feab10d JK |
76 | u8 htable_bits; /* size of hash table == 2^htable_bits */ |
77 | struct hbucket bucket[0]; /* hashtable buckets */ | |
78 | }; | |
79 | ||
80 | #define hbucket(h, i) (&((h)->bucket[i])) | |
81 | ||
a04d8b6b JK |
82 | #ifndef IPSET_NET_COUNT |
83 | #define IPSET_NET_COUNT 1 | |
84 | #endif | |
85 | ||
1feab10d JK |
86 | /* Book-keeping of the prefixes added to the set */ |
87 | struct net_prefixes { | |
a04d8b6b JK |
88 | u32 nets[IPSET_NET_COUNT]; /* number of elements per cidr */ |
89 | u8 cidr[IPSET_NET_COUNT]; /* the different cidr values in the set */ | |
1feab10d JK |
90 | }; |
91 | ||
92 | /* Compute the hash table size */ | |
93 | static size_t | |
94 | htable_size(u8 hbits) | |
95 | { | |
96 | size_t hsize; | |
97 | ||
98 | /* We must fit both into u32 in jhash and size_t */ | |
99 | if (hbits > 31) | |
100 | return 0; | |
101 | hsize = jhash_size(hbits); | |
102 | if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket) | |
103 | < hsize) | |
104 | return 0; | |
105 | ||
106 | return hsize * sizeof(struct hbucket) + sizeof(struct htable); | |
107 | } | |
108 | ||
109 | /* Compute htable_bits from the user input parameter hashsize */ | |
110 | static u8 | |
111 | htable_bits(u32 hashsize) | |
112 | { | |
113 | /* Assume that hashsize == 2^htable_bits */ | |
114 | u8 bits = fls(hashsize - 1); | |
115 | if (jhash_size(bits) != hashsize) | |
116 | /* Round up to the first 2^n value */ | |
117 | bits = fls(hashsize); | |
118 | ||
119 | return bits; | |
120 | } | |
121 | ||
1feab10d JK |
122 | static int |
123 | hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) | |
124 | { | |
125 | if (n->pos >= n->size) { | |
126 | void *tmp; | |
127 | ||
128 | if (n->size >= ahash_max) | |
129 | /* Trigger rehashing */ | |
130 | return -EAGAIN; | |
131 | ||
132 | tmp = kzalloc((n->size + AHASH_INIT_SIZE) * dsize, | |
133 | GFP_ATOMIC); | |
134 | if (!tmp) | |
135 | return -ENOMEM; | |
136 | if (n->size) { | |
137 | memcpy(tmp, n->value, n->size * dsize); | |
138 | kfree(n->value); | |
139 | } | |
140 | n->value = tmp; | |
141 | n->size += AHASH_INIT_SIZE; | |
142 | } | |
143 | return 0; | |
144 | } | |
145 | ||
146 | #ifdef IP_SET_HASH_WITH_NETS | |
ea53ac5b OS |
147 | #if IPSET_NET_COUNT > 1 |
148 | #define __CIDR(cidr, i) (cidr[i]) | |
149 | #else | |
150 | #define __CIDR(cidr, i) (cidr) | |
151 | #endif | |
25a76f34 JK |
152 | |
153 | /* cidr + 1 is stored in net_prefixes to support /0 */ | |
f690cbae JK |
154 | #define NCIDR_PUT(cidr) ((cidr) + 1) |
155 | #define NCIDR_GET(cidr) ((cidr) - 1) | |
25a76f34 | 156 | |
1feab10d | 157 | #ifdef IP_SET_HASH_WITH_NETS_PACKED |
25a76f34 | 158 | /* When cidr is packed with nomatch, cidr - 1 is stored in the data entry */ |
f690cbae JK |
159 | #define DCIDR_PUT(cidr) ((cidr) - 1) |
160 | #define DCIDR_GET(cidr, i) (__CIDR(cidr, i) + 1) | |
1feab10d | 161 | #else |
f690cbae JK |
162 | #define DCIDR_PUT(cidr) (cidr) |
163 | #define DCIDR_GET(cidr, i) __CIDR(cidr, i) | |
1feab10d JK |
164 | #endif |
165 | ||
f690cbae JK |
166 | #define INIT_CIDR(cidr, host_mask) \ |
167 | DCIDR_PUT(((cidr) ? NCIDR_GET(cidr) : host_mask)) | |
168 | ||
1feab10d JK |
169 | #define SET_HOST_MASK(family) (family == AF_INET ? 32 : 128) |
170 | ||
59de79cf | 171 | #ifdef IP_SET_HASH_WITH_NET0 |
a04d8b6b | 172 | #define NLEN(family) (SET_HOST_MASK(family) + 1) |
1feab10d | 173 | #else |
a04d8b6b | 174 | #define NLEN(family) SET_HOST_MASK(family) |
1feab10d JK |
175 | #endif |
176 | ||
177 | #else | |
a04d8b6b | 178 | #define NLEN(family) 0 |
1feab10d JK |
179 | #endif /* IP_SET_HASH_WITH_NETS */ |
180 | ||
1feab10d JK |
181 | #endif /* _IP_SET_HASH_GEN_H */ |
182 | ||
183 | /* Family dependent templates */ | |
184 | ||
185 | #undef ahash_data | |
186 | #undef mtype_data_equal | |
187 | #undef mtype_do_data_match | |
188 | #undef mtype_data_set_flags | |
43ef29c9 | 189 | #undef mtype_data_reset_elem |
1feab10d JK |
190 | #undef mtype_data_reset_flags |
191 | #undef mtype_data_netmask | |
192 | #undef mtype_data_list | |
193 | #undef mtype_data_next | |
194 | #undef mtype_elem | |
195 | ||
40cd63bf JK |
196 | #undef mtype_ahash_destroy |
197 | #undef mtype_ext_cleanup | |
1feab10d JK |
198 | #undef mtype_add_cidr |
199 | #undef mtype_del_cidr | |
200 | #undef mtype_ahash_memsize | |
201 | #undef mtype_flush | |
202 | #undef mtype_destroy | |
1feab10d JK |
203 | #undef mtype_same_set |
204 | #undef mtype_kadt | |
205 | #undef mtype_uadt | |
206 | #undef mtype | |
207 | ||
208 | #undef mtype_add | |
209 | #undef mtype_del | |
210 | #undef mtype_test_cidrs | |
211 | #undef mtype_test | |
c4c99783 | 212 | #undef mtype_uref |
1feab10d JK |
213 | #undef mtype_expire |
214 | #undef mtype_resize | |
215 | #undef mtype_head | |
216 | #undef mtype_list | |
217 | #undef mtype_gc | |
218 | #undef mtype_gc_init | |
219 | #undef mtype_variant | |
220 | #undef mtype_data_match | |
221 | ||
222 | #undef HKEY | |
223 | ||
35b8dcf8 | 224 | #define mtype_data_equal IPSET_TOKEN(MTYPE, _data_equal) |
1feab10d | 225 | #ifdef IP_SET_HASH_WITH_NETS |
35b8dcf8 | 226 | #define mtype_do_data_match IPSET_TOKEN(MTYPE, _do_data_match) |
1feab10d JK |
227 | #else |
228 | #define mtype_do_data_match(d) 1 | |
229 | #endif | |
35b8dcf8 | 230 | #define mtype_data_set_flags IPSET_TOKEN(MTYPE, _data_set_flags) |
ea53ac5b | 231 | #define mtype_data_reset_elem IPSET_TOKEN(MTYPE, _data_reset_elem) |
35b8dcf8 JK |
232 | #define mtype_data_reset_flags IPSET_TOKEN(MTYPE, _data_reset_flags) |
233 | #define mtype_data_netmask IPSET_TOKEN(MTYPE, _data_netmask) | |
