Commit 03c8b234e61a9a3aab8d970b3bf681934ecfe443
1 parent
ca134ce864
netfilter: ipset: Generalize extensions support
Get rid of the structure based extensions and introduce a blob for the extensions. Thus we can support more extension types easily. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Showing 14 changed files with 118 additions and 749 deletions Side-by-side Diff
- include/linux/netfilter/ipset/ip_set.h
- net/netfilter/ipset/ip_set_bitmap_ip.c
- net/netfilter/ipset/ip_set_bitmap_ipmac.c
- net/netfilter/ipset/ip_set_bitmap_port.c
- net/netfilter/ipset/ip_set_core.c
- net/netfilter/ipset/ip_set_hash_gen.h
- net/netfilter/ipset/ip_set_hash_ip.c
- net/netfilter/ipset/ip_set_hash_ipport.c
- net/netfilter/ipset/ip_set_hash_ipportip.c
- net/netfilter/ipset/ip_set_hash_ipportnet.c
- net/netfilter/ipset/ip_set_hash_net.c
- net/netfilter/ipset/ip_set_hash_netiface.c
- net/netfilter/ipset/ip_set_hash_netport.c
- net/netfilter/ipset/ip_set_list_set.c
include/linux/netfilter/ipset/ip_set.h
| ... | ... | @@ -66,6 +66,17 @@ |
| 66 | 66 | IPSET_EXT_ID_MAX, |
| 67 | 67 | }; |
| 68 | 68 | |
| 69 | +/* Extension type */ | |
| 70 | +struct ip_set_ext_type { | |
| 71 | + enum ip_set_extension type; | |
| 72 | + enum ipset_cadt_flags flag; | |
| 73 | + /* Size and minimal alignment */ | |
| 74 | + u8 len; | |
| 75 | + u8 align; | |
| 76 | +}; | |
| 77 | + | |
| 78 | +extern const struct ip_set_ext_type ip_set_extensions[]; | |
| 79 | + | |
| 69 | 80 | struct ip_set_ext { |
| 70 | 81 | u64 packets; |
| 71 | 82 | u64 bytes; |
| ... | ... | @@ -283,6 +294,8 @@ |
| 283 | 294 | extern void ip_set_free(void *members); |
| 284 | 295 | extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr); |
| 285 | 296 | extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr); |
| 297 | +extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], | |
| 298 | + size_t len); | |
| 286 | 299 | extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], |
| 287 | 300 | struct ip_set_ext *ext); |
| 288 | 301 |
net/netfilter/ipset/ip_set_bitmap_ip.c
| ... | ... | @@ -208,25 +208,6 @@ |
| 208 | 208 | struct bitmap_ip_elem { |
| 209 | 209 | }; |
| 210 | 210 | |
| 211 | -/* Timeout variant */ | |
| 212 | - | |
| 213 | -struct bitmap_ipt_elem { | |
| 214 | - unsigned long timeout; | |
| 215 | -}; | |
| 216 | - | |
| 217 | -/* Plain variant with counter */ | |
| 218 | - | |
| 219 | -struct bitmap_ipc_elem { | |
| 220 | - struct ip_set_counter counter; | |
| 221 | -}; | |
| 222 | - | |
| 223 | -/* Timeout variant with counter */ | |
| 224 | - | |
| 225 | -struct bitmap_ipct_elem { | |
| 226 | - unsigned long timeout; | |
| 227 | - struct ip_set_counter counter; | |
| 228 | -}; | |
| 229 | - | |
| 230 | 211 | #include "ip_set_bitmap_gen.h" |
| 231 | 212 | |
| 232 | 213 | /* Create bitmap:ip type of sets */ |
| ... | ... | @@ -263,7 +244,7 @@ |
| 263 | 244 | bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) |
| 264 | 245 | { |
| 265 | 246 | struct bitmap_ip *map; |
| 266 | - u32 first_ip = 0, last_ip = 0, hosts, cadt_flags = 0; | |
| 247 | + u32 first_ip = 0, last_ip = 0, hosts; | |
| 267 | 248 | u64 elements; |
| 268 | 249 | u8 netmask = 32; |
| 269 | 250 | int ret; |
| 270 | 251 | |
| 271 | 252 | |
| ... | ... | @@ -335,61 +316,15 @@ |
| 335 | 316 | |
| 336 | 317 | map->memsize = bitmap_bytes(0, elements - 1); |
| 337 | 318 | set->variant = &bitmap_ip; |
| 338 | - if (tb[IPSET_ATTR_CADT_FLAGS]) | |
| 339 | - cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
| 340 | - if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | |
| 341 | - set->extensions |= IPSET_EXT_COUNTER; | |
| 342 | - if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 343 | - set->dsize = sizeof(struct bitmap_ipct_elem); | |
| 344 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 345 | - offsetof(struct bitmap_ipct_elem, timeout); | |
| 346 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 347 | - offsetof(struct bitmap_ipct_elem, counter); | |
| 348 | - | |
| 349 | - if (!init_map_ip(set, map, first_ip, last_ip, | |
| 350 | - elements, hosts, netmask)) { | |
| 351 | - kfree(map); | |
| 352 | - return -ENOMEM; | |
| 353 | - } | |
| 354 | - | |
| 355 | - set->timeout = ip_set_timeout_uget( | |
| 356 | - tb[IPSET_ATTR_TIMEOUT]); | |
| 357 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 358 | - | |
| 359 | - bitmap_ip_gc_init(set, bitmap_ip_gc); | |
| 360 | - } else { | |
| 361 | - set->dsize = sizeof(struct bitmap_ipc_elem); | |
| 362 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 363 | - offsetof(struct bitmap_ipc_elem, counter); | |
| 364 | - | |
| 365 | - if (!init_map_ip(set, map, first_ip, last_ip, | |
| 366 | - elements, hosts, netmask)) { | |
| 367 | - kfree(map); | |
| 368 | - return -ENOMEM; | |
| 369 | - } | |
| 370 | - } | |
| 371 | - } else if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 372 | - set->dsize = sizeof(struct bitmap_ipt_elem); | |
| 373 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 374 | - offsetof(struct bitmap_ipt_elem, timeout); | |
| 375 | - | |
| 376 | - if (!init_map_ip(set, map, first_ip, last_ip, | |
| 377 | - elements, hosts, netmask)) { | |
| 378 | - kfree(map); | |
| 379 | - return -ENOMEM; | |
| 380 | - } | |
| 381 | - | |
| 319 | + set->dsize = ip_set_elem_len(set, tb, 0); | |
| 320 | + if (!init_map_ip(set, map, first_ip, last_ip, | |
| 321 | + elements, hosts, netmask)) { | |
| 322 | + kfree(map); | |
| 323 | + return -ENOMEM; | |
