From de340a7f1a9cf21931d94ea8814545c4b2d172b0 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Mon, 21 Sep 2020 10:21:39 +0200 Subject: Add bucketsize parameter to all hash types The parameter defines the upper limit in any hash bucket at adding new entries from userspace - if the limit would be exceeded, ipset doubles the hash size and rehashes. It means the set may consume more memory but gives faster evaluation at matching in the set. Signed-off-by: Jozsef Kadlecsik --- include/libipset/args.h | 1 + include/libipset/data.h | 1 + include/libipset/linux_ip_set.h | 4 +- kernel/include/linux/netfilter/ipset/ip_set.h | 5 + kernel/include/uapi/linux/netfilter/ipset/ip_set.h | 4 +- kernel/net/netfilter/ipset/ip_set_core.c | 2 + kernel/net/netfilter/ipset/ip_set_hash_gen.h | 38 ++++--- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_ipmac.c | 5 +- kernel/net/netfilter/ipset/ip_set_hash_ipmark.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_mac.c | 5 +- kernel/net/netfilter/ipset/ip_set_hash_net.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_netnet.c | 6 +- kernel/net/netfilter/ipset/ip_set_hash_netport.c | 6 +- .../net/netfilter/ipset/ip_set_hash_netportnet.c | 6 +- lib/args.c | 8 ++ lib/data.c | 12 +- lib/debug.c | 2 +- lib/ipset_hash_ip.c | 84 ++++++++++++++ lib/ipset_hash_ipmac.c | 84 ++++++++++++++ lib/ipset_hash_ipmark.c | 98 ++++++++++++++++ lib/ipset_hash_ipport.c | 105 +++++++++++++++++ lib/ipset_hash_ipportip.c | 116 +++++++++++++++++++ lib/ipset_hash_ipportnet.c | 124 +++++++++++++++++++++ lib/ipset_hash_mac.c | 68 +++++++++++ lib/ipset_hash_net.c | 84 ++++++++++++++ lib/ipset_hash_netiface.c | 98 ++++++++++++++++ lib/ipset_hash_netnet.c | 98 ++++++++++++++++ lib/ipset_hash_netport.c | 103 +++++++++++++++++ lib/ipset_hash_netportnet.c | 121 ++++++++++++++++++++ lib/print.c | 2 +- lib/session.c | 4 +- src/ipset.8 | 38 ++++--- tests/comment.t.list2 | 4 +- tests/comment.t.list21 | 4 +- tests/comment.t.list22 | 4 +- tests/comment.t.list3 | 14 +-- tests/hash:ip,mark.t.list0 | 4 +- tests/hash:ip,mark.t.list1 | 4 +- tests/hash:ip,port,ip.t.list0 | 4 +- tests/hash:ip,port,ip.t.list1 | 2 +- tests/hash:ip,port,net.t.list0 | 4 +- tests/hash:ip,port.t.list0 | 4 +- tests/hash:ip,port.t.list1 | 4 +- tests/hash:ip,port.t.list2 | 4 +- tests/hash:ip.t.list0 | 4 +- tests/hash:ip.t.list1 | 4 +- tests/hash:ip.t.list2 | 4 +- tests/hash:ip.t.list3 | 4 +- tests/hash:ip6,mark.t.list0 | 4 +- tests/hash:ip6,mark.t.list1 | 4 +- tests/hash:ip6,port,ip6.t.list0 | 5 +- tests/hash:ip6,port,ip6.t.list1 | 4 +- tests/hash:ip6,port,net6.t.list0 | 4 +- tests/hash:ip6,port.t.list0 | 4 +- tests/hash:ip6,port.t.list1 | 4 +- tests/hash:ip6.t.list0 | 4 +- tests/hash:ip6.t.list1 | 4 +- tests/hash:ip6.t.list2 | 4 +- tests/hash:ip6.t.list3 | 4 +- tests/hash:mac.t.list0 | 4 +- tests/hash:mac.t.list1 | 4 +- tests/hash:mac.t.list2 | 4 +- tests/hash:mac.t.list3 | 4 +- tests/hash:net,iface.t.list0 | 4 +- tests/hash:net,iface.t.list1 | 4 +- tests/hash:net,iface.t.list2 | 4 +- tests/hash:net,net.t.list0 | 4 +- tests/hash:net,net.t.list1 | 4 +- tests/hash:net,net.t.list2 | 4 +- tests/hash:net,port,net.t.list0 | 4 +- tests/hash:net,port.t.list0 | 4 +- tests/hash:net,port.t.list1 | 4 +- tests/hash:net.t.list0 | 4 +- tests/hash:net.t.list1 | 4 +- tests/hash:net.t.list2 | 4 +- tests/hash:net.t.list3 | 4 +- tests/hash:net6,net6.t.list0 | 4 +- tests/hash:net6,net6.t.list1 | 4 +- tests/hash:net6,port,net6.t.list0 | 4 +- tests/hash:net6,port.t.list0 | 4 +- tests/hash:net6,port.t.list1 | 4 +- tests/hash:net6.t.list0 | 4 +- tests/hash:net6.t.list1 | 4 +- tests/iphash.t.large | 2 +- tests/iphash.t.list0 | 4 +- tests/iphash.t.list1 | 4 +- tests/iphash.t.restore.sorted | 4 +- tests/ipmarkhash.t.list0 | 4 +- tests/ipmarkhash.t.list1 | 4 +- tests/ipporthash.t.list0 | 4 +- tests/ipporthash.t.list1 | 4 +- tests/ipportiphash.t.list0 | 4 +- tests/ipportiphash.t.list1 | 4 +- tests/nethash.t.list0 | 4 +- tests/restore.t.list0 | 4 +- tests/restore.t.list1 | 4 +- tests/setlist.t.list4 | 18 +-- 102 files changed, 1449 insertions(+), 206 deletions(-) diff --git a/include/libipset/args.h b/include/libipset/args.h index 616cca5..93b4456 100644 --- a/include/libipset/args.h +++ b/include/libipset/args.h @@ -56,6 +56,7 @@ enum ipset_keywords { IPSET_ARG_SKBMARK, /* skbmark */ IPSET_ARG_SKBPRIO, /* skbprio */ IPSET_ARG_SKBQUEUE, /* skbqueue */ + IPSET_ARG_BUCKETSIZE, /* bucketsize */ IPSET_ARG_MAX, }; diff --git a/include/libipset/data.h b/include/libipset/data.h index 851773a..cce6407 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -67,6 +67,7 @@ enum ipset_opt { IPSET_OPT_SKBPRIO, IPSET_OPT_SKBQUEUE, IPSET_OPT_IFACE_WILDCARD, + IPSET_OPT_BUCKETSIZE, /* Internal options */ IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */ IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */ diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index 7fd9948..e67116f 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -96,7 +96,7 @@ enum { IPSET_ATTR_HASHSIZE, IPSET_ATTR_MAXELEM, IPSET_ATTR_NETMASK, - IPSET_ATTR_PROBES, + IPSET_ATTR_BUCKETSIZE, /* was unused IPSET_ATTR_PROBES */ IPSET_ATTR_RESIZE, IPSET_ATTR_SIZE, /* Kernel-only */ @@ -214,6 +214,8 @@ enum ipset_cadt_flags { enum ipset_create_flags { IPSET_CREATE_FLAG_BIT_FORCEADD = 0, IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD), + IPSET_CREATE_FLAG_BIT_BUCKETSIZE = 1, + IPSET_CREATE_FLAG_BUCKETSIZE = (1 << IPSET_CREATE_FLAG_BIT_BUCKETSIZE), IPSET_CREATE_FLAG_BIT_MAX = 7, }; diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index ed9f82e..554f90f 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -199,6 +199,9 @@ struct ip_set_region { u32 elements; /* Number of elements vs timeout */ }; +/* The max revision number supported by any set type + 1 */ +#define IPSET_REVISION_MAX 9 + /* The core set type structure */ struct ip_set_type { struct list_head list; @@ -216,6 +219,8 @@ struct ip_set_type { u8 family; /* Type revisions */ u8 revision_min, revision_max; + /* Revision-specific supported (create) flags */ + u8 create_flags[IPSET_REVISION_MAX+1]; /* Set features to control swapping */ u16 features; diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h index 7545af4..60c411c 100644 --- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h @@ -96,7 +96,7 @@ enum { IPSET_ATTR_HASHSIZE, IPSET_ATTR_MAXELEM, IPSET_ATTR_NETMASK, - IPSET_ATTR_PROBES, + IPSET_ATTR_BUCKETSIZE, /* was unused IPSET_ATTR_PROBES */ IPSET_ATTR_RESIZE, IPSET_ATTR_SIZE, /* Kernel-only */ @@ -214,6 +214,8 @@ enum ipset_cadt_flags { enum ipset_create_flags { IPSET_CREATE_FLAG_BIT_FORCEADD = 0, IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD), + IPSET_CREATE_FLAG_BIT_BUCKETSIZE = 1, + IPSET_CREATE_FLAG_BUCKETSIZE = (1 << IPSET_CREATE_FLAG_BIT_BUCKETSIZE), IPSET_CREATE_FLAG_BIT_MAX = 7, }; diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 6e80fb4..fb35e23 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -1128,6 +1128,8 @@ IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl, ret = -IPSET_ERR_PROTOCOL; goto put_out; } + /* Set create flags depending on the type revision */ + set->flags |= set->type->create_flags[revision]; ret = set->type->create(net, set, tb, flags); if (ret != 0) diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h index cbc3e98..e84728e 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h +++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h @@ -38,18 +38,18 @@ */ /* Number of elements to store in an initial array block */ -#define AHASH_INIT_SIZE 4 +#define AHASH_INIT_SIZE 2 /* Max number of elements to store in an array block */ -#define AHASH_MAX_SIZE (3 * AHASH_INIT_SIZE) +#define AHASH_MAX_SIZE (6 * AHASH_INIT_SIZE) /* Max muber of elements in the array block when tuned */ #define AHASH_MAX_TUNED 64 +#define AHASH_MAX(h) ((h)->bucketsize) + /* Max number of elements can be tuned */ #ifdef IP_SET_HASH_WITH_MULTI -#define AHASH_MAX(h) ((h)->ahash_max) - static u8 -tune_ahash_max(u8 curr, u32 multi) +tune_bucketsize(u8 curr, u32 multi) { u32 n; @@ -62,12 +62,10 @@ tune_ahash_max(u8 curr, u32 multi) */ return n > curr && n <= AHASH_MAX_TUNED ? n : curr; } - -#define TUNE_AHASH_MAX(h, multi) \ - ((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi)) +#define