ipset 4.0 releasedv4.0

See ChangeLog files
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2009-11-10 21:53:19 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2009-11-10 21:53:19 +0100
commit: cb76e46e97b0013305a7c96c2230a791675a15cf (patch)
tree: 919a4cf6a6a3de1fdfc432fdf10000dddf14f8db /kernel/include
parent: 17d954a793b8a275324e5941a9515b991c80789d (diff)
16 files changed, 82 insertions, 73 deletions
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h
index 3667352..da17319 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set.h
@@ -40,7 +40,8 @@
 /* 
  * Used so that the kernel module and ipset-binary can match their versions 
  */
-#define IP_SET_PROTOCOL_VERSION 3
+#define IP_SET_PROTOCOL_UNALIGNED	3
+#define IP_SET_PROTOCOL_VERSION		4
 
 #define IP_SET_MAXNAMELEN 32	/* set names and set typenames */
 
@@ -228,7 +229,7 @@ struct ip_set_req_max_sets {
 struct ip_set_req_setnames {
 	unsigned op;
 	ip_set_id_t index;		/* set to list/save */
-	u_int32_t size;			/* size to get setdata/bindings */
+	u_int32_t size;			/* size to get setdata */
 	/* followed by sets number of struct ip_set_name_list */
 };
 
@@ -302,6 +303,11 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b)
 /* General limit for the elements in a set */
 #define MAX_RANGE 0x0000FFFF
 
+/* Alignment: 'unsigned long' unsupported */
+#define IPSET_ALIGNTO		4
+#define	IPSET_ALIGN(len) (((len) + IPSET_ALIGNTO - 1) & ~(IPSET_ALIGNTO - 1))
+#define IPSET_VALIGN(len, old) ((old) ? (len) : IPSET_ALIGN(len))
+
 #ifdef __KERNEL__
 #include <linux/netfilter_ipv4/ip_set_compat.h>
 #include <linux/netfilter_ipv4/ip_set_malloc.h>
@@ -350,16 +356,13 @@ struct ip_set_type {
 	 */
 	int (*testip_kernel) (struct ip_set *set,
 			      const struct sk_buff * skb, 
-			      ip_set_ip_t *ip,
-			      const u_int32_t *flags,
-			      unsigned char index);
+			      const u_int32_t *flags);
 
 	/* test for IP in set (userspace: ipset -T set IP)
 	 * return 0 if not in set, 1 if in set.
 	 */
 	int (*testip) (struct ip_set *set,
-		       const void *data, u_int32_t size,
-		       ip_set_ip_t *ip);
+		       const void *data, u_int32_t size);
 
 	/*
 	 * Size of the data structure passed by when
@@ -373,8 +376,7 @@ struct ip_set_type {
 	 * If the address was not already in the set, 0 is returned.
 	 */
 	int (*addip) (struct ip_set *set, 
-		      const void *data, u_int32_t size,
-		      ip_set_ip_t *ip);
+		      const void *data, u_int32_t size);
 
 	/* Add IP into set (kernel: iptables ... -j SET set src|dst)
 	 * Return -EEXIST if the address is already in the set,
@@ -382,10 +384,8 @@ struct ip_set_type {
 	 * If the address was not already in the set, 0 is returned.
 	 */
 	int (*addip_kernel) (struct ip_set *set,
-			     const struct sk_buff * skb, 
-			     ip_set_ip_t *ip,
-			     const u_int32_t *flags,
-			     unsigned char index);
+			     const struct sk_buff * skb,
+			     const u_int32_t *flags);
 
 	/* remove IP from set (userspace: ipset -D set --entry x)
 	 * Return -EEXIST if the address is NOT in the set,
@@ -393,8 +393,7 @@ struct ip_set_type {
 	 * If the address really was in the set, 0 is returned.
 	 */
 	int (*delip) (struct ip_set *set, 
-		      const void *data, u_int32_t size,
-		      ip_set_ip_t *ip);
+		      const void *data, u_int32_t size);
 
 	/* remove IP from set (kernel: iptables ... -j SET --entry x)
 	 * Return -EEXIST if the address is NOT in the set,
@@ -402,10 +401,8 @@ struct ip_set_type {
 	 * If the address really was in the set, 0 is returned.
 	 */
 	int (*delip_kernel) (struct ip_set *set,
-			     const struct sk_buff * skb, 
-			     ip_set_ip_t *ip,
-			     const u_int32_t *flags,
-			     unsigned char index);
+			     const struct sk_buff * skb,
+			     const u_int32_t *flags);
 