| 324 | + } | |
| 325 | + if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 382 | 326 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
| 383 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 384 | - | |
| 385 | 327 | bitmap_ip_gc_init(set, bitmap_ip_gc); |
| 386 | - } else { | |
| 387 | - set->dsize = 0; | |
| 388 | - if (!init_map_ip(set, map, first_ip, last_ip, | |
| 389 | - elements, hosts, netmask)) { | |
| 390 | - kfree(map); | |
| 391 | - return -ENOMEM; | |
| 392 | - } | |
| 393 | 328 | } |
| 394 | 329 | return 0; |
| 395 | 330 | } |
net/netfilter/ipset/ip_set_bitmap_ipmac.c
| ... | ... | @@ -289,37 +289,6 @@ |
| 289 | 289 | |
| 290 | 290 | /* Plain variant */ |
| 291 | 291 | |
| 292 | -/* Timeout variant */ | |
| 293 | - | |
| 294 | -struct bitmap_ipmact_elem { | |
| 295 | - struct { | |
| 296 | - unsigned char ether[ETH_ALEN]; | |
| 297 | - unsigned char filled; | |
| 298 | - } __attribute__ ((aligned)); | |
| 299 | - unsigned long timeout; | |
| 300 | -}; | |
| 301 | - | |
| 302 | -/* Plain variant with counter */ | |
| 303 | - | |
| 304 | -struct bitmap_ipmacc_elem { | |
| 305 | - struct { | |
| 306 | - unsigned char ether[ETH_ALEN]; | |
| 307 | - unsigned char filled; | |
| 308 | - } __attribute__ ((aligned)); | |
| 309 | - struct ip_set_counter counter; | |
| 310 | -}; | |
| 311 | - | |
| 312 | -/* Timeout variant with counter */ | |
| 313 | - | |
| 314 | -struct bitmap_ipmacct_elem { | |
| 315 | - struct { | |
| 316 | - unsigned char ether[ETH_ALEN]; | |
| 317 | - unsigned char filled; | |
| 318 | - } __attribute__ ((aligned)); | |
| 319 | - unsigned long timeout; | |
| 320 | - struct ip_set_counter counter; | |
| 321 | -}; | |
| 322 | - | |
| 323 | 292 | #include "ip_set_bitmap_gen.h" |
| 324 | 293 | |
| 325 | 294 | /* Create bitmap:ip,mac type of sets */ |
| ... | ... | @@ -328,7 +297,7 @@ |
| 328 | 297 | init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, |
| 329 | 298 | u32 first_ip, u32 last_ip, u32 elements) |
| 330 | 299 | { |
| 331 | - map->members = ip_set_alloc((last_ip - first_ip + 1) * set->dsize); | |
| 300 | + map->members = ip_set_alloc(map->memsize); | |
| 332 | 301 | if (!map->members) |
| 333 | 302 | return false; |
| 334 | 303 | if (set->dsize) { |
| ... | ... | @@ -353,7 +322,7 @@ |
| 353 | 322 | bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], |
| 354 | 323 | u32 flags) |
| 355 | 324 | { |
| 356 | - u32 first_ip = 0, last_ip = 0, cadt_flags = 0; | |
| 325 | + u32 first_ip = 0, last_ip = 0; | |
| 357 | 326 | u64 elements; |
| 358 | 327 | struct bitmap_ipmac *map; |
| 359 | 328 | int ret; |
| 360 | 329 | |
| 361 | 330 | |
| ... | ... | @@ -397,57 +366,15 @@ |
| 397 | 366 | |
| 398 | 367 | map->memsize = bitmap_bytes(0, elements - 1); |
| 399 | 368 | set->variant = &bitmap_ipmac; |
| 400 | - if (tb[IPSET_ATTR_CADT_FLAGS]) | |
| 401 | - cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
| 402 | - if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | |
| 403 | - set->extensions |= IPSET_EXT_COUNTER; | |
| 404 | - if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 405 | - set->dsize = sizeof(struct bitmap_ipmacct_elem); | |
| 406 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 407 | - offsetof(struct bitmap_ipmacct_elem, timeout); | |
| 408 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 409 | - offsetof(struct bitmap_ipmacct_elem, counter); | |
| 410 | - | |
| 411 | - if (!init_map_ipmac(set, map, first_ip, last_ip, | |
| 412 | - elements)) { | |
| 413 | - kfree(map); | |
| 414 | - return -ENOMEM; | |
| 415 | - } | |
| 416 | - set->timeout = ip_set_timeout_uget( | |
| 417 | - tb[IPSET_ATTR_TIMEOUT]); | |
| 418 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 419 | - bitmap_ipmac_gc_init(set, bitmap_ipmac_gc); | |
| 420 | - } else { | |
| 421 | - set->dsize = sizeof(struct bitmap_ipmacc_elem); | |
| 422 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 423 | - offsetof(struct bitmap_ipmacc_elem, counter); | |
| 424 | - | |
| 425 | - if (!init_map_ipmac(set, map, first_ip, last_ip, | |
| 426 | - elements)) { | |
| 427 | - kfree(map); | |
| 428 | - return -ENOMEM; | |
| 429 | - } | |
| 430 | - } | |
| 431 | - } else if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 432 | - set->dsize = sizeof(struct bitmap_ipmact_elem); | |
| 433 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 434 | - offsetof(struct bitmap_ipmact_elem, timeout); | |
| 435 | - | |
| 436 | - if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | |
| 437 | - kfree(map); | |
| 438 | - return -ENOMEM; | |
| 439 | - } | |
| 369 | + set->dsize = ip_set_elem_len(set, tb, | |
| 370 | + sizeof(struct bitmap_ipmac_elem)); | |
| 371 | + if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | |
| 372 | + kfree(map); | |
| 373 | + return -ENOMEM; | |
| 374 | + } | |
| 375 | + if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 440 | 376 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
| 441 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 442 | 377 | bitmap_ipmac_gc_init(set, bitmap_ipmac_gc); |
| 443 | - } else { | |
| 444 | - set->dsize = sizeof(struct bitmap_ipmac_elem); | |
| 445 | - | |
| 446 | - if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | |
| 447 | - kfree(map); | |
| 448 | - return -ENOMEM; | |
| 449 | - } | |
| 450 | - set->variant = &bitmap_ipmac; | |
| 451 | 378 | } |
| 452 | 379 | return 0; |
| 453 | 380 | } |
net/netfilter/ipset/ip_set_bitmap_port.c
