]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/netfilter/ipset/ip_set_hash_gen.h
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
x86/msr-index: Cleanup bit defines
[mirror_ubuntu-bionic-kernel.git] / net / netfilter / ipset / ip_set_hash_gen.h
CommitLineData
1feab10d
JK		 1/* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
2 *
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
6 */
7
8#ifndef _IP_SET_HASH_GEN_H
9#define _IP_SET_HASH_GEN_H
10
11#include <linux/rcupdate.h>
12#include <linux/jhash.h>
18f84d41 13#include <linux/types.h>
1feab10d 14#include <linux/netfilter/ipset/ip_set_timeout.h>
18f84d41
JK		 15
16#define __ipset_dereference_protected(p, c) rcu_dereference_protected(p, c)
17#define ipset_dereference_protected(p, set) \
18 __ipset_dereference_protected(p, spin_is_locked(&(set)->lock))
1feab10d 19
a0f28dc7
JK		 20#define rcu_dereference_bh_nfnl(p) rcu_dereference_bh_check(p, 1)
21
1feab10d
JK		 22/* Hashing which uses arrays to resolve clashing. The hash table is resized
23 * (doubled) when searching becomes too long.
24 * Internally jhash is used with the assumption that the size of the
18f84d41 25 * stored data is a multiple of sizeof(u32).
1feab10d
JK		 26 *
27 * Readers and resizing
28 *
29 * Resizing can be triggered by userspace command only, and those
30 * are serialized by the nfnl mutex. During resizing the set is
31 * read-locked, so the only possible concurrent operations are
32 * the kernel side readers. Those must be protected by proper RCU locking.
33 */
34
35/* Number of elements to store in an initial array block */
36#define AHASH_INIT_SIZE 4
37/* Max number of elements to store in an array block */
ca0f6a5c 38#define AHASH_MAX_SIZE (3 * AHASH_INIT_SIZE)
18f84d41
JK		 39/* Max muber of elements in the array block when tuned */
40#define AHASH_MAX_TUNED 64
1feab10d
JK		 41
42/* Max number of elements can be tuned */
43#ifdef IP_SET_HASH_WITH_MULTI
44#define AHASH_MAX(h) ((h)->ahash_max)
45
46static inline u8
47tune_ahash_max(u8 curr, u32 multi)
48{
49 u32 n;
50
51 if (multi < curr)
52 return curr;
53
54 n = curr + AHASH_INIT_SIZE;
55 /* Currently, at listing one hash bucket must fit into a message.
56 * Therefore we have a hard limit here.
57 */
18f84d41 58 return n > curr && n <= AHASH_MAX_TUNED ? n : curr;
1feab10d 59}
ca0f6a5c 60
1feab10d
JK		 61#define TUNE_AHASH_MAX(h, multi) \
62 ((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi))
63#else
64#define AHASH_MAX(h) AHASH_MAX_SIZE
65#define TUNE_AHASH_MAX(h, multi)
66#endif
67
68/* A hash bucket */
69struct hbucket {
18f84d41
JK		 70 struct rcu_head rcu; /* for call_rcu_bh */
71 /* Which positions are used in the array */
72 DECLARE_BITMAP(used, AHASH_MAX_TUNED);
1feab10d
JK		 73 u8 size; /* size of the array */
74 u8 pos; /* position of the first free entry */
95ad1f4a
JK		 75 unsigned char value[0] /* the array of the values */
76 __aligned(__alignof__(u64));
77};
1feab10d
JK		 78
79/* The hash table: the table size stored here in order to make resizing easy */
80struct htable {
c4c99783
JK		 81 atomic_t ref; /* References for resizing */
82 atomic_t uref; /* References for dumping */
1feab10d 83 u8 htable_bits; /* size of hash table == 2^htable_bits */
18f84d41 84 struct hbucket __rcu *bucket[0]; /* hashtable buckets */
1feab10d
JK		 85};
86
18f84d41 87#define hbucket(h, i) ((h)->bucket[i])
a71bdbfa
JK		 88#define ext_size(n, dsize) \
89 (sizeof(struct hbucket) + (n) * (dsize))
1feab10d 90
a04d8b6b
JK		 91#ifndef IPSET_NET_COUNT
92#define IPSET_NET_COUNT 1
93#endif
94
1feab10d
JK		 95/* Book-keeping of the prefixes added to the set */
96struct net_prefixes {
18f84d41
JK		 97 u32 nets[IPSET_NET_COUNT]; /* number of elements for this cidr */
98 u8 cidr[IPSET_NET_COUNT]; /* the cidr value */
1feab10d
JK		 99};
100
101/* Compute the hash table size */
102static size_t
103htable_size(u8 hbits)
104{
105 size_t hsize;
106
107 /* We must fit both into u32 in jhash and size_t */
108 if (hbits > 31)
109 return 0;
110 hsize = jhash_size(hbits);
18f84d41 111 if ((((size_t)-1) - sizeof(struct htable)) / sizeof(struct hbucket *)
1feab10d
JK		 112 < hsize)
113 return 0;
114
18f84d41 115 return hsize * sizeof(struct hbucket *) + sizeof(struct htable);
1feab10d
JK		 116}
117
118/* Compute htable_bits from the user input parameter hashsize */
119static u8
120htable_bits(u32 hashsize)
121{
122 /* Assume that hashsize == 2^htable_bits */
123 u8 bits = fls(hashsize - 1);
18f84d41 124
1feab10d
JK		 125 if (jhash_size(bits) != hashsize)
126 /* Round up to the first 2^n value */
127 bits = fls(hashsize);
128
129 return bits;
130}
131
1feab10d 132#ifdef IP_SET_HASH_WITH_NETS
ea53ac5b
OS		 133#if IPSET_NET_COUNT > 1
134#define __CIDR(cidr, i) (cidr[i])
135#else
136#define __CIDR(cidr, i) (cidr)
137#endif
25a76f34
JK		 138
139/* cidr + 1 is stored in net_prefixes to support /0 */
f690cbae
JK		 140#define NCIDR_PUT(cidr) ((cidr) + 1)
141#define NCIDR_GET(cidr) ((cidr) - 1)
25a76f34 142
1feab10d 143#ifdef IP_SET_HASH_WITH_NETS_PACKED
25a76f34 144/* When cidr is packed with nomatch, cidr - 1 is stored in the data entry */
f690cbae
JK		 145#define DCIDR_PUT(cidr) ((cidr) - 1)
146#define DCIDR_GET(cidr, i) (__CIDR(cidr, i) + 1)
1feab10d 147#else
f690cbae
JK		 148#define DCIDR_PUT(cidr) (cidr)
149#define DCIDR_GET(cidr, i) __CIDR(cidr, i)
1feab10d
JK		 150#endif
151
f690cbae
JK		 152#define INIT_CIDR(cidr, host_mask) \
153 DCIDR_PUT(((cidr) ? NCIDR_GET(cidr) : host_mask))
154
59de79cf 155#ifdef IP_SET_HASH_WITH_NET0
cee8b97b
JK		 156/* cidr from 0 to HOST_MASK value and c = cidr + 1 */
157#define NLEN (HOST_MASK + 1)
6fe7ccfd 158#define CIDR_POS(c) ((c) - 1)
1feab10d 159#else
cee8b97b
JK		 160/* cidr from 1 to HOST_MASK value and c = cidr + 1 */
161#define NLEN HOST_MASK
6fe7ccfd 162#define CIDR_POS(c) ((c) - 2)
1feab10d
JK		 163#endif
164
165#else
cee8b97b 166#define NLEN 0
1feab10d
JK		 167#endif /* IP_SET_HASH_WITH_NETS */
168
1feab10d
JK		 169#endif /* _IP_SET_HASH_GEN_H */
170
21956ab2
JK		 171#ifndef MTYPE
172#error "MTYPE is not defined!"
