]>
Commit | Line | Data |
---|---|---|
1feab10d JK |
1 | /* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
2 | * | |
3 | * This program is free software; you can redistribute it and/or modify | |
4 | * it under the terms of the GNU General Public License version 2 as | |
5 | * published by the Free Software Foundation. | |
6 | */ | |
7 | ||
8 | #ifndef _IP_SET_HASH_GEN_H | |
9 | #define _IP_SET_HASH_GEN_H | |
10 | ||
11 | #include <linux/rcupdate.h> | |
12 | #include <linux/jhash.h> | |
18f84d41 | 13 | #include <linux/types.h> |
1feab10d | 14 | #include <linux/netfilter/ipset/ip_set_timeout.h> |
18f84d41 JK |
15 | |
16 | #define __ipset_dereference_protected(p, c) rcu_dereference_protected(p, c) | |
17 | #define ipset_dereference_protected(p, set) \ | |
18 | __ipset_dereference_protected(p, spin_is_locked(&(set)->lock)) | |
1feab10d | 19 | |
a0f28dc7 JK |
20 | #define rcu_dereference_bh_nfnl(p) rcu_dereference_bh_check(p, 1) |
21 | ||
1feab10d JK |
22 | /* Hashing which uses arrays to resolve clashing. The hash table is resized |
23 | * (doubled) when searching becomes too long. | |
24 | * Internally jhash is used with the assumption that the size of the | |
18f84d41 | 25 | * stored data is a multiple of sizeof(u32). |
1feab10d JK |
26 | * |
27 | * Readers and resizing | |
28 | * | |
29 | * Resizing can be triggered by userspace command only, and those | |
30 | * are serialized by the nfnl mutex. During resizing the set is | |
31 | * read-locked, so the only possible concurrent operations are | |
32 | * the kernel side readers. Those must be protected by proper RCU locking. | |
33 | */ | |
34 | ||
35 | /* Number of elements to store in an initial array block */ | |
36 | #define AHASH_INIT_SIZE 4 | |
37 | /* Max number of elements to store in an array block */ | |
ca0f6a5c | 38 | #define AHASH_MAX_SIZE (3 * AHASH_INIT_SIZE) |
18f84d41 JK |
39 | /* Max muber of elements in the array block when tuned */ |
40 | #define AHASH_MAX_TUNED 64 | |
1feab10d JK |
41 | |
42 | /* Max number of elements can be tuned */ | |
43 | #ifdef IP_SET_HASH_WITH_MULTI | |
44 | #define AHASH_MAX(h) ((h)->ahash_max) | |
45 | ||
46 | static inline u8 | |
47 | tune_ahash_max(u8 curr, u32 multi) | |
48 | { | |
49 | u32 n; | |
50 | ||
51 | if (multi < curr) | |
52 | return curr; | |
53 | ||
54 | n = curr + AHASH_INIT_SIZE; | |
55 | /* Currently, at listing one hash bucket must fit into a message. | |
56 | * Therefore we have a hard limit here. | |
57 | */ | |
18f84d41 | 58 | return n > curr && n <= AHASH_MAX_TUNED ? n : curr; |
1feab10d | 59 | } |
ca0f6a5c | 60 | |
1feab10d JK |
61 | #define TUNE_AHASH_MAX(h, multi) \ |
62 | ((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi)) | |
63 | #else | |
64 | #define AHASH_MAX(h) AHASH_MAX_SIZE | |
65 | #define TUNE_AHASH_MAX(h, multi) | |
66 | #endif | |
67 | ||
68 | /* A hash bucket */ | |
69 | struct hbucket { | |
18f84d41 JK |
70 | struct rcu_head rcu; /* for call_rcu_bh */ |
71 | /* Which positions are used in the array */ | |
72 | DECLARE_BITMAP(used, AHASH_MAX_TUNED); | |
1feab10d JK |
73 | u8 size; /* size of the array */ |
74 | u8 pos; /* position of the first free entry */ | |
95ad1f4a JK |
75 | unsigned char value[0] /* the array of the values */ |
76 | __aligned(__alignof__(u64)); | |
77 | }; | |
1feab10d JK |
78 | |
79 | /* The hash table: the table size stored here in order to make resizing easy */ | |
80 | struct htable { | |
c4c99783 JK |
81 | atomic_t ref; /* References for resizing */ |
82 | atomic_t uref; /* References for dumping */ | |
1feab10d | 83 | u8 htable_bits; /* size of hash table == 2^htable_bits */ |
18f84d41 | 84 | struct hbucket __rcu *bucket[0]; /* hashtable buckets */ |
1feab10d JK |
85 | }; |
86 | ||
18f84d41 | 87 | #define hbucket(h, i) ((h)->bucket[i]) |
a71bdbfa JK |
88 | #define ext_size(n, dsize) \ |
89 | (sizeof(struct hbucket) + (n) * (dsize)) | |
1feab10d | 90 | |
a04d8b6b JK |
91 | #ifndef IPSET_NET_COUNT |
92 | #define IPSET_NET_COUNT 1 | |
93 | #endif | |
94 | ||
1feab10d JK |
95 | /* Book-keeping of the prefixes added to the set */ |
96 | struct net_prefixes { | |
18f84d41 JK |
97 | u32 nets[IPSET_NET_COUNT]; /* number of elements for this cidr */ |
98 | u8 cidr[IPSET_NET_COUNT]; /* the cidr value */ | |
1feab10d JK |
99 | }; |
100 | ||
101 | /* Compute the hash table size */ | |
102 | static size_t | |
103 | htable_size(u8 hbits) | |
104 | { | |
105 | size_t hsize; | |
106 | ||
107 | /* We must fit both into u32 in jhash and size_t */ | |
108 | if (hbits > 31) | |
109 | return 0; | |
110 | hsize = jhash_size(hbits); | |
18f84d41 | 111 | if ((((size_t)-1) - sizeof(struct htable)) / sizeof(struct hbucket *) |
1feab10d JK |
112 | < hsize) |
113 | return 0; | |
114 | ||
18f84d41 | 115 | return hsize * sizeof(struct hbucket *) + sizeof(struct htable); |
1feab10d JK |
116 | } |
117 | ||
118 | /* Compute htable_bits from the user input parameter hashsize */ | |
119 | static u8 | |
120 | htable_bits(u32 hashsize) | |
121 | { | |
122 | /* Assume that hashsize == 2^htable_bits */ | |
123 | u8 bits = fls(hashsize - 1); | |
18f84d41 | 124 | |
1feab10d JK |
125 | if (jhash_size(bits) != hashsize) |
126 | /* Round up to the first 2^n value */ | |
127 | bits = fls(hashsize); | |
128 | ||
129 | return bits; | |
130 | } | |
131 | ||
1feab10d | 132 | #ifdef IP_SET_HASH_WITH_NETS |
ea53ac5b OS |
133 | #if IPSET_NET_COUNT > 1 |
134 | #define __CIDR(cidr, i) (cidr[i]) | |
135 | #else | |
136 | #define __CIDR(cidr, i) (cidr) | |
137 | #endif | |
25a76f34 JK |
138 | |
139 | /* cidr + 1 is stored in net_prefixes to support /0 */ | |
f690cbae JK |
140 | #define NCIDR_PUT(cidr) ((cidr) + 1) |
141 | #define NCIDR_GET(cidr) ((cidr) - 1) | |
25a76f34 | 142 | |
1feab10d | 143 | #ifdef IP_SET_HASH_WITH_NETS_PACKED |
25a76f34 | 144 | /* When cidr is packed with nomatch, cidr - 1 is stored in the data entry */ |
f690cbae JK |
145 | #define DCIDR_PUT(cidr) ((cidr) - 1) |
146 | #define DCIDR_GET(cidr, i) (__CIDR(cidr, i) + 1) | |
1feab10d | 147 | #else |
f690cbae JK |
148 | #define DCIDR_PUT(cidr) (cidr) |
149 | #define DCIDR_GET(cidr, i) __CIDR(cidr, i) | |
1feab10d JK |
150 | #endif |
151 | ||
f690cbae JK |
152 | #define INIT_CIDR(cidr, host_mask) \ |
153 | DCIDR_PUT(((cidr) ? NCIDR_GET(cidr) : host_mask)) | |
154 | ||
59de79cf | 155 | #ifdef IP_SET_HASH_WITH_NET0 |
cee8b97b JK |
156 | /* cidr from 0 to HOST_MASK value and c = cidr + 1 */ |
157 | #define NLEN (HOST_MASK + 1) | |
6fe7ccfd | 158 | #define CIDR_POS(c) ((c) - 1) |
1feab10d | 159 | #else |
cee8b97b JK |
160 | /* cidr from 1 to HOST_MASK value and c = cidr + 1 */ |
161 | #define NLEN HOST_MASK | |
6fe7ccfd | 162 | #define CIDR_POS(c) ((c) - 2) |
1feab10d JK |
163 | #endif |
164 | ||