| ... | ... | @@ -198,25 +198,6 @@ |
| 198 | 198 | struct bitmap_port_elem { |
| 199 | 199 | }; |
| 200 | 200 | |
| 201 | -/* Timeout variant */ | |
| 202 | - | |
| 203 | -struct bitmap_portt_elem { | |
| 204 | - unsigned long timeout; | |
| 205 | -}; | |
| 206 | - | |
| 207 | -/* Plain variant with counter */ | |
| 208 | - | |
| 209 | -struct bitmap_portc_elem { | |
| 210 | - struct ip_set_counter counter; | |
| 211 | -}; | |
| 212 | - | |
| 213 | -/* Timeout variant with counter */ | |
| 214 | - | |
| 215 | -struct bitmap_portct_elem { | |
| 216 | - unsigned long timeout; | |
| 217 | - struct ip_set_counter counter; | |
| 218 | -}; | |
| 219 | - | |
| 220 | 201 | #include "ip_set_bitmap_gen.h" |
| 221 | 202 | |
| 222 | 203 | /* Create bitmap:ip type of sets */ |
| ... | ... | @@ -250,7 +231,6 @@ |
| 250 | 231 | { |
| 251 | 232 | struct bitmap_port *map; |
| 252 | 233 | u16 first_port, last_port; |
| 253 | - u32 cadt_flags = 0; | |
| 254 | 234 | |
| 255 | 235 | if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || |
| 256 | 236 | !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) || |
| 257 | 237 | |
| 258 | 238 | |
| ... | ... | @@ -274,53 +254,14 @@ |
| 274 | 254 | map->elements = last_port - first_port + 1; |
| 275 | 255 | map->memsize = map->elements * sizeof(unsigned long); |
| 276 | 256 | set->variant = &bitmap_port; |
| 277 | - if (tb[IPSET_ATTR_CADT_FLAGS]) | |
| 278 | - cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
| 279 | - if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | |
| 280 | - set->extensions |= IPSET_EXT_COUNTER; | |
| 281 | - if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 282 | - set->dsize = sizeof(struct bitmap_portct_elem); | |
| 283 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 284 | - offsetof(struct bitmap_portct_elem, timeout); | |
| 285 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 286 | - offsetof(struct bitmap_portct_elem, counter); | |
| 287 | - if (!init_map_port(set, map, first_port, last_port)) { | |
| 288 | - kfree(map); | |
| 289 | - return -ENOMEM; | |
| 290 | - } | |
| 291 | - | |
| 292 | - set->timeout = | |
| 293 | - ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 294 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 295 | - bitmap_port_gc_init(set, bitmap_port_gc); | |
| 296 | - } else { | |
| 297 | - set->dsize = sizeof(struct bitmap_portc_elem); | |
| 298 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 299 | - offsetof(struct bitmap_portc_elem, counter); | |
| 300 | - if (!init_map_port(set, map, first_port, last_port)) { | |
| 301 | - kfree(map); | |
| 302 | - return -ENOMEM; | |
| 303 | - } | |
| 304 | - } | |
| 305 | - } else if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 306 | - set->dsize = sizeof(struct bitmap_portt_elem); | |
| 307 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 308 | - offsetof(struct bitmap_portt_elem, timeout); | |
| 309 | - if (!init_map_port(set, map, first_port, last_port)) { | |
| 310 | - kfree(map); | |
| 311 | - return -ENOMEM; | |
| 312 | - } | |
| 313 | - | |
| 257 | + set->dsize = ip_set_elem_len(set, tb, 0); | |
| 258 | + if (!init_map_port(set, map, first_port, last_port)) { | |
| 259 | + kfree(map); | |
| 260 | + return -ENOMEM; | |
| 261 | + } | |
| 262 | + if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 314 | 263 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
| 315 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 316 | 264 | bitmap_port_gc_init(set, bitmap_port_gc); |
| 317 | - } else { | |
| 318 | - set->dsize = 0; | |
| 319 | - if (!init_map_port(set, map, first_port, last_port)) { | |
| 320 | - kfree(map); | |
| 321 | - return -ENOMEM; | |
| 322 | - } | |
| 323 | - | |
| 324 | 265 | } |
| 325 | 266 | return 0; |
| 326 | 267 | } |
net/netfilter/ipset/ip_set_core.c
| ... | ... | @@ -315,6 +315,52 @@ |
| 315 | 315 | } |
| 316 | 316 | EXPORT_SYMBOL_GPL(ip_set_get_ipaddr6); |
| 317 | 317 | |
| 318 | +/* ipset data extension types, in size order */ | |
| 319 | + | |
| 320 | +const struct ip_set_ext_type ip_set_extensions[] = { | |
| 321 | + [IPSET_EXT_ID_COUNTER] = { | |
| 322 | + .type = IPSET_EXT_COUNTER, | |
| 323 | + .flag = IPSET_FLAG_WITH_COUNTERS, | |
| 324 | + .len = sizeof(struct ip_set_counter), | |
| 325 | + .align = __alignof__(struct ip_set_counter), | |
| 326 | + }, | |
| 327 | + [IPSET_EXT_ID_TIMEOUT] = { | |
| 328 | + .type = IPSET_EXT_TIMEOUT, | |
| 329 | + .len = sizeof(unsigned long), | |
| 330 | + .align = __alignof__(unsigned long), | |
| 331 | + }, | |
| 332 | +}; | |
| 333 | +EXPORT_SYMBOL_GPL(ip_set_extensions); | |
| 334 | + | |
| 335 | +static inline bool | |
| 336 | +add_extension(enum ip_set_ext_id id, u32 flags, struct nlattr *tb[]) | |
| 337 | +{ | |
| 338 | + return ip_set_extensions[id].flag ? | |
| 339 | + (flags & ip_set_extensions[id].flag) : | |
| 340 | + !!tb[IPSET_ATTR_TIMEOUT]; | |
| 341 | +} | |
| 342 | + | |
| 343 | +size_t | |
| 344 | +ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len) | |
| 345 | +{ | |
| 346 | + enum ip_set_ext_id id; | |
| 347 | + size_t offset = 0; | |
| 348 | + u32 cadt_flags = 0; | |
| 349 | + | |
| 350 | + if (tb[IPSET_ATTR_CADT_FLAGS]) | |
| 351 | + cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
| 352 | + for (id = 0; id < IPSET_EXT_ID_MAX; id++) { | |
| 353 | + if (!add_extension(id, cadt_flags, tb)) | |
| 354 | + continue; | |
| 355 | + offset += ALIGN(len + offset, ip_set_extensions[id].align); | |