173#endif
174
175#ifndef HTYPE
176#error "HTYPE is not defined!"
177#endif
178
179#ifndef HOST_MASK
180#error "HOST_MASK is not defined!"
181#endif
182
1feab10d
JK		 183/* Family dependent templates */
184
185#undef ahash_data
186#undef mtype_data_equal
187#undef mtype_do_data_match
188#undef mtype_data_set_flags
43ef29c9 189#undef mtype_data_reset_elem
1feab10d
JK		 190#undef mtype_data_reset_flags
191#undef mtype_data_netmask
192#undef mtype_data_list
193#undef mtype_data_next
194#undef mtype_elem
195
40cd63bf
JK		 196#undef mtype_ahash_destroy
197#undef mtype_ext_cleanup
1feab10d
JK		 198#undef mtype_add_cidr
199#undef mtype_del_cidr
200#undef mtype_ahash_memsize
201#undef mtype_flush
202#undef mtype_destroy
1feab10d
JK		 203#undef mtype_same_set
204#undef mtype_kadt
205#undef mtype_uadt
1feab10d
JK		 206
207#undef mtype_add
208#undef mtype_del
209#undef mtype_test_cidrs
210#undef mtype_test
c4c99783 211#undef mtype_uref
1feab10d
JK		 212#undef mtype_expire
213#undef mtype_resize
214#undef mtype_head
215#undef mtype_list
216#undef mtype_gc
217#undef mtype_gc_init
218#undef mtype_variant
219#undef mtype_data_match
220
21956ab2 221#undef htype
1feab10d
JK		 222#undef HKEY
223
35b8dcf8 224#define mtype_data_equal IPSET_TOKEN(MTYPE, _data_equal)
1feab10d 225#ifdef IP_SET_HASH_WITH_NETS
35b8dcf8 226#define mtype_do_data_match IPSET_TOKEN(MTYPE, _do_data_match)
1feab10d
JK		 227#else
228#define mtype_do_data_match(d) 1
229#endif
35b8dcf8 230#define mtype_data_set_flags IPSET_TOKEN(MTYPE, _data_set_flags)
ea53ac5b 231#define mtype_data_reset_elem IPSET_TOKEN(MTYPE, _data_reset_elem)
35b8dcf8
JK		 232#define mtype_data_reset_flags IPSET_TOKEN(MTYPE, _data_reset_flags)
233#define mtype_data_netmask IPSET_TOKEN(MTYPE, _data_netmask)
234#define mtype_data_list IPSET_TOKEN(MTYPE, _data_list)
235#define mtype_data_next IPSET_TOKEN(MTYPE, _data_next)
236#define mtype_elem IPSET_TOKEN(MTYPE, _elem)
43ef29c9 237
40cd63bf
JK		 238#define mtype_ahash_destroy IPSET_TOKEN(MTYPE, _ahash_destroy)
239#define mtype_ext_cleanup IPSET_TOKEN(MTYPE, _ext_cleanup)
35b8dcf8
JK		 240#define mtype_add_cidr IPSET_TOKEN(MTYPE, _add_cidr)
241#define mtype_del_cidr IPSET_TOKEN(MTYPE, _del_cidr)
242#define mtype_ahash_memsize IPSET_TOKEN(MTYPE, _ahash_memsize)
243#define mtype_flush IPSET_TOKEN(MTYPE, _flush)
244#define mtype_destroy IPSET_TOKEN(MTYPE, _destroy)
35b8dcf8
JK		 245#define mtype_same_set IPSET_TOKEN(MTYPE, _same_set)
246#define mtype_kadt IPSET_TOKEN(MTYPE, _kadt)
247#define mtype_uadt IPSET_TOKEN(MTYPE, _uadt)
1feab10d 248
35b8dcf8
JK		 249#define mtype_add IPSET_TOKEN(MTYPE, _add)
250#define mtype_del IPSET_TOKEN(MTYPE, _del)
251#define mtype_test_cidrs IPSET_TOKEN(MTYPE, _test_cidrs)
252#define mtype_test IPSET_TOKEN(MTYPE, _test)
c4c99783 253#define mtype_uref IPSET_TOKEN(MTYPE, _uref)
35b8dcf8
JK		 254#define mtype_expire IPSET_TOKEN(MTYPE, _expire)
255#define mtype_resize IPSET_TOKEN(MTYPE, _resize)
256#define mtype_head IPSET_TOKEN(MTYPE, _head)
257#define mtype_list IPSET_TOKEN(MTYPE, _list)
258#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
43ef29c9 259#define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init)
35b8dcf8
JK		 260#define mtype_variant IPSET_TOKEN(MTYPE, _variant)
261#define mtype_data_match IPSET_TOKEN(MTYPE, _data_match)
1feab10d
JK		 262
263#ifndef HKEY_DATALEN
264#define HKEY_DATALEN sizeof(struct mtype_elem)
265#endif
266
21956ab2
JK		 267#define htype MTYPE
268
1feab10d 269#define HKEY(data, initval, htable_bits) \
5a902e6d
JK		 270({ \
271 const u32 *__k = (const u32 *)data; \
272 u32 __l = HKEY_DATALEN / sizeof(u32); \
273 \
274 BUILD_BUG_ON(HKEY_DATALEN % sizeof(u32) != 0); \
275 \
276 jhash2(__k, __l, initval) & jhash_mask(htable_bits); \
277})
1feab10d 278
1feab10d
JK		 279/* The generic hash structure */
280struct htype {
a0f28dc7 281 struct htable __rcu *table; /* the hash table */
21956ab2 282 struct timer_list gc; /* garbage collection when timeout enabled */
a92c5751 283 struct ip_set *set; /* attached to this ip_set */
1feab10d 284 u32 maxelem; /* max elements in the hash */
1feab10d 285 u32 initval; /* random jhash init value */
4d0e5c07
VD		 286#ifdef IP_SET_HASH_WITH_MARKMASK
287 u32 markmask; /* markmask value for mark mask to store */
288#endif
1feab10d
JK		 289#ifdef IP_SET_HASH_WITH_MULTI
290 u8 ahash_max; /* max elements in an array block */
291#endif
292#ifdef IP_SET_HASH_WITH_NETMASK
293 u8 netmask; /* netmask value for subnets to store */
294#endif
21956ab2 295 struct mtype_elem next; /* temporary storage for uadd */
1feab10d 296#ifdef IP_SET_HASH_WITH_NETS
21956ab2 297 struct net_prefixes nets[NLEN]; /* book-keeping of prefixes */
1feab10d
JK		 298#endif
299};
1feab10d
JK		 300
301#ifdef IP_SET_HASH_WITH_NETS
302/* Network cidr size book keeping when the hash stores different
f690cbae
JK		 303 * sized networks. cidr == real cidr + 1 to support /0.