165 | #else | |
cee8b97b | 166 | #define NLEN 0 |
1feab10d JK |
167 | #endif /* IP_SET_HASH_WITH_NETS */ |
168 | ||
1feab10d JK |
169 | #endif /* _IP_SET_HASH_GEN_H */ |
170 | ||
21956ab2 JK |
171 | #ifndef MTYPE |
172 | #error "MTYPE is not defined!" | |
173 | #endif | |
174 | ||
175 | #ifndef HTYPE | |
176 | #error "HTYPE is not defined!" | |
177 | #endif | |
178 | ||
179 | #ifndef HOST_MASK | |
180 | #error "HOST_MASK is not defined!" | |
181 | #endif | |
182 | ||
1feab10d JK |
183 | /* Family dependent templates */ |
184 | ||
185 | #undef ahash_data | |
186 | #undef mtype_data_equal | |
187 | #undef mtype_do_data_match | |
188 | #undef mtype_data_set_flags | |
43ef29c9 | 189 | #undef mtype_data_reset_elem |
1feab10d JK |
190 | #undef mtype_data_reset_flags |
191 | #undef mtype_data_netmask | |
192 | #undef mtype_data_list | |
193 | #undef mtype_data_next | |
194 | #undef mtype_elem | |
195 | ||
40cd63bf JK |
196 | #undef mtype_ahash_destroy |
197 | #undef mtype_ext_cleanup | |
1feab10d JK |
198 | #undef mtype_add_cidr |
199 | #undef mtype_del_cidr | |
200 | #undef mtype_ahash_memsize | |
201 | #undef mtype_flush | |
202 | #undef mtype_destroy | |
1feab10d JK |
203 | #undef mtype_same_set |
204 | #undef mtype_kadt | |
205 | #undef mtype_uadt | |
1feab10d JK |
206 | |
207 | #undef mtype_add | |
208 | #undef mtype_del | |
209 | #undef mtype_test_cidrs | |
210 | #undef mtype_test | |
c4c99783 | 211 | #undef mtype_uref |
1feab10d JK |
212 | #undef mtype_expire |
213 | #undef mtype_resize | |
214 | #undef mtype_head | |
215 | #undef mtype_list | |
216 | #undef mtype_gc | |
217 | #undef mtype_gc_init | |
218 | #undef mtype_variant | |
219 | #undef mtype_data_match | |
220 | ||
21956ab2 | 221 | #undef htype |
1feab10d JK |
222 | #undef HKEY |
223 | ||
35b8dcf8 | 224 | #define mtype_data_equal IPSET_TOKEN(MTYPE, _data_equal) |
1feab10d | 225 | #ifdef IP_SET_HASH_WITH_NETS |
35b8dcf8 | 226 | #define mtype_do_data_match IPSET_TOKEN(MTYPE, _do_data_match) |
1feab10d JK |
227 | #else |
228 | #define mtype_do_data_match(d) 1 | |
229 | #endif | |
35b8dcf8 | 230 | #define mtype_data_set_flags IPSET_TOKEN(MTYPE, _data_set_flags) |
ea53ac5b | 231 | #define mtype_data_reset_elem IPSET_TOKEN(MTYPE, _data_reset_elem) |
35b8dcf8 JK |
232 | #define mtype_data_reset_flags IPSET_TOKEN(MTYPE, _data_reset_flags) |
233 | #define mtype_data_netmask IPSET_TOKEN(MTYPE, _data_netmask) | |
234 | #define mtype_data_list IPSET_TOKEN(MTYPE, _data_list) | |
235 | #define mtype_data_next IPSET_TOKEN(MTYPE, _data_next) | |
236 | #define mtype_elem IPSET_TOKEN(MTYPE, _elem) | |
43ef29c9 | 237 | |
40cd63bf JK |
238 | #define mtype_ahash_destroy IPSET_TOKEN(MTYPE, _ahash_destroy) |
239 | #define mtype_ext_cleanup IPSET_TOKEN(MTYPE, _ext_cleanup) | |
35b8dcf8 JK |
240 | #define mtype_add_cidr IPSET_TOKEN(MTYPE, _add_cidr) |
241 | #define mtype_del_cidr IPSET_TOKEN(MTYPE, _del_cidr) | |
242 | #define mtype_ahash_memsize IPSET_TOKEN(MTYPE, _ahash_memsize) | |
243 | #define mtype_flush IPSET_TOKEN(MTYPE, _flush) | |
244 | #define mtype_destroy IPSET_TOKEN(MTYPE, _destroy) | |
35b8dcf8 JK |
245 | #define mtype_same_set IPSET_TOKEN(MTYPE, _same_set) |
246 | #define mtype_kadt IPSET_TOKEN(MTYPE, _kadt) | |
247 | #define mtype_uadt IPSET_TOKEN(MTYPE, _uadt) | |
1feab10d | 248 | |
35b8dcf8 JK |
249 | #define mtype_add IPSET_TOKEN(MTYPE, _add) |
250 | #define mtype_del IPSET_TOKEN(MTYPE, _del) | |
251 | #define mtype_test_cidrs IPSET_TOKEN(MTYPE, _test_cidrs) | |
252 | #define mtype_test IPSET_TOKEN(MTYPE, _test) | |
c4c99783 | 253 | #define mtype_uref IPSET_TOKEN(MTYPE, _uref) |
35b8dcf8 JK |
254 | #define mtype_expire IPSET_TOKEN(MTYPE, _expire) |
255 | #define mtype_resize IPSET_TOKEN(MTYPE, _resize) | |
256 | #define mtype_head IPSET_TOKEN(MTYPE, _head) | |
257 | #define mtype_list IPSET_TOKEN(MTYPE, _list) | |
258 | #define mtype_gc IPSET_TOKEN(MTYPE, _gc) | |
43ef29c9 | 259 | #define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init) |
35b8dcf8 JK |
260 | #define mtype_variant IPSET_TOKEN(MTYPE, _variant) |
261 | #define mtype_data_match IPSET_TOKEN(MTYPE, _data_match) | |
1feab10d JK |
262 | |
263 | #ifndef HKEY_DATALEN | |
264 | #define HKEY_DATALEN sizeof(struct mtype_elem) | |
265 | #endif | |
266 | ||
21956ab2 JK |
267 | #define htype MTYPE |
268 | ||
1feab10d | 269 | #define HKEY(data, initval, htable_bits) \ |
5a902e6d JK |
270 | ({ \ |
271 | const u32 *__k = (const u32 *)data; \ | |
272 | u32 __l = HKEY_DATALEN / sizeof(u32); \ | |
273 | \ | |
274 | BUILD_BUG_ON(HKEY_DATALEN % sizeof(u32) != 0); \ | |
275 | \ | |
276 | jhash2(__k, __l, initval) & jhash_mask(htable_bits); \ | |
277 | }) | |
1feab10d | 278 | |
1feab10d JK |
279 | /* The generic hash structure */ |
280 | struct htype { | |
a0f28dc7 | 281 | struct htable __rcu *table; /* the hash table */ |
21956ab2 | 282 | struct timer_list gc; /* garbage collection when timeout enabled */ |
a92c5751 | 283 | struct ip_set *set; /* attached to this ip_set */ |
1feab10d | 284 | u32 maxelem; /* max elements in the hash */ |
1feab10d | 285 | u32 initval; /* random jhash init value */ |
4d0e5c07 VD |
286 | #ifdef IP_SET_HASH_WITH_MARKMASK |
287 | u32 markmask; /* markmask value for mark mask to store */ | |
288 | #endif | |
1feab10d JK |
289 | #ifdef IP_SET_HASH_WITH_MULTI |
290 | u8 ahash_max; /* max elements in an array block */ | |
291 | #endif | |
292 | #ifdef IP_SET_HASH_WITH_NETMASK | |
293 | u8 netmask; /* netmask value for subnets to store */ | |
294 | #endif | |
21956ab2 | 295 | struct mtype_elem next; /* temporary storage for uadd */ |
1feab10d | 296 | #ifdef IP_SET_HASH_WITH_NETS |
21956ab2 | 297 | struct net_prefixes nets[NLEN]; /* book-keeping of prefixes */ |
1feab10d JK |
298 | #endif |
299 | }; | |
1feab10d JK |
300 | |
301 | #ifdef IP_SET_HASH_WITH_NETS | |
302 | /* Network cidr size book keeping when the hash stores different | |
f690cbae JK |
303 | * sized networks. cidr == real cidr + 1 to support /0. |
304 | */ | |
1feab10d | 305 | static void |
cee8b97b | 306 | mtype_add_cidr(struct htype *h, u8 cidr, u8 n) |
1feab10d JK |
307 | { |
308 | int i, j; | |
309 | ||
310 | /* Add in increasing prefix order, so larger cidr first */ | |
cee8b97b | 311 | for (i = 0, j = -1; i < NLEN && h->nets[i].cidr[n]; i++) { |
ca0f6a5c | 312 | if (j != -1) { |
1feab10d | 313 | continue; |
ca0f6a5c | 314 | } else if (h->nets[i].cidr[n] < cidr) { |
1feab10d | 315 | j = i; |
ca0f6a5c | 316 | } else if (h->nets[i].cidr[n] == cidr) { |
6fe7ccfd | 317 | h->nets[CIDR_POS(cidr)].nets[n]++; |
1feab10d JK |
318 | return; |
319 | } | |
320 | } | |
321 | if (j != -1) { | |
25a76f34 | 322 | for (; i > j; i--) |
a04d8b6b | 323 | h->nets[i].cidr[n] = h->nets[i - 1].cidr[n]; |
1feab10d | 324 | } |
