]>
Commit | Line | Data |
---|---|---|
d2912cb1 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
96518518 | 2 | /* |
ce6eb0d7 | 3 | * Copyright (c) 2008-2014 Patrick McHardy <kaber@trash.net> |
96518518 | 4 | * |
96518518 PM |
5 | * Development of this code funded by Astaro AG (http://www.astaro.com/) |
6 | */ | |
7 | ||
8 | #include <linux/kernel.h> | |
9 | #include <linux/init.h> | |
10 | #include <linux/module.h> | |
11 | #include <linux/list.h> | |
c50b960c | 12 | #include <linux/log2.h> |
96518518 PM |
13 | #include <linux/jhash.h> |
14 | #include <linux/netlink.h> | |
9d098292 | 15 | #include <linux/workqueue.h> |
cfe4a9dd | 16 | #include <linux/rhashtable.h> |
96518518 PM |
17 | #include <linux/netfilter.h> |
18 | #include <linux/netfilter/nf_tables.h> | |
19 | #include <net/netfilter/nf_tables.h> | |
20 | ||
cfe4a9dd | 21 | /* We target a hash table size of 4, element hint is 75% of final size */ |
5fc6ced9 | 22 | #define NFT_RHASH_ELEMENT_HINT 3 |
96518518 | 23 | |
5fc6ced9 | 24 | struct nft_rhash { |
745f5450 | 25 | struct rhashtable ht; |
9d098292 | 26 | struct delayed_work gc_work; |
745f5450 PM |
27 | }; |
28 | ||
5fc6ced9 | 29 | struct nft_rhash_elem { |
cfe4a9dd | 30 | struct rhash_head node; |
fe2811eb | 31 | struct nft_set_ext ext; |
96518518 PM |
32 | }; |
33 | ||
5fc6ced9 | 34 | struct nft_rhash_cmp_arg { |
bfd6e327 | 35 | const struct nft_set *set; |
8cd8937a | 36 | const u32 *key; |
cc02e457 | 37 | u8 genmask; |
bfd6e327 PM |
38 | }; |
39 | ||
5fc6ced9 | 40 | static inline u32 nft_rhash_key(const void *data, u32 len, u32 seed) |
bfd6e327 | 41 | { |
5fc6ced9 | 42 | const struct nft_rhash_cmp_arg *arg = data; |
bfd6e327 PM |
43 | |
44 | return jhash(arg->key, len, seed); | |
45 | } | |
46 | ||
5fc6ced9 | 47 | static inline u32 nft_rhash_obj(const void *data, u32 len, u32 seed) |
bfd6e327 | 48 | { |
5fc6ced9 | 49 | const struct nft_rhash_elem *he = data; |
bfd6e327 | 50 | |
fe2811eb | 51 | return jhash(nft_set_ext_key(&he->ext), len, seed); |
bfd6e327 PM |
52 | } |
53 | ||
5fc6ced9 PNA |
54 | static inline int nft_rhash_cmp(struct rhashtable_compare_arg *arg, |
55 | const void *ptr) | |
bfd6e327 | 56 | { |
5fc6ced9 PNA |
57 | const struct nft_rhash_cmp_arg *x = arg->key; |
58 | const struct nft_rhash_elem *he = ptr; | |
bfd6e327 | 59 | |
e562d860 | 60 | if (memcmp(nft_set_ext_key(&he->ext), x->key, x->set->klen)) |
bfd6e327 | 61 | return 1; |
9d098292 PM |
62 | if (nft_set_elem_expired(&he->ext)) |
63 | return 1; | |
cc02e457 PM |
64 | if (!nft_set_elem_active(&he->ext, x->genmask)) |
65 | return 1; | |
bfd6e327 PM |
66 | return 0; |
67 | } | |
68 | ||
5fc6ced9 PNA |
69 | static const struct rhashtable_params nft_rhash_params = { |
70 | .head_offset = offsetof(struct nft_rhash_elem, node), | |
71 | .hashfn = nft_rhash_key, | |
72 | .obj_hashfn = nft_rhash_obj, | |
73 | .obj_cmpfn = nft_rhash_cmp, | |
187388bc PNA |
74 | .automatic_shrinking = true, |
75 | }; | |
76 | ||
5fc6ced9 PNA |
77 | static bool nft_rhash_lookup(const struct net *net, const struct nft_set *set, |
78 | const u32 *key, const struct nft_set_ext **ext) | |
96518518 | 79 | { |
5fc6ced9 PNA |
80 | struct nft_rhash *priv = nft_set_priv(set); |
81 | const struct nft_rhash_elem *he; | |