234 | #define mtype_data_list IPSET_TOKEN(MTYPE, _data_list) | |
235 | #define mtype_data_next IPSET_TOKEN(MTYPE, _data_next) | |
236 | #define mtype_elem IPSET_TOKEN(MTYPE, _elem) | |
43ef29c9 | 237 | |
40cd63bf JK |
238 | #define mtype_ahash_destroy IPSET_TOKEN(MTYPE, _ahash_destroy) |
239 | #define mtype_ext_cleanup IPSET_TOKEN(MTYPE, _ext_cleanup) | |
35b8dcf8 JK |
240 | #define mtype_add_cidr IPSET_TOKEN(MTYPE, _add_cidr) |
241 | #define mtype_del_cidr IPSET_TOKEN(MTYPE, _del_cidr) | |
242 | #define mtype_ahash_memsize IPSET_TOKEN(MTYPE, _ahash_memsize) | |
243 | #define mtype_flush IPSET_TOKEN(MTYPE, _flush) | |
244 | #define mtype_destroy IPSET_TOKEN(MTYPE, _destroy) | |
35b8dcf8 JK |
245 | #define mtype_same_set IPSET_TOKEN(MTYPE, _same_set) |
246 | #define mtype_kadt IPSET_TOKEN(MTYPE, _kadt) | |
247 | #define mtype_uadt IPSET_TOKEN(MTYPE, _uadt) | |
1feab10d JK |
248 | #define mtype MTYPE |
249 | ||
35b8dcf8 JK |
250 | #define mtype_add IPSET_TOKEN(MTYPE, _add) |
251 | #define mtype_del IPSET_TOKEN(MTYPE, _del) | |
252 | #define mtype_test_cidrs IPSET_TOKEN(MTYPE, _test_cidrs) | |
253 | #define mtype_test IPSET_TOKEN(MTYPE, _test) | |
c4c99783 | 254 | #define mtype_uref IPSET_TOKEN(MTYPE, _uref) |
35b8dcf8 JK |
255 | #define mtype_expire IPSET_TOKEN(MTYPE, _expire) |
256 | #define mtype_resize IPSET_TOKEN(MTYPE, _resize) | |
257 | #define mtype_head IPSET_TOKEN(MTYPE, _head) | |
258 | #define mtype_list IPSET_TOKEN(MTYPE, _list) | |
259 | #define mtype_gc IPSET_TOKEN(MTYPE, _gc) | |
43ef29c9 | 260 | #define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init) |
35b8dcf8 JK |
261 | #define mtype_variant IPSET_TOKEN(MTYPE, _variant) |
262 | #define mtype_data_match IPSET_TOKEN(MTYPE, _data_match) | |
1feab10d | 263 | |
1823fb79 SP |
264 | #ifndef MTYPE |
265 | #error "MTYPE is not defined!" | |
266 | #endif | |
267 | ||
268 | #ifndef HOST_MASK | |
269 | #error "HOST_MASK is not defined!" | |
270 | #endif | |
271 | ||
1feab10d JK |
272 | #ifndef HKEY_DATALEN |
273 | #define HKEY_DATALEN sizeof(struct mtype_elem) | |
274 | #endif | |
275 | ||
276 | #define HKEY(data, initval, htable_bits) \ | |
277 | (jhash2((u32 *)(data), HKEY_DATALEN/sizeof(u32), initval) \ | |
278 | & jhash_mask(htable_bits)) | |
279 | ||
280 | #ifndef htype | |
1823fb79 SP |
281 | #ifndef HTYPE |
282 | #error "HTYPE is not defined!" | |
283 | #endif /* HTYPE */ | |
1feab10d JK |
284 | #define htype HTYPE |
285 | ||
286 | /* The generic hash structure */ | |
287 | struct htype { | |
a0f28dc7 | 288 | struct htable __rcu *table; /* the hash table */ |
1feab10d JK |
289 | u32 maxelem; /* max elements in the hash */ |
290 | u32 elements; /* current element (vs timeout) */ | |
291 | u32 initval; /* random jhash init value */ | |
4d0e5c07 VD |
292 | #ifdef IP_SET_HASH_WITH_MARKMASK |
293 | u32 markmask; /* markmask value for mark mask to store */ | |
294 | #endif | |
1feab10d JK |
295 | struct timer_list gc; /* garbage collection when timeout enabled */ |
296 | struct mtype_elem next; /* temporary storage for uadd */ | |
297 | #ifdef IP_SET_HASH_WITH_MULTI | |
298 | u8 ahash_max; /* max elements in an array block */ | |
299 | #endif | |
300 | #ifdef IP_SET_HASH_WITH_NETMASK | |
301 | u8 netmask; /* netmask value for subnets to store */ | |
302 | #endif | |
303 | #ifdef IP_SET_HASH_WITH_RBTREE | |
304 | struct rb_root rbtree; | |
305 | #endif | |
306 | #ifdef IP_SET_HASH_WITH_NETS | |
307 | struct net_prefixes nets[0]; /* book-keeping of prefixes */ | |
308 | #endif | |
309 | }; | |
1823fb79 | 310 | #endif /* htype */ |
1feab10d JK |
311 | |
312 | #ifdef IP_SET_HASH_WITH_NETS | |
313 | /* Network cidr size book keeping when the hash stores different | |
f690cbae JK |
314 | * sized networks. cidr == real cidr + 1 to support /0. |
315 | */ | |
1feab10d | 316 | static void |
a04d8b6b | 317 | mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n) |
1feab10d JK |
318 | { |
319 | int i, j; | |
320 | ||
321 | /* Add in increasing prefix order, so larger cidr first */ | |
25a76f34 | 322 | for (i = 0, j = -1; i < nets_length && h->nets[i].cidr[n]; i++) { |
1feab10d JK |
323 | if (j != -1) |
324 | continue; | |
a04d8b6b | 325 | else if (h->nets[i].cidr[n] < cidr) |
1feab10d | 326 | j = i; |
a04d8b6b | 327 | else if (h->nets[i].cidr[n] == cidr) { |
25a76f34 | 328 | h->nets[cidr - 1].nets[n]++; |
1feab10d JK |
329 | return; |
330 | } | |
331 | } | |
332 | if (j != -1) { | |
25a76f34 | 333 | for (; i > j; i--) |
a04d8b6b | 334 | h->nets[i].cidr[n] = h->nets[i - 1].cidr[n]; |
1feab10d | 335 | } |
a04d8b6b | 336 | h->nets[i].cidr[n] = cidr; |
25a76f34 | 337 | h->nets[cidr - 1].nets[n] = 1; |
1feab10d JK |
338 | } |
339 | ||
340 | static void | |
a04d8b6b | 341 | mtype_del_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n) |
1feab10d | 342 | { |
2cf55125 OS |
343 | u8 i, j, net_end = nets_length - 1; |
344 | ||
345 | for (i = 0; i < nets_length; i++) { | |
a04d8b6b | 346 | if (h->nets[i].cidr[n] != cidr) |
2cf55125 | 347 | continue; |
25a76f34 JK |
348 | h->nets[cidr -1].nets[n]--; |
349 | if (h->nets[cidr -1].nets[n] > 0) | |
2cf55125 | 350 | return; |
25a76f34 | 351 | for (j = i; j < net_end && h->nets[j].cidr[n]; j++) |
a04d8b6b | 352 | h->nets[j].cidr[n] = h->nets[j + 1].cidr[n]; |
25a76f34 | 353 | h->nets[j].cidr[n] = 0; |
2cf55125 | 354 | return; |
1feab10d JK |
355 | } |
356 | } | |
357 | #endif | |
358 | ||
359 | /* Calculate the actual memory size of the set data */ | |
360 | static size_t | |
a0f28dc7 | 361 | mtype_ahash_memsize(const struct htype *h, const struct htable *t, |