a04d8b6b | 325 | h->nets[i].cidr[n] = cidr; |
6fe7ccfd | 326 | h->nets[CIDR_POS(cidr)].nets[n] = 1; |
1feab10d JK |
327 | } |
328 | ||
329 | static void | |
cee8b97b | 330 | mtype_del_cidr(struct htype *h, u8 cidr, u8 n) |
1feab10d | 331 | { |
cee8b97b | 332 | u8 i, j, net_end = NLEN - 1; |
2cf55125 | 333 | |
cee8b97b | 334 | for (i = 0; i < NLEN; i++) { |
ca0f6a5c JK |
335 | if (h->nets[i].cidr[n] != cidr) |
336 | continue; | |
6fe7ccfd JK |
337 | h->nets[CIDR_POS(cidr)].nets[n]--; |
338 | if (h->nets[CIDR_POS(cidr)].nets[n] > 0) | |
ca0f6a5c | 339 | return; |
25a76f34 | 340 | for (j = i; j < net_end && h->nets[j].cidr[n]; j++) |
ca0f6a5c | 341 | h->nets[j].cidr[n] = h->nets[j + 1].cidr[n]; |
25a76f34 | 342 | h->nets[j].cidr[n] = 0; |
ca0f6a5c | 343 | return; |
1feab10d JK |
344 | } |
345 | } | |
346 | #endif | |
347 | ||
348 | /* Calculate the actual memory size of the set data */ | |
349 | static size_t | |
cee8b97b | 350 | mtype_ahash_memsize(const struct htype *h, const struct htable *t) |
1feab10d | 351 | { |
21956ab2 | 352 | return sizeof(*h) + sizeof(*t); |
1feab10d JK |
353 | } |
354 | ||
40cd63bf JK |
355 | /* Get the ith element from the array block n */ |
356 | #define ahash_data(n, i, dsize) \ | |
357 | ((struct mtype_elem *)((n)->value + ((i) * (dsize)))) | |
358 | ||
359 | static void | |
360 | mtype_ext_cleanup(struct ip_set *set, struct hbucket *n) | |
361 | { | |
362 | int i; | |
363 | ||
364 | for (i = 0; i < n->pos; i++) | |
18f84d41 JK |
365 | if (test_bit(i, n->used)) |
366 | ip_set_ext_destroy(set, ahash_data(n, i, set->dsize)); | |
40cd63bf JK |
367 | } |
368 | ||
1feab10d JK |
369 | /* Flush a hash type of set: destroy all elements */ |
370 | static void | |
371 | mtype_flush(struct ip_set *set) | |
372 | { | |
373 | struct htype *h = set->data; | |
a0f28dc7 | 374 | struct htable *t; |
1feab10d JK |
375 | struct hbucket *n; |
376 | u32 i; | |
377 | ||
18f84d41 | 378 | t = ipset_dereference_protected(h->table, set); |
1feab10d | 379 | for (i = 0; i < jhash_size(t->htable_bits); i++) { |
18f84d41 JK |
380 | n = __ipset_dereference_protected(hbucket(t, i), 1); |
381 | if (!n) | |
382 | continue; | |
383 | if (set->extensions & IPSET_EXT_DESTROY) | |
384 | mtype_ext_cleanup(set, n); | |
385 | /* FIXME: use slab cache */ | |
386 | rcu_assign_pointer(hbucket(t, i), NULL); | |
387 | kfree_rcu(n, rcu); | |
1feab10d JK |
388 | } |
389 | #ifdef IP_SET_HASH_WITH_NETS | |
21956ab2 | 390 | memset(h->nets, 0, sizeof(h->nets)); |
1feab10d | 391 | #endif |
702b71e7 | 392 | set->elements = 0; |
9e41f26a | 393 | set->ext_size = 0; |
1feab10d JK |
394 | } |
395 | ||
40cd63bf JK |
396 | /* Destroy the hashtable part of the set */ |
397 | static void | |
80571a9e | 398 | mtype_ahash_destroy(struct ip_set *set, struct htable *t, bool ext_destroy) |
40cd63bf JK |
399 | { |
400 | struct hbucket *n; | |
401 | u32 i; | |
402 | ||
403 | for (i = 0; i < jhash_size(t->htable_bits); i++) { | |
18f84d41 JK |
404 | n = __ipset_dereference_protected(hbucket(t, i), 1); |
405 | if (!n) | |
406 | continue; | |
407 | if (set->extensions & IPSET_EXT_DESTROY && ext_destroy) | |
408 | mtype_ext_cleanup(set, n); | |
409 | /* FIXME: use slab cache */ | |
410 | kfree(n); | |
40cd63bf JK |
411 | } |
412 | ||
413 | ip_set_free(t); | |
414 | } | |
415 | ||
1feab10d JK |
416 | /* Destroy a hash type of set */ |
417 | static void | |
418 | mtype_destroy(struct ip_set *set) | |
419 | { | |
420 | struct htype *h = set->data; | |
421 | ||
edda0791 | 422 | if (SET_WITH_TIMEOUT(set)) |
1feab10d JK |
423 | del_timer_sync(&h->gc); |
424 | ||
ca0f6a5c JK |
425 | mtype_ahash_destroy(set, |
426 | __ipset_dereference_protected(h->table, 1), true); | |
1feab10d JK |
427 | kfree(h); |
428 | ||
429 | set->data = NULL; | |
430 | } | |
431 | ||
432 | static void | |
a92c5751 | 433 | mtype_gc_init(struct ip_set *set, void (*gc)(struct timer_list *t)) |
1feab10d JK |
434 | { |
435 | struct htype *h = set->data; | |
436 | ||
a92c5751 | 437 | timer_setup(&h->gc, gc, 0); |
fcb58a03 | 438 | mod_timer(&h->gc, jiffies + IPSET_GC_PERIOD(set->timeout) * HZ); |
1feab10d | 439 | pr_debug("gc initialized, run in every %u\n", |
ca134ce8 | 440 | IPSET_GC_PERIOD(set->timeout)); |
1feab10d JK |
441 | } |
442 | ||
443 | static bool | |
444 | mtype_same_set(const struct ip_set *a, const struct ip_set *b) | |
445 | { | |
446 | const struct htype *x = a->data; | |
447 | const struct htype *y = b->data; | |
448 | ||
449 | /* Resizing changes htable_bits, so we ignore it */ | |
450 | return x->maxelem == y->maxelem && | |
ca134ce8 | 451 | a->timeout == b->timeout && |
1feab10d JK |
452 | #ifdef IP_SET_HASH_WITH_NETMASK |
453 | x->netmask == y->netmask && | |
4d0e5c07 VD |
454 | #endif |
455 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
456 | x->markmask == y->markmask && | |
1feab10d JK |
457 | #endif |
458 | a->extensions == b->extensions; | |
459 | } | |
460 | ||
1feab10d JK |
461 | /* Delete expired elements from the hashtable */ |
462 | static void | |
5fdb5f69 | 463 | mtype_expire(struct ip_set *set, struct htype *h) |
1feab10d | 464 | { |
a0f28dc7 | 465 | struct htable *t; |
0aae24eb | 466 | struct hbucket *n, *tmp; |
1feab10d | 467 | struct mtype_elem *data; |
18f84d41 | 468 | u32 i, j, d; |
5fdb5f69 | 469 | size_t dsize = set->dsize; |
ea53ac5b | 470 | #ifdef IP_SET_HASH_WITH_NETS |
cee8b97b | 471 | u8 k; |
ea53ac5b | 472 | #endif |
1feab10d | 473 | |
18f84d41 | 474 | t = ipset_dereference_protected(h->table, set); |
1feab10d | 475 | for (i = 0; i < jhash_size(t->htable_bits); i++) { |
18f84d41 JK |
476 | n = __ipset_dereference_protected(hbucket(t, i), 1); |
477 | if (!n) | |
478 | continue; | |
479 | for (j = 0, d = 0; j < n->pos; j++) { | |
480 | if (!test_bit(j, n->used)) { | |
481 | d++; | |
482 | continue; | |
483 | } | |
1feab10d | 484 | data = ahash_data(n, j, dsize); |
509debc9 JK |
485 | if (!ip_set_timeout_expired(ext_timeout(data, set))) |
486 | continue; | |
487 | pr_debug("expired %u/%u\n", i, j); | |
488 | clear_bit(j, n->used); | |
489 | smp_mb__after_atomic(); | |
1feab10d | 490 | #ifdef IP_SET_HASH_WITH_NETS |
509debc9 JK |
491 | for (k = 0; k < IPSET_NET_COUNT; k++) |
492 | mtype_del_cidr(h, | |
493 | NCIDR_PUT(DCIDR_GET(data->cidr, k)), | |
cee8b97b | 494 | k); |
1feab10d | 495 | #endif |
509debc9 JK |
496 | ip_set_ext_destroy(set, data); |
497 | set->elements--; | |
498 | d++; | |
1feab10d | 499 | } |
18f84d41 | 500 | if (d >= AHASH_INIT_SIZE) { |
0aae24eb JK |
501 | if (d >= n->size) { |
502 | rcu_assign_pointer(hbucket(t, i), NULL); | |
503 | kfree_rcu(n, rcu); | |
504 | continue; | |
505 | } | |
506 | tmp = kzalloc(sizeof(*tmp) + | |
507 | (n->size - AHASH_INIT_SIZE) * dsize, | |
508 | GFP_ATOMIC); | |
