1 /* Copyright (C) 2008-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
8 /* Kernel module implementing an IP set type: the list:set type */
10 #include <linux/module.h>
12 #include <linux/skbuff.h>
13 #include <linux/errno.h>
15 #include <linux/netfilter/ipset/ip_set.h>
16 #include <linux/netfilter/ipset/ip_set_timeout.h>
17 #include <linux/netfilter/ipset/ip_set_list.h>
19 MODULE_LICENSE("GPL");
20 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
21 MODULE_DESCRIPTION("list:set type of IP sets");
22 MODULE_ALIAS("ip_set_list:set");
24 /* Member elements without and with timeout */
31 unsigned long timeout;
36 size_t dsize; /* element size */
37 u32 size; /* size of set list array */
38 u32 timeout; /* timeout value */
39 struct timer_list gc; /* garbage collection */
40 struct set_elem members[0]; /* the set members */
43 static inline struct set_elem *
44 list_set_elem(const struct list_set *map, u32 id)
46 return (struct set_elem *)((void *)map->members + id * map->dsize);
49 static inline struct set_telem *
50 list_set_telem(const struct list_set *map, u32 id)
52 return (struct set_telem *)((void *)map->members + id * map->dsize);
56 list_set_timeout(const struct list_set *map, u32 id)
58 const struct set_telem *elem = list_set_telem(map, id);
60 return ip_set_timeout_test(elem->timeout);
64 list_set_expired(const struct list_set *map, u32 id)
66 const struct set_telem *elem = list_set_telem(map, id);
68 return ip_set_timeout_expired(elem->timeout);
71 /* Set list without and with timeout */
74 list_set_kadt(struct ip_set *set, const struct sk_buff *skb,
75 enum ipset_adt adt, const struct ip_set_adt_opt *opt)
77 struct list_set *map = set->data;
78 struct set_elem *elem;
82 for (i = 0; i < map->size; i++) {
83 elem = list_set_elem(map, i);
84 if (elem->id == IPSET_INVALID_ID)
86 if (with_timeout(map->timeout) && list_set_expired(map, i))
90 ret = ip_set_test(elem->id, skb, opt);
95 ret = ip_set_add(elem->id, skb, opt);
100 ret = ip_set_del(elem->id, skb, opt);
112 id_eq(const struct list_set *map, u32 i, ip_set_id_t id)
114 const struct set_elem *elem;
117 elem = list_set_elem(map, i);
118 return elem->id == id;
125 id_eq_timeout(const struct list_set *map, u32 i, ip_set_id_t id)
127 const struct set_elem *elem;
130 elem = list_set_elem(map, i);
131 return !!(elem->id == id &&
132 !(with_timeout(map->timeout) &&
133 list_set_expired(map, i)));
140 list_elem_add(struct list_set *map, u32 i, ip_set_id_t id)
144 for (; i < map->size; i++) {
145 e = list_set_elem(map, i);
147 if (e->id == IPSET_INVALID_ID)
153 list_elem_tadd(struct list_set *map, u32 i, ip_set_id_t id,
154 unsigned long timeout)
158 for (; i < map->size; i++) {
159 e = list_set_telem(map, i);
161 swap(e->timeout, timeout);
162 if (e->id == IPSET_INVALID_ID)
168 list_set_add(struct list_set *map, u32 i, ip_set_id_t id,
169 unsigned long timeout)
171 const struct set_elem *e = list_set_elem(map, i);
173 if (i == map->size - 1 && e->id != IPSET_INVALID_ID)
174 /* Last element replaced: e.g. add new,before,last */
175 ip_set_put_byindex(e->id);
176 if (with_timeout(map->timeout))
177 list_elem_tadd(map, i, id, ip_set_timeout_set(timeout));
179 list_elem_add(map, i, id);
185 list_set_del(struct list_set *map, u32 i)
187 struct set_elem *a = list_set_elem(map, i), *b;
189 ip_set_put_byindex(a->id);
191 for (; i < map->size - 1; i++) {
192 b = list_set_elem(map, i + 1);
194 if (with_timeout(map->timeout))
195 ((struct set_telem *)a)->timeout =
196 ((struct set_telem *)b)->timeout;
198 if (a->id == IPSET_INVALID_ID)
202 a->id = IPSET_INVALID_ID;
207 cleanup_entries(struct list_set *map)
212 for (i = 0; i < map->size; i++) {
213 e = list_set_telem(map, i);
214 if (e->id != IPSET_INVALID_ID && list_set_expired(map, i))
215 list_set_del(map, i);
220 list_set_uadt(struct ip_set *set, struct nlattr *tb[],
221 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
223 struct list_set *map = set->data;
224 bool with_timeout = with_timeout(map->timeout);
