diff options
Diffstat (limited to 'kernel/include/linux/netfilter_ipv4')
19 files changed, 0 insertions, 1867 deletions
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h deleted file mode 100644 index da17319..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set.h +++ /dev/null @@ -1,561 +0,0 @@ -#ifndef _IP_SET_H -#define _IP_SET_H - -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Martin Josefsson <gandalf@wlug.westbo.se> - * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - */ - -#if 0 -#define IP_SET_DEBUG -#endif - -/* - * A sockopt of such quality has hardly ever been seen before on the open - * market! This little beauty, hardly ever used: above 64, so it's - * traditionally used for firewalling, not touched (even once!) by the - * 2.0, 2.2 and 2.4 kernels! - * - * Comes with its own certificate of authenticity, valid anywhere in the - * Free world! - * - * Rusty, 19.4.2000 - */ -#define SO_IP_SET 83 - -/* - * Heavily modify by Joakim Axelsson 08.03.2002 - * - Made it more modulebased - * - * Additional heavy modifications by Jozsef Kadlecsik 22.02.2004 - * - bindings added - * - in order to "deal with" backward compatibility, renamed to ipset - */ - -/* - * Used so that the kernel module and ipset-binary can match their versions - */ -#define IP_SET_PROTOCOL_UNALIGNED 3 -#define IP_SET_PROTOCOL_VERSION 4 - -#define IP_SET_MAXNAMELEN 32 /* set names and set typenames */ - -/* Lets work with our own typedef for representing an IP address. - * We hope to make the code more portable, possibly to IPv6... - * - * The representation works in HOST byte order, because most set types - * will perform arithmetic operations and compare operations. - * - * For now the type is an uint32_t. - * - * Make sure to ONLY use the functions when translating and parsing - * in order to keep the host byte order and make it more portable: - * parse_ip() - * parse_mask() - * parse_ipandmask() - * ip_tostring() - * (Joakim: where are they???) - */ - -typedef uint32_t ip_set_ip_t; - -/* Sets are identified by an id in kernel space. Tweak with ip_set_id_t - * and IP_SET_INVALID_ID if you want to increase the max number of sets. - */ -typedef uint16_t ip_set_id_t; - -#define IP_SET_INVALID_ID 65535 - -/* How deep we follow bindings */ -#define IP_SET_MAX_BINDINGS 6 - -/* - * Option flags for kernel operations (ipt_set_info) - */ -#define IPSET_SRC 0x01 /* Source match/add */ -#define IPSET_DST 0x02 /* Destination match/add */ -#define IPSET_MATCH_INV 0x04 /* Inverse matching */ - -/* - * Set features - */ -#define IPSET_TYPE_IP 0x01 /* IP address type of set */ -#define IPSET_TYPE_PORT 0x02 /* Port type of set */ -#define IPSET_DATA_SINGLE 0x04 /* Single data storage */ -#define IPSET_DATA_DOUBLE 0x08 /* Double data storage */ -#define IPSET_DATA_TRIPLE 0x10 /* Triple data storage */ -#define IPSET_TYPE_IP1 0x20 /* IP address type of set */ -#define IPSET_TYPE_SETNAME 0x40 /* setname type of set */ - -/* Reserved keywords */ -#define IPSET_TOKEN_DEFAULT ":default:" -#define IPSET_TOKEN_ALL ":all:" - -/* SO_IP_SET operation constants, and their request struct types. - * - * Operation ids: - * 0-99: commands with version checking - * 100-199: add/del/test/bind/unbind - * 200-299: list, save, restore - */ - -/* Single shot operations: - * version, create, destroy, flush, rename and swap - * - * Sets are identified by name. - */ - -#define IP_SET_REQ_STD \ - unsigned op; \ - unsigned version; \ - char name[IP_SET_MAXNAMELEN] - -#define IP_SET_OP_CREATE 0x00000001 /* Create a new (empty) set */ -struct ip_set_req_create { - IP_SET_REQ_STD; - char typename[IP_SET_MAXNAMELEN]; -}; - -#define IP_SET_OP_DESTROY 0x00000002 /* Remove a (empty) set */ -struct ip_set_req_std { - IP_SET_REQ_STD; -}; - -#define IP_SET_OP_FLUSH 0x00000003 /* Remove all IPs in a set */ -/* Uses ip_set_req_std */ - -#define IP_SET_OP_RENAME 0x00000004 /* Rename a set */ -/* Uses ip_set_req_create */ - -#define IP_SET_OP_SWAP 0x00000005 /* Swap two sets */ -/* Uses ip_set_req_create */ - -union ip_set_name_index { - char name[IP_SET_MAXNAMELEN]; - ip_set_id_t index; -}; - -#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ -struct ip_set_req_get_set { - unsigned op; - unsigned version; - union ip_set_name_index set; -}; - -#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ -/* Uses ip_set_req_get_set */ - -#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ -struct ip_set_req_version { - unsigned op; - unsigned version; -}; - -/* Double shots operations: - * add, del, test, bind and unbind. - * - * First we query the kernel to get the index and type of the target set, - * then issue the command. Validity of IP is checked in kernel in order - * to minimalize sockopt operations. - */ - -/* Get minimal set data for add/del/test/bind/unbind IP */ -#define IP_SET_OP_ADT_GET 0x00000010 /* Get set and type */ -struct ip_set_req_adt_get { - unsigned op; - unsigned version; - union ip_set_name_index set; - char typename[IP_SET_MAXNAMELEN]; -}; - -#define IP_SET_REQ_BYINDEX \ - unsigned op; \ - ip_set_id_t index; - -struct ip_set_req_adt { - IP_SET_REQ_BYINDEX; -}; - -#define IP_SET_OP_ADD_IP 0x00000101 /* Add an IP to a set */ -/* Uses ip_set_req_adt, with type specific addage */ - -#define IP_SET_OP_DEL_IP 0x00000102 /* Remove an IP from a set */ -/* Uses ip_set_req_adt, with type specific addage */ - -#define IP_SET_OP_TEST_IP 0x00000103 /* Test an IP in a set */ -/* Uses ip_set_req_adt, with type specific addage */ - -#define IP_SET_OP_BIND_SET 0x00000104 /* Bind an IP to a set */ -/* Uses ip_set_req_bind, with type specific addage */ -struct ip_set_req_bind { - IP_SET_REQ_BYINDEX; - char binding[IP_SET_MAXNAMELEN]; -}; - -#define IP_SET_OP_UNBIND_SET 0x00000105 /* Unbind an IP from a set */ -/* Uses ip_set_req_bind, with type speficic addage - * index = 0 means unbinding for all sets */ - -#define IP_SET_OP_TEST_BIND_SET 0x00000106 /* Test binding an IP to a set */ -/* Uses ip_set_req_bind, with type specific addage */ - -/* Multiple shots operations: list, save, restore. - * - * - check kernel version and query the max number of sets - * - get the basic information on all sets - * and size required for the next step - * - get actual set data: header, data, bindings - */ - -/* Get max_sets and the index of a queried set - */ -#define IP_SET_OP_MAX_SETS 0x00000020 -struct ip_set_req_max_sets { - unsigned op; - unsigned version; - ip_set_id_t max_sets; /* max_sets */ - ip_set_id_t sets; /* real number of sets */ - union ip_set_name_index set; /* index of set if name used */ -}; - -/* Get the id and name of the sets plus size for next step */ -#define IP_SET_OP_LIST_SIZE 0x00000201 -#define IP_SET_OP_SAVE_SIZE 0x00000202 -struct ip_set_req_setnames { - unsigned op; - ip_set_id_t index; /* set to list/save */ - u_int32_t size; /* size to get setdata */ - /* followed by sets number of struct ip_set_name_list */ -}; - -struct ip_set_name_list { - char name[IP_SET_MAXNAMELEN]; - char typename[IP_SET_MAXNAMELEN]; - ip_set_id_t index; - ip_set_id_t id; -}; - -/* The actual list operation */ -#define IP_SET_OP_LIST 0x00000203 -struct ip_set_req_list { - IP_SET_REQ_BYINDEX; - /* sets number of struct ip_set_list in reply */ -}; - -struct ip_set_list { - ip_set_id_t index; - ip_set_id_t binding; - u_int32_t ref; - u_int32_t header_size; /* Set header data of header_size */ - u_int32_t members_size; /* Set members data of members_size */ - u_int32_t bindings_size;/* Set bindings data of bindings_size */ -}; - -struct ip_set_hash_list { - ip_set_ip_t ip; - ip_set_id_t binding; -}; - -/* The save operation */ -#define IP_SET_OP_SAVE 0x00000204 -/* Uses ip_set_req_list, in the reply replaced by - * sets number of struct ip_set_save plus a marker - * ip_set_save followed by ip_set_hash_save structures. - */ -struct ip_set_save { - ip_set_id_t index; - ip_set_id_t binding; - u_int32_t header_size; /* Set header data of header_size */ - u_int32_t members_size; /* Set members data of members_size */ -}; - -/* At restoring, ip == 0 means default binding for the given set: */ -struct ip_set_hash_save { - ip_set_ip_t ip; - ip_set_id_t id; - ip_set_id_t binding; -}; - -/* The restore operation */ -#define IP_SET_OP_RESTORE 0x00000205 -/* Uses ip_set_req_setnames followed by ip_set_restore structures - * plus a marker ip_set_restore, followed by ip_set_hash_save - * structures. - */ -struct ip_set_restore { - char name[IP_SET_MAXNAMELEN]; - char typename[IP_SET_MAXNAMELEN]; - ip_set_id_t index; - u_int32_t header_size; /* Create data of header_size */ - u_int32_t members_size; /* Set members data of members_size */ -}; - -static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) -{ - return 4 * ((((b - a + 8) / 8) + 3) / 4); -} - -/* General limit for the elements in a set */ -#define MAX_RANGE 0x0000FFFF - -/* Alignment: 'unsigned long' unsupported */ -#define IPSET_ALIGNTO 4 -#define IPSET_ALIGN(len) (((len) + IPSET_ALIGNTO - 1) & ~(IPSET_ALIGNTO - 1)) -#define IPSET_VALIGN(len, old) ((old) ? (len) : IPSET_ALIGN(len)) - -#ifdef __KERNEL__ -#include <linux/netfilter_ipv4/ip_set_compat.h> -#include <linux/netfilter_ipv4/ip_set_malloc.h> - -#define ip_set_printk(format, args...) \ - do { \ - printk("%s: %s: ", __FILE__, __FUNCTION__); \ - printk(format "\n" , ## args); \ - } while (0) - -#if defined(IP_SET_DEBUG) -#define DP(format, args...) \ - do { \ - printk("%s: %s (DBG): ", __FILE__, __FUNCTION__);\ - printk(format "\n" , ## args); \ - } while (0) -#define IP_SET_ASSERT(x) \ - do { \ - if (!(x)) \ - printk("IP_SET_ASSERT: %s:%i(%s)\n", \ - __FILE__, __LINE__, __FUNCTION__); \ - } while (0) -#else -#define DP(format, args...) -#define IP_SET_ASSERT(x) -#endif - -struct ip_set; - -/* - * The ip_set_type definition - one per set type, e.g. "ipmap". - * - * Each individual set has a pointer, set->type, going to one - * of these structures. Function pointers inside the structure implement - * the real behaviour of the sets. - * - * If not mentioned differently, the implementation behind the function - * pointers of a set_type, is expected to return 0 if ok, and a negative - * errno (e.g. -EINVAL) on error. - */ -struct ip_set_type { - struct list_head list; /* next in list of set types */ - - /* test for IP in set (kernel: iptables -m set src|dst) - * return 0 if not in set, 1 if in set. - */ - int (*testip_kernel) (struct ip_set *set, - const struct sk_buff * skb, - const u_int32_t *flags); - - /* test for IP in set (userspace: ipset -T set IP) - * return 0 if not in set, 1 if in set. - */ - int (*testip) (struct ip_set *set, - const void *data, u_int32_t size); - - /* - * Size of the data structure passed by when - * adding/deletin/testing an entry. - */ - u_int32_t reqsize; - - /* Add IP into set (userspace: ipset -A set IP) - * Return -EEXIST if the address is already in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address was not already in the set, 0 is returned. - */ - int (*addip) (struct ip_set *set, - const void *data, u_int32_t size); - - /* Add IP into set (kernel: iptables ... -j SET set src|dst) - * Return -EEXIST if the address is already in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address was not already in the set, 0 is returned. - */ - int (*addip_kernel) (struct ip_set *set, - const struct sk_buff * skb, - const u_int32_t *flags); - - /* remove IP from set (userspace: ipset -D set --entry x) - * Return -EEXIST if the address is NOT in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address really was in the set, 0 is returned. - */ - int (*delip) (struct ip_set *set, - const void *data, u_int32_t size); - - /* remove IP from set (kernel: iptables ... -j SET --entry x) - * Return -EEXIST if the address is NOT in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address really was in the set, 0 is returned. - */ - int (*delip_kernel) (struct ip_set *set, - const struct sk_buff * skb, - const u_int32_t *flags); - - /* new set creation - allocated type specific items - */ - int (*create) (struct ip_set *set, - const void *data, u_int32_t size); - - /* retry the operation after successfully tweaking the set - */ - int (*retry) (struct ip_set *set); - - /* set destruction - free type specific items - * There is no return value. - * Can be called only when child sets are destroyed. - */ - void (*destroy) (struct ip_set *set); - - /* set flushing - reset all bits in the set, or something similar. - * There is no return value. - */ - void (*flush) (struct ip_set *set); - - /* Listing: size needed for header - */ - u_int32_t header_size; - - /* Listing: Get the header - * - * Fill in the information