1feab10d JK |
509 | if (!tmp) |
510 | /* Still try to delete expired elements */ | |
511 | continue; | |
18f84d41 JK |
512 | tmp->size = n->size - AHASH_INIT_SIZE; |
513 | for (j = 0, d = 0; j < n->pos; j++) { | |
514 | if (!test_bit(j, n->used)) | |
515 | continue; | |
516 | data = ahash_data(n, j, dsize); | |
517 | memcpy(tmp->value + d * dsize, data, dsize); | |
e9dfdc05 | 518 | set_bit(d, tmp->used); |
18f84d41 JK |
519 | d++; |
520 | } | |
521 | tmp->pos = d; | |
a71bdbfa | 522 | set->ext_size -= ext_size(AHASH_INIT_SIZE, dsize); |
18f84d41 JK |
523 | rcu_assign_pointer(hbucket(t, i), tmp); |
524 | kfree_rcu(n, rcu); | |
1feab10d JK |
525 | } |
526 | } | |
527 | } | |
528 | ||
529 | static void | |
a92c5751 | 530 | mtype_gc(struct timer_list *t) |
1feab10d | 531 | { |
a92c5751 KC |
532 | struct htype *h = from_timer(h, t, gc); |
533 | struct ip_set *set = h->set; | |
1feab10d JK |
534 | |
535 | pr_debug("called\n"); | |
18f84d41 | 536 | spin_lock_bh(&set->lock); |
5fdb5f69 | 537 | mtype_expire(set, h); |
18f84d41 | 538 | spin_unlock_bh(&set->lock); |
1feab10d | 539 | |
ca134ce8 | 540 | h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ; |
1feab10d JK |
541 | add_timer(&h->gc); |
542 | } | |
543 | ||
544 | /* Resize a hash: create a new hash table with doubling the hashsize | |
545 | * and inserting the elements to it. Repeat until we succeed or | |
ca0f6a5c JK |
546 | * fail due to memory pressures. |
547 | */ | |
1feab10d JK |
548 | static int |
549 | mtype_resize(struct ip_set *set, bool retried) | |
550 | { | |
551 | struct htype *h = set->data; | |
18f84d41 JK |
552 | struct htable *t, *orig; |
553 | u8 htable_bits; | |
9e41f26a | 554 | size_t extsize, dsize = set->dsize; |
1feab10d JK |
555 | #ifdef IP_SET_HASH_WITH_NETS |
556 | u8 flags; | |
18f84d41 | 557 | struct mtype_elem *tmp; |
1feab10d JK |
558 | #endif |
559 | struct mtype_elem *data; | |
560 | struct mtype_elem *d; | |
561 | struct hbucket *n, *m; | |
18f84d41 | 562 | u32 i, j, key; |
1feab10d JK |
563 | int ret; |
564 | ||
18f84d41 JK |
565 | #ifdef IP_SET_HASH_WITH_NETS |
566 | tmp = kmalloc(dsize, GFP_KERNEL); | |
567 | if (!tmp) | |
568 | return -ENOMEM; | |
569 | #endif | |
570 | rcu_read_lock_bh(); | |
571 | orig = rcu_dereference_bh_nfnl(h->table); | |
572 | htable_bits = orig->htable_bits; | |
573 | rcu_read_unlock_bh(); | |
1feab10d JK |
574 | |
575 | retry: | |
576 | ret = 0; | |
577 | htable_bits++; | |
1feab10d JK |
578 | if (!htable_bits) { |
579 | /* In case we have plenty of memory :-) */ | |
b167a37c JP |
580 | pr_warn("Cannot increase the hashsize of set %s further\n", |
581 | set->name); | |
18f84d41 JK |
582 | ret = -IPSET_ERR_HASH_FULL; |
583 | goto out; | |
584 | } | |
585 | t = ip_set_alloc(htable_size(htable_bits)); | |
586 | if (!t) { | |
587 | ret = -ENOMEM; | |
588 | goto out; | |
1feab10d | 589 | } |
1feab10d JK |
590 | t->htable_bits = htable_bits; |
591 | ||
18f84d41 JK |
592 | spin_lock_bh(&set->lock); |
593 | orig = __ipset_dereference_protected(h->table, 1); | |
c4c99783 JK |
594 | /* There can't be another parallel resizing, but dumping is possible */ |
595 | atomic_set(&orig->ref, 1); | |
596 | atomic_inc(&orig->uref); | |
9e41f26a | 597 | extsize = 0; |
18f84d41 JK |
598 | pr_debug("attempt to resize set %s from %u to %u, t %p\n", |
599 | set->name, orig->htable_bits, htable_bits, orig); | |
1feab10d | 600 | for (i = 0; i < jhash_size(orig->htable_bits); i++) { |
18f84d41 JK |
601 | n = __ipset_dereference_protected(hbucket(orig, i), 1); |
602 | if (!n) | |
603 | continue; | |
1feab10d | 604 | for (j = 0; j < n->pos; j++) { |
18f84d41 JK |
605 | if (!test_bit(j, n->used)) |
606 | continue; | |
607 | data = ahash_data(n, j, dsize); | |
1feab10d | 608 | #ifdef IP_SET_HASH_WITH_NETS |
18f84d41 JK |
609 | /* We have readers running parallel with us, |
610 | * so the live data cannot be modified. | |
611 | */ | |
1feab10d | 612 | flags = 0; |
18f84d41 JK |
613 | memcpy(tmp, data, dsize); |
614 | data = tmp; | |
1feab10d JK |
615 | mtype_data_reset_flags(data, &flags); |
616 | #endif | |
18f84d41 JK |
617 | key = HKEY(data, h->initval, htable_bits); |
618 | m = __ipset_dereference_protected(hbucket(t, key), 1); | |
619 | if (!m) { | |
620 | m = kzalloc(sizeof(*m) + | |
621 | AHASH_INIT_SIZE * dsize, | |
622 | GFP_ATOMIC); | |
623 | if (!m) { | |
624 | ret = -ENOMEM; | |
625 | goto cleanup; | |
626 | } | |
627 | m->size = AHASH_INIT_SIZE; | |
a71bdbfa | 628 | extsize = ext_size(AHASH_INIT_SIZE, dsize); |
18f84d41 JK |
629 | RCU_INIT_POINTER(hbucket(t, key), m); |
630 | } else if (m->pos >= m->size) { | |
631 | struct hbucket *ht; | |
632 | ||
633 | if (m->size >= AHASH_MAX(h)) { | |
634 | ret = -EAGAIN; | |
635 | } else { | |
636 | ht = kzalloc(sizeof(*ht) + | |
637 | (m->size + AHASH_INIT_SIZE) | |
638 | * dsize, | |
639 | GFP_ATOMIC); | |
640 | if (!ht) | |
641 | ret = -ENOMEM; | |
642 | } | |
643 | if (ret < 0) | |
644 | goto cleanup; | |
645 | memcpy(ht, m, sizeof(struct hbucket) + | |
646 | m->size * dsize); | |
647 | ht->size = m->size + AHASH_INIT_SIZE; | |
a71bdbfa | 648 | extsize += ext_size(AHASH_INIT_SIZE, dsize); |
18f84d41 JK |
649 | kfree(m); |
650 | m = ht; | |
651 | RCU_INIT_POINTER(hbucket(t, key), ht); | |
1feab10d | 652 | } |
18f84d41 JK |
653 | d = ahash_data(m, m->pos, dsize); |
654 | memcpy(d, data, dsize); | |
655 | set_bit(m->pos++, m->used); | |
1feab10d JK |
656 | #ifdef IP_SET_HASH_WITH_NETS |
657 | mtype_data_reset_flags(d, &flags); | |
658 | #endif | |
659 | } | |
660 | } | |
1feab10d | 661 | rcu_assign_pointer(h->table, t); |
9e41f26a | 662 | set->ext_size = extsize; |
18f84d41 JK |
663 | |
664 | spin_unlock_bh(&set->lock); | |
1feab10d JK |
665 | |
666 | /* Give time to other readers of the set */ | |
667 | synchronize_rcu_bh(); | |
668 | ||
669 | pr_debug("set %s resized from %u (%p) to %u (%p)\n", set->name, | |
670 | orig->htable_bits, orig, t->htable_bits, t); | |
c4c99783 JK |
671 | /* If there's nobody else dumping the table, destroy it */ |
672 | if (atomic_dec_and_test(&orig->uref)) { | |
673 | pr_debug("Table destroy by resize %p\n", orig); | |
674 | mtype_ahash_destroy(set, orig, false); | |
675 | } | |
1feab10d | 676 | |
18f84d41 JK |
677 | out: |
678 | #ifdef IP_SET_HASH_WITH_NETS | |
679 | kfree(tmp); | |
680 | #endif | |
681 | return ret; | |
682 | ||
683 | cleanup: | |
684 | atomic_set(&orig->ref, 0); | |
685 | atomic_dec(&orig->uref); | |
686 | spin_unlock_bh(&set->lock); | |
687 | mtype_ahash_destroy(set, t, false); | |
688 | if (ret == -EAGAIN) | |
689 | goto retry; | |
690 | goto out; | |
1feab10d JK |
691 | } |
692 | ||
693 | /* Add an element to a hash and update the internal counters when succeeded, | |
ca0f6a5c JK |