304 */
1feab10d 305static void
cee8b97b 306mtype_add_cidr(struct htype *h, u8 cidr, u8 n)
1feab10d
JK		 307{
308 int i, j;
309
310 /* Add in increasing prefix order, so larger cidr first */
cee8b97b 311 for (i = 0, j = -1; i < NLEN && h->nets[i].cidr[n]; i++) {
ca0f6a5c 312 if (j != -1) {
1feab10d 313 continue;
ca0f6a5c 314 } else if (h->nets[i].cidr[n] < cidr) {
1feab10d 315 j = i;
ca0f6a5c 316 } else if (h->nets[i].cidr[n] == cidr) {
6fe7ccfd 317 h->nets[CIDR_POS(cidr)].nets[n]++;
1feab10d
JK		 318 return;
319 }
320 }
321 if (j != -1) {
25a76f34 322 for (; i > j; i--)
a04d8b6b 323 h->nets[i].cidr[n] = h->nets[i - 1].cidr[n];
1feab10d 324 }
a04d8b6b 325 h->nets[i].cidr[n] = cidr;
6fe7ccfd 326 h->nets[CIDR_POS(cidr)].nets[n] = 1;
1feab10d
JK		 327}
328
329static void
cee8b97b 330mtype_del_cidr(struct htype *h, u8 cidr, u8 n)
1feab10d 331{
cee8b97b 332 u8 i, j, net_end = NLEN - 1;
2cf55125 333
cee8b97b 334 for (i = 0; i < NLEN; i++) {
ca0f6a5c
JK		 335 if (h->nets[i].cidr[n] != cidr)
336 continue;
6fe7ccfd
JK		 337 h->nets[CIDR_POS(cidr)].nets[n]--;
338 if (h->nets[CIDR_POS(cidr)].nets[n] > 0)
ca0f6a5c 339 return;
25a76f34 340 for (j = i; j < net_end && h->nets[j].cidr[n]; j++)
ca0f6a5c 341 h->nets[j].cidr[n] = h->nets[j + 1].cidr[n];
25a76f34 342 h->nets[j].cidr[n] = 0;
ca0f6a5c 343 return;
1feab10d
JK		 344 }
345}
346#endif
347
348/* Calculate the actual memory size of the set data */
349static size_t
cee8b97b 350mtype_ahash_memsize(const struct htype *h, const struct htable *t)
1feab10d 351{
21956ab2 352 return sizeof(*h) + sizeof(*t);
1feab10d
JK		 353}
354
40cd63bf
JK		 355/* Get the ith element from the array block n */
356#define ahash_data(n, i, dsize) \
357 ((struct mtype_elem *)((n)->value + ((i) * (dsize))))
358
359static void
360mtype_ext_cleanup(struct ip_set *set, struct hbucket *n)
361{
362 int i;
363
364 for (i = 0; i < n->pos; i++)
18f84d41
JK		 365 if (test_bit(i, n->used))
366 ip_set_ext_destroy(set, ahash_data(n, i, set->dsize));
40cd63bf
JK		 367}
368
1feab10d
JK		 369/* Flush a hash type of set: destroy all elements */
370static void
371mtype_flush(struct ip_set *set)
372{
373 struct htype *h = set->data;
a0f28dc7 374 struct htable *t;
1feab10d
JK		 375 struct hbucket *n;
376 u32 i;
377
18f84d41 378 t = ipset_dereference_protected(h->table, set);
1feab10d 379 for (i = 0; i < jhash_size(t->htable_bits); i++) {
18f84d41
JK		 380 n = __ipset_dereference_protected(hbucket(t, i), 1);
381 if (!n)
382 continue;
383 if (set->extensions & IPSET_EXT_DESTROY)
384 mtype_ext_cleanup(set, n);
385 /* FIXME: use slab cache */
386 rcu_assign_pointer(hbucket(t, i), NULL);
387 kfree_rcu(n, rcu);
1feab10d
JK		 388 }
389#ifdef IP_SET_HASH_WITH_NETS
21956ab2 390 memset(h->nets, 0, sizeof(h->nets));
1feab10d 391#endif
702b71e7 392 set->elements = 0;
9e41f26a 393 set->ext_size = 0;
1feab10d
JK		 394}
395
40cd63bf
JK		 396/* Destroy the hashtable part of the set */
397static void
80571a9e 398mtype_ahash_destroy(struct ip_set *set, struct htable *t, bool ext_destroy)
40cd63bf
JK		 399{
400 struct hbucket *n;
401 u32 i;
402
403 for (i = 0; i < jhash_size(t->htable_bits); i++) {
18f84d41
JK		 404 n = __ipset_dereference_protected(hbucket(t, i), 1);
405 if (!n)
406 continue;
407 if (set->extensions & IPSET_EXT_DESTROY && ext_destroy)
408 mtype_ext_cleanup(set, n);
409 /* FIXME: use slab cache */
410 kfree(n);
40cd63bf
JK		 411 }
412
413 ip_set_free(t);
414}
415
1feab10d
JK		 416/* Destroy a hash type of set */
417static void
418mtype_destroy(struct ip_set *set)
419{
420 struct htype *h = set->data;
421
edda0791 422 if (SET_WITH_TIMEOUT(set))
1feab10d
JK		 423 del_timer_sync(&h->gc);
424
ca0f6a5c
JK		 425 mtype_ahash_destroy(set,
426 __ipset_dereference_protected(h->table, 1), true);
1feab10d
JK		 427 kfree(h);
428
429 set->data = NULL;
430}
431
432static void
a92c5751 433mtype_gc_init(struct ip_set *set, void (*gc)(struct timer_list *t))
1feab10d
JK		 434{
435 struct htype *h = set->data;
436
a92c5751 437 timer_setup(&h->gc, gc, 0);
fcb58a03 438 mod_timer(&h->gc, jiffies + IPSET_GC_PERIOD(set->timeout) * HZ);
1feab10d 439 pr_debug("gc initialized, run in every %u\n",
ca134ce8 440 IPSET_GC_PERIOD(set->timeout));
1feab10d
JK		 441}
442
443static bool
444mtype_same_set(const struct ip_set *a, const struct ip_set *b)
445{
446 const struct htype *x = a->data;
447 const struct htype *y = b->data;
448
449 /* Resizing changes htable_bits, so we ignore it */
450 return x->maxelem == y->maxelem &&
ca134ce8 451 a->timeout == b->timeout &&
1feab10d
JK		 452#ifdef IP_SET_HASH_WITH_NETMASK
453 x->netmask == y->netmask &&
4d0e5c07
VD		 454#endif
455#ifdef IP_SET_HASH_WITH_MARKMASK
456 x->markmask == y->markmask &&
1feab10d
JK		 457#endif
458 a->extensions == b->extensions;
459}
460
1feab10d
JK		 461/* Delete expired elements from the hashtable */
462static void
5fdb5f69 463mtype_expire(struct ip_set *set, struct htype *h)
1feab10d 464{
a0f28dc7 465 struct htable *t;
0aae24eb 466 struct hbucket *n, *tmp;
1feab10d 467 struct mtype_elem *data;
18f84d41 468 u32 i, j, d;
5fdb5f69 469 size_t dsize = set->dsize;
ea53ac5b 470#ifdef IP_SET_HASH_WITH_NETS
cee8b97b 471 u8 k;
ea53ac5b 472#endif
1feab10d 473
18f84d41 474 t = ipset_dereference_protected(h->table, set);
1feab10d 475 for (i = 0; i < jhash_size(t->htable_bits); i++) {
18f84d41
JK		 476 n = __ipset_dereference_protected(hbucket(t, i), 1);
477 if (!n)
478 continue;
479 for (j = 0, d = 0; j < n->pos; j++) {
480 if (!test_bit(j, n->used)) {
481 d++;
482 continue;
483 }
1feab10d 484 data = ahash_data(n, j, dsize);
509debc9
JK		 485 if (!ip_set_timeout_expired(ext_timeout(data, set)))
486 continue;
487 pr_debug("expired %u/%u\n", i, j);
488 clear_bit(j, n->used);
489 smp_mb__after_atomic();
1feab10d 490#ifdef IP_SET_HASH_WITH_NETS
509debc9
JK		 491 for (k = 0; k < IPSET_NET_COUNT; k++)
492 mtype_del_cidr(h,
493 NCIDR_PUT(DCIDR_GET(data->cidr, k)),
cee8b97b 494 k);
1feab10d 495#endif
509debc9
JK		 496 ip_set_ext_destroy(set, data);
497 set->elements--;
498 d++;
1feab10d 499 }
18f84d41 500 if (d >= AHASH_INIT_SIZE) {
0aae24eb
JK		 501 if (d >= n->size) {
502 rcu_assign_pointer(hbucket(t, i), NULL);
503 kfree_rcu(n, rcu);
504 continue;
505 }
506 tmp = kzalloc(sizeof(*tmp) +
507 (n->size - AHASH_INIT_SIZE) * dsize,
508 GFP_ATOMIC);
1feab10d
JK		 509 if (!tmp)
510 /* Still try to delete expired elements */
511 continue;
18f84d41
JK		 512 tmp->size = n->size - AHASH_INIT_SIZE;
513 for (j = 0, d = 0; j < n->pos; j++) {
514 if (!test_bit(j, n->used))
515 continue;
516 data = ahash_data(n, j, dsize);
517 memcpy(tmp->value + d * dsize, data, dsize);
e9dfdc05 518 set_bit(d, tmp->used);
18f84d41
JK		 519 d++;
520 }
521 tmp->pos = d;
a71bdbfa 522 set->ext_size -= ext_size(AHASH_INIT_SIZE, dsize);
18f84d41
JK		 523 rcu_assign_pointer(hbucket(t, i), tmp);
524 kfree_rcu(n, rcu);
1feab10d
JK		 525 }
526 }
527}
528
529static void
a92c5751 530mtype_gc(struct timer_list *t)
1feab10d 531{
a92c5751
KC		 532 struct htype *h = from_timer(h, t, gc);
533 struct ip_set *set = h->set;
1feab10d
JK		 534
535 pr_debug("called\n");
18f84d41 536 spin_lock_bh(&set->lock);
5fdb5f69 537 mtype_expire(set, h);
18f84d41 538 spin_unlock_bh(&set->lock);
1feab10d 539
ca134ce8 540 h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ;
1feab10d
JK		 541 add_timer(&h->gc);
542}
543
544/* Resize a hash: create a new hash table with doubling the hashsize
545 * and inserting the elements to it. Repeat until we succeed or
ca0f6a5c
JK		 546 * fail due to memory pressures.
