diff options
| author | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-10-20 10:00:26 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-10-20 10:00:26 +0000 |
| commit | a96e4fca10506462df4ee4035f0f86f09bd9dc34 (patch) | |
| tree | 103bed0a7ae3608675f371d2ac91f3fa7f3a58cc /kernel/include/linux/netfilter_ipv4/ip_set.h | |
| parent | bc2ddd2d8da1252e78a1f25bd91c1e3cd8016ead (diff) | |
ipset 2.4 release
userspace changes:
- Added KBUILD_OUTPUT support (Sven Wegener)
- Fix memory leak in ipset_iptreemap (Sven Wegener)
- Fix multiple compiler warnings (Sven Wegener)
- ipportiphash, ipportnethash and setlist types added
- binding marked as deprecated functionality
- element separator token changed to ',' in anticipating
IPv6 addresses, old separator tokens are still supported
- unnecessary includes removed
- ipset does not try to resolve IP addresses when listing
the content of sets (default changed)
- manpage updated
- ChangeLog forked for kernel part
kernel part changes:
- ipportiphash, ipportnethash and setlist types added
- set type modules reworked to avoid code duplication
as much as possible, code unification macros
- expand_macros Makefile target added to help debugging
code unification macros
- ip_set_addip_kernel and ip_set_delip_kernel
changed from void to int, __ip_set_get_byname and
__ip_set_put_byid added for the sake of setlist type
- unnecessary includes removed
- compatibility fix for kernels >= 2.6.27:
semaphore.h was moved from asm/ to linux/ (James King)
- ChangeLog forked for kernel part
Diffstat (limited to 'kernel/include/linux/netfilter_ipv4/ip_set.h')
| -rw-r--r-- | kernel/include/linux/netfilter_ipv4/ip_set.h | 86 |
1 files changed, 80 insertions, 6 deletions
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h index b8c7202..c29a460 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set.h @@ -87,6 +87,9 @@ typedef uint16_t ip_set_id_t; #define IPSET_TYPE_PORT 0x02 /* Port type of set */ #define IPSET_DATA_SINGLE 0x04 /* Single data storage */ #define IPSET_DATA_DOUBLE 0x08 /* Double data storage */ +#define IPSET_DATA_TRIPLE 0x10 /* Triple data storage */ +#define IPSET_TYPE_IP1 0x20 /* IP address type of set */ +#define IPSET_TYPE_SETNAME 0x40 /* setname type of set */ /* Reserved keywords */ #define IPSET_TOKEN_DEFAULT ":default:" @@ -296,8 +299,12 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) return 4 * ((((b - a + 8) / 8) + 3) / 4); } +/* General limit for the elements in a set */ +#define MAX_RANGE 0x0000FFFF + #ifdef __KERNEL__ #include <linux/netfilter_ipv4/ip_set_compat.h> +#include <linux/netfilter_ipv4/ip_set_malloc.h> #define ip_set_printk(format, args...) \ do { \ @@ -482,18 +489,85 @@ struct ip_set_hash { extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]); extern ip_set_id_t ip_set_get_byindex(ip_set_id_t id); extern void ip_set_put(ip_set_id_t id); +extern ip_set_id_t __ip_set_get_byname(const char name[IP_SET_MAXNAMELEN], + struct ip_set **set); +extern void __ip_set_put_byid(ip_set_id_t id); /* API for iptables set match, and SET target */ -extern void ip_set_addip_kernel(ip_set_id_t id, - const struct sk_buff *skb, - const u_int32_t *flags); -extern void ip_set_delip_kernel(ip_set_id_t id, - const struct sk_buff *skb, - const u_int32_t *flags); +extern int ip_set_addip_kernel(ip_set_id_t id, + const struct sk_buff *skb, + const u_int32_t *flags); +extern int ip_set_delip_kernel(ip_set_id_t id, + const struct sk_buff *skb, + const u_int32_t *flags); extern int ip_set_testip_kernel(ip_set_id_t id, const struct sk_buff *skb, const u_int32_t *flags); +/* Macros to generate functions */ + +#define STRUCT(pre, type) CONCAT2(pre, type) +#define CONCAT2(pre, type) struct pre##type + +#define FNAME(pre, mid, post) CONCAT3(pre, mid, post) +#define CONCAT3(pre, mid, post) pre##mid##post + +#define UADT0(type, adt, args...) \ +static int \ +FNAME(type,_u,adt)(struct ip_set *set, const void *data, size_t size, \ + ip_set_ip_t *hash_ip) \ +{ \ + const STRUCT(ip_set_req_,type) *req = data; \ + \ + return FNAME(type,_,adt)(set, hash_ip , ## args); \ +} + +#define UADT(type, adt, args...) \ + UADT0(type, adt, req->ip , ## args) + +#define KADT(type, adt, getfn, args...) \ +static int \ +FNAME(type,_k,adt)(struct ip_set *set, \ + const struct sk_buff *skb, \ + ip_set_ip_t *hash_ip, \ + const u_int32_t *flags, \ + unsigned char index) \ +{ \ + ip_set_ip_t ip = getfn(skb, flags[index]); \ + \ + KADT_CONDITION \ + return FNAME(type,_,adt)(set, hash_ip, ip , ##args); \ +} + +#define REGISTER_MODULE(type) \ +static int __init ip_set_##type##_init(void) \ +{ \ + init_max_page_size(); \ + return ip_set_register_set_type(&ip_set_##type); \ +} \ + \ +static void __exit ip_set_##type##_fini(void) \ +{ \ + /* FIXME: possible race with ip_set_create() */ \ + ip_set_unregister_set_type(&ip_set_##type); \ +} \ + \ +module_init(ip_set_##type##_init); \ +module_exit(ip_set_##type##_fini); + +/* Common functions */ + +static inline ip_set_ip_t +ipaddr(const struct sk_buff *skb, u_int32_t flag) +{ + return ntohl(flag & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); +} + +#define jhash_ip(map, i, ip) jhash_1word(ip, *(map->initval + i)) + +#define pack_ip_port(map, ip, port) \ + (port + ((ip - ((map)->first_ip)) << 16)) + #endif /* __KERNEL__ */ #endif /*_IP_SET_H*/ |