694 | * otherwise report the proper error code. |
695 | */ | |
1feab10d JK |
696 | static int |
697 | mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
698 | struct ip_set_ext *mext, u32 flags) | |
699 | { | |
700 | struct htype *h = set->data; | |
701 | struct htable *t; | |
702 | const struct mtype_elem *d = value; | |
703 | struct mtype_elem *data; | |
18f84d41 JK |
704 | struct hbucket *n, *old = ERR_PTR(-ENOENT); |
705 | int i, j = -1; | |
1feab10d | 706 | bool flag_exist = flags & IPSET_FLAG_EXIST; |
18f84d41 | 707 | bool deleted = false, forceadd = false, reuse = false; |
1feab10d JK |
708 | u32 key, multi = 0; |
709 | ||
702b71e7 | 710 | if (set->elements >= h->maxelem) { |
18f84d41 JK |
711 | if (SET_WITH_TIMEOUT(set)) |
712 | /* FIXME: when set is full, we slow down here */ | |
5fdb5f69 | 713 | mtype_expire(set, h); |
702b71e7 | 714 | if (set->elements >= h->maxelem && SET_WITH_FORCEADD(set)) |
18f84d41 JK |
715 | forceadd = true; |
716 | } | |
717 | ||
718 | t = ipset_dereference_protected(h->table, set); | |
1feab10d | 719 | key = HKEY(value, h->initval, t->htable_bits); |
18f84d41 JK |
720 | n = __ipset_dereference_protected(hbucket(t, key), 1); |
721 | if (!n) { | |
9be37d2a | 722 | if (forceadd || set->elements >= h->maxelem) |
18f84d41 | 723 | goto set_full; |
18f84d41 JK |
724 | old = NULL; |
725 | n = kzalloc(sizeof(*n) + AHASH_INIT_SIZE * set->dsize, | |
726 | GFP_ATOMIC); | |
727 | if (!n) | |
728 | return -ENOMEM; | |
729 | n->size = AHASH_INIT_SIZE; | |
a71bdbfa | 730 | set->ext_size += ext_size(AHASH_INIT_SIZE, set->dsize); |
18f84d41 JK |
731 | goto copy_elem; |
732 | } | |
1feab10d | 733 | for (i = 0; i < n->pos; i++) { |
18f84d41 JK |
734 | if (!test_bit(i, n->used)) { |
735 | /* Reuse first deleted entry */ | |
736 | if (j == -1) { | |
737 | deleted = reuse = true; | |
738 | j = i; | |
739 | } | |
740 | continue; | |
741 | } | |
ca134ce8 | 742 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
743 | if (mtype_data_equal(data, d, &multi)) { |
744 | if (flag_exist || | |
745 | (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 746 | ip_set_timeout_expired(ext_timeout(data, set)))) { |
1feab10d JK |
747 | /* Just the extensions could be overwritten */ |
748 | j = i; | |
18f84d41 | 749 | goto overwrite_extensions; |
1feab10d | 750 | } |
18f84d41 | 751 | return -IPSET_ERR_EXIST; |
1feab10d JK |
752 | } |
753 | /* Reuse first timed out entry */ | |
754 | if (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 755 | ip_set_timeout_expired(ext_timeout(data, set)) && |
18f84d41 | 756 | j == -1) { |
1feab10d | 757 | j = i; |
18f84d41 JK |
758 | reuse = true; |
759 | } | |
1feab10d | 760 | } |
18f84d41 | 761 | if (reuse || forceadd) { |
ca134ce8 | 762 | data = ahash_data(n, j, set->dsize); |
18f84d41 | 763 | if (!deleted) { |
1feab10d | 764 | #ifdef IP_SET_HASH_WITH_NETS |
18f84d41 JK |
765 | for (i = 0; i < IPSET_NET_COUNT; i++) |
766 | mtype_del_cidr(h, | |
767 | NCIDR_PUT(DCIDR_GET(data->cidr, i)), | |
cee8b97b | 768 | i); |
1feab10d | 769 | #endif |
18f84d41 | 770 | ip_set_ext_destroy(set, data); |
702b71e7 | 771 | set->elements--; |
18f84d41 JK |
772 | } |
773 | goto copy_data; | |
774 | } | |
702b71e7 | 775 | if (set->elements >= h->maxelem) |
18f84d41 JK |
776 | goto set_full; |
777 | /* Create a new slot */ | |
778 | if (n->pos >= n->size) { | |
1feab10d | 779 | TUNE_AHASH_MAX(h, multi); |
18f84d41 JK |
780 | if (n->size >= AHASH_MAX(h)) { |
781 | /* Trigger rehashing */ | |
782 | mtype_data_next(&h->next, d); | |
783 | return -EAGAIN; | |
1feab10d | 784 | } |
18f84d41 JK |
785 | old = n; |
786 | n = kzalloc(sizeof(*n) + | |
787 | (old->size + AHASH_INIT_SIZE) * set->dsize, | |
788 | GFP_ATOMIC); | |
789 | if (!n) | |
790 | return -ENOMEM; | |
791 | memcpy(n, old, sizeof(struct hbucket) + | |
792 | old->size * set->dsize); | |
793 | n->size = old->size + AHASH_INIT_SIZE; | |
a71bdbfa | 794 | set->ext_size += ext_size(AHASH_INIT_SIZE, set->dsize); |
18f84d41 JK |
795 | } |
796 | ||
797 | copy_elem: | |
798 | j = n->pos++; | |
799 | data = ahash_data(n, j, set->dsize); | |
800 | copy_data: | |
702b71e7 | 801 | set->elements++; |
1feab10d | 802 | #ifdef IP_SET_HASH_WITH_NETS |
18f84d41 | 803 | for (i = 0; i < IPSET_NET_COUNT; i++) |
cee8b97b | 804 | mtype_add_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, i)), i); |
1feab10d | 805 | #endif |
1feab10d | 806 | memcpy(data, d, sizeof(struct mtype_elem)); |
18f84d41 | 807 | overwrite_extensions: |
1feab10d JK |
808 | #ifdef IP_SET_HASH_WITH_NETS |
809 | mtype_data_set_flags(data, flags); | |
810 | #endif | |
00d71b27 | 811 | if (SET_WITH_COUNTER(set)) |
ca134ce8 | 812 | ip_set_init_counter(ext_counter(data, set), ext); |
fda75c6d | 813 | if (SET_WITH_COMMENT(set)) |
9e41f26a | 814 | ip_set_init_comment(set, ext_comment(data, set), ext); |
af331419 AD |
815 | if (SET_WITH_SKBINFO(set)) |
816 | ip_set_init_skbinfo(ext_skbinfo(data, set), ext); | |
18f84d41 JK |
817 | /* Must come last for the case when timed out entry is reused */ |
818 | if (SET_WITH_TIMEOUT(set)) | |
819 | ip_set_timeout_set(ext_timeout(data, set), ext->timeout); | |
820 | smp_mb__before_atomic(); | |
821 | set_bit(j, n->used); | |
822 | if (old != ERR_PTR(-ENOENT)) { | |
823 | rcu_assign_pointer(hbucket(t, key), n); | |
824 | if (old) | |
825 | kfree_rcu(old, rcu); | |
826 | } | |
1feab10d | 827 | |
18f84d41 JK |
828 | return 0; |
829 | set_full: | |
830 | if (net_ratelimit()) | |
831 | pr_warn("Set %s is full, maxelem %u reached\n", | |
832 | set->name, h->maxelem); | |
833 | return -IPSET_ERR_HASH_FULL; | |
1feab10d JK |
834 | } |
835 | ||
18f84d41 | 836 | /* Delete an element from the hash and free up space if possible. |
1feab10d JK |
837 | */ |
838 | static int | |
839 | mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
840 | struct ip_set_ext *mext, u32 flags) | |
841 | { | |
842 | struct htype *h = set->data; | |
a0f28dc7 | 843 | struct htable *t; |
1feab10d JK |
844 | const struct mtype_elem *d = value; |
845 | struct mtype_elem *data; | |
846 | struct hbucket *n; | |
18f84d41 | 847 | int i, j, k, ret = -IPSET_ERR_EXIST; |
1feab10d | 848 | u32 key, multi = 0; |
18f84d41 | 849 | size_t dsize = set->dsize; |
1feab10d | 850 | |
18f84d41 | 851 | t = ipset_dereference_protected(h->table, set); |
1feab10d | 852 | key = HKEY(value, h->initval, t->htable_bits); |
18f84d41 JK |
853 | n = __ipset_dereference_protected(hbucket(t, key), 1); |
854 | if (!n) | |
855 | goto out; | |
856 | for (i = 0, k = 0; i < n->pos; i++) { | |
857 | if (!test_bit(i, n->used)) { | |
858 | k++; | |
859 | continue; | |
860 | } | |
861 | data = ahash_data(n, i, dsize); | |
1feab10d JK |
862 | if (!mtype_data_equal(data, d, &multi)) |
863 | continue; | |