ca134ce8 | 362 | u8 nets_length, size_t dsize) |
1feab10d JK |
363 | { |
364 | u32 i; | |
1feab10d JK |
365 | size_t memsize = sizeof(*h) |
366 | + sizeof(*t) | |
367 | #ifdef IP_SET_HASH_WITH_NETS | |
368 | + sizeof(struct net_prefixes) * nets_length | |
369 | #endif | |
370 | + jhash_size(t->htable_bits) * sizeof(struct hbucket); | |
371 | ||
372 | for (i = 0; i < jhash_size(t->htable_bits); i++) | |
ca134ce8 | 373 | memsize += t->bucket[i].size * dsize; |
1feab10d JK |
374 | |
375 | return memsize; | |
376 | } | |
377 | ||
40cd63bf JK |
378 | /* Get the ith element from the array block n */ |
379 | #define ahash_data(n, i, dsize) \ | |
380 | ((struct mtype_elem *)((n)->value + ((i) * (dsize)))) | |
381 | ||
382 | static void | |
383 | mtype_ext_cleanup(struct ip_set *set, struct hbucket *n) | |
384 | { | |
385 | int i; | |
386 | ||
387 | for (i = 0; i < n->pos; i++) | |
388 | ip_set_ext_destroy(set, ahash_data(n, i, set->dsize)); | |
389 | } | |
390 | ||
1feab10d JK |
391 | /* Flush a hash type of set: destroy all elements */ |
392 | static void | |
393 | mtype_flush(struct ip_set *set) | |
394 | { | |
395 | struct htype *h = set->data; | |
a0f28dc7 | 396 | struct htable *t; |
1feab10d JK |
397 | struct hbucket *n; |
398 | u32 i; | |
399 | ||
a0f28dc7 | 400 | t = rcu_dereference_bh_nfnl(h->table); |
1feab10d JK |
401 | for (i = 0; i < jhash_size(t->htable_bits); i++) { |
402 | n = hbucket(t, i); | |
403 | if (n->size) { | |
40cd63bf JK |
404 | if (set->extensions & IPSET_EXT_DESTROY) |
405 | mtype_ext_cleanup(set, n); | |
1feab10d JK |
406 | n->size = n->pos = 0; |
407 | /* FIXME: use slab cache */ | |
408 | kfree(n->value); | |
409 | } | |
410 | } | |
411 | #ifdef IP_SET_HASH_WITH_NETS | |
a04d8b6b | 412 | memset(h->nets, 0, sizeof(struct net_prefixes) * NLEN(set->family)); |
1feab10d JK |
413 | #endif |
414 | h->elements = 0; | |
415 | } | |
416 | ||
40cd63bf JK |
417 | /* Destroy the hashtable part of the set */ |
418 | static void | |
80571a9e | 419 | mtype_ahash_destroy(struct ip_set *set, struct htable *t, bool ext_destroy) |
40cd63bf JK |
420 | { |
421 | struct hbucket *n; | |
422 | u32 i; | |
423 | ||
424 | for (i = 0; i < jhash_size(t->htable_bits); i++) { | |
425 | n = hbucket(t, i); | |
426 | if (n->size) { | |
80571a9e | 427 | if (set->extensions & IPSET_EXT_DESTROY && ext_destroy) |
40cd63bf JK |
428 | mtype_ext_cleanup(set, n); |
429 | /* FIXME: use slab cache */ | |
430 | kfree(n->value); | |
431 | } | |
432 | } | |
433 | ||
434 | ip_set_free(t); | |
435 | } | |
436 | ||
1feab10d JK |
437 | /* Destroy a hash type of set */ |
438 | static void | |
439 | mtype_destroy(struct ip_set *set) | |
440 | { | |
441 | struct htype *h = set->data; | |
442 | ||
edda0791 | 443 | if (SET_WITH_TIMEOUT(set)) |
1feab10d JK |
444 | del_timer_sync(&h->gc); |
445 | ||
80571a9e | 446 | mtype_ahash_destroy(set, rcu_dereference_bh_nfnl(h->table), true); |
1feab10d JK |
447 | #ifdef IP_SET_HASH_WITH_RBTREE |
448 | rbtree_destroy(&h->rbtree); | |
449 | #endif | |
450 | kfree(h); | |
451 | ||
452 | set->data = NULL; | |
453 | } | |
454 | ||
455 | static void | |
456 | mtype_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set)) | |
457 | { | |
458 | struct htype *h = set->data; | |
459 | ||
460 | init_timer(&h->gc); | |
461 | h->gc.data = (unsigned long) set; | |
462 | h->gc.function = gc; | |
ca134ce8 | 463 | h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ; |
1feab10d JK |
464 | add_timer(&h->gc); |
465 | pr_debug("gc initialized, run in every %u\n", | |
ca134ce8 | 466 | IPSET_GC_PERIOD(set->timeout)); |
1feab10d JK |
467 | } |
468 | ||
469 | static bool | |
470 | mtype_same_set(const struct ip_set *a, const struct ip_set *b) | |
471 | { | |
472 | const struct htype *x = a->data; | |
473 | const struct htype *y = b->data; | |
474 | ||
475 | /* Resizing changes htable_bits, so we ignore it */ | |
476 | return x->maxelem == y->maxelem && | |
ca134ce8 | 477 | a->timeout == b->timeout && |
1feab10d JK |
478 | #ifdef IP_SET_HASH_WITH_NETMASK |
479 | x->netmask == y->netmask && | |
4d0e5c07 VD |
480 | #endif |
481 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
482 | x->markmask == y->markmask && | |
1feab10d JK |
483 | #endif |
484 | a->extensions == b->extensions; | |
485 | } | |
486 | ||
1feab10d JK |
487 | /* Delete expired elements from the hashtable */ |
488 | static void | |
ca134ce8 | 489 | mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize) |
1feab10d | 490 | { |
a0f28dc7 | 491 | struct htable *t; |
1feab10d JK |
492 | struct hbucket *n; |
493 | struct mtype_elem *data; | |
494 | u32 i; | |
495 | int j; | |
ea53ac5b OS |
496 | #ifdef IP_SET_HASH_WITH_NETS |
497 | u8 k; | |
498 | #endif | |
1feab10d | 499 | |
a0f28dc7 JK |
500 | rcu_read_lock_bh(); |
501 | t = rcu_dereference_bh(h->table); | |
1feab10d JK |
502 | for (i = 0; i < jhash_size(t->htable_bits); i++) { |
503 | n = hbucket(t, i); | |
504 | for (j = 0; j < n->pos; j++) { | |
505 | data = ahash_data(n, j, dsize); | |
ca134ce8 | 506 | if (ip_set_timeout_expired(ext_timeout(data, set))) { |
1feab10d JK |
507 | pr_debug("expired %u/%u\n", i, j); |
508 | #ifdef IP_SET_HASH_WITH_NETS | |
ea53ac5b | 509 | for (k = 0; k < IPSET_NET_COUNT; k++) |
f690cbae JK |
510 | mtype_del_cidr(h, |
511 | NCIDR_PUT(DCIDR_GET(data->cidr, | |
512 | k)), | |
513 | nets_length, k); | |
1feab10d | 514 | #endif |
40cd63bf | 515 | ip_set_ext_destroy(set, data); |
1feab10d JK |
516 | if (j != n->pos - 1) |
517 | /* Not last one */ | |
518 | memcpy(data, | |
519 | ahash_data(n, n->pos - 1, dsize), | |
