Commit | Line | Data |
---|---|---|
ea53ac5b OS |
1 | /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
2 | * Copyright (C) 2013 Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify | |
5 | * it under the terms of the GNU General Public License version 2 as | |
6 | * published by the Free Software Foundation. | |
7 | */ | |
8 | ||
9 | /* Kernel module implementing an IP set type: the hash:net type */ | |
10 | ||
11 | #include <linux/jhash.h> | |
12 | #include <linux/module.h> | |
13 | #include <linux/ip.h> | |
14 | #include <linux/skbuff.h> | |
15 | #include <linux/errno.h> | |
16 | #include <linux/random.h> | |
17 | #include <net/ip.h> | |
18 | #include <net/ipv6.h> | |
19 | #include <net/netlink.h> | |
20 | ||
21 | #include <linux/netfilter.h> | |
22 | #include <linux/netfilter/ipset/pfxlen.h> | |
23 | #include <linux/netfilter/ipset/ip_set.h> | |
24 | #include <linux/netfilter/ipset/ip_set_hash.h> | |
25 | ||
26 | #define IPSET_TYPE_REV_MIN 0 | |
af331419 AD |
27 | /* 1 Forceadd support added */ |
28 | #define IPSET_TYPE_REV_MAX 2 /* skbinfo support added */ | |
ea53ac5b OS |
29 | |
30 | MODULE_LICENSE("GPL"); | |
31 | MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>"); | |
32 | IP_SET_MODULE_DESC("hash:net,net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); | |
33 | MODULE_ALIAS("ip_set_hash:net,net"); | |
34 | ||
35 | /* Type specific function prefix */ | |
36 | #define HTYPE hash_netnet | |
37 | #define IP_SET_HASH_WITH_NETS | |
38 | #define IPSET_NET_COUNT 2 | |
39 | ||
40 | /* IPv4 variants */ | |
41 | ||
42 | /* Member elements */ | |
43 | struct hash_netnet4_elem { | |
44 | union { | |
45 | __be32 ip[2]; | |
46 | __be64 ipcmp; | |
47 | }; | |
48 | u8 nomatch; | |
cac37639 | 49 | u8 padding; |
ea53ac5b OS |
50 | union { |
51 | u8 cidr[2]; | |
52 | u16 ccmp; | |
53 | }; | |
54 | }; | |
55 | ||
56 | /* Common functions */ | |
57 | ||
58 | static inline bool | |
59 | hash_netnet4_data_equal(const struct hash_netnet4_elem *ip1, | |
60 | const struct hash_netnet4_elem *ip2, | |
61 | u32 *multi) | |
62 | { | |
63 | return ip1->ipcmp == ip2->ipcmp && | |
b49faea7 | 64 | ip1->ccmp == ip2->ccmp; |
ea53ac5b OS |
65 | } |
66 | ||
67 | static inline int | |
68 | hash_netnet4_do_data_match(const struct hash_netnet4_elem *elem) | |
69 | { | |
70 | return elem->nomatch ? -ENOTEMPTY : 1; | |
71 | } | |
72 | ||
73 | static inline void | |
74 | hash_netnet4_data_set_flags(struct hash_netnet4_elem *elem, u32 flags) | |
75 | { | |
76 | elem->nomatch = (flags >> 16) & IPSET_FLAG_NOMATCH; | |
77 | } | |
78 | ||
79 | static inline void | |
80 | hash_netnet4_data_reset_flags(struct hash_netnet4_elem *elem, u8 *flags) | |
81 | { | |
82 | swap(*flags, elem->nomatch); | |
83 | } | |
84 | ||
85 | static inline void | |
86 | hash_netnet4_data_reset_elem(struct hash_netnet4_elem *elem, | |
87 | struct hash_netnet4_elem *orig) | |
88 | { | |
89 | elem->ip[1] = orig->ip[1]; | |
90 | } | |
91 | ||
92 | static inline void | |
93 | hash_netnet4_data_netmask(struct hash_netnet4_elem *elem, u8 cidr, bool inner) | |
94 | { | |
95 | if (inner) { | |
96 | elem->ip[1] &= ip_set_netmask(cidr); | |
97 | elem->cidr[1] = cidr; | |
98 | } else { | |
99 | elem->ip[0] &= ip_set_netmask(cidr); | |
100 | elem->cidr[0] = cidr; | |
101 | } | |
102 | } | |
103 | ||
104 | static bool | |
105 | hash_netnet4_data_list(struct sk_buff *skb, | |
106 | const struct hash_netnet4_elem *data) | |
107 | { | |
108 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; | |
109 | ||
110 | if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip[0]) || | |
111 | nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip[1]) || | |
