Commit | Line | Data |
---|---|---|
1feab10d JK |
1 | /* Copyright (C) 2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
2 | * | |
3 | * This program is free software; you can redistribute it and/or modify | |
4 | * it under the terms of the GNU General Public License version 2 as | |
5 | * published by the Free Software Foundation. | |
6 | */ | |
7 | ||
8 | #ifndef _IP_SET_HASH_GEN_H | |
9 | #define _IP_SET_HASH_GEN_H | |
10 | ||
11 | #include <linux/rcupdate.h> | |
12 | #include <linux/jhash.h> | |
13 | #include <linux/netfilter/ipset/ip_set_timeout.h> | |
14 | #ifndef rcu_dereference_bh | |
15 | #define rcu_dereference_bh(p) rcu_dereference(p) | |
16 | #endif | |
17 | ||
a0f28dc7 JK |
18 | #define rcu_dereference_bh_nfnl(p) rcu_dereference_bh_check(p, 1) |
19 | ||
1feab10d JK |
20 | /* Hashing which uses arrays to resolve clashing. The hash table is resized |
21 | * (doubled) when searching becomes too long. | |
22 | * Internally jhash is used with the assumption that the size of the | |
23 | * stored data is a multiple of sizeof(u32). If storage supports timeout, | |
24 | * the timeout field must be the last one in the data structure - that field | |
25 | * is ignored when computing the hash key. | |
26 | * | |
27 | * Readers and resizing | |
28 | * | |
29 | * Resizing can be triggered by userspace command only, and those | |
30 | * are serialized by the nfnl mutex. During resizing the set is | |
31 | * read-locked, so the only possible concurrent operations are | |
32 | * the kernel side readers. Those must be protected by proper RCU locking. | |
33 | */ | |
34 | ||
35 | /* Number of elements to store in an initial array block */ | |
36 | #define AHASH_INIT_SIZE 4 | |
37 | /* Max number of elements to store in an array block */ | |
38 | #define AHASH_MAX_SIZE (3*AHASH_INIT_SIZE) | |
39 | ||
40 | /* Max number of elements can be tuned */ | |
41 | #ifdef IP_SET_HASH_WITH_MULTI | |
42 | #define AHASH_MAX(h) ((h)->ahash_max) | |
43 | ||
44 | static inline u8 | |
45 | tune_ahash_max(u8 curr, u32 multi) | |
46 | { | |
47 | u32 n; | |
48 | ||
49 | if (multi < curr) | |
50 | return curr; | |
51 | ||
52 | n = curr + AHASH_INIT_SIZE; | |
53 | /* Currently, at listing one hash bucket must fit into a message. | |
54 | * Therefore we have a hard limit here. | |
55 | */ | |
56 | return n > curr && n <= 64 ? n : curr; | |
57 | } | |
58 | #define TUNE_AHASH_MAX(h, multi) \ | |
59 | ((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi)) | |
60 | #else | |
61 | #define AHASH_MAX(h) AHASH_MAX_SIZE | |
62 | #define TUNE_AHASH_MAX(h, multi) | |
63 | #endif | |
64 | ||
65 | /* A hash bucket */ | |
66 | struct hbucket { | |
67 | void *value; /* the array of the values */ | |
68 | u8 size; /* size of the array */ | |
69 | u8 pos; /* position of the first free entry */ | |
70 | }; | |
71 | ||
72 | /* The hash table: the table size stored here in order to make resizing easy */ | |
73 | struct htable { | |
74 | u8 htable_bits; /* size of hash table == 2^htable_bits */ | |