520 | dsize); | |
521 | n->pos--; | |
522 | h->elements--; | |
523 | } | |
524 | } | |
525 | if (n->pos + AHASH_INIT_SIZE < n->size) { | |
526 | void *tmp = kzalloc((n->size - AHASH_INIT_SIZE) | |
527 | * dsize, | |
528 | GFP_ATOMIC); | |
529 | if (!tmp) | |
530 | /* Still try to delete expired elements */ | |
531 | continue; | |
532 | n->size -= AHASH_INIT_SIZE; | |
533 | memcpy(tmp, n->value, n->size * dsize); | |
534 | kfree(n->value); | |
535 | n->value = tmp; | |
536 | } | |
537 | } | |
a0f28dc7 | 538 | rcu_read_unlock_bh(); |
1feab10d JK |
539 | } |
540 | ||
541 | static void | |
542 | mtype_gc(unsigned long ul_set) | |
543 | { | |
544 | struct ip_set *set = (struct ip_set *) ul_set; | |
545 | struct htype *h = set->data; | |
546 | ||
547 | pr_debug("called\n"); | |
548 | write_lock_bh(&set->lock); | |
ca134ce8 | 549 | mtype_expire(set, h, NLEN(set->family), set->dsize); |
1feab10d JK |
550 | write_unlock_bh(&set->lock); |
551 | ||
ca134ce8 | 552 | h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ; |
1feab10d JK |
553 | add_timer(&h->gc); |
554 | } | |
555 | ||
556 | /* Resize a hash: create a new hash table with doubling the hashsize | |
557 | * and inserting the elements to it. Repeat until we succeed or | |
558 | * fail due to memory pressures. */ | |
559 | static int | |
560 | mtype_resize(struct ip_set *set, bool retried) | |
561 | { | |
562 | struct htype *h = set->data; | |
a0f28dc7 | 563 | struct htable *t, *orig = rcu_dereference_bh_nfnl(h->table); |
1feab10d JK |
564 | u8 htable_bits = orig->htable_bits; |
565 | #ifdef IP_SET_HASH_WITH_NETS | |
566 | u8 flags; | |
567 | #endif | |
568 | struct mtype_elem *data; | |
569 | struct mtype_elem *d; | |
570 | struct hbucket *n, *m; | |
571 | u32 i, j; | |
572 | int ret; | |
573 | ||
574 | /* Try to cleanup once */ | |
575 | if (SET_WITH_TIMEOUT(set) && !retried) { | |
576 | i = h->elements; | |
577 | write_lock_bh(&set->lock); | |
ca134ce8 | 578 | mtype_expire(set, set->data, NLEN(set->family), set->dsize); |
1feab10d JK |
579 | write_unlock_bh(&set->lock); |
580 | if (h->elements < i) | |
581 | return 0; | |
582 | } | |
583 | ||
584 | retry: | |
585 | ret = 0; | |
586 | htable_bits++; | |
587 | pr_debug("attempt to resize set %s from %u to %u, t %p\n", | |
588 | set->name, orig->htable_bits, htable_bits, orig); | |
589 | if (!htable_bits) { | |
590 | /* In case we have plenty of memory :-) */ | |
b167a37c JP |
591 | pr_warn("Cannot increase the hashsize of set %s further\n", |
592 | set->name); | |
1feab10d JK |
593 | return -IPSET_ERR_HASH_FULL; |
594 | } | |
595 | t = ip_set_alloc(sizeof(*t) | |
596 | + jhash_size(htable_bits) * sizeof(struct hbucket)); | |
597 | if (!t) | |
598 | return -ENOMEM; | |
599 | t->htable_bits = htable_bits; | |
600 | ||
601 | read_lock_bh(&set->lock); | |
c4c99783 JK |
602 | /* There can't be another parallel resizing, but dumping is possible */ |
603 | atomic_set(&orig->ref, 1); | |
604 | atomic_inc(&orig->uref); | |
1feab10d JK |
605 | for (i = 0; i < jhash_size(orig->htable_bits); i++) { |
606 | n = hbucket(orig, i); | |
607 | for (j = 0; j < n->pos; j++) { | |
ca134ce8 | 608 | data = ahash_data(n, j, set->dsize); |
1feab10d JK |
609 | #ifdef IP_SET_HASH_WITH_NETS |
610 | flags = 0; | |
611 | mtype_data_reset_flags(data, &flags); | |
612 | #endif | |
613 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); | |
ca134ce8 | 614 | ret = hbucket_elem_add(m, AHASH_MAX(h), set->dsize); |
1feab10d JK |
615 | if (ret < 0) { |
616 | #ifdef IP_SET_HASH_WITH_NETS | |
617 | mtype_data_reset_flags(data, &flags); | |
618 | #endif | |
c4c99783 JK |
619 | atomic_set(&orig->ref, 0); |
620 | atomic_dec(&orig->uref); | |
1feab10d | 621 | read_unlock_bh(&set->lock); |
80571a9e | 622 | mtype_ahash_destroy(set, t, false); |
1feab10d JK |
623 | if (ret == -EAGAIN) |
624 | goto retry; | |
625 | return ret; | |
626 | } | |
ca134ce8 JK |
627 | d = ahash_data(m, m->pos++, set->dsize); |
628 | memcpy(d, data, set->dsize); | |
1feab10d JK |
629 | #ifdef IP_SET_HASH_WITH_NETS |
630 | mtype_data_reset_flags(d, &flags); | |
631 | #endif | |
632 | } | |
633 | } | |
634 | ||
635 | rcu_assign_pointer(h->table, t); | |
636 | read_unlock_bh(&set->lock); | |
637 | ||
638 | /* Give time to other readers of the set */ | |
639 | synchronize_rcu_bh(); | |
640 | ||
641 | pr_debug("set %s resized from %u (%p) to %u (%p)\n", set->name, | |
642 | orig->htable_bits, orig, t->htable_bits, t); | |
c4c99783 JK |
643 | /* If there's nobody else dumping the table, destroy it */ |
644 | if (atomic_dec_and_test(&orig->uref)) { | |
645 | pr_debug("Table destroy by resize %p\n", orig); | |
646 | mtype_ahash_destroy(set, orig, false); | |
647 | } | |
1feab10d JK |
648 | |
649 | return 0; | |
650 | } | |
651 | ||
652 | /* Add an element to a hash and update the internal counters when succeeded, | |
653 | * otherwise report the proper error code. */ | |
654 | static int | |
655 | mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
656 | struct ip_set_ext *mext, u32 flags) | |
657 | { | |
658 | struct htype *h = set->data; | |
659 | struct htable *t; | |
660 | const struct mtype_elem *d = value; | |
661 | struct mtype_elem *data; | |
662 | struct hbucket *n; | |
663 | int i, ret = 0; | |
664 | int j = AHASH_MAX(h) + 1; | |
665 | bool flag_exist = flags & IPSET_FLAG_EXIST; | |
666 | u32 key, multi = 0; | |
667 | ||
1feab10d JK |
668 | rcu_read_lock_bh(); |
669 | t = rcu_dereference_bh(h->table); | |
670 | key = HKEY(value, h->initval, t->htable_bits); | |
671 | n = hbucket(t, key); | |
