projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
IB/hfi1: Fix TID caching actions
[deliverable/linux.git] / net / netfilter / ipset / ip_set_bitmap_ipmac.c
1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
2 * Patrick Schaaf <bof@bof.de>
3 * Martin Josefsson <gandalf@wlug.westbo.se>
4 * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11 /* Kernel module implementing an IP set type: the bitmap:ip,mac type */
12
13 #include <linux/module.h>
14 #include <linux/ip.h>
15 #include <linux/etherdevice.h>
16 #include <linux/skbuff.h>
17 #include <linux/errno.h>
18 #include <linux/if_ether.h>
19 #include <linux/netlink.h>
20 #include <linux/jiffies.h>
21 #include <linux/timer.h>
22 #include <net/netlink.h>
23
24 #include <linux/netfilter/ipset/pfxlen.h>
25 #include <linux/netfilter/ipset/ip_set.h>
26 #include <linux/netfilter/ipset/ip_set_bitmap.h>
27
28 #define IPSET_TYPE_REV_MIN 0
29 /* 1 Counter support added */
30 /* 2 Comment support added */
31 #define IPSET_TYPE_REV_MAX 3 /* skbinfo support added */
32
33 MODULE_LICENSE("GPL");
34 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
35 IP_SET_MODULE_DESC("bitmap:ip,mac", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
36 MODULE_ALIAS("ip_set_bitmap:ip,mac");
37
38 #define MTYPE bitmap_ipmac
39 #define HOST_MASK 32
40 #define IP_SET_BITMAP_STORED_TIMEOUT
41
42 enum {
43 MAC_UNSET, /* element is set, without MAC */
44 MAC_FILLED, /* element is set with MAC */
45 };
46
47 /* Type structure */
48 struct bitmap_ipmac {
49 void *members; /* the set members */
50 u32 first_ip; /* host byte order, included in range */
51 u32 last_ip; /* host byte order, included in range */
52 u32 elements; /* number of max elements in the set */
53 size_t memsize; /* members size */
54 struct timer_list gc; /* garbage collector */
55 unsigned char extensions[0] /* MAC + data extensions */
56 __aligned(__alignof__(u64));
57 };
58
59 /* ADT structure for generic function args */
60 struct bitmap_ipmac_adt_elem {
61 unsigned char ether[ETH_ALEN] __aligned(2);
62 u16 id;
63 u16 add_mac;
64 };
65
66 struct bitmap_ipmac_elem {
67 unsigned char ether[ETH_ALEN];
68 unsigned char filled;
69 } __aligned(__alignof__(u64));
70
71 static inline u32
72 ip_to_id(const struct bitmap_ipmac *m, u32 ip)
73 {
74 return ip - m->first_ip;
75 }
76
77 #define get_elem(extensions, id, dsize) \
78 (struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))
79
80 #define get_const_elem(extensions, id, dsize) \
81 (const struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))
82
83 /* Common functions */
84
85 static inline int
86 bitmap_ipmac_do_test(const struct bitmap_ipmac_adt_elem *e,
87 const struct bitmap_ipmac *map, size_t dsize)
88 {
89 const struct bitmap_ipmac_elem *elem;
90
91 if (!test_bit(e->id, map->members))
92 return 0;
93 elem = get_const_elem(map->extensions, e->id, dsize);
94 if (e->add_mac && elem->filled == MAC_FILLED)
95 return ether_addr_equal(e->ether, elem->ether);
96 /* Trigger kernel to fill out the ethernet address */
97 return -EAGAIN;
98 }
99
100 static inline int
101 bitmap_ipmac_gc_test(u16 id, const struct bitmap_ipmac *map, size_t dsize)
102 {
103 const struct bitmap_ipmac_elem *elem;
104
105 if (!test_bit(id, map->members))
106 return 0;
107 elem = get_const_elem(map->extensions, id, dsize);
108 /* Timer not started for the incomplete elements */
109 return elem->filled == MAC_FILLED;
110 }
111
112 static inline int
113 bitmap_ipmac_is_filled(const struct bitmap_ipmac_elem *elem)
114 {
115 return elem->filled == MAC_FILLED;
116 }
117
118 static inline int
119 bitmap_ipmac_add_timeout(unsigned long *timeout,
120 const struct bitmap_ipmac_adt_elem *e,
121 const struct ip_set_ext *ext, struct ip_set *set,
122 struct bitmap_ipmac *map, int mode)
123 {
124 u32 t = ext->timeout;
125
126 if (mode == IPSET_ADD_START_STORED_TIMEOUT) {
127 if (t == set->timeout)
128 /* Timeout was not specified, get stored one */
129 t = *timeout;
130 ip_set_timeout_set(timeout, t);
131 } else {
132 /* If MAC is unset yet, we store plain timeout value
133 * because the timer is not activated yet
134 * and we can reuse it later when MAC is filled out,
135 * possibly by the kernel
136 */
137 if (e->add_mac)
138 ip_set_timeout_set(timeout, t);
139 else
140 *timeout = t;
141 }
