Commit | Line | Data |
---|---|---|
b3837029 JK |
1 | /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
2 | * | |
3 | * This program is free software; you can redistribute it and/or modify | |
4 | * it under the terms of the GNU General Public License version 2 as | |
5 | * published by the Free Software Foundation. | |
6 | */ | |
7 | ||
8 | /* Kernel module implementing an IP set type: the hash:net type */ | |
9 | ||
10 | #include <linux/jhash.h> | |
11 | #include <linux/module.h> | |
12 | #include <linux/ip.h> | |
13 | #include <linux/skbuff.h> | |
14 | #include <linux/errno.h> | |
b3837029 JK |
15 | #include <linux/random.h> |
16 | #include <net/ip.h> | |
17 | #include <net/ipv6.h> | |
18 | #include <net/netlink.h> | |
19 | ||
20 | #include <linux/netfilter.h> | |
21 | #include <linux/netfilter/ipset/pfxlen.h> | |
22 | #include <linux/netfilter/ipset/ip_set.h> | |
23 | #include <linux/netfilter/ipset/ip_set_timeout.h> | |
24 | #include <linux/netfilter/ipset/ip_set_hash.h> | |
25 | ||
26 | MODULE_LICENSE("GPL"); | |
27 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | |
28 | MODULE_DESCRIPTION("hash:net type of IP sets"); | |
29 | MODULE_ALIAS("ip_set_hash:net"); | |
30 | ||
31 | /* Type specific function prefix */ | |
32 | #define TYPE hash_net | |
33 | ||
34 | static bool | |
35 | hash_net_same_set(const struct ip_set *a, const struct ip_set *b); | |
36 | ||
37 | #define hash_net4_same_set hash_net_same_set | |
38 | #define hash_net6_same_set hash_net_same_set | |
39 | ||
40 | /* The type variant functions: IPv4 */ | |
41 | ||
42 | /* Member elements without timeout */ | |
43 | struct hash_net4_elem { | |
44 | __be32 ip; | |
45 | u16 padding0; | |
2a7cef2a | 46 | u8 nomatch; |
b3837029 JK |
47 | u8 cidr; |
48 | }; | |
49 | ||
50 | /* Member elements with timeout support */ | |
51 | struct hash_net4_telem { | |
52 | __be32 ip; | |
53 | u16 padding0; | |
2a7cef2a | 54 | u8 nomatch; |
b3837029 JK |
55 | u8 cidr; |
56 | unsigned long timeout; | |
57 | }; | |
58 | ||
59 | static inline bool | |
60 | hash_net4_data_equal(const struct hash_net4_elem *ip1, | |
89dc79b7 JK |
61 | const struct hash_net4_elem *ip2, |
62 | u32 *multi) | |
b3837029 | 63 | { |
2a7cef2a JK |
64 | return ip1->ip == ip2->ip && |
65 | ip1->cidr == ip2->cidr; | |
b3837029 JK |
66 | } |
67 | ||
68 | static inline bool | |
69 | hash_net4_data_isnull(const struct hash_net4_elem *elem) | |
70 | { | |
71 | return elem->cidr == 0; | |
72 | } | |
73 | ||
74 | static inline void | |
75 | hash_net4_data_copy(struct hash_net4_elem *dst, | |
76 | const struct hash_net4_elem *src) | |
77 | { | |
78 | dst->ip = src->ip; | |
79 | dst->cidr = src->cidr; | |
2a7cef2a JK |
80 | dst->nomatch = src->nomatch; |
81 | } | |
82 | ||
83 | static inline void | |
84 | hash_net4_data_flags(struct hash_net4_elem *dst, u32 flags) | |
85 | { | |
86 | dst->nomatch = flags & IPSET_FLAG_NOMATCH; | |
87 | } | |
88 | ||
89 | static inline bool | |
90 | hash_net4_data_match(const struct hash_net4_elem *elem) | |
91 | { | |
92 | return !elem->nomatch; | |
b3837029 JK |
93 | } |
94 | ||
95 | static inline void | |
96 | hash_net4_data_netmask(struct hash_net4_elem *elem, u8 cidr) | |
97 | { | |
98 | elem->ip &= ip_set_netmask(cidr); | |
99 | elem->cidr = cidr; | |
100 | } | |
101 | ||
102 | /* Zero CIDR values cannot be stored */ | |
103 | static inline void | |
