[mirror_ubuntu-hirsute-kernel.git] / net / netfilter / ipset / ip_set_hash_ipportip.c

/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/* Kernel module implementing an IP set type: the hash:ip,port,ip type */

#include <linux/jhash.h>
#include <linux/module.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/errno.h>
#include <linux/random.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <net/netlink.h>
#include <net/tcp.h>

#include <linux/netfilter.h>
#include <linux/netfilter/ipset/pfxlen.h>
#include <linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
#include <linux/netfilter/ipset/ip_set_hash.h>

#define IPSET_TYPE_REV_MIN	0
/*				1    SCTP and UDPLITE support added */
/*				2    Counters support added */
/*				3    Comments support added */
/*				4    Forceadd support added */
#define IPSET_TYPE_REV_MAX	5 /* skbinfo support added */

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
IP_SET_MODULE_DESC("hash:ip,port,ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:ip,port,ip");

/* Type specific function prefix */
#define HTYPE		hash_ipportip

/* IPv4 variant */

/* Member elements  */
struct hash_ipportip4_elem {
	__be32 ip;
	__be32 ip2;
	__be16 port;
	u8 proto;
	u8 padding;
};

static inline bool
hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1,
			  const struct hash_ipportip4_elem *ip2,
			  u32 *multi)
{
	return ip1->ip == ip2->ip &&
	       ip1->ip2 == ip2->ip2 &&
	       ip1->port == ip2->port &&
	       ip1->proto == ip2->proto;
}

static bool
hash_ipportip4_data_list(struct sk_buff *skb,
		       const struct hash_ipportip4_elem *data)
{
	if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
	    nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) ||
	    nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
	    nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
		goto nla_put_failure;
	return 0;

nla_put_failure:
	return 1;
}

static inline void
hash_ipportip4_data_next(struct hash_ipportip4_elem *next,
			 const struct hash_ipportip4_elem *d)
{
	next->ip = d->ip;
	next->port = d->port;
}

/* Common functions */
#define MTYPE		hash_ipportip4
#define HOST_MASK	32
#include "ip_set_hash_gen.h"

static int
hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb,
		    const struct xt_action_param *par,
		    enum ipset_adt adt, struct ip_set_adt_opt *opt)
{
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipportip4_elem e = { .ip = 0 };
	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);

	if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
				 &e.port, &e.proto))
		return -EINVAL;

	ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
	ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2);
	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}

static int
hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
		    enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
	const struct hash_ipportip *h = set->data;
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipportip4_elem e = { .ip = 0 };
	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
	u32 ip, ip_to = 0, p = 0, port, port_to;
	bool with_ports = false;
	int ret;

	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
		return -IPSET_ERR_PROTOCOL;

	if (tb[IPSET_ATTR_LINENO])
		*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);

	ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
	if (ret)
		return ret;

	ret = ip_set_get_extensions(set, tb, &ext);
	if (ret)
		return ret;

	ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP2], &e.ip2);
	if (ret)
		return ret;

	if (tb[IPSET_ATTR_PORT])
		e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
	else
		return -IPSET_ERR_PROTOCOL;

	if (tb[IPSET_ATTR_PROTO]) {
		e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
		with_ports = ip_set_proto_with_ports(e.proto);

		if (e.proto == 0)
			return -IPSET_ERR_INVALID_PROTO;
	} else
		return -IPSET_ERR_MISSING_PROTO;

	if (!(with_ports || e.proto == IPPROTO_ICMP))
		e.port = 0;

	if (adt == IPSET_TEST ||
	    !(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_CIDR] ||
	      tb[IPSET_ATTR_PORT_TO])) {
		ret = adtfn(set, &e, &ext, &ext, flags);
		return ip_set_eexist(ret, flags) ? 0 : ret;
	}

	ip_to = ip = ntohl(e.ip);
	if (tb[IPSET_ATTR_IP_TO]) {
		ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
		if (ret)
			return ret;
		if (ip > ip_to)
			swap(ip, ip_to);
	} else if (tb[IPSET_ATTR_CIDR]) {
		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);

