projects / mirror_ubuntu-hirsute-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 5663bc30 JK |
1 | /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
| 2 | * | |
| 3 | * This program is free software; you can redistribute it and/or modify | |
| 4 | * it under the terms of the GNU General Public License version 2 as | |
| 5 | * published by the Free Software Foundation. | |
| 6 | */ | |
| 7 | ||
| 8 | /* Kernel module implementing an IP set type: the hash:ip,port,ip type */ | |
| 9 | ||
| 10 | #include <linux/jhash.h> | |
| 11 | #include <linux/module.h> | |
| 12 | #include <linux/ip.h> | |
| 13 | #include <linux/skbuff.h> | |
| 14 | #include <linux/errno.h> | |
| 5663bc30 JK |
15 | #include <linux/random.h> |
| 16 | #include <net/ip.h> | |
| 17 | #include <net/ipv6.h> | |
| 18 | #include <net/netlink.h> | |
| 19 | #include <net/tcp.h> | |
| 20 | ||
| 21 | #include <linux/netfilter.h> | |
| 22 | #include <linux/netfilter/ipset/pfxlen.h> | |
| 23 | #include <linux/netfilter/ipset/ip_set.h> | |
| 24 | #include <linux/netfilter/ipset/ip_set_timeout.h> | |
| 25 | #include <linux/netfilter/ipset/ip_set_getport.h> | |
| 26 | #include <linux/netfilter/ipset/ip_set_hash.h> | |
| 27 | ||
| 10111a6e JK |
28 | #define REVISION_MIN 0 |
| 29 | #define REVISION_MAX 1 /* SCTP and UDPLITE support added */ | |
| 30 | ||
| 5663bc30 JK |
31 | MODULE_LICENSE("GPL"); |
| 32 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | |
| 10111a6e | 33 | IP_SET_MODULE_DESC("hash:ip,port,ip", REVISION_MIN, REVISION_MAX); |
| 5663bc30 JK |
34 | MODULE_ALIAS("ip_set_hash:ip,port,ip"); |
| 35 | ||
| 36 | /* Type specific function prefix */ | |
| 37 | #define TYPE hash_ipportip | |
| 38 | ||
| 39 | static bool | |
| 40 | hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b); | |
| 41 | ||
| 42 | #define hash_ipportip4_same_set hash_ipportip_same_set | |
| 43 | #define hash_ipportip6_same_set hash_ipportip_same_set | |
| 44 | ||
| 45 | /* The type variant functions: IPv4 */ | |
| 46 | ||
| 47 | /* Member elements without timeout */ | |
| 48 | struct hash_ipportip4_elem { | |
| 49 | __be32 ip; | |
| 50 | __be32 ip2; | |
| 51 | __be16 port; | |
| 52 | u8 proto; | |
| 53 | u8 padding; | |
| 54 | }; | |
| 55 | ||
| 56 | /* Member elements with timeout support */ | |
| 57 | struct hash_ipportip4_telem { | |
| 58 | __be32 ip; | |
| 59 | __be32 ip2; | |
| 60 | __be16 port; | |
| 61 | u8 proto; | |
| 62 | u8 padding; | |
| 63 | unsigned long timeout; | |
| 64 | }; | |
| 65 | ||
| 66 | static inline bool | |
| 67 | hash_ipportip4_data_equal(const struct hash_ipportip4_elem *ip1, | |
| 89dc79b7 JK |
68 | const struct hash_ipportip4_elem *ip2, |
| 69 | u32 *multi) | |
| 5663bc30 JK |
70 | { |
| 71 | return ip1->ip == ip2->ip && | |
| 72 | ip1->ip2 == ip2->ip2 && | |
| 73 | ip1->port == ip2->port && | |
| 74 | ip1->proto == ip2->proto; | |
| 75 | } | |
| 76 | ||
| 77 | static inline bool | |
| 78 | hash_ipportip4_data_isnull(const struct hash_ipportip4_elem *elem) | |
| 79 | { | |
| 80 | return elem->proto == 0; | |
| 81 | } | |
| 82 | ||
| 83 | static inline void | |
| 84 | hash_ipportip4_data_copy(struct hash_ipportip4_elem *dst, | |
| 85 | const struct hash_ipportip4_elem *src) | |
| 86 | { | |