104 | hash_net4_data_zero_out(struct hash_net4_elem *elem) | |
105 | { | |
106 | elem->cidr = 0; | |
107 | } | |
108 | ||
109 | static bool | |
110 | hash_net4_data_list(struct sk_buff *skb, const struct hash_net4_elem *data) | |
111 | { | |
2a7cef2a JK |
112 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
113 | ||
7cf7899d DM |
114 | if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || |
115 | nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
116 | (flags && | |
117 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
118 | goto nla_put_failure; | |
b3837029 JK |
119 | return 0; |
120 | ||
121 | nla_put_failure: | |
122 | return 1; | |
123 | } | |
124 | ||
125 | static bool | |
126 | hash_net4_data_tlist(struct sk_buff *skb, const struct hash_net4_elem *data) | |
127 | { | |
128 | const struct hash_net4_telem *tdata = | |
129 | (const struct hash_net4_telem *)data; | |
2a7cef2a | 130 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
b3837029 | 131 | |
7cf7899d DM |
132 | if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || |
133 | nla_put_u8(skb, IPSET_ATTR_CIDR, tdata->cidr) || | |
134 | nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
135 | htonl(ip_set_timeout_get(tdata->timeout))) || | |
136 | (flags && | |
137 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
138 | goto nla_put_failure; | |
b3837029 JK |
139 | return 0; |
140 | ||
141 | nla_put_failure: | |
142 | return 1; | |
143 | } | |
144 | ||
145 | #define IP_SET_HASH_WITH_NETS | |
146 | ||
147 | #define PF 4 | |
148 | #define HOST_MASK 32 | |
149 | #include <linux/netfilter/ipset/ip_set_ahash.h> | |
150 | ||
3d14b171 JK |
151 | static inline void |
152 | hash_net4_data_next(struct ip_set_hash *h, | |
153 | const struct hash_net4_elem *d) | |
154 | { | |
d0d9e0a5 | 155 | h->next.ip = ntohl(d->ip); |
3d14b171 JK |
156 | } |
157 | ||
b3837029 JK |
158 | static int |
159 | hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb, | |
b66554cf | 160 | const struct xt_action_param *par, |
ac8cc925 | 161 | enum ipset_adt adt, const struct ip_set_adt_opt *opt) |
b3837029 JK |
162 | { |
163 | const struct ip_set_hash *h = set->data; | |
164 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
9b03a5ef JK |
165 | struct hash_net4_elem data = { |
166 | .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK | |
167 | }; | |
b3837029 JK |
168 | |
169 | if (data.cidr == 0) | |
170 | return -EINVAL; | |
171 | if (adt == IPSET_TEST) | |
172 | data.cidr = HOST_MASK; | |
173 | ||
ac8cc925 | 174 | ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &data.ip); |
b3837029 JK |
175 | data.ip &= ip_set_netmask(data.cidr); |
176 | ||
ac8cc925 | 177 | return adtfn(set, &data, opt_timeout(opt, h), opt->cmdflags); |
b3837029 JK |
178 | } |
179 | ||
180 | static int | |
181 | hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], | |
3d14b171 | 182 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) |
b3837029 JK |
183 | { |
184 | const struct ip_set_hash *h = set->data; | |
185 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
186 | struct hash_net4_elem data = { .cidr = HOST_MASK }; | |
187 | u32 timeout = h->timeout; | |
d0d9e0a5 | 188 | u32 ip = 0, ip_to, last; |
b3837029 JK |
189 | int ret; |
190 | ||
191 | if (unlikely(!tb[IPSET_ATTR_IP] || | |
2a7cef2a JK |
192 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || |
193 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) | |
b3837029 JK |
194 | return -IPSET_ERR_PROTOCOL; |
195 | ||
196 | if (tb[IPSET_ATTR_LINENO]) | |
197 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
198 | ||
d0d9e0a5 | 199 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip); |
b3837029 JK |
200 | if (ret) |
201 | return ret; | |
202 | ||
d0d9e0a5 | 203 | if (tb[IPSET_ATTR_CIDR]) { |
b3837029 | 204 | data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); |
2a7cef2a | 205 | if (!data.cidr || data.cidr > HOST_MASK) |
d0d9e0a5 JK |
206 | return -IPSET_ERR_INVALID_CIDR; |
207 | } | |
b3837029 JK |
208 | |
209 | if (tb[IPSET_ATTR_TIMEOUT]) { | |
210 | if (!with_timeout(h->timeout)) | |
211 | return -IPSET_ERR_TIMEOUT; | |
212 | timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
213 | } | |
15b4d93f | 214 | |
2a7cef2a JK |
215 | if (tb[IPSET_ATTR_CADT_FLAGS] && adt == IPSET_ADD) { |
216 | u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
217 | if (cadt_flags & IPSET_FLAG_NOMATCH) | |
218 | flags |= (cadt_flags << 16); | |
219 | } | |
220 | ||
d0d9e0a5 JK |
221 | if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) { |
222 | data.ip = htonl(ip & ip_set_hostmask(data.cidr)); | |
223 | ret = adtfn(set, &data, timeout, flags); | |
224 | return ip_set_eexist(ret, flags) ? 0 : ret; | |
225 | } | |
b3837029 | 226 | |
d0d9e0a5 JK |
227 | ip_to = ip; |
228 | if (tb[IPSET_ATTR_IP_TO]) { | |
229 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | |
230 | if (ret) | |
231 | return ret; | |
232 | if (ip_to < ip) | |
233 | swap(ip, ip_to); | |
234 | if (ip + UINT_MAX == ip_to) | |
235 | return -IPSET_ERR_HASH_RANGE; | |
236 | } | |
237 | if (retried) | |
15b4d93f | 238 | ip = h->next.ip; |
d0d9e0a5 JK |
239 | while (!after(ip, ip_to)) { |
240 | data.ip = htonl(ip); | |
241 | last = ip_set_range_to_cidr(ip, ip_to, &data.cidr); | |
242 | ret = adtfn(set, &data, timeout, flags); | |
243 | if (ret && !ip_set_eexist(ret, flags)) | |
244 | return ret; | |
245 | else | |
246 | ret = 0; | |
247 | ip = last + 1; | |
248 | } | |
249 | return ret; | |
b3837029 JK |
250 | } |
251 | ||
252 | static bool | |
253 | hash_net_same_set(const struct ip_set *a, const struct ip_set *b) | |
254 | { | |
255 | const struct ip_set_hash *x = a->data; | |
256 | const struct ip_set_hash *y = b->data; | |
257 | ||
258 | /* Resizing changes htable_bits, so we ignore it */ | |
259 | return x->maxelem == y->maxelem && | |
260 | x->timeout == y->timeout; | |
261 | } | |
262 | ||
263 | /* The type variant functions: IPv6 */ | |
264 | ||
265 | struct hash_net6_elem { | |
266 | union nf_inet_addr ip; | |
267 | u16 padding0; | |
2a7cef2a | 268 | u8 nomatch; |
b3837029 JK |
269 | u8 cidr; |
270 | }; | |
271 | ||
272 | struct hash_net6_telem { | |
273 | union nf_inet_addr ip; | |
274 | u16 padding0; | |
2a7cef2a | 275 | u8 nomatch; |
b3837029 JK |
276 | u8 cidr; |
277 | unsigned long timeout; | |
278 | }; | |
279 | ||
280 | static inline bool | |
281 | hash_net6_data_equal(const struct hash_net6_elem *ip1, | |
89dc79b7 JK |
282 | const struct hash_net6_elem *ip2, |
283 | u32 *multi) | |
b3837029 JK |
284 | { |
285 | return ipv6_addr_cmp(&ip1->ip.in6, &ip2->ip.in6) == 0 && | |
286 | ip1->cidr == ip2->cidr; | |
287 | } | |
288 | ||
289 | static inline bool | |
290 | hash_net6_data_isnull(const struct hash_net6_elem *elem) | |