		if (!cidr || cidr > 32)
			return -IPSET_ERR_INVALID_CIDR;
		ip_set_mask_from_to(ip, ip_to, cidr);
	}

	port_to = port = ntohs(e.port);
	if (with_ports && tb[IPSET_ATTR_PORT_TO]) {
		port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
		if (port > port_to)
			swap(port, port_to);
	}

	if (retried)
		ip = ntohl(h->next.ip);
	for (; !before(ip_to, ip); ip++) {
		p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
						       : port;
		for (; p <= port_to; p++) {
			e.ip = htonl(ip);
			e.port = htons(p);
			ret = adtfn(set, &e, &ext, &ext, flags);

			if (ret && !ip_set_eexist(ret, flags))
				return ret;
			else
				ret = 0;
		}
	}
	return ret;
}

/* IPv6 variant */

struct hash_ipportip6_elem {
	union nf_inet_addr ip;
	union nf_inet_addr ip2;
	__be16 port;
	u8 proto;
	u8 padding;
};

/* Common functions */

static inline bool
hash_ipportip6_data_equal(const struct hash_ipportip6_elem *ip1,
			  const struct hash_ipportip6_elem *ip2,
			  u32 *multi)
{
	return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
	       ipv6_addr_equal(&ip1->ip2.in6, &ip2->ip2.in6) &&
	       ip1->port == ip2->port &&
	       ip1->proto == ip2->proto;
}

static bool
hash_ipportip6_data_list(struct sk_buff *skb,
			 const struct hash_ipportip6_elem *data)
{
	if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
	    nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
	    nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
	    nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
		goto nla_put_failure;
	return 0;

nla_put_failure:
	return 1;
}

static inline void
hash_ipportip6_data_next(struct hash_ipportip4_elem *next,
			 const struct hash_ipportip6_elem *d)
{
	next->port = d->port;
}

#undef MTYPE
#undef HOST_MASK

#define MTYPE		hash_ipportip6
#define HOST_MASK	128
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h"

static int
hash_ipportip6_kadt(struct ip_set *set, const struct sk_buff *skb,
		    const struct xt_action_param *par,
		    enum ipset_adt adt, struct ip_set_adt_opt *opt)
{
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipportip6_elem e = { .ip = { .all = { 0 } } };
	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);

	if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
				 &e.port, &e.proto))
		return -EINVAL;

	ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
	ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6);
	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}

static int
hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[],
		    enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
	const struct hash_ipportip *h = set->data;
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipportip6_elem e = {  .ip = { .all = { 0 } } };
	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
	u32 port, port_to;
	bool with_ports = false;
	int ret;

	if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) ||
		     tb[IPSET_ATTR_IP_TO] ||
		     tb[IPSET_ATTR_CIDR]))
		return -IPSET_ERR_PROTOCOL;

	if (tb[IPSET_ATTR_LINENO])
		*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);

	ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
	if (ret)
		return ret;

	ret = ip_set_get_extensions(set, tb, &ext);
	if (ret)
		return ret;

	ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip2);
	if (ret)
		return ret;

	if (tb[IPSET_ATTR_PORT])
		e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
	else
		return -IPSET_ERR_PROTOCOL;

	if (tb[IPSET_ATTR_PROTO]) {
		e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
		with_ports = ip_set_proto_with_ports(e.proto);

		if (e.proto == 0)
			return -IPSET_ERR_INVALID_PROTO;
	} else
		return -IPSET_ERR_MISSING_PROTO;

	if (!(with_ports || e.proto == IPPROTO_ICMPV6))
		e.port = 0;

	if (adt == IPSET_TEST || !with_ports || !tb[IPSET_ATTR_PORT_TO]) {
		ret = adtfn(set, &e, &ext, &ext, flags);
		return ip_set_eexist(ret, flags) ? 0 : ret;
	}

	port = ntohs(e.port);
	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	if (port > port_to)
		swap(port, port_to);