| 87 | memcpy(dst, src, sizeof(*dst)); | |
| 88 | } | |
| 89 | ||
| 90 | static inline void | |
| 91 | hash_ipportip4_data_zero_out(struct hash_ipportip4_elem *elem) | |
| 92 | { | |
| 93 | elem->proto = 0; | |
| 94 | } | |
| 95 | ||
| 96 | static bool | |
| 97 | hash_ipportip4_data_list(struct sk_buff *skb, | |
| 98 | const struct hash_ipportip4_elem *data) | |
| 99 | { | |
| 7cf7899d DM |
100 | if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || |
| 101 | nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) || | |
| 102 | nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 103 | nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) | |
| 104 | goto nla_put_failure; | |
| 5663bc30 JK |
105 | return 0; |
| 106 | ||
| 107 | nla_put_failure: | |
| 108 | return 1; | |
| 109 | } | |
| 110 | ||
| 111 | static bool | |
| 112 | hash_ipportip4_data_tlist(struct sk_buff *skb, | |
| 113 | const struct hash_ipportip4_elem *data) | |
| 114 | { | |
| 115 | const struct hash_ipportip4_telem *tdata = | |
| 116 | (const struct hash_ipportip4_telem *)data; | |
| 117 | ||
| 7cf7899d DM |
118 | if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || |
| 119 | nla_put_ipaddr4(skb, IPSET_ATTR_IP2, tdata->ip2) || | |
| 120 | nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) || | |
| 121 | nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 122 | nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 123 | htonl(ip_set_timeout_get(tdata->timeout)))) | |
| 124 | goto nla_put_failure; | |
| 5663bc30 JK |
125 | return 0; |
| 126 | ||
| 127 | nla_put_failure: | |
| 128 | return 1; | |
| 129 | } | |
| 130 | ||
| 131 | #define PF 4 | |
| 132 | #define HOST_MASK 32 | |
| 133 | #include <linux/netfilter/ipset/ip_set_ahash.h> | |
| 134 | ||
| 3d14b171 JK |
135 | static inline void |
| 136 | hash_ipportip4_data_next(struct ip_set_hash *h, | |
| 137 | const struct hash_ipportip4_elem *d) | |
| 138 | { | |
| 6e27c9b4 JK |
139 | h->next.ip = d->ip; |
| 140 | h->next.port = d->port; | |
| 3d14b171 JK |
141 | } |
| 142 | ||
| 5663bc30 JK |
143 | static int |
| 144 | hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb, | |
| b66554cf | 145 | const struct xt_action_param *par, |
| ac8cc925 | 146 | enum ipset_adt adt, const struct ip_set_adt_opt *opt) |
| 5663bc30 JK |
147 | { |
| 148 | const struct ip_set_hash *h = set->data; | |
| 149 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
| 150 | struct hash_ipportip4_elem data = { }; | |
| 151 | ||
| ac8cc925 | 152 | if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC, |
| 5663bc30 JK |
153 | &data.port, &data.proto)) |
| 154 | return -EINVAL; | |
| 155 | ||
| ac8cc925 JK |
156 | ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &data.ip); |
| 157 | ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &data.ip2); | |
| 5663bc30 | 158 | |
| ac8cc925 | 159 | return adtfn(set, &data, opt_timeout(opt, h), opt->cmdflags); |
| 5663bc30 JK |
160 | } |
| 161 | ||
| 162 | static int | |
| 163 | hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |
| 3d14b171 | 164 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) |
| 5663bc30 JK |
165 | { |
| 166 | const struct ip_set_hash *h = set->data; | |
| 167 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
