From cb76e46e97b0013305a7c96c2230a791675a15cf Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 10 Nov 2009 21:53:19 +0100 Subject: ipset 4.0 released See ChangeLog files --- kernel/include/linux/netfilter_ipv4/ip_set.h | 67 +++++++++------------- .../include/linux/netfilter_ipv4/ip_set_bitmaps.h | 21 ++++--- .../include/linux/netfilter_ipv4/ip_set_compat.h | 23 +++++++- .../include/linux/netfilter_ipv4/ip_set_getport.h | 6 +- .../include/linux/netfilter_ipv4/ip_set_hashes.h | 16 +++--- .../include/linux/netfilter_ipv4/ip_set_iphash.h | 2 +- kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h | 2 +- .../linux/netfilter_ipv4/ip_set_ipporthash.h | 2 +- .../linux/netfilter_ipv4/ip_set_ipportiphash.h | 2 +- .../linux/netfilter_ipv4/ip_set_ipportnethash.h | 2 +- .../include/linux/netfilter_ipv4/ip_set_iptree.h | 2 +- .../linux/netfilter_ipv4/ip_set_iptreemap.h | 2 +- .../include/linux/netfilter_ipv4/ip_set_macipmap.h | 2 +- .../include/linux/netfilter_ipv4/ip_set_nethash.h | 2 +- .../include/linux/netfilter_ipv4/ip_set_portmap.h | 2 +- .../include/linux/netfilter_ipv4/ip_set_setlist.h | 2 +- 16 files changed, 82 insertions(+), 73 deletions(-) (limited to 'kernel/include/linux') diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h index 3667352..da17319 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set.h @@ -40,7 +40,8 @@ /* * Used so that the kernel module and ipset-binary can match their versions */ -#define IP_SET_PROTOCOL_VERSION 3 +#define IP_SET_PROTOCOL_UNALIGNED 3 +#define IP_SET_PROTOCOL_VERSION 4 #define IP_SET_MAXNAMELEN 32 /* set names and set typenames */ @@ -228,7 +229,7 @@ struct ip_set_req_max_sets { struct ip_set_req_setnames { unsigned op; ip_set_id_t index; /* set to list/save */ - u_int32_t size; /* size to get setdata/bindings */ + u_int32_t size; /* size to get setdata */ /* followed by sets number of struct ip_set_name_list */ }; @@ -302,6 +303,11 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) /* General limit for the elements in a set */ #define MAX_RANGE 0x0000FFFF +/* Alignment: 'unsigned long' unsupported */ +#define IPSET_ALIGNTO 4 +#define IPSET_ALIGN(len) (((len) + IPSET_ALIGNTO - 1) & ~(IPSET_ALIGNTO - 1)) +#define IPSET_VALIGN(len, old) ((old) ? (len) : IPSET_ALIGN(len)) + #ifdef __KERNEL__ #include #include @@ -350,16 +356,13 @@ struct ip_set_type { */ int (*testip_kernel) (struct ip_set *set, const struct sk_buff * skb, - ip_set_ip_t *ip, - const u_int32_t *flags, - unsigned char index); + const u_int32_t *flags); /* test for IP in set (userspace: ipset -T set IP) * return 0 if not in set, 1 if in set. */ int (*testip) (struct ip_set *set, - const void *data, u_int32_t size, - ip_set_ip_t *ip); + const void *data, u_int32_t size); /* * Size of the data structure passed by when @@ -373,8 +376,7 @@ struct ip_set_type { * If the address was not already in the set, 0 is returned. */ int (*addip) (struct ip_set *set, - const void *data, u_int32_t size, - ip_set_ip_t *ip); + const void *data, u_int32_t size); /* Add IP into set (kernel: iptables ... -j SET set src|dst) * Return -EEXIST if the address is already in the set, @@ -382,10 +384,8 @@ struct ip_set_type { * If the address was not already in the set, 0 is returned. */ int (*addip_kernel) (struct ip_set *set, - const struct sk_buff * skb, - ip_set_ip_t *ip, - const u_int32_t *flags, - unsigned char index); + const struct sk_buff * skb, + const u_int32_t *flags); /* remove IP from set (userspace: ipset -D set --entry x) * Return -EEXIST if the address is NOT in the set, @@ -393,8 +393,7 @@ struct ip_set_type { * If the address really was in the set, 0 is returned. */ int (*delip) (struct ip_set *set, - const void *data, u_int32_t size, - ip_set_ip_t *ip); + const void *data, u_int32_t size); /* remove IP from set (kernel: iptables ... -j SET --entry x) * Return -EEXIST if the address is NOT in the set, @@ -402,10 +401,8 @@ struct ip_set_type { * If the address really was in the set, 0 is returned. */ int (*delip_kernel) (struct ip_set *set, - const struct sk_buff * skb, - ip_set_ip_t *ip, - const u_int32_t *flags, - unsigned char index); + const struct sk_buff * skb, + const u_int32_t *flags); /* new set creation - allocated type specific items */ @@ -443,7 +440,7 @@ struct ip_set_type { /* Listing: Get the size for the set members */ - int (*list_members_size) (const struct ip_set *set); + int (*list_members_size) (const struct ip_set *set, char dont_align); /* Listing: Get the set members * @@ -453,7 +450,7 @@ struct ip_set_type { * correct. */ void (*list_members) (const struct ip_set *set, - void *data); + void *data, char dont_align); char typename[IP_SET_MAXNAMELEN]; unsigned char features; @@ -471,20 +468,11 @@ struct ip_set { char name[IP_SET_MAXNAMELEN]; /* the name of the set */ rwlock_t lock; /* lock for concurrency control */ ip_set_id_t id; /* set id for swapping */ - ip_set_id_t binding; /* default binding for the set */ atomic_t ref; /* in kernel and in hash references */ struct ip_set_type *type; /* the set types */ void *data; /* pooltype specific data */ }; -/* Structure to bind set elements to sets */ -struct ip_set_hash { - struct list_head list; /* list of clashing entries in hash */ - ip_set_ip_t ip; /* ip from set */ - ip_set_id_t id; /* set id */ - ip_set_id_t binding; /* set we bind the element to */ -}; - /* register and unregister set references */ extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]); extern ip_set_id_t ip_set_get_byindex(ip_set_id_t index); @@ -515,12 +503,11 @@ extern int ip_set_testip_kernel(ip_set_id_t id, #define UADT0(type, adt, args...) \ static int \ -FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size,\ - ip_set_ip_t *hash_ip) \ +FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size)\ { \ const STRUCT(ip_set_req_,type) *req = data; \ \ - return FNAME(type,_,adt)(set, hash_ip , ## args); \ + return FNAME(type,_,adt)(set , ## args); \ } #define UADT(type, adt, args...) \ @@ -530,14 +517,12 @@ FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size,\ static int \ FNAME(type,_k,adt)(struct ip_set *set, \ const struct sk_buff *skb, \ - ip_set_ip_t *hash_ip, \ - const u_int32_t *flags, \ - unsigned char index) \ + const u_int32_t *flags) \ { \ - ip_set_ip_t ip = getfn(skb, flags[index]); \ + ip_set_ip_t ip = getfn(skb, flags); \ \ KADT_CONDITION \ - return FNAME(type,_,adt)(set, hash_ip, ip , ##args); \ + return FNAME(type,_,adt)(set, ip , ##args); \ } #define REGISTER_MODULE(type) \ @@ -559,9 +544,9 @@ module_exit(ip_set_##type##_fini); /* Common functions */ static inline ip_set_ip_t -ipaddr(const struct sk_buff *skb, u_int32_t flag) +ipaddr(const struct sk_buff *skb, const u_int32_t *flags) { - return ntohl(flag & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); + return ntohl(flags[0] & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); } #define jhash_ip(map, i, ip) jhash_1word(ip, *(map->initval + i)) @@ -571,4 +556,6 @@ ipaddr(const struct sk_buff *skb, u_int32_t flag) #endif /* __KERNEL__ */ +#define UNUSED __attribute__ ((unused)) + #endif /*_IP_SET_H*/ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h index 90e87e3..da3493f 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h @@ -77,22 +77,21 @@ type##_list_header(const struct ip_set *set, void *data) \ __##type##_list_header(map, header); \ } -#define BITMAP_LIST_MEMBERS_SIZE(type) \ +#define BITMAP_LIST_MEMBERS_SIZE(type, dtype, sizeid, testfn) \ static int \ -type##_list_members_size(const struct ip_set *set) \ +type##_list_members_size(const struct ip_set *set, char dont_align) \ { \ const struct ip_set_##type *map = set->data; \ + ip_set_ip_t i, elements = 0; \ \ - return map->size; \ -} - -#define BITMAP_LIST_MEMBERS(type) \ -static void \ -type##_list_members(const struct ip_set *set, void *data) \ -{ \ - const struct ip_set_##type *map = set->data; \ + if (dont_align) \ + return map->size; \ + \ + for (i = 0; i < sizeid; i++) \ + if (testfn) \ + elements++; \ \ - memcpy(data, map->members, map->size); \ + return elements * IPSET_ALIGN(sizeof(dtype)); \ } #define IP_SET_TYPE(type, __features) \ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h index 96c2024..9f17397 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h @@ -65,7 +65,28 @@ static inline void *kzalloc(size_t size, gfp_t flags) #define KMEM_CACHE_CREATE(name, size) \ kmem_cache_create(name, size, 0, 0, NULL) #endif - + +#ifndef NIPQUAD +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] +#endif + +#ifndef HIPQUAD +#if defined(__LITTLE_ENDIAN) +#define HIPQUAD(addr) \ + ((unsigned char *)&addr)[3], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[0] +#elif defined(__BIG_ENDIAN) +#define HIPQUAD NIPQUAD +#else +#error "Please fix asm/byteorder.h" +#endif /* __LITTLE_ENDIAN */ +#endif #endif /* __KERNEL__ */ #endif /* _IP_SET_COMPAT_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_getport.h b/kernel/include/linux/netfilter_ipv4/ip_set_getport.h index 9e322bf..18ed729 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_getport.