From a96e4fca10506462df4ee4035f0f86f09bd9dc34 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu"
 </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu>
Date: Mon, 20 Oct 2008 10:00:26 +0000
Subject: ipset 2.4 release

userspace changes:
  - Added KBUILD_OUTPUT support (Sven Wegener)
  - Fix memory leak in ipset_iptreemap (Sven Wegener)
  - Fix multiple compiler warnings (Sven Wegener)
  - ipportiphash, ipportnethash and setlist types added
  - binding marked as deprecated functionality
  - element separator token changed to ',' in anticipating
    IPv6 addresses, old separator tokens are still supported
  - unnecessary includes removed
  - ipset does not try to resolve IP addresses when listing
    the content of sets (default changed)
  - manpage updated
  - ChangeLog forked for kernel part

kernel part changes:
  - ipportiphash, ipportnethash and setlist types added
  - set type modules reworked to avoid code duplication
    as much as possible, code unification macros
  - expand_macros Makefile target added to help debugging
    code unification macros
  - ip_set_addip_kernel and ip_set_delip_kernel
    changed from void to int, __ip_set_get_byname and
    __ip_set_put_byid added for the sake of setlist type
  - unnecessary includes removed
  - compatibility fix for kernels >= 2.6.27:
    semaphore.h was moved from asm/ to linux/ (James King)
  - ChangeLog forked for kernel part
---
 kernel/include/linux/netfilter_ipv4/ip_set.h | 86 ++++++++++++++++++++++++++--
 1 file changed, 80 insertions(+), 6 deletions(-)

(limited to 'kernel/include/linux/netfilter_ipv4/ip_set.h')

diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h
index b8c7202..c29a460 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set.h
@@ -87,6 +87,9 @@ typedef uint16_t ip_set_id_t;
 #define IPSET_TYPE_PORT		0x02	/* Port type of set */
 #define IPSET_DATA_SINGLE	0x04	/* Single data storage */
 #define IPSET_DATA_DOUBLE	0x08	/* Double data storage */
+#define IPSET_DATA_TRIPLE	0x10	/* Triple data storage */
+#define IPSET_TYPE_IP1		0x20	/* IP address type of set */
+#define IPSET_TYPE_SETNAME	0x40	/* setname type of set */
 
 /* Reserved keywords */
 #define IPSET_TOKEN_DEFAULT	":default:"
@@ -296,8 +299,12 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b)
 	return 4 * ((((b - a + 8) / 8) + 3) / 4);
 }
 
+/* General limit for the elements in a set */
+#define MAX_RANGE 0x0000FFFF
+
 #ifdef __KERNEL__
 #include <linux/netfilter_ipv4/ip_set_compat.h>
+#include <linux/netfilter_ipv4/ip_set_malloc.h>
 
 #define ip_set_printk(format, args...) 			\
 	do {							\
@@ -482,18 +489,85 @@ struct ip_set_hash {
 extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]);
 extern ip_set_id_t ip_set_get_byindex(ip_set_id_t id);
 extern void ip_set_put(ip_set_id_t id);
+extern ip_set_id_t __ip_set_get_byname(const char name[IP_SET_MAXNAMELEN],
+				       struct ip_set **set);
+extern void __ip_set_put_byid(ip_set_id_t id);
 
 /* API for iptables set match, and SET target */
-extern void ip_set_addip_kernel(ip_set_id_t id,
-				const struct sk_buff *skb,
-				const u_int32_t *flags);
-extern void ip_set_delip_kernel(ip_set_id_t id,
-				const struct sk_buff *skb,
-				const u_int32_t *flags);
+extern int ip_set_addip_kernel(ip_set_id_t id,
+			       const struct sk_buff *skb,
+			       const u_int32_t *flags);
+extern int ip_set_delip_kernel(ip_set_id_t id,
+			       const struct sk_buff *skb,
+			       const u_int32_t *flags);
 extern int ip_set_testip_kernel(ip_set_id_t id,
 				const struct sk_buff *skb,
 				const u_int32_t *flags);
 
+/* Macros to generate functions */
+
+#define STRUCT(pre, type)	CONCAT2(pre, type)
+#define CONCAT2(pre, type)	struct pre##type
+
+#define FNAME(pre, mid, post)	CONCAT3(pre, mid, post)
+#define CONCAT3(pre, mid, post)	pre##mid##post
+
+#define UADT0(type, adt, args...)					\
+static int								\
+FNAME(type,_u,adt)(struct ip_set *set, const void *data, size_t size,	\
+	     ip_set_ip_t *hash_ip)					\
+{									\
+	const STRUCT(ip_set_req_,type) *req = data;			\
+									\
+	return FNAME(type,_,adt)(set, hash_ip , ## args);		\
+}
+
+#define UADT(type, adt, args...)					\
+	UADT0(type, adt, req->ip , ## args)
+
+#define KADT(type, adt, getfn, args...)					\
+static int								\
+FNAME(type,_k,adt)(struct ip_set *set,					\
+	     const struct sk_buff *skb,					\
+	     ip_set_ip_t *hash_ip,					\
+	     const u_int32_t *flags,					\
+	     unsigned char index)					\
+{									\
+	ip_set_ip_t ip = getfn(skb, flags[index]);			\
+									\
+	KADT_CONDITION							\
+	return FNAME(type,_,adt)(set, hash_ip, ip , ##args);		\
+}
+
+#define REGISTER_MODULE(type)						\
+static int __init ip_set_##type##_init(void)				\
+{									\
+	init_max_page_size();						\
+	return ip_set_register_set_type(&ip_set_##type);		\
+}									\
+									\
+static void __exit ip_set_##type##_fini(void)				\
+{									\
+	/* FIXME: possible race with ip_set_create() */			\
+	ip_set_unregister_set_type(&ip_set_##type);			\
+}									\
+									\
+module_init(ip_set_##type##_init);					\
+module_exit(ip_set_##type##_fini);
+
+/* Common functions */
+
+static inline ip_set_ip_t
+ipaddr(const struct sk_buff *skb, u_int32_t flag)
+{
+	return ntohl(flag & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr);
+}
+
+#define jhash_ip(map, i, ip)	jhash_1word(ip, *(map->initval + i))
+
+#define pack_ip_port(map, ip, port) \
+	(port + ((ip - ((map)->first_ip)) << 16))
+
 #endif				/* __KERNEL__ */
 
 #endif /*_IP_SET_H*/
-- 
cgit v1.2.3