| 356 | + set->offset[id] = offset; | |
| 357 | + set->extensions |= ip_set_extensions[id].type; | |
| 358 | + offset += ip_set_extensions[id].len; | |
| 359 | + } | |
| 360 | + return len + offset; | |
| 361 | +} | |
| 362 | +EXPORT_SYMBOL_GPL(ip_set_elem_len); | |
| 363 | + | |
| 318 | 364 | int |
| 319 | 365 | ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], |
| 320 | 366 | struct ip_set_ext *ext) |
net/netfilter/ipset/ip_set_hash_gen.h
| ... | ... | @@ -960,7 +960,6 @@ |
| 960 | 960 | IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) |
| 961 | 961 | { |
| 962 | 962 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; |
| 963 | - u32 cadt_flags = 0; | |
| 964 | 963 | u8 hbits; |
| 965 | 964 | #ifdef IP_SET_HASH_WITH_NETMASK |
| 966 | 965 | u8 netmask; |
| 967 | 966 | |
| 968 | 967 | |
| 969 | 968 | |
| 970 | 969 | |
| 971 | 970 | |
| ... | ... | @@ -1034,88 +1033,23 @@ |
| 1034 | 1033 | rcu_assign_pointer(h->table, t); |
| 1035 | 1034 | |
| 1036 | 1035 | set->data = h; |
| 1037 | - if (set->family == NFPROTO_IPV4) | |
| 1036 | + if (set->family == NFPROTO_IPV4) { | |
| 1038 | 1037 | set->variant = &IPSET_TOKEN(HTYPE, 4_variant); |
| 1039 | - else | |
| 1038 | + set->dsize = ip_set_elem_len(set, tb, | |
| 1039 | + sizeof(struct IPSET_TOKEN(HTYPE, 4_elem))); | |
| 1040 | + } else { | |
| 1040 | 1041 | set->variant = &IPSET_TOKEN(HTYPE, 6_variant); |
| 1041 | - | |
| 1042 | - if (tb[IPSET_ATTR_CADT_FLAGS]) | |
| 1043 | - cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
| 1044 | - if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | |
| 1045 | - set->extensions |= IPSET_EXT_COUNTER; | |
| 1046 | - if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 1047 | - set->timeout = | |
| 1048 | - ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 1049 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 1050 | - if (set->family == NFPROTO_IPV4) { | |
| 1051 | - set->dsize = sizeof(struct | |
| 1052 | - IPSET_TOKEN(HTYPE, 4ct_elem)); | |
| 1053 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 1054 | - offsetof(struct | |
| 1055 | - IPSET_TOKEN(HTYPE, 4ct_elem), | |
| 1056 | - timeout); | |
| 1057 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 1058 | - offsetof(struct | |
| 1059 | - IPSET_TOKEN(HTYPE, 4ct_elem), | |
| 1060 | - counter); | |
| 1061 | - IPSET_TOKEN(HTYPE, 4_gc_init)(set, | |
| 1062 | - IPSET_TOKEN(HTYPE, 4_gc)); | |
| 1063 | - } else { | |
| 1064 | - set->dsize = sizeof(struct | |
| 1065 | - IPSET_TOKEN(HTYPE, 6ct_elem)); | |
| 1066 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 1067 | - offsetof(struct | |
| 1068 | - IPSET_TOKEN(HTYPE, 6ct_elem), | |
| 1069 | - timeout); | |
| 1070 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 1071 | - offsetof(struct | |
| 1072 | - IPSET_TOKEN(HTYPE, 6ct_elem), | |
| 1073 | - counter); | |
| 1074 | - IPSET_TOKEN(HTYPE, 6_gc_init)(set, | |
| 1075 | - IPSET_TOKEN(HTYPE, 6_gc)); | |
| 1076 | - } | |
| 1077 | - } else { | |
| 1078 | - if (set->family == NFPROTO_IPV4) { | |
| 1079 | - set->dsize = | |
| 1080 | - sizeof(struct | |
| 1081 | - IPSET_TOKEN(HTYPE, 4c_elem)); | |
| 1082 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 1083 | - offsetof(struct | |
| 1084 | - IPSET_TOKEN(HTYPE, 4c_elem), | |
| 1085 | - counter); | |
| 1086 | - } else { | |
| 1087 | - set->dsize = | |
| 1088 | - sizeof(struct | |
| 1089 | - IPSET_TOKEN(HTYPE, 6c_elem)); | |
| 1090 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 1091 | - offsetof(struct | |
| 1092 | - IPSET_TOKEN(HTYPE, 6c_elem), | |
| 1093 | - counter); | |
| 1094 | - } | |
| 1095 | - } | |
| 1096 | - } else if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 1042 | + set->dsize = ip_set_elem_len(set, tb, | |
| 1043 | + sizeof(struct IPSET_TOKEN(HTYPE, 6_elem))); | |
| 1044 | + } | |
| 1045 | + if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 1097 | 1046 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
| 1098 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 1099 | - if (set->family == NFPROTO_IPV4) { | |
| 1100 | - set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 4t_elem)); | |
| 1101 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 1102 | - offsetof(struct IPSET_TOKEN(HTYPE, 4t_elem), | |
| 1103 | - timeout); | |
| 1047 | + if (set->family == NFPROTO_IPV4) | |
| 1104 | 1048 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, |
| 1105 | 1049 | IPSET_TOKEN(HTYPE, 4_gc)); |
| 1106 | - } else { | |
| 1107 | - set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 6t_elem)); | |
| 1108 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 1109 | - offsetof(struct IPSET_TOKEN(HTYPE, 6t_elem), | |
| 1110 | - timeout); | |
| 1050 | + else | |
| 1111 | 1051 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, |
| 1112 | 1052 | IPSET_TOKEN(HTYPE, 6_gc)); |
| 1113 | - } | |
| 1114 | - } else { | |
| 1115 | - if (set->family == NFPROTO_IPV4) | |
| 1116 | - set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)); | |
| 1117 | - else | |
| 1118 | - set->dsize = sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)); | |
| 1119 | 1053 | } |
| 1120 | 1054 | |
| 1121 | 1055 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", |
net/netfilter/ipset/ip_set_hash_ip.c
| ... | ... | @@ -35,7 +35,7 @@ |
| 35 | 35 | #define HTYPE hash_ip |
| 36 | 36 | #define IP_SET_HASH_WITH_NETMASK |
| 37 | 37 | |
| 38 | -/* IPv4 variants */ | |
| 38 | +/* IPv4 variant */ | |