in "data". - * This function is always run after list_header_size() under a - * writelock on the set. Therefor is the length of "data" always - * correct. - */ - void (*list_header) (const struct ip_set *set, - void *data); - - /* Listing: Get the size for the set members - */ - int (*list_members_size) (const struct ip_set *set, char dont_align); - - /* Listing: Get the set members - * - * Fill in the information in "data". - * This function is always run after list_member_size() under a - * writelock on the set. Therefor is the length of "data" always - * correct. - */ - void (*list_members) (const struct ip_set *set, - void *data, char dont_align); - - char typename[IP_SET_MAXNAMELEN]; - unsigned char features; - int protocol_version; - - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ - struct module *me; -}; - -extern int ip_set_register_set_type(struct ip_set_type *set_type); -extern void ip_set_unregister_set_type(struct ip_set_type *set_type); - -/* A generic ipset */ -struct ip_set { - char name[IP_SET_MAXNAMELEN]; /* the name of the set */ - rwlock_t lock; /* lock for concurrency control */ - ip_set_id_t id; /* set id for swapping */ - atomic_t ref; /* in kernel and in hash references */ - struct ip_set_type *type; /* the set types */ - void *data; /* pooltype specific data */ -}; - -/* register and unregister set references */ -extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]); -extern ip_set_id_t ip_set_get_byindex(ip_set_id_t index); -extern void ip_set_put_byindex(ip_set_id_t index); -extern ip_set_id_t ip_set_id(ip_set_id_t index); -extern ip_set_id_t __ip_set_get_byname(const char name[IP_SET_MAXNAMELEN], - struct ip_set **set); -extern void __ip_set_put_byindex(ip_set_id_t index); - -/* API for iptables set match, and SET target */ -extern int ip_set_addip_kernel(ip_set_id_t id, - const struct sk_buff *skb, - const u_int32_t *flags); -extern int ip_set_delip_kernel(ip_set_id_t id, - const struct sk_buff *skb, - const u_int32_t *flags); -extern int ip_set_testip_kernel(ip_set_id_t id, - const struct sk_buff *skb, - const u_int32_t *flags); - -/* Macros to generate functions */ - -#define STRUCT(pre, type) CONCAT2(pre, type) -#define CONCAT2(pre, type) struct pre##type - -#define FNAME(pre, mid, post) CONCAT3(pre, mid, post) -#define CONCAT3(pre, mid, post) pre##mid##post - -#define UADT0(type, adt, args...) \ -static int \ -FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size)\ -{ \ - const STRUCT(ip_set_req_,type) *req = data; \ - \ - return FNAME(type,_,adt)(set , ## args); \ -} - -#define UADT(type, adt, args...) \ - UADT0(type, adt, req->ip , ## args) - -#define KADT(type, adt, getfn, args...) \ -static int \ -FNAME(type,_k,adt)(struct ip_set *set, \ - const struct sk_buff *skb, \ - const u_int32_t *flags) \ -{ \ - ip_set_ip_t ip = getfn(skb, flags); \ - \ - KADT_CONDITION \ - return FNAME(type,_,adt)(set, ip , ##args); \ -} - -#define REGISTER_MODULE(type) \ -static int __init ip_set_##type##_init(void) \ -{ \ - init_max_page_size(); \ - return ip_set_register_set_type(&ip_set_##type); \ -} \ - \ -static void __exit ip_set_##type##_fini(void) \ -{ \ - /* FIXME: possible race with ip_set_create() */ \ - ip_set_unregister_set_type(&ip_set_##type); \ -} \ - \ -module_init(ip_set_##type##_init); \ -module_exit(ip_set_##type##_fini); - -/* Common functions */ - -static inline ip_set_ip_t -ipaddr(const struct sk_buff *skb, const u_int32_t *flags) -{ - return ntohl(flags[0] & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -} - -#define jhash_ip(map, i, ip) jhash_1word(ip, *(map->initval + i)) - -#define pack_ip_port(map, ip, port) \ - (port + ((ip - ((map)->first_ip)) << 16)) - -#endif /* __KERNEL__ */ - -#define UNUSED __attribute__ ((unused)) - -#endif /*_IP_SET_H*/ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h deleted file mode 100644 index da3493f..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h +++ /dev/null @@ -1,120 +0,0 @@ -#ifndef __IP_SET_BITMAPS_H -#define __IP_SET_BITMAPS_H - -/* Macros to generate functions */ - -#ifdef __KERNEL__ -#define BITMAP_CREATE(type) \ -static int \ -type##_create(struct ip_set *set, const void *data, u_int32_t size) \ -{ \ - int newbytes; \ - const struct ip_set_req_##type##_create *req = data; \ - struct ip_set_##type *map; \ - \ - if (req->from > req->to) { \ - DP("bad range"); \ - return -ENOEXEC; \ - } \ - \ - map = kmalloc(sizeof(struct ip_set_##type), GFP_KERNEL); \ - if (!map) { \ - DP("out of memory for %zu bytes", \ - sizeof(struct ip_set_##type)); \ - return -ENOMEM; \ - } \ - map->first_ip = req->from; \ - map->last_ip = req->to; \ - \ - newbytes = __##type##_create(req, map); \ - if (newbytes < 0) { \ - kfree(map); \ - return newbytes; \ - } \ - \ - map->size = newbytes; \ - map->members = ip_set_malloc(newbytes); \ - if (!map->members) { \ - DP("out of memory for %i bytes", newbytes); \ - kfree(map); \ - return -ENOMEM; \ - } \ - memset(map->members, 0, newbytes); \ - \ - set->data = map; \ - return 0; \ -} - -#define BITMAP_DESTROY(type) \ -static void \ -type##_destroy(struct ip_set *set) \ -{ \ - struct ip_set_##type *map = set->data; \ - \ - ip_set_free(map->members, map->size); \ - kfree(map); \ - \ - set->data = NULL; \ -} - -#define BITMAP_FLUSH(type) \ -static void \ -type##_flush(struct ip_set *set) \ -{ \ - struct ip_set_##type *map = set->data; \ - memset(map->members, 0, map->size); \ -} - -#define BITMAP_LIST_HEADER(type) \ -static void \ -type##_list_header(const struct ip_set *set, void *data) \ -{ \ - const struct ip_set_##type *map = set->data; \ - struct ip_set_req_##type##_create *header = data; \ - \ - header->from = map->first_ip; \ - header->to = map->last_ip; \ - __##type##_list_header(map, header); \ -} - -#define BITMAP_LIST_MEMBERS_SIZE(type, dtype, sizeid, testfn) \ -static int \ -type##_list_members_size(const struct ip_set *set, char dont_align) \ -{ \ - const struct ip_set_##type *map = set->data; \ - ip_set_ip_t i, elements = 0; \ - \ - if (dont_align) \ - return map->size; \ - \ - for (i = 0; i < sizeid; i++) \ - if (testfn) \ - elements++; \ - \ - return elements * IPSET_ALIGN(sizeof(dtype)); \ -} - -#define IP_SET_TYPE(type, __features) \ -struct ip_set_type ip_set_##type = { \ - .typename = #type, \ - .features = __features, \ - .protocol_version = IP_SET_PROTOCOL_VERSION, \ - .create = &type##_create, \ - .destroy = &type##_destroy, \ - .flush = &type##_flush, \ - .reqsize = sizeof(struct ip_set_req_##type), \ - .addip = &type##_uadd, \ - .addip_kernel = &type##_kadd, \ - .delip = &type##_udel, \ - .delip_kernel = &type##_kdel, \ - .testip = &type##_utest, \ - .testip_kernel = &type##_ktest, \ - .header_size = sizeof(struct ip_set_req_##type##_create),\ - .list_header = &type##_list_header, \ - .list_members_size = &type##_list_members_size, \ - .list_members = &type##_list_members, \ - .me = THIS_MODULE, \ -}; -#endif /* __KERNEL */ - -#endif /* __IP_SET_BITMAPS_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h deleted file mode 100644 index 9f17397..