291 | { | |
292 | return elem->cidr == 0; | |
293 | } | |
294 | ||
295 | static inline void | |
296 | hash_net6_data_copy(struct hash_net6_elem *dst, | |
297 | const struct hash_net6_elem *src) | |
298 | { | |
4e3fd7a0 | 299 | dst->ip.in6 = src->ip.in6; |
b3837029 | 300 | dst->cidr = src->cidr; |
2a7cef2a JK |
301 | dst->nomatch = src->nomatch; |
302 | } | |
303 | ||
304 | static inline void | |
305 | hash_net6_data_flags(struct hash_net6_elem *dst, u32 flags) | |
306 | { | |
307 | dst->nomatch = flags & IPSET_FLAG_NOMATCH; | |
308 | } | |
309 | ||
310 | static inline bool | |
311 | hash_net6_data_match(const struct hash_net6_elem *elem) | |
312 | { | |
313 | return !elem->nomatch; | |
b3837029 JK |
314 | } |
315 | ||
316 | static inline void | |
317 | hash_net6_data_zero_out(struct hash_net6_elem *elem) | |
318 | { | |
319 | elem->cidr = 0; | |
320 | } | |
321 | ||
322 | static inline void | |
323 | ip6_netmask(union nf_inet_addr *ip, u8 prefix) | |
324 | { | |
325 | ip->ip6[0] &= ip_set_netmask6(prefix)[0]; | |
326 | ip->ip6[1] &= ip_set_netmask6(prefix)[1]; | |
327 | ip->ip6[2] &= ip_set_netmask6(prefix)[2]; | |
328 | ip->ip6[3] &= ip_set_netmask6(prefix)[3]; | |
329 | } | |
330 | ||
331 | static inline void | |
332 | hash_net6_data_netmask(struct hash_net6_elem *elem, u8 cidr) | |
333 | { | |
334 | ip6_netmask(&elem->ip, cidr); | |
335 | elem->cidr = cidr; | |
336 | } | |
337 | ||
338 | static bool | |
339 | hash_net6_data_list(struct sk_buff *skb, const struct hash_net6_elem *data) | |
340 | { | |
2a7cef2a JK |
341 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
342 | ||
7cf7899d DM |
343 | if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || |
344 | nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
345 | (flags && | |
346 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
347 | goto nla_put_failure; | |
b3837029 JK |
348 | return 0; |
349 | ||
350 | nla_put_failure: | |
351 | return 1; | |
352 | } | |
353 | ||
354 | static bool | |
355 | hash_net6_data_tlist(struct sk_buff *skb, const struct hash_net6_elem *data) | |
356 | { | |
357 | const struct hash_net6_telem *e = | |
358 | (const struct hash_net6_telem *)data; | |
2a7cef2a | 359 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
b3837029 | 360 | |
7cf7899d DM |
361 | if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || |
362 | nla_put_u8(skb, IPSET_ATTR_CIDR, e->cidr) || | |
363 | nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
364 | htonl(ip_set_timeout_get(e->timeout))) || | |
365 | (flags && | |
366 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
367 | goto nla_put_failure; | |
b3837029 JK |
368 | return 0; |
369 | ||
370 | nla_put_failure: | |
371 | return 1; | |
372 | } | |
373 | ||
374 | #undef PF | |
375 | #undef HOST_MASK | |
376 | ||
377 | #define PF 6 | |
378 | #define HOST_MASK 128 | |
379 | #include <linux/netfilter/ipset/ip_set_ahash.h> | |
380 | ||
3d14b171 JK |
381 | static inline void |
382 | hash_net6_data_next(struct ip_set_hash *h, | |
383 | const struct hash_net6_elem *d) | |
384 | { | |
385 | } | |
386 | ||
b3837029 JK |
387 | static int |
388 | hash_net6_kadt(struct ip_set *set, const struct sk_buff *skb, | |
b66554cf | 389 | const struct xt_action_param *par, |
ac8cc925 | 390 | enum ipset_adt adt, const struct ip_set_adt_opt *opt) |
b3837029 JK |