TUNE_BUCKETSIZE(h, multi) \ + ((h)->bucketsize = tune_bucketsize((h)->bucketsize, multi)) #else -#define AHASH_MAX(h) AHASH_MAX_SIZE -#define TUNE_AHASH_MAX(h, multi) +#define TUNE_BUCKETSIZE(h, multi) #endif /* A hash bucket */ @@ -322,9 +320,7 @@ struct htype { #ifdef IP_SET_HASH_WITH_MARKMASK u32 markmask; /* markmask value for mark mask to store */ #endif -#ifdef IP_SET_HASH_WITH_MULTI - u8 ahash_max; /* max elements in an array block */ -#endif + u8 bucketsize; /* max elements in an array block */ #ifdef IP_SET_HASH_WITH_NETMASK u8 netmask; /* netmask value for subnets to store */ #endif @@ -951,7 +947,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, goto set_full; /* Create a new slot */ if (n->pos >= n->size) { - TUNE_AHASH_MAX(h, multi); + TUNE_BUCKETSIZE(h, multi); if (n->size >= AHASH_MAX(h)) { /* Trigger rehashing */ mtype_data_next(&h->next, d); @@ -1306,6 +1302,9 @@ mtype_head(struct ip_set *set, struct sk_buff *skb) if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask)) goto nla_put_failure; #endif + if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE && + nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize)) + goto nla_put_failure; if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) || nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) || nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements))) @@ -1549,7 +1548,16 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, h->markmask = markmask; #endif get_random_bytes(&h->initval, sizeof(h->initval)); - + h->bucketsize = AHASH_MAX_SIZE; + if (tb[IPSET_ATTR_BUCKETSIZE]) { + h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]); + if (h->bucketsize < AHASH_INIT_SIZE) + h->bucketsize = AHASH_INIT_SIZE; + else if (h->bucketsize > AHASH_MAX_SIZE) + h->bucketsize = AHASH_MAX_SIZE; + else if (h->bucketsize % 2) + h->bucketsize += 1; + } t->htable_bits = hbits; t->maxelem = h->maxelem / ahash_numof_locks(hbits); RCU_INIT_POINTER(h->table, t); diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c index 41c576f..bb0cfd4 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c @@ -24,7 +24,8 @@ /* 1 Counters support */ /* 2 Comments support */ /* 3 Forceadd support */ -#define IPSET_TYPE_REV_MAX 4 /* skbinfo support */ +/* 4 skbinfo support */ +#define IPSET_TYPE_REV_MAX 5 /* bucketsize support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -278,11 +279,12 @@ static struct ip_set_type hash_ip_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_ip_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_NETMASK] = { .type = NLA_U8 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c index eceb7bc..2655501 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c @@ -23,7 +23,7 @@ #include #define IPSET_TYPE_REV_MIN 0 -#define IPSET_TYPE_REV_MAX 0 +#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Tomasz Chilinski "); @@ -268,11 +268,12 @@ static struct ip_set_type hash_ipmac_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_ipmac_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c index 4ebd21b..c379a17 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c @@ -23,7 +23,8 @@ #define IPSET_TYPE_REV_MIN 0 /* 1 Forceadd support */ -#define IPSET_TYPE_REV_MAX 2 /* skbinfo support */ +/* 2 skbinfo support */ +#define IPSET_TYPE_REV_MAX 3 /* bucketsize support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Vytas Dauksa "); @@ -276,12 +277,13 @@ static struct ip_set_type hash_ipmark_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_ipmark_create, .create_policy = { [IPSET_ATTR_MARKMASK] = { .type = NLA_U32 }, [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c index 7e34bc4..237804f 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c @@ -26,7 +26,8 @@ /* 2 Counters support added */ /* 3 Comments support added */ /* 4 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */ +/* 5 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -342,11 +343,12 @@ static struct ip_set_type hash_ipport_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_ipport_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c index 81ce821..1caf698 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c @@ -26,7 +26,8 @@ /* 2 Counters support added */ /* 3 Comments support added */ /* 4 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */ +/* 5 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -357,11 +358,12 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_ipportip_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c index 4d4d443..03facf0 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c @@ -28,7 +28,8 @@ /* 4 Counters support added */ /* 5 Comments support added */ /* 6 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */ +/* 7 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -514,11 +515,12 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_ipportnet_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_mac.c b/kernel/net/netfilter/ipset/ip_set_hash_mac.c index 407c158..153ea36 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_mac.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_mac.c @@ -17,7 +17,7 @@ #include #define IPSET_TYPE_REV_MIN 0 -#define IPSET_TYPE_REV_MAX 0 +#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -126,11 +126,12 @@ static struct ip_set_type hash_mac_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_mac_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c index 923bffb..cc00345 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_net.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c @@ -25,7 +25,8 @@ /* 3 Counters support added */ /* 4 Comments support added */ /* 5 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 6 /* skbinfo mapping support added */ +/* 6 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 7 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -355,11 +356,12 @@ static struct ip_set_type hash_net_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_net_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c index 4202dd2..682e99f 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c @@ -27,7 +27,8 @@ /* 4 Comments support added */ /* 5 Forceadd support added */ /* 6 skbinfo support added */ -#define IPSET_TYPE_REV_MAX 7 /* interface wildcard support added */ +/* 7 interface wildcard support added */ +#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -471,11 +472,12 @@ static struct ip_set_type hash_netiface_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_netiface_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c index da4ef91..0cc7970 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c @@ -22,7 +22,8 @@ #define IPSET_TYPE_REV_MIN 0 /* 1 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 2 /* skbinfo support added */ +/* 2 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Oliver Smith "); @@ -459,11 +460,12 @@ static struct ip_set_type hash_netnet_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_netnet_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c index 48ad1c4..21b9d73 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c @@ -27,7 +27,8 @@ /* 4 Counters support added */ /* 5 Comments support added */ /* 6 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */ +/* 7 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -461,11 +462,12 @@ static struct ip_set_type hash_netport_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_netport_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c index 686cbbc..fef77bb 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c @@ -24,7 +24,8 @@ #define IPSET_TYPE_REV_MIN 0 /* 0 Comments support added */ /* 1 Forceadd support added */ -#define IPSET_TYPE_REV_MAX 2 /* skbinfo support added */ +/* 2 skbinfo support added */ +#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Oliver Smith "); @@ -559,11 +560,12 @@ static struct ip_set_type hash_netportnet_type __read_mostly = { .family = NFPROTO_UNSPEC, .revision_min = IPSET_TYPE_REV_MIN, .revision_max = IPSET_TYPE_REV_MAX, + .