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_getport.h @@ -7,7 +7,7 @@ /* We must handle non-linear skbs */ static inline ip_set_ip_t -get_port(const struct sk_buff *skb, u_int32_t flags) +get_port(const struct sk_buff *skb, const u_int32_t *flags) { struct iphdr *iph = ip_hdr(skb); u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; @@ -23,7 +23,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) /* No choice either */ return INVALID_PORT; - return ntohs(flags & IPSET_SRC ? + return ntohs(flags[0] & IPSET_SRC ? tcph.source : tcph.dest); } case IPPROTO_UDP: { @@ -36,7 +36,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) /* No choice either */ return INVALID_PORT; - return ntohs(flags & IPSET_SRC ? + return ntohs(flags[0] & IPSET_SRC ? udph.source : udph.dest); } default: diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h index f7d6a69..f62ae37 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h @@ -182,30 +182,31 @@ type##_list_header(const struct ip_set *set, void *data) \ #define HASH_LIST_MEMBERS_SIZE(type, dtype) \ static int \ -type##_list_members_size(const struct ip_set *set) \ +type##_list_members_size(const struct ip_set *set, char dont_align) \ { \ const struct ip_set_##type *map = set->data; \ \ - return (map->hashsize * sizeof(dtype)); \ + return (map->hashsize * IPSET_VALIGN(sizeof(dtype), dont_align));\ } #define HASH_LIST_MEMBERS(type, dtype) \ static void \ -type##_list_members(const struct ip_set *set, void *data) \ +type##_list_members(const struct ip_set *set, void *data, char dont_align)\ { \ const struct ip_set_##type *map = set->data; \ - dtype *elem; \ + dtype *elem, *d; \ uint32_t i; \ \ for (i = 0; i < map->hashsize; i++) { \ elem = HARRAY_ELEM(map->members, dtype *, i); \ - ((dtype *)data)[i] = *elem; \ + d = data + i * IPSET_VALIGN(sizeof(dtype), dont_align); \ + *d = *elem; \ } \ } #define HASH_LIST_MEMBERS_MEMCPY(type, dtype) \ static void \ -type##_list_members(const struct ip_set *set, void *data) \ +type##_list_members(const struct ip_set *set, void *data, char dont_align)\ { \ const struct ip_set_##type *map = set->data; \ dtype *elem; \ @@ -213,7 +214,8 @@ type##_list_members(const struct ip_set *set, void *data) \ \ for (i = 0; i < map->hashsize; i++) { \ elem = HARRAY_ELEM(map->members, dtype *, i); \ - memcpy((((dtype *)data)+i), elem, sizeof(dtype)); \ + memcpy(data + i * IPSET_VALIGN(sizeof(dtype), dont_align),\ + elem, sizeof(dtype)); \ } \ } diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h index 277bc8c..0a0c7e8 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "iphash" +#define SETTYPE_NAME "iphash" struct ip_set_iphash { ip_set_ip_t *members; /* the iphash proper */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h index ce4b29b..d16c0ae 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "ipmap" +#define SETTYPE_NAME "ipmap" struct ip_set_ipmap { void *members; /* the ipmap proper */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h index b5db5f5..a3b781a 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "ipporthash" +#define SETTYPE_NAME "ipporthash" struct ip_set_ipporthash { ip_set_ip_t *members; /* the ipporthash proper */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h index eb6cf55..2202c51 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "ipportiphash" +#define SETTYPE_NAME "ipportiphash" struct ipportip { ip_set_ip_t ip; diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h index 951da92..73b2430 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "ipportnethash" +#define SETTYPE_NAME "ipportnethash" struct ipportip { ip_set_ip_t ip; diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h b/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h index de5cf47..36bf5ac 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_iptree.h @@ -3,7 +3,7 @@ #include -#define SETTYPE_NAME "iptree" +#define SETTYPE_NAME "iptree" struct ip_set_iptreed { unsigned long expires[256]; /* x.x.x.ADDR */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h b/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h index a58bc4e..6ea771a 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_iptreemap.h @@ -3,7 +3,7 @@ #include -#define SETTYPE_NAME "iptreemap" +#define SETTYPE_NAME "iptreemap" #ifdef __KERNEL__ struct ip_set_iptreemap_d { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h index 19418f3..0615e9f 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "macipmap" +#define SETTYPE_NAME "macipmap" /* general flags */ #define IPSET_MACIP_MATCHUNSET 1 diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h index b2d006f..cf0b794 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "nethash" +#define SETTYPE_NAME "nethash" struct ip_set_nethash { ip_set_ip_t *members; /* the nethash proper */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h index 8ea6ba2..37f411e 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h @@ -4,7 +4,7 @@ #include #include -#define SETTYPE_NAME "portmap" +#define SETTYPE_NAME "portmap" struct ip_set_portmap { void *members; /* the portmap proper */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h b/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h index ca044d8..7cc6ed0 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_setlist.h @@ -3,7 +3,7 @@ #include -#define SETTYPE_NAME "setlist" +#define SETTYPE_NAME "setlist" #define IP_SET_SETLIST_ADD_AFTER 0 #define IP_SET_SETLIST_ADD_BEFORE 1 -- cgit v1.2.3