 	/* new set creation - allocated type specific items
 	 */
@@ -443,7 +440,7 @@ struct ip_set_type {
 
 	/* Listing: Get the size for the set members
 	 */
-	int (*list_members_size) (const struct ip_set *set);
+	int (*list_members_size) (const struct ip_set *set, char dont_align);
 
 	/* Listing: Get the set members
 	 *
@@ -453,7 +450,7 @@ struct ip_set_type {
 	 * correct. 
 	 */
 	void (*list_members) (const struct ip_set *set,
-			      void *data);
+			      void *data, char dont_align);
 
 	char typename[IP_SET_MAXNAMELEN];
 	unsigned char features;
@@ -471,20 +468,11 @@ struct ip_set {
 	char name[IP_SET_MAXNAMELEN];	/* the name of the set */
 	rwlock_t lock;			/* lock for concurrency control */
 	ip_set_id_t id;			/* set id for swapping */
-	ip_set_id_t binding;		/* default binding for the set */
 	atomic_t ref;			/* in kernel and in hash references */
 	struct ip_set_type *type; 	/* the set types */
 	void *data;			/* pooltype specific data */
 };
 
-/* Structure to bind set elements to sets */
-struct ip_set_hash {
-	struct list_head list;		/* list of clashing entries in hash */
-	ip_set_ip_t ip;			/* ip from set */
-	ip_set_id_t id;			/* set id */
-	ip_set_id_t binding;		/* set we bind the element to */
-};
-
 /* register and unregister set references */
 extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]);
 extern ip_set_id_t ip_set_get_byindex(ip_set_id_t index);
@@ -515,12 +503,11 @@ extern int ip_set_testip_kernel(ip_set_id_t id,
 
 #define UADT0(type, adt, args...)					\
 static int								\
-FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size,\
-	     ip_set_ip_t *hash_ip)					\
+FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size)\
 {									\
 	const STRUCT(ip_set_req_,type) *req = data;			\
 									\
-	return FNAME(type,_,adt)(set, hash_ip , ## args);		\
+	return FNAME(type,_,adt)(set , ## args);			\
 }
 
 #define UADT(type, adt, args...)					\
@@ -530,14 +517,12 @@ FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size,\
 static int								\
 FNAME(type,_k,adt)(struct ip_set *set,					\
 	     const struct sk_buff *skb,					\
-	     ip_set_ip_t *hash_ip,					\
-	     const u_int32_t *flags,					\
-	     unsigned char index)					\
+	     const u_int32_t *flags)					\
 {									\
-	ip_set_ip_t ip = getfn(skb, flags[index]);			\
+	ip_set_ip_t ip = getfn(skb, flags);				\
 									\
 	KADT_CONDITION							\
-	return FNAME(type,_,adt)(set, hash_ip, ip , ##args);		\
+	return FNAME(type,_,adt)(set, ip , ##args);			\
 }
 
 #define REGISTER_MODULE(type)						\
@@ -559,9 +544,9 @@ module_exit(ip_set_##type##_fini);
 /* Common functions */
 
 static inline ip_set_ip_t
-ipaddr(const struct sk_buff *skb, u_int32_t flag)
+ipaddr(const struct sk_buff *skb, const u_int32_t *flags)
 {
-	return ntohl(flag & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr);
+	return ntohl(flags[0] & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr);
 }
 
 #define jhash_ip(map, i, ip)	jhash_1word(ip, *(map->initval + i))
@@ -571,4 +556,6 @@ ipaddr(const struct sk_buff *skb, u_int32_t flag)
 
 #endif				/* __KERNEL__ */
 
+#define UNUSED __attribute__ ((unused))
+
 #endif /*_IP_SET_H*/
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h
index 90e87e3..da3493f 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h
@@ -77,22 +77,21 @@ type##_list_header(const struct ip_set *set, void *data)		\
 	__##type##_list_header(map, header);				\
 }
 