547 */
1feab10d
JK		 548static int
549mtype_resize(struct ip_set *set, bool retried)
550{
551 struct htype *h = set->data;
18f84d41
JK		 552 struct htable *t, *orig;
553 u8 htable_bits;
9e41f26a 554 size_t extsize, dsize = set->dsize;
1feab10d
JK		 555#ifdef IP_SET_HASH_WITH_NETS
556 u8 flags;
18f84d41 557 struct mtype_elem *tmp;
1feab10d
JK		 558#endif
559 struct mtype_elem *data;
560 struct mtype_elem *d;
561 struct hbucket *n, *m;
18f84d41 562 u32 i, j, key;
1feab10d
JK		 563 int ret;
564
18f84d41
JK		 565#ifdef IP_SET_HASH_WITH_NETS
566 tmp = kmalloc(dsize, GFP_KERNEL);
567 if (!tmp)
568 return -ENOMEM;
569#endif
570 rcu_read_lock_bh();
571 orig = rcu_dereference_bh_nfnl(h->table);
572 htable_bits = orig->htable_bits;
573 rcu_read_unlock_bh();
1feab10d
JK		 574
575retry:
576 ret = 0;
577 htable_bits++;
1feab10d
JK		 578 if (!htable_bits) {
579 /* In case we have plenty of memory :-) */
b167a37c
JP		 580 pr_warn("Cannot increase the hashsize of set %s further\n",
581 set->name);
18f84d41
JK		 582 ret = -IPSET_ERR_HASH_FULL;
583 goto out;
584 }
585 t = ip_set_alloc(htable_size(htable_bits));
586 if (!t) {
587 ret = -ENOMEM;
588 goto out;
1feab10d 589 }
1feab10d
JK		 590 t->htable_bits = htable_bits;
591
18f84d41
JK		 592 spin_lock_bh(&set->lock);
593 orig = __ipset_dereference_protected(h->table, 1);
c4c99783
JK		 594 /* There can't be another parallel resizing, but dumping is possible */
595 atomic_set(&orig->ref, 1);
596 atomic_inc(&orig->uref);
9e41f26a 597 extsize = 0;
18f84d41
JK		 598 pr_debug("attempt to resize set %s from %u to %u, t %p\n",
599 set->name, orig->htable_bits, htable_bits, orig);
1feab10d 600 for (i = 0; i < jhash_size(orig->htable_bits); i++) {
18f84d41
JK		 601 n = __ipset_dereference_protected(hbucket(orig, i), 1);
602 if (!n)
603 continue;
1feab10d 604 for (j = 0; j < n->pos; j++) {
18f84d41
JK		 605 if (!test_bit(j, n->used))
606 continue;
607 data = ahash_data(n, j, dsize);
1feab10d 608#ifdef IP_SET_HASH_WITH_NETS
18f84d41
JK		 609 /* We have readers running parallel with us,
610 * so the live data cannot be modified.
611 */
1feab10d 612 flags = 0;
18f84d41
JK		 613 memcpy(tmp, data, dsize);
614 data = tmp;
1feab10d
JK		 615 mtype_data_reset_flags(data, &flags);
616#endif
18f84d41
JK		 617 key = HKEY(data, h->initval, htable_bits);
618 m = __ipset_dereference_protected(hbucket(t, key), 1);
619 if (!m) {
620 m = kzalloc(sizeof(*m) +
621 AHASH_INIT_SIZE * dsize,
622 GFP_ATOMIC);
623 if (!m) {
624 ret = -ENOMEM;
625 goto cleanup;
626 }
627 m->size = AHASH_INIT_SIZE;
a71bdbfa 628 extsize = ext_size(AHASH_INIT_SIZE, dsize);
18f84d41
JK		 629 RCU_INIT_POINTER(hbucket(t, key), m);
630 } else if (m->pos >= m->size) {
631 struct hbucket *ht;
632
633 if (m->size >= AHASH_MAX(h)) {
634 ret = -EAGAIN;
635 } else {
636 ht = kzalloc(sizeof(*ht) +
637 (m->size + AHASH_INIT_SIZE)
638 * dsize,
639 GFP_ATOMIC);
640 if (!ht)
641 ret = -ENOMEM;
642 }
643 if (ret < 0)
644 goto cleanup;
645 memcpy(ht, m, sizeof(struct hbucket) +
646 m->size * dsize);
647 ht->size = m->size + AHASH_INIT_SIZE;
a71bdbfa 648 extsize += ext_size(AHASH_INIT_SIZE, dsize);
18f84d41
JK		 649 kfree(m);
650 m = ht;
651 RCU_INIT_POINTER(hbucket(t, key), ht);
1feab10d 652 }
18f84d41
JK		 653 d = ahash_data(m, m->pos, dsize);
654 memcpy(d, data, dsize);
655 set_bit(m->pos++, m->used);
1feab10d
JK		 656#ifdef IP_SET_HASH_WITH_NETS
657 mtype_data_reset_flags(d, &flags);
658#endif
659 }
660 }
1feab10d 661 rcu_assign_pointer(h->table, t);
9e41f26a 662 set->ext_size = extsize;
18f84d41
JK		 663
664 spin_unlock_bh(&set->lock);
1feab10d
JK		 665
666 /* Give time to other readers of the set */
667 synchronize_rcu_bh();
668
669 pr_debug("set %s resized from %u (%p) to %u (%p)\n", set->name,
670 orig->htable_bits, orig, t->htable_bits, t);
c4c99783
JK		 671 /* If there's nobody else dumping the table, destroy it */
672 if (atomic_dec_and_test(&orig->uref)) {
673 pr_debug("Table destroy by resize %p\n", orig);
674 mtype_ahash_destroy(set, orig, false);
675 }
1feab10d 676
18f84d41
JK		 677out:
678#ifdef IP_SET_HASH_WITH_NETS
679 kfree(tmp);
680#endif
681 return ret;
682
683cleanup:
684 atomic_set(&orig->ref, 0);
685 atomic_dec(&orig->uref);
686 spin_unlock_bh(&set->lock);
687 mtype_ahash_destroy(set, t, false);
688 if (ret == -EAGAIN)
689 goto retry;
690 goto out;
1feab10d
JK		 691}
692
693/* Add an element to a hash and update the internal counters when succeeded,
ca0f6a5c
JK		 694 * otherwise report the proper error code.