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h +++ /dev/null @@ -1,92 +0,0 @@ -#ifndef _IP_SET_COMPAT_H -#define _IP_SET_COMPAT_H - -#ifdef __KERNEL__ -#include <linux/version.h> - -/* Arrgh */ -#ifdef MODULE -#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo) -#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo) -#else -#define __MOD_INC(foo) 1 -#define __MOD_DEC(foo) -#endif - -/* Backward compatibility */ -#ifndef __nocast -#define __nocast -#endif -#ifndef __bitwise__ -#define __bitwise__ -#endif - -/* Compatibility glue code */ -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#include <linux/interrupt.h> -#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED -#define try_module_get(x) __MOD_INC(x) -#define module_put(x) __MOD_DEC(x) -#define __clear_bit(nr, addr) clear_bit(nr, addr) -#define __set_bit(nr, addr) set_bit(nr, addr) -#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr) -#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr) - -typedef unsigned __bitwise__ gfp_t; - -static inline void *kzalloc(size_t size, gfp_t flags) -{ - void *data = kmalloc(size, flags); - - if (data) - memset(data, 0, size); - - return data; -} -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) -#define __KMEM_CACHE_T__ kmem_cache_t -#else -#define __KMEM_CACHE_T__ struct kmem_cache -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) -#define ip_hdr(skb) ((skb)->nh.iph) -#define skb_mac_header(skb) ((skb)->mac.raw) -#define eth_hdr(skb) ((struct ethhdr *)skb_mac_header(skb)) -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) -#include <linux/netfilter.h> -#define KMEM_CACHE_CREATE(name, size) \ - kmem_cache_create(name, size, 0, 0, NULL, NULL) -#else -#define KMEM_CACHE_CREATE(name, size) \ - kmem_cache_create(name, size, 0, 0, NULL) -#endif - -#ifndef NIPQUAD -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] -#endif - -#ifndef HIPQUAD -#if defined(__LITTLE_ENDIAN) -#define HIPQUAD(addr) \ - ((unsigned char *)&addr)[3], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[0] -#elif defined(__BIG_ENDIAN) -#define HIPQUAD NIPQUAD -#else -#error "Please fix asm/byteorder.h" -#endif /* __LITTLE_ENDIAN */ -#endif - -#endif /* __KERNEL__ */ -#endif /* _IP_SET_COMPAT_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_getport.h b/kernel/include/linux/netfilter_ipv4/ip_set_getport.h deleted file mode 100644 index 18ed729..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_getport.h +++ /dev/null @@ -1,48 +0,0 @@ -#ifndef _IP_SET_GETPORT_H -#define _IP_SET_GETPORT_H - -#ifdef __KERNEL__ - -#define INVALID_PORT (MAX_RANGE + 1) - -/* We must handle non-linear skbs */ -static inline ip_set_ip_t -get_port(const struct sk_buff *skb, const u_int32_t *flags) -{ - struct iphdr *iph = ip_hdr(skb); - u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; - switch (iph->protocol) { - case IPPROTO_TCP: { - struct tcphdr tcph; - - /* See comments at tcp_match in ip_tables.c */ - if (offset) - return INVALID_PORT; - - if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) - /* No choice either */ - return INVALID_PORT; - - return ntohs(flags[0] & IPSET_SRC ? - tcph.source : tcph.dest); - } - case IPPROTO_UDP: { - struct udphdr udph; - - if (offset) - return INVALID_PORT; - - if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) - /* No choice either */ - return INVALID_PORT; - - return ntohs(flags[0] & IPSET_SRC ? - udph.source : udph.dest); - } - default: - return INVALID_PORT; - } -} -#endif /* __KERNEL__ */ - -#endif /*_IP_SET_GETPORT_H*/ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h deleted file mode 100644 index 8eeced3..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h +++ /dev/null @@ -1,314 +0,0 @@ -#ifndef __IP_SET_HASHES_H -#define __IP_SET_HASHES_H - -#define initval_t uint32_t - -/* Macros to generate functions */ - -#ifdef __KERNEL__ -#define HASH_RETRY0(type, dtype, cond) \ -static int \ -type##_retry(struct ip_set *set) \ -{ \ - struct ip_set_##type *map = set->data, *tmp; \ - dtype *elem; \ - void *members; \ - u_int32_t i, hashsize = map->hashsize; \ - int res; \ - \ - if (map->resize == 0) \ - return -ERANGE; \ - \ - again: \ - res = 0; \ - \ - /* Calculate new hash size */ \ - hashsize += (hashsize * map->resize)/100; \ - if (hashsize == map->hashsize) \ - hashsize++; \ - \ - ip_set_printk("rehashing of set %s triggered: " \ - "hashsize grows from %lu to %lu", \ - set->name, \ - (long unsigned)map->hashsize, \ - (long unsigned)hashsize); \ - \ - tmp = kmalloc(sizeof(struct ip_set_##type) \ - + map->probes * sizeof(initval_t), GFP_ATOMIC); \ - if (!tmp) { \ - DP("out of memory for %zu bytes", \ - sizeof(struct ip_set_##type) \ - + map->probes * sizeof(initval_t)); \ - return -ENOMEM; \ - } \ - tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\ - if (!tmp->members) { \ - DP("out of memory for %zu bytes", hashsize * sizeof(dtype));\ - kfree(tmp); \ - return -ENOMEM; \ - } \ - tmp->hashsize = hashsize; \ - tmp->elements = 0; \ - tmp->probes = map->probes; \ - tmp->resize = map->resize; \ - memcpy(tmp->initval, map->initval, map->probes * sizeof(initval_t));\ - __##type##_retry(tmp, map); \ - \ - write_lock_bh(&set->lock); \ - map = set->data; /* Play safe */ \ - for (i = 0; i < map->hashsize && res == 0; i++) { \ - elem = HARRAY_ELEM(map->members, dtype *, i); \ - if (cond) \ - res = __##type##_add(tmp, elem); \ - } \ - if (res) { \ - /* Failure, try again */ \ - write_unlock_bh(&set->lock); \ - harray_free(tmp->members); \ - kfree(tmp); \ - goto again; \ - } \ - \ - /* Success at resizing! */ \ - members = map->members; \ - \ - map->hashsize = tmp->hashsize; \ - map->members = tmp->members; \ - write_unlock_bh(&set->lock); \ - \ - harray_free(members); \ - kfree(tmp); \ - \ - return 0; \ -} - -#define HASH_RETRY(type, dtype) \ - HASH_RETRY0(type, dtype, *elem) - -#define HASH_RETRY2(type, dtype) \ - HASH_RETRY0(type, dtype, elem->ip || elem->ip1) - -#define HASH_CREATE(type, dtype) \ -static int \ -type##_create(struct ip_set *set, const void *data, u_int32_t size) \ -{ \ - const struct ip_set_req_##type##_create *req = data; \ - struct ip_set_##type *map; \ - uint16_t i; \ - \ - if (req->hashsize < 1) { \ - ip_set_printk("hashsize too small"); \ - return -ENOEXEC; \ - } \ - \ - if (req->probes < 1) { \ - ip_set_printk("probes too small"); \ - return -ENOEXEC; \ - } \ - \ - map = kmalloc(sizeof(struct ip_set_##type) \ - + req->probes * sizeof(initval_t), GFP_KERNEL); \ - if (!map) { \ - DP("out of memory for %zu bytes", \ - sizeof(struct ip_set_##type) \ - + req->probes * sizeof(initval_t)); \ - return -ENOMEM; \ - } \ - for (i = 0; i < req->probes; i++) \ - get_random_bytes(((initval_t *) map->initval)+i, 4); \ - map->elements = 0; \ - map->hashsize = req->hashsize; \ - map->probes = req->probes; \ - map->resize = req->resize; \ - if (__##type##_create(req, map)) { \ - kfree(map); \ - return -ENOEXEC; \ - } \ - map->members = harray_malloc(map->hashsize, sizeof(dtype), GFP_KERNEL);\ - if (!map->members) { \ - DP("out of memory for %zu bytes", map->hashsize * sizeof(dtype));\ - kfree(map); \ - return -ENOMEM; \ - } \ - \ - set->data = map; \ - return 0; \ -} - -#define HASH_DESTROY(type) \ -static void \ -type##_destroy(struct ip_set *set) \ -{ \ - struct ip_set_##type *map = set->data; \ - \ - harray_free(map->members); \ - kfree(map); \ - \ - set->data = NULL; \ -} - -#define HASH_FLUSH(type, dtype) \ -static void \ -type##_flush(struct ip_set *set) \ -{ \ - struct ip_set_##type *map = set->data; \ - harray_flush(map->members, map->hashsize, sizeof(dtype)); \ - map->elements = 0; \ -} - -#define HASH_FLUSH_CIDR(type, dtype) \ -static void \ -type##_flush(struct ip_set *set) \ -{ \ - struct ip_set_##type *map = set->data; \ - harray_flush(map->members, map->hashsize, sizeof(dtype)); \ - memset(map->cidr, 0, sizeof(map->cidr)); \ - memset(map->nets, 0, sizeof(map->nets)); \ - map->elements = 0; \ -} - -#define HASH_LIST_HEADER(type) \ -static void \ -type##_list_header(const struct ip_set *set, void *data) \ -{ \ - const struct ip_set_##type *map = set->data; \ - struct ip_set_req_##type##_create *header = data; \ - \ - header->hashsize = map->hashsize; \ - header->probes = map->probes; \ - header->resize = map->resize; \ - __##type##_list_header(map, header); \ -} - -#define HASH_LIST_MEMBERS_SIZE(type, dtype) \ -static int \ -type##_list_members_size(const struct ip_set *set, char dont_align) \ -{ \ - const struct ip_set_##type *map = set->data; \ - \ - return (map->elements * IPSET_VALIGN(sizeof(dtype), dont_align));\ -} - -#define HASH_LIST_MEMBERS(type, dtype) \ -static void \ -type##_list_members(const struct ip_set *set, void *data, char dont_align)\ -{ \ - const struct ip_set_##type *map = set->data; \ - dtype *elem, *d; \ - uint32_t i, n = 0; \ - \ - for (i = 0; i < map->hashsize; i++) { \ - elem = HARRAY_ELEM(map->members, dtype *, i); \ - if (*elem) { \ - d = data + n * IPSET_VALIGN(sizeof(dtype), dont_align);\ - *d = *elem; \ - n++; \ - } \ - } \ -} - -#define HASH_LIST_MEMBERS_MEMCPY(type, dtype, nonzero) \ -static void \ -type##_list_members(const struct ip_set *set, void *data, char dont_align)\ -{ \ - const struct ip_set_##type *map = set->data; \ - dtype *elem; \ - uint32_t i, n = 0; \ - \ - for (i = 0; i < map->hashsize; i++) { \ - elem = HARRAY_ELEM(map->members, dtype *, i); \ - if (nonzero) { \ - memcpy(data + n * IPSET_VALIGN(sizeof(dtype), dont_align),\ - elem, sizeof(dtype)); \ - n++; \ - } \ - } \ -} - -#define IP_SET_RTYPE(type, __features) \ -struct ip_set_type ip_set_##type = { \ - .typename = #type, \ - .features = __features, \ - .protocol_version = IP_SET_PROTOCOL_VERSION, \ - .create = &type##_create, \ - .retry = &type##_retry, \ - .destroy = &type##_destroy, \ - .flush = &type##_flush, \ - .reqsize = sizeof(struct ip_set_req_##type), \ - .addip = &type##_uadd, \ - .addip_kernel = &type##_kadd, \ - .delip = &type##_udel, \ - .delip_kernel = &type##_kdel, \ - .testip = &type##_utest, \ - .testip_kernel = &type##_ktest, \ - .header_size = sizeof(struct ip_set_req_##type##_create),\ - .list_header = &type##_list_header, \ - .list_members_size = &type##_list_members_size, \ - .list_members = &type##_list_members, \ - .me = THIS_MODULE, \ -}; - -/* Helper functions */ -static inline void -add_cidr_size(uint8_t *cidr, uint8_t size) -{ - uint8_t next; - int i; - - for (i = 0; i < 30 && cidr[i]; i++) { - if (cidr[i] < size) { - next = cidr[i]; - cidr[i] = size; - size = next; - } - } - if (i < 30) - cidr[i] = size; -} - -static inline void -del_cidr_size(uint8_t *cidr, uint8_t size) -{ - int i; - - for (i = 0; i < 29 && cidr[i]; i++) { - if (cidr[i] == size) - cidr[i] = size = cidr[i+1]; - } - cidr[29] = 0; -} -#else -#include <arpa/inet.h> -#endif /* __KERNEL */ - -#ifndef UINT16_MAX -#define UINT16_MAX 65535 -#endif - -static unsigned char shifts[] = {255, 253, 249, 241, 225, 193, 129, 1}; - -static inline ip_set_ip_t -pack_ip_cidr(ip_set_ip_t ip, unsigned char cidr) -{ - ip_set_ip_t addr, *paddr = &addr; - unsigned char n, t, *a; - - addr = htonl(ip & (0xFFFFFFFF << (32 - (cidr)))); -#ifdef __KERNEL__ - DP("ip:%u.%u.%u.%u/%u", NIPQUAD(addr), cidr); -#endif - n = cidr / 8; - t = cidr % 8; - a = &((unsigned char *)paddr)[n]; - *a = *a /(1 << (8 - t)) + shifts[t]; -#ifdef __KERNEL__ - DP("n: %u, t: %u, a: %u", n, t, *a); - DP("ip:%u.%u.%u.%u/%u, %u.%u.%u.%u", - HIPQUAD(ip), cidr, NIPQUAD(addr)); -#endif - - return ntohl(addr); -} - - -#endif /* __IP_SET_HASHES_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h deleted file mode 100644 index 0a0c7e8..