-#define BITMAP_LIST_MEMBERS_SIZE(type)					\
+#define BITMAP_LIST_MEMBERS_SIZE(type, dtype, sizeid, testfn)		\
 static int								\
-type##_list_members_size(const struct ip_set *set)			\
+type##_list_members_size(const struct ip_set *set, char dont_align)	\
 {									\
 	const struct ip_set_##type *map = set->data;			\
+	ip_set_ip_t i, elements = 0;					\
 									\
-	return map->size;						\
-}
-
-#define BITMAP_LIST_MEMBERS(type)					\
-static void								\
-type##_list_members(const struct ip_set *set, void *data)		\
-{									\
-	const struct ip_set_##type *map = set->data;			\
+	if (dont_align)							\
+		return map->size;					\
+									\
+	for (i = 0; i < sizeid; i++)					\
+		if (testfn)						\
+			elements++;					\
 									\
-	memcpy(data, map->members, map->size);				\
+	return elements * IPSET_ALIGN(sizeof(dtype));			\
 }
 
 #define IP_SET_TYPE(type, __features)					\
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h
index 96c2024..9f17397 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h
@@ -65,7 +65,28 @@ static inline void *kzalloc(size_t size, gfp_t flags)
 #define KMEM_CACHE_CREATE(name, size) \
 	kmem_cache_create(name, size, 0, 0, NULL)
 #endif
-  
+
+#ifndef NIPQUAD
+#define NIPQUAD(addr) \
+	((unsigned char *)&addr)[0], \
+	((unsigned char *)&addr)[1], \
+	((unsigned char *)&addr)[2], \
+	((unsigned char *)&addr)[3]
+#endif
+
+#ifndef HIPQUAD
+#if defined(__LITTLE_ENDIAN)
+#define HIPQUAD(addr) \
+	((unsigned char *)&addr)[3], \
+	((unsigned char *)&addr)[2], \
+	((unsigned char *)&addr)[1], \
+	((unsigned char *)&addr)[0]
+#elif defined(__BIG_ENDIAN)
+#define HIPQUAD NIPQUAD
+#else
+#error "Please fix asm/byteorder.h"
+#endif /* __LITTLE_ENDIAN */
+#endif
 
 #endif /* __KERNEL__ */
 #endif /* _IP_SET_COMPAT_H */   
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_getport.h b/kernel/include/linux/netfilter_ipv4/ip_set_getport.h
index 9e322bf..18ed729 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_getport.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_getport.h
@@ -7,7 +7,7 @@
 
 /* We must handle non-linear skbs */
 static inline ip_set_ip_t
-get_port(const struct sk_buff *skb, u_int32_t flags)
+get_port(const struct sk_buff *skb, const u_int32_t *flags)
 {
 	struct iphdr *iph = ip_hdr(skb);
 	u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
@@ -23,7 +23,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags)
 			/* No choice either */
 			return INVALID_PORT;
 	     	
-	     	return ntohs(flags & IPSET_SRC ?
+	     	return ntohs(flags[0] & IPSET_SRC ?
 			     tcph.source : tcph.dest);
 	    }
 	case IPPROTO_UDP: {
@@ -36,7 +36,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags)
 			/* No choice either */
 			return INVALID_PORT;
 	     	
-	     	return ntohs(flags & IPSET_SRC ?
+	     	return ntohs(flags[0] & IPSET_SRC ?
 			     udph.source : udph.dest);
 	    }
 	default:
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h
index f7d6a69..f62ae37 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h
@@ -182,30 +182,31 @@ type##_list_header(const struct ip_set *set, void *data)		\
 
 #define HASH_LIST_MEMBERS_SIZE(type, dtype)				\
 static int								\
-type##_list_members_size(const struct ip_set *set)			\
+type##_list_members_size(const struct ip_set *set, char dont_align)	\
 {									\
 	const struct ip_set_##type *map = set->data;			\
 									\
-	return (map->hashsize * sizeof(dtype));				\
+	return (map->hashsize * IPSET_VALIGN(sizeof(dtype), dont_align));\
 }
 
 #define HASH_LIST_MEMBERS(type, dtype)					\
 static void								\
-type##_list_members(const struct ip_set *set, void *data)		\
+type##_list_members(const struct ip_set *set, void *data, char dont_align)\
 {									\
 	const struct ip_set_##type *map = set->data;			\
-	dtype *elem;							\
+	dtype *elem, *d;						\
 	uint32_t i;							\
 									\
 	for (i = 0; i < map->hashsize; i++) {				\
 		elem = HARRAY_ELEM(map->members, dtype *, i);		\
-		((dtype *)data)[i] = *elem;				\
+		d = data + i * IPSET_VALIGN(sizeof(dtype), dont_align);	\
+		*d = *elem;						\
 	}								\
 }
 