75 | struct hbucket bucket[0]; /* hashtable buckets */ | |
76 | }; | |
77 | ||
78 | #define hbucket(h, i) (&((h)->bucket[i])) | |
79 | ||
a04d8b6b JK |
80 | #ifndef IPSET_NET_COUNT |
81 | #define IPSET_NET_COUNT 1 | |
82 | #endif | |
83 | ||
1feab10d JK |
84 | /* Book-keeping of the prefixes added to the set */ |
85 | struct net_prefixes { | |
a04d8b6b JK |
86 | u32 nets[IPSET_NET_COUNT]; /* number of elements per cidr */ |
87 | u8 cidr[IPSET_NET_COUNT]; /* the different cidr values in the set */ | |
1feab10d JK |
88 | }; |
89 | ||
90 | /* Compute the hash table size */ | |
91 | static size_t | |
92 | htable_size(u8 hbits) | |
93 | { | |
94 | size_t hsize; | |
95 | ||
96 | /* We must fit both into u32 in jhash and size_t */ | |
97 | if (hbits > 31) | |
98 | return 0; | |
99 | hsize = jhash_size(hbits); | |
100 | if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket) | |
101 | < hsize) | |
102 | return 0; | |
103 | ||
104 | return hsize * sizeof(struct hbucket) + sizeof(struct htable); | |
105 | } | |
106 | ||
107 | /* Compute htable_bits from the user input parameter hashsize */ | |
108 | static u8 | |
109 | htable_bits(u32 hashsize) | |
110 | { | |
111 | /* Assume that hashsize == 2^htable_bits */ | |
112 | u8 bits = fls(hashsize - 1); | |
113 | if (jhash_size(bits) != hashsize) | |
114 | /* Round up to the first 2^n value */ | |
115 | bits = fls(hashsize); | |
116 | ||
117 | return bits; | |
118 | } | |
119 | ||
1feab10d JK |
120 | static int |
121 | hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize) | |
122 | { | |
123 | if (n->pos >= n->size) { | |
124 | void *tmp; | |
125 | ||
126 | if (n->size >= ahash_max) | |
127 | /* Trigger rehashing */ | |
128 | return -EAGAIN; | |
129 | ||
130 | tmp = kzalloc((n->size + AHASH_INIT_SIZE) * dsize, | |
131 | GFP_ATOMIC); | |
132 | if (!tmp) | |
133 | return -ENOMEM; | |
134 | if (n->size) { | |
135 | memcpy(tmp, n->value, n->size * dsize); | |
136 | kfree(n->value); | |
137 | } | |
138 | n->value = tmp; | |
139 | n->size += AHASH_INIT_SIZE; | |
140 | } | |
141 | return 0; | |
142 | } | |
143 | ||
144 | #ifdef IP_SET_HASH_WITH_NETS | |
ea53ac5b OS |
145 | #if IPSET_NET_COUNT > 1 |
146 | #define __CIDR(cidr, i) (cidr[i]) | |
147 | #else | |
148 | #define __CIDR(cidr, i) (cidr) | |
149 | #endif | |
25a76f34 JK |
150 | |
151 | /* cidr + 1 is stored in net_prefixes to support /0 */ | |
152 | #define SCIDR(cidr, i) (__CIDR(cidr, i) + 1) | |
153 | ||
1feab10d | 154 | #ifdef IP_SET_HASH_WITH_NETS_PACKED |
25a76f34 JK |
155 | /* When cidr is packed with nomatch, cidr - 1 is stored in the data entry */ |
156 | #define GCIDR(cidr, i) (__CIDR(cidr, i) + 1) | |
157 | #define NCIDR(cidr) (cidr) | |
1feab10d | 158 | #else |
25a76f34 JK |
159 | #define GCIDR(cidr, i) (__CIDR(cidr, i)) |
160 | #define NCIDR(cidr) (cidr - 1) | |
1feab10d JK |
161 | #endif |
162 | ||
163 | #define SET_HOST_MASK(family) (family == AF_INET ? 32 : 128) | |
164 | ||
59de79cf | 165 | #ifdef IP_SET_HASH_WITH_NET0 |