672 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 673 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
674 | if (mtype_data_equal(data, d, &multi)) { |
675 | if (flag_exist || | |
676 | (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 677 | ip_set_timeout_expired(ext_timeout(data, set)))) { |
1feab10d JK |
678 | /* Just the extensions could be overwritten */ |
679 | j = i; | |
680 | goto reuse_slot; | |
681 | } else { | |
682 | ret = -IPSET_ERR_EXIST; | |
683 | goto out; | |
684 | } | |
685 | } | |
686 | /* Reuse first timed out entry */ | |
687 | if (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 688 | ip_set_timeout_expired(ext_timeout(data, set)) && |
1feab10d JK |
689 | j != AHASH_MAX(h) + 1) |
690 | j = i; | |
691 | } | |
86ac79c7 JK |
692 | if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set) && n->pos) { |
693 | /* Choosing the first entry in the array to replace */ | |
694 | j = 0; | |
695 | goto reuse_slot; | |
696 | } | |
697 | if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem) | |
698 | /* FIXME: when set is full, we slow down here */ | |
699 | mtype_expire(set, h, NLEN(set->family), set->dsize); | |
700 | ||
701 | if (h->elements >= h->maxelem) { | |
702 | if (net_ratelimit()) | |
703 | pr_warn("Set %s is full, maxelem %u reached\n", | |
704 | set->name, h->maxelem); | |
705 | ret = -IPSET_ERR_HASH_FULL; | |
706 | goto out; | |
707 | } | |
708 | ||
1feab10d JK |
709 | reuse_slot: |
710 | if (j != AHASH_MAX(h) + 1) { | |
711 | /* Fill out reused slot */ | |
ca134ce8 | 712 | data = ahash_data(n, j, set->dsize); |
1feab10d | 713 | #ifdef IP_SET_HASH_WITH_NETS |
ea53ac5b | 714 | for (i = 0; i < IPSET_NET_COUNT; i++) { |
f690cbae | 715 | mtype_del_cidr(h, NCIDR_PUT(DCIDR_GET(data->cidr, i)), |
ea53ac5b | 716 | NLEN(set->family), i); |
f690cbae | 717 | mtype_add_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, i)), |
ea53ac5b OS |
718 | NLEN(set->family), i); |
719 | } | |
1feab10d | 720 | #endif |
40cd63bf | 721 | ip_set_ext_destroy(set, data); |
1feab10d JK |
722 | } else { |
723 | /* Use/create a new slot */ | |
724 | TUNE_AHASH_MAX(h, multi); | |
ca134ce8 | 725 | ret = hbucket_elem_add(n, AHASH_MAX(h), set->dsize); |
1feab10d JK |
726 | if (ret != 0) { |
727 | if (ret == -EAGAIN) | |
728 | mtype_data_next(&h->next, d); | |
729 | goto out; | |
730 | } | |
ca134ce8 | 731 | data = ahash_data(n, n->pos++, set->dsize); |
1feab10d | 732 | #ifdef IP_SET_HASH_WITH_NETS |
ea53ac5b | 733 | for (i = 0; i < IPSET_NET_COUNT; i++) |
f690cbae JK |
734 | mtype_add_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, i)), |
735 | NLEN(set->family), i); | |
1feab10d JK |
736 | #endif |
737 | h->elements++; | |
738 | } | |
739 | memcpy(data, d, sizeof(struct mtype_elem)); | |
740 | #ifdef IP_SET_HASH_WITH_NETS | |
741 | mtype_data_set_flags(data, flags); | |
742 | #endif | |
743 | if (SET_WITH_TIMEOUT(set)) | |
ca134ce8 | 744 | ip_set_timeout_set(ext_timeout(data, set), ext->timeout); |
00d71b27 | 745 | if (SET_WITH_COUNTER(set)) |
ca134ce8 | 746 | ip_set_init_counter(ext_counter(data, set), ext); |
fda75c6d OS |
747 | if (SET_WITH_COMMENT(set)) |
748 | ip_set_init_comment(ext_comment(data, set), ext); | |
af331419 AD |
749 | if (SET_WITH_SKBINFO(set)) |
750 | ip_set_init_skbinfo(ext_skbinfo(data, set), ext); | |
1feab10d JK |
751 | |
752 | out: | |
753 | rcu_read_unlock_bh(); | |
754 | return ret; | |
755 | } | |
756 | ||
757 | /* Delete an element from the hash: swap it with the last element | |
758 | * and free up space if possible. | |
759 | */ | |
760 | static int | |
761 | mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
762 | struct ip_set_ext *mext, u32 flags) | |
763 | { | |
764 | struct htype *h = set->data; | |
a0f28dc7 | 765 | struct htable *t; |
1feab10d JK |
766 | const struct mtype_elem *d = value; |
767 | struct mtype_elem *data; | |
768 | struct hbucket *n; | |
a0f28dc7 | 769 | int i, ret = -IPSET_ERR_EXIST; |
ea53ac5b OS |
770 | #ifdef IP_SET_HASH_WITH_NETS |
771 | u8 j; | |
772 | #endif | |
1feab10d JK |
773 | u32 key, multi = 0; |
774 | ||
a0f28dc7 JK |
775 | rcu_read_lock_bh(); |
776 | t = rcu_dereference_bh(h->table); | |
1feab10d JK |
777 | key = HKEY(value, h->initval, t->htable_bits); |
778 | n = hbucket(t, key); | |
779 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 780 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
781 | if (!mtype_data_equal(data, d, &multi)) |
782 | continue; | |
783 | if (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 784 | ip_set_timeout_expired(ext_timeout(data, set))) |
a0f28dc7 | 785 | goto out; |
1feab10d JK |
786 | if (i != n->pos - 1) |
787 | /* Not last one */ | |
ca134ce8 JK |
788 | memcpy(data, ahash_data(n, n->pos - 1, set->dsize), |
789 | set->dsize); | |
1feab10d JK |
790 | |
791 | n->pos--; | |
792 | h->elements--; | |
793 | #ifdef IP_SET_HASH_WITH_NETS | |
ea53ac5b | 794 | for (j = 0; j < IPSET_NET_COUNT; j++) |
f690cbae JK |
795 | mtype_del_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, j)), |
796 | NLEN(set->family), j); | |
1feab10d | 797 | #endif |
40cd63bf | 798 | ip_set_ext_destroy(set, data); |
1feab10d JK |
799 | if (n->pos + AHASH_INIT_SIZE < n->size) { |
800 | void *tmp = kzalloc((n->size - AHASH_INIT_SIZE) | |
ca134ce8 | 801 | * set->dsize, |
1feab10d | 802 | GFP_ATOMIC); |
a0f28dc7 JK |
803 | if (!tmp) { |
804 | ret = 0; | |
805 | goto out; | |
806 | } | |
1feab10d | 807 | n->size -= AHASH_INIT_SIZE; |
ca134ce8 | 808 | memcpy(tmp, n->value, n->size * set->dsize); |
1feab10d JK |
809 | kfree(n->value); |