 #define HASH_LIST_MEMBERS_MEMCPY(type, dtype)				\
 static void								\
-type##_list_members(const struct ip_set *set, void *data)		\
+type##_list_members(const struct ip_set *set, void *data, char dont_align)\
 {									\
 	const struct ip_set_##type *map = set->data;			\
 	dtype *elem;							\
@@ -213,7 +214,8 @@ type##_list_members(const struct ip_set *set, void *data)		\
 									\
 	for (i = 0; i < map->hashsize; i++) {				\
 		elem = HARRAY_ELEM(map->members, dtype *, i);		\
-		memcpy((((dtype *)data)+i), elem, sizeof(dtype));	\
+		memcpy(data + i * IPSET_VALIGN(sizeof(dtype), dont_align),\
+		       elem, sizeof(dtype));				\
 	}								\
 }
 
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h
index 277bc8c..0a0c7e8 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_hashes.h>
 
-#define SETTYPE_NAME "iphash"
+#define SETTYPE_NAME		"iphash"
 
 struct ip_set_iphash {
 	ip_set_ip_t *members;		/* the iphash proper */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
index ce4b29b..d16c0ae 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_bitmaps.h>
 
-#define SETTYPE_NAME "ipmap"
+#define SETTYPE_NAME		"ipmap"
 
 struct ip_set_ipmap {
 	void *members;			/* the ipmap proper */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h
index b5db5f5..a3b781a 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_hashes.h>
 
-#define SETTYPE_NAME "ipporthash"
+#define SETTYPE_NAME			"ipporthash"
 
 struct ip_set_ipporthash {
 	ip_set_ip_t *members;		/* the ipporthash proper */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h
index eb6cf55..2202c51 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_hashes.h>
 
-#define SETTYPE_NAME "ipportiphash"
+#define SETTYPE_NAME			"ipportiphash"
 
 struct ipportip {
 	ip_set_ip_t ip;
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h
index 951da92..73b2430 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_hashes.h>
 
-#define SETTYPE_NAME "ipportnethash"
+#define SETTYPE_NAME			"ipportnethash"
 
 struct ipportip {
 	ip_set_ip_t ip;
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h b/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h
index de5cf47..36bf5ac 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h
@@ -3,7 +3,7 @@
 
 #include <linux/netfilter_ipv4/ip_set.h>
 
-#define SETTYPE_NAME "iptree"
+#define SETTYPE_NAME		"iptree"
 
 struct ip_set_iptreed {
 	unsigned long expires[256];	   	/* x.x.x.ADDR */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h b/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h
index a58bc4e..6ea771a 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h
@@ -3,7 +3,7 @@
 
 #include <linux/netfilter_ipv4/ip_set.h>
 
-#define SETTYPE_NAME "iptreemap"
+#define SETTYPE_NAME		"iptreemap"
 
 #ifdef __KERNEL__
 struct ip_set_iptreemap_d {
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h
index 19418f3..0615e9f 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_bitmaps.h>
 
-#define SETTYPE_NAME "macipmap"
+#define SETTYPE_NAME		"macipmap"
 
 /* general flags */
 #define IPSET_MACIP_MATCHUNSET	1
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h
index b2d006f..cf0b794 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_hashes.h>
 
-#define SETTYPE_NAME "nethash"
+#define SETTYPE_NAME		"nethash"
 
 struct ip_set_nethash {
 	ip_set_ip_t *members;		/* the nethash proper */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h
index 8ea6ba2..37f411e 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h
@@ -4,7 +4,7 @@
 #include <linux/netfilter_ipv4/ip_set.h>
 #include <linux/netfilter_ipv4/ip_set_bitmaps.h>
 
-#define SETTYPE_NAME	"portmap"
+#define SETTYPE_NAME		"portmap"
 
 struct ip_set_portmap {
 	void *members;			/* the portmap proper */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h b/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h
index ca044d8..7cc6ed0 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h
@@ -3,7 +3,7 @@
 
 #include <linux/netfilter_ipv4/ip_set.h>
 
-#define SETTYPE_NAME "setlist"
+#define SETTYPE_NAME			"setlist"
 
 #define IP_SET_SETLIST_ADD_AFTER	0
 #define IP_SET_SETLIST_ADD_BEFORE	1
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2009-11-10 21:53:19 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2009-11-10 21:53:19 +0100
commit	cb76e46e97b0013305a7c96c2230a791675a15cf (patch)
tree	919a4cf6a6a3de1fdfc432fdf10000dddf14f8db /kernel/include
parent	17d954a793b8a275324e5941a9515b991c80789d (diff)