142 return 0;
143 }
144
145 static inline int
146 bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
147 struct bitmap_ipmac *map, u32 flags, size_t dsize)
148 {
149 struct bitmap_ipmac_elem *elem;
150
151 elem = get_elem(map->extensions, e->id, dsize);
152 if (test_bit(e->id, map->members)) {
153 if (elem->filled == MAC_FILLED) {
154 if (e->add_mac &&
155 (flags & IPSET_FLAG_EXIST) &&
156 !ether_addr_equal(e->ether, elem->ether)) {
157 /* memcpy isn't atomic */
158 clear_bit(e->id, map->members);
159 smp_mb__after_atomic();
160 ether_addr_copy(elem->ether, e->ether);
161 }
162 return IPSET_ADD_FAILED;
163 } else if (!e->add_mac)
164 /* Already added without ethernet address */
165 return IPSET_ADD_FAILED;
166 /* Fill the MAC address and trigger the timer activation */
167 clear_bit(e->id, map->members);
168 smp_mb__after_atomic();
169 ether_addr_copy(elem->ether, e->ether);
170 elem->filled = MAC_FILLED;
171 return IPSET_ADD_START_STORED_TIMEOUT;
172 } else if (e->add_mac) {
173 /* We can store MAC too */
174 ether_addr_copy(elem->ether, e->ether);
175 elem->filled = MAC_FILLED;
176 return 0;
177 }
178 elem->filled = MAC_UNSET;
179 /* MAC is not stored yet, don't start timer */
180 return IPSET_ADD_STORE_PLAIN_TIMEOUT;
181 }
182
183 static inline int
184 bitmap_ipmac_do_del(const struct bitmap_ipmac_adt_elem *e,
185 struct bitmap_ipmac *map)
186 {
187 return !test_and_clear_bit(e->id, map->members);
188 }
189
190 static inline int
191 bitmap_ipmac_do_list(struct sk_buff *skb, const struct bitmap_ipmac *map,
192 u32 id, size_t dsize)
193 {
194 const struct bitmap_ipmac_elem *elem =
195 get_const_elem(map->extensions, id, dsize);
196
197 return nla_put_ipaddr4(skb, IPSET_ATTR_IP,
198 htonl(map->first_ip + id)) ||
199 (elem->filled == MAC_FILLED &&
200 nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN, elem->ether));
201 }
202
203 static inline int
204 bitmap_ipmac_do_head(struct sk_buff *skb, const struct bitmap_ipmac *map)
205 {
206 return nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) ||
207 nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip));
208 }
209
210 static int
211 bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
212 const struct xt_action_param *par,
213 enum ipset_adt adt, struct ip_set_adt_opt *opt)
214 {
215 struct bitmap_ipmac *map = set->data;
216 ipset_adtfn adtfn = set->variant->adt[adt];
217 struct bitmap_ipmac_adt_elem e = { .id = 0, .add_mac = 1 };
218 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
219 u32 ip;
220
221 /* MAC can be src only */
222 if (!(opt->flags & IPSET_DIM_TWO_SRC))
223 return 0;
224
225 ip = ntohl(ip4addr(skb, opt->flags & IPSET_DIM_ONE_SRC));
226 if (ip < map->first_ip || ip > map->last_ip)
227 return -IPSET_ERR_BITMAP_RANGE;
228
229 /* Backward compatibility: we don't check the second flag */
230 if (skb_mac_header(skb) < skb->head ||
231 (skb_mac_header(skb) + ETH_HLEN) > skb->data)
232 return -EINVAL;
233
234 e.id = ip_to_id(map, ip);
235 memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN);
236
237 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
238 }
239
240 static int
241 bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
242 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
243 {
244 const struct bitmap_ipmac *map = set->data;
245 ipset_adtfn adtfn = set->variant->adt[adt];
246 struct bitmap_ipmac_adt_elem e = { .id = 0 };
247 struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
248 u32 ip = 0;
249 int ret = 0;
250
251 if (tb[IPSET_ATTR_LINENO])
252 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
253
254 if (unlikely(!tb[IPSET_ATTR_IP]))
255 return -IPSET_ERR_PROTOCOL;
256
257 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
258 if (ret)
259 return ret;
260
261 ret = ip_set_get_extensions(set, tb, &ext);
262 if (ret)
263 return ret;
264
265 if (ip < map->first_ip || ip > map->last_ip)
266 return -IPSET_ERR_BITMAP_RANGE;
267
268 e.id = ip_to_id(map, ip);
269 if (tb[IPSET_ATTR_ETHER]) {
270 if (nla_len(tb[IPSET_ATTR_ETHER]) != ETH_ALEN)
271 return -IPSET_ERR_PROTOCOL;
272 memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
273 e.add_mac = 1;
274 }
275 ret = adtfn(set, &e, &ext, &ext, flags);
276
277 return ip_set_eexist(ret, flags) ? 0 : ret;
278 }
279
280 static bool