810 | n->value = tmp; | |
811 | } | |
a0f28dc7 JK |
812 | ret = 0; |
813 | goto out; | |
1feab10d JK |
814 | } |
815 | ||
a0f28dc7 JK |
816 | out: |
817 | rcu_read_unlock_bh(); | |
818 | return ret; | |
1feab10d JK |
819 | } |
820 | ||
821 | static inline int | |
822 | mtype_data_match(struct mtype_elem *data, const struct ip_set_ext *ext, | |
823 | struct ip_set_ext *mext, struct ip_set *set, u32 flags) | |
824 | { | |
00d71b27 | 825 | if (SET_WITH_COUNTER(set)) |
ca134ce8 | 826 | ip_set_update_counter(ext_counter(data, set), |
00d71b27 | 827 | ext, mext, flags); |
af331419 AD |
828 | if (SET_WITH_SKBINFO(set)) |
829 | ip_set_get_skbinfo(ext_skbinfo(data, set), | |
830 | ext, mext, flags); | |
1feab10d JK |
831 | return mtype_do_data_match(data); |
832 | } | |
833 | ||
834 | #ifdef IP_SET_HASH_WITH_NETS | |
835 | /* Special test function which takes into account the different network | |
836 | * sizes added to the set */ | |
837 | static int | |
838 | mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d, | |
839 | const struct ip_set_ext *ext, | |
840 | struct ip_set_ext *mext, u32 flags) | |
841 | { | |
842 | struct htype *h = set->data; | |
a0f28dc7 | 843 | struct htable *t = rcu_dereference_bh(h->table); |
1feab10d JK |
844 | struct hbucket *n; |
845 | struct mtype_elem *data; | |
ea53ac5b OS |
846 | #if IPSET_NET_COUNT == 2 |
847 | struct mtype_elem orig = *d; | |
848 | int i, j = 0, k; | |
849 | #else | |
1feab10d | 850 | int i, j = 0; |
ea53ac5b | 851 | #endif |
1feab10d | 852 | u32 key, multi = 0; |
a04d8b6b | 853 | u8 nets_length = NLEN(set->family); |
1feab10d JK |
854 | |
855 | pr_debug("test by nets\n"); | |
25a76f34 | 856 | for (; j < nets_length && h->nets[j].cidr[0] && !multi; j++) { |
ea53ac5b OS |
857 | #if IPSET_NET_COUNT == 2 |
858 | mtype_data_reset_elem(d, &orig); | |
f690cbae | 859 | mtype_data_netmask(d, NCIDR_GET(h->nets[j].cidr[0]), false); |
25a76f34 | 860 | for (k = 0; k < nets_length && h->nets[k].cidr[1] && !multi; |
ea53ac5b | 861 | k++) { |
f690cbae JK |
862 | mtype_data_netmask(d, NCIDR_GET(h->nets[k].cidr[1]), |
863 | true); | |
ea53ac5b | 864 | #else |
f690cbae | 865 | mtype_data_netmask(d, NCIDR_GET(h->nets[j].cidr[0])); |
ea53ac5b | 866 | #endif |
1feab10d JK |
867 | key = HKEY(d, h->initval, t->htable_bits); |
868 | n = hbucket(t, key); | |
869 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 870 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
871 | if (!mtype_data_equal(data, d, &multi)) |
872 | continue; | |
873 | if (SET_WITH_TIMEOUT(set)) { | |
874 | if (!ip_set_timeout_expired( | |
ca134ce8 | 875 | ext_timeout(data, set))) |
1feab10d JK |
876 | return mtype_data_match(data, ext, |
877 | mext, set, | |
878 | flags); | |
879 | #ifdef IP_SET_HASH_WITH_MULTI | |
880 | multi = 0; | |
881 | #endif | |
882 | } else | |
883 | return mtype_data_match(data, ext, | |
884 | mext, set, flags); | |
885 | } | |
ea53ac5b OS |
886 | #if IPSET_NET_COUNT == 2 |
887 | } | |
888 | #endif | |
1feab10d JK |
889 | } |
890 | return 0; | |
891 | } | |
892 | #endif | |
893 | ||
894 | /* Test whether the element is added to the set */ | |
895 | static int | |
896 | mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
897 | struct ip_set_ext *mext, u32 flags) | |
898 | { | |
899 | struct htype *h = set->data; | |
a0f28dc7 | 900 | struct htable *t; |
1feab10d JK |
901 | struct mtype_elem *d = value; |
902 | struct hbucket *n; | |
903 | struct mtype_elem *data; | |
a0f28dc7 | 904 | int i, ret = 0; |
1feab10d JK |
905 | u32 key, multi = 0; |
906 | ||
a0f28dc7 JK |
907 | rcu_read_lock_bh(); |
908 | t = rcu_dereference_bh(h->table); | |
1feab10d JK |
909 | #ifdef IP_SET_HASH_WITH_NETS |
910 | /* If we test an IP address and not a network address, | |
911 | * try all possible network sizes */ | |
ea53ac5b | 912 | for (i = 0; i < IPSET_NET_COUNT; i++) |
f690cbae | 913 | if (DCIDR_GET(d->cidr, i) != SET_HOST_MASK(set->family)) |
ea53ac5b OS |
914 | break; |
915 | if (i == IPSET_NET_COUNT) { | |
a0f28dc7 JK |
916 | ret = mtype_test_cidrs(set, d, ext, mext, flags); |
917 | goto out; | |
918 | } | |
1feab10d JK |
919 | #endif |
920 | ||
921 | key = HKEY(d, h->initval, t->htable_bits); | |
922 | n = hbucket(t, key); | |
923 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 924 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
925 | if (mtype_data_equal(data, d, &multi) && |
926 | !(SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 927 | ip_set_timeout_expired(ext_timeout(data, set)))) { |
a0f28dc7 JK |
928 | ret = mtype_data_match(data, ext, mext, set, flags); |
929 | goto out; | |
930 | } | |
1feab10d | 931 | } |
a0f28dc7 JK |
932 | out: |
933 | rcu_read_unlock_bh(); | |
934 | return ret; | |
1feab10d JK |
935 | } |
936 | ||
937 | /* Reply a HEADER request: fill out the header part of the set */ | |
938 | static int | |
939 | mtype_head(struct ip_set *set, struct sk_buff *skb) | |
940 | { | |
941 | const struct htype *h = set->data; | |
a0f28dc7 | 942 | const struct htable *t; |
1feab10d JK |
943 | struct nlattr *nested; |
944 | size_t memsize; | |
945 | ||
a0f28dc7 | 946 | t = rcu_dereference_bh_nfnl(h->table); |
ca134ce8 | 947 | memsize = mtype_ahash_memsize(h, t, NLEN(set->family), set->dsize); |
1feab10d JK |
948 | |
949 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); | |
950 | if (!nested) | |
951 | goto nla_put_failure; | |
952 | if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE, | |
a0f28dc7 | 953 | htonl(jhash_size(t->htable_bits))) || |
1feab10d JK |
954 | nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem))) |