112 | nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) || | |
113 | nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr[1]) || | |
114 | (flags && | |
115 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
116 | goto nla_put_failure; | |
9562cf28 | 117 | return false; |
ea53ac5b OS |
118 | |
119 | nla_put_failure: | |
9562cf28 | 120 | return true; |
ea53ac5b OS |
121 | } |
122 | ||
123 | static inline void | |
124 | hash_netnet4_data_next(struct hash_netnet4_elem *next, | |
125 | const struct hash_netnet4_elem *d) | |
126 | { | |
127 | next->ipcmp = d->ipcmp; | |
128 | } | |
129 | ||
130 | #define MTYPE hash_netnet4 | |
ea53ac5b OS |
131 | #define HOST_MASK 32 |
132 | #include "ip_set_hash_gen.h" | |
133 | ||
134 | static int | |
135 | hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb, | |
136 | const struct xt_action_param *par, | |
137 | enum ipset_adt adt, struct ip_set_adt_opt *opt) | |
138 | { | |
139 | const struct hash_netnet *h = set->data; | |
140 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
1a869205 | 141 | struct hash_netnet4_elem e = { }; |
ea53ac5b OS |
142 | struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); |
143 | ||
1a869205 JK |
144 | e.cidr[0] = IP_SET_INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); |
145 | e.cidr[1] = IP_SET_INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); | |
ea53ac5b OS |
146 | if (adt == IPSET_TEST) |
147 | e.ccmp = (HOST_MASK << (sizeof(e.cidr[0]) * 8)) | HOST_MASK; | |
148 | ||
149 | ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0]); | |
150 | ip4addrptr(skb, opt->flags & IPSET_DIM_TWO_SRC, &e.ip[1]); | |
151 | e.ip[0] &= ip_set_netmask(e.cidr[0]); | |
152 | e.ip[1] &= ip_set_netmask(e.cidr[1]); | |
153 | ||
154 | return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); | |
155 | } | |
156 | ||
157 | static int | |
158 | hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |
159 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) | |
160 | { | |
161 | const struct hash_netnet *h = set->data; | |
162 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
aff22758 | 163 | struct hash_netnet4_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, }; |
ea53ac5b OS |
164 | struct ip_set_ext ext = IP_SET_INIT_UEXT(set); |
165 | u32 ip = 0, ip_to = 0, last; | |
166 | u32 ip2 = 0, ip2_from = 0, ip2_to = 0, last2; | |
ea53ac5b OS |
167 | int ret; |
168 | ||
a212e08e SP |
169 | if (tb[IPSET_ATTR_LINENO]) |
170 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
171 | ||
ea53ac5b | 172 | if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || |
7dd37bc8 | 173 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) |
ea53ac5b OS |
174 | return -IPSET_ERR_PROTOCOL; |
175 | ||
8e55d2e5 SP |
176 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip); |
177 | if (ret) | |
178 | return ret; | |
179 | ||
180 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from); | |
181 | if (ret) | |
182 | return ret; | |
183 | ||
184 | ret = ip_set_get_extensions(set, tb, &ext); | |
ea53ac5b OS |
185 | if (ret) |
186 | return ret; | |
187 | ||
188 | if (tb[IPSET_ATTR_CIDR]) { | |
aff22758 SP |
189 | e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); |
190 | if (!e.cidr[0] || e.cidr[0] > HOST_MASK) | |
ea53ac5b | 191 | return -IPSET_ERR_INVALID_CIDR; |
ea53ac5b OS |
192 | } |
193 | ||
194 | if (tb[IPSET_ATTR_CIDR2]) { | |
aff22758 SP |
195 | e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); |
196 | if (!e.cidr[1] || e.cidr[1] > HOST_MASK) | |
ea53ac5b | 197 | return -IPSET_ERR_INVALID_CIDR; |
ea53ac5b OS |
198 | } |
199 | ||
200 | if (tb[IPSET_ATTR_CADT_FLAGS]) { | |