| 39 | 39 | |
| 40 | 40 | /* Member elements */ |
| 41 | 41 | struct hash_ip4_elem { |
| ... | ... | @@ -43,22 +43,6 @@ |
| 43 | 43 | __be32 ip; |
| 44 | 44 | }; |
| 45 | 45 | |
| 46 | -struct hash_ip4t_elem { | |
| 47 | - __be32 ip; | |
| 48 | - unsigned long timeout; | |
| 49 | -}; | |
| 50 | - | |
| 51 | -struct hash_ip4c_elem { | |
| 52 | - __be32 ip; | |
| 53 | - struct ip_set_counter counter; | |
| 54 | -}; | |
| 55 | - | |
| 56 | -struct hash_ip4ct_elem { | |
| 57 | - __be32 ip; | |
| 58 | - struct ip_set_counter counter; | |
| 59 | - unsigned long timeout; | |
| 60 | -}; | |
| 61 | - | |
| 62 | 46 | /* Common functions */ |
| 63 | 47 | |
| 64 | 48 | static inline bool |
| 65 | 49 | |
| ... | ... | @@ -178,27 +162,11 @@ |
| 178 | 162 | return ret; |
| 179 | 163 | } |
| 180 | 164 | |
| 181 | -/* IPv6 variants */ | |
| 165 | +/* IPv6 variant */ | |
| 182 | 166 | |
| 183 | 167 | /* Member elements */ |
| 184 | 168 | struct hash_ip6_elem { |
| 185 | 169 | union nf_inet_addr ip; |
| 186 | -}; | |
| 187 | - | |
| 188 | -struct hash_ip6t_elem { | |
| 189 | - union nf_inet_addr ip; | |
| 190 | - unsigned long timeout; | |
| 191 | -}; | |
| 192 | - | |
| 193 | -struct hash_ip6c_elem { | |
| 194 | - union nf_inet_addr ip; | |
| 195 | - struct ip_set_counter counter; | |
| 196 | -}; | |
| 197 | - | |
| 198 | -struct hash_ip6ct_elem { | |
| 199 | - union nf_inet_addr ip; | |
| 200 | - struct ip_set_counter counter; | |
| 201 | - unsigned long timeout; | |
| 202 | 170 | }; |
| 203 | 171 | |
| 204 | 172 | /* Common functions */ |
net/netfilter/ipset/ip_set_hash_ipport.c
| ... | ... | @@ -36,7 +36,7 @@ |
| 36 | 36 | /* Type specific function prefix */ |
| 37 | 37 | #define HTYPE hash_ipport |
| 38 | 38 | |
| 39 | -/* IPv4 variants */ | |
| 39 | +/* IPv4 variant */ | |
| 40 | 40 | |
| 41 | 41 | /* Member elements */ |
| 42 | 42 | struct hash_ipport4_elem { |
| ... | ... | @@ -46,31 +46,6 @@ |
| 46 | 46 | u8 padding; |
| 47 | 47 | }; |
| 48 | 48 | |
| 49 | -struct hash_ipport4t_elem { | |
| 50 | - __be32 ip; | |
| 51 | - __be16 port; | |
| 52 | - u8 proto; | |
| 53 | - u8 padding; | |
| 54 | - unsigned long timeout; | |
| 55 | -}; | |
| 56 | - | |
| 57 | -struct hash_ipport4c_elem { | |
| 58 | - __be32 ip; | |
| 59 | - __be16 port; | |
| 60 | - u8 proto; | |
| 61 | - u8 padding; | |
| 62 | - struct ip_set_counter counter; | |
| 63 | -}; | |
| 64 | - | |
| 65 | -struct hash_ipport4ct_elem { | |
| 66 | - __be32 ip; | |
| 67 | - __be16 port; | |
| 68 | - u8 proto; | |
| 69 | - u8 padding; | |
| 70 | - struct ip_set_counter counter; | |
| 71 | - unsigned long timeout; | |
| 72 | -}; | |
| 73 | - | |
| 74 | 49 | /* Common functions */ |
| 75 | 50 | |
| 76 | 51 | static inline bool |
| 77 | 52 | |
| ... | ... | @@ -221,38 +196,13 @@ |
| 221 | 196 | return ret; |
| 222 | 197 | } |
| 223 | 198 | |
| 224 | -/* IPv6 variants */ | |
| 199 | +/* IPv6 variant */ | |
| 225 | 200 | |
| 226 | 201 | struct hash_ipport6_elem { |
| 227 | 202 | union nf_inet_addr ip; |
| 228 | 203 | __be16 port; |
| 229 | 204 | u8 proto; |
| 230 | 205 | u8 padding; |
| 231 | -}; | |
| 232 | - | |
| 233 | -struct hash_ipport6t_elem { | |
| 234 | - union nf_inet_addr ip; | |
| 235 | - __be16 port; | |
| 236 | - u8 proto; | |
| 237 | - u8 padding; | |
| 238 | - unsigned long timeout; | |
| 239 | -}; | |
| 240 | - | |
| 241 | -struct hash_ipport6c_elem { | |
| 242 | - union nf_inet_addr ip; | |
| 243 | - __be16 port; | |
| 244 | - u8 proto; | |
| 245 | - u8 padding; | |
| 246 | - struct ip_set_counter counter; | |
| 247 | -}; | |
| 248 | - | |
| 249 | -struct hash_ipport6ct_elem { | |
| 250 | - union nf_inet_addr ip; | |
| 251 | - __be16 port; | |
| 252 | - u8 proto; | |
| 253 | - u8 padding; | |
| 254 | - struct ip_set_counter counter; | |
| 255 | - unsigned long timeout; | |
| 256 | 206 | }; |
| 257 | 207 | |
| 258 | 208 | /* Common functions */ |
net/netfilter/ipset/ip_set_hash_ipportip.c
| ... | ... | @@ -36,7 +36,7 @@ |
| 36 | 36 | /* Type specific function prefix */ |
| 37 | 37 | #define HTYPE hash_ipportip |
| 38 | 38 | |
| 39 | -/* IPv4 variants */ | |
| 39 | +/* IPv4 variant */ | |
| 40 | 40 | |
| 41 | 41 | /* Member elements */ |
| 42 | 42 | struct hash_ipportip4_elem { |
| ... | ... | @@ -47,34 +47,6 @@ |
| 47 | 47 | u8 padding; |
| 48 | 48 | }; |
| 49 | 49 | |
| 50 | -struct hash_ipportip4t_elem { | |
| 51 | - __be32 ip; | |
| 52 | - __be32 ip2; | |
| 53 | - __be16 port; | |
| 54 | - u8 proto; | |
| 55 | - u8 padding; | |
| 56 | - unsigned long timeout; | |
| 57 | -}; | |
| 58 | - | |
| 59 | -struct hash_ipportip4c_elem { | |
| 60 | - __be32 ip; | |
| 61 | - __be32 ip2; | |
| 62 | - __be16 port; | |
| 63 | - u8 proto; | |
| 64 | - u8 padding; | |
| 65 | - struct ip_set_counter counter; | |
| 66 | -}; | |
| 67 | - | |
| 68 | -struct hash_ipportip4ct_elem { | |
| 69 | - __be32 ip; | |
| 70 | - __be32 ip2; | |
| 71 | - __be16 port; | |
| 72 | - u8 proto; | |
| 73 | - u8 padding; | |
| 74 | - struct ip_set_counter counter; | |
| 75 | - unsigned long timeout; | |
| 76 | -}; | |
| 77 | - | |
| 78 | 50 | static inline bool |
| 79 | 51 | hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1, |
| 80 | 52 | const struct hash_ipportip4_elem *ip2, |
| ... | ... | @@ -230,7 +202,7 @@ |
| 230 | 202 | return ret; |
| 231 | 203 | } |
| 232 | 204 | |
| 233 | -/* IPv6 variants */ | |
| 205 | +/* IPv6 variant */ | |
| 234 | 206 | |
| 235 | 207 | struct hash_ipportip6_elem { |
| 236 | 208 | union nf_inet_addr ip; |