82 | struct nft_rhash_cmp_arg arg = { | |
42a55769 | 83 | .genmask = nft_genmask_cur(net), |
bfd6e327 PM |
84 | .set = set, |
85 | .key = key, | |
86 | }; | |
ce6eb0d7 | 87 | |
a2d88182 | 88 | he = rhashtable_lookup(&priv->ht, &arg, nft_rhash_params); |
b2832dd6 PM |
89 | if (he != NULL) |
90 | *ext = &he->ext; | |
ce6eb0d7 | 91 | |
cfe4a9dd | 92 | return !!he; |
96518518 PM |
93 | } |
94 | ||
ba0e4d99 PNA |
95 | static void *nft_rhash_get(const struct net *net, const struct nft_set *set, |
96 | const struct nft_set_elem *elem, unsigned int flags) | |
97 | { | |
98 | struct nft_rhash *priv = nft_set_priv(set); | |
99 | struct nft_rhash_elem *he; | |
100 | struct nft_rhash_cmp_arg arg = { | |
101 | .genmask = nft_genmask_cur(net), | |
102 | .set = set, | |
103 | .key = elem->key.val.data, | |
104 | }; | |
105 | ||
a2d88182 | 106 | he = rhashtable_lookup(&priv->ht, &arg, nft_rhash_params); |
ba0e4d99 PNA |
107 | if (he != NULL) |
108 | return he; | |
109 | ||
110 | return ERR_PTR(-ENOENT); | |
111 | } | |
112 | ||
5fc6ced9 PNA |
113 | static bool nft_rhash_update(struct nft_set *set, const u32 *key, |
114 | void *(*new)(struct nft_set *, | |
115 | const struct nft_expr *, | |
116 | struct nft_regs *regs), | |
117 | const struct nft_expr *expr, | |
118 | struct nft_regs *regs, | |
119 | const struct nft_set_ext **ext) | |
22fe54d5 | 120 | { |
5fc6ced9 PNA |
121 | struct nft_rhash *priv = nft_set_priv(set); |
122 | struct nft_rhash_elem *he, *prev; | |
123 | struct nft_rhash_cmp_arg arg = { | |
22fe54d5 PM |
124 | .genmask = NFT_GENMASK_ANY, |
125 | .set = set, | |
126 | .key = key, | |
127 | }; | |
128 | ||
a2d88182 | 129 | he = rhashtable_lookup(&priv->ht, &arg, nft_rhash_params); |
22fe54d5 PM |
130 | if (he != NULL) |
131 | goto out; | |
132 | ||
a55e22e9 | 133 | he = new(set, expr, regs); |
22fe54d5 PM |
134 | if (he == NULL) |
135 | goto err1; | |
dab45060 LZ |
136 | |
137 | prev = rhashtable_lookup_get_insert_key(&priv->ht, &arg, &he->node, | |
5fc6ced9 | 138 | nft_rhash_params); |
dab45060 | 139 | if (IS_ERR(prev)) |
22fe54d5 | 140 | goto err2; |
dab45060 LZ |
141 | |
142 | /* Another cpu may race to insert the element with the same key */ | |
143 | if (prev) { | |
144 | nft_set_elem_destroy(set, he, true); | |
145 | he = prev; | |
146 | } | |
147 | ||
22fe54d5 PM |
148 | out: |
149 | *ext = &he->ext; | |
150 | return true; | |
151 | ||
152 | err2: | |
61f9e292 | 153 | nft_set_elem_destroy(set, he, true); |
22fe54d5 PM |
154 | err1: |
155 | return false; | |
156 | } | |
157 | ||
5fc6ced9 PNA |
158 | static int nft_rhash_insert(const struct net *net, const struct nft_set *set, |
159 | const struct nft_set_elem *elem, | |
160 | struct nft_set_ext **ext) | |
96518518 | 161 | { |
5fc6ced9 PNA |
162 | struct nft_rhash *priv = nft_set_priv(set); |
163 | struct nft_rhash_elem *he = elem->priv; | |
164 | struct nft_rhash_cmp_arg arg = { | |
42a55769 | 165 | .genmask = nft_genmask_next(net), |
bfd6e327 | 166 | .set = set, |
7d740264 | 167 | .key = elem->key.val.data, |
bfd6e327 | 168 | }; |
5fc6ced9 | 169 | struct nft_rhash_elem *prev; |
c016c7e4 PNA |
170 | |
171 | prev = rhashtable_lookup_get_insert_key(&priv->ht, &arg, &he->node, | |
5fc6ced9 | 172 | nft_rhash_params); |