225 bool flag_exist = flags & IPSET_FLAG_EXIST;
227 u32 timeout = map->timeout;
228 ip_set_id_t id, refid = IPSET_INVALID_ID;
229 const struct set_elem *elem;
234 if (unlikely(!tb[IPSET_ATTR_NAME] ||
235 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
236 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
237 return -IPSET_ERR_PROTOCOL;
239 if (tb[IPSET_ATTR_LINENO])
240 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
242 id = ip_set_get_byname(nla_data(tb[IPSET_ATTR_NAME]), &s);
243 if (id == IPSET_INVALID_ID)
244 return -IPSET_ERR_NAME;
245 /* "Loop detection" */
246 if (s->type->features & IPSET_TYPE_NAME) {
247 ret = -IPSET_ERR_LOOP;
251 if (tb[IPSET_ATTR_CADT_FLAGS]) {
252 u32 f = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
253 before = f & IPSET_FLAG_BEFORE;
256 if (before && !tb[IPSET_ATTR_NAMEREF]) {
257 ret = -IPSET_ERR_BEFORE;
261 if (tb[IPSET_ATTR_NAMEREF]) {
262 refid = ip_set_get_byname(nla_data(tb[IPSET_ATTR_NAMEREF]),
264 if (refid == IPSET_INVALID_ID) {
265 ret = -IPSET_ERR_NAMEREF;
271 if (tb[IPSET_ATTR_TIMEOUT]) {
273 ret = -IPSET_ERR_TIMEOUT;
276 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
278 if (with_timeout && adt != IPSET_TEST)
279 cleanup_entries(map);
283 for (i = 0; i < map->size && !ret; i++) {
284 elem = list_set_elem(map, i);
285 if (elem->id == IPSET_INVALID_ID ||
286 (before != 0 && i + 1 >= map->size))
288 else if (with_timeout && list_set_expired(map, i))
290 else if (before > 0 && elem->id == id)
291 ret = id_eq_timeout(map, i + 1, refid);
292 else if (before < 0 && elem->id == refid)
293 ret = id_eq_timeout(map, i + 1, id);
294 else if (before == 0 && elem->id == id)
299 for (i = 0; i < map->size; i++) {
300 elem = list_set_elem(map, i);
303 if (!(with_timeout && flag_exist)) {
304 ret = -IPSET_ERR_EXIST;
307 struct set_telem *e = list_set_telem(map, i);
310 !id_eq(map, i + 1, refid)) ||
312 (i == 0 || !id_eq(map, i - 1, refid)))) {
313 ret = -IPSET_ERR_EXIST;
316 e->timeout = ip_set_timeout_set(timeout);
317 ip_set_put_byindex(id);
322 ret = -IPSET_ERR_LIST_FULL;
323 for (i = 0; i < map->size && ret == -IPSET_ERR_LIST_FULL; i++) {
324 elem = list_set_elem(map, i);
325 if (elem->id == IPSET_INVALID_ID)
326 ret = before != 0 ? -IPSET_ERR_REF_EXIST
327 : list_set_add(map, i, id, timeout);
328 else if (elem->id != refid)
331 ret = list_set_add(map, i, id, timeout);
332 else if (i + 1 < map->size)
333 ret = list_set_add(map, i + 1, id, timeout);
337 ret = -IPSET_ERR_EXIST;
338 for (i = 0; i < map->size && ret == -IPSET_ERR_EXIST; i++) {
339 elem = list_set_elem(map, i);
340 if (elem->id == IPSET_INVALID_ID) {
341 ret = before != 0 ? -IPSET_ERR_REF_EXIST
344 } else if (elem->id == id &&
346 (before > 0 && id_eq(map, i + 1, refid))))
347 ret = list_set_del(map, i);
348 else if (elem->id == refid &&
349 before < 0 && id_eq(map, i + 1, id))
350 ret = list_set_del(map, i + 1);
358 if (refid != IPSET_INVALID_ID)
359 ip_set_put_byindex(refid);
360 if (adt != IPSET_ADD || ret)
361 ip_set_put_byindex(id);
363 return ip_set_eexist(ret, flags) ? 0 : ret;
367 list_set_flush(struct ip_set *set)
369 struct list_set *map = set->data;
370 struct set_elem *elem;
373 for (i = 0; i < map->size; i++) {
374 elem = list_set_elem(map, i);
375 if (elem->id != IPSET_INVALID_ID) {
376 ip_set_put_byindex(elem->id);
377 elem->id = IPSET_INVALID_ID;
383 list_set_destroy(struct ip_set *set)
385 struct list_set *map = set->data;
387 if (with_timeout(map->timeout))
388 del_timer_sync(&map->gc);
396 list_set_head(struct ip_set *set, struct sk_buff *skb)
398 const struct list_set *map = set->data;
399 struct nlattr *nested;
401 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
403 goto nla_put_failure;
404 NLA_PUT_NET32(skb, IPSET_ATTR_SIZE, htonl(map->size));
405 if (with_timeout(map->timeout))
406 NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout));
407 NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1));
408 NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE,