	if (retried)
		port = ntohs(h->next.port);
	for (; port <= port_to; port++) {
		e.port = htons(port);
		ret = adtfn(set, &e, &ext, &ext, flags);

		if (ret && !ip_set_eexist(ret, flags))
			return ret;
		else
			ret = 0;
	}
	return ret;
}

static struct ip_set_type hash_ipportip_type __read_mostly = {
	.name		= "hash:ip,port,ip",
	.protocol	= IPSET_PROTOCOL,
	.features	= IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
	.dimension	= IPSET_DIM_THREE,
	.family		= NFPROTO_UNSPEC,
	.revision_min	= IPSET_TYPE_REV_MIN,
	.revision_max	= IPSET_TYPE_REV_MAX,
	.create		= hash_ipportip_create,
	.create_policy	= {
		[IPSET_ATTR_HASHSIZE]	= { .type = NLA_U32 },
		[IPSET_ATTR_MAXELEM]	= { .type = NLA_U32 },
		[IPSET_ATTR_PROBES]	= { .type = NLA_U8 },
		[IPSET_ATTR_RESIZE]	= { .type = NLA_U8  },
		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
		[IPSET_ATTR_CADT_FLAGS]	= { .type = NLA_U32 },
	},
	.adt_policy	= {
		[IPSET_ATTR_IP]		= { .type = NLA_NESTED },
		[IPSET_ATTR_IP_TO]	= { .type = NLA_NESTED },
		[IPSET_ATTR_IP2]	= { .type = NLA_NESTED },
		[IPSET_ATTR_PORT]	= { .type = NLA_U16 },
		[IPSET_ATTR_PORT_TO]	= { .type = NLA_U16 },
		[IPSET_ATTR_CIDR]	= { .type = NLA_U8 },
		[IPSET_ATTR_PROTO]	= { .type = NLA_U8 },
		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },
		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },
		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },
		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },
		[IPSET_ATTR_SKBMARK]	= { .type = NLA_U64 },
		[IPSET_ATTR_SKBPRIO]	= { .type = NLA_U32 },
		[IPSET_ATTR_SKBQUEUE]	= { .type = NLA_U16 },
	},
	.me		= THIS_MODULE,
};

static int __init
hash_ipportip_init(void)
{
	return ip_set_type_register(&hash_ipportip_type);
}

static void __exit
hash_ipportip_fini(void)
{
	ip_set_type_unregister(&hash_ipportip_type);
}