955 | goto nla_put_failure; | |
956 | #ifdef IP_SET_HASH_WITH_NETMASK | |
957 | if (h->netmask != HOST_MASK && | |
958 | nla_put_u8(skb, IPSET_ATTR_NETMASK, h->netmask)) | |
959 | goto nla_put_failure; | |
4d0e5c07 VD |
960 | #endif |
961 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
962 | if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask)) | |
963 | goto nla_put_failure; | |
1feab10d JK |
964 | #endif |
965 | if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
fda75c6d OS |
966 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize))) |
967 | goto nla_put_failure; | |
968 | if (unlikely(ip_set_put_flags(skb, set))) | |
1feab10d JK |
969 | goto nla_put_failure; |
970 | ipset_nest_end(skb, nested); | |
971 | ||
972 | return 0; | |
973 | nla_put_failure: | |
974 | return -EMSGSIZE; | |
975 | } | |
976 | ||
c4c99783 JK |
977 | /* Make possible to run dumping parallel with resizing */ |
978 | static void | |
979 | mtype_uref(struct ip_set *set, struct netlink_callback *cb, bool start) | |
980 | { | |
981 | struct htype *h = set->data; | |
982 | struct htable *t; | |
983 | ||
984 | if (start) { | |
985 | rcu_read_lock_bh(); | |
986 | t = rcu_dereference_bh_nfnl(h->table); | |
987 | atomic_inc(&t->uref); | |
988 | cb->args[IPSET_CB_PRIVATE] = (unsigned long)t; | |
989 | rcu_read_unlock_bh(); | |
990 | } else if (cb->args[IPSET_CB_PRIVATE]) { | |
991 | t = (struct htable *)cb->args[IPSET_CB_PRIVATE]; | |
992 | if (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) { | |
993 | /* Resizing didn't destroy the hash table */ | |
994 | pr_debug("Table destroy by dump: %p\n", t); | |
995 | mtype_ahash_destroy(set, t, false); | |
996 | } | |
997 | cb->args[IPSET_CB_PRIVATE] = 0; | |
998 | } | |
999 | } | |
1000 | ||
1feab10d JK |
1001 | /* Reply a LIST/SAVE request: dump the elements of the specified set */ |
1002 | static int | |
1003 | mtype_list(const struct ip_set *set, | |
1004 | struct sk_buff *skb, struct netlink_callback *cb) | |
1005 | { | |
c4c99783 | 1006 | const struct htable *t; |
1feab10d JK |
1007 | struct nlattr *atd, *nested; |
1008 | const struct hbucket *n; | |
1009 | const struct mtype_elem *e; | |
93302880 | 1010 | u32 first = cb->args[IPSET_CB_ARG0]; |
1feab10d JK |
1011 | /* We assume that one hash bucket fills into one page */ |
1012 | void *incomplete; | |
1013 | int i; | |
1014 | ||
1015 | atd = ipset_nest_start(skb, IPSET_ATTR_ADT); | |
1016 | if (!atd) | |
1017 | return -EMSGSIZE; | |
1018 | pr_debug("list hash set %s\n", set->name); | |
c4c99783 | 1019 | t = (const struct htable *)cb->args[IPSET_CB_PRIVATE]; |
93302880 JK |
1020 | for (; cb->args[IPSET_CB_ARG0] < jhash_size(t->htable_bits); |
1021 | cb->args[IPSET_CB_ARG0]++) { | |
1feab10d | 1022 | incomplete = skb_tail_pointer(skb); |
93302880 JK |
1023 | n = hbucket(t, cb->args[IPSET_CB_ARG0]); |
1024 | pr_debug("cb->arg bucket: %lu, t %p n %p\n", | |
1025 | cb->args[IPSET_CB_ARG0], t, n); | |
1feab10d | 1026 | for (i = 0; i < n->pos; i++) { |
ca134ce8 | 1027 | e = ahash_data(n, i, set->dsize); |
1feab10d | 1028 | if (SET_WITH_TIMEOUT(set) && |
ca134ce8 | 1029 | ip_set_timeout_expired(ext_timeout(e, set))) |
1feab10d JK |
1030 | continue; |
1031 | pr_debug("list hash %lu hbucket %p i %u, data %p\n", | |
93302880 | 1032 | cb->args[IPSET_CB_ARG0], n, i, e); |
1feab10d JK |
1033 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
1034 | if (!nested) { | |
93302880 | 1035 | if (cb->args[IPSET_CB_ARG0] == first) { |
1feab10d JK |
1036 | nla_nest_cancel(skb, atd); |
1037 | return -EMSGSIZE; | |
1038 | } else | |
1039 | goto nla_put_failure; | |
1040 | } | |
1041 | if (mtype_data_list(skb, e)) | |
1042 | goto nla_put_failure; | |
3fd986b3 | 1043 | if (ip_set_put_extensions(skb, set, e, true)) |
fda75c6d | 1044 | goto nla_put_failure; |
1feab10d JK |
1045 | ipset_nest_end(skb, nested); |
1046 | } | |
1047 | } | |
1048 | ipset_nest_end(skb, atd); | |
1049 | /* Set listing finished */ | |
93302880 | 1050 | cb->args[IPSET_CB_ARG0] = 0; |
1feab10d JK |
1051 | |
1052 | return 0; | |
1053 | ||
1054 | nla_put_failure: | |
1055 | nlmsg_trim(skb, incomplete); | |
93302880 | 1056 | if (unlikely(first == cb->args[IPSET_CB_ARG0])) { |
b167a37c JP |
1057 | pr_warn("Can't list set %s: one bucket does not fit into a message. Please report it!\n", |
1058 | set->name); | |
93302880 | 1059 | cb->args[IPSET_CB_ARG0] = 0; |
1feab10d JK |
1060 | return -EMSGSIZE; |
1061 | } | |
122ebbf2 | 1062 | ipset_nest_end(skb, atd); |
1feab10d JK |
1063 | return 0; |
1064 | } | |
1065 | ||
1066 | static int | |
35b8dcf8 JK |
1067 | IPSET_TOKEN(MTYPE, _kadt)(struct ip_set *set, const struct sk_buff *skb, |
1068 | const struct xt_action_param *par, | |
1069 | enum ipset_adt adt, struct ip_set_adt_opt *opt); | |
1feab10d JK |
1070 | |
1071 | static int | |
35b8dcf8 JK |
1072 | IPSET_TOKEN(MTYPE, _uadt)(struct ip_set *set, struct nlattr *tb[], |
1073 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried); | |
1feab10d JK |
1074 | |
1075 | static const struct ip_set_type_variant mtype_variant = { | |
1076 | .kadt = mtype_kadt, | |
1077 | .uadt = mtype_uadt, | |
1078 | .adt = { | |
1079 | [IPSET_ADD] = mtype_add, | |
1080 | [IPSET_DEL] = mtype_del, | |
1081 | [IPSET_TEST] = mtype_test, | |
1082 | }, | |
1083 | .destroy = mtype_destroy, | |
1084 | .flush = mtype_flush, | |
1085 | .head = mtype_head, | |
1086 | .list = mtype_list, | |
c4c99783 | 1087 | .uref = mtype_uref, |
1feab10d JK |
1088 | .resize = mtype_resize, |
1089 | .same_set = mtype_same_set, | |
1090 | }; | |
1091 | ||