864 | if (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 865 | ip_set_timeout_expired(ext_timeout(data, set))) |
a0f28dc7 | 866 | goto out; |
1feab10d | 867 | |
18f84d41 JK |
868 | ret = 0; |
869 | clear_bit(i, n->used); | |
870 | smp_mb__after_atomic(); | |
871 | if (i + 1 == n->pos) | |
872 | n->pos--; | |
702b71e7 | 873 | set->elements--; |
1feab10d | 874 | #ifdef IP_SET_HASH_WITH_NETS |
ea53ac5b | 875 | for (j = 0; j < IPSET_NET_COUNT; j++) |
f690cbae | 876 | mtype_del_cidr(h, NCIDR_PUT(DCIDR_GET(d->cidr, j)), |
cee8b97b | 877 | j); |
1feab10d | 878 | #endif |
40cd63bf | 879 | ip_set_ext_destroy(set, data); |
18f84d41 JK |
880 | |
881 | for (; i < n->pos; i++) { | |
882 | if (!test_bit(i, n->used)) | |
883 | k++; | |
884 | } | |
885 | if (n->pos == 0 && k == 0) { | |
a71bdbfa | 886 | set->ext_size -= ext_size(n->size, dsize); |
18f84d41 JK |
887 | rcu_assign_pointer(hbucket(t, key), NULL); |
888 | kfree_rcu(n, rcu); | |
889 | } else if (k >= AHASH_INIT_SIZE) { | |
890 | struct hbucket *tmp = kzalloc(sizeof(*tmp) + | |
891 | (n->size - AHASH_INIT_SIZE) * dsize, | |
892 | GFP_ATOMIC); | |
893 | if (!tmp) | |
a0f28dc7 | 894 | goto out; |
18f84d41 JK |
895 | tmp->size = n->size - AHASH_INIT_SIZE; |
896 | for (j = 0, k = 0; j < n->pos; j++) { | |
897 | if (!test_bit(j, n->used)) | |
898 | continue; | |
899 | data = ahash_data(n, j, dsize); | |
900 | memcpy(tmp->value + k * dsize, data, dsize); | |
50054a92 | 901 | set_bit(k, tmp->used); |
18f84d41 | 902 | k++; |
a0f28dc7 | 903 | } |
18f84d41 | 904 | tmp->pos = k; |
a71bdbfa | 905 | set->ext_size -= ext_size(AHASH_INIT_SIZE, dsize); |
18f84d41 JK |
906 | rcu_assign_pointer(hbucket(t, key), tmp); |
907 | kfree_rcu(n, rcu); | |
1feab10d | 908 | } |
a0f28dc7 | 909 | goto out; |
1feab10d JK |
910 | } |
911 | ||
a0f28dc7 | 912 | out: |
a0f28dc7 | 913 | return ret; |
1feab10d JK |
914 | } |
915 | ||
916 | static inline int | |
917 | mtype_data_match(struct mtype_elem *data, const struct ip_set_ext *ext, | |
918 | struct ip_set_ext *mext, struct ip_set *set, u32 flags) | |
919 | { | |
00d71b27 | 920 | if (SET_WITH_COUNTER(set)) |
ca134ce8 | 921 | ip_set_update_counter(ext_counter(data, set), |
00d71b27 | 922 | ext, mext, flags); |
af331419 AD |
923 | if (SET_WITH_SKBINFO(set)) |
924 | ip_set_get_skbinfo(ext_skbinfo(data, set), | |
925 | ext, mext, flags); | |
1feab10d JK |
926 | return mtype_do_data_match(data); |
927 | } | |
928 | ||
929 | #ifdef IP_SET_HASH_WITH_NETS | |
930 | /* Special test function which takes into account the different network | |
ca0f6a5c JK |
931 | * sizes added to the set |
932 | */ | |
1feab10d JK |
933 | static int |
934 | mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d, | |
935 | const struct ip_set_ext *ext, | |
936 | struct ip_set_ext *mext, u32 flags) | |
937 | { | |
938 | struct htype *h = set->data; | |
a0f28dc7 | 939 | struct htable *t = rcu_dereference_bh(h->table); |
1feab10d JK |
940 | struct hbucket *n; |
941 | struct mtype_elem *data; | |
ea53ac5b OS |
942 | #if IPSET_NET_COUNT == 2 |
943 | struct mtype_elem orig = *d; | |
944 | int i, j = 0, k; | |
945 | #else | |
1feab10d | 946 | int i, j = 0; |
ea53ac5b | 947 | #endif |
1feab10d | 948 | u32 key, multi = 0; |
1feab10d JK |
949 | |
950 | pr_debug("test by nets\n"); | |
cee8b97b | 951 | for (; j < NLEN && h->nets[j].cidr[0] && !multi; j++) { |
ea53ac5b OS |
952 | #if IPSET_NET_COUNT == 2 |
953 | mtype_data_reset_elem(d, &orig); | |
f690cbae | 954 | mtype_data_netmask(d, NCIDR_GET(h->nets[j].cidr[0]), false); |
cee8b97b | 955 | for (k = 0; k < NLEN && h->nets[k].cidr[1] && !multi; |
ea53ac5b | 956 | k++) { |
f690cbae JK |
957 | mtype_data_netmask(d, NCIDR_GET(h->nets[k].cidr[1]), |
958 | true); | |
ea53ac5b | 959 | #else |
f690cbae | 960 | mtype_data_netmask(d, NCIDR_GET(h->nets[j].cidr[0])); |
ea53ac5b | 961 | #endif |
1feab10d | 962 | key = HKEY(d, h->initval, t->htable_bits); |
18f84d41 JK |
963 | n = rcu_dereference_bh(hbucket(t, key)); |
964 | if (!n) | |
965 | continue; | |
1feab10d | 966 | for (i = 0; i < n->pos; i++) { |
18f84d41 JK |
967 | if (!test_bit(i, n->used)) |
968 | continue; | |
ca134ce8 | 969 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
970 | if (!mtype_data_equal(data, d, &multi)) |
971 | continue; | |
972 | if (SET_WITH_TIMEOUT(set)) { | |
973 | if (!ip_set_timeout_expired( | |
ca134ce8 | 974 | ext_timeout(data, set))) |
1feab10d JK |
975 | return mtype_data_match(data, ext, |
976 | mext, set, | |
977 | flags); | |
978 | #ifdef IP_SET_HASH_WITH_MULTI | |
979 | multi = 0; | |
980 | #endif | |
981 | } else | |
982 | return mtype_data_match(data, ext, | |
983 | mext, set, flags); | |
984 | } | |
ea53ac5b OS |
985 | #if IPSET_NET_COUNT == 2 |
986 | } | |
987 | #endif | |
1feab10d JK |
988 | } |
989 | return 0; | |
990 | } | |
991 | #endif | |
992 | ||
993 | /* Test whether the element is added to the set */ | |
994 | static int | |
995 | mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
996 | struct ip_set_ext *mext, u32 flags) | |
997 | { | |
998 | struct htype *h = set->data; | |
a0f28dc7 | 999 | struct htable *t; |
1feab10d JK |
1000 | struct mtype_elem *d = value; |
1001 | struct hbucket *n; | |
1002 | struct mtype_elem *data; | |
a0f28dc7 | 1003 | int i, ret = 0; |
1feab10d JK |
1004 | u32 key, multi = 0; |
1005 | ||
a0f28dc7 | 1006 | t = rcu_dereference_bh(h->table); |
1feab10d JK |
1007 | #ifdef IP_SET_HASH_WITH_NETS |
1008 | /* If we test an IP address and not a network address, | |
ca0f6a5c JK |
1009 | * try all possible network sizes |
1010 | */ | |
ea53ac5b | 1011 | for (i = 0; i < IPSET_NET_COUNT; i++) |
cee8b97b | 1012 | if (DCIDR_GET(d->cidr, i) != HOST_MASK) |
ea53ac5b OS |
1013 | break; |
1014 | if (i == IPSET_NET_COUNT) { | |
a0f28dc7 JK |
1015 | ret = mtype_test_cidrs(set, d, ext, mext, flags); |
1016 | goto out; | |
1017 | } | |
1feab10d JK |
1018 | #endif |
1019 | ||
1020 | key = HKEY(d, h->initval, t->htable_bits); | |
18f84d41 JK |
1021 | n = rcu_dereference_bh(hbucket(t, key)); |
1022 | if (!n) { | |
1023 | ret = 0; | |
1024 | goto out; | |
1025 | } | |
1feab10d | 1026 | for (i = 0; i < n->pos; i++) { |
18f84d41 JK |
1027 | if (!test_bit(i, n->used)) |
1028 | continue; | |
ca134ce8 | 1029 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
1030 | if (mtype_data_equal(data, d, &multi) && |
1031 | !(SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 1032 | ip_set_timeout_expired(ext_timeout(data, set)))) { |
a0f28dc7 JK |
1033 | ret = mtype_data_match(data, ext, mext, set, flags); |
1034 | goto out; | |
1035 | } | |
1feab10d | 1036 | } |
a0f28dc7 | 1037 | out: |
a0f28dc7 | 1038 | return ret; |
1feab10d JK |
1039 | } |
1040 | ||
1041 | /* Reply a HEADER request: fill out the header part of the set */ | |