module_init(hash_ipportip_init);
module_exit(hash_ipportip_fini);
Commit	Line	Data
5d50e1d8	1	/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
5663bc30 JK	2	*
	3	* This program is free software; you can redistribute it and/or modify
	4	* it under the terms of the GNU General Public License version 2 as
	5	* published by the Free Software Foundation.
	6	*/
	7
	8	/* Kernel module implementing an IP set type: the hash:ip,port,ip type */
	9
	10	#include <linux/jhash.h>
	11	#include <linux/module.h>
	12	#include <linux/ip.h>
	13	#include <linux/skbuff.h>
	14	#include <linux/errno.h>
5663bc30 JK	15	#include <linux/random.h>
	16	#include <net/ip.h>
	17	#include <net/ipv6.h>
	18	#include <net/netlink.h>
	19	#include <net/tcp.h>
	20
	21	#include <linux/netfilter.h>
	22	#include <linux/netfilter/ipset/pfxlen.h>
	23	#include <linux/netfilter/ipset/ip_set.h>
5663bc30 JK	24	#include <linux/netfilter/ipset/ip_set_getport.h>
	25	#include <linux/netfilter/ipset/ip_set_hash.h>
	26
35b8dcf8 JK	27	#define IPSET_TYPE_REV_MIN 0
35b8dcf8 JK	28	/* 1 SCTP and UDPLITE support added */
fda75c6d	29	/* 2 Counters support added */
07cf8f5a	30	/* 3 Comments support added */
af331419 AD	31	/* 4 Forceadd support added */
af331419 AD	32	#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
10111a6e	33
5663bc30 JK	34	MODULE_LICENSE("GPL");
5663bc30 JK	35	MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
35b8dcf8	36	IP_SET_MODULE_DESC("hash:ip,port,ip", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
5663bc30 JK	37	MODULE_ALIAS("ip_set_hash:ip,port,ip");
	38
	39	/* Type specific function prefix */
5d50e1d8	40	#define HTYPE hash_ipportip
5663bc30	41
03c8b234	42	/* IPv4 variant */
5663bc30	43
5d50e1d8	44	/* Member elements */
5663bc30 JK	45	struct hash_ipportip4_elem {
	46	__be32 ip;
	47	__be32 ip2;
	48	__be16 port;
	49	u8 proto;
	50	u8 padding;
	51	};
	52
5663bc30 JK	53	static inline bool
5663bc30 JK	54	hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1,
89dc79b7 JK	55	const struct hash_ipportip4_elem *ip2,
89dc79b7 JK	56	u32 *multi)
5663bc30 JK	57	{
	58	return ip1->ip == ip2->ip &&
	59	ip1->ip2 == ip2->ip2 &&
	60	ip1->port == ip2->port &&
	61	ip1->proto == ip2->proto;
	62	}
	63
5663bc30 JK	64	static bool
	65	hash_ipportip4_data_list(struct sk_buff *skb,
	66	const struct hash_ipportip4_elem *data)
	67	{
7cf7899d DM	68	if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) \|\|
	69	nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) \|\|
	70	nla_put_net16(skb, IPSET_ATTR_PORT, data->port) \|\|
	71	nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
	72	goto nla_put_failure;
5663bc30 JK	73	return 0;
	74
	75	nla_put_failure:
	76	return 1;
	77	}
	78
5d50e1d8 JK	79	static inline void
	80	hash_ipportip4_data_next(struct hash_ipportip4_elem *next,
	81	const struct hash_ipportip4_elem *d)
5663bc30	82	{
5d50e1d8 JK	83	next->ip = d->ip;
5d50e1d8 JK	84	next->port = d->port;
5663bc30 JK	85	}
5663bc30 JK	86
5d50e1d8 JK	87	/* Common functions */
5d50e1d8 JK	88	#define MTYPE hash_ipportip4
5663bc30	89	#define HOST_MASK 32
5d50e1d8	90	#include "ip_set_hash_gen.h"
3d14b171	91
5663bc30 JK	92	static int
5663bc30 JK	93	hash_ipportip4_kadt(struct ip_set set, const struct sk_buff skb,
b66554cf	94	const struct xt_action_param *par,
5d50e1d8	95	enum ipset_adt adt, struct ip_set_adt_opt *opt)
5663bc30	96	{
5663bc30	97	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	98	struct hash_ipportip4_elem e = { .ip = 0 };
ca134ce8	99	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
5663bc30	100
ac8cc925	101	if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
5d50e1d8	102	&e.port, &e.proto))
5663bc30 JK	103	return -EINVAL;
5663bc30 JK	104
5d50e1d8 JK	105	ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
	106	ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2);