201 | u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
202 | if (cadt_flags & IPSET_FLAG_NOMATCH) | |
203 | flags |= (IPSET_FLAG_NOMATCH << 16); | |
204 | } | |
205 | ||
6e41ee68 | 206 | if (adt == IPSET_TEST || !(tb[IPSET_ATTR_IP_TO] || |
ea53ac5b OS |
207 | tb[IPSET_ATTR_IP2_TO])) { |
208 | e.ip[0] = htonl(ip & ip_set_hostmask(e.cidr[0])); | |
209 | e.ip[1] = htonl(ip2_from & ip_set_hostmask(e.cidr[1])); | |
210 | ret = adtfn(set, &e, &ext, &ext, flags); | |
211 | return ip_set_enomatch(ret, flags, adt, set) ? -ret : | |
212 | ip_set_eexist(ret, flags) ? 0 : ret; | |
213 | } | |
214 | ||
215 | ip_to = ip; | |
216 | if (tb[IPSET_ATTR_IP_TO]) { | |
217 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | |
218 | if (ret) | |
219 | return ret; | |
220 | if (ip_to < ip) | |
221 | swap(ip, ip_to); | |
6e41ee68 | 222 | if (unlikely(ip + UINT_MAX == ip_to)) |
ea53ac5b | 223 | return -IPSET_ERR_HASH_RANGE; |
6e41ee68 SP |
224 | } else |
225 | ip_set_mask_from_to(ip, ip_to, e.cidr[0]); | |
ea53ac5b OS |
226 | |
227 | ip2_to = ip2_from; | |
228 | if (tb[IPSET_ATTR_IP2_TO]) { | |
229 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to); | |
230 | if (ret) | |
231 | return ret; | |
232 | if (ip2_to < ip2_from) | |
233 | swap(ip2_from, ip2_to); | |
6e41ee68 | 234 | if (unlikely(ip2_from + UINT_MAX == ip2_to)) |
ea53ac5b | 235 | return -IPSET_ERR_HASH_RANGE; |
6e41ee68 SP |
236 | } else |
237 | ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]); | |
ea53ac5b OS |
238 | |
239 | if (retried) | |
240 | ip = ntohl(h->next.ip[0]); | |
241 | ||
242 | while (!after(ip, ip_to)) { | |
243 | e.ip[0] = htonl(ip); | |
aff22758 | 244 | last = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); |
ea53ac5b OS |
245 | ip2 = (retried && |
246 | ip == ntohl(h->next.ip[0])) ? ntohl(h->next.ip[1]) | |
247 | : ip2_from; | |
248 | while (!after(ip2, ip2_to)) { | |
249 | e.ip[1] = htonl(ip2); | |
aff22758 | 250 | last2 = ip_set_range_to_cidr(ip2, ip2_to, &e.cidr[1]); |
ea53ac5b OS |
251 | ret = adtfn(set, &e, &ext, &ext, flags); |
252 | if (ret && !ip_set_eexist(ret, flags)) | |
253 | return ret; | |
254 | else | |
255 | ret = 0; | |
256 | ip2 = last2 + 1; | |
257 | } | |
258 | ip = last + 1; | |
259 | } | |
260 | return ret; | |
261 | } | |
262 | ||
263 | /* IPv6 variants */ | |
264 | ||
265 | struct hash_netnet6_elem { | |
266 | union nf_inet_addr ip[2]; | |
267 | u8 nomatch; | |
cac37639 | 268 | u8 padding; |
ea53ac5b OS |
269 | union { |
270 | u8 cidr[2]; | |
271 | u16 ccmp; | |
272 | }; | |
273 | }; | |
274 | ||
275 | /* Common functions */ | |
276 | ||
277 | static inline bool | |
278 | hash_netnet6_data_equal(const struct hash_netnet6_elem *ip1, | |
279 | const struct hash_netnet6_elem *ip2, | |
280 | u32 *multi) | |
281 | { | |
282 | return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) && | |
283 | ipv6_addr_equal(&ip1->ip[1].in6, &ip2->ip[1].in6) && | |
284 | ip1->ccmp == ip2->ccmp; | |
285 | } | |
286 | ||
287 | static inline int | |
288 | hash_netnet6_do_data_match(const struct hash_netnet6_elem *elem) | |
289 | { | |
290 | return elem->nomatch ? -ENOTEMPTY : 1; | |
291 | } | |
292 | ||
293 | static inline void | |
294 | hash_netnet6_data_set_flags(struct hash_netnet6_elem *elem, u32 flags) | |
295 | { | |
296 | elem->nomatch = (flags >> 16) & IPSET_FLAG_NOMATCH; | |
297 | } | |
298 | ||
299 | static inline void | |
300 | hash_netnet6_data_reset_flags(struct hash_netnet6_elem *elem, u8 *flags) | |
301 | { | |
302 | swap(*flags, elem->nomatch); | |
303 | } | |
304 | ||
305 | static inline void | |
306 | hash_netnet6_data_reset_elem(struct hash_netnet6_elem *elem, | |