391 | { |
392 | const struct ip_set_hash *h = set->data; | |
393 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
9b03a5ef JK |
394 | struct hash_net6_elem data = { |
395 | .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK | |
396 | }; | |
b3837029 JK |
397 | |
398 | if (data.cidr == 0) | |
399 | return -EINVAL; | |
400 | if (adt == IPSET_TEST) | |
401 | data.cidr = HOST_MASK; | |
402 | ||
ac8cc925 | 403 | ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &data.ip.in6); |
b3837029 JK |
404 | ip6_netmask(&data.ip, data.cidr); |
405 | ||
ac8cc925 | 406 | return adtfn(set, &data, opt_timeout(opt, h), opt->cmdflags); |
b3837029 JK |
407 | } |
408 | ||
409 | static int | |
410 | hash_net6_uadt(struct ip_set *set, struct nlattr *tb[], | |
3d14b171 | 411 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) |
b3837029 JK |
412 | { |
413 | const struct ip_set_hash *h = set->data; | |
414 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
415 | struct hash_net6_elem data = { .cidr = HOST_MASK }; | |
416 | u32 timeout = h->timeout; | |
417 | int ret; | |
418 | ||
419 | if (unlikely(!tb[IPSET_ATTR_IP] || | |
2a7cef2a JK |
420 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || |
421 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) | |
b3837029 | 422 | return -IPSET_ERR_PROTOCOL; |
d0d9e0a5 JK |
423 | if (unlikely(tb[IPSET_ATTR_IP_TO])) |
424 | return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; | |
b3837029 JK |
425 | |
426 | if (tb[IPSET_ATTR_LINENO]) | |
427 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
428 | ||
429 | ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &data.ip); | |
430 | if (ret) | |
431 | return ret; | |
432 | ||
433 | if (tb[IPSET_ATTR_CIDR]) | |
434 | data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | |
435 | ||
2a7cef2a | 436 | if (!data.cidr || data.cidr > HOST_MASK) |
b3837029 JK |
437 | return -IPSET_ERR_INVALID_CIDR; |
438 | ||
439 | ip6_netmask(&data.ip, data.cidr); | |
440 | ||
441 | if (tb[IPSET_ATTR_TIMEOUT]) { | |
442 | if (!with_timeout(h->timeout)) | |
443 | return -IPSET_ERR_TIMEOUT; | |
444 | timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
445 | } | |
446 | ||
2a7cef2a JK |
447 | if (tb[IPSET_ATTR_CADT_FLAGS] && adt == IPSET_ADD) { |
448 | u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
449 | if (cadt_flags & IPSET_FLAG_NOMATCH) | |
450 | flags |= (cadt_flags << 16); | |
451 | } | |
452 | ||
5416219e | 453 | ret = adtfn(set, &data, timeout, flags); |
b3837029 JK |
454 | |
455 | return ip_set_eexist(ret, flags) ? 0 : ret; | |
456 | } | |
457 | ||
458 | /* Create hash:ip type of sets */ | |
459 | ||
460 | static int | |
461 | hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |
462 | { | |
463 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; | |
464 | struct ip_set_hash *h; | |
465 | u8 hbits; | |
466 | ||
c15f1c83 | 467 | if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) |
b3837029 JK |
468 | return -IPSET_ERR_INVALID_FAMILY; |
469 | ||
470 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || | |
471 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || | |
472 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) | |
473 | return -IPSET_ERR_PROTOCOL; | |
474 | ||
475 | if (tb[IPSET_ATTR_HASHSIZE]) { | |
476 | hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]); | |