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef __IP_SET_IPHASH_H -#define __IP_SET_IPHASH_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_hashes.h> - -#define SETTYPE_NAME "iphash" - -struct ip_set_iphash { - ip_set_ip_t *members; /* the iphash proper */ - uint32_t elements; /* number of elements */ - uint32_t hashsize; /* hash size */ - uint16_t probes; /* max number of probes */ - uint16_t resize; /* resize factor in percent */ - ip_set_ip_t netmask; /* netmask */ - initval_t initval[0]; /* initvals for jhash_1word */ -}; - -struct ip_set_req_iphash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t netmask; -}; - -struct ip_set_req_iphash { - ip_set_ip_t ip; -}; - -#endif /* __IP_SET_IPHASH_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h deleted file mode 100644 index d16c0ae..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ /dev/null @@ -1,57 +0,0 @@ -#ifndef __IP_SET_IPMAP_H -#define __IP_SET_IPMAP_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_bitmaps.h> - -#define SETTYPE_NAME "ipmap" - -struct ip_set_ipmap { - void *members; /* the ipmap proper */ - ip_set_ip_t first_ip; /* host byte order, included in range */ - ip_set_ip_t last_ip; /* host byte order, included in range */ - ip_set_ip_t netmask; /* subnet netmask */ - ip_set_ip_t sizeid; /* size of set in IPs */ - ip_set_ip_t hosts; /* number of hosts in a subnet */ - u_int32_t size; /* size of the ipmap proper */ -}; - -struct ip_set_req_ipmap_create { - ip_set_ip_t from; - ip_set_ip_t to; - ip_set_ip_t netmask; -}; - -struct ip_set_req_ipmap { - ip_set_ip_t ip; -}; - -static inline unsigned int -mask_to_bits(ip_set_ip_t mask) -{ - unsigned int bits = 32; - ip_set_ip_t maskaddr; - - if (mask == 0xFFFFFFFF) - return bits; - - maskaddr = 0xFFFFFFFE; - while (--bits > 0 && maskaddr != mask) - maskaddr <<= 1; - - return bits; -} - -static inline ip_set_ip_t -range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits) -{ - ip_set_ip_t mask = 0xFFFFFFFE; - - *bits = 32; - while (--(*bits) > 0 && mask && (to & mask) != from) - mask <<= 1; - - return mask; -} - -#endif /* __IP_SET_IPMAP_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h deleted file mode 100644 index a3b781a..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef __IP_SET_IPPORTHASH_H -#define __IP_SET_IPPORTHASH_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_hashes.h> - -#define SETTYPE_NAME "ipporthash" - -struct ip_set_ipporthash { - ip_set_ip_t *members; /* the ipporthash proper */ - uint32_t elements; /* number of elements */ - uint32_t hashsize; /* hash size */ - uint16_t probes; /* max number of probes */ - uint16_t resize; /* resize factor in percent */ - ip_set_ip_t first_ip; /* host byte order, included in range */ - ip_set_ip_t last_ip; /* host byte order, included in range */ - initval_t initval[0]; /* initvals for jhash_1word */ -}; - -struct ip_set_req_ipporthash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_ipporthash { - ip_set_ip_t ip; - ip_set_ip_t port; -}; - -#endif /* __IP_SET_IPPORTHASH_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h deleted file mode 100644 index 2202c51..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef __IP_SET_IPPORTIPHASH_H -#define __IP_SET_IPPORTIPHASH_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_hashes.h> - -#define SETTYPE_NAME "ipportiphash" - -struct ipportip { - ip_set_ip_t ip; - ip_set_ip_t ip1; -}; - -struct ip_set_ipportiphash { - struct ipportip *members; /* the ipportip proper */ - uint32_t elements; /* number of elements */ - uint32_t hashsize; /* hash size */ - uint16_t probes; /* max number of probes */ - uint16_t resize; /* resize factor in percent */ - ip_set_ip_t first_ip; /* host byte order, included in range */ - ip_set_ip_t last_ip; /* host byte order, included in range */ - initval_t initval[0]; /* initvals for jhash_1word */ -}; - -struct ip_set_req_ipportiphash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_ipportiphash { - ip_set_ip_t ip; - ip_set_ip_t port; - ip_set_ip_t ip1; -}; - -#endif /* __IP_SET_IPPORTIPHASH_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h deleted file mode 100644 index 73b2430..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef __IP_SET_IPPORTNETHASH_H -#define __IP_SET_IPPORTNETHASH_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_hashes.h> - -#define SETTYPE_NAME "ipportnethash" - -struct ipportip { - ip_set_ip_t ip; - ip_set_ip_t ip1; -}; - -struct ip_set_ipportnethash { - struct ipportip *members; /* the ipportip proper */ - uint32_t elements; /* number of elements */ - uint32_t hashsize; /* hash size */ - uint16_t probes; /* max number of probes */ - uint16_t resize; /* resize factor in percent */ - ip_set_ip_t first_ip; /* host byte order, included in range */ - ip_set_ip_t last_ip; /* host byte order, included in range */ - uint8_t cidr[30]; /* CIDR sizes */ - uint16_t nets[30]; /* nr of nets by CIDR sizes */ - initval_t initval[0]; /* initvals for jhash_1word */ -}; - -struct ip_set_req_ipportnethash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_ipportnethash { - ip_set_ip_t ip; - ip_set_ip_t port; - ip_set_ip_t ip1; - uint8_t cidr; -}; - -#endif /* __IP_SET_IPPORTNETHASH_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h b/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h deleted file mode 100644 index 36bf5ac..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef __IP_SET_IPTREE_H -#define __IP_SET_IPTREE_H - -#include <linux/netfilter_ipv4/ip_set.h> - -#define SETTYPE_NAME "iptree" - -struct ip_set_iptreed { - unsigned long expires[256]; /* x.x.x.ADDR */ -}; - -struct ip_set_iptreec { - struct ip_set_iptreed *tree[256]; /* x.x.ADDR.* */ -}; - -struct ip_set_iptreeb { - struct ip_set_iptreec *tree[256]; /* x.ADDR.*.* */ -}; - -struct ip_set_iptree { - unsigned int timeout; - unsigned int gc_interval; -#ifdef __KERNEL__ - uint32_t elements; /* number of elements */ - struct timer_list gc; - struct ip_set_iptreeb *tree[256]; /* ADDR.*.*.* */ -#endif -}; - -struct ip_set_req_iptree_create { - unsigned int timeout; -}; - -struct ip_set_req_iptree { - ip_set_ip_t ip; - unsigned int timeout; -}; - -#endif /* __IP_SET_IPTREE_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h b/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h deleted file mode 100644 index 6ea771a..