| 168 | struct hash_ipportip4_elem data = { }; | |
| 4fe198e6 | 169 | u32 ip, ip_to, p = 0, port, port_to; |
| 5663bc30 | 170 | u32 timeout = h->timeout; |
| 5e0c1eb7 | 171 | bool with_ports = false; |
| 5663bc30 JK |
172 | int ret; |
| 173 | ||
| 174 | if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || | |
| 175 | !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || | |
| 176 | !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || | |
| 177 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) | |
| 178 | return -IPSET_ERR_PROTOCOL; | |
| 179 | ||
| 180 | if (tb[IPSET_ATTR_LINENO]) | |
| 181 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
| 182 | ||
| 183 | ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &data.ip); | |
| 184 | if (ret) | |
| 185 | return ret; | |
| 186 | ||
| 187 | ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP2], &data.ip2); | |
| 188 | if (ret) | |
| 189 | return ret; | |
| 190 | ||
| 191 | if (tb[IPSET_ATTR_PORT]) | |
| 192 | data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); | |
| 193 | else | |
| 194 | return -IPSET_ERR_PROTOCOL; | |
| 195 | ||
| 196 | if (tb[IPSET_ATTR_PROTO]) { | |
| 197 | data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); | |
| 5e0c1eb7 | 198 | with_ports = ip_set_proto_with_ports(data.proto); |
| 5663bc30 JK |
199 | |
| 200 | if (data.proto == 0) | |
| 201 | return -IPSET_ERR_INVALID_PROTO; | |
| 202 | } else | |
| 203 | return -IPSET_ERR_MISSING_PROTO; | |
| 204 | ||
| 5e0c1eb7 | 205 | if (!(with_ports || data.proto == IPPROTO_ICMP)) |
| 5663bc30 | 206 | data.port = 0; |
| 5663bc30 JK |
207 | |
| 208 | if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 209 | if (!with_timeout(h->timeout)) | |
| 210 | return -IPSET_ERR_TIMEOUT; | |
| 211 | timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 212 | } | |
| 213 | ||
| 214 | if (adt == IPSET_TEST || | |
| 5663bc30 JK |
215 | !(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_CIDR] || |
| 216 | tb[IPSET_ATTR_PORT_TO])) { | |
| 5416219e | 217 | ret = adtfn(set, &data, timeout, flags); |
| 5663bc30 JK |
218 | return ip_set_eexist(ret, flags) ? 0 : ret; |
| 219 | } | |
| 220 | ||
| 4fe198e6 | 221 | ip_to = ip = ntohl(data.ip); |
| 5663bc30 JK |
222 | if (tb[IPSET_ATTR_IP_TO]) { |
| 223 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | |
| 224 | if (ret) | |
| 225 | return ret; | |
| 226 | if (ip > ip_to) | |
| 227 | swap(ip, ip_to); | |
| 228 | } else if (tb[IPSET_ATTR_CIDR]) { | |
| 229 | u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | |
| 230 | ||
| b9fed748 | 231 | if (!cidr || cidr > 32) |
| 5663bc30 | 232 | return -IPSET_ERR_INVALID_CIDR; |
| e6146e86 | 233 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 4fe198e6 | 234 | } |
| 5663bc30 | 235 | |
| 5e0c1eb7 JK |
236 | port_to = port = ntohs(data.port); |
| 237 | if (with_ports && tb[IPSET_ATTR_PORT_TO]) { | |
| 5663bc30 JK |
238 | port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); |
| 239 | if (port > port_to) | |
| 240 | swap(port, port_to); | |
| 5e0c1eb7 | 241 | } |
| 5663bc30 | 242 | |
| 3d14b171 | 243 | if (retried) |
| 6e27c9b4 | 244 | ip = ntohl(h->next.ip); |
| 3d14b171 | 245 | for (; !before(ip_to, ip); ip++) { |