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE, .create = hash_netportnet_create, .create_policy = { [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, - [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, + [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, diff --git a/lib/args.c b/lib/args.c index c25bb80..ab1022e 100644 --- a/lib/args.c +++ b/lib/args.c @@ -284,6 +284,14 @@ static const struct ipset_arg ipset_args[] = { .print = ipset_print_number, .help = "[skbqueue VALUE]", }, + [IPSET_ARG_BUCKETSIZE] = { + .name = { "bucketsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, + .opt = IPSET_OPT_BUCKETSIZE, + .parse = ipset_parse_uint8, + .print = ipset_print_number, + .help = "[bucketsize VALUE]", + }, }; const struct ipset_arg * diff --git a/lib/data.c b/lib/data.c index f28d1d3..43b6f71 100644 --- a/lib/data.c +++ b/lib/data.c @@ -50,7 +50,7 @@ struct ipset_data { char setname2[IPSET_MAXNAMELEN]; /* CREATE/LIST/SAVE */ struct { - uint8_t probes; + uint8_t bucketsize; uint8_t resize; uint8_t netmask; uint32_t hashsize; @@ -301,8 +301,8 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) case IPSET_OPT_NETMASK: data->create.netmask = *(const uint8_t *) value; break; - case IPSET_OPT_PROBES: - data->create.probes = *(const uint8_t *) value; + case IPSET_OPT_BUCKETSIZE: + data->create.bucketsize = *(const uint8_t *) value; break; case IPSET_OPT_RESIZE: data->create.resize = *(const uint8_t *) value; @@ -508,8 +508,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) return &data->create.markmask; case IPSET_OPT_NETMASK: return &data->create.netmask; - case IPSET_OPT_PROBES: - return &data->create.probes; + case IPSET_OPT_BUCKETSIZE: + return &data->create.bucketsize; case IPSET_OPT_RESIZE: return &data->create.resize; case IPSET_OPT_SIZE: @@ -625,7 +625,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_CIDR: case IPSET_OPT_CIDR2: case IPSET_OPT_NETMASK: - case IPSET_OPT_PROBES: + case IPSET_OPT_BUCKETSIZE: case IPSET_OPT_RESIZE: case IPSET_OPT_PROTO: return sizeof(uint8_t); diff --git a/lib/debug.c b/lib/debug.c index 6b3ead2..89073b8 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -40,7 +40,7 @@ static const struct ipset_attrname createattr2name[] = { [IPSET_ATTR_MAXELEM] = { .name = "MAXELEM" }, [IPSET_ATTR_MARKMASK] = { .name = "MARKMASK" }, [IPSET_ATTR_NETMASK] = { .name = "NETMASK" }, - [IPSET_ATTR_PROBES] = { .name = "PROBES" }, + [IPSET_ATTR_BUCKETSIZE] = { .name = "BUCKETSIZE" }, [IPSET_ATTR_RESIZE] = { .name = "RESIZE" }, [IPSET_ATTR_SIZE] = { .name = "SIZE" }, [IPSET_ATTR_ELEMENTS] = { .name = "ELEMENTS" }, diff --git a/lib/ipset_hash_ip.c b/lib/ipset_hash_ip.c index 2ef1af3..470a807 100644 --- a/lib/ipset_hash_ip.c +++ b/lib/ipset_hash_ip.c @@ -393,6 +393,89 @@ static struct ipset_type ipset_hash_ip4 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_ip5 = { + .name = "hash:ip", + .alias = { "iphash", NULL }, + .revision = 5, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_NETMASK, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + /* Ignored options: backward compatibilty */ + IPSET_ARG_PROBES, + IPSET_ARG_RESIZE, + IPSET_ARG_GC, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" + " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" + " is supported for IPv4.", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -401,4 +484,5 @@ void _init(void) ipset_type_add(&ipset_hash_ip2); ipset_type_add(&ipset_hash_ip3); ipset_type_add(&ipset_hash_ip4); + ipset_type_add(&ipset_hash_ip5); } diff --git a/lib/ipset_hash_ipmac.c b/lib/ipset_hash_ipmac.c index c64e1be..e491e64 100644 --- a/lib/ipset_hash_ipmac.c +++ b/lib/ipset_hash_ipmac.c @@ -91,8 +91,92 @@ static struct ipset_type ipset_hash_ipmac0 = { .description = "Initial revision", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_ipmac1 = { + .name = "hash:ip,mac", + .alias = { "ipmachash", NULL }, + .revision = 1, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_ether, + .print = ipset_print_ether, + .opt = IPSET_OPT_ETHER + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + .help = "IP,MAC", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + .help = "IP,MAC", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + .help = "IP,MAC", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname),\n" + " MAC is a MAC address.", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ipmac0); + ipset_type_add(&ipset_hash_ipmac1); } diff --git a/lib/ipset_hash_ipmark.c b/lib/ipset_hash_ipmark.c index 42b1979..941ce5d 100644 --- a/lib/ipset_hash_ipmark.c +++ b/lib/ipset_hash_ipmark.c @@ -289,10 +289,108 @@ static struct ipset_type ipset_hash_ipmark2 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_ipmark3 = { + .name = "hash:ip,mark", + .alias = { "ipmarkhash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_mark, + .print = ipset_print_mark, + .opt = IPSET_OPT_MARK + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_MARKMASK, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + /* Ignored options: backward compatibilty */ + IPSET_ARG_PROBES, + IPSET_ARG_RESIZE, + IPSET_ARG_IGNORED_FROM, + IPSET_ARG_IGNORED_TO, + IPSET_ARG_IGNORED_NETWORK, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_MARK), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_MARK), + .help = "IP,MARK", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_MARK), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_MARK), + .help = "IP,MARK", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_MARK), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_MARK), + .help = "IP,MARK", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname).\n" + " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" + " is supported for IPv4.\n" + " Adding/deleting single mark element\n" + " is supported both for IPv4 and IPv6.", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ipmark0); ipset_type_add(&ipset_hash_ipmark1); ipset_type_add(&ipset_hash_ipmark2); + ipset_type_add(&ipset_hash_ipmark3); } diff --git a/lib/ipset_hash_ipport.c b/lib/ipset_hash_ipport.c index b48cac2..cb8832e 100644 --- a/lib/ipset_hash_ipport.c +++ b/lib/ipset_hash_ipport.c @@ -499,6 +499,110 @@ static struct ipset_type ipset_hash_ipport5 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_ipport6 = { + .name = "hash:ip,port", + .alias = { "ipporthash", NULL }, + .revision = 6, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + /* Ignored options: backward compatibilty */ + IPSET_ARG_PROBES, + IPSET_ARG_RESIZE, + IPSET_ARG_IGNORED_FROM, + IPSET_ARG_IGNORED_TO, + IPSET_ARG_IGNORED_NETWORK, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "IP,[PROTO:]PORT", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "IP,[PROTO:]PORT", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .help = "IP,[PROTO:]PORT", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname).\n" + " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" + " is supported for IPv4.\n" + " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" + " port range is supported both for IPv4 and IPv6.", + .usagefn = ipset_port_usage, + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -507,4 +611,5 @@ void _init(void) ipset_type_add(&ipset_hash_ipport3); ipset_type_add(&ipset_hash_ipport4); ipset_type_add(&ipset_hash_ipport5); + ipset_type_add(&ipset_hash_ipport6); } diff --git a/lib/ipset_hash_ipportip.c b/lib/ipset_hash_ipportip.c index 545e50c..bc23c21 100644 --- a/lib/ipset_hash_ipportip.c +++ b/lib/ipset_hash_ipportip.c @@ -554,6 +554,121 @@ static struct ipset_type ipset_hash_ipportip5 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_ipportip6 = { + .name = "hash:ip,port,ip", + .alias = { "ipportiphash", NULL }, + .revision = 6, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_single_ip, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + /* Ignored options: backward compatibilty */ + IPSET_ARG_PROBES, + IPSET_ARG_RESIZE, + IPSET_ARG_IGNORED_FROM, + IPSET_ARG_IGNORED_TO, + IPSET_ARG_IGNORED_NETWORK, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_IP2), + .help = "IP,[PROTO:]PORT,IP", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_IP2), + .help = "IP,[PROTO:]PORT,IP", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .help = "IP,[PROTO:]PORT,IP", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname).\n" + " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" + " in the first IP component is supported for IPv4.