281 bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b)
282 {
283 const struct bitmap_ipmac *x = a->data;
284 const struct bitmap_ipmac *y = b->data;
285
286 return x->first_ip == y->first_ip &&
287 x->last_ip == y->last_ip &&
288 a->timeout == b->timeout &&
289 a->extensions == b->extensions;
290 }
291
292 /* Plain variant */
293
294 #include "ip_set_bitmap_gen.h"
295
296 /* Create bitmap:ip,mac type of sets */
297
298 static bool
299 init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
300 u32 first_ip, u32 last_ip, u32 elements)
301 {
302 map->members = ip_set_alloc(map->memsize);
303 if (!map->members)
304 return false;
305 map->first_ip = first_ip;
306 map->last_ip = last_ip;
307 map->elements = elements;
308 set->timeout = IPSET_NO_TIMEOUT;
309
310 set->data = map;
311 set->family = NFPROTO_IPV4;
312
313 return true;
314 }
315
316 static int
317 bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
318 u32 flags)
319 {
320 u32 first_ip = 0, last_ip = 0;
321 u64 elements;
322 struct bitmap_ipmac *map;
323 int ret;
324
325 if (unlikely(!tb[IPSET_ATTR_IP] ||
326 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
327 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
328 return -IPSET_ERR_PROTOCOL;
329
330 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &first_ip);
331 if (ret)
332 return ret;
333
334 if (tb[IPSET_ATTR_IP_TO]) {
335 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &last_ip);
336 if (ret)
337 return ret;
338 if (first_ip > last_ip) {
339 u32 tmp = first_ip;
340
341 first_ip = last_ip;
342 last_ip = tmp;
343 }
344 } else if (tb[IPSET_ATTR_CIDR]) {
345 u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
346
347 if (cidr >= HOST_MASK)
348 return -IPSET_ERR_INVALID_CIDR;
349 ip_set_mask_from_to(first_ip, last_ip, cidr);
350 } else {
351 return -IPSET_ERR_PROTOCOL;
352 }
353
354 elements = (u64)last_ip - first_ip + 1;
355
356 if (elements > IPSET_BITMAP_MAX_RANGE + 1)
357 return -IPSET_ERR_BITMAP_RANGE_SIZE;
358
359 set->dsize = ip_set_elem_len(set, tb,
360 sizeof(struct bitmap_ipmac_elem),
361 __alignof__(struct bitmap_ipmac_elem));
362 map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
363 if (!map)
364 return -ENOMEM;
365
366 map->memsize = bitmap_bytes(0, elements - 1);
367 set->variant = &bitmap_ipmac;
368 if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {
369 kfree(map);
370 return -ENOMEM;
371 }
372 if (tb[IPSET_ATTR_TIMEOUT]) {
373 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
374 bitmap_ipmac_gc_init(set, bitmap_ipmac_gc);
375 }
376 return 0;
377 }
378
379 static struct ip_set_type bitmap_ipmac_type = {
380 .name = "bitmap:ip,mac",
381 .protocol = IPSET_PROTOCOL,
382 .features = IPSET_TYPE_IP | IPSET_TYPE_MAC,
383 .dimension = IPSET_DIM_TWO,
384 .family = NFPROTO_IPV4,
385 .revision_min = IPSET_TYPE_REV_MIN,
386 .revision_max = IPSET_TYPE_REV_MAX,
387 .create = bitmap_ipmac_create,
388 .create_policy = {
389 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
390 [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED },
391 [IPSET_ATTR_CIDR] = { .type = NLA_U8 },
392 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
393 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
394 },
395 .adt_policy = {
396 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
397 [IPSET_ATTR_ETHER] = { .type = NLA_BINARY,
398 .len = ETH_ALEN },
399 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
400 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
401 [IPSET_ATTR_BYTES] = { .type = NLA_U64 },
402 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
403 [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
404 .len = IPSET_MAX_COMMENT_SIZE },
405 [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
406 [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
407 [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
408 },
409 .me = THIS_MODULE,
410 };
411
412 static int __init
413 bitmap_ipmac_init(void)
414 {
415 return ip_set_type_register(&bitmap_ipmac_type);
416 }
417
418 static void __exit
419 bitmap_ipmac_fini(void)
420 {
421 rcu_barrier();
422 ip_set_type_unregister(&bitmap_ipmac_type);
423 }
424
425 module_init(bitmap_ipmac_init);
426 module_exit(bitmap_ipmac_fini);
Linux kernel - Deliverables
This page took 0.039745 seconds and 5 git commands to generate.