1042 | static int | |
1043 | mtype_head(struct ip_set *set, struct sk_buff *skb) | |
1044 | { | |
7f4f7dd4 | 1045 | struct htype *h = set->data; |
a0f28dc7 | 1046 | const struct htable *t; |
1feab10d JK |
1047 | struct nlattr *nested; |
1048 | size_t memsize; | |
18f84d41 | 1049 | u8 htable_bits; |
1feab10d | 1050 | |
7f4f7dd4 VP |
1051 | /* If any members have expired, set->elements will be wrong |
1052 | * mytype_expire function will update it with the right count. | |
1053 | * we do not hold set->lock here, so grab it first. | |
1054 | * set->elements can still be incorrect in the case of a huge set, | |
1055 | * because elements might time out during the listing. | |
1056 | */ | |
1057 | if (SET_WITH_TIMEOUT(set)) { | |
1058 | spin_lock_bh(&set->lock); | |
1059 | mtype_expire(set, h); | |
1060 | spin_unlock_bh(&set->lock); | |
1061 | } | |
1062 | ||
18f84d41 | 1063 | rcu_read_lock_bh(); |
a0f28dc7 | 1064 | t = rcu_dereference_bh_nfnl(h->table); |
cee8b97b | 1065 | memsize = mtype_ahash_memsize(h, t) + set->ext_size; |
18f84d41 JK |
1066 | htable_bits = t->htable_bits; |
1067 | rcu_read_unlock_bh(); | |
1feab10d JK |
1068 | |
1069 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); | |
1070 | if (!nested) | |
1071 | goto nla_put_failure; | |
1072 | if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE, | |
18f84d41 | 1073 | htonl(jhash_size(htable_bits))) || |
1feab10d JK |
1074 | nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem))) |
1075 | goto nla_put_failure; | |
1076 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1077 | if (h->netmask != HOST_MASK && | |
1078 | nla_put_u8(skb, IPSET_ATTR_NETMASK, h->netmask)) | |
1079 | goto nla_put_failure; | |
4d0e5c07 VD |
1080 | #endif |
1081 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
1082 | if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask)) | |
1083 | goto nla_put_failure; | |
1feab10d | 1084 | #endif |
596cf3fe | 1085 | if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) || |
a54dad51 | 1086 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) || |
702b71e7 | 1087 | nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(set->elements))) |
fda75c6d OS |
1088 | goto nla_put_failure; |
1089 | if (unlikely(ip_set_put_flags(skb, set))) | |
1feab10d JK |
1090 | goto nla_put_failure; |
1091 | ipset_nest_end(skb, nested); | |
1092 | ||
1093 | return 0; | |
1094 | nla_put_failure: | |
1095 | return -EMSGSIZE; | |
1096 | } | |
1097 | ||
c4c99783 JK |
1098 | /* Make possible to run dumping parallel with resizing */ |
1099 | static void | |
1100 | mtype_uref(struct ip_set *set, struct netlink_callback *cb, bool start) | |
1101 | { | |
1102 | struct htype *h = set->data; | |
1103 | struct htable *t; | |
1104 | ||
1105 | if (start) { | |
1106 | rcu_read_lock_bh(); | |
1107 | t = rcu_dereference_bh_nfnl(h->table); | |
1108 | atomic_inc(&t->uref); | |
1109 | cb->args[IPSET_CB_PRIVATE] = (unsigned long)t; | |
1110 | rcu_read_unlock_bh(); | |
1111 | } else if (cb->args[IPSET_CB_PRIVATE]) { | |
1112 | t = (struct htable *)cb->args[IPSET_CB_PRIVATE]; | |
1113 | if (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) { | |
1114 | /* Resizing didn't destroy the hash table */ | |
1115 | pr_debug("Table destroy by dump: %p\n", t); | |
1116 | mtype_ahash_destroy(set, t, false); | |
1117 | } | |
1118 | cb->args[IPSET_CB_PRIVATE] = 0; | |
1119 | } | |
1120 | } | |
1121 | ||
1feab10d JK |
1122 | /* Reply a LIST/SAVE request: dump the elements of the specified set */ |
1123 | static int | |
1124 | mtype_list(const struct ip_set *set, | |
1125 | struct sk_buff *skb, struct netlink_callback *cb) | |
1126 | { | |
c4c99783 | 1127 | const struct htable *t; |
1feab10d JK |
1128 | struct nlattr *atd, *nested; |
1129 | const struct hbucket *n; | |
1130 | const struct mtype_elem *e; | |
93302880 | 1131 | u32 first = cb->args[IPSET_CB_ARG0]; |
1feab10d JK |
1132 | /* We assume that one hash bucket fills into one page */ |
1133 | void *incomplete; | |
18f84d41 | 1134 | int i, ret = 0; |
1feab10d JK |
1135 | |
1136 | atd = ipset_nest_start(skb, IPSET_ATTR_ADT); | |
1137 | if (!atd) | |
1138 | return -EMSGSIZE; | |
18f84d41 | 1139 | |
1feab10d | 1140 | pr_debug("list hash set %s\n", set->name); |
c4c99783 | 1141 | t = (const struct htable *)cb->args[IPSET_CB_PRIVATE]; |
18f84d41 JK |
1142 | /* Expire may replace a hbucket with another one */ |
1143 | rcu_read_lock(); | |
93302880 JK |
1144 | for (; cb->args[IPSET_CB_ARG0] < jhash_size(t->htable_bits); |
1145 | cb->args[IPSET_CB_ARG0]++) { | |
1feab10d | 1146 | incomplete = skb_tail_pointer(skb); |
18f84d41 | 1147 | n = rcu_dereference(hbucket(t, cb->args[IPSET_CB_ARG0])); |
93302880 JK |
1148 | pr_debug("cb->arg bucket: %lu, t %p n %p\n", |
1149 | cb->args[IPSET_CB_ARG0], t, n); | |
18f84d41 JK |
1150 | if (!n) |
1151 | continue; | |
1feab10d | 1152 | for (i = 0; i < n->pos; i++) { |
18f84d41 JK |
1153 | if (!test_bit(i, n->used)) |
1154 | continue; | |
ca134ce8 | 1155 | e = ahash_data(n, i, set->dsize); |
1feab10d | 1156 | if (SET_WITH_TIMEOUT(set) && |
ca134ce8 | 1157 | ip_set_timeout_expired(ext_timeout(e, set))) |
1feab10d JK |
1158 | continue; |
1159 | pr_debug("list hash %lu hbucket %p i %u, data %p\n", | |
93302880 | 1160 | cb->args[IPSET_CB_ARG0], n, i, e); |
1feab10d JK |
1161 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
1162 | if (!nested) { | |
93302880 | 1163 | if (cb->args[IPSET_CB_ARG0] == first) { |
1feab10d | 1164 | nla_nest_cancel(skb, atd); |
18f84d41 JK |
1165 | ret = -EMSGSIZE; |
1166 | goto out; | |
ca0f6a5c JK |
1167 | } |
1168 | goto nla_put_failure; | |
1feab10d JK |
1169 | } |
1170 | if (mtype_data_list(skb, e)) | |
1171 | goto nla_put_failure; | |
3fd986b3 | 1172 | if (ip_set_put_extensions(skb, set, e, true)) |
fda75c6d | 1173 | goto nla_put_failure; |
1feab10d JK |
1174 | ipset_nest_end(skb, nested); |
1175 | } | |
1176 | } | |
1177 | ipset_nest_end(skb, atd); | |
1178 | /* Set listing finished */ | |
93302880 | 1179 | cb->args[IPSET_CB_ARG0] = 0; |
1feab10d | 1180 | |
18f84d41 | 1181 | goto out; |
1feab10d JK |
1182 | |
1183 | nla_put_failure: | |
1184 | nlmsg_trim(skb, incomplete); | |
93302880 | 1185 | if (unlikely(first == cb->args[IPSET_CB_ARG0])) { |
b167a37c JP |
1186 | pr_warn("Can't list set %s: one bucket does not fit into a message. Please report it!\n", |
1187 | set->name); | |
93302880 | 1188 | cb->args[IPSET_CB_ARG0] = 0; |
18f84d41 | 1189 | ret = -EMSGSIZE; |
ca0f6a5c | 1190 | } else { |
18f84d41 | 1191 | ipset_nest_end(skb, atd); |
ca0f6a5c | 1192 | } |
18f84d41 JK |
1193 | out: |
1194 | rcu_read_unlock(); | |
1195 | return ret; | |
1feab10d JK |
1196 | } |
1197 | ||
1198 | static int | |