695 */
1feab10d
JK		 696static int
697mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
698 struct ip_set_ext *mext, u32 flags)
699{
700 struct htype *h = set->data;
701 struct htable *t;
702 const struct mtype_elem *d = value;
703 struct mtype_elem *data;
18f84d41
JK		 704 struct hbucket *n, *old = ERR_PTR(-ENOENT);
705 int i, j = -1;
1feab10d 706 bool flag_exist = flags & IPSET_FLAG_EXIST;
18f84d41 707 bool deleted = false, forceadd = false, reuse = false;
1feab10d
JK		 708 u32 key, multi = 0;
709
702b71e7 710 if (set->elements >= h->maxelem) {
18f84d41
JK		 711 if (SET_WITH_TIMEOUT(set))
712 /* FIXME: when set is full, we slow down here */
5fdb5f69 713 mtype_expire(set, h);
702b71e7 714 if (set->elements >= h->maxelem && SET_WITH_FORCEADD(set))
18f84d41
JK		 715 forceadd = true;
716 }
717
718 t = ipset_dereference_protected(h->table, set);
1feab10d 719 key = HKEY(value, h->initval, t->htable_bits);
18f84d41
JK		 720 n = __ipset_dereference_protected(hbucket(t, key), 1);
721 if (!n) {
9be37d2a 722 if (forceadd || set->elements >= h->maxelem)
18f84d41 723 goto set_full;
18f84d41
JK		 724 old = NULL;
725 n = kzalloc(sizeof(*n) + AHASH_INIT_SIZE * set->dsize,
726 GFP_ATOMIC);
727 if (!n)
728 return -ENOMEM;
729 n->size = AHASH_INIT_SIZE;
a71bdbfa 730 set->ext_size += ext_size(AHASH_INIT_SIZE, set->dsize);
18f84d41
JK		 731 goto copy_elem;
732 }
1feab10d 733 for (i = 0; i < n->pos; i++) {
18f84d41
JK		 734 if (!test_bit(i, n->used)) {
735 /* Reuse first deleted entry */
736 if (j == -1) {
737 deleted = reuse = true;
738 j = i;
739 }
740 continue;
741 }
ca134ce8 742 data = ahash_data(n, i, set->dsize);
1feab10d
JK		 743 if (mtype_data_equal(data, d, &multi)) {
744 if (flag_exist ||
745 (SET_WITH_TIMEOUT(set) &&
ca134ce8 746 ip_set_timeout_expired(ext_timeout(data, set)))) {
1feab10d
JK		 747 /* Just the extensions could be overwritten */
748 j = i;
18f84d41 749 goto overwrite_extensions;
1feab10d 750 }
18f84d41 751 return -IPSET_ERR_EXIST;
1feab10d
JK		 752 }
753 /* Reuse first timed out entry */
754 if (SET_WITH_TIMEOUT(set) &&
ca134ce8 755 ip_set_timeout_expired(ext_timeout(data, set)) &&
18f84d41 756 j == -1) {
1feab10d 757 j = i;
18f84d41
JK		 758 reuse = true;
759 }
1feab10d 760 }
18f84d41 761 if (reuse || forceadd) {
ca134ce8 762 data = ahash_data(n, j, set->dsize);
18f84d41 763 if (!deleted) {
1feab10d 764#ifdef IP_SET_HASH_WITH_NETS
18f84d41
JK		 765 for (i = 0; i < IPSET_NET_COUNT; i++)
766 mtype_del_cidr(h,
767 NCIDR_PUT(DCIDR_GET(data->cidr, i)),
cee8b97b 768 i);
1feab10d 769#endif
18f84d41 770 ip_set_ext_destroy(set, data);
702b71e7 771 set->elements--;
18f84d41
JK		 772 }
773 goto copy_data;
774 }
702b71e7 775 if (set->elements >= h->maxelem)
18f84d41
JK		 776 goto set_full;
777 /* Create a new slot */
778 if (n->pos >= n->size) {
1feab10d 779 TUNE_AHASH_MAX(h, multi);
18f84d41
JK		 780 if (n->size >= AHASH_MAX(h)) {
781 /* Trigger rehashing */
782 mtype_data_next(&h->next, d);
783 return -EAGAIN;
1feab10d 784 }
18f84d41
JK		 785 old = n;
786 n = kzalloc(sizeof(*n) +
787 (old->size + AHASH_INIT_SIZE) * set->dsize,
788 GFP_ATOMIC);
789 if (!n)
790 return -ENOMEM;
791 memcpy(n, old, sizeof(struct hbucket) +
792 old->size * set->dsize);
793 n->size = old->size + AHASH_INIT_SIZE;
a71bdbfa 794 set->ext_size += ext_size(AHASH_INIT_SIZE, set->dsize);
18f84d41
JK		 795 }
796
797copy_elem:
798 j = n->pos++;
799 data = ahash_data(n, j, set->dsize);
800copy_data:
702b71e7 801 set->elements++;
1feab10d 802#ifdef IP_SET_HASH_WITH_NETS
18f84d41 803 for (i = 0; i < IPSET_NET_COUNT; i++)
cee8b97b 804 mtype_add_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, i)), i);
1feab10d 805#endif
1feab10d 806 memcpy(data, d, sizeof(struct mtype_elem));
18f84d41 807overwrite_extensions:
1feab10d
JK		 808#ifdef IP_SET_HASH_WITH_NETS
809 mtype_data_set_flags(data, flags);
810#endif
00d71b27 811 if (SET_WITH_COUNTER(set))
ca134ce8 812 ip_set_init_counter(ext_counter(data, set), ext);
fda75c6d 813 if (SET_WITH_COMMENT(set))
9e41f26a 814 ip_set_init_comment(set, ext_comment(data, set), ext);
af331419
AD		 815 if (SET_WITH_SKBINFO(set))
816 ip_set_init_skbinfo(ext_skbinfo(data, set), ext);
18f84d41
JK		 817 /* Must come last for the case when timed out entry is reused */
818 if (SET_WITH_TIMEOUT(set))
819 ip_set_timeout_set(ext_timeout(data, set), ext->timeout);
820 smp_mb__before_atomic();
821 set_bit(j, n->used);
822 if (old != ERR_PTR(-ENOENT)) {
823 rcu_assign_pointer(hbucket(t, key), n);
824 if (old)
825 kfree_rcu(old, rcu);
826 }
1feab10d 827
18f84d41
JK		 828 return 0;
829set_full:
830 if (net_ratelimit())
831 pr_warn("Set %s is full, maxelem %u reached\n",
832 set->name, h->maxelem);
833 return -IPSET_ERR_HASH_FULL;
1feab10d
JK		 834}
835
18f84d41 836/* Delete an element from the hash and free up space if possible.