	107	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
5663bc30 JK	108	}
	109
	110	static int
	111	hash_ipportip4_uadt(struct ip_set set, struct nlattr tb[],
3d14b171	112	enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
5663bc30	113	{
5d50e1d8	114	const struct hash_ipportip *h = set->data;
5663bc30	115	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	116	struct hash_ipportip4_elem e = { .ip = 0 };
ca134ce8	117	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
20b2fab4	118	u32 ip, ip_to = 0, p = 0, port, port_to;
5e0c1eb7	119	bool with_ports = false;
5663bc30 JK	120	int ret;
	121
	122	if (unlikely(!tb[IPSET_ATTR_IP] \|\| !tb[IPSET_ATTR_IP2] \|\|
	123	!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) \|\|
	124	!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) \|\|
00d71b27 JK	125	!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) \|\|
00d71b27 JK	126	!ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) \|\|
af331419 AD	127	!ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) \|\|
	128	!ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) \|\|
	129	!ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) \|\|
	130	!ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
5663bc30 JK	131	return -IPSET_ERR_PROTOCOL;
	132
	133	if (tb[IPSET_ATTR_LINENO])
	134	*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
	135
8e55d2e5 SP	136	ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
	137	if (ret)
	138	return ret;
	139
	140	ret = ip_set_get_extensions(set, tb, &ext);
5663bc30 JK	141	if (ret)
	142	return ret;
	143
5d50e1d8	144	ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP2], &e.ip2);
5663bc30 JK	145	if (ret)
	146	return ret;
	147
	148	if (tb[IPSET_ATTR_PORT])
5d50e1d8	149	e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
5663bc30 JK	150	else
	151	return -IPSET_ERR_PROTOCOL;
	152
	153	if (tb[IPSET_ATTR_PROTO]) {
5d50e1d8 JK	154	e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
5d50e1d8 JK	155	with_ports = ip_set_proto_with_ports(e.proto);
5663bc30	156
5d50e1d8	157	if (e.proto == 0)
5663bc30 JK	158	return -IPSET_ERR_INVALID_PROTO;
	159	} else
	160	return -IPSET_ERR_MISSING_PROTO;
	161
5d50e1d8 JK	162	if (!(with_ports \|\| e.proto == IPPROTO_ICMP))
5d50e1d8 JK	163	e.port = 0;
5663bc30 JK	164
5663bc30 JK	165	if (adt == IPSET_TEST \|\|
5663bc30 JK	166	!(tb[IPSET_ATTR_IP_TO] \|\| tb[IPSET_ATTR_CIDR] \|\|
5663bc30 JK	167	tb[IPSET_ATTR_PORT_TO])) {
5d50e1d8	168	ret = adtfn(set, &e, &ext, &ext, flags);
5663bc30 JK	169	return ip_set_eexist(ret, flags) ? 0 : ret;
	170	}
	171
5d50e1d8	172	ip_to = ip = ntohl(e.ip);
5663bc30 JK	173	if (tb[IPSET_ATTR_IP_TO]) {
	174	ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
	175	if (ret)
	176	return ret;
	177	if (ip > ip_to)
	178	swap(ip, ip_to);
	179	} else if (tb[IPSET_ATTR_CIDR]) {
	180	u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
	181
b9fed748	182	if (!cidr \|\| cidr > 32)
5663bc30	183	return -IPSET_ERR_INVALID_CIDR;
e6146e86	184	ip_set_mask_from_to(ip, ip_to, cidr);
4fe198e6	185	}
5663bc30	186
5d50e1d8	187	port_to = port = ntohs(e.port);
5e0c1eb7	188	if (with_ports && tb[IPSET_ATTR_PORT_TO]) {
5663bc30 JK	189	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	190	if (port > port_to)
	191	swap(port, port_to);
5e0c1eb7	192	}
5663bc30	193
3d14b171	194	if (retried)
6e27c9b4	195	ip = ntohl(h->next.ip);
3d14b171	196	for (; !before(ip_to, ip); ip++) {
6e27c9b4 JK	197	p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
6e27c9b4 JK	198	: port;
3d14b171	199	for (; p <= port_to; p++) {
5d50e1d8 JK	200	e.ip = htonl(ip);
	201	e.port = htons(p);
	202	ret = adtfn(set, &e, &ext, &ext, flags);
5663bc30 JK	203
	204	if (ret && !ip_set_eexist(ret, flags))
	205	return ret;
	206	else
	207	ret = 0;
	208	}
3d14b171	209	}
5663bc30 JK	210	return ret;
