summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@netfilter.org>2020-09-21 20:13:07 +0200
committerJozsef Kadlecsik <kadlec@netfilter.org>2020-09-21 20:13:07 +0200
commit280fe2d4eecb2a546087fbf28bb45168f96d8d52 (patch)
treecd2a8bb36656b4011718c8dd69e5b75e1967bf65
parent00e8bd9bb72eb1357aab486e314b83f93dad0d2c (diff)
Expose the initval hash parameter to userspace
It makes possible to reproduce exactly the same set after a save/restore. Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
-rw-r--r--Make_global.am2
-rw-r--r--include/libipset/args.h1
-rw-r--r--include/libipset/data.h1
-rw-r--r--include/libipset/linux_ip_set.h2
-rw-r--r--include/libipset/print.h3
-rw-r--r--kernel/include/uapi/linux/netfilter/ipset/ip_set.h2
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_gen.h13
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_ip.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_ipmac.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_ipmark.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_ipport.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_ipportip.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_mac.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_net.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_netiface.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_netnet.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_netport.c3
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_netportnet.c3
-rw-r--r--lib/args.c8
-rw-r--r--lib/data.c12
-rw-r--r--lib/debug.c2
-rw-r--r--lib/ipset_hash_ip.c3
-rw-r--r--lib/ipset_hash_ipmac.c3
-rw-r--r--lib/ipset_hash_ipmark.c3
-rw-r--r--lib/ipset_hash_ipport.c3
-rw-r--r--lib/ipset_hash_ipportip.c3
-rw-r--r--lib/ipset_hash_ipportnet.c3
-rw-r--r--lib/ipset_hash_mac.c3
-rw-r--r--lib/ipset_hash_net.c3
-rw-r--r--lib/ipset_hash_netiface.c3
-rw-r--r--lib/ipset_hash_netnet.c3
-rw-r--r--lib/ipset_hash_netport.c3
-rw-r--r--lib/ipset_hash_netportnet.c3
-rw-r--r--lib/libipset.map6
-rw-r--r--lib/print.c46
-rw-r--r--lib/session.c4
37 files changed, 133 insertions, 41 deletions
diff --git a/Make_global.am b/Make_global.am
index 673aa41..cbc3537 100644
--- a/Make_global.am
+++ b/Make_global.am
@@ -69,7 +69,7 @@
# interface.
# curr:rev:age
-LIBVERSION = 14:0:1
+LIBVERSION = 14:1:2
AM_CPPFLAGS = $(kinclude_CFLAGS) $(all_includes) -I$(top_srcdir)/include
diff --git a/include/libipset/args.h b/include/libipset/args.h
index 93b4456..ef861c1 100644
--- a/include/libipset/args.h
+++ b/include/libipset/args.h
@@ -57,6 +57,7 @@ enum ipset_keywords {
IPSET_ARG_SKBPRIO, /* skbprio */
IPSET_ARG_SKBQUEUE, /* skbqueue */
IPSET_ARG_BUCKETSIZE, /* bucketsize */
+ IPSET_ARG_INITVAL, /* initval */
IPSET_ARG_MAX,
};
diff --git a/include/libipset/data.h b/include/libipset/data.h
index cce6407..0e33c67 100644
--- a/include/libipset/data.h
+++ b/include/libipset/data.h
@@ -68,6 +68,7 @@ enum ipset_opt {
IPSET_OPT_SKBQUEUE,
IPSET_OPT_IFACE_WILDCARD,
IPSET_OPT_BUCKETSIZE,
+ IPSET_OPT_INITVAL,
/* Internal options */
IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */
IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index e67116f..1852636 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -92,7 +92,7 @@ enum {
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16,
/* Create-only specific attributes */
- IPSET_ATTR_GC,
+ IPSET_ATTR_INITVAL, /* was unused IPSET_ATTR_GC */
IPSET_ATTR_HASHSIZE,
IPSET_ATTR_MAXELEM,
IPSET_ATTR_NETMASK,
diff --git a/include/libipset/print.h b/include/libipset/print.h
index f455259..9443ee1 100644
--- a/include/libipset/print.h
+++ b/include/libipset/print.h
@@ -35,6 +35,9 @@ extern int ipset_print_ipaddr(char *buf, unsigned int len,
extern int ipset_print_number(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);
+extern int ipset_print_hexnumber(char *buf, unsigned int len,
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_name(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);
diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
index 60c411c..8a495aa 100644
--- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -92,7 +92,7 @@ enum {
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16,
/* Create-only specific attributes */
- IPSET_ATTR_GC,