307 | struct hash_netnet6_elem *orig) | |
308 | { | |
309 | elem->ip[1] = orig->ip[1]; | |
310 | } | |
311 | ||
312 | static inline void | |
313 | hash_netnet6_data_netmask(struct hash_netnet6_elem *elem, u8 cidr, bool inner) | |
314 | { | |
315 | if (inner) { | |
316 | ip6_netmask(&elem->ip[1], cidr); | |
317 | elem->cidr[1] = cidr; | |
318 | } else { | |
319 | ip6_netmask(&elem->ip[0], cidr); | |
320 | elem->cidr[0] = cidr; | |
321 | } | |
322 | } | |
323 | ||
324 | static bool | |
325 | hash_netnet6_data_list(struct sk_buff *skb, | |
326 | const struct hash_netnet6_elem *data) | |
327 | { | |
328 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; | |
329 | ||
330 | if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip[0].in6) || | |
331 | nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip[1].in6) || | |
332 | nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) || | |
333 | nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr[1]) || | |
334 | (flags && | |
335 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
336 | goto nla_put_failure; | |
9562cf28 | 337 | return false; |
ea53ac5b OS |
338 | |
339 | nla_put_failure: | |
9562cf28 | 340 | return true; |
ea53ac5b OS |
341 | } |
342 | ||
343 | static inline void | |
344 | hash_netnet6_data_next(struct hash_netnet4_elem *next, | |
345 | const struct hash_netnet6_elem *d) | |
346 | { | |
347 | } | |
348 | ||
349 | #undef MTYPE | |
ea53ac5b OS |
350 | #undef HOST_MASK |
351 | ||
352 | #define MTYPE hash_netnet6 | |
ea53ac5b OS |
353 | #define HOST_MASK 128 |
354 | #define IP_SET_EMIT_CREATE | |
355 | #include "ip_set_hash_gen.h" | |
356 | ||
357 | static int | |
358 | hash_netnet6_kadt(struct ip_set *set, const struct sk_buff *skb, | |
359 | const struct xt_action_param *par, | |
360 | enum ipset_adt adt, struct ip_set_adt_opt *opt) | |
361 | { | |
362 | const struct hash_netnet *h = set->data; | |
363 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
1a869205 | 364 | struct hash_netnet6_elem e = { }; |
ea53ac5b OS |
365 | struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); |
366 | ||
1a869205 JK |
367 | e.cidr[0] = IP_SET_INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); |
368 | e.cidr[1] = IP_SET_INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); | |
ea53ac5b OS |
369 | if (adt == IPSET_TEST) |
370 | e.ccmp = (HOST_MASK << (sizeof(u8)*8)) | HOST_MASK; | |
371 | ||
372 | ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6); | |
373 | ip6addrptr(skb, opt->flags & IPSET_DIM_TWO_SRC, &e.ip[1].in6); | |
374 | ip6_netmask(&e.ip[0], e.cidr[0]); | |
375 | ip6_netmask(&e.ip[1], e.cidr[1]); | |
376 | ||
377 | return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); | |
378 | } | |
379 | ||
380 | static int | |
381 | hash_netnet6_uadt(struct ip_set *set, struct nlattr *tb[], | |
382 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) | |
383 | { | |
384 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
aff22758 | 385 | struct hash_netnet6_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, }; |
ea53ac5b OS |
386 | struct ip_set_ext ext = IP_SET_INIT_UEXT(set); |
387 | int ret; | |
388 | ||
a212e08e SP |
389 | if (tb[IPSET_ATTR_LINENO]) |
390 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
391 | ||
ea53ac5b | 392 | if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || |
7dd37bc8 | 393 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) |
ea53ac5b OS |
394 | return -IPSET_ERR_PROTOCOL; |
395 | if (unlikely(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_IP2_TO])) | |
396 | return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; | |
397 | ||