c016c7e4 PNA |
173 | if (IS_ERR(prev)) |
174 | return PTR_ERR(prev); | |
175 | if (prev) { | |
176 | *ext = &prev->ext; | |
177 | return -EEXIST; | |
178 | } | |
179 | return 0; | |
96518518 PM |
180 | } |
181 | ||
5fc6ced9 PNA |
182 | static void nft_rhash_activate(const struct net *net, const struct nft_set *set, |
183 | const struct nft_set_elem *elem) | |
96518518 | 184 | { |
5fc6ced9 | 185 | struct nft_rhash_elem *he = elem->priv; |
ce6eb0d7 | 186 | |
42a55769 | 187 | nft_set_elem_change_active(net, set, &he->ext); |
9d098292 | 188 | nft_set_elem_clear_busy(&he->ext); |
20a69341 | 189 | } |
96518518 | 190 | |
5fc6ced9 PNA |
191 | static bool nft_rhash_flush(const struct net *net, |
192 | const struct nft_set *set, void *priv) | |
37df5301 | 193 | { |
5fc6ced9 | 194 | struct nft_rhash_elem *he = priv; |
37df5301 PNA |
195 | |
196 | if (!nft_set_elem_mark_busy(&he->ext) || | |
197 | !nft_is_active(net, &he->ext)) { | |
198 | nft_set_elem_change_active(net, set, &he->ext); | |
199 | return true; | |
200 | } | |
201 | return false; | |
202 | } | |
203 | ||
5fc6ced9 PNA |
204 | static void *nft_rhash_deactivate(const struct net *net, |
205 | const struct nft_set *set, | |
206 | const struct nft_set_elem *elem) | |
20a69341 | 207 | { |
5fc6ced9 PNA |
208 | struct nft_rhash *priv = nft_set_priv(set); |
209 | struct nft_rhash_elem *he; | |
210 | struct nft_rhash_cmp_arg arg = { | |
8eee54be | 211 | .genmask = nft_genmask_next(net), |
bfd6e327 | 212 | .set = set, |
7d740264 | 213 | .key = elem->key.val.data, |
bfd6e327 | 214 | }; |
fa377321 | 215 | |
9d098292 | 216 | rcu_read_lock(); |
a2d88182 | 217 | he = rhashtable_lookup(&priv->ht, &arg, nft_rhash_params); |
37df5301 | 218 | if (he != NULL && |
5fc6ced9 | 219 | !nft_rhash_flush(net, set, he)) |
37df5301 PNA |
220 | he = NULL; |
221 | ||
9d098292 | 222 | rcu_read_unlock(); |
8d24c0b4 | 223 | |
cc02e457 PM |
224 | return he; |
225 | } | |
8d24c0b4 | 226 | |
5fc6ced9 PNA |
227 | static void nft_rhash_remove(const struct net *net, |
228 | const struct nft_set *set, | |
229 | const struct nft_set_elem *elem) | |
cc02e457 | 230 | { |
5fc6ced9 PNA |
231 | struct nft_rhash *priv = nft_set_priv(set); |
232 | struct nft_rhash_elem *he = elem->priv; | |
cc02e457 | 233 | |
5fc6ced9 | 234 | rhashtable_remove_fast(&priv->ht, &he->node, nft_rhash_params); |
96518518 PM |
235 | } |
236 | ||
5fc6ced9 PNA |
237 | static void nft_rhash_walk(const struct nft_ctx *ctx, struct nft_set *set, |
238 | struct nft_set_iter *iter) | |
96518518 | 239 | { |
5fc6ced9 PNA |
240 | struct nft_rhash *priv = nft_set_priv(set); |
241 | struct nft_rhash_elem *he; | |
9a776628 | 242 | struct rhashtable_iter hti; |
20a69341 | 243 | struct nft_set_elem elem; |
88d6ed15 | 244 | |
0de22baa | 245 | rhashtable_walk_enter(&priv->ht, &hti); |
97a6ec4a | 246 | rhashtable_walk_start(&hti); |
9a776628 HX |
247 | |
248 | while ((he = rhashtable_walk_next(&hti))) { | |
249 | if (IS_ERR(he)) { | |
0de22baa TY |
250 | if (PTR_ERR(he) != -EAGAIN) { |
251 | iter->err = PTR_ERR(he); | |
252 | break; | |
9a776628 | 253 | } |
d8bdff59 HX |
254 | |
255 | continue; | |
9a776628 HX |
256 | } |
257 | ||
258 | if (iter->count < iter->skip) | |
259 | goto cont; | |
