projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'nfc-next-4.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo...
[deliverable/linux.git] / net / netfilter / nft_hash.c
1 /*
2 * Copyright (c) 2008-2014 Patrick McHardy <kaber@trash.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 *
8 * Development of this code funded by Astaro AG (http://www.astaro.com/)
9 */
10
11 #include <linux/kernel.h>
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/list.h>
15 #include <linux/log2.h>
16 #include <linux/jhash.h>
17 #include <linux/netlink.h>
18 #include <linux/rhashtable.h>
19 #include <linux/netfilter.h>
20 #include <linux/netfilter/nf_tables.h>
21 #include <net/netfilter/nf_tables.h>
22
23 /* We target a hash table size of 4, element hint is 75% of final size */
24 #define NFT_HASH_ELEMENT_HINT 3
25
26 struct nft_hash {
27 struct rhashtable ht;
28 };
29
30 struct nft_hash_elem {
31 struct rhash_head node;
32 struct nft_set_ext ext;
33 };
34
35 struct nft_hash_cmp_arg {
36 const struct nft_set *set;
37 const struct nft_data *key;
38 u8 genmask;
39 };
40
41 static const struct rhashtable_params nft_hash_params;
42
43 static inline u32 nft_hash_key(const void *data, u32 len, u32 seed)
44 {
45 const struct nft_hash_cmp_arg *arg = data;
46
47 return jhash(arg->key, len, seed);
48 }
49
50 static inline u32 nft_hash_obj(const void *data, u32 len, u32 seed)
51 {
52 const struct nft_hash_elem *he = data;
53
54 return jhash(nft_set_ext_key(&he->ext), len, seed);
55 }
56
57 static inline int nft_hash_cmp(struct rhashtable_compare_arg *arg,
58 const void *ptr)
59 {
60 const struct nft_hash_cmp_arg *x = arg->key;
61 const struct nft_hash_elem *he = ptr;
62
63 if (nft_data_cmp(nft_set_ext_key(&he->ext), x->key, x->set->klen))
64 return 1;
65 if (!nft_set_elem_active(&he->ext, x->genmask))
66 return 1;
67 return 0;
68 }
69
70 static bool nft_hash_lookup(const struct nft_set *set,
71 const struct nft_data *key,
72 const struct nft_set_ext **ext)
73 {
74 struct nft_hash *priv = nft_set_priv(set);
75 const struct nft_hash_elem *he;
76 struct nft_hash_cmp_arg arg = {
77 .genmask = nft_genmask_cur(read_pnet(&set->pnet)),
78 .set = set,
79 .key = key,
80 };
81
82 he = rhashtable_lookup_fast(&priv->ht, &arg, nft_hash_params);
83 if (he != NULL)
84 *ext = &he->ext;
85
86 return !!he;
87 }
88
89 static int nft_hash_insert(const struct nft_set *set,
90 const struct nft_set_elem *elem)
91 {
92 struct nft_hash *priv = nft_set_priv(set);
93 struct nft_hash_elem *he = elem->priv;
94 struct nft_hash_cmp_arg arg = {
95 .genmask = nft_genmask_next(read_pnet(&set->pnet)),
96 .set = set,
97 .key = &elem->key,
98 };
99
100 return rhashtable_lookup_insert_key(&priv->ht, &arg, &he->node,
101 nft_hash_params);
102 }
103
104 static void nft_hash_activate(const struct nft_set *set,
105 const struct nft_set_elem *elem)
106 {
107 struct nft_hash_elem *he = elem->priv;
108
109 nft_set_elem_change_active(set, &he->ext);
110 }
111
112 static void *nft_hash_deactivate(const struct nft_set *set,
113 const struct nft_set_elem *elem)
114 {
115 struct nft_hash *priv = nft_set_priv(set);
116 struct nft_hash_elem *he;
117 struct nft_hash_cmp_arg arg = {
118 .genmask = nft_genmask_next(read_pnet(&set->pnet)),
119 .set = set,
120 .key = &elem->key,
121 };
122
123 he = rhashtable_lookup_fast(&priv->ht, &arg, nft_hash_params);
124 if (he != NULL)
125 nft_set_elem_change_active(set, &he->ext);
126
127 return he;
128 }
129
130 static void nft_hash_remove(const struct nft_set *set,
131 const struct nft_set_elem *elem)
132 {
133 struct nft_hash *priv = nft_set_priv(set);
134 struct nft_hash_elem *he = elem->priv;
135
136 rhashtable_remove_fast(&priv->ht, &he->node, nft_hash_params);
137 }
138
139 static void nft_hash_walk(const struct nft_ctx *ctx, const struct nft_set *set,
140 struct nft_set_iter *iter)
141 {
