From 280fe2d4eecb2a546087fbf28bb45168f96d8d52 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Mon, 21 Sep 2020 20:13:07 +0200 Subject: Expose the initval hash parameter to userspace It makes possible to reproduce exactly the same set after a save/restore. Signed-off-by: Jozsef Kadlecsik --- Make_global.am | 2 +- include/libipset/args.h | 1 + include/libipset/data.h | 1 + include/libipset/linux_ip_set.h | 2 +- include/libipset/print.h | 3 ++ kernel/include/uapi/linux/netfilter/ipset/ip_set.h | 2 +- kernel/net/netfilter/ipset/ip_set_hash_gen.h | 13 ++++-- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_ipmac.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_ipmark.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_mac.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_net.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_netnet.c | 3 +- kernel/net/netfilter/ipset/ip_set_hash_netport.c | 3 +- .../net/netfilter/ipset/ip_set_hash_netportnet.c | 3 +- lib/args.c | 8 ++++ lib/data.c | 12 +++--- lib/debug.c | 2 +- lib/ipset_hash_ip.c | 3 +- lib/ipset_hash_ipmac.c | 3 +- lib/ipset_hash_ipmark.c | 3 +- lib/ipset_hash_ipport.c | 3 +- lib/ipset_hash_ipportip.c | 3 +- lib/ipset_hash_ipportnet.c | 3 +- lib/ipset_hash_mac.c | 3 +- lib/ipset_hash_net.c | 3 +- lib/ipset_hash_netiface.c | 3 +- lib/ipset_hash_netnet.c | 3 +- lib/ipset_hash_netport.c | 3 +- lib/ipset_hash_netportnet.c | 3 +- lib/libipset.map | 6 +++ lib/print.c | 46 +++++++++++++++++++++- lib/session.c | 4 +- 37 files changed, 133 insertions(+), 41 deletions(-) diff --git a/Make_global.am b/Make_global.am index 673aa41..cbc3537 100644 --- a/Make_global.am +++ b/Make_global.am @@ -69,7 +69,7 @@ # interface. # curr:rev:age -LIBVERSION = 14:0:1 +LIBVERSION = 14:1:2 AM_CPPFLAGS = $(kinclude_CFLAGS) $(all_includes) -I$(top_srcdir)/include diff --git a/include/libipset/args.h b/include/libipset/args.h index 93b4456..ef861c1 100644 --- a/include/libipset/args.h +++ b/include/libipset/args.h @@ -57,6 +57,7 @@ enum ipset_keywords { IPSET_ARG_SKBPRIO, /* skbprio */ IPSET_ARG_SKBQUEUE, /* skbqueue */ IPSET_ARG_BUCKETSIZE, /* bucketsize */ + IPSET_ARG_INITVAL, /* initval */ IPSET_ARG_MAX, }; diff --git a/include/libipset/data.h b/include/libipset/data.h index cce6407..0e33c67 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -68,6 +68,7 @@ enum ipset_opt { IPSET_OPT_SKBQUEUE, IPSET_OPT_IFACE_WILDCARD, IPSET_OPT_BUCKETSIZE, + IPSET_OPT_INITVAL, /* Internal options */ IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */ IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */ diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index e67116f..1852636 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -92,7 +92,7 @@ enum { /* Reserve empty slots */ IPSET_ATTR_CADT_MAX = 16, /* Create-only specific attributes */ - IPSET_ATTR_GC, + IPSET_ATTR_INITVAL, /* was unused IPSET_ATTR_GC */ IPSET_ATTR_HASHSIZE, IPSET_ATTR_MAXELEM, IPSET_ATTR_NETMASK, diff --git a/include/libipset/print.h b/include/libipset/print.h index f455259..9443ee1 100644 --- a/include/libipset/print.h +++ b/include/libipset/print.h @@ -35,6 +35,9 @@ extern int ipset_print_ipaddr(char *buf, unsigned int len, extern int ipset_print_number(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); +extern int ipset_print_hexnumber(char *buf, unsigned int len, + const struct ipset_data *data, + enum ipset_opt opt, uint8_t env); extern int ipset_print_name(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h index 60c411c..8a495aa 100644 --- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h @@ -92,7 +92,7 @@ enum { /* Reserve empty slots */ IPSET_ATTR_CADT_MAX = 16, /* Create-only specific attributes */ - IPSET_ATTR_GC, + IPSET_ATTR_INITVAL, /* was unused IPSET_ATTR_GC */ IPSET_ATTR_HASHSIZE, IPSET_ATTR_MAXELEM, IPSET_ATTR_NETMASK, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h index e84728e..acfe0c8 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h +++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h @@ -1302,9 +1302,11 @@ mtype_head(struct ip_set *set, struct sk_buff *skb) if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask)) goto nla_put_failure; #endif - if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE && - nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize)) - goto nla_put_failure; + if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE) { + if (nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize) || + nla_put_net32(skb, IPSET_ATTR_INITVAL, htonl(h->initval))) + goto nla_put_failure; + } if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) || nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) || nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements))) @@ -1547,7 +1549,10 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, #ifdef IP_SET_HASH_WITH_MARKMASK h->markmask = markmask; #endif - get_random_bytes(&h->initval, sizeof(h->initval)); + if (tb[IPSET_ATTR_INITVAL]) + h->initval = ntohl(nla_get_be32(tb[IPSET_ATTR_INITVAL])); + else + get_random_bytes(&h->initval, sizeof(h->initval)); h->bucketsize = AHASH_MAX_SIZE; if (tb[IPSET_ATTR_BUCKETSIZE]) { h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]); diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c index bb0cfd4..94e17a5 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c @@ -25,7 +25,7 @@ /* 2 Comments support */ /* 3 Forceadd support */ /* 4 skbinfo support */ -#define IPSET_TYPE_REV_MAX 5 /* bucketsize support */ +#define IPSET_TYPE_REV_MAX 5 /* bucketsize, initval support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -284,6 +284,7 @@ static struct ip_set_type hash_ip_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c index 2655501..467c59a 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c @@ -23,7 +23,7 @@ #include #define IPSET_TYPE_REV_MIN 0 -#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */ +#define IPSET_TYPE_REV_MAX 1 /* bucketsize, initval support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Tomasz Chilinski "); @@ -273,6 +273,7 @@ static struct ip_set_type hash_ipmac_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c index c379a17..1757bf8 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c @@ -24,7 +24,7 @@ #define IPSET_TYPE_REV_MIN 0 /* 1 Forceadd support */ /* 2 skbinfo support */ -#define IPSET_TYPE_REV_MAX 3 /* bucketsize support */ +#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Vytas Dauksa "); @@ -283,6 +283,7 @@ static struct ip_set_type hash_ipmark_type __read_mostly = { [IPSET_ATTR_MARKMASK] = { .type = NLA_U32 }, [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c index 237804f..b22f280 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c @@ -27,7 +27,7 @@ /* 3 Comments support added */ /* 4 Forceadd support added */ /* 5 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 6 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -348,6 +348,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c index 1caf698..d370151 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c @@ -27,7 +27,7 @@ /* 3 Comments support added */ /* 4 Forceadd support added */ /* 5 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 6 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -363,6 +363,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c index 03facf0..64f82f2 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c @@ -29,7 +29,7 @@ /* 5 Comments support added */ /* 6 Forceadd support added */ /* 7 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -520,6 +520,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_mac.c b/kernel/net/netfilter/ipset/ip_set_hash_mac.c index 153ea36..014bb71 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_mac.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_mac.c @@ -17,7 +17,7 @@ #include #define IPSET_TYPE_REV_MIN 0 -#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */ +#define IPSET_TYPE_REV_MAX 1 /* bucketsize, initval support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -131,6 +131,7 @@ static struct ip_set_type hash_mac_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c index cc00345..54318dd 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_net.