+ IPSET_ATTR_INITVAL, /* was unused IPSET_ATTR_GC */
IPSET_ATTR_HASHSIZE,
IPSET_ATTR_MAXELEM,
IPSET_ATTR_NETMASK,
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
index e84728e..acfe0c8 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
@@ -1302,9 +1302,11 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
goto nla_put_failure;
#endif
- if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE &&
- nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize))
- goto nla_put_failure;
+ if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE) {
+ if (nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize) ||
+ nla_put_net32(skb, IPSET_ATTR_INITVAL, htonl(h->initval)))
+ goto nla_put_failure;
+ }
if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements)))
@@ -1547,7 +1549,10 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
#ifdef IP_SET_HASH_WITH_MARKMASK
h->markmask = markmask;
#endif
- get_random_bytes(&h->initval, sizeof(h->initval));
+ if (tb[IPSET_ATTR_INITVAL])
+ h->initval = ntohl(nla_get_be32(tb[IPSET_ATTR_INITVAL]));
+ else
+ get_random_bytes(&h->initval, sizeof(h->initval));
h->bucketsize = AHASH_MAX_SIZE;
if (tb[IPSET_ATTR_BUCKETSIZE]) {
h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]);
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
index bb0cfd4..94e17a5 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
@@ -25,7 +25,7 @@
/* 2 Comments support */
/* 3 Forceadd support */
/* 4 skbinfo support */
-#define IPSET_TYPE_REV_MAX 5 /* bucketsize support */
+#define IPSET_TYPE_REV_MAX 5 /* bucketsize, initval support */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -284,6 +284,7 @@ static struct ip_set_type hash_ip_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
index 2655501..467c59a 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -23,7 +23,7 @@
#include <linux/netfilter/ipset/ip_set_hash.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */
+#define IPSET_TYPE_REV_MAX 1 /* bucketsize, initval support */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Tomasz Chilinski <tomasz.chilinski@chilan.com>");
@@ -273,6 +273,7 @@ static struct ip_set_type hash_ipmac_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
index c379a17..1757bf8 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
@@ -24,7 +24,7 @@
#define IPSET_TYPE_REV_MIN 0
/* 1 Forceadd support */
/* 2 skbinfo support */
-#define IPSET_TYPE_REV_MAX 3 /* bucketsize support */
+#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Vytas Dauksa <vytas.dauksa@smoothwall.net>");
@@ -283,6 +283,7 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
[IPSET_ATTR_MARKMASK] = { .type = NLA_U32 },
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
index 237804f..b22f280 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -27,7 +27,7 @@
/* 3 Comments support added */
/* 4 Forceadd support added */
/* 5 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 6 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -348,6 +348,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
index 1caf698..d370151 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -27,7 +27,7 @@
/* 3 Comments support added */
/* 4 Forceadd support added */
/* 5 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 6 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -363,6 +363,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 03facf0..64f82f2 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -29,7 +29,7 @@
/* 5 Comments support added */
/* 6 Forceadd support added */
/* 7 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -520,6 +520,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_mac.c b/kernel/net/netfilter/ipset/ip_set_hash_mac.c
index 153ea36..014bb71 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_mac.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_mac.c
@@ -17,7 +17,7 @@
#include <linux/netfilter/ipset/ip_set_hash.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */
+#define IPSET_TYPE_REV_MAX 1 /* bucketsize, initval support */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -131,6 +131,7 @@ static struct ip_set_type hash_mac_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c
index cc00345..54318dd 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c