8e55d2e5 SP |
398 | ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]); |
399 | if (ret) | |
400 | return ret; | |
401 | ||
402 | ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]); | |
403 | if (ret) | |
404 | return ret; | |
405 | ||
406 | ret = ip_set_get_extensions(set, tb, &ext); | |
ea53ac5b OS |
407 | if (ret) |
408 | return ret; | |
409 | ||
aff22758 | 410 | if (tb[IPSET_ATTR_CIDR]) { |
ea53ac5b | 411 | e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); |
aff22758 SP |
412 | if (!e.cidr[0] || e.cidr[0] > HOST_MASK) |
413 | return -IPSET_ERR_INVALID_CIDR; | |
414 | } | |
ea53ac5b | 415 | |
aff22758 | 416 | if (tb[IPSET_ATTR_CIDR2]) { |
ea53ac5b | 417 | e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); |
aff22758 SP |
418 | if (!e.cidr[1] || e.cidr[1] > HOST_MASK) |
419 | return -IPSET_ERR_INVALID_CIDR; | |
420 | } | |
ea53ac5b OS |
421 | |
422 | ip6_netmask(&e.ip[0], e.cidr[0]); | |
423 | ip6_netmask(&e.ip[1], e.cidr[1]); | |
424 | ||
425 | if (tb[IPSET_ATTR_CADT_FLAGS]) { | |
426 | u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
427 | if (cadt_flags & IPSET_FLAG_NOMATCH) | |
428 | flags |= (IPSET_FLAG_NOMATCH << 16); | |
429 | } | |
430 | ||
431 | ret = adtfn(set, &e, &ext, &ext, flags); | |
432 | ||
433 | return ip_set_enomatch(ret, flags, adt, set) ? -ret : | |
434 | ip_set_eexist(ret, flags) ? 0 : ret; | |
435 | } | |
436 | ||
437 | static struct ip_set_type hash_netnet_type __read_mostly = { | |
438 | .name = "hash:net,net", | |
439 | .protocol = IPSET_PROTOCOL, | |
440 | .features = IPSET_TYPE_IP | IPSET_TYPE_IP2 | IPSET_TYPE_NOMATCH, | |
441 | .dimension = IPSET_DIM_TWO, | |
442 | .family = NFPROTO_UNSPEC, | |
443 | .revision_min = IPSET_TYPE_REV_MIN, | |
444 | .revision_max = IPSET_TYPE_REV_MAX, | |
445 | .create = hash_netnet_create, | |
446 | .create_policy = { | |
447 | [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, | |
448 | [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, | |
449 | [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, | |
450 | [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, | |
451 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
452 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, | |
453 | }, | |
454 | .adt_policy = { | |
455 | [IPSET_ATTR_IP] = { .type = NLA_NESTED }, | |
456 | [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED }, | |
457 | [IPSET_ATTR_IP2] = { .type = NLA_NESTED }, | |
458 | [IPSET_ATTR_IP2_TO] = { .type = NLA_NESTED }, | |
459 | [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, | |
460 | [IPSET_ATTR_CIDR2] = { .type = NLA_U8 }, | |
461 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
462 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, | |
463 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, | |
464 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | |
03726186 SP |
465 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING, |
466 | .len = IPSET_MAX_COMMENT_SIZE }, | |
af331419 AD |
467 | [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, |
468 | [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, | |
469 | [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, | |
ea53ac5b OS |
470 | }, |
471 | .me = THIS_MODULE, | |
472 | }; | |
473 | ||
474 | static int __init | |
475 | hash_netnet_init(void) | |
476 | { | |
477 | return ip_set_type_register(&hash_netnet_type); | |
478 | } | |
479 | ||
480 | static void __exit | |
481 | hash_netnet_fini(void) | |
482 | { | |
483 | ip_set_type_unregister(&hash_netnet_type); | |
484 | } | |
485 | ||
486 | module_init(hash_netnet_init); | |
487 | module_exit(hash_netnet_fini); |