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c @@ -26,7 +26,7 @@ /* 4 Comments support added */ /* 5 Forceadd support added */ /* 6 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 7 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 7 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -361,6 +361,7 @@ static struct ip_set_type hash_net_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c index 682e99f..d17e614 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c @@ -28,7 +28,7 @@ /* 5 Forceadd support added */ /* 6 skbinfo support added */ /* 7 interface wildcard support added */ -#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -477,6 +477,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c index 0cc7970..6532f05 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c @@ -23,7 +23,7 @@ #define IPSET_TYPE_REV_MIN 0 /* 1 Forceadd support added */ /* 2 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Oliver Smith "); @@ -465,6 +465,7 @@ static struct ip_set_type hash_netnet_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c index 21b9d73..2b0a1eb 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c @@ -28,7 +28,7 @@ /* 5 Comments support added */ /* 6 Forceadd support added */ /* 7 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -467,6 +467,7 @@ static struct ip_set_type hash_netport_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c index fef77bb..070736d 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c @@ -25,7 +25,7 @@ /* 0 Comments support added */ /* 1 Forceadd support added */ /* 2 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */ +#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Oliver Smith "); @@ -565,6 +565,7 @@ static struct ip_set_type hash_netportnet_type __read_mostly = { .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, + [IPSET_ATTR_INITVAL] = { .type = NLA_U32 }, [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/lib/args.c b/lib/args.c index ab1022e..bab3b13 100644 --- a/lib/args.c +++ b/lib/args.c @@ -292,6 +292,14 @@ static const struct ipset_arg ipset_args[] = { .print = ipset_print_number, .help = "[bucketsize VALUE]", }, + [IPSET_ARG_INITVAL] = { + .name = { "initval", NULL }, + .has_arg = IPSET_MANDATORY_ARG, + .opt = IPSET_OPT_INITVAL, + .parse = ipset_parse_uint32, + .print = ipset_print_hexnumber, + .help = "[initval VALUE]", + }, }; const struct ipset_arg * diff --git a/lib/data.c b/lib/data.c index 43b6f71..7720178 100644 --- a/lib/data.c +++ b/lib/data.c @@ -56,7 +56,7 @@ struct ipset_data { uint32_t hashsize; uint32_t maxelem; uint32_t markmask; - uint32_t gc; + uint32_t initval; uint32_t size; /* Filled out by kernel */ uint32_t references; @@ -286,8 +286,8 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) data->index = *(const uint16_t *) value; break; /* Create-specific options */ - case IPSET_OPT_GC: - data->create.gc = *(const uint32_t *) value; + case IPSET_OPT_INITVAL: + data->create.initval = *(const uint32_t *) value; break; case IPSET_OPT_HASHSIZE: data->create.hashsize = *(const uint32_t *) value; @@ -498,8 +498,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) case IPSET_OPT_INDEX: return &data->index; /* Create-specific options */ - case IPSET_OPT_GC: - return &data->create.gc; + case IPSET_OPT_INITVAL: + return &data->create.initval; case IPSET_OPT_HASHSIZE: return &data->create.hashsize; case IPSET_OPT_MAXELEM: @@ -608,7 +608,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_NAMEREF: return IPSET_MAXNAMELEN; case IPSET_OPT_TIMEOUT: - case IPSET_OPT_GC: + case IPSET_OPT_INITVAL: case IPSET_OPT_HASHSIZE: case IPSET_OPT_MAXELEM: case IPSET_OPT_MARKMASK: diff --git a/lib/debug.c b/lib/debug.c index 89073b8..bf57a41 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -35,7 +35,7 @@ static const struct ipset_attrname createattr2name[] = { [IPSET_ATTR_PROTO] = { .name = "PROTO" }, [IPSET_ATTR_CADT_FLAGS] = { .name = "CADT_FLAGS" }, [IPSET_ATTR_CADT_LINENO] = { .name = "CADT_LINENO" }, - [IPSET_ATTR_GC] = { .name = "GC" }, + [IPSET_ATTR_INITVAL] = { .name = "INITVAL" }, [IPSET_ATTR_HASHSIZE] = { .name = "HASHSIZE" }, [IPSET_ATTR_MAXELEM] = { .name = "MAXELEM" }, [IPSET_ATTR_MARKMASK] = { .name = "MARKMASK" }, diff --git a/lib/ipset_hash_ip.c b/lib/ipset_hash_ip.c index 470a807..ea85700 100644 --- a/lib/ipset_hash_ip.c +++ b/lib/ipset_hash_ip.c @@ -423,6 +423,7 @@ static struct ipset_type ipset_hash_ip5 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, /* Ignored