\n" + " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" + " port range is supported both for IPv4 and IPv6.", + .usagefn = ipset_port_usage, + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -562,4 +677,5 @@ void _init(void) ipset_type_add(&ipset_hash_ipportip3); ipset_type_add(&ipset_hash_ipportip4); ipset_type_add(&ipset_hash_ipportip5); + ipset_type_add(&ipset_hash_ipportip6); } diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c index 94a680e..b2b4651 100644 --- a/lib/ipset_hash_ipportnet.c +++ b/lib/ipset_hash_ipportnet.c @@ -812,6 +812,129 @@ static struct ipset_type ipset_hash_ipportnet7 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_ipportnet8 = { + .name = "hash:ip,port,net", + .alias = { "ipportnethash", NULL }, + .revision = 8, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + /* Ignored options: backward compatibilty */ + IPSET_ARG_PROBES, + IPSET_ARG_RESIZE, + IPSET_ARG_IGNORED_FROM, + IPSET_ARG_IGNORED_TO, + IPSET_ARG_IGNORED_NETWORK, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NOMATCH, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + .help = "IP,[PROTO:]PORT,IP[/CIDR]", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + .help = "IP,[PROTO:]PORT,IP[/CIDR]", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NOMATCH, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + .help = "IP,[PROTO:]PORT,IP[/CIDR]", + }, + }, + .usage = "where depending on the INET family\n" + " IP are valid IPv4 or IPv6 addresses (or hostnames),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" + " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" + " in the first IP component is supported for IPv4.\n" + " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" + " port range is supported both for IPv4 and IPv6.", + .usagefn = ipset_port_usage, + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -822,4 +945,5 @@ void _init(void) ipset_type_add(&ipset_hash_ipportnet5); ipset_type_add(&ipset_hash_ipportnet6); ipset_type_add(&ipset_hash_ipportnet7); + ipset_type_add(&ipset_hash_ipportnet8); } diff --git a/lib/ipset_hash_mac.c b/lib/ipset_hash_mac.c index 426c384..b1e7991 100644 --- a/lib/ipset_hash_mac.c +++ b/lib/ipset_hash_mac.c @@ -75,8 +75,76 @@ static struct ipset_type ipset_hash_mac0 = { .description = "Initial revision", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_mac1 = { + .name = "hash:mac", + .alias = { "machash", NULL }, + .revision = 1, + .family = NFPROTO_UNSPEC, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ether, + .print = ipset_print_ether, + .opt = IPSET_OPT_ETHER + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_ETHER), + .full = IPSET_FLAG(IPSET_OPT_ETHER), + .help = "MAC", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_ETHER), + .full = IPSET_FLAG(IPSET_OPT_ETHER), + .help = "MAC", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_ETHER), + .full = IPSET_FLAG(IPSET_OPT_ETHER), + .help = "MAC", + }, + }, + .usage = "", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_mac0); + ipset_type_add(&ipset_hash_mac1); } diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c index ef9e19c..a943ea6 100644 --- a/lib/ipset_hash_net.c +++ b/lib/ipset_hash_net.c @@ -531,6 +531,89 @@ static struct ipset_type ipset_hash_net6 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_net7 = { + .name = "hash:net", + .alias = { "nethash", NULL }, + .revision = 7, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + /* Ignored options: backward compatibilty */ + IPSET_ARG_PROBES, + IPSET_ARG_RESIZE, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NOMATCH, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP[/CIDR]", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP[/CIDR]", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NOMATCH, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR), + .help = "IP[/CIDR]", + }, + }, + .usage = "where depending on the INET family\n" + " IP is an IPv4 or IPv6 address (or hostname),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -541,4 +624,5 @@ void _init(void) ipset_type_add(&ipset_hash_net4); ipset_type_add(&ipset_hash_net5); ipset_type_add(&ipset_hash_net6); + ipset_type_add(&ipset_hash_net7); } diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c index 6755782..7a720c6 100644 --- a/lib/ipset_hash_netiface.c +++ b/lib/ipset_hash_netiface.c @@ -619,6 +619,7 @@ static struct ipset_type ipset_hash_netiface6 = { " Adding/deleting multiple elements with IPv4 is supported.", .description = "skbinfo support", }; + /* interface wildcard support */ static struct ipset_type ipset_hash_netiface7 = { .name = "hash:net,iface", @@ -714,6 +715,102 @@ static struct ipset_type ipset_hash_netiface7 = { .description = "skbinfo and wildcard support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_netiface8 = { + .name = "hash:net,iface", + .alias = { "netifacehash", NULL }, + .revision = 8, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_iface, + .print = ipset_print_iface, + .opt = IPSET_OPT_IFACE + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NOMATCH, + IPSET_ARG_IFACE_WILDCARD, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + .help = "IP[/CIDR]|FROM-TO,[physdev:]IFACE", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + .help = "IP[/CIDR]|FROM-TO,[physdev:]IFACE", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NOMATCH, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + .help = "IP[/CIDR],[physdev:]IFACE", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" + " Adding/deleting multiple elements with IPv4 is supported.", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -725,4 +822,5 @@ void _init(void) ipset_type_add(&ipset_hash_netiface5); ipset_type_add(&ipset_hash_netiface6); ipset_type_add(&ipset_hash_netiface7); + ipset_type_add(&ipset_hash_netiface8); } diff --git a/lib/ipset_hash_netnet.c b/lib/ipset_hash_netnet.c index 9918b47..e1da9ec 100644 --- a/lib/ipset_hash_netnet.c +++ b/lib/ipset_hash_netnet.c @@ -289,10 +289,108 @@ static struct ipset_type ipset_hash_netnet2 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_netnet3 = { + .name = "hash:net,net", + .alias = { "netnethash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NOMATCH, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + .help = "IP[/CIDR]|FROM-TO,IP[/CIDR]|FROM-TO", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + .help = "IP[/CIDR]|FROM-TO,IP[/CIDR]|FROM-TO", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NOMATCH, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + .help = "IP[/CIDR],IP[/CIDR]", + }, + }, + .usage = "where depending on the INET family\n" + " IP is an IPv4 or IPv6 address (or hostname),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" + " IP range is not supported with IPv6.", + .description = "bucketsize support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_netnet0); ipset_type_add(&ipset_hash_netnet1); ipset_type_add(&ipset_hash_netnet2); + ipset_type_add(&ipset_hash_netnet3); } diff --git a/lib/ipset_hash_netport.c b/lib/ipset_hash_netport.c index 48501ce..2d08085 100644 --- a/lib/ipset_hash_netport.c +++ b/lib/ipset_hash_netport.c @@ -665,6 +665,108 @@ static struct ipset_type ipset_hash_netport7 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_netport8 = { + .name = "hash:net,port", + .alias = { "netporthash", NULL }, + .revision = 8, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NOMATCH, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP[/CIDR]|FROM-TO,[PROTO:]PORT", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO), + .help = "IP[/CIDR]|FROM-TO,[PROTO:]PORT", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NOMATCH, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_CIDR), + .help = "IP[/CIDR],[PROTO:]PORT", + }, + }, + .usage = "where depending on the INET family\n" + " IP is a valid IPv4 or IPv6 address (or hostname),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" + " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" + " port range is supported both for IPv4 and IPv6.", + .usagefn = ipset_port_usage, + .description = "bucketsize support", +}; + void _init(void); void _init(void) { @@ -675,4 +777,5 @@ void _init(void) ipset_type_add(&ipset_hash_netport5); ipset_type_add(&ipset_hash_netport6); ipset_type_add(&ipset_hash_netport7); + ipset_type_add(&ipset_hash_netport8); } diff --git a/lib/ipset_hash_netportnet.c b/lib/ipset_hash_netportnet.c index 0b36bd5..e456fb1 100644 --- a/lib/ipset_hash_netportnet.c +++ b/lib/ipset_hash_netportnet.c @@ -358,10 +358,131 @@ static struct ipset_type ipset_hash_netportnet2 = { .description = "skbinfo support", }; +/* bucketsize support */ +static struct ipset_type ipset_hash_netportnet3 = { + .name = "hash:net,port,net", + .alias = { "netportnethash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_FAMILY, + /* Aliases */ + IPSET_ARG_INET, + IPSET_ARG_INET6, + IPSET_ARG_HASHSIZE, + IPSET_ARG_MAXELEM, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_FORCEADD, + IPSET_ARG_SKBINFO, + IPSET_ARG_BUCKETSIZE, + IPSET_ARG_NONE, + }, + .need = 0, + .full = 0, + .help = "", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NOMATCH, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + .help = "IP[/CIDR],[PROTO:]PORT,IP[/CIDR]", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + .help = "IP[/CIDR],[PROTO:]PORT,IP[/CIDR]", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NOMATCH, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2), + .full = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + .help = "IP[/CIDR],[PROTO:]PORT,IP[/CIDR]", + }, + }, + .usage = "where depending on the INET family\n" + " IP are valid IPv4 or IPv6 addresses (or hostnames),\n" + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" + " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" + " in both IP components are supported for IPv4.\n" + " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" + " port range is supported both for IPv4 and IPv6.", + .usagefn = ipset_port_usage, + .description = "bucketsize support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_netportnet0); ipset_type_add(&ipset_hash_netportnet1); ipset_type_add(&ipset_hash_netportnet2); + ipset_type_add(&ipset_hash_netportnet3); } diff --git a/lib/print.c b/lib/print.c index bafe58f..d1d5a20 100644 --- a/lib/print.c +++ b/lib/print.c @@ -945,7 +945,7 @@ ipset_print_data(char *buf, unsigned int len, case IPSET_OPT_MAXELEM: case IPSET_OPT_MARKMASK: case IPSET_OPT_NETMASK: - case IPSET_OPT_PROBES: + case IPSET_OPT_BUCKETSIZE: case IPSET_OPT_RESIZE: case IPSET_OPT_TIMEOUT: case IPSET_OPT_REFERENCES: diff --git a/lib/session.c b/lib/session.c index 9e3eae3..8416308 100644 --- a/lib/session.c +++ b/lib/session.c @@ -438,9 +438,9 @@ static const struct ipset_attr_policy create_attrs[] = { .type = MNL_TYPE_U8, .opt = IPSET_OPT_NETMASK, }, - [IPSET_ATTR_PROBES] = { + [IPSET_ATTR_BUCKETSIZE] = { .type = MNL_TYPE_U8, - .opt = IPSET_OPT_PROBES, + .opt = IPSET_OPT_BUCKETSIZE, }, [IPSET_ATTR_RESIZE] = { .type = MNL_TYPE_U8, diff --git a/src/ipset.8 b/src/ipset.8 index 7787d79..97cece9 100644 --- a/src/ipset.8 +++ b/src/ipset.8 @@ -346,10 +346,20 @@ ipset create test hash:ip hashsize 1536 .PP .SS maxelem This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets. -It does define the maximal number of elements which can be stored in the set, default 65536. +It defines the maximal number of elements which can be stored in the set, default 65536. Example: .IP -ipset create test hash:ip maxelem 2048. +ipset create test hash:ip maxelem 2048 +.PP +.SS bucketsize +This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets. +It specifies the maximal number of elements which can be stored in a hash +bucket. Possible values are any even number between 2-14 and the default is +14. Setting the value lower forces ipset to create larger hashes which +consumes more memory but gives more speed at matching in the set. +Example: +.IP +ipset create test hash:ip bucketsize 2 .PP .SS family { inet | inet6 } This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets @@ -514,7 +524,7 @@ The \fBhash:ip\fR set type uses a hash to store IP host addresses (default) or network addresses. Zero valued IP address cannot be stored in a \fBhash:ip\fR type of set. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR .PP @@ -543,7 +553,7 @@ ipset test foo 192.168.1.2 The \fBhash:mac\fR set type uses a hash to store MAC addresses. Zero valued MAC addresses cannot be stored in a \fBhash:mac\fR type of set. For matches on destination MAC addresses, see COMMENTS below. .PP -\fICREATE\-OPTIONS\fR := [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fImacaddr\fR .PP @@ -565,7 +575,7 @@ ipset test foo 01:02:03:04:05:06 The \fBhash:ip,mac\fR set type uses a hash to store IP and a MAC address pairs. Zero valued MAC addresses cannot be stored in a \fBhash:ip,mac\fR type of set. For matches on destination MAC addresses, see COMMENTS below. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,\fImacaddr\fR .PP @@ -587,7 +597,7 @@ ipset test foo 1.1.1.1,01:02:03:04:05:06 The \fBhash:net\fR set type uses a hash to store different sized IP network addresses. Network address with zero prefix size cannot be stored in this type of sets. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fInetaddr\fR .PP @@ -638,7 +648,7 @@ over the second, so a nomatch entry could be potentially be ineffective if a mor first parameter existed with a suitable second parameter. Network address with zero prefix size cannot be stored in this type of set. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fInetaddr\fR,\fInetaddr\fR .PP @@ -691,7 +701,7 @@ The \fBhash:ip,port\fR set type uses a hash to store IP address and port number The port number is interpreted together with a protocol (default TCP) and zero protocol number cannot be used. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR .PP @@ -748,7 +758,7 @@ address and port pairs. The port number is interpreted together with a protocol (default TCP) and zero protocol number cannot be used. Network address with zero prefix size is not accepted either. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR .PP @@ -798,7 +808,7 @@ The \fBhash:ip,port,ip\fR set type uses a hash to store IP address, port number and a second IP address triples. The port number is interpreted together with a protocol (default TCP) and zero protocol number cannot be used. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR .PP @@ -830,7 +840,7 @@ and IP network address triples. The port number is interpreted together with a protocol (default TCP) and zero protocol number cannot be used. Network address with zero prefix size cannot be stored either. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR .PP @@ -875,7 +885,7 @@ ipset test foo 192.168.1,80.10.0.0/24 .SS hash:ip,mark The \fBhash:ip,mark\fR set type uses a hash to store IP address and packet mark pairs. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBmarkmask\fR \fIvalue\fR ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBmarkmask\fR \fIvalue\fR ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,\fImark\fR .PP @@ -913,7 +923,7 @@ The \fBhash:net,port,net\fR set type behaves similarly to hash:ip,port,net but a cidr value for both the first and last parameter. Either subnet is permitted to be a /0 should you wish to match port between all destinations. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR .PP @@ -960,7 +970,7 @@ ipset test foo 192.168.1.1,80,10.0.0.1 The \fBhash:net,iface\fR set type uses a hash to store different sized IP network address and interface name pairs. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] .PP \fIADD\-ENTRY\fR := \fInetaddr\fR,[\fBphysdev\fR:]\fIiface\fR .PP diff --git a/tests/comment.t.list2 b/tests/comment.t.list2 index 90a7e9b..bf7837f 100644 --- a/tests/comment.t.list2 +++ b/tests/comment.