| 6e27c9b4 JK |
246 | p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port) |
| 247 | : port; | |
| 3d14b171 | 248 | for (; p <= port_to; p++) { |
| 5663bc30 JK |
249 | data.ip = htonl(ip); |
| 250 | data.port = htons(p); | |
| 5416219e | 251 | ret = adtfn(set, &data, timeout, flags); |
| 5663bc30 JK |
252 | |
| 253 | if (ret && !ip_set_eexist(ret, flags)) | |
| 254 | return ret; | |
| 255 | else | |
| 256 | ret = 0; | |
| 257 | } | |
| 3d14b171 | 258 | } |
| 5663bc30 JK |
259 | return ret; |
| 260 | } | |
| 261 | ||
| 262 | static bool | |
| 263 | hash_ipportip_same_set(const struct ip_set *a, const struct ip_set *b) | |
| 264 | { | |
| 265 | const struct ip_set_hash *x = a->data; | |
| 266 | const struct ip_set_hash *y = b->data; | |
| 267 | ||
| 268 | /* Resizing changes htable_bits, so we ignore it */ | |
| 269 | return x->maxelem == y->maxelem && | |
| 270 | x->timeout == y->timeout; | |
| 271 | } | |
| 272 | ||
| 273 | /* The type variant functions: IPv6 */ | |
| 274 | ||
| 275 | struct hash_ipportip6_elem { | |
| 276 | union nf_inet_addr ip; | |
| 277 | union nf_inet_addr ip2; | |
| 278 | __be16 port; | |
| 279 | u8 proto; | |
| 280 | u8 padding; | |
| 281 | }; | |
| 282 | ||
| 283 | struct hash_ipportip6_telem { | |
| 284 | union nf_inet_addr ip; | |
| 285 | union nf_inet_addr ip2; | |
| 286 | __be16 port; | |
| 287 | u8 proto; | |
| 288 | u8 padding; | |
| 289 | unsigned long timeout; | |
| 290 | }; | |
| 291 | ||
| 292 | static inline bool | |
| 293 | hash_ipportip6_data_equal(const struct hash_ipportip6_elem *ip1, | |
| 89dc79b7 JK |
294 | const struct hash_ipportip6_elem *ip2, |
| 295 | u32 *multi) | |
| 5663bc30 JK |
296 | { |
| 297 | return ipv6_addr_cmp(&ip1->ip.in6, &ip2->ip.in6) == 0 && | |
| 298 | ipv6_addr_cmp(&ip1->ip2.in6, &ip2->ip2.in6) == 0 && | |
| 299 | ip1->port == ip2->port && | |
| 300 | ip1->proto == ip2->proto; | |
| 301 | } | |
| 302 | ||
| 303 | static inline bool | |
| 304 | hash_ipportip6_data_isnull(const struct hash_ipportip6_elem *elem) | |
| 305 | { | |
| 306 | return elem->proto == 0; | |
| 307 | } | |
| 308 | ||
| 309 | static inline void | |
| 310 | hash_ipportip6_data_copy(struct hash_ipportip6_elem *dst, | |
| 311 | const struct hash_ipportip6_elem *src) | |
| 312 | { | |
| 313 | memcpy(dst, src, sizeof(*dst)); | |
| 314 | } | |
| 315 | ||
| 316 | static inline void | |
| 317 | hash_ipportip6_data_zero_out(struct hash_ipportip6_elem *elem) | |
| 318 | { | |
| 319 | elem->proto = 0; | |
| 320 | } | |
| 321 | ||
| 322 | static bool | |
| 323 | hash_ipportip6_data_list(struct sk_buff *skb, | |
| 324 | const struct hash_ipportip6_elem *data) | |
| 325 | { | |
| 7cf7899d DM |
326 | if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || |
| 327 | nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) || | |
| 328 | nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 329 | nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) | |
| 330 | goto nla_put_failure; | |
| 5663bc30 JK |
331 | return 0; |
| 332 | ||
| 333 | nla_put_failure: | |
| 334 | return 1; | |
| 335 | } | |
| 336 | ||
| 337 | static bool | |
| 338 | hash_ipportip6_data_tlist(struct sk_buff *skb, | |
| 339 | const struct hash_ipportip6_elem *data) | |