options: backward compatibilty */ IPSET_ARG_PROBES, IPSET_ARG_RESIZE, @@ -473,7 +474,7 @@ static struct ipset_type ipset_hash_ip5 = { " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" " is supported for IPv4.", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_ipmac.c b/lib/ipset_hash_ipmac.c index e491e64..c15897b 100644 --- a/lib/ipset_hash_ipmac.c +++ b/lib/ipset_hash_ipmac.c @@ -125,6 +125,7 @@ static struct ipset_type ipset_hash_ipmac1 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, }, .need = 0, .full = 0, @@ -171,7 +172,7 @@ static struct ipset_type ipset_hash_ipmac1 = { .usage = "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " MAC is a MAC address.", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_ipmark.c b/lib/ipset_hash_ipmark.c index 941ce5d..7d6d977 100644 --- a/lib/ipset_hash_ipmark.c +++ b/lib/ipset_hash_ipmark.c @@ -324,6 +324,7 @@ static struct ipset_type ipset_hash_ipmark3 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, /* Ignored options: backward compatibilty */ IPSET_ARG_PROBES, IPSET_ARG_RESIZE, @@ -383,7 +384,7 @@ static struct ipset_type ipset_hash_ipmark3 = { " is supported for IPv4.\n" " Adding/deleting single mark element\n" " is supported both for IPv4 and IPv6.", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_ipport.c b/lib/ipset_hash_ipport.c index cb8832e..288be10 100644 --- a/lib/ipset_hash_ipport.c +++ b/lib/ipset_hash_ipport.c @@ -533,6 +533,7 @@ static struct ipset_type ipset_hash_ipport6 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, /* Ignored options: backward compatibilty */ IPSET_ARG_PROBES, IPSET_ARG_RESIZE, @@ -600,7 +601,7 @@ static struct ipset_type ipset_hash_ipport6 = { " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" " port range is supported both for IPv4 and IPv6.", .usagefn = ipset_port_usage, - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_ipportip.c b/lib/ipset_hash_ipportip.c index bc23c21..6b2e92e 100644 --- a/lib/ipset_hash_ipportip.c +++ b/lib/ipset_hash_ipportip.c @@ -593,6 +593,7 @@ static struct ipset_type ipset_hash_ipportip6 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, /* Ignored options: backward compatibilty */ IPSET_ARG_PROBES, IPSET_ARG_RESIZE, @@ -666,7 +667,7 @@ static struct ipset_type ipset_hash_ipportip6 = { " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" " port range is supported both for IPv4 and IPv6.", .usagefn = ipset_port_usage, - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c index b2b4651..2552cdb 100644 --- a/lib/ipset_hash_ipportnet.c +++ b/lib/ipset_hash_ipportnet.c @@ -851,6 +851,7 @@ static struct ipset_type ipset_hash_ipportnet8 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, /* Ignored options: backward compatibilty */ IPSET_ARG_PROBES, IPSET_ARG_RESIZE, @@ -932,7 +933,7 @@ static struct ipset_type ipset_hash_ipportnet8 = { " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" " port range is supported both for IPv4 and IPv6.", .usagefn = ipset_port_usage, - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_mac.c b/lib/ipset_hash_mac.c index b1e7991..4b20247 100644 --- a/lib/ipset_hash_mac.c +++ b/lib/ipset_hash_mac.c @@ -100,6 +100,7 @@ static struct ipset_type ipset_hash_mac1 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, IPSET_ARG_NONE, }, .need = 0, @@ -139,7 +140,7 @@ static struct ipset_type ipset_hash_mac1 = { }, }, .usage = "", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c index a943ea6..1da95bf 100644 --- a/lib/ipset_hash_net.c +++ b/lib/ipset_hash_net.c @@ -560,6 +560,7 @@ static struct ipset_type ipset_hash_net7 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, /* Ignored options: backward compatibilty */ IPSET_ARG_PROBES, IPSET_ARG_RESIZE, @@ -611,7 +612,7 @@ static struct ipset_type ipset_hash_net7 = { .usage = "where depending on the INET family\n" " IP is an IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c index 7a720c6..172c2a9 100644 --- a/lib/ipset_hash_netiface.c +++ b/lib/ipset_hash_netiface.c @@ -749,6 +749,7 @@ static struct ipset_type ipset_hash_netiface8 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, IPSET_ARG_NONE, }, .need = 0, @@ -808,7 +809,7 @@ static struct ipset_type