1feab10d
JK		 837 */
838static int
839mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
840 struct ip_set_ext *mext, u32 flags)
841{
842 struct htype *h = set->data;
a0f28dc7 843 struct htable *t;
1feab10d
JK		 844 const struct mtype_elem *d = value;
845 struct mtype_elem *data;
846 struct hbucket *n;
18f84d41 847 int i, j, k, ret = -IPSET_ERR_EXIST;
1feab10d 848 u32 key, multi = 0;
18f84d41 849 size_t dsize = set->dsize;
1feab10d 850
18f84d41 851 t = ipset_dereference_protected(h->table, set);
1feab10d 852 key = HKEY(value, h->initval, t->htable_bits);
18f84d41
JK		 853 n = __ipset_dereference_protected(hbucket(t, key), 1);
854 if (!n)
855 goto out;
856 for (i = 0, k = 0; i < n->pos; i++) {
857 if (!test_bit(i, n->used)) {
858 k++;
859 continue;
860 }
861 data = ahash_data(n, i, dsize);
1feab10d
JK		 862 if (!mtype_data_equal(data, d, &multi))
863 continue;
864 if (SET_WITH_TIMEOUT(set) &&
ca134ce8 865 ip_set_timeout_expired(ext_timeout(data, set)))
a0f28dc7 866 goto out;
1feab10d 867
18f84d41
JK		 868 ret = 0;
869 clear_bit(i, n->used);
870 smp_mb__after_atomic();
871 if (i + 1 == n->pos)
872 n->pos--;
702b71e7 873 set->elements--;
1feab10d 874#ifdef IP_SET_HASH_WITH_NETS
ea53ac5b 875 for (j = 0; j < IPSET_NET_COUNT; j++)
f690cbae 876 mtype_del_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, j)),
cee8b97b 877 j);
1feab10d 878#endif
40cd63bf 879 ip_set_ext_destroy(set, data);
18f84d41
JK		 880
881 for (; i < n->pos; i++) {
882 if (!test_bit(i, n->used))
883 k++;
884 }
885 if (n->pos == 0 && k == 0) {
a71bdbfa 886 set->ext_size -= ext_size(n->size, dsize);
18f84d41
JK		 887 rcu_assign_pointer(hbucket(t, key), NULL);
888 kfree_rcu(n, rcu);
889 } else if (k >= AHASH_INIT_SIZE) {
890 struct hbucket *tmp = kzalloc(sizeof(*tmp) +
891 (n->size - AHASH_INIT_SIZE) * dsize,
892 GFP_ATOMIC);
893 if (!tmp)
a0f28dc7 894 goto out;
18f84d41
JK		 895 tmp->size = n->size - AHASH_INIT_SIZE;
896 for (j = 0, k = 0; j < n->pos; j++) {
897 if (!test_bit(j, n->used))
898 continue;
899 data = ahash_data(n, j, dsize);
900 memcpy(tmp->value + k * dsize, data, dsize);
50054a92 901 set_bit(k, tmp->used);
18f84d41 902 k++;
a0f28dc7 903 }
18f84d41 904 tmp->pos = k;
a71bdbfa 905 set->ext_size -= ext_size(AHASH_INIT_SIZE, dsize);
18f84d41
JK		 906 rcu_assign_pointer(hbucket(t, key), tmp);
907 kfree_rcu(n, rcu);
1feab10d 908 }
a0f28dc7 909 goto out;
1feab10d
JK		 910 }
911
a0f28dc7 912out:
a0f28dc7 913 return ret;
1feab10d
JK		 914}
915
916static inline int
917mtype_data_match(struct mtype_elem *data, const struct ip_set_ext *ext,
918 struct ip_set_ext *mext, struct ip_set *set, u32 flags)
919{
00d71b27 920 if (SET_WITH_COUNTER(set))
ca134ce8 921 ip_set_update_counter(ext_counter(data, set),
00d71b27 922 ext, mext, flags);
af331419
AD		 923 if (SET_WITH_SKBINFO(set))
924 ip_set_get_skbinfo(ext_skbinfo(data, set),
925 ext, mext, flags);
1feab10d
JK		 926 return mtype_do_data_match(data);
927}
928
929#ifdef IP_SET_HASH_WITH_NETS
930/* Special test function which takes into account the different network
ca0f6a5c
JK		 931 * sizes added to the set
932 */
1feab10d
JK		 933static int
934mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d,
935 const struct ip_set_ext *ext,
936 struct ip_set_ext *mext, u32 flags)
937{
938 struct htype *h = set->data;
a0f28dc7 939 struct htable *t = rcu_dereference_bh(h->table);
1feab10d
JK		 940 struct hbucket *n;
941 struct mtype_elem *data;
ea53ac5b
OS		 942#if IPSET_NET_COUNT == 2
943 struct mtype_elem orig = *d;
944 int i, j = 0, k;
945#else
1feab10d 946 int i, j = 0;
ea53ac5b 947#endif
1feab10d 948 u32 key, multi = 0;
1feab10d
JK		 949
950 pr_debug("test by nets\n");
cee8b97b 951 for (; j < NLEN && h->nets[j].cidr[0] && !multi; j++) {
ea53ac5b
OS		 952#if IPSET_NET_COUNT == 2
953 mtype_data_reset_elem(d, &orig);
f690cbae 954 mtype_data_netmask(d, NCIDR_GET(h->nets[j].cidr[0]), false);
cee8b97b 955 for (k = 0; k < NLEN && h->nets[k].cidr[1] && !multi;
ea53ac5b 956 k++) {
f690cbae
JK		 957 mtype_data_netmask(d, NCIDR_GET(h->nets[k].cidr[1]),
958 true);
ea53ac5b 959#else
f690cbae 960 mtype_data_netmask(d, NCIDR_GET(h->nets[j].cidr[0]));
ea53ac5b 961#endif
1feab10d 962 key = HKEY(d, h->initval, t->htable_bits);
18f84d41
JK		 963 n = rcu_dereference_bh(hbucket(t, key));
964 if (!n)
965 continue;
1feab10d 966 for (i = 0; i < n->pos; i++) {
18f84d41
JK		 967 if (!test_bit(i, n->used))
968 continue;
ca134ce8 969 data = ahash_data(n, i, set->dsize);
1feab10d
JK		 970 if (!mtype_data_equal(data, d, &multi))
971 continue;
972 if (SET_WITH_TIMEOUT(set)) {
973 if (!ip_set_timeout_expired(
ca134ce8 974 ext_timeout(data, set)))
1feab10d
JK		 975 return mtype_data_match(data, ext,
976 mext, set,
977 flags);
978#ifdef IP_SET_HASH_WITH_MULTI
979 multi = 0;
980#endif
981 } else
982 return mtype_data_match(data, ext,
983 mext, set, flags);
984 }
ea53ac5b
OS		 985#if IPSET_NET_COUNT == 2
986 }
987#endif
1feab10d
JK		 988 }
989 return 0;
990}
991#endif
992
993/* Test whether the element is added to the set */
994static int
995mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext,
996 struct ip_set_ext *mext, u32 flags)
997{
998 struct htype *h = set->data;
a0f28dc7 999 struct htable *t;
1feab10d
JK		 1000 struct mtype_elem *d = value;
1001 struct hbucket *n;
1002 struct mtype_elem *data;
a0f28dc7 1003 int i, ret = 0;
1feab10d
JK		 1004 u32 key, multi = 0;
1005
a0f28dc7 1006 t = rcu_dereference_bh(h->table);
1feab10d
JK		 1007#ifdef IP_SET_HASH_WITH_NETS
1008 /* If we test an IP address and not a network address,
ca0f6a5c
JK		 1009 * try all possible network sizes
1010 */
ea53ac5b 1011 for (i = 0; i < IPSET_NET_COUNT; i++)
cee8b97b 1012 if (DCIDR_GET(d->cidr, i) != HOST_MASK)
ea53ac5b
OS		 1013 break;
1014 if (i == IPSET_NET_COUNT) {
a0f28dc7
JK		 1015 ret = mtype_test_cidrs(set, d, ext, mext, flags);
1016 goto out;
1017 }
1feab10d
JK		 1018#endif
1019
1020 key = HKEY(d, h->initval, t->htable_bits);
18f84d41
JK		 1021 n = rcu_dereference_bh(hbucket(t, key));
1022 if (!n) {
1023 ret = 0;
1024 goto out;
1025 }
1feab10d 1026 for (i = 0; i < n->pos; i++) {
18f84d41
JK		 1027 if (!test_bit(i, n->used))
1028 continue;
ca134ce8 1029 data = ahash_data(n, i, set->dsize);
1feab10d
JK		 1030 if (mtype_data_equal(data, d, &multi) &&
1031 !(SET_WITH_TIMEOUT(set) &&
ca134ce8 1032 ip_set_timeout_expired(ext_timeout(data, set)))) {
a0f28dc7
JK		 1033 ret = mtype_data_match(data, ext, mext, set, flags);
1034 goto out;
1035 }
1feab10d 1036 }
a0f28dc7 1037out:
a0f28dc7 1038 return ret;
1feab10d
JK		 1039}
1040
1041/* Reply a HEADER request: fill out the header part of the set */
1042static int
1043mtype_head(struct ip_set *set, struct sk_buff *skb)
1044{
7f4f7dd4 1045 struct htype *h = set->data;
a0f28dc7 1046 const struct htable *t;
1feab10d
JK		 1047 struct nlattr *nested;
1048 size_t memsize;
18f84d41 1049 u8 htable_bits;
1feab10d 1050
7f4f7dd4
VP		 1051 /* If any members have expired, set->elements will be wrong
1052 * mytype_expire function will update it with the right count.