| 340 | { | |
| 341 | const struct hash_ipportip6_telem *e = | |
| 342 | (const struct hash_ipportip6_telem *)data; | |
| 343 | ||
| 7cf7899d DM |
344 | if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || |
| 345 | nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) || | |
| 346 | nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 347 | nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 348 | nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 349 | htonl(ip_set_timeout_get(e->timeout)))) | |
| 350 | goto nla_put_failure; | |
| 5663bc30 JK |
351 | return 0; |
| 352 | ||
| 353 | nla_put_failure: | |
| 354 | return 1; | |
| 355 | } | |
| 356 | ||
| 357 | #undef PF | |
| 358 | #undef HOST_MASK | |
| 359 | ||
| 360 | #define PF 6 | |
| 361 | #define HOST_MASK 128 | |
| 362 | #include <linux/netfilter/ipset/ip_set_ahash.h> | |
| 363 | ||
| 3d14b171 JK |
364 | static inline void |
| 365 | hash_ipportip6_data_next(struct ip_set_hash *h, | |
| 366 | const struct hash_ipportip6_elem *d) | |
| 367 | { | |
| 6e27c9b4 | 368 | h->next.port = d->port; |
| 3d14b171 JK |
369 | } |
| 370 | ||
| 5663bc30 JK |
371 | static int |
| 372 | hash_ipportip6_kadt(struct ip_set *set, const struct sk_buff *skb, | |
| b66554cf | 373 | const struct xt_action_param *par, |
| ac8cc925 | 374 | enum ipset_adt adt, const struct ip_set_adt_opt *opt) |
| 5663bc30 JK |
375 | { |
| 376 | const struct ip_set_hash *h = set->data; | |
| 377 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
| 378 | struct hash_ipportip6_elem data = { }; | |
| 379 | ||
| ac8cc925 | 380 | if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC, |
| 5663bc30 JK |
381 | &data.port, &data.proto)) |
| 382 | return -EINVAL; | |
| 383 | ||
| ac8cc925 JK |
384 | ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &data.ip.in6); |
| 385 | ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &data.ip2.in6); | |
| 5663bc30 | 386 | |
| ac8cc925 | 387 | return adtfn(set, &data, opt_timeout(opt, h), opt->cmdflags); |
| 5663bc30 JK |
388 | } |
| 389 | ||
| 390 | static int | |
| 391 | hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[], | |
| 3d14b171 | 392 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) |
| 5663bc30 JK |
393 | { |
| 394 | const struct ip_set_hash *h = set->data; | |
| 395 | ipset_adtfn adtfn = set->variant->adt[adt]; | |
| 396 | struct hash_ipportip6_elem data = { }; | |
| 397 | u32 port, port_to; | |
| 398 | u32 timeout = h->timeout; | |
| 5e0c1eb7 | 399 | bool with_ports = false; |
| 5663bc30 JK |
400 | int ret; |
| 401 | ||
| 402 | if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || | |
| 403 | !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || | |
| 404 | !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || | |
| 405 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || | |
| 406 | tb[IPSET_ATTR_IP_TO] || | |
| 407 | tb[IPSET_ATTR_CIDR])) | |
| 408 | return -IPSET_ERR_PROTOCOL; | |
| 409 | ||
| 410 | if (tb[IPSET_ATTR_LINENO]) | |
| 411 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
| 412 | ||
| 413 | ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &data.ip); | |
| 414 | if (ret) | |
| 415 | return ret; | |
| 416 | ||