| ... | ... | @@ -238,34 +210,6 @@ |
| 238 | 210 | __be16 port; |
| 239 | 211 | u8 proto; |
| 240 | 212 | u8 padding; |
| 241 | -}; | |
| 242 | - | |
| 243 | -struct hash_ipportip6t_elem { | |
| 244 | - union nf_inet_addr ip; | |
| 245 | - union nf_inet_addr ip2; | |
| 246 | - __be16 port; | |
| 247 | - u8 proto; | |
| 248 | - u8 padding; | |
| 249 | - unsigned long timeout; | |
| 250 | -}; | |
| 251 | - | |
| 252 | -struct hash_ipportip6c_elem { | |
| 253 | - union nf_inet_addr ip; | |
| 254 | - union nf_inet_addr ip2; | |
| 255 | - __be16 port; | |
| 256 | - u8 proto; | |
| 257 | - u8 padding; | |
| 258 | - struct ip_set_counter counter; | |
| 259 | -}; | |
| 260 | - | |
| 261 | -struct hash_ipportip6ct_elem { | |
| 262 | - union nf_inet_addr ip; | |
| 263 | - union nf_inet_addr ip2; | |
| 264 | - __be16 port; | |
| 265 | - u8 proto; | |
| 266 | - u8 padding; | |
| 267 | - struct ip_set_counter counter; | |
| 268 | - unsigned long timeout; | |
| 269 | 213 | }; |
| 270 | 214 | |
| 271 | 215 | /* Common functions */ |
net/netfilter/ipset/ip_set_hash_ipportnet.c
| ... | ... | @@ -46,7 +46,7 @@ |
| 46 | 46 | #define IP_SET_HASH_WITH_PROTO |
| 47 | 47 | #define IP_SET_HASH_WITH_NETS |
| 48 | 48 | |
| 49 | -/* IPv4 variants */ | |
| 49 | +/* IPv4 variant */ | |
| 50 | 50 | |
| 51 | 51 | /* Member elements */ |
| 52 | 52 | struct hash_ipportnet4_elem { |
| ... | ... | @@ -58,37 +58,6 @@ |
| 58 | 58 | u8 proto; |
| 59 | 59 | }; |
| 60 | 60 | |
| 61 | -struct hash_ipportnet4t_elem { | |
| 62 | - __be32 ip; | |
| 63 | - __be32 ip2; | |
| 64 | - __be16 port; | |
| 65 | - u8 cidr:7; | |
| 66 | - u8 nomatch:1; | |
| 67 | - u8 proto; | |
| 68 | - unsigned long timeout; | |
| 69 | -}; | |
| 70 | - | |
| 71 | -struct hash_ipportnet4c_elem { | |
| 72 | - __be32 ip; | |
| 73 | - __be32 ip2; | |
| 74 | - __be16 port; | |
| 75 | - u8 cidr:7; | |
| 76 | - u8 nomatch:1; | |
| 77 | - u8 proto; | |
| 78 | - struct ip_set_counter counter; | |
| 79 | -}; | |
| 80 | - | |
| 81 | -struct hash_ipportnet4ct_elem { | |
| 82 | - __be32 ip; | |
| 83 | - __be32 ip2; | |
| 84 | - __be16 port; | |
| 85 | - u8 cidr:7; | |
| 86 | - u8 nomatch:1; | |
| 87 | - u8 proto; | |
| 88 | - struct ip_set_counter counter; | |
| 89 | - unsigned long timeout; | |
| 90 | -}; | |
| 91 | - | |
| 92 | 61 | /* Common functions */ |
| 93 | 62 | |
| 94 | 63 | static inline bool |
| ... | ... | @@ -328,7 +297,7 @@ |
| 328 | 297 | return ret; |
| 329 | 298 | } |
| 330 | 299 | |
| 331 | -/* IPv6 variants */ | |
| 300 | +/* IPv6 variant */ | |
| 332 | 301 | |
| 333 | 302 | struct hash_ipportnet6_elem { |
| 334 | 303 | union nf_inet_addr ip; |
| ... | ... | @@ -337,37 +306,6 @@ |
| 337 | 306 | u8 cidr:7; |
| 338 | 307 | u8 nomatch:1; |
| 339 | 308 | u8 proto; |
| 340 | -}; | |
| 341 | - | |
| 342 | -struct hash_ipportnet6t_elem { | |
| 343 | - union nf_inet_addr ip; | |
| 344 | - union nf_inet_addr ip2; | |
| 345 | - __be16 port; | |
| 346 | - u8 cidr:7; | |
| 347 | - u8 nomatch:1; | |
| 348 | - u8 proto; | |
| 349 | - unsigned long timeout; | |
| 350 | -}; | |
| 351 | - | |
| 352 | -struct hash_ipportnet6c_elem { | |
| 353 | - union nf_inet_addr ip; | |
| 354 | - union nf_inet_addr ip2; | |
| 355 | - __be16 port; | |
| 356 | - u8 cidr:7; | |
| 357 | - u8 nomatch:1; | |
| 358 | - u8 proto; | |
| 359 | - struct ip_set_counter counter; | |
| 360 | -}; | |
| 361 | - | |
| 362 | -struct hash_ipportnet6ct_elem { | |
| 363 | - union nf_inet_addr ip; | |
| 364 | - union nf_inet_addr ip2; | |
| 365 | - __be16 port; | |
| 366 | - u8 cidr:7; | |
| 367 | - u8 nomatch:1; | |
| 368 | - u8 proto; | |
| 369 | - struct ip_set_counter counter; | |
| 370 | - unsigned long timeout; | |
| 371 | 309 | }; |
| 372 | 310 | |
| 373 | 311 | /* Common functions */ |
net/netfilter/ipset/ip_set_hash_net.c
| ... | ... | @@ -36,7 +36,7 @@ |
| 36 | 36 | #define HTYPE hash_net |
| 37 | 37 | #define IP_SET_HASH_WITH_NETS |
| 38 | 38 | |
| 39 | -/* IPv4 variants */ | |
| 39 | +/* IPv4 variant */ | |
| 40 | 40 | |
| 41 | 41 | /* Member elements */ |
| 42 | 42 | struct hash_net4_elem { |
| ... | ... | @@ -46,31 +46,6 @@ |
| 46 | 46 | u8 cidr; |
| 47 | 47 | }; |
| 48 | 48 | |
| 49 | -struct hash_net4t_elem { | |
| 50 | - __be32 ip; | |
| 51 | - u16 padding0; | |
| 52 | - u8 nomatch; | |
| 53 | - u8 cidr; | |
| 54 | - unsigned long timeout; | |
| 55 | -}; | |
| 56 | - | |
| 57 | -struct hash_net4c_elem { | |
| 58 | - __be32 ip; | |
| 59 | - u16 padding0; | |
| 60 | - u8 nomatch; | |
| 61 | - u8 cidr; | |
| 62 | - struct ip_set_counter counter; | |
| 63 | -}; | |
| 64 | - | |
| 65 | -struct hash_net4ct_elem { | |
| 66 | - __be32 ip; | |
| 67 | - u16 padding0; | |
| 68 | - u8 nomatch; | |
| 69 | - u8 cidr; | |
| 70 | - struct ip_set_counter counter; | |
| 71 | - unsigned long timeout; | |
| 72 | -}; | |
| 73 | - | |
| 74 | 49 | /* Common functions */ |
| 75 | 50 | |
| 76 | 51 | static inline bool |
| 77 | 52 | |
| ... | ... | @@ -228,38 +203,13 @@ |
| 228 | 203 | return ret; |
| 229 | 204 | } |
| 230 | 205 | |
| 231 | -/* IPv6 variants */ | |
| 206 | +/* IPv6 variant */ | |
| 232 | 207 | |
| 233 | 208 | struct hash_net6_elem { |
| 234 | 209 | union nf_inet_addr ip; |
| 235 | 210 | u16 padding0; |
| 236 | 211 | u8 nomatch; |
| 237 | 212 | u8 cidr; |
| 238 | -}; | |
| 239 | - | |
| 240 | -struct hash_net6t_elem { | |
| 241 | - union nf_inet_addr ip; | |
| 242 | - u16 padding0; | |
| 243 | - u8 nomatch; | |
| 244 | - u8 cidr; | |