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:net,net -Header: family inet hashsize 128 maxelem 65536 comment -Size in memory: 1288 +Header: family inet hashsize 128 maxelem 65536 comment bucketsize 12 +Size in memory: 1190 References: 0 Number of entries: 4 Members: diff --git a/tests/comment.t.list21 b/tests/comment.t.list21 index 973b344..7a546f3 100644 --- a/tests/comment.t.list21 +++ b/tests/comment.t.list21 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 timeout x comment -Size in memory: 95168 +Header: family inet hashsize 1024 maxelem 65536 timeout x comment bucketsize 12 +Size in memory: 51092 References: 0 Number of entries: 512 Members: diff --git a/tests/comment.t.list22 b/tests/comment.t.list22 index 9215b0d..f24319e 100644 --- a/tests/comment.t.list22 +++ b/tests/comment.t.list22 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 timeout x comment -Size in memory: 57634 +Header: family inet hashsize 1024 maxelem 65536 timeout x comment bucketsize 12 +Size in memory: 40034 References: 0 Number of entries: 256 Members: diff --git a/tests/comment.t.list3 b/tests/comment.t.list3 index 673678a..528796f 100644 --- a/tests/comment.t.list3 +++ b/tests/comment.t.list3 @@ -1,23 +1,23 @@ Name: a Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 1 Number of entries: 0 Members: Name: b Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 1 Number of entries: 0 Members: Name: c Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 1 Number of entries: 0 Members: @@ -25,7 +25,7 @@ Members: Name: test Type: list:set Header: size 8 comment -Size in memory: 288 +Size in memory: 378 References: 0 Number of entries: 3 Members: diff --git a/tests/hash:ip,mark.t.list0 b/tests/hash:ip,mark.t.list0 index 3866bf5..865ac1e 100644 --- a/tests/hash:ip,mark.t.list0 +++ b/tests/hash:ip,mark.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,mark -Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x -Size in memory: 640 +Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 592 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip,mark.t.list1 b/tests/hash:ip,mark.t.list1 index c959e4c..9c6a87d 100644 --- a/tests/hash:ip,mark.t.list1 +++ b/tests/hash:ip,mark.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,mark -Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4 -Size in memory: 536 +Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 592 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:ip,port,ip.t.list0 b/tests/hash:ip,port,ip.t.list0 index 57adef1..ab68f02 100644 --- a/tests/hash:ip,port,ip.t.list0 +++ b/tests/hash:ip,port,ip.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port,ip -Header: family inet hashsize 1024 maxelem 65536 timeout x -Size in memory: 840 +Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 664 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip,port,ip.t.list1 b/tests/hash:ip,port,ip.t.list1 index 7c7d560..9011673 100644 --- a/tests/hash:ip,port,ip.t.list1 +++ b/tests/hash:ip,port,ip.t.list1 @@ -1,6 +1,6 @@ Name: test Type: hash:ip,port,ip -Header: family inet hashsize 1024 maxelem 65536 timeout 4 +Header: family inet hashsize 1024 maxelem 65536 timeout 4 bucketsize 12 Size in memory: 664 References: 0 Number of entries: 0 diff --git a/tests/hash:ip,port,net.t.list0 b/tests/hash:ip,port,net.t.list0 index 44c53c5..ea46beb 100644 --- a/tests/hash:ip,port,net.t.list0 +++ b/tests/hash:ip,port,net.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port,net -Header: family inet hashsize 1024 maxelem 65536 timeout x -Size in memory: 1096 +Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 840 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip,port.t.list0 b/tests/hash:ip,port.t.list0 index 49e3033..1693e85 100644 --- a/tests/hash:ip,port.t.list0 +++ b/tests/hash:ip,port.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet hashsize 1024 maxelem 65536 timeout x -Size in memory: 640 +Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 592 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip,port.t.list1 b/tests/hash:ip,port.t.list1 index 4b79124..eaf7ff5 100644 --- a/tests/hash:ip,port.t.list1 +++ b/tests/hash:ip,port.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet hashsize 1024 maxelem 65536 timeout 4 -Size in memory: 528 +Header: family inet hashsize 1024 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 592 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:ip,port.t.list2 b/tests/hash:ip,port.t.list2 index 624d050..75a5d23 100644 --- a/tests/hash:ip,port.t.list2 +++ b/tests/hash:ip,port.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 320 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 480 References: 0 Number of entries: 3 Members: diff --git a/tests/hash:ip.t.list0 b/tests/hash:ip.t.list0 index 1859015..908cd18 100644 --- a/tests/hash:ip.t.list0 +++ b/tests/hash:ip.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 128 maxelem 65536 timeout 4 -Size in memory: 336 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 464 References: 0 Number of entries: 1 Members: diff --git a/tests/hash:ip.t.list1 b/tests/hash:ip.t.list1 index 0977324..f67ec08 100644 --- a/tests/hash:ip.t.list1 +++ b/tests/hash:ip.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout 4 -Size in memory: 432 +Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout 4 bucketsize 12 +Size in memory: 528 References: 0 Number of entries: 1 Members: diff --git a/tests/hash:ip.t.list2 b/tests/hash:ip.t.list2 index 6cd2bf4..9446f21 100644 --- a/tests/hash:ip.t.list2 +++ b/tests/hash:ip.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 128 maxelem 65536 timeout x -Size in memory: 352 +Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 464 References: 0 Number of entries: 2 Members: diff --git a/tests/hash:ip.t.list3 b/tests/hash:ip.t.list3 index 500abbc..661fcf4 100644 --- a/tests/hash:ip.t.list3 +++ b/tests/hash:ip.t.list3 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout x -Size in memory: 464 +Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout x bucketsize 12 +Size in memory: 528 References: 0 Number of entries: 3 Members: diff --git a/tests/hash:ip6,mark.t.list0 b/tests/hash:ip6,mark.t.list0 index be7c069..1a64487 100644 --- a/tests/hash:ip6,mark.t.list0 +++ b/tests/hash:ip6,mark.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,mark -Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x -Size in memory: 1088 +Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 736 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip6,mark.t.list1 b/tests/hash:ip6,mark.t.list1 index 5c7b730..7fef4a9 100644 --- a/tests/hash:ip6,mark.t.list1 +++ b/tests/hash:ip6,mark.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,mark -Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4 -Size in memory: 800 +Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 736 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:ip6,port,ip6.t.list0 b/tests/hash:ip6,port,ip6.t.list0 index 6fc6771..1594411 100644 --- a/tests/hash:ip6,port,ip6.t.list0 +++ b/tests/hash:ip6,port,ip6.t.list0 @@ -1,9 +1,8 @@ Name: test Type: hash:ip,port,ip -Header: family inet6 hashsize 1024 maxelem 65536 timeout x -Size in memory: 1608 +Header: family inet6 hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 880 References: 0 -Size in memory: 9104 Number of entries: 4 Members: 2:1::,tcp:128,2:2:2::2 timeout x diff --git a/tests/hash:ip6,port,ip6.t.list1 b/tests/hash:ip6,port,ip6.t.list1 index d3b61b7..afd5f68 100644 --- a/tests/hash:ip6,port,ip6.t.list1 +++ b/tests/hash:ip6,port,ip6.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port,ip -Header: family inet6 hashsize 1024 maxelem 65536 timeout 4 -Size in memory: 1072 +Header: family inet6 hashsize 1024 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 880 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:ip6,port,net6.t.list0 b/tests/hash:ip6,port,net6.t.list0 index ad8ea8f..e18056b 100644 --- a/tests/hash:ip6,port,net6.t.list0 +++ b/tests/hash:ip6,port,net6.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port,net -Header: family inet6 hashsize 1024 maxelem 65536 -Size in memory: 1864 +Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 1808 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip6,port.t.list0 b/tests/hash:ip6,port.t.list0 index 926c4ec..13a94eb 100644 --- a/tests/hash:ip6,port.t.list0 +++ b/tests/hash:ip6,port.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet6 hashsize 1024 maxelem 65536 timeout x -Size in memory: 1088 +Header: family inet6 hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 736 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:ip6,port.t.list1 b/tests/hash:ip6,port.t.list1 index d707af5..f956f3e 100644 --- a/tests/hash:ip6,port.t.list1 +++ b/tests/hash:ip6,port.