diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2010-04-22 17:00:42 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2010-04-22 17:00:42 +0200 |
| commit | 5b20d409ef3062b24bbe7667f0daec34523446a6 (patch) | |
| tree | 426e99a410b2b975460b5b0fb5a409d4381a16c8 /kernel/ip_set_hash_ipport.c | |
| parent | 8e0608d31d988333ff04f3faaa6e851c0ecdbc6e (diff) | |
Fifth stage to ipset-5
Rename files in kernel/ and get rid of old ones (2.4.x kernel tree support).
Diffstat (limited to 'kernel/ip_set_hash_ipport.c')
| -rw-r--r-- | kernel/ip_set_hash_ipport.c | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/kernel/ip_set_hash_ipport.c b/kernel/ip_set_hash_ipport.c new file mode 100644 index 0000000..36e68b0 --- /dev/null +++ b/kernel/ip_set_hash_ipport.c @@ -0,0 +1,197 @@ +/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +/* Kernel module implementing an ip+port hash set */ + +#include <linux/module.h> +#include <linux/moduleparam.h> +#include <linux/ip.h> +#include <linux/tcp.h> +#include <linux/udp.h> +#include <linux/skbuff.h> +#include <linux/netfilter_ipv4/ip_set_jhash.h> +#include <linux/errno.h> +#include <asm/uaccess.h> +#include <asm/bitops.h> +#include <linux/spinlock.h> +#include <linux/random.h> + +#include <net/ip.h> + +#include <linux/netfilter_ipv4/ip_set_ipporthash.h> +#include <linux/netfilter_ipv4/ip_set_getport.h> + +static int limit = MAX_RANGE; + +static inline __u32 +ipporthash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port) +{ + struct ip_set_ipporthash *map = set->data; + __u32 id; + u_int16_t i; + ip_set_ip_t *elem; + + ip = pack_ip_port(map, ip, port); + + if (!ip) + return UINT_MAX; + + for (i = 0; i < map->probes; i++) { + id = jhash_ip(map, i, ip) % map->hashsize; + DP("hash key: %u", id); + elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); + if (*elem == ip) + return id; + /* No shortcut - there can be deleted entries. */ + } + return UINT_MAX; +} + +static inline int +ipporthash_test(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port) +{ + struct ip_set_ipporthash *map = set->data; + + if (ip < map->first_ip || ip > map->last_ip) + return -ERANGE; + + return (ipporthash_id(set, ip, port) != UINT_MAX); +} + +#define KADT_CONDITION \ + ip_set_ip_t port; \ + \ + if (flags[1] == 0) \ + return 0; \ + \ + port = get_port(skb, flags++); \ + \ + if (port == INVALID_PORT) \ + return 0; + +UADT(ipporthash, test, req->port) +KADT(ipporthash, test, ipaddr, port) + +static inline int +__ipporthash_add(struct ip_set_ipporthash *map, ip_set_ip_t *ip) +{ + __u32 probe; + u_int16_t i; + ip_set_ip_t *elem, *slot = NULL; + + for (i = 0; i < map->probes; i++) { + probe = jhash_ip(map, i, *ip) % map->hashsize; + elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe); + if (*elem == *ip) + return -EEXIST; + if (!(slot || *elem)) + slot = elem; + /* There can be deleted entries, must check all slots */ + } + if (slot) { + *slot = *ip; + map->elements++; + return 0; + } + /* Trigger rehashing */ + return -EAGAIN; +} + +static inline int +ipporthash_add(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port) +{ + struct ip_set_ipporthash *map = set->data; + if (map->elements > limit) + return -ERANGE; + if (ip < map->first_ip || ip > map->last_ip) + return -ERANGE; + + ip = pack_ip_port(map, ip, port); + + if (!ip) + return -ERANGE; + + return __ipporthash_add(map, &ip); +} + +UADT(ipporthash, add, req->port) +KADT(ipporthash, add, ipaddr, port) + +static inline void +__ipporthash_retry(struct ip_set_ipporthash *tmp, + struct ip_set_ipporthash *map) +{ + tmp->first_ip = map->first_ip; + tmp->last_ip = map->last_ip; +} + +HASH_RETRY(ipporthash, ip_set_ip_t) + +static inline int +ipporthash_del(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port) +{ + struct ip_set_ipporthash *map = set->data; + ip_set_ip_t id; + ip_set_ip_t *elem; + + if (ip < map->first_ip || ip > map->last_ip) + return -ERANGE; + + id = ipporthash_id(set, ip, port); + + if (id == UINT_MAX) + return -EEXIST; + + elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); + *elem = 0; + map->elements--; + + return 0; +} + +UADT(ipporthash, del, req->port) +KADT(ipporthash, del, ipaddr, port) + +static inline int +__ipporthash_create(const struct ip_set_req_ipporthash_create *req, + struct ip_set_ipporthash *map) +{ + if (req->to - req->from > MAX_RANGE) { + ip_set_printk("range too big, %d elements (max %d)", + req->to - req->from + 1, MAX_RANGE+1); + return -ENOEXEC; + } + map->first_ip = req->from; + map->last_ip = req->to; + return 0; +} + +HASH_CREATE(ipporthash, ip_set_ip_t) +HASH_DESTROY(ipporthash) +HASH_FLUSH(ipporthash, ip_set_ip_t) + +static inline void +__ipporthash_list_header(const struct ip_set_ipporthash *map, + struct ip_set_req_ipporthash_create *header) +{ + header->from = map->first_ip; + header->to = map->last_ip; +} + +HASH_LIST_HEADER(ipporthash) +HASH_LIST_MEMBERS_SIZE(ipporthash, ip_set_ip_t) +HASH_LIST_MEMBERS(ipporthash, ip_set_ip_t) + +IP_SET_RTYPE(ipporthash, IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_DATA_DOUBLE) + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); +MODULE_DESCRIPTION("ipporthash type of IP sets"); +module_param(limit, int, 0600); +MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); + +REGISTER_MODULE(ipporthash) |