	211	}
	212
03c8b234	213	/* IPv6 variant */
5663bc30 JK	214
	215	struct hash_ipportip6_elem {
	216	union nf_inet_addr ip;
	217	union nf_inet_addr ip2;
	218	__be16 port;
	219	u8 proto;
	220	u8 padding;
	221	};
	222
5d50e1d8 JK	223	/* Common functions */
5d50e1d8 JK	224
5663bc30 JK	225	static inline bool
5663bc30 JK	226	hash_ipportip6_data_equal(const struct hash_ipportip6_elem *ip1,
89dc79b7 JK	227	const struct hash_ipportip6_elem *ip2,
89dc79b7 JK	228	u32 *multi)
5663bc30	229	{
29e3b160 YH	230	return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
29e3b160 YH	231	ipv6_addr_equal(&ip1->ip2.in6, &ip2->ip2.in6) &&
5663bc30 JK	232	ip1->port == ip2->port &&
	233	ip1->proto == ip2->proto;
	234	}
	235
5663bc30 JK	236	static bool
	237	hash_ipportip6_data_list(struct sk_buff *skb,
	238	const struct hash_ipportip6_elem *data)
	239	{
7cf7899d DM	240	if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) \|\|
	241	nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) \|\|
	242	nla_put_net16(skb, IPSET_ATTR_PORT, data->port) \|\|
	243	nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
	244	goto nla_put_failure;
5663bc30 JK	245	return 0;
	246
	247	nla_put_failure:
	248	return 1;
	249	}
	250
5d50e1d8 JK	251	static inline void
	252	hash_ipportip6_data_next(struct hash_ipportip4_elem *next,
	253	const struct hash_ipportip6_elem *d)
5663bc30	254	{
5d50e1d8	255	next->port = d->port;
5663bc30 JK	256	}
5663bc30 JK	257
5d50e1d8	258	#undef MTYPE
5663bc30 JK	259	#undef HOST_MASK
5663bc30 JK	260
5d50e1d8	261	#define MTYPE hash_ipportip6
5663bc30	262	#define HOST_MASK 128
5d50e1d8 JK	263	#define IP_SET_EMIT_CREATE
5d50e1d8 JK	264	#include "ip_set_hash_gen.h"
3d14b171	265
5663bc30 JK	266	static int
5663bc30 JK	267	hash_ipportip6_kadt(struct ip_set set, const struct sk_buff skb,
b66554cf	268	const struct xt_action_param *par,
5d50e1d8	269	enum ipset_adt adt, struct ip_set_adt_opt *opt)
5663bc30	270	{
5663bc30	271	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	272	struct hash_ipportip6_elem e = { .ip = { .all = { 0 } } };
ca134ce8	273	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
5663bc30	274
ac8cc925	275	if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
5d50e1d8	276	&e.port, &e.proto))
5663bc30 JK	277	return -EINVAL;
5663bc30 JK	278
5d50e1d8 JK	279	ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
	280	ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip2.in6);
	281	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
5663bc30 JK	282	}
	283
	284	static int
	285	hash_ipportip6_uadt(struct ip_set set, struct nlattr tb[],
3d14b171	286	enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
5663bc30	287	{
5d50e1d8	288	const struct hash_ipportip *h = set->data;
5663bc30	289	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	290	struct hash_ipportip6_elem e = { .ip = { .all = { 0 } } };
ca134ce8	291	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
5663bc30	292	u32 port, port_to;
5e0c1eb7	293	bool with_ports = false;
5663bc30 JK	294	int ret;
	295
	296	if (unlikely(!tb[IPSET_ATTR_IP] \|\| !tb[IPSET_ATTR_IP2] \|\|
	297	!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) \|\|
	298	!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) \|\|
	299	!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) \|\|
00d71b27 JK	300	!ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) \|\|
00d71b27 JK	301	!ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) \|\|
af331419 AD	302	!ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) \|\|
	303	!ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) \|\|
	304	!ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE) \|\|
5663bc30 JK	305	tb[IPSET_ATTR_IP_TO] \|\|
	306	tb[IPSET_ATTR_CIDR]))
	307	return -IPSET_ERR_PROTOCOL;
	308
	309	if (tb[IPSET_ATTR_LINENO])