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet6 hashsize 1024 maxelem 65536 timeout 4 -Size in memory: 800 +Header: family inet6 hashsize 1024 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 736 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:ip6.t.list0 b/tests/hash:ip6.t.list0 index 44b6fb4..8c8958a 100644 --- a/tests/hash:ip6.t.list0 +++ b/tests/hash:ip6.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet6 hashsize 128 maxelem 65536 timeout 4 -Size in memory: 416 +Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 504 References: 0 Number of entries: 1 Members: diff --git a/tests/hash:ip6.t.list1 b/tests/hash:ip6.t.list1 index 838fa77..432f580 100644 --- a/tests/hash:ip6.t.list1 +++ b/tests/hash:ip6.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout 4 -Size in memory: 544 +Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout 4 bucketsize 12 +Size in memory: 584 References: 0 Number of entries: 1 Members: diff --git a/tests/hash:ip6.t.list2 b/tests/hash:ip6.t.list2 index 46a92f7..f163697 100644 --- a/tests/hash:ip6.t.list2 +++ b/tests/hash:ip6.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet6 hashsize 128 maxelem 65536 timeout x -Size in memory: 512 +Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 504 References: 0 Number of entries: 2 Members: diff --git a/tests/hash:ip6.t.list3 b/tests/hash:ip6.t.list3 index c6e2990..574ebc1 100644 --- a/tests/hash:ip6.t.list3 +++ b/tests/hash:ip6.t.list3 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout x -Size in memory: 704 +Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout x bucketsize 12 +Size in memory: 584 References: 0 Number of entries: 3 Members: diff --git a/tests/hash:mac.t.list0 b/tests/hash:mac.t.list0 index 232b932..e444c48 100644 --- a/tests/hash:mac.t.list0 +++ b/tests/hash:mac.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:mac -Header: hashsize 128 maxelem 65536 timeout 4 -Size in memory: 336 +Header: hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 464 References: 0 Number of entries: 1 Members: diff --git a/tests/hash:mac.t.list1 b/tests/hash:mac.t.list1 index 0c971ff..1760e55 100644 --- a/tests/hash:mac.t.list1 +++ b/tests/hash:mac.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:mac -Header: hashsize 1024 maxelem 65536 skbinfo -Size in memory: 1088 +Header: hashsize 1024 maxelem 65536 skbinfo bucketsize 12 +Size in memory: 816 References: 0 Number of entries: 6 Members: diff --git a/tests/hash:mac.t.list2 b/tests/hash:mac.t.list2 index 166f266..4c3707c 100644 --- a/tests/hash:mac.t.list2 +++ b/tests/hash:mac.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:mac -Header: hashsize 128 maxelem 65536 timeout x -Size in memory: 384 +Header: hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 464 References: 0 Number of entries: 2 Members: diff --git a/tests/hash:mac.t.list3 b/tests/hash:mac.t.list3 index 4154342..233a56d 100644 --- a/tests/hash:mac.t.list3 +++ b/tests/hash:mac.t.list3 @@ -1,7 +1,7 @@ Name: test Type: hash:mac -Header: hashsize 1024 maxelem 2 skbinfo -Size in memory: 448 +Header: hashsize 1024 maxelem 2 skbinfo bucketsize 12 +Size in memory: 496 References: 0 Number of entries: 2 Members: diff --git a/tests/hash:net,iface.t.list0 b/tests/hash:net,iface.t.list0 index e29a7d6..fa2e5ef 100644 --- a/tests/hash:net,iface.t.list0 +++ b/tests/hash:net,iface.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,iface -Header: family inet hashsize 128 maxelem 65536 -Size in memory: 928 +Header: family inet hashsize 128 maxelem 65536 bucketsize 12 +Size in memory: 976 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net,iface.t.list1 b/tests/hash:net,iface.t.list1 index 00f7d80..fabc3a7 100644 --- a/tests/hash:net,iface.t.list1 +++ b/tests/hash:net,iface.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net,iface -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 3872 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 3000 References: 0 Number of entries: 27 Members: diff --git a/tests/hash:net,iface.t.list2 b/tests/hash:net,iface.t.list2 index 4f5cc90..6185742 100644 --- a/tests/hash:net,iface.t.list2 +++ b/tests/hash:net,iface.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:net,iface -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 928 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 976 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net,net.t.list0 b/tests/hash:net,net.t.list0 index 4b806ea..c2d00ad 100644 --- a/tests/hash:net,net.t.list0 +++ b/tests/hash:net,net.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,net -Header: family inet hashsize 128 maxelem 65536 timeout x -Size in memory: 1288 +Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 1048 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net,net.t.list1 b/tests/hash:net,net.t.list1 index 99e62c1..8e97486 100644 --- a/tests/hash:net,net.t.list1 +++ b/tests/hash:net,net.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net,net -Header: family inet hashsize 128 maxelem 65536 timeout 4 -Size in memory: 920 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 1048 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:net,net.t.list2 b/tests/hash:net,net.t.list2 index 139b3e2..f47a7f5 100644 --- a/tests/hash:net,net.t.list2 +++ b/tests/hash:net,net.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:net,net -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 2056 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 1752 References: 0 Number of entries: 16 Members: diff --git a/tests/hash:net,port,net.t.list0 b/tests/hash:net,port,net.t.list0 index 9f20e7d..bc3e7fa 100644 --- a/tests/hash:net,port,net.t.list0 +++ b/tests/hash:net,port,net.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,port,net -Header: family inet hashsize 1024 maxelem 65536 timeout x -Size in memory: 1288 +Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12 +Size in memory: 1048 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net,port.t.list0 b/tests/hash:net,port.t.list0 index fbfab7f..727f07f 100644 --- a/tests/hash:net,port.t.list0 +++ b/tests/hash:net,port.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,port -Header: family inet hashsize 128 maxelem 65536 timeout x -Size in memory: 1024 +Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 912 References: 0 Number of entries: 5 Members: diff --git a/tests/hash:net,port.t.list1 b/tests/hash:net,port.t.list1 index 66f0955..4f17cf4 100644 --- a/tests/hash:net,port.t.list1 +++ b/tests/hash:net,port.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net,port -Header: family inet hashsize 128 maxelem 65536 timeout 4 -Size in memory: 880 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 912 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:net.t.list0 b/tests/hash:net.t.list0 index e22f183..60fc10a 100644 --- a/tests/hash:net.t.list0 +++ b/tests/hash:net.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet hashsize 128 maxelem 65536 timeout x -Size in memory: 896 +Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 848 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net.t.list1 b/tests/hash:net.t.list1 index 6e74a1d..6409a7c 100644 --- a/tests/hash:net.t.list1 +++ b/tests/hash:net.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet hashsize 128 maxelem 65536 timeout 4 -Size in memory: 784 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 848 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:net.t.list2 b/tests/hash:net.t.list2 index 893ac9d..1ebef49 100644 --- a/tests/hash:net.t.list2 +++ b/tests/hash:net.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 640 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 784 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net.t.list3 b/tests/hash:net.t.list3 index 265fcbd..8f3e6d8 100644 --- a/tests/hash:net.t.list3 +++ b/tests/hash:net.t.list3 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 504 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 688 References: 0 Number of entries: 2 Members: diff --git a/tests/hash:net6,net6.t.list0 b/tests/hash:net6,net6.t.list0 index 1f021e5..7456b6b 100644 --- a/tests/hash:net6,net6.t.list0 +++ b/tests/hash:net6,net6.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,net -Header: family inet6 hashsize 128 maxelem 65536 timeout x -Size in memory: 3144 +Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 2416 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net6,net6.t.list1 b/tests/hash:net6,net6.t.list1 index 2ccfd51..2fde68c 100644 --- a/tests/hash:net6,net6.t.list1 +++ b/tests/hash:net6,net6.