1053 * we do not hold set->lock here, so grab it first.
1054 * set->elements can still be incorrect in the case of a huge set,
1055 * because elements might time out during the listing.
1056 */
1057 if (SET_WITH_TIMEOUT(set)) {
1058 spin_lock_bh(&set->lock);
1059 mtype_expire(set, h);
1060 spin_unlock_bh(&set->lock);
1061 }
1062
18f84d41 1063 rcu_read_lock_bh();
a0f28dc7 1064 t = rcu_dereference_bh_nfnl(h->table);
cee8b97b 1065 memsize = mtype_ahash_memsize(h, t) + set->ext_size;
18f84d41
JK		 1066 htable_bits = t->htable_bits;
1067 rcu_read_unlock_bh();
1feab10d
JK		 1068
1069 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
1070 if (!nested)
1071 goto nla_put_failure;
1072 if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE,
18f84d41 1073 htonl(jhash_size(htable_bits))) ||
1feab10d
JK		 1074 nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem)))
1075 goto nla_put_failure;
1076#ifdef IP_SET_HASH_WITH_NETMASK
1077 if (h->netmask != HOST_MASK &&
1078 nla_put_u8(skb, IPSET_ATTR_NETMASK, h->netmask))
1079 goto nla_put_failure;
4d0e5c07
VD		 1080#endif
1081#ifdef IP_SET_HASH_WITH_MARKMASK
1082 if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
1083 goto nla_put_failure;
1feab10d 1084#endif
596cf3fe 1085 if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
a54dad51 1086 nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
702b71e7 1087 nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(set->elements)))
fda75c6d
OS		 1088 goto nla_put_failure;
1089 if (unlikely(ip_set_put_flags(skb, set)))
1feab10d
JK		 1090 goto nla_put_failure;
1091 ipset_nest_end(skb, nested);
1092
1093 return 0;
1094nla_put_failure:
1095 return -EMSGSIZE;
1096}
1097
c4c99783
JK		 1098/* Make possible to run dumping parallel with resizing */
1099static void
1100mtype_uref(struct ip_set *set, struct netlink_callback *cb, bool start)
1101{
1102 struct htype *h = set->data;
1103 struct htable *t;
1104
1105 if (start) {
1106 rcu_read_lock_bh();
1107 t = rcu_dereference_bh_nfnl(h->table);
1108 atomic_inc(&t->uref);
1109 cb->args[IPSET_CB_PRIVATE] = (unsigned long)t;
1110 rcu_read_unlock_bh();
1111 } else if (cb->args[IPSET_CB_PRIVATE]) {
1112 t = (struct htable *)cb->args[IPSET_CB_PRIVATE];
1113 if (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) {
1114 /* Resizing didn't destroy the hash table */
1115 pr_debug("Table destroy by dump: %p\n", t);
1116 mtype_ahash_destroy(set, t, false);
1117 }
1118 cb->args[IPSET_CB_PRIVATE] = 0;
1119 }
1120}
1121
1feab10d
JK		 1122/* Reply a LIST/SAVE request: dump the elements of the specified set */
1123static int
1124mtype_list(const struct ip_set *set,
1125 struct sk_buff *skb, struct netlink_callback *cb)
1126{
c4c99783 1127 const struct htable *t;
1feab10d
JK		 1128 struct nlattr *atd, *nested;
1129 const struct hbucket *n;
1130 const struct mtype_elem *e;
93302880 1131 u32 first = cb->args[IPSET_CB_ARG0];
1feab10d
JK		 1132 /* We assume that one hash bucket fills into one page */
1133 void *incomplete;
18f84d41 1134 int i, ret = 0;
1feab10d
JK		 1135
1136 atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
1137 if (!atd)
1138 return -EMSGSIZE;
18f84d41 1139
1feab10d 1140 pr_debug("list hash set %s\n", set->name);
c4c99783 1141 t = (const struct htable *)cb->args[IPSET_CB_PRIVATE];
18f84d41
JK		 1142 /* Expire may replace a hbucket with another one */
1143 rcu_read_lock();
93302880
JK		 1144 for (; cb->args[IPSET_CB_ARG0] < jhash_size(t->htable_bits);
1145 cb->args[IPSET_CB_ARG0]++) {
1feab10d 1146 incomplete = skb_tail_pointer(skb);
18f84d41 1147 n = rcu_dereference(hbucket(t, cb->args[IPSET_CB_ARG0]));
93302880
JK		 1148 pr_debug("cb->arg bucket: %lu, t %p n %p\n",
1149 cb->args[IPSET_CB_ARG0], t, n);
18f84d41
JK		 1150 if (!n)
1151 continue;
1feab10d 1152 for (i = 0; i < n->pos; i++) {
18f84d41
JK		 1153 if (!test_bit(i, n->used))
1154 continue;
ca134ce8 1155 e = ahash_data(n, i, set->dsize);
1feab10d 1156 if (SET_WITH_TIMEOUT(set) &&
ca134ce8 1157 ip_set_timeout_expired(ext_timeout(e, set)))
1feab10d
JK		 1158 continue;
1159 pr_debug("list hash %lu hbucket %p i %u, data %p\n",
93302880 1160 cb->args[IPSET_CB_ARG0], n, i, e);
1feab10d
JK		 1161 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
1162 if (!nested) {
93302880 1163 if (cb->args[IPSET_CB_ARG0] == first) {
1feab10d 1164 nla_nest_cancel(skb, atd);
18f84d41
JK		 1165 ret = -EMSGSIZE;
1166 goto out;
ca0f6a5c
JK		 1167 }
1168 goto nla_put_failure;
1feab10d
JK		 1169 }
1170 if (mtype_data_list(skb, e))
1171 goto nla_put_failure;
3fd986b3 1172 if (ip_set_put_extensions(skb, set, e, true))
fda75c6d 1173 goto nla_put_failure;
1feab10d
JK		 1174 ipset_nest_end(skb, nested);
1175 }
1176 }
1177 ipset_nest_end(skb, atd);
1178 /* Set listing finished */
93302880 1179 cb->args[IPSET_CB_ARG0] = 0;
1feab10d 1180
18f84d41 1181 goto out;
1feab10d
JK		 1182
1183nla_put_failure:
1184 nlmsg_trim(skb, incomplete);
93302880 1185 if (unlikely(first == cb->args[IPSET_CB_ARG0])) {
b167a37c
JP		 1186 pr_warn("Can't list set %s: one bucket does not fit into a message. Please report it!\n",
1187 set->name);
93302880 1188 cb->args[IPSET_CB_ARG0] = 0;
18f84d41 1189 ret = -EMSGSIZE;
ca0f6a5c 1190 } else {
18f84d41 1191 ipset_nest_end(skb, atd);
ca0f6a5c 1192 }
18f84d41
JK		 1193out:
1194 rcu_read_unlock();
1195 return ret;
1feab10d
JK		 1196}
1197
1198static int
35b8dcf8 1199IPSET_TOKEN(MTYPE, _kadt)(struct ip_set *set, const struct sk_buff *skb,
ca0f6a5c
JK		 1200 const struct xt_action_param *par,
1201 enum ipset_adt adt, struct ip_set_adt_opt *opt);