a04d8b6b | 166 | #define NLEN(family) (SET_HOST_MASK(family) + 1) |
1feab10d | 167 | #else |
a04d8b6b | 168 | #define NLEN(family) SET_HOST_MASK(family) |
1feab10d JK |
169 | #endif |
170 | ||
171 | #else | |
a04d8b6b | 172 | #define NLEN(family) 0 |
1feab10d JK |
173 | #endif /* IP_SET_HASH_WITH_NETS */ |
174 | ||
1feab10d JK |
175 | #endif /* _IP_SET_HASH_GEN_H */ |
176 | ||
177 | /* Family dependent templates */ | |
178 | ||
179 | #undef ahash_data | |
180 | #undef mtype_data_equal | |
181 | #undef mtype_do_data_match | |
182 | #undef mtype_data_set_flags | |
43ef29c9 | 183 | #undef mtype_data_reset_elem |
1feab10d JK |
184 | #undef mtype_data_reset_flags |
185 | #undef mtype_data_netmask | |
186 | #undef mtype_data_list | |
187 | #undef mtype_data_next | |
188 | #undef mtype_elem | |
189 | ||
40cd63bf JK |
190 | #undef mtype_ahash_destroy |
191 | #undef mtype_ext_cleanup | |
1feab10d JK |
192 | #undef mtype_add_cidr |
193 | #undef mtype_del_cidr | |
194 | #undef mtype_ahash_memsize | |
195 | #undef mtype_flush | |
196 | #undef mtype_destroy | |
1feab10d JK |
197 | #undef mtype_same_set |
198 | #undef mtype_kadt | |
199 | #undef mtype_uadt | |
200 | #undef mtype | |
201 | ||
202 | #undef mtype_add | |
203 | #undef mtype_del | |
204 | #undef mtype_test_cidrs | |
205 | #undef mtype_test | |
206 | #undef mtype_expire | |
207 | #undef mtype_resize | |
208 | #undef mtype_head | |
209 | #undef mtype_list | |
210 | #undef mtype_gc | |
211 | #undef mtype_gc_init | |
212 | #undef mtype_variant | |
213 | #undef mtype_data_match | |
214 | ||
215 | #undef HKEY | |
216 | ||
35b8dcf8 | 217 | #define mtype_data_equal IPSET_TOKEN(MTYPE, _data_equal) |
1feab10d | 218 | #ifdef IP_SET_HASH_WITH_NETS |
35b8dcf8 | 219 | #define mtype_do_data_match IPSET_TOKEN(MTYPE, _do_data_match) |
1feab10d JK |
220 | #else |
221 | #define mtype_do_data_match(d) 1 | |
222 | #endif | |
35b8dcf8 | 223 | #define mtype_data_set_flags IPSET_TOKEN(MTYPE, _data_set_flags) |
ea53ac5b | 224 | #define mtype_data_reset_elem IPSET_TOKEN(MTYPE, _data_reset_elem) |
35b8dcf8 JK |
225 | #define mtype_data_reset_flags IPSET_TOKEN(MTYPE, _data_reset_flags) |
226 | #define mtype_data_netmask IPSET_TOKEN(MTYPE, _data_netmask) | |
227 | #define mtype_data_list IPSET_TOKEN(MTYPE, _data_list) | |
228 | #define mtype_data_next IPSET_TOKEN(MTYPE, _data_next) | |
229 | #define mtype_elem IPSET_TOKEN(MTYPE, _elem) | |
43ef29c9 | 230 | |
40cd63bf JK |
231 | #define mtype_ahash_destroy IPSET_TOKEN(MTYPE, _ahash_destroy) |
232 | #define mtype_ext_cleanup IPSET_TOKEN(MTYPE, _ext_cleanup) | |
35b8dcf8 JK |
233 | #define mtype_add_cidr IPSET_TOKEN(MTYPE, _add_cidr) |
234 | #define mtype_del_cidr IPSET_TOKEN(MTYPE, _del_cidr) | |
235 | #define mtype_ahash_memsize IPSET_TOKEN(MTYPE, _ahash_memsize) | |
236 | #define mtype_flush IPSET_TOKEN(MTYPE, _flush) | |
237 | #define mtype_destroy IPSET_TOKEN(MTYPE, _destroy) | |
35b8dcf8 JK |
238 | #define mtype_same_set IPSET_TOKEN(MTYPE, _same_set