1092 | #ifdef IP_SET_EMIT_CREATE | |
1093 | static int | |
1785e8f4 VL |
1094 | IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, |
1095 | struct nlattr *tb[], u32 flags) | |
1feab10d JK |
1096 | { |
1097 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; | |
4d0e5c07 VD |
1098 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1099 | u32 markmask; | |
1100 | #endif | |
1feab10d JK |
1101 | u8 hbits; |
1102 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1103 | u8 netmask; | |
1104 | #endif | |
1105 | size_t hsize; | |
43ef29c9 | 1106 | struct htype *h; |
a0f28dc7 | 1107 | struct htable *t; |
1feab10d | 1108 | |
07034aea | 1109 | #ifndef IP_SET_PROTO_UNDEF |
1feab10d JK |
1110 | if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) |
1111 | return -IPSET_ERR_INVALID_FAMILY; | |
07034aea | 1112 | #endif |
4d0e5c07 VD |
1113 | |
1114 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
1115 | markmask = 0xffffffff; | |
1116 | #endif | |
1feab10d JK |
1117 | #ifdef IP_SET_HASH_WITH_NETMASK |
1118 | netmask = set->family == NFPROTO_IPV4 ? 32 : 128; | |
1119 | pr_debug("Create set %s with family %s\n", | |
1120 | set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); | |
1121 | #endif | |
1122 | ||
1123 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || | |
1124 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || | |
4d0e5c07 VD |
1125 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1126 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MARKMASK) || | |
1127 | #endif | |
1feab10d JK |
1128 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || |
1129 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) | |
1130 | return -IPSET_ERR_PROTOCOL; | |
1131 | ||
1132 | if (tb[IPSET_ATTR_HASHSIZE]) { | |
1133 | hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]); | |
1134 | if (hashsize < IPSET_MIMINAL_HASHSIZE) | |
1135 | hashsize = IPSET_MIMINAL_HASHSIZE; | |
1136 | } | |
1137 | ||
1138 | if (tb[IPSET_ATTR_MAXELEM]) | |
1139 | maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]); | |
1140 | ||
1141 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1142 | if (tb[IPSET_ATTR_NETMASK]) { | |
1143 | netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); | |
1144 | ||
1145 | if ((set->family == NFPROTO_IPV4 && netmask > 32) || | |
1146 | (set->family == NFPROTO_IPV6 && netmask > 128) || | |
1147 | netmask == 0) | |
1148 | return -IPSET_ERR_INVALID_NETMASK; | |
1149 | } | |
1150 | #endif | |
4d0e5c07 VD |
1151 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1152 | if (tb[IPSET_ATTR_MARKMASK]) { | |
1153 | markmask = ntohl(nla_get_u32(tb[IPSET_ATTR_MARKMASK])); | |
1154 | ||
ecc245c2 | 1155 | if (markmask == 0) |
4d0e5c07 VD |
1156 | return -IPSET_ERR_INVALID_MARKMASK; |
1157 | } | |
1158 | #endif | |
1feab10d JK |
1159 | |
1160 | hsize = sizeof(*h); | |
1161 | #ifdef IP_SET_HASH_WITH_NETS | |
77b4311d | 1162 | hsize += sizeof(struct net_prefixes) * NLEN(set->family); |
1feab10d JK |
1163 | #endif |
1164 | h = kzalloc(hsize, GFP_KERNEL); | |
1165 | if (!h) | |
1166 | return -ENOMEM; | |
1167 | ||
1168 | h->maxelem = maxelem; | |
1169 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1170 | h->netmask = netmask; | |
4d0e5c07 VD |
1171 | #endif |
1172 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
1173 | h->markmask = markmask; | |
1feab10d JK |
1174 | #endif |
1175 | get_random_bytes(&h->initval, sizeof(h->initval)); | |
ca134ce8 | 1176 | set->timeout = IPSET_NO_TIMEOUT; |
1feab10d JK |
1177 | |
1178 | hbits = htable_bits(hashsize); | |
1179 | hsize = htable_size(hbits); | |
1180 | if (hsize == 0) { | |
1181 | kfree(h); | |
1182 | return -ENOMEM; | |
1183 | } | |
a0f28dc7 JK |
1184 | t = ip_set_alloc(hsize); |
1185 | if (!t) { | |
1feab10d JK |
1186 | kfree(h); |
1187 | return -ENOMEM; | |
1188 | } | |
a0f28dc7 JK |
1189 | t->htable_bits = hbits; |
1190 | rcu_assign_pointer(h->table, t); | |
1feab10d JK |
1191 | |
1192 | set->data = h; | |
07034aea | 1193 | #ifndef IP_SET_PROTO_UNDEF |
40cd63bf | 1194 | if (set->family == NFPROTO_IPV4) { |
07034aea | 1195 | #endif |
35b8dcf8 | 1196 | set->variant = &IPSET_TOKEN(HTYPE, 4_variant); |
03c8b234 JK |
1197 | set->dsize = ip_set_elem_len(set, tb, |
1198 | sizeof(struct IPSET_TOKEN(HTYPE, 4_elem))); | |
07034aea | 1199 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1200 | } else { |
35b8dcf8 | 1201 | set->variant = &IPSET_TOKEN(HTYPE, 6_variant); |
03c8b234 JK |
1202 | set->dsize = ip_set_elem_len(set, tb, |
1203 | sizeof(struct IPSET_TOKEN(HTYPE, 6_elem))); | |
1204 | } | |
07034aea | 1205 | #endif |
03c8b234 | 1206 | if (tb[IPSET_ATTR_TIMEOUT]) { |
ca134ce8 | 1207 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
07034aea | 1208 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1209 | if (set->family == NFPROTO_IPV4) |
07034aea | 1210 | #endif |
35b8dcf8 JK |
1211 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, |
1212 | IPSET_TOKEN(HTYPE, 4_gc)); | |
07034aea | 1213 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1214 | else |
35b8dcf8 JK |
1215 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, |
1216 | IPSET_TOKEN(HTYPE, 6_gc)); | |
07034aea | 1217 | #endif |
1feab10d | 1218 | } |
1feab10d | 1219 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", |
a0f28dc7 JK |
1220 | set->name, jhash_size(t->htable_bits), |
1221 | t->htable_bits, h->maxelem, set->data, t); | |
1feab10d JK |
1222 | |
1223 | return 0; | |
1224 | } | |
1225 | #endif /* IP_SET_EMIT_CREATE */ | |
58cc06da SP |
1226 | |
1227 | #undef HKEY_DATALEN |