ipset_hash_netiface8 = { " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_netnet.c b/lib/ipset_hash_netnet.c index e1da9ec..df993b8 100644 --- a/lib/ipset_hash_netnet.c +++ b/lib/ipset_hash_netnet.c @@ -323,6 +323,7 @@ static struct ipset_type ipset_hash_netnet3 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, IPSET_ARG_NONE, }, .need = 0, @@ -383,7 +384,7 @@ static struct ipset_type ipset_hash_netnet3 = { " IP is an IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " IP range is not supported with IPv6.", - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_netport.c b/lib/ipset_hash_netport.c index 2d08085..f09de83 100644 --- a/lib/ipset_hash_netport.c +++ b/lib/ipset_hash_netport.c @@ -699,6 +699,7 @@ static struct ipset_type ipset_hash_netport8 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, IPSET_ARG_NONE, }, .need = 0, @@ -764,7 +765,7 @@ static struct ipset_type ipset_hash_netport8 = { " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" " port range is supported both for IPv4 and IPv6.", .usagefn = ipset_port_usage, - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/ipset_hash_netportnet.c b/lib/ipset_hash_netportnet.c index e456fb1..a4a7240 100644 --- a/lib/ipset_hash_netportnet.c +++ b/lib/ipset_hash_netportnet.c @@ -397,6 +397,7 @@ static struct ipset_type ipset_hash_netportnet3 = { IPSET_ARG_FORCEADD, IPSET_ARG_SKBINFO, IPSET_ARG_BUCKETSIZE, + IPSET_ARG_INITVAL, IPSET_ARG_NONE, }, .need = 0, @@ -475,7 +476,7 @@ static struct ipset_type ipset_hash_netportnet3 = { " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" " port range is supported both for IPv4 and IPv6.", .usagefn = ipset_port_usage, - .description = "bucketsize support", + .description = "bucketsize, initval support", }; void _init(void); diff --git a/lib/libipset.map b/lib/libipset.map index 7a4a33c..12d16a4 100644 --- a/lib/libipset.map +++ b/lib/libipset.map @@ -202,3 +202,9 @@ global: ipset_session_report_msg; ipset_session_report_type; } LIBIPSET_4.8; + +LIBIPSET_4.10 { +global: + ipset_print_hexnumber; +} LIBIPSET_4.9; + diff --git a/lib/print.c b/lib/print.c index d1d5a20..0d86a98 100644 --- a/lib/print.c +++ b/lib/print.c @@ -396,6 +396,50 @@ ipset_print_number(char *buf, unsigned int len, return 0; } +/** + * ipset_print_hexnumber - print number in hex to string + * @buf: printing buffer + * @len: length of available buffer space + * @data: data blob + * @opt: the option kind + * @env: environment flags + * + * Print number in hex to output buffer. + * + * Return lenght of printed string or error size. + */ +int +ipset_print_hexnumber(char *buf, unsigned int len, + const struct ipset_data *data, enum ipset_opt opt, + uint8_t env UNUSED) +{ + size_t maxsize; + const void *number; + + assert(buf); + assert(len > 0); + assert(data); + + number = ipset_data_get(data, opt); + maxsize = ipset_data_sizeof(opt, AF_INET); + D("opt: %u, maxsize %zu", opt, maxsize); + if (maxsize == sizeof(uint8_t)) + return snprintf(buf, len, "0x%02"PRIx8, + *(const uint8_t *) number); + else if (maxsize == sizeof(uint16_t)) + return snprintf(buf, len, "0x%04"PRIx16, + *(const uint16_t *) number); + else if (maxsize == sizeof(uint32_t)) + return snprintf(buf, len, "0x%08"PRIx32, + (long unsigned) *(const uint32_t *) number); + else if (maxsize == sizeof(uint64_t)) + return snprintf(buf, len, "0x016lx", + (long long unsigned) *(const uint64_t *) number); + else + assert(0); + return 0; +} + /** * ipset_print_name - print setname element string * @buf: printing buffer @@ -940,7 +984,7 @@ ipset_print_data(char *buf, unsigned int len, case IPSET_OPT_IFACE: size = ipset_print_iface(buf, len, data, opt, env); break; - case IPSET_OPT_GC: + case IPSET_OPT_INITVAL: case IPSET_OPT_HASHSIZE: case IPSET_OPT_MAXELEM: case IPSET_OPT_MARKMASK: diff --git a/lib/session.c b/lib/session.c index 8416308..b088bc8 100644 --- a/lib/session.c +++ b/lib/session.c @@ -418,9 +418,9 @@ static const struct ipset_attr_policy create_attrs[] = { .type = MNL_TYPE_U32, .opt = IPSET_OPT_CADT_FLAGS, }, - [IPSET_ATTR_GC] = { + [IPSET_ATTR_INITVAL] = { .type = MNL_TYPE_U32, - .opt = IPSET_OPT_GC, + .opt = IPSET_OPT_INITVAL, }, [IPSET_ATTR_HASHSIZE] = { .type = MNL_TYPE_U32, -- cgit v1.2.3