1feab10d
JK		 1202
1203static int
35b8dcf8 1204IPSET_TOKEN(MTYPE, _uadt)(struct ip_set *set, struct nlattr *tb[],
ca0f6a5c
JK		 1205 enum ipset_adt adt, u32 *lineno, u32 flags,
1206 bool retried);
1feab10d
JK		 1207
1208static const struct ip_set_type_variant mtype_variant = {
1209 .kadt = mtype_kadt,
1210 .uadt = mtype_uadt,
1211 .adt = {
1212 [IPSET_ADD] = mtype_add,
1213 [IPSET_DEL] = mtype_del,
1214 [IPSET_TEST] = mtype_test,
1215 },
1216 .destroy = mtype_destroy,
1217 .flush = mtype_flush,
1218 .head = mtype_head,
1219 .list = mtype_list,
c4c99783 1220 .uref = mtype_uref,
1feab10d
JK		 1221 .resize = mtype_resize,
1222 .same_set = mtype_same_set,
1223};
1224
1225#ifdef IP_SET_EMIT_CREATE
1226static int
1785e8f4
VL		 1227IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
1228 struct nlattr *tb[], u32 flags)
1feab10d
JK		 1229{
1230 u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
4d0e5c07
VD		 1231#ifdef IP_SET_HASH_WITH_MARKMASK
1232 u32 markmask;
1233#endif
1feab10d
JK		 1234 u8 hbits;
1235#ifdef IP_SET_HASH_WITH_NETMASK
1236 u8 netmask;
1237#endif
1238 size_t hsize;
43ef29c9 1239 struct htype *h;
a0f28dc7 1240 struct htable *t;
1feab10d 1241
961509ac
JK		 1242 pr_debug("Create set %s with family %s\n",
1243 set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
1244
4bb5e114
FF		 1245#ifdef IP_SET_PROTO_UNDEF
1246 if (set->family != NFPROTO_UNSPEC)
1247 return -IPSET_ERR_INVALID_FAMILY;
1248#else
1feab10d
JK		 1249 if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
1250 return -IPSET_ERR_INVALID_FAMILY;
07034aea 1251#endif
4d0e5c07 1252
1feab10d
JK		 1253 if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
1254 !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
1255 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
1256 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
1257 return -IPSET_ERR_PROTOCOL;
961509ac 1258
18f84d41
JK		 1259#ifdef IP_SET_HASH_WITH_MARKMASK
1260 /* Separated condition in order to avoid directive in argument list */
1261 if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_MARKMASK)))
1262 return -IPSET_ERR_PROTOCOL;
1feab10d 1263
961509ac
JK		 1264 markmask = 0xffffffff;
1265 if (tb[IPSET_ATTR_MARKMASK]) {
1266 markmask = ntohl(nla_get_be32(tb[IPSET_ATTR_MARKMASK]));
1267 if (markmask == 0)
1268 return -IPSET_ERR_INVALID_MARKMASK;
1feab10d 1269 }
961509ac 1270#endif
1feab10d
JK		 1271
1272#ifdef IP_SET_HASH_WITH_NETMASK
961509ac 1273 netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
1feab10d
JK		 1274 if (tb[IPSET_ATTR_NETMASK]) {
1275 netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
1276
1277 if ((set->family == NFPROTO_IPV4 && netmask > 32) ||
1278 (set->family == NFPROTO_IPV6 && netmask > 128) ||
1279 netmask == 0)
1280 return -IPSET_ERR_INVALID_NETMASK;
1281 }
1282#endif
4d0e5c07 1283
961509ac
JK		 1284 if (tb[IPSET_ATTR_HASHSIZE]) {
1285 hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]);
1286 if (hashsize < IPSET_MIMINAL_HASHSIZE)
1287 hashsize = IPSET_MIMINAL_HASHSIZE;
4d0e5c07 1288 }
961509ac
JK		 1289
1290 if (tb[IPSET_ATTR_MAXELEM])
1291 maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]);
1feab10d
JK		 1292
1293 hsize = sizeof(*h);
1feab10d
JK		 1294 h = kzalloc(hsize, GFP_KERNEL);
1295 if (!h)
1296 return -ENOMEM;
1297
1feab10d
JK		 1298 hbits = htable_bits(hashsize);
1299 hsize = htable_size(hbits);
1300 if (hsize == 0) {
1301 kfree(h);
1302 return -ENOMEM;
1303 }
a0f28dc7
JK		 1304 t = ip_set_alloc(hsize);
1305 if (!t) {
1feab10d
JK		 1306 kfree(h);
1307 return -ENOMEM;
1308 }
961509ac
JK		 1309 h->maxelem = maxelem;
1310#ifdef IP_SET_HASH_WITH_NETMASK
1311 h->netmask = netmask;
1312#endif
1313#ifdef IP_SET_HASH_WITH_MARKMASK
1314 h->markmask = markmask;
1315#endif
1316 get_random_bytes(&h->initval, sizeof(h->initval));
1317
a0f28dc7 1318 t->htable_bits = hbits;
961509ac 1319 RCU_INIT_POINTER(h->table, t);
1feab10d 1320
a92c5751 1321 h->set = set;
1feab10d 1322 set->data = h;
07034aea 1323#ifndef IP_SET_PROTO_UNDEF
40cd63bf 1324 if (set->family == NFPROTO_IPV4) {
07034aea 1325#endif
35b8dcf8 1326 set->variant = &IPSET_TOKEN(HTYPE, 4_variant);
03c8b234 1327 set->dsize = ip_set_elem_len(set, tb,
95ad1f4a
JK		 1328 sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)),
1329 __alignof__(struct IPSET_TOKEN(HTYPE, 4_elem)));
07034aea 1330#ifndef IP_SET_PROTO_UNDEF
03c8b234 1331 } else {
35b8dcf8 1332 set->variant = &IPSET_TOKEN(HTYPE, 6_variant);
03c8b234 1333 set->dsize = ip_set_elem_len(set, tb,
95ad1f4a
JK		 1334 sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)),
1335 __alignof__(struct IPSET_TOKEN(HTYPE, 6_elem)));
03c8b234 1336 }
07034aea 1337#endif
961509ac 1338 set->timeout = IPSET_NO_TIMEOUT;
03c8b234 1339 if (tb[IPSET_ATTR_TIMEOUT]) {
ca134ce8 1340 set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
07034aea 1341#ifndef IP_SET_PROTO_UNDEF
03c8b234 1342 if (set->family == NFPROTO_IPV4)
07034aea 1343#endif
35b8dcf8
JK		 1344 IPSET_TOKEN(HTYPE, 4_gc_init)(set,
1345 IPSET_TOKEN(HTYPE, 4_gc));
07034aea 1346#ifndef IP_SET_PROTO_UNDEF
03c8b234 1347 else
35b8dcf8
JK		 1348 IPSET_TOKEN(HTYPE, 6_gc_init)(set,
1349 IPSET_TOKEN(HTYPE, 6_gc));
07034aea 1350#endif
1feab10d 1351 }
1feab10d 1352 pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n",
a0f28dc7
JK		 1353 set->name, jhash_size(t->htable_bits),
1354 t->htable_bits, h->maxelem, set->data, t);
1feab10d
JK		 1355
1356 return 0;
1357}
1358#endif /* IP_SET_EMIT_CREATE */
58cc06da
SP		 1359
1360#undef HKEY_DATALEN
ubuntu-bionic-kernel mirror