@@ -26,7 +26,7 @@
/* 4 Comments support added */
/* 5 Forceadd support added */
/* 6 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 7 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 7 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -361,6 +361,7 @@ static struct ip_set_type hash_net_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
index 682e99f..d17e614 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -28,7 +28,7 @@
/* 5 Forceadd support added */
/* 6 skbinfo support added */
/* 7 interface wildcard support added */
-#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -477,6 +477,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
index 0cc7970..6532f05 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
@@ -23,7 +23,7 @@
#define IPSET_TYPE_REV_MIN 0
/* 1 Forceadd support added */
/* 2 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
@@ -465,6 +465,7 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
index 21b9d73..2b0a1eb 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
@@ -28,7 +28,7 @@
/* 5 Comments support added */
/* 6 Forceadd support added */
/* 7 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -467,6 +467,7 @@ static struct ip_set_type hash_netport_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
index fef77bb..070736d 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -25,7 +25,7 @@
/* 0 Comments support added */
/* 1 Forceadd support added */
/* 2 skbinfo support added */
-#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
@@ -565,6 +565,7 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
.create_policy = {
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
+ [IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
diff --git a/lib/args.c b/lib/args.c
index ab1022e..bab3b13 100644
--- a/lib/args.c
+++ b/lib/args.c
@@ -292,6 +292,14 @@ static const struct ipset_arg ipset_args[] = {
.print = ipset_print_number,
.help = "[bucketsize VALUE]",
},
+ [IPSET_ARG_INITVAL] = {
+ .name = { "initval", NULL },
+ .has_arg = IPSET_MANDATORY_ARG,
+ .opt = IPSET_OPT_INITVAL,
+ .parse = ipset_parse_uint32,
+ .print = ipset_print_hexnumber,
+ .help = "[initval VALUE]",
+ },
};
const struct ipset_arg *
diff --git a/lib/data.c b/lib/data.c
index 43b6f71..7720178 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -56,7 +56,7 @@ struct ipset_data {
uint32_t hashsize;
uint32_t maxelem;
uint32_t markmask;
- uint32_t gc;
+ uint32_t initval;
uint32_t size;
/* Filled out by kernel */
uint32_t references;
@@ -286,8 +286,8 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
data->index = *(const uint16_t *) value;
break;
/* Create-specific options */
- case IPSET_OPT_GC:
- data->create.gc = *(const uint32_t *) value;
+ case IPSET_OPT_INITVAL:
+ data->create.initval = *(const uint32_t *) value;
break;
case IPSET_OPT_HASHSIZE:
data->create.hashsize = *(const uint32_t *) value;
@@ -498,8 +498,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt)
case IPSET_OPT_INDEX:
return &data->index;
/* Create-specific options */
- case IPSET_OPT_GC:
- return &data->create.gc;
+ case IPSET_OPT_INITVAL:
+ return &data->create.initval;
case IPSET_OPT_HASHSIZE:
return &data->create.hashsize;
case IPSET_OPT_MAXELEM:
@@ -608,7 +608,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family)
case IPSET_OPT_NAMEREF:
return IPSET_MAXNAMELEN;
case IPSET_OPT_TIMEOUT:
- case IPSET_OPT_GC:
+ case IPSET_OPT_INITVAL:
case IPSET_OPT_HASHSIZE:
case IPSET_OPT_MAXELEM:
case IPSET_OPT_MARKMASK:
diff --git a/lib/debug.c b/lib/debug.c
index 89073b8..bf57a41 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -35,7 +35,7 @@ static const struct ipset_attrname createattr2name[] = {
[IPSET_ATTR_PROTO] = { .name = "PROTO" },
[IPSET_ATTR_CADT_FLAGS] = { .name = "CADT_FLAGS" },
[IPSET_ATTR_CADT_LINENO] = { .name = "CADT_LINENO" },
- [IPSET_ATTR_GC] = { .name = "GC" },
+ [IPSET_ATTR_INITVAL] = { .name = "INITVAL" },
[IPSET_ATTR_HASHSIZE] = { .name = "HASHSIZE" },
[IPSET_ATTR_MAXELEM] = { .name = "MAXELEM" },
[IPSET_ATTR_MARKMASK] = { .name = "MARKMASK" },
diff --git a/lib/ipset_hash_ip.c b/lib/ipset_hash_ip.c
index 470a807..ea85700 100644
--- a/lib/ipset_hash_ip.c
+++ b/lib/ipset_hash_ip.c