	310	*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
	311
8e55d2e5 SP	312	ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
	313	if (ret)
	314	return ret;
	315
	316	ret = ip_set_get_extensions(set, tb, &ext);
5663bc30 JK	317	if (ret)
	318	return ret;
	319
5d50e1d8	320	ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip2);
5663bc30 JK	321	if (ret)
	322	return ret;
	323
	324	if (tb[IPSET_ATTR_PORT])
5d50e1d8	325	e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
5663bc30 JK	326	else
	327	return -IPSET_ERR_PROTOCOL;
	328
	329	if (tb[IPSET_ATTR_PROTO]) {
5d50e1d8 JK	330	e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
5d50e1d8 JK	331	with_ports = ip_set_proto_with_ports(e.proto);
5663bc30	332
5d50e1d8	333	if (e.proto == 0)
5663bc30 JK	334	return -IPSET_ERR_INVALID_PROTO;
	335	} else
	336	return -IPSET_ERR_MISSING_PROTO;
	337
5d50e1d8 JK	338	if (!(with_ports \|\| e.proto == IPPROTO_ICMPV6))
5d50e1d8 JK	339	e.port = 0;
5663bc30	340
5e0c1eb7	341	if (adt == IPSET_TEST \|\| !with_ports \|\| !tb[IPSET_ATTR_PORT_TO]) {
5d50e1d8	342	ret = adtfn(set, &e, &ext, &ext, flags);
5663bc30 JK	343	return ip_set_eexist(ret, flags) ? 0 : ret;
	344	}
	345
5d50e1d8	346	port = ntohs(e.port);
5663bc30 JK	347	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	348	if (port > port_to)
	349	swap(port, port_to);
	350
3d14b171	351	if (retried)
6e27c9b4	352	port = ntohs(h->next.port);
5663bc30	353	for (; port <= port_to; port++) {
5d50e1d8 JK	354	e.port = htons(port);
5d50e1d8 JK	355	ret = adtfn(set, &e, &ext, &ext, flags);
5663bc30 JK	356
	357	if (ret && !ip_set_eexist(ret, flags))
	358	return ret;
	359	else
	360	ret = 0;
	361	}
	362	return ret;
	363	}
	364
5663bc30 JK	365	static struct ip_set_type hash_ipportip_type __read_mostly = {
	366	.name = "hash:ip,port,ip",
	367	.protocol = IPSET_PROTOCOL,
	368	.features = IPSET_TYPE_IP \| IPSET_TYPE_PORT \| IPSET_TYPE_IP2,
	369	.dimension = IPSET_DIM_THREE,
c15f1c83	370	.family = NFPROTO_UNSPEC,
35b8dcf8 JK	371	.revision_min = IPSET_TYPE_REV_MIN,
35b8dcf8 JK	372	.revision_max = IPSET_TYPE_REV_MAX,
5663bc30 JK	373	.create = hash_ipportip_create,
	374	.create_policy = {
	375	[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
	376	[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
	377	[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
	378	[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
	379	[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
00d71b27	380	[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
5663bc30 JK	381	},
	382	.adt_policy = {
	383	[IPSET_ATTR_IP] = { .type = NLA_NESTED },
	384	[IPSET_ATTR_IP_TO] = { .type = NLA_NESTED },
	385	[IPSET_ATTR_IP2] = { .type = NLA_NESTED },
	386	[IPSET_ATTR_PORT] = { .type = NLA_U16 },
	387	[IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
	388	[IPSET_ATTR_CIDR] = { .type = NLA_U8 },
	389	[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
	390	[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
	391	[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
00d71b27 JK	392	[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
00d71b27 JK	393	[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
fda75c6d	394	[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
af331419 AD	395	[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
	396	[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
	397	[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
5663bc30 JK	398	},
	399	.me = THIS_MODULE,
	400	};
	401
	402	static int __init
	403	hash_ipportip_init(void)
	404	{
	405	return ip_set_type_register(&hash_ipportip_type);
	406	}
	407
	408	static void __exit
	409	hash_ipportip_fini(void)
	410	{
	411	ip_set_type_unregister(&hash_ipportip_type);
	412	}
	413
	414	module_init(hash_ipportip_init);
	415	module_exit(hash_ipportip_fini);