409 htonl(sizeof(*map) + map->size * map->dsize));
410 ipset_nest_end(skb, nested);
418 list_set_list(const struct ip_set *set,
419 struct sk_buff *skb, struct netlink_callback *cb)
421 const struct list_set *map = set->data;
422 struct nlattr *atd, *nested;
423 u32 i, first = cb->args[2];
424 const struct set_elem *e;
426 atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
429 for (; cb->args[2] < map->size; cb->args[2]++) {
431 e = list_set_elem(map, i);
432 if (e->id == IPSET_INVALID_ID)
434 if (with_timeout(map->timeout) && list_set_expired(map, i))
436 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
439 nla_nest_cancel(skb, atd);
442 goto nla_put_failure;
444 NLA_PUT_STRING(skb, IPSET_ATTR_NAME,
445 ip_set_name_byindex(e->id));
446 if (with_timeout(map->timeout)) {
447 const struct set_telem *te =
448 (const struct set_telem *) e;
449 NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT,
450 htonl(ip_set_timeout_get(te->timeout)));
452 ipset_nest_end(skb, nested);
455 ipset_nest_end(skb, atd);
456 /* Set listing finished */
461 nla_nest_cancel(skb, nested);
462 ipset_nest_end(skb, atd);
463 if (unlikely(i == first)) {
471 list_set_same_set(const struct ip_set *a, const struct ip_set *b)
473 const struct list_set *x = a->data;
474 const struct list_set *y = b->data;
476 return x->size == y->size &&
477 x->timeout == y->timeout;
480 static const struct ip_set_type_variant list_set = {
481 .kadt = list_set_kadt,
482 .uadt = list_set_uadt,
483 .destroy = list_set_destroy,
484 .flush = list_set_flush,
485 .head = list_set_head,
486 .list = list_set_list,
487 .same_set = list_set_same_set,
491 list_set_gc(unsigned long ul_set)
493 struct ip_set *set = (struct ip_set *) ul_set;
494 struct list_set *map = set->data;
496 write_lock_bh(&set->lock);
497 cleanup_entries(map);
498 write_unlock_bh(&set->lock);
500 map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
505 list_set_gc_init(struct ip_set *set)
507 struct list_set *map = set->data;
509 init_timer(&map->gc);
510 map->gc.data = (unsigned long) set;
511 map->gc.function = list_set_gc;
512 map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
516 /* Create list:set type of sets */
519 init_list_set(struct ip_set *set, u32 size, size_t dsize,
520 unsigned long timeout)
522 struct list_set *map;
526 map = kzalloc(sizeof(*map) + size * dsize, GFP_KERNEL);
532 map->timeout = timeout;
535 for (i = 0; i < size; i++) {
536 e = list_set_elem(map, i);
537 e->id = IPSET_INVALID_ID;
544 list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
546 u32 size = IP_SET_LIST_DEFAULT_SIZE;
548 if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) ||
549 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
550 return -IPSET_ERR_PROTOCOL;
552 if (tb[IPSET_ATTR_SIZE])
553 size = ip_set_get_h32(tb[IPSET_ATTR_SIZE]);
554 if (size < IP_SET_LIST_MIN_SIZE)
555 size = IP_SET_LIST_MIN_SIZE;
557 if (tb[IPSET_ATTR_TIMEOUT]) {
558 if (!init_list_set(set, size, sizeof(struct set_telem),
559 ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT])))
562 list_set_gc_init(set);
564 if (!init_list_set(set, size, sizeof(struct set_elem),
568 set->variant = &list_set;
572 static struct ip_set_type list_set_type __read_mostly = {
574 .protocol = IPSET_PROTOCOL,
575 .features = IPSET_TYPE_NAME | IPSET_DUMP_LAST,
576 .dimension = IPSET_DIM_ONE,
579 .create = list_set_create,
581 [IPSET_ATTR_SIZE] = { .type = NLA_U32 },
582 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
585 [IPSET_ATTR_NAME] = { .type = NLA_STRING,
586 .len = IPSET_MAXNAMELEN },
587 [IPSET_ATTR_NAMEREF] = { .type = NLA_STRING,
588 .len = IPSET_MAXNAMELEN },
589 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
590 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
591 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
599 return ip_set_type_register(&list_set_type);
605 ip_set_type_unregister(&list_set_type);
608 module_init(list_set_init);
609 module_exit(list_set_fini);
git.openpandora.org / pandora-kernel.git / blob