| 417 | ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &data.ip2); | |
| 418 | if (ret) | |
| 419 | return ret; | |
| 420 | ||
| 421 | if (tb[IPSET_ATTR_PORT]) | |
| 422 | data.port = nla_get_be16(tb[IPSET_ATTR_PORT]); | |
| 423 | else | |
| 424 | return -IPSET_ERR_PROTOCOL; | |
| 425 | ||
| 426 | if (tb[IPSET_ATTR_PROTO]) { | |
| 427 | data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); | |
| 5e0c1eb7 | 428 | with_ports = ip_set_proto_with_ports(data.proto); |
| 5663bc30 JK |
429 | |
| 430 | if (data.proto == 0) | |
| 431 | return -IPSET_ERR_INVALID_PROTO; | |
| 432 | } else | |
| 433 | return -IPSET_ERR_MISSING_PROTO; | |
| 434 | ||
| 5e0c1eb7 | 435 | if (!(with_ports || data.proto == IPPROTO_ICMPV6)) |
| 5663bc30 | 436 | data.port = 0; |
| 5663bc30 JK |
437 | |
| 438 | if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 439 | if (!with_timeout(h->timeout)) | |
| 440 | return -IPSET_ERR_TIMEOUT; | |
| 441 | timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 442 | } | |
| 443 | ||
| 5e0c1eb7 | 444 | if (adt == IPSET_TEST || !with_ports || !tb[IPSET_ATTR_PORT_TO]) { |
| 5416219e | 445 | ret = adtfn(set, &data, timeout, flags); |
| 5663bc30 JK |
446 | return ip_set_eexist(ret, flags) ? 0 : ret; |
| 447 | } | |
| 448 | ||
| 449 | port = ntohs(data.port); | |
| 450 | port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); | |
| 451 | if (port > port_to) | |
| 452 | swap(port, port_to); | |
| 453 | ||
| 3d14b171 | 454 | if (retried) |
| 6e27c9b4 | 455 | port = ntohs(h->next.port); |
| 5663bc30 JK |
456 | for (; port <= port_to; port++) { |
| 457 | data.port = htons(port); | |
| 5416219e | 458 | ret = adtfn(set, &data, timeout, flags); |
| 5663bc30 JK |
459 | |
| 460 | if (ret && !ip_set_eexist(ret, flags)) | |
| 461 | return ret; | |
| 462 | else | |
| 463 | ret = 0; | |
| 464 | } | |
| 465 | return ret; | |
| 466 | } | |
| 467 | ||
| 468 | /* Create hash:ip type of sets */ | |
| 469 | ||
| 470 | static int | |
| 471 | hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |
| 472 | { | |
| 473 | struct ip_set_hash *h; | |
| 474 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; | |
| 475 | u8 hbits; | |
| 26a5d3cc | 476 | size_t hsize; |
| 5663bc30 | 477 | |
| c15f1c83 | 478 | if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) |
| 5663bc30 JK |
479 | return -IPSET_ERR_INVALID_FAMILY; |
| 480 | ||
| 481 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || | |
| 482 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || | |
| 483 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) | |
| 484 | return -IPSET_ERR_PROTOCOL; | |
| 485 | ||
| 486 | if (tb[IPSET_ATTR_HASHSIZE]) { | |
| 487 | hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]); | |
| 488 | if (hashsize < IPSET_MIMINAL_HASHSIZE) | |
| 489 | hashsize = IPSET_MIMINAL_HASHSIZE; | |
| 490 | } | |
| 491 | ||
| 492 | if (tb[IPSET_ATTR_MAXELEM]) | |
| 493 | maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]); | |
| 494 | ||
| 495 | h = kzalloc(sizeof(*h), GFP_KERNEL); | |
| 496 | if (!h) | |
| 497 | return -ENOMEM; | |
| 498 | ||
| 499 | h->maxelem = maxelem; | |
| 500 | get_random_bytes(&h->initval, sizeof(h->initval)); | |
| 501 | h->timeout = IPSET_NO_TIMEOUT; | |
| 502 | ||