477 | if (hashsize < IPSET_MIMINAL_HASHSIZE) | |
478 | hashsize = IPSET_MIMINAL_HASHSIZE; | |
479 | } | |
480 | ||
481 | if (tb[IPSET_ATTR_MAXELEM]) | |
482 | maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]); | |
483 | ||
484 | h = kzalloc(sizeof(*h) | |
485 | + sizeof(struct ip_set_hash_nets) | |
c15f1c83 | 486 | * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); |
b3837029 JK |
487 | if (!h) |
488 | return -ENOMEM; | |
489 | ||
490 | h->maxelem = maxelem; | |
491 | get_random_bytes(&h->initval, sizeof(h->initval)); | |
492 | h->timeout = IPSET_NO_TIMEOUT; | |
493 | ||
494 | hbits = htable_bits(hashsize); | |
495 | h->table = ip_set_alloc( | |
496 | sizeof(struct htable) | |
497 | + jhash_size(hbits) * sizeof(struct hbucket)); | |
498 | if (!h->table) { | |
499 | kfree(h); | |
500 | return -ENOMEM; | |
501 | } | |
502 | h->table->htable_bits = hbits; | |
503 | ||
504 | set->data = h; | |
505 | ||
506 | if (tb[IPSET_ATTR_TIMEOUT]) { | |
507 | h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
508 | ||
c15f1c83 | 509 | set->variant = set->family == NFPROTO_IPV4 |
b3837029 JK |
510 | ? &hash_net4_tvariant : &hash_net6_tvariant; |
511 | ||
c15f1c83 | 512 | if (set->family == NFPROTO_IPV4) |
b3837029 JK |
513 | hash_net4_gc_init(set); |
514 | else | |
515 | hash_net6_gc_init(set); | |
516 | } else { | |
c15f1c83 | 517 | set->variant = set->family == NFPROTO_IPV4 |
b3837029 JK |
518 | ? &hash_net4_variant : &hash_net6_variant; |
519 | } | |
520 | ||
521 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", | |
522 | set->name, jhash_size(h->table->htable_bits), | |
523 | h->table->htable_bits, h->maxelem, set->data, h->table); | |
524 | ||
525 | return 0; | |
526 | } | |
527 | ||
528 | static struct ip_set_type hash_net_type __read_mostly = { | |
529 | .name = "hash:net", | |
530 | .protocol = IPSET_PROTOCOL, | |
531 | .features = IPSET_TYPE_IP, | |
532 | .dimension = IPSET_DIM_ONE, | |
c15f1c83 | 533 | .family = NFPROTO_UNSPEC, |
f1e00b39 | 534 | .revision_min = 0, |
2a7cef2a JK |
535 | /* = 1 Range as input support for IPv4 added */ |
536 | .revision_max = 2, /* nomatch flag support added */ | |
b3837029 JK |
537 | .create = hash_net_create, |
538 | .create_policy = { | |
539 | [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, | |
540 | [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, | |
541 | [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, | |
542 | [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, | |
543 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
544 | }, | |
545 | .adt_policy = { | |
546 | [IPSET_ATTR_IP] = { .type = NLA_NESTED }, | |
d0d9e0a5 | 547 | [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED }, |
b3837029 JK |
548 | [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, |
549 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
2a7cef2a | 550 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
b3837029 JK |
551 | }, |
552 | .me = THIS_MODULE, | |
553 | }; | |
554 | ||
555 | static int __init | |
556 | hash_net_init(void) | |
557 | { | |
558 | return ip_set_type_register(&hash_net_type); | |
559 | } | |
560 | ||
561 | static void __exit | |
562 | hash_net_fini(void) | |
563 | { | |
564 | ip_set_type_unregister(&hash_net_type); | |
565 | } | |
566 | ||
567 | module_init(hash_net_init); | |
568 | module_exit(hash_net_fini); |