| 245 | - unsigned long timeout; | |
| 246 | -}; | |
| 247 | - | |
| 248 | -struct hash_net6c_elem { | |
| 249 | - union nf_inet_addr ip; | |
| 250 | - u16 padding0; | |
| 251 | - u8 nomatch; | |
| 252 | - u8 cidr; | |
| 253 | - struct ip_set_counter counter; | |
| 254 | -}; | |
| 255 | - | |
| 256 | -struct hash_net6ct_elem { | |
| 257 | - union nf_inet_addr ip; | |
| 258 | - u16 padding0; | |
| 259 | - u8 nomatch; | |
| 260 | - u8 cidr; | |
| 261 | - struct ip_set_counter counter; | |
| 262 | - unsigned long timeout; | |
| 263 | 213 | }; |
| 264 | 214 | |
| 265 | 215 | /* Common functions */ |
net/netfilter/ipset/ip_set_hash_netiface.c
| ... | ... | @@ -134,7 +134,7 @@ |
| 134 | 134 | |
| 135 | 135 | #define STREQ(a, b) (strcmp(a, b) == 0) |
| 136 | 136 | |
| 137 | -/* IPv4 variants */ | |
| 137 | +/* IPv4 variant */ | |
| 138 | 138 | |
| 139 | 139 | struct hash_netiface4_elem_hashed { |
| 140 | 140 | __be32 ip; |
| ... | ... | @@ -144,7 +144,7 @@ |
| 144 | 144 | u8 elem; |
| 145 | 145 | }; |
| 146 | 146 | |
| 147 | -/* Member elements without timeout */ | |
| 147 | +/* Member elements */ | |
| 148 | 148 | struct hash_netiface4_elem { |
| 149 | 149 | __be32 ip; |
| 150 | 150 | u8 physdev; |
| ... | ... | @@ -154,37 +154,6 @@ |
| 154 | 154 | const char *iface; |
| 155 | 155 | }; |
| 156 | 156 | |
| 157 | -struct hash_netiface4t_elem { | |
| 158 | - __be32 ip; | |
| 159 | - u8 physdev; | |
| 160 | - u8 cidr; | |
| 161 | - u8 nomatch; | |
| 162 | - u8 elem; | |
| 163 | - const char *iface; | |
| 164 | - unsigned long timeout; | |
| 165 | -}; | |
| 166 | - | |
| 167 | -struct hash_netiface4c_elem { | |
| 168 | - __be32 ip; | |
| 169 | - u8 physdev; | |
| 170 | - u8 cidr; | |
| 171 | - u8 nomatch; | |
| 172 | - u8 elem; | |
| 173 | - const char *iface; | |
| 174 | - struct ip_set_counter counter; | |
| 175 | -}; | |
| 176 | - | |
| 177 | -struct hash_netiface4ct_elem { | |
| 178 | - __be32 ip; | |
| 179 | - u8 physdev; | |
| 180 | - u8 cidr; | |
| 181 | - u8 nomatch; | |
| 182 | - u8 elem; | |
| 183 | - const char *iface; | |
| 184 | - struct ip_set_counter counter; | |
| 185 | - unsigned long timeout; | |
| 186 | -}; | |
| 187 | - | |
| 188 | 157 | /* Common functions */ |
| 189 | 158 | |
| 190 | 159 | static inline bool |
| ... | ... | @@ -399,7 +368,7 @@ |
| 399 | 368 | return ret; |
| 400 | 369 | } |
| 401 | 370 | |
| 402 | -/* IPv6 variants */ | |
| 371 | +/* IPv6 variant */ | |
| 403 | 372 | |
| 404 | 373 | struct hash_netiface6_elem_hashed { |
| 405 | 374 | union nf_inet_addr ip; |
| ... | ... | @@ -416,37 +385,6 @@ |
| 416 | 385 | u8 nomatch; |
| 417 | 386 | u8 elem; |
| 418 | 387 | const char *iface; |
| 419 | -}; | |
| 420 | - | |
| 421 | -struct hash_netiface6t_elem { | |
| 422 | - union nf_inet_addr ip; | |
| 423 | - u8 physdev; | |
| 424 | - u8 cidr; | |
| 425 | - u8 nomatch; | |
| 426 | - u8 elem; | |
| 427 | - const char *iface; | |
| 428 | - unsigned long timeout; | |
| 429 | -}; | |
| 430 | - | |
| 431 | -struct hash_netiface6c_elem { | |
| 432 | - union nf_inet_addr ip; | |
| 433 | - u8 physdev; | |
| 434 | - u8 cidr; | |
| 435 | - u8 nomatch; | |
| 436 | - u8 elem; | |
| 437 | - const char *iface; | |
| 438 | - struct ip_set_counter counter; | |
| 439 | -}; | |
| 440 | - | |
| 441 | -struct hash_netiface6ct_elem { | |
| 442 | - union nf_inet_addr ip; | |
| 443 | - u8 physdev; | |
| 444 | - u8 cidr; | |
| 445 | - u8 nomatch; | |
| 446 | - u8 elem; | |
| 447 | - const char *iface; | |
| 448 | - struct ip_set_counter counter; | |
| 449 | - unsigned long timeout; | |
| 450 | 388 | }; |
| 451 | 389 | |
| 452 | 390 | /* Common functions */ |
net/netfilter/ipset/ip_set_hash_netport.c
| ... | ... | @@ -45,7 +45,7 @@ |
| 45 | 45 | */ |
| 46 | 46 | #define IP_SET_HASH_WITH_NETS_PACKED |
| 47 | 47 | |
| 48 | -/* IPv4 variants */ | |
| 48 | +/* IPv4 variant */ | |
| 49 | 49 | |
| 50 | 50 | /* Member elements */ |
| 51 | 51 | struct hash_netport4_elem { |
| ... | ... | @@ -56,34 +56,6 @@ |
| 56 | 56 | u8 nomatch:1; |
| 57 | 57 | }; |
| 58 | 58 | |
| 59 | -struct hash_netport4t_elem { | |
| 60 | - __be32 ip; | |
| 61 | - __be16 port; | |
| 62 | - u8 proto; | |
| 63 | - u8 cidr:7; | |
| 64 | - u8 nomatch:1; | |
| 65 | - unsigned long timeout; | |
| 66 | -}; | |
| 67 | - | |
| 68 | -struct hash_netport4c_elem { | |
| 69 | - __be32 ip; | |
| 70 | - __be16 port; | |
| 71 | - u8 proto; | |
| 72 | - u8 cidr:7; | |
| 73 | - u8 nomatch:1; | |
| 74 | - struct ip_set_counter counter; | |
| 75 | -}; | |
| 76 | - | |
| 77 | -struct hash_netport4ct_elem { | |
| 78 | - __be32 ip; | |
| 79 | - __be16 port; | |
| 80 | - u8 proto; | |
| 81 | - u8 cidr:7; | |
| 82 | - u8 nomatch:1; | |
| 83 | - struct ip_set_counter counter; | |
| 84 | - unsigned long timeout; | |
| 85 | -}; | |
| 86 | - | |
| 87 | 59 | /* Common functions */ |
| 88 | 60 | |
| 89 | 61 | static inline bool |
| ... | ... | @@ -287,7 +259,7 @@ |
| 287 | 259 | return ret; |
| 288 | 260 | } |
| 289 | 261 | |
| 290 | -/* IPv6 variants */ | |
| 262 | +/* IPv6 variant */ | |
| 291 | 263 | |
| 292 | 264 | struct hash_netport6_elem { |
| 293 | 265 | union nf_inet_addr ip; |
| ... | ... | @@ -295,34 +267,6 @@ |
| 295 | 267 | u8 proto; |
| 296 | 268 | u8 cidr:7; |
| 297 | 269 | u8 nomatch:1; |
| 298 | -}; | |
| 299 | - | |
| 300 | -struct hash_netport6t_elem { | |
| 301 | - union nf_inet_addr ip; | |
| 302 | - __be16 port; | |
| 303 | - u8 proto; | |
| 304 | - u8 cidr:7; | |
| 305 | - u8 nomatch:1; | |
| 306 | - unsigned long timeout; | |