9d098292 PM |
260 | if (nft_set_elem_expired(&he->ext)) |
261 | goto cont; | |
8588ac09 | 262 | if (!nft_set_elem_active(&he->ext, iter->genmask)) |
cc02e457 | 263 | goto cont; |
20a69341 | 264 | |
fe2811eb | 265 | elem.priv = he; |
9a776628 HX |
266 | |
267 | iter->err = iter->fn(ctx, set, iter, &elem); | |
268 | if (iter->err < 0) | |
0de22baa | 269 | break; |
20a69341 | 270 | |
20a69341 | 271 | cont: |
9a776628 | 272 | iter->count++; |
96518518 | 273 | } |
9a776628 HX |
274 | rhashtable_walk_stop(&hti); |
275 | rhashtable_walk_exit(&hti); | |
96518518 PM |
276 | } |
277 | ||
5fc6ced9 | 278 | static void nft_rhash_gc(struct work_struct *work) |
9d098292 | 279 | { |
3dd0673a | 280 | struct nft_set *set; |
5fc6ced9 PNA |
281 | struct nft_rhash_elem *he; |
282 | struct nft_rhash *priv; | |
9d098292 PM |
283 | struct nft_set_gc_batch *gcb = NULL; |
284 | struct rhashtable_iter hti; | |
9d098292 | 285 | |
5fc6ced9 | 286 | priv = container_of(work, struct nft_rhash, gc_work.work); |
9d098292 PM |
287 | set = nft_set_container_of(priv); |
288 | ||
0de22baa | 289 | rhashtable_walk_enter(&priv->ht, &hti); |
97a6ec4a | 290 | rhashtable_walk_start(&hti); |
9d098292 PM |
291 | |
292 | while ((he = rhashtable_walk_next(&hti))) { | |
293 | if (IS_ERR(he)) { | |
294 | if (PTR_ERR(he) != -EAGAIN) | |
0de22baa | 295 | break; |
9d098292 PM |
296 | continue; |
297 | } | |
298 | ||
79b174ad PNA |
299 | if (nft_set_ext_exists(&he->ext, NFT_SET_EXT_EXPR)) { |
300 | struct nft_expr *expr = nft_set_ext_expr(&he->ext); | |
301 | ||
302 | if (expr->ops->gc && | |
303 | expr->ops->gc(read_pnet(&set->net), expr)) | |
304 | goto gc; | |
305 | } | |
9d098292 PM |
306 | if (!nft_set_elem_expired(&he->ext)) |
307 | continue; | |
79b174ad | 308 | gc: |
9d098292 PM |
309 | if (nft_set_elem_mark_busy(&he->ext)) |
310 | continue; | |
311 | ||
312 | gcb = nft_set_gc_batch_check(set, gcb, GFP_ATOMIC); | |
313 | if (gcb == NULL) | |
0de22baa | 314 | break; |
5fc6ced9 | 315 | rhashtable_remove_fast(&priv->ht, &he->node, nft_rhash_params); |
3dd0673a | 316 | atomic_dec(&set->nelems); |
9d098292 PM |
317 | nft_set_gc_batch_add(gcb, he); |
318 | } | |
9d098292 PM |
319 | rhashtable_walk_stop(&hti); |
320 | rhashtable_walk_exit(&hti); | |
321 | ||
322 | nft_set_gc_batch_complete(gcb); | |
9d098292 PM |
323 | queue_delayed_work(system_power_efficient_wq, &priv->gc_work, |
324 | nft_set_gc_interval(set)); | |
325 | } | |
326 | ||
4ef360dd TY |
327 | static u64 nft_rhash_privsize(const struct nlattr * const nla[], |
328 | const struct nft_set_desc *desc) | |
20a69341 | 329 | { |
5fc6ced9 | 330 | return sizeof(struct nft_rhash); |
cfe4a9dd TG |
331 | } |
332 | ||
79b174ad PNA |
333 | static void nft_rhash_gc_init(const struct nft_set *set) |
334 | { | |
335 | struct nft_rhash *priv = nft_set_priv(set); | |
336 | ||
337 | queue_delayed_work(system_power_efficient_wq, &priv->gc_work, | |
338 | nft_set_gc_interval(set)); | |
339 | } | |
340 | ||
5fc6ced9 PNA |
341 | static int nft_rhash_init(const struct nft_set *set, |
342 | const struct nft_set_desc *desc, | |
343 | const struct nlattr * const tb[]) | |
96518518 | 344 | { |
5fc6ced9 PNA |
345 | struct nft_rhash *priv = nft_set_priv(set); |