35b8dcf8 | 1199 | IPSET_TOKEN(MTYPE, _kadt)(struct ip_set *set, const struct sk_buff *skb, |
ca0f6a5c JK |
1200 | const struct xt_action_param *par, |
1201 | enum ipset_adt adt, struct ip_set_adt_opt *opt); | |
1feab10d JK |
1202 | |
1203 | static int | |
35b8dcf8 | 1204 | IPSET_TOKEN(MTYPE, _uadt)(struct ip_set *set, struct nlattr *tb[], |
ca0f6a5c JK |
1205 | enum ipset_adt adt, u32 *lineno, u32 flags, |
1206 | bool retried); | |
1feab10d JK |
1207 | |
1208 | static const struct ip_set_type_variant mtype_variant = { | |
1209 | .kadt = mtype_kadt, | |
1210 | .uadt = mtype_uadt, | |
1211 | .adt = { | |
1212 | [IPSET_ADD] = mtype_add, | |
1213 | [IPSET_DEL] = mtype_del, | |
1214 | [IPSET_TEST] = mtype_test, | |
1215 | }, | |
1216 | .destroy = mtype_destroy, | |
1217 | .flush = mtype_flush, | |
1218 | .head = mtype_head, | |
1219 | .list = mtype_list, | |
c4c99783 | 1220 | .uref = mtype_uref, |
1feab10d JK |
1221 | .resize = mtype_resize, |
1222 | .same_set = mtype_same_set, | |
1223 | }; | |
1224 | ||
1225 | #ifdef IP_SET_EMIT_CREATE | |
1226 | static int | |
1785e8f4 VL |
1227 | IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, |
1228 | struct nlattr *tb[], u32 flags) | |
1feab10d JK |
1229 | { |
1230 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; | |
4d0e5c07 VD |
1231 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1232 | u32 markmask; | |
1233 | #endif | |
1feab10d JK |
1234 | u8 hbits; |
1235 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1236 | u8 netmask; | |
1237 | #endif | |
1238 | size_t hsize; | |
43ef29c9 | 1239 | struct htype *h; |
a0f28dc7 | 1240 | struct htable *t; |
1feab10d | 1241 | |
961509ac JK |
1242 | pr_debug("Create set %s with family %s\n", |
1243 | set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); | |
1244 | ||
4bb5e114 FF |
1245 | #ifdef IP_SET_PROTO_UNDEF |
1246 | if (set->family != NFPROTO_UNSPEC) | |
1247 | return -IPSET_ERR_INVALID_FAMILY; | |
1248 | #else | |
1feab10d JK |
1249 | if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) |
1250 | return -IPSET_ERR_INVALID_FAMILY; | |
07034aea | 1251 | #endif |
4d0e5c07 | 1252 | |
1feab10d JK |
1253 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || |
1254 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || | |
1255 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || | |
1256 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) | |
1257 | return -IPSET_ERR_PROTOCOL; | |
961509ac | 1258 | |
18f84d41 JK |
1259 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1260 | /* Separated condition in order to avoid directive in argument list */ | |
1261 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_MARKMASK))) | |
1262 | return -IPSET_ERR_PROTOCOL; | |
1feab10d | 1263 | |
961509ac JK |
1264 | markmask = 0xffffffff; |
1265 | if (tb[IPSET_ATTR_MARKMASK]) { | |
1266 | markmask = ntohl(nla_get_be32(tb[IPSET_ATTR_MARKMASK])); | |
1267 | if (markmask == 0) | |
1268 | return -IPSET_ERR_INVALID_MARKMASK; | |
1feab10d | 1269 | } |
961509ac | 1270 | #endif |
1feab10d JK |
1271 | |
1272 | #ifdef IP_SET_HASH_WITH_NETMASK | |
961509ac | 1273 | netmask = set->family == NFPROTO_IPV4 ? 32 : 128; |
1feab10d JK |
1274 | if (tb[IPSET_ATTR_NETMASK]) { |
1275 | netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); | |
1276 | ||
1277 | if ((set->family == NFPROTO_IPV4 && netmask > 32) || | |
1278 | (set->family == NFPROTO_IPV6 && netmask > 128) || | |
1279 | netmask == 0) | |
1280 | return -IPSET_ERR_INVALID_NETMASK; | |
1281 | } | |
1282 | #endif | |
4d0e5c07 | 1283 | |
961509ac JK |
1284 | if (tb[IPSET_ATTR_HASHSIZE]) { |
1285 | hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]); | |
1286 | if (hashsize < IPSET_MIMINAL_HASHSIZE) | |
1287 | hashsize = IPSET_MIMINAL_HASHSIZE; | |
4d0e5c07 | 1288 | } |
961509ac JK |
1289 | |
1290 | if (tb[IPSET_ATTR_MAXELEM]) | |
1291 | maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]); | |
1feab10d JK |
1292 | |
1293 | hsize = sizeof(*h); | |
1feab10d JK |
1294 | h = kzalloc(hsize, GFP_KERNEL); |
1295 | if (!h) | |
1296 | return -ENOMEM; | |
1297 | ||
1feab10d JK |
1298 | hbits = htable_bits(hashsize); |
1299 | hsize = htable_size(hbits); | |
1300 | if (hsize == 0) { | |
1301 | kfree(h); | |
1302 | return -ENOMEM; | |
1303 | } | |
a0f28dc7 JK |
1304 | t = ip_set_alloc(hsize); |
1305 | if (!t) { | |
1feab10d JK |
1306 | kfree(h); |
1307 | return -ENOMEM; | |
1308 | } | |
961509ac JK |
1309 | h->maxelem = maxelem; |
1310 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1311 | h->netmask = netmask; | |
1312 | #endif | |
1313 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
1314 | h->markmask = markmask; | |
1315 | #endif | |
1316 | get_random_bytes(&h->initval, sizeof(h->initval)); | |
1317 | ||
a0f28dc7 | 1318 | t->htable_bits = hbits; |
961509ac | 1319 | RCU_INIT_POINTER(h->table, t); |
1feab10d | 1320 | |
a92c5751 | 1321 | h->set = set; |
1feab10d | 1322 | set->data = h; |
07034aea | 1323 | #ifndef IP_SET_PROTO_UNDEF |
40cd63bf | 1324 | if (set->family == NFPROTO_IPV4) { |
07034aea | 1325 | #endif |
35b8dcf8 | 1326 | set->variant = &IPSET_TOKEN(HTYPE, 4_variant); |
03c8b234 | 1327 | set->dsize = ip_set_elem_len(set, tb, |
95ad1f4a JK |
1328 | sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)), |
1329 | __alignof__(struct IPSET_TOKEN(HTYPE, 4_elem))); | |
07034aea | 1330 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1331 | } else { |
35b8dcf8 | 1332 | set->variant = &IPSET_TOKEN(HTYPE, 6_variant); |
03c8b234 | 1333 | set->dsize = ip_set_elem_len(set, tb, |
95ad1f4a JK |
1334 | sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)), |
1335 | __alignof__(struct IPSET_TOKEN(HTYPE, 6_elem))); | |
03c8b234 | 1336 | } |
07034aea | 1337 | #endif |
961509ac | 1338 | set->timeout = IPSET_NO_TIMEOUT; |
03c8b234 | 1339 | if (tb[IPSET_ATTR_TIMEOUT]) { |
ca134ce8 | 1340 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
07034aea | 1341 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1342 | if (set->family == NFPROTO_IPV4) |
07034aea | 1343 | #endif |
35b8dcf8 JK |
1344 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, |
1345 | IPSET_TOKEN(HTYPE, 4_gc)); | |
07034aea | 1346 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1347 | else |
35b8dcf8 JK |
1348 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, |
1349 | IPSET_TOKEN(HTYPE, 6_gc)); | |
07034aea | 1350 | #endif |
1feab10d | 1351 | } |
1feab10d | 1352 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", |
a0f28dc7 JK |
1353 | set->name, jhash_size(t->htable_bits), |
1354 | t->htable_bits, h->maxelem, set->data, t); | |
1feab10d JK |
1355 | |
1356 | return 0; | |
1357 | } | |
1358 | #endif /* IP_SET_EMIT_CREATE */ | |
58cc06da SP |
1359 | |
1360 | #undef HKEY_DATALEN |