| 307 | -}; | |
| 308 | - | |
| 309 | -struct hash_netport6c_elem { | |
| 310 | - union nf_inet_addr ip; | |
| 311 | - __be16 port; | |
| 312 | - u8 proto; | |
| 313 | - u8 cidr:7; | |
| 314 | - u8 nomatch:1; | |
| 315 | - struct ip_set_counter counter; | |
| 316 | -}; | |
| 317 | - | |
| 318 | -struct hash_netport6ct_elem { | |
| 319 | - union nf_inet_addr ip; | |
| 320 | - __be16 port; | |
| 321 | - u8 proto; | |
| 322 | - u8 cidr:7; | |
| 323 | - u8 nomatch:1; | |
| 324 | - struct ip_set_counter counter; | |
| 325 | - unsigned long timeout; | |
| 326 | 270 | }; |
| 327 | 271 | |
| 328 | 272 | /* Common functions */ |
net/netfilter/ipset/ip_set_list_set.c
| ... | ... | @@ -28,28 +28,6 @@ |
| 28 | 28 | ip_set_id_t id; |
| 29 | 29 | }; |
| 30 | 30 | |
| 31 | -struct sett_elem { | |
| 32 | - struct { | |
| 33 | - ip_set_id_t id; | |
| 34 | - } __attribute__ ((aligned)); | |
| 35 | - unsigned long timeout; | |
| 36 | -}; | |
| 37 | - | |
| 38 | -struct setc_elem { | |
| 39 | - struct { | |
| 40 | - ip_set_id_t id; | |
| 41 | - } __attribute__ ((aligned)); | |
| 42 | - struct ip_set_counter counter; | |
| 43 | -}; | |
| 44 | - | |
| 45 | -struct setct_elem { | |
| 46 | - struct { | |
| 47 | - ip_set_id_t id; | |
| 48 | - } __attribute__ ((aligned)); | |
| 49 | - struct ip_set_counter counter; | |
| 50 | - unsigned long timeout; | |
| 51 | -}; | |
| 52 | - | |
| 53 | 31 | struct set_adt_elem { |
| 54 | 32 | ip_set_id_t id; |
| 55 | 33 | ip_set_id_t refid; |
| 56 | 34 | |
| 57 | 35 | |
| 58 | 36 | |
| ... | ... | @@ -600,21 +578,18 @@ |
| 600 | 578 | |
| 601 | 579 | /* Create list:set type of sets */ |
| 602 | 580 | |
| 603 | -static struct list_set * | |
| 604 | -init_list_set(struct ip_set *set, u32 size, size_t dsize, | |
| 605 | - unsigned long timeout) | |
| 581 | +static bool | |
| 582 | +init_list_set(struct ip_set *set, u32 size) | |
| 606 | 583 | { |
| 607 | 584 | struct list_set *map; |
| 608 | 585 | struct set_elem *e; |
| 609 | 586 | u32 i; |
| 610 | 587 | |
| 611 | - map = kzalloc(sizeof(*map) + size * dsize, GFP_KERNEL); | |
| 588 | + map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL); | |
| 612 | 589 | if (!map) |
| 613 | - return NULL; | |
| 590 | + return false; | |
| 614 | 591 | |
| 615 | 592 | map->size = size; |
| 616 | - set->dsize = dsize; | |
| 617 | - set->timeout = timeout; | |
| 618 | 593 | set->data = map; |
| 619 | 594 | |
| 620 | 595 | for (i = 0; i < size; i++) { |
| 621 | 596 | |
| ... | ... | @@ -622,15 +597,13 @@ |
| 622 | 597 | e->id = IPSET_INVALID_ID; |
| 623 | 598 | } |
| 624 | 599 | |
| 625 | - return map; | |
| 600 | + return true; | |
| 626 | 601 | } |
| 627 | 602 | |
| 628 | 603 | static int |
| 629 | 604 | list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) |
| 630 | 605 | { |
| 631 | - struct list_set *map; | |
| 632 | - u32 size = IP_SET_LIST_DEFAULT_SIZE, cadt_flags = 0; | |
| 633 | - unsigned long timeout = 0; | |
| 606 | + u32 size = IP_SET_LIST_DEFAULT_SIZE; | |
| 634 | 607 | |
| 635 | 608 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) || |
| 636 | 609 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || |
| 637 | 610 | |
| 638 | 611 | |
| ... | ... | @@ -642,45 +615,13 @@ |
| 642 | 615 | if (size < IP_SET_LIST_MIN_SIZE) |
| 643 | 616 | size = IP_SET_LIST_MIN_SIZE; |
| 644 | 617 | |
| 645 | - if (tb[IPSET_ATTR_CADT_FLAGS]) | |
| 646 | - cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); | |
| 647 | - if (tb[IPSET_ATTR_TIMEOUT]) | |
| 648 | - timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 649 | 618 | set->variant = &set_variant; |
| 650 | - if (cadt_flags & IPSET_FLAG_WITH_COUNTERS) { | |
| 651 | - set->extensions |= IPSET_EXT_COUNTER; | |
| 652 | - if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 653 | - map = init_list_set(set, size, | |
| 654 | - sizeof(struct setct_elem), timeout); | |
| 655 | - if (!map) | |
| 656 | - return -ENOMEM; | |
| 657 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 658 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 659 | - offsetof(struct setct_elem, timeout); | |
| 660 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 661 | - offsetof(struct setct_elem, counter); | |
| 662 | - list_set_gc_init(set, list_set_gc); | |
| 663 | - } else { | |
| 664 | - map = init_list_set(set, size, | |
| 665 | - sizeof(struct setc_elem), 0); | |
| 666 | - if (!map) | |
| 667 | - return -ENOMEM; | |
| 668 | - set->offset[IPSET_EXT_ID_COUNTER] = | |
| 669 | - offsetof(struct setc_elem, counter); | |
| 670 | - } | |
| 671 | - } else if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 672 | - map = init_list_set(set, size, | |
| 673 | - sizeof(struct sett_elem), timeout); | |
| 674 | - if (!map) | |
| 675 | - return -ENOMEM; | |
| 676 | - set->extensions |= IPSET_EXT_TIMEOUT; | |
| 677 | - set->offset[IPSET_EXT_ID_TIMEOUT] = | |
| 678 | - offsetof(struct sett_elem, timeout); | |
| 619 | + set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem)); | |
| 620 | + if (!init_list_set(set, size)) | |
| 621 | + return -ENOMEM; | |
| 622 | + if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 623 | + set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 679 | 624 | list_set_gc_init(set, list_set_gc); |
| 680 | - } else { | |
| 681 | - map = init_list_set(set, size, sizeof(struct set_elem), 0); | |
| 682 | - if (!map) | |
| 683 | - return -ENOMEM; | |
| 684 | 625 | } |
| 685 | 626 | return 0; |
| 686 | 627 | } |