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h +++ /dev/null @@ -1,40 +0,0 @@ -#ifndef __IP_SET_IPTREEMAP_H -#define __IP_SET_IPTREEMAP_H - -#include <linux/netfilter_ipv4/ip_set.h> - -#define SETTYPE_NAME "iptreemap" - -#ifdef __KERNEL__ -struct ip_set_iptreemap_d { - unsigned char bitmap[32]; /* x.x.x.y */ -}; - -struct ip_set_iptreemap_c { - struct ip_set_iptreemap_d *tree[256]; /* x.x.y.x */ -}; - -struct ip_set_iptreemap_b { - struct ip_set_iptreemap_c *tree[256]; /* x.y.x.x */ - unsigned char dirty[32]; -}; -#endif - -struct ip_set_iptreemap { - unsigned int gc_interval; -#ifdef __KERNEL__ - struct timer_list gc; - struct ip_set_iptreemap_b *tree[256]; /* y.x.x.x */ -#endif -}; - -struct ip_set_req_iptreemap_create { - unsigned int gc_interval; -}; - -struct ip_set_req_iptreemap { - ip_set_ip_t ip; - ip_set_ip_t end; -}; - -#endif /* __IP_SET_IPTREEMAP_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_jhash.h b/kernel/include/linux/netfilter_ipv4/ip_set_jhash.h deleted file mode 100644 index 2000b9f..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_jhash.h +++ /dev/null @@ -1,157 +0,0 @@ -#ifndef _LINUX_JHASH_H -#define _LINUX_JHASH_H - -/* jhash.h: Jenkins hash support. - * - * Copyright (C) 2006. Bob Jenkins (bob_jenkins@burtleburtle.net) - * - * http://burtleburtle.net/bob/hash/ - * - * These are the credits from Bob's sources: - * - * lookup3.c, by Bob Jenkins, May 2006, Public Domain. - * - * These are functions for producing 32-bit hashes for hash table lookup. - * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() - * are externally useful functions. Routines to test the hash are included - * if SELF_TEST is defined. You can use this free for any purpose. It's in - * the public domain. It has no warranty. - * - * Copyright (C) 2009 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * I've modified Bob's hash to be useful in the Linux kernel, and - * any bugs present are my fault. Jozsef - */ - -#define __rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) - -/* __jhash_mix - mix 3 32-bit values reversibly. */ -#define __jhash_mix(a,b,c) \ -{ \ - a -= c; a ^= __rot(c, 4); c += b; \ - b -= a; b ^= __rot(a, 6); a += c; \ - c -= b; c ^= __rot(b, 8); b += a; \ - a -= c; a ^= __rot(c,16); c += b; \ - b -= a; b ^= __rot(a,19); a += c; \ - c -= b; c ^= __rot(b, 4); b += a; \ -} - -/* __jhash_final - final mixing of 3 32-bit values (a,b,c) into c */ -#define __jhash_final(a,b,c) \ -{ \ - c ^= b; c -= __rot(b,14); \ - a ^= c; a -= __rot(c,11); \ - b ^= a; b -= __rot(a,25); \ - c ^= b; c -= __rot(b,16); \ - a ^= c; a -= __rot(c,4); \ - b ^= a; b -= __rot(a,14); \ - c ^= b; c -= __rot(b,24); \ -} - -/* The golden ration: an arbitrary value */ -#define JHASH_GOLDEN_RATIO 0xdeadbeef - -/* The most generic version, hashes an arbitrary sequence - * of bytes. No alignment or length assumptions are made about - * the input key. The result depends on endianness. - */ -static inline u32 jhash(const void *key, u32 length, u32 initval) -{ - u32 a,b,c; - const u8 *k = key; - - /* Set up the internal state */ - a = b = c = JHASH_GOLDEN_RATIO + length + initval; - - /* all but the last block: affect some 32 bits of (a,b,c) */ - while (length > 12) { - a += (k[0] + ((u32)k[1]<<8) + ((u32)k[2]<<16) + ((u32)k[3]<<24)); - b += (k[4] + ((u32)k[5]<<8) + ((u32)k[6]<<16) + ((u32)k[7]<<24)); - c += (k[8] + ((u32)k[9]<<8) + ((u32)k[10]<<16) + ((u32)k[11]<<24)); - __jhash_mix(a, b, c); - length -= 12; - k += 12; - } - - /* last block: affect all 32 bits of (c) */ - /* all the case statements fall through */ - switch (length) { - case 12: c += (u32)k[11]<<24; - case 11: c += (u32)k[10]<<16; - case 10: c += (u32)k[9]<<8; - case 9 : c += k[8]; - case 8 : b += (u32)k[7]<<24; - case 7 : b += (u32)k[6]<<16; - case 6 : b += (u32)k[5]<<8; - case 5 : b += k[4]; - case 4 : a += (u32)k[3]<<24; - case 3 : a += (u32)k[2]<<16; - case 2 : a += (u32)k[1]<<8; - case 1 : a += k[0]; - __jhash_final(a, b, c); - case 0 : - break; - } - - return c; -} - -/* A special optimized version that handles 1 or more of u32s. - * The length parameter here is the number of u32s in the key. - */ -static inline u32 jhash2(const u32 *k, u32 length, u32 initval) -{ - u32 a, b, c; - - /* Set up the internal state */ - a = b = c = JHASH_GOLDEN_RATIO + (length<<2) + initval; - - /* handle most of the key */ - while (length > 3) { - a += k[0]; - b += k[1]; - c += k[2]; - __jhash_mix(a, b, c); - length -= 3; - k += 3; - } - - /* handle the last 3 u32's */ - /* all the case statements fall through */ - switch (length) { - case 3: c += k[2]; - case 2: b += k[1]; - case 1: a += k[0]; - __jhash_final(a, b, c); - case 0: /* case 0: nothing left to add */ - break; - } - - return c; -} - -/* A special ultra-optimized versions that knows they are hashing exactly - * 3, 2 or 1 word(s). - */ -static inline u32 jhash_3words(u32 a, u32 b, u32 c, u32 initval) -{ - a += JHASH_GOLDEN_RATIO + initval; - b += JHASH_GOLDEN_RATIO + initval; - c += JHASH_GOLDEN_RATIO + initval; - - __jhash_final(a, b, c); - - return c; -} - -static inline u32 jhash_2words(u32 a, u32 b, u32 initval) -{ - return jhash_3words(0, a, b, initval); -} - -static inline u32 jhash_1word(u32 a, u32 initval) -{ - return jhash_3words(0, 0, a, initval); -} - -#endif /* _LINUX_JHASH_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h deleted file mode 100644 index 0615e9f..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef __IP_SET_MACIPMAP_H -#define __IP_SET_MACIPMAP_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_bitmaps.h> - -#define SETTYPE_NAME "macipmap" - -/* general flags */ -#define IPSET_MACIP_MATCHUNSET 1 - -/* per ip flags */ -#define IPSET_MACIP_ISSET 1 - -struct ip_set_macipmap { - void *members; /* the macipmap proper */ - ip_set_ip_t first_ip; /* host byte order, included in range */ - ip_set_ip_t last_ip; /* host byte order, included in range */ - u_int32_t flags; - u_int32_t size; /* size of the ipmap proper */ -}; - -struct ip_set_req_macipmap_create { - ip_set_ip_t from; - ip_set_ip_t to; - u_int32_t flags; -}; - -struct ip_set_req_macipmap { - ip_set_ip_t ip; - unsigned char ethernet[ETH_ALEN]; -}; - -struct ip_set_macip { - unsigned short match; - unsigned char ethernet[ETH_ALEN]; -}; - -#endif /* __IP_SET_MACIPMAP_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h deleted file mode 100644 index 2a80443..