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net,net -Header: family inet6 hashsize 128 maxelem 65536 timeout 4 -Size in memory: 2608 +Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 2416 References: 0 Number of entries: 0 Members: diff --git a/tests/hash:net6,port,net6.t.list0 b/tests/hash:net6,port,net6.t.list0 index 4b9f8f8..f8e091e 100644 --- a/tests/hash:net6,port,net6.t.list0 +++ b/tests/hash:net6,port,net6.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,port,net -Header: family inet6 hashsize 1024 maxelem 65536 -Size in memory: 2440 +Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 2352 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net6,port.t.list0 b/tests/hash:net6,port.t.list0 index 2d3596c..6c80999 100644 --- a/tests/hash:net6,port.t.list0 +++ b/tests/hash:net6,port.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net,port -Header: family inet6 hashsize 128 maxelem 65536 timeout x -Size in memory: 2352 +Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 1856 References: 0 Number of entries: 5 Members: diff --git a/tests/hash:net6,port.t.list1 b/tests/hash:net6,port.t.list1 index 788358b..a2044ce 100644 --- a/tests/hash:net6,port.t.list1 +++ b/tests/hash:net6,port.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net,port -Header: family inet6 hashsize 128 maxelem 65536 timeout 4 -Size in memory: 1984 +Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 1856 References: 0 Number of entries: 1 Members: diff --git a/tests/hash:net6.t.list0 b/tests/hash:net6.t.list0 index ad7133a..06530aa 100644 --- a/tests/hash:net6.t.list0 +++ b/tests/hash:net6.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet6 hashsize 128 maxelem 65536 timeout x -Size in memory: 2112 +Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12 +Size in memory: 1760 References: 0 Number of entries: 4 Members: diff --git a/tests/hash:net6.t.list1 b/tests/hash:net6.t.list1 index bf7dd88..4d248d5 100644 --- a/tests/hash:net6.t.list1 +++ b/tests/hash:net6.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet6 hashsize 128 maxelem 65536 timeout 4 -Size in memory: 1824 +Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12 +Size in memory: 1760 References: 0 Number of entries: 0 Members: diff --git a/tests/iphash.t.large b/tests/iphash.t.large index 24cc125..73c61e4 100644 --- a/tests/iphash.t.large +++ b/tests/iphash.t.large @@ -1,4 +1,4 @@ -create test hash:ip family inet hashsize 1024 maxelem 65536 +create test hash:ip family inet hashsize 1024 maxelem 65536 bucketsize 12 add test 10.10.0.0 add test 10.10.0.1 add test 10.10.0.2 diff --git a/tests/iphash.t.list0 b/tests/iphash.t.list0 index 4d75711..b8e3496 100644 --- a/tests/iphash.t.list0 +++ b/tests/iphash.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 128 maxelem 65536 -Size in memory: 224 +Header: family inet hashsize 128 maxelem 65536 bucketsize 12 +Size in memory: 416 References: 0 Number of entries: 2 Members: diff --git a/tests/iphash.t.list1 b/tests/iphash.t.list1 index 18ec027..4a3c8d1 100644 --- a/tests/iphash.t.list1 +++ b/tests/iphash.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip -Header: family inet hashsize 128 maxelem 65536 netmask 24 -Size in memory: 224 +Header: family inet hashsize 128 maxelem 65536 netmask 24 bucketsize 12 +Size in memory: 416 References: 0 Number of entries: 2 Members: diff --git a/tests/iphash.t.restore.sorted b/tests/iphash.t.restore.sorted index e944061..4b7ff6d 100644 --- a/tests/iphash.t.restore.sorted +++ b/tests/iphash.t.restore.sorted @@ -1,4 +1,4 @@ -create test hash:ip family inet hashsize 128 maxelem 65536 +create test hash:ip family inet hashsize 128 maxelem 65536 bucketsize 12 add test 10.0.0.0 add test 10.0.0.1 add test 10.0.0.2 @@ -128,7 +128,7 @@ add test 10.0.0.125 add test 10.0.0.126 add test 10.0.0.127 add test 10.0.0.128 -create test2 hash:ip family inet hashsize 128 maxelem 65536 +create test2 hash:ip family inet hashsize 128 maxelem 65536 bucketsize 12 add test2 20.0.0.0 add test2 20.0.0.1 add test2 20.0.0.2 diff --git a/tests/ipmarkhash.t.list0 b/tests/ipmarkhash.t.list0 index 9ebf116..a3bffcc 100644 --- a/tests/ipmarkhash.t.list0 +++ b/tests/ipmarkhash.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,mark -Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 -Size in memory: 384 +Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 528 References: 0 Number of entries: 4 Members: diff --git a/tests/ipmarkhash.t.list1 b/tests/ipmarkhash.t.list1 index af39998..34a7207 100644 --- a/tests/ipmarkhash.t.list1 +++ b/tests/ipmarkhash.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,mark -Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 -Size in memory: 384 +Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 528 References: 0 Number of entries: 4 Members: diff --git a/tests/ipporthash.t.list0 b/tests/ipporthash.t.list0 index 902160f..e8a00b3 100644 --- a/tests/ipporthash.t.list0 +++ b/tests/ipporthash.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 384 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 528 References: 0 Number of entries: 4 Members: diff --git a/tests/ipporthash.t.list1 b/tests/ipporthash.t.list1 index d298cc0..7ba2900 100644 --- a/tests/ipporthash.t.list1 +++ b/tests/ipporthash.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 384 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 528 References: 0 Number of entries: 4 Members: diff --git a/tests/ipportiphash.t.list0 b/tests/ipportiphash.t.list0 index bde5356..b34c3a0 100644 --- a/tests/ipportiphash.t.list0 +++ b/tests/ipportiphash.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port,ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 456 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 568 References: 0 Number of entries: 4 Members: diff --git a/tests/ipportiphash.t.list1 b/tests/ipportiphash.t.list1 index d5cc29e..bce5314 100644 --- a/tests/ipportiphash.t.list1 +++ b/tests/ipportiphash.t.list1 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port,ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 296 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 456 References: 0 Number of entries: 2 Members: diff --git a/tests/nethash.t.list0 b/tests/nethash.t.list0 index 0aeb852..e927599 100644 --- a/tests/nethash.t.list0 +++ b/tests/nethash.t.list0 @@ -1,7 +1,7 @@ Name: test Type: hash:net -Header: family inet hashsize 128 maxelem 65536 -Size in memory: 640 +Header: family inet hashsize 128 maxelem 65536 bucketsize 12 +Size in memory: 784 References: 0 Number of entries: 4 Members: diff --git a/tests/restore.t.list0 b/tests/restore.t.list0 index 3c73ab3..1177d6c 100644 --- a/tests/restore.t.list0 +++ b/tests/restore.t.list0 @@ -1,7 +1,7 @@ Name: a Type: hash:ip -Header: family inet6 hashsize 1024 maxelem 65536 -Size in memory: 416 +Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 536 References: 0 Number of entries: 3 Members: diff --git a/tests/restore.t.list1 b/tests/restore.t.list1 index e2c1f8e..f7e06b8 100644 --- a/tests/restore.t.list1 +++ b/tests/restore.t.list1 @@ -1,7 +1,7 @@ Name: b Type: hash:ip -Header: family inet6 hashsize 1024 maxelem 65536 -Size in memory: 416 +Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 536 References: 0 Number of entries: 3 Members: diff --git a/tests/setlist.t.list4 b/tests/setlist.t.list4 index 6b115d9..8767afe 100644 --- a/tests/setlist.t.list4 +++ b/tests/setlist.t.list4 @@ -1,31 +1,31 @@ Name: a Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 1 Number of entries: 0 Members: Name: b Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 0 Number of entries: 0 Members: Name: c Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 0 Number of entries: 0 Members: Name: d Type: hash:ip -Header: family inet hashsize 1024 maxelem 65536 -Size in memory: 152 +Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 +Size in memory: 336 References: 0 Number of entries: 0 Members: @@ -33,7 +33,7 @@ Members: Name: test Type: list:set Header: size 8 -Size in memory: 184 +Size in memory: 168 References: 0 Number of entries: 1 Members: -- cgit v1.2.3