142 struct nft_hash *priv = nft_set_priv(set);
143 struct nft_hash_elem *he;
144 struct rhashtable_iter hti;
145 struct nft_set_elem elem;
146 u8 genmask = nft_genmask_cur(read_pnet(&set->pnet));
147 int err;
148
149 err = rhashtable_walk_init(&priv->ht, &hti);
150 iter->err = err;
151 if (err)
152 return;
153
154 err = rhashtable_walk_start(&hti);
155 if (err && err != -EAGAIN) {
156 iter->err = err;
157 goto out;
158 }
159
160 while ((he = rhashtable_walk_next(&hti))) {
161 if (IS_ERR(he)) {
162 err = PTR_ERR(he);
163 if (err != -EAGAIN) {
164 iter->err = err;
165 goto out;
166 }
167
168 continue;
169 }
170
171 if (iter->count < iter->skip)
172 goto cont;
173 if (!nft_set_elem_active(&he->ext, genmask))
174 goto cont;
175
176 elem.priv = he;
177
178 iter->err = iter->fn(ctx, set, iter, &elem);
179 if (iter->err < 0)
180 goto out;
181
182 cont:
183 iter->count++;
184 }
185
186 out:
187 rhashtable_walk_stop(&hti);
188 rhashtable_walk_exit(&hti);
189 }
190
191 static unsigned int nft_hash_privsize(const struct nlattr * const nla[])
192 {
193 return sizeof(struct nft_hash);
194 }
195
196 static const struct rhashtable_params nft_hash_params = {
197 .head_offset = offsetof(struct nft_hash_elem, node),
198 .hashfn = nft_hash_key,
199 .obj_hashfn = nft_hash_obj,
200 .obj_cmpfn = nft_hash_cmp,
201 .automatic_shrinking = true,
202 };
203
204 static int nft_hash_init(const struct nft_set *set,
205 const struct nft_set_desc *desc,
206 const struct nlattr * const tb[])
207 {
208 struct nft_hash *priv = nft_set_priv(set);
209 struct rhashtable_params params = nft_hash_params;
210
211 params.nelem_hint = desc->size ?: NFT_HASH_ELEMENT_HINT;
212 params.key_len = set->klen;
213
214 return rhashtable_init(&priv->ht, &params);
215 }
216
217 static void nft_hash_elem_destroy(void *ptr, void *arg)
218 {
219 nft_set_elem_destroy((const struct nft_set *)arg, ptr);
220 }
221
222 static void nft_hash_destroy(const struct nft_set *set)
223 {
224 struct nft_hash *priv = nft_set_priv(set);
225
226 rhashtable_free_and_destroy(&priv->ht, nft_hash_elem_destroy,
227 (void *)set);
228 }
229
230 static bool nft_hash_estimate(const struct nft_set_desc *desc, u32 features,
231 struct nft_set_estimate *est)
232 {
233 unsigned int esize;
234
235 esize = sizeof(struct nft_hash_elem);
236 if (desc->size) {
237 est->size = sizeof(struct nft_hash) +
238 roundup_pow_of_two(desc->size * 4 / 3) *
239 sizeof(struct nft_hash_elem *) +
240 desc->size * esize;
241 } else {
242 /* Resizing happens when the load drops below 30% or goes
243 * above 75%. The average of 52.5% load (approximated by 50%)
244 * is used for the size estimation of the hash buckets,
245 * meaning we calculate two buckets per element.
246 */
247 est->size = esize + 2 * sizeof(struct nft_hash_elem *);
248 }
249
250 est->class = NFT_SET_CLASS_O_1;
251
252 return true;
253 }
254
255 static struct nft_set_ops nft_hash_ops __read_mostly = {
256 .privsize = nft_hash_privsize,
257 .elemsize = offsetof(struct nft_hash_elem, ext),
258 .estimate = nft_hash_estimate,
259 .init = nft_hash_init,
260 .destroy = nft_hash_destroy,
261 .insert = nft_hash_insert,
262 .activate = nft_hash_activate,
263 .deactivate = nft_hash_deactivate,
264 .remove = nft_hash_remove,
265 .lookup = nft_hash_lookup,
266 .walk = nft_hash_walk,
267 .features = NFT_SET_MAP,
268 .owner = THIS_MODULE,
269 };
270
271 static int __init nft_hash_module_init(void)
272 {
273 return nft_register_set(&nft_hash_ops);
274 }
275
276 static void __exit nft_hash_module_exit(void)
277 {
278 nft_unregister_set(&nft_hash_ops);
279 }
280
281 module_init(nft_hash_module_init);
282 module_exit(nft_hash_module_exit);
283
284 MODULE_LICENSE("GPL");
285 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
286 MODULE_ALIAS_NFT_SET();
Linux kernel - Deliverables
This page took 0.036611 seconds and 5 git commands to generate.