@@ -423,6 +423,7 @@ static struct ipset_type ipset_hash_ip5 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
/* Ignored options: backward compatibilty */
IPSET_ARG_PROBES,
IPSET_ARG_RESIZE,
@@ -473,7 +474,7 @@ static struct ipset_type ipset_hash_ip5 = {
" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
" is supported for IPv4.",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_ipmac.c b/lib/ipset_hash_ipmac.c
index e491e64..c15897b 100644
--- a/lib/ipset_hash_ipmac.c
+++ b/lib/ipset_hash_ipmac.c
@@ -125,6 +125,7 @@ static struct ipset_type ipset_hash_ipmac1 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
},
.need = 0,
.full = 0,
@@ -171,7 +172,7 @@ static struct ipset_type ipset_hash_ipmac1 = {
.usage = "where depending on the INET family\n"
" IP is a valid IPv4 or IPv6 address (or hostname),\n"
" MAC is a MAC address.",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_ipmark.c b/lib/ipset_hash_ipmark.c
index 941ce5d..7d6d977 100644
--- a/lib/ipset_hash_ipmark.c
+++ b/lib/ipset_hash_ipmark.c
@@ -324,6 +324,7 @@ static struct ipset_type ipset_hash_ipmark3 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
/* Ignored options: backward compatibilty */
IPSET_ARG_PROBES,
IPSET_ARG_RESIZE,
@@ -383,7 +384,7 @@ static struct ipset_type ipset_hash_ipmark3 = {
" is supported for IPv4.\n"
" Adding/deleting single mark element\n"
" is supported both for IPv4 and IPv6.",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_ipport.c b/lib/ipset_hash_ipport.c
index cb8832e..288be10 100644
--- a/lib/ipset_hash_ipport.c
+++ b/lib/ipset_hash_ipport.c
@@ -533,6 +533,7 @@ static struct ipset_type ipset_hash_ipport6 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
/* Ignored options: backward compatibilty */
IPSET_ARG_PROBES,
IPSET_ARG_RESIZE,
@@ -600,7 +601,7 @@ static struct ipset_type ipset_hash_ipport6 = {
" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
" port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_ipportip.c b/lib/ipset_hash_ipportip.c
index bc23c21..6b2e92e 100644
--- a/lib/ipset_hash_ipportip.c
+++ b/lib/ipset_hash_ipportip.c
@@ -593,6 +593,7 @@ static struct ipset_type ipset_hash_ipportip6 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
/* Ignored options: backward compatibilty */
IPSET_ARG_PROBES,
IPSET_ARG_RESIZE,
@@ -666,7 +667,7 @@ static struct ipset_type ipset_hash_ipportip6 = {
" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
" port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c
index b2b4651..2552cdb 100644
--- a/lib/ipset_hash_ipportnet.c
+++ b/lib/ipset_hash_ipportnet.c
@@ -851,6 +851,7 @@ static struct ipset_type ipset_hash_ipportnet8 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
/* Ignored options: backward compatibilty */
IPSET_ARG_PROBES,
IPSET_ARG_RESIZE,
@@ -932,7 +933,7 @@ static struct ipset_type ipset_hash_ipportnet8 = {
" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
" port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_mac.c b/lib/ipset_hash_mac.c
index b1e7991..4b20247 100644
--- a/lib/ipset_hash_mac.c
+++ b/lib/ipset_hash_mac.c
@@ -100,6 +100,7 @@ static struct ipset_type ipset_hash_mac1 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
IPSET_ARG_NONE,
},
.need = 0,
@@ -139,7 +140,7 @@ static struct ipset_type ipset_hash_mac1 = {
},
},
.usage = "",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c
index a943ea6..1da95bf 100644
--- a/lib/ipset_hash_net.c
+++ b/lib/ipset_hash_net.c
@@ -560,6 +560,7 @@ static struct ipset_type ipset_hash_net7 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
/* Ignored options: backward compatibilty */
IPSET_ARG_PROBES,
IPSET_ARG_RESIZE,
@@ -611,7 +612,7 @@ static struct ipset_type ipset_hash_net7 = {
.usage = "where depending on the INET family\n"
" IP is an IPv4 or IPv6 address (or hostname),\n"
" CIDR is a valid IPv4 or IPv6 CIDR prefix.",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c
index 7a720c6..172c2a9 100644
--- a/lib/ipset_hash_netiface.c
+++ b/lib/ipset_hash_netiface.c
@@ -749,6 +749,7 @@ static struct ipset_type ipset_hash_netiface8 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
IPSET_ARG_NONE,
},
.need = 0,
@@ -808,7 +809,7 @@ static struct ipset_type ipset_hash_netiface8 = {
" IP is a valid IPv4 or IPv6 address (or hostname),\n"
" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
" Adding/deleting multiple elements with IPv4 is supported.",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_netnet.c b/lib/ipset_hash_netnet.c
index e1da9ec..df993b8 100644
--- a/lib/ipset_hash_netnet.c
+++ b/lib/ipset_hash_netnet.c
@@ -323,6 +323,7 @@ static struct ipset_type ipset_hash_netnet3 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
IPSET_ARG_NONE,
},
.need = 0,
@@ -383,7 +384,7 @@ static struct ipset_type ipset_hash_netnet3 = {
" IP is an IPv4 or IPv6 address (or hostname),\n"
" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
" IP range is not supported with IPv6.",
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_netport.c b/lib/ipset_hash_netport.c
index 2d08085..f09de83 100644
--- a/lib/ipset_hash_netport.c
+++ b/lib/ipset_hash_netport.c
@@ -699,6 +699,7 @@ static struct ipset_type ipset_hash_netport8 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
IPSET_ARG_NONE,
},
.need = 0,
@@ -764,7 +765,7 @@ static struct ipset_type ipset_hash_netport8 = {
" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
" port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/ipset_hash_netportnet.c b/lib/ipset_hash_netportnet.c
index e456fb1..a4a7240 100644
--- a/lib/ipset_hash_netportnet.c
+++ b/lib/ipset_hash_netportnet.c
@@ -397,6 +397,7 @@ static struct ipset_type ipset_hash_netportnet3 = {
IPSET_ARG_FORCEADD,
IPSET_ARG_SKBINFO,
IPSET_ARG_BUCKETSIZE,
+ IPSET_ARG_INITVAL,
IPSET_ARG_NONE,
},
.need = 0,
@@ -475,7 +476,7 @@ static struct ipset_type ipset_hash_netportnet3 = {
" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
" port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
- .description = "bucketsize support",
+ .description = "bucketsize, initval support",
};
void _init(void);
diff --git a/lib/libipset.map b/lib/libipset.map
index 7a4a33c..12d16a4 100644
--- a/lib/libipset.map
+++ b/lib/libipset.map
@@ -202,3 +202,9 @@ global:
ipset_session_report_msg;
ipset_session_report_type;
} LIBIPSET_4.8;
+
+LIBIPSET_4.10 {
+global:
+ ipset_print_hexnumber;
+} LIBIPSET_4.9;
+
diff --git a/lib/print.c b/lib/print.c
index d1d5a20..0d86a98 100644
--- a/lib/print.c
+++ b/lib/print.c
@@ -397,6 +397,50 @@ ipset_print_number(char *buf, unsigned int len,
}
/**
+ * ipset_print_hexnumber - print number in hex to string
+ * @buf: printing buffer
+ * @len: length of available buffer space
+ * @data: data blob
+ * @opt: the option kind
+ * @env: environment flags
+ *
+ * Print number in hex to output buffer.
+ *
+ * Return lenght of printed string or error size.
+ */
+int
+ipset_print_hexnumber(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env UNUSED)
+{
+ size_t maxsize;
+ const void *number;
+
+ assert(buf);
+ assert(len > 0);
+ assert(data);
+
+ number = ipset_data_get(data, opt);
+ maxsize = ipset_data_sizeof(opt, AF_INET);
+ D("opt: %u, maxsize %zu", opt, maxsize);
+ if (maxsize == sizeof(uint8_t))
+ return snprintf(buf, len, "0x%02"PRIx8,
+ *(const uint8_t *) number);
+ else if (maxsize == sizeof(uint16_t))
+ return snprintf(buf, len, "0x%04"PRIx16,
+ *(const uint16_t *) number);
+ else if (maxsize == sizeof(uint32_t))
+ return snprintf(buf, len, "0x%08"PRIx32,
+ (long unsigned) *(const uint32_t *) number);
+ else if (maxsize == sizeof(uint64_t))
+ return snprintf(buf, len, "0x016lx",
+ (long long unsigned) *(const uint64_t *) number);
+ else
+ assert(0);
+ return 0;
+}
+
+/**
* ipset_print_name - print setname element string
* @buf: printing buffer
* @len: length of available buffer space
@@ -940,7 +984,7 @@ ipset_print_data(char *buf, unsigned int len,
case IPSET_OPT_IFACE:
size = ipset_print_iface(buf, len, data, opt, env);
break;
- case IPSET_OPT_GC:
+ case IPSET_OPT_INITVAL:
case IPSET_OPT_HASHSIZE:
case IPSET_OPT_MAXELEM:
case IPSET_OPT_MARKMASK:
diff --git a/lib/session.c b/lib/session.c
index 8416308..b088bc8 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -418,9 +418,9 @@ static const struct ipset_attr_policy create_attrs[] = {
.type = MNL_TYPE_U32,
.opt = IPSET_OPT_CADT_FLAGS,
},
- [IPSET_ATTR_GC] = {
+ [IPSET_ATTR_INITVAL] = {
.type = MNL_TYPE_U32,
- .opt = IPSET_OPT_GC,
+ .opt = IPSET_OPT_INITVAL,
},
[IPSET_ATTR_HASHSIZE] = {
.type = MNL_TYPE_U32,