| 503 | hbits = htable_bits(hashsize); | |
| 26a5d3cc JK |
504 | hsize = htable_size(hbits); |
| 505 | if (hsize == 0) { | |
| 506 | kfree(h); | |
| 507 | return -ENOMEM; | |
| 508 | } | |
| 509 | h->table = ip_set_alloc(hsize); | |
| 5663bc30 JK |
510 | if (!h->table) { |
| 511 | kfree(h); | |
| 512 | return -ENOMEM; | |
| 513 | } | |
| 514 | h->table->htable_bits = hbits; | |
| 515 | ||
| 516 | set->data = h; | |
| 517 | ||
| 518 | if (tb[IPSET_ATTR_TIMEOUT]) { | |
| 519 | h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); | |
| 520 | ||
| c15f1c83 | 521 | set->variant = set->family == NFPROTO_IPV4 |
| 5663bc30 JK |
522 | ? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant; |
| 523 | ||
| c15f1c83 | 524 | if (set->family == NFPROTO_IPV4) |
| 5663bc30 JK |
525 | hash_ipportip4_gc_init(set); |
| 526 | else | |
| 527 | hash_ipportip6_gc_init(set); | |
| 528 | } else { | |
| c15f1c83 | 529 | set->variant = set->family == NFPROTO_IPV4 |
| 5663bc30 JK |
530 | ? &hash_ipportip4_variant : &hash_ipportip6_variant; |
| 531 | } | |
| 532 | ||
| 533 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", | |
| 534 | set->name, jhash_size(h->table->htable_bits), | |
| 535 | h->table->htable_bits, h->maxelem, set->data, h->table); | |
| 536 | ||
| 537 | return 0; | |
| 538 | } | |
| 539 | ||
| 540 | static struct ip_set_type hash_ipportip_type __read_mostly = { | |
| 541 | .name = "hash:ip,port,ip", | |
| 542 | .protocol = IPSET_PROTOCOL, | |
| 543 | .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, | |
| 544 | .dimension = IPSET_DIM_THREE, | |
| c15f1c83 | 545 | .family = NFPROTO_UNSPEC, |
| 10111a6e JK |
546 | .revision_min = REVISION_MIN, |
| 547 | .revision_max = REVISION_MAX, | |
| 5663bc30 JK |
548 | .create = hash_ipportip_create, |
| 549 | .create_policy = { | |
| 550 | [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, | |
| 551 | [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, | |
| 552 | [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, | |
| 553 | [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, | |
| 554 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
| 555 | }, | |
| 556 | .adt_policy = { | |
| 557 | [IPSET_ATTR_IP] = { .type = NLA_NESTED }, | |
| 558 | [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED }, | |
| 559 | [IPSET_ATTR_IP2] = { .type = NLA_NESTED }, | |
| 560 | [IPSET_ATTR_PORT] = { .type = NLA_U16 }, | |
| 561 | [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 }, | |
| 562 | [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, | |
| 563 | [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, | |
| 564 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
| 565 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | |
| 566 | }, | |
| 567 | .me = THIS_MODULE, | |
| 568 | }; | |
| 569 | ||
| 570 | static int __init | |
| 571 | hash_ipportip_init(void) | |
| 572 | { | |
| 573 | return ip_set_type_register(&hash_ipportip_type); | |
| 574 | } | |
| 575 | ||
| 576 | static void __exit | |
| 577 | hash_ipportip_fini(void) | |
| 578 | { | |
| 579 | ip_set_type_unregister(&hash_ipportip_type); | |
| 580 | } | |
| 581 | ||
| 582 | module_init(hash_ipportip_init); | |
| 583 | module_exit(hash_ipportip_fini); |