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h +++ /dev/null @@ -1,153 +0,0 @@ -#ifndef _IP_SET_MALLOC_H -#define _IP_SET_MALLOC_H - -#ifdef __KERNEL__ -#include <linux/vmalloc.h> - -static size_t max_malloc_size = 0, max_page_size = 0; -static size_t default_max_malloc_size = 131072; /* Guaranteed: slab.c */ - -static inline int init_max_page_size(void) -{ -/* Compatibility glues to support 2.4.36 */ -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#define __GFP_NOWARN 0 - - /* Guaranteed: slab.c */ - max_malloc_size = max_page_size = default_max_malloc_size; -#else - size_t page_size = 0; - -#define CACHE(x) if (max_page_size == 0 || x < max_page_size) \ - page_size = x; -#include <linux/kmalloc_sizes.h> -#undef CACHE - if (page_size) { - if (max_malloc_size == 0) - max_malloc_size = page_size; - - max_page_size = page_size; - - return 1; - } -#endif - return 0; -} - -struct harray { - size_t max_elements; - void *arrays[0]; -}; - -static inline void * -__harray_malloc(size_t hashsize, size_t typesize, gfp_t flags) -{ - struct harray *harray; - size_t max_elements, size, i, j; - - BUG_ON(max_page_size == 0); - - if (typesize > max_page_size) - return NULL; - - max_elements = max_page_size/typesize; - size = hashsize/max_elements; - if (hashsize % max_elements) - size++; - - /* Last pointer signals end of arrays */ - harray = kmalloc(sizeof(struct harray) + (size + 1) * sizeof(void *), - flags); - - if (!harray) - return NULL; - - for (i = 0; i < size - 1; i++) { - harray->arrays[i] = kmalloc(max_elements * typesize, flags); - if (!harray->arrays[i]) - goto undo; - memset(harray->arrays[i], 0, max_elements * typesize); - } - harray->arrays[i] = kmalloc((hashsize - i * max_elements) * typesize, - flags); - if (!harray->arrays[i]) - goto undo; - memset(harray->arrays[i], 0, (hashsize - i * max_elements) * typesize); - - harray->max_elements = max_elements; - harray->arrays[size] = NULL; - - return (void *)harray; - - undo: - for (j = 0; j < i; j++) { - kfree(harray->arrays[j]); - } - kfree(harray); - return NULL; -} - -static inline void * -harray_malloc(size_t hashsize, size_t typesize, gfp_t flags) -{ - void *harray; - - do { - harray = __harray_malloc(hashsize, typesize, flags|__GFP_NOWARN); - } while (harray == NULL && init_max_page_size()); - - return harray; -} - -static inline void harray_free(void *h) -{ - struct harray *harray = (struct harray *) h; - size_t i; - - for (i = 0; harray->arrays[i] != NULL; i++) - kfree(harray->arrays[i]); - kfree(harray); -} - -static inline void harray_flush(void *h, size_t hashsize, size_t typesize) -{ - struct harray *harray = (struct harray *) h; - size_t i; - - for (i = 0; harray->arrays[i+1] != NULL; i++) - memset(harray->arrays[i], 0, harray->max_elements * typesize); - memset(harray->arrays[i], 0, - (hashsize - i * harray->max_elements) * typesize); -} - -#define HARRAY_ELEM(h, type, which) \ -({ \ - struct harray *__h = (struct harray *)(h); \ - ((type)((__h)->arrays[(which)/(__h)->max_elements]) \ - + (which)%(__h)->max_elements); \ -}) - -/* General memory allocation and deallocation */ -static inline void * ip_set_malloc(size_t bytes) -{ - BUG_ON(max_malloc_size == 0); - - if (bytes > default_max_malloc_size) - return vmalloc(bytes); - else - return kmalloc(bytes, GFP_KERNEL | __GFP_NOWARN); -} - -static inline void ip_set_free(void * data, size_t bytes) -{ - BUG_ON(max_malloc_size == 0); - - if (bytes > default_max_malloc_size) - vfree(data); - else - kfree(data); -} - -#endif /* __KERNEL__ */ - -#endif /*_IP_SET_MALLOC_H*/ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h deleted file mode 100644 index cf0b794..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef __IP_SET_NETHASH_H -#define __IP_SET_NETHASH_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_hashes.h> - -#define SETTYPE_NAME "nethash" - -struct ip_set_nethash { - ip_set_ip_t *members; /* the nethash proper */ - uint32_t elements; /* number of elements */ - uint32_t hashsize; /* hash size */ - uint16_t probes; /* max number of probes */ - uint16_t resize; /* resize factor in percent */ - uint8_t cidr[30]; /* CIDR sizes */ - uint16_t nets[30]; /* nr of nets by CIDR sizes */ - initval_t initval[0]; /* initvals for jhash_1word */ -}; - -struct ip_set_req_nethash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; -}; - -struct ip_set_req_nethash { - ip_set_ip_t ip; - uint8_t cidr; -}; - -#endif /* __IP_SET_NETHASH_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h deleted file mode 100644 index 37f411e..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef __IP_SET_PORTMAP_H -#define __IP_SET_PORTMAP_H - -#include <linux/netfilter_ipv4/ip_set.h> -#include <linux/netfilter_ipv4/ip_set_bitmaps.h> - -#define SETTYPE_NAME "portmap" - -struct ip_set_portmap { - void *members; /* the portmap proper */ - ip_set_ip_t first_ip; /* host byte order, included in range */ - ip_set_ip_t last_ip; /* host byte order, included in range */ - u_int32_t size; /* size of the ipmap proper */ -}; - -struct ip_set_req_portmap_create { - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_portmap { - ip_set_ip_t ip; -}; - -#endif /* __IP_SET_PORTMAP_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h b/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h deleted file mode 100644 index 7cc6ed0..0000000 --- a/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h +++ /dev/null @@ -1,26 +0,0 @@ -#ifndef __IP_SET_SETLIST_H -#define __IP_SET_SETLIST_H - -#include <linux/netfilter_ipv4/ip_set.h> - -#define SETTYPE_NAME "setlist" - -#define IP_SET_SETLIST_ADD_AFTER 0 -#define IP_SET_SETLIST_ADD_BEFORE 1 - -struct ip_set_setlist { - uint8_t size; - ip_set_id_t index[0]; -}; - -struct ip_set_req_setlist_create { - uint8_t size; -}; - -struct ip_set_req_setlist { - char name[IP_SET_MAXNAMELEN]; - char ref[IP_SET_MAXNAMELEN]; - uint8_t before; -}; - -#endif /* __IP_SET_SETLIST_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ipt_set.h b/kernel/include/linux/netfilter_ipv4/ipt_set.h deleted file mode 100644 index 2a18b93..0000000 --- a/kernel/include/linux/netfilter_ipv4/ipt_set.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef _IPT_SET_H -#define _IPT_SET_H - -#include <linux/netfilter_ipv4/ip_set.h> - -struct ipt_set_info { - ip_set_id_t index; - u_int32_t flags[IP_SET_MAX_BINDINGS + 1]; -}; - -/* match info */ -struct ipt_set_info_match { - struct ipt_set_info match_set; -}; - -struct ipt_set_info_target { - struct ipt_set_info add_set; - struct ipt_set_info del_set; -}; - -#endif /*_IPT_SET_H*/ |