346 | struct rhashtable_params params = nft_rhash_params; | |
9d098292 | 347 | int err; |
fa377321 | 348 | |
5fc6ced9 | 349 | params.nelem_hint = desc->size ?: NFT_RHASH_ELEMENT_HINT; |
45d84751 | 350 | params.key_len = set->klen; |
96518518 | 351 | |
9d098292 PM |
352 | err = rhashtable_init(&priv->ht, ¶ms); |
353 | if (err < 0) | |
354 | return err; | |
355 | ||
5fc6ced9 | 356 | INIT_DEFERRABLE_WORK(&priv->gc_work, nft_rhash_gc); |
9d098292 | 357 | if (set->flags & NFT_SET_TIMEOUT) |
79b174ad PNA |
358 | nft_rhash_gc_init(set); |
359 | ||
9d098292 | 360 | return 0; |
96518518 PM |
361 | } |
362 | ||
5fc6ced9 | 363 | static void nft_rhash_elem_destroy(void *ptr, void *arg) |
96518518 | 364 | { |
68ad546a | 365 | nft_set_elem_destroy(arg, ptr, true); |
6b6f302c | 366 | } |
97defe1e | 367 | |
5fc6ced9 | 368 | static void nft_rhash_destroy(const struct nft_set *set) |
6b6f302c | 369 | { |
5fc6ced9 | 370 | struct nft_rhash *priv = nft_set_priv(set); |
745f5450 | 371 | |
9d098292 | 372 | cancel_delayed_work_sync(&priv->gc_work); |
9970a8e4 | 373 | rcu_barrier(); |
5fc6ced9 | 374 | rhashtable_free_and_destroy(&priv->ht, nft_rhash_elem_destroy, |
61edafbb | 375 | (void *)set); |
96518518 PM |
376 | } |
377 | ||
2111515a PNA |
378 | static u32 nft_hash_buckets(u32 size) |
379 | { | |
380 | return roundup_pow_of_two(size * 4 / 3); | |
381 | } | |
382 | ||
5fc6ced9 PNA |
383 | static bool nft_rhash_estimate(const struct nft_set_desc *desc, u32 features, |
384 | struct nft_set_estimate *est) | |
c50b960c | 385 | { |
6c03ae21 PNA |
386 | est->size = ~0; |
387 | est->lookup = NFT_SET_CLASS_O_1; | |
388 | est->space = NFT_SET_CLASS_O_N; | |
389 | ||
390 | return true; | |
391 | } | |
392 | ||
393 | struct nft_hash { | |
394 | u32 seed; | |
395 | u32 buckets; | |
396 | struct hlist_head table[]; | |
397 | }; | |
398 | ||
399 | struct nft_hash_elem { | |
400 | struct hlist_node node; | |
401 | struct nft_set_ext ext; | |
402 | }; | |
403 | ||
404 | static bool nft_hash_lookup(const struct net *net, const struct nft_set *set, | |
405 | const u32 *key, const struct nft_set_ext **ext) | |
406 | { | |
407 | struct nft_hash *priv = nft_set_priv(set); | |
408 | u8 genmask = nft_genmask_cur(net); | |
409 | const struct nft_hash_elem *he; | |
410 | u32 hash; | |
411 | ||
412 | hash = jhash(key, set->klen, priv->seed); | |
413 | hash = reciprocal_scale(hash, priv->buckets); | |
414 | hlist_for_each_entry_rcu(he, &priv->table[hash], node) { | |
415 | if (!memcmp(nft_set_ext_key(&he->ext), key, set->klen) && | |
416 | nft_set_elem_active(&he->ext, genmask)) { | |
417 | *ext = &he->ext; | |
418 | return true; | |
419 | } | |
420 | } | |
421 | return false; | |
422 | } | |
423 | ||
ba0e4d99 PNA |
424 | static void *nft_hash_get(const struct net *net, const struct nft_set *set, |
425 | const struct nft_set_elem *elem, unsigned int flags) | |
426 | { | |
427 | struct nft_hash *priv = nft_set_priv(set); | |
428 | u8 genmask = nft_genmask_cur(net); | |
429 | struct nft_hash_elem *he; | |
430 | u32 hash; | |
431 | ||
432 | hash = jhash(elem->key.val.data, set->klen, priv->seed); | |
433 | hash = reciprocal_scale(hash, priv->buckets); | |
434 | hlist_for_each_entry_rcu(he, &priv->table[hash], node) { | |
435 | if (!memcmp(nft_set_ext_key(&he->ext), elem->key.val.data, set->klen) && | |
436 | nft_set_elem_active(&he->ext, genmask)) | |
437 | return he; | |
438 | } | |
439 | return ERR_PTR(-ENOENT); | |
440 | } | |
441 | ||
446a8268 PNA |
442 | static bool nft_hash_lookup_fast(const struct net *net, |
443 | const struct nft_set *set, | |
444 | const u32 *key, const struct nft_set_ext **ext) | |
445 | { | |
446 | struct nft_hash *priv = nft_set_priv(set); | |
447 | u8 genmask = nft_genmask_cur(net); | |
448 | const struct nft_hash_elem *he; | |
449 | u32 hash, k1, k2; | |
450 | ||
123f89c8 | 451 | k1 = *key; |
446a8268 PNA |
452 | hash = jhash_1word(k1, priv->seed); |
453 | hash = reciprocal_scale(hash, priv->buckets); | |
454 | hlist_for_each_entry_rcu(he, &priv->table[hash], node) { | |
123f89c8 | 455 | k2 = *(u32 *)nft_set_ext_key(&he->ext)->data; |
446a8268 PNA |
456 | if (k1 == k2 && |
457 | nft_set_elem_active(&he->ext, genmask)) { | |
458 | *ext = &he->ext; | |
459 | return true; | |
460 | } | |
461 | } | |
462 | return false; | |
463 | } | |
464 | ||
3b02b0ad PNA |
465 | static u32 nft_jhash(const struct nft_set *set, const struct nft_hash *priv, |
466 | const struct nft_set_ext *ext) | |
467 | { | |
468 | const struct nft_data *key = nft_set_ext_key(ext); | |
469 | u32 hash, k1; | |
470 | ||
471 | if (set->klen == 4) { | |
472 | k1 = *(u32 *)key; | |
473 | hash = jhash_1word(k1, priv->seed); | |
474 | } else { | |
475 | hash = jhash(key, set->klen, priv->seed); | |
476 | } | |
477 | hash = reciprocal_scale(hash, priv->buckets); | |
478 | ||
479 | return hash; | |
480 | } | |
481 | ||
6c03ae21 PNA |
482 | static int nft_hash_insert(const struct net *net, const struct nft_set *set, |
483 | const struct nft_set_elem *elem, | |
484 | struct nft_set_ext **ext) | |
485 | { | |
486 | struct nft_hash_elem *this = elem->priv, *he; | |
487 | struct nft_hash *priv = nft_set_priv(set); | |
488 | u8 genmask = nft_genmask_next(net); | |
489 | u32 hash; | |
490 | ||
3b02b0ad | 491 | hash = nft_jhash(set, priv, &this->ext); |
6c03ae21 PNA |
492 | hlist_for_each_entry(he, &priv->table[hash], node) { |
493 | if (!memcmp(nft_set_ext_key(&this->ext), | |
494 | nft_set_ext_key(&he->ext), set->klen) && | |
495 | nft_set_elem_active(&he->ext, genmask)) { | |
496 | *ext = &he->ext; | |
497 | return -EEXIST; | |
498 | } | |
499 | } | |
500 | hlist_add_head_rcu(&this->node, &priv->table[hash]); | |
501 | return 0; | |
502 | } | |
503 | ||
504 | static void nft_hash_activate(const struct net *net, const struct nft_set *set, | |
505 | const struct nft_set_elem *elem) | |
506 | { | |
507 | struct nft_hash_elem *he = elem->priv; | |
508 | ||
509 | nft_set_elem_change_active(net, set, &he->ext); | |
510 | } | |
511 | ||
512 | static bool nft_hash_flush(const struct net *net, | |
513 | const struct nft_set *set, void *priv) | |
514 | { | |
515 | struct nft_hash_elem *he = priv; | |
516 | ||
517 | nft_set_elem_change_active(net, set, &he->ext); | |
518 | return true; | |
519 | } | |
520 | ||
521 | static void *nft_hash_deactivate(const struct net *net, | |
522 | const struct nft_set *set, | |
523 | const struct nft_set_elem *elem) | |
524 | { | |
525 | struct nft_hash *priv = nft_set_priv(set); | |
526 | struct nft_hash_elem *this = elem->priv, *he; | |
527 | u8 genmask = nft_genmask_next(net); | |
528 | u32 hash; | |
529 | ||
3b02b0ad | 530 | hash = nft_jhash(set, priv, &this->ext); |
6c03ae21 | 531 | hlist_for_each_entry(he, &priv->table[hash], node) { |
a01cbae5 | 532 | if (!memcmp(nft_set_ext_key(&he->ext), &elem->key.val, |
7f4dae2d | 533 | set->klen) && |
6c03ae21 PNA |
534 | nft_set_elem_active(&he->ext, genmask)) { |
535 | nft_set_elem_change_active(net, set, &he->ext); | |
536 | return he; | |
537 | } | |
538 | } | |
539 | return NULL; | |
540 | } | |
541 | ||
542 | static void nft_hash_remove(const struct net *net, | |
543 | const struct nft_set *set, | |
544 | const struct nft_set_elem *elem) | |
545 | { | |
546 | struct nft_hash_elem *he = elem->priv; | |
547 | ||
548 | hlist_del_rcu(&he->node); | |
549 | } | |
550 | ||
551 | static void nft_hash_walk(const struct nft_ctx *ctx, struct nft_set *set, | |
552 | struct nft_set_iter *iter) | |
553 | { | |
554 | struct nft_hash *priv = nft_set_priv(set); | |
555 | struct nft_hash_elem *he; | |
556 | struct nft_set_elem elem; | |
557 | int i; | |
558 | ||
559 | for (i = 0; i < priv->buckets; i++) { | |
560 | hlist_for_each_entry_rcu(he, &priv->table[i], node) { | |
561 | if (iter->count < iter->skip) | |
562 | goto cont; | |
563 | if (!nft_set_elem_active(&he->ext, iter->genmask)) | |
564 | goto cont; | |
565 | ||
566 | elem.priv = he; | |
567 | ||
568 | iter->err = iter->fn(ctx, set, iter, &elem); | |
569 | if (iter->err < 0) | |
570 | return; | |
571 | cont: | |
572 | iter->count++; | |
573 | } | |
574 | } | |
575 | } | |
576 | ||
4ef360dd TY |
577 | static u64 nft_hash_privsize(const struct nlattr * const nla[], |
578 | const struct nft_set_desc *desc) | |
6c03ae21 PNA |
579 | { |
580 | return sizeof(struct nft_hash) + | |
581 | nft_hash_buckets(desc->size) * sizeof(struct hlist_head); | |
582 | } | |
583 | ||
584 | static int nft_hash_init(const struct nft_set *set, | |
585 | const struct nft_set_desc *desc, | |
586 | const struct nlattr * const tb[]) | |
587 | { | |
588 | struct nft_hash *priv = nft_set_priv(set); | |
589 | ||
590 | priv->buckets = nft_hash_buckets(desc->size); | |
591 | get_random_bytes(&priv->seed, sizeof(priv->seed)); | |
592 | ||
593 | return 0; | |
594 | } | |
595 | ||
596 | static void nft_hash_destroy(const struct nft_set *set) | |
597 | { | |
598 | struct nft_hash *priv = nft_set_priv(set); | |
599 | struct nft_hash_elem *he; | |
600 | struct hlist_node *next; | |
601 | int i; | |
602 | ||
603 | for (i = 0; i < priv->buckets; i++) { | |
604 | hlist_for_each_entry_safe(he, next, &priv->table[i], node) { | |
605 | hlist_del_rcu(&he->node); | |
606 | nft_set_elem_destroy(set, he, true); | |
607 | } | |
608 | } | |
609 | } | |
c50b960c | 610 | |
6c03ae21 PNA |
611 | static bool nft_hash_estimate(const struct nft_set_desc *desc, u32 features, |
612 | struct nft_set_estimate *est) | |
613 | { | |
71cc0873 PS |
614 | if (!desc->size) |
615 | return false; | |
616 | ||
617 | if (desc->klen == 4) | |
618 | return false; | |
619 | ||
6c03ae21 PNA |
620 | est->size = sizeof(struct nft_hash) + |
621 | nft_hash_buckets(desc->size) * sizeof(struct hlist_head) + | |
622 | desc->size * sizeof(struct nft_hash_elem); | |
55af753c | 623 | est->lookup = NFT_SET_CLASS_O_1; |
0b5a7874 | 624 | est->space = NFT_SET_CLASS_O_N; |
c50b960c PM |
625 | |
626 | return true; | |
627 | } | |
628 | ||
71cc0873 PS |
629 | static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features, |
630 | struct nft_set_estimate *est) | |
631 | { | |
632 | if (!desc->size) | |
633 | return false; | |
2b664957 | 634 | |
71cc0873 PS |
635 | if (desc->klen != 4) |
636 | return false; | |
6c03ae21 | 637 | |
71cc0873 PS |
638 | est->size = sizeof(struct nft_hash) + |
639 | nft_hash_buckets(desc->size) * sizeof(struct hlist_head) + | |
640 | desc->size * sizeof(struct nft_hash_elem); | |
641 | est->lookup = NFT_SET_CLASS_O_1; | |
642 | est->space = NFT_SET_CLASS_O_N; | |
6c03ae21 | 643 | |
71cc0873 | 644 | return true; |
6c03ae21 PNA |
645 | } |
646 | ||
e240cd0d | 647 | struct nft_set_type nft_set_rhash_type __read_mostly = { |
71cc0873 PS |
648 | .owner = THIS_MODULE, |
649 | .features = NFT_SET_MAP | NFT_SET_OBJECT | | |
650 | NFT_SET_TIMEOUT | NFT_SET_EVAL, | |
651 | .ops = { | |
652 | .privsize = nft_rhash_privsize, | |
653 | .elemsize = offsetof(struct nft_rhash_elem, ext), | |
654 | .estimate = nft_rhash_estimate, | |
655 | .init = nft_rhash_init, | |
79b174ad | 656 | .gc_init = nft_rhash_gc_init, |
71cc0873 PS |
657 | .destroy = nft_rhash_destroy, |
658 | .insert = nft_rhash_insert, | |
659 | .activate = nft_rhash_activate, | |
660 | .deactivate = nft_rhash_deactivate, | |
661 | .flush = nft_rhash_flush, | |
662 | .remove = nft_rhash_remove, | |
663 | .lookup = nft_rhash_lookup, | |
664 | .update = nft_rhash_update, | |
665 | .walk = nft_rhash_walk, | |
666 | .get = nft_rhash_get, | |
667 | }, | |
668 | }; | |
669 | ||
e240cd0d | 670 | struct nft_set_type nft_set_hash_type __read_mostly = { |
20a69341 | 671 | .owner = THIS_MODULE, |
71cc0873 PS |
672 | .features = NFT_SET_MAP | NFT_SET_OBJECT, |
673 | .ops = { | |
674 | .privsize = nft_hash_privsize, | |
675 | .elemsize = offsetof(struct nft_hash_elem, ext), | |
676 | .estimate = nft_hash_estimate, | |
677 | .init = nft_hash_init, | |
678 | .destroy = nft_hash_destroy, | |
679 | .insert = nft_hash_insert, | |
680 | .activate = nft_hash_activate, | |
681 | .deactivate = nft_hash_deactivate, | |
682 | .flush = nft_hash_flush, | |
683 | .remove = nft_hash_remove, | |
684 | .lookup = nft_hash_lookup, | |
685 | .walk = nft_hash_walk, | |
686 | .get = nft_hash_get, | |
687 | }, | |
688 | }; | |
689 | ||
e240cd0d | 690 | struct nft_set_type nft_set_hash_fast_type __read_mostly = { |
71cc0873 PS |
691 | .owner = THIS_MODULE, |
692 | .features = NFT_SET_MAP | NFT_SET_OBJECT, | |
693 | .ops = { | |
694 | .privsize = nft_hash_privsize, | |
695 | .elemsize = offsetof(struct nft_hash_elem, ext), | |
696 | .estimate = nft_hash_fast_estimate, | |
697 | .init = nft_hash_init, | |
698 | .destroy = nft_hash_destroy, | |
699 | .insert = nft_hash_insert, | |
700 | .activate = nft_hash_activate, | |
701 | .deactivate = nft_hash_deactivate, | |
702 | .flush = nft_hash_flush, | |
703 | .remove = nft_hash_remove, | |
704 | .lookup = nft_hash_lookup_fast, | |
705 | .walk = nft_hash_walk, | |
706 | .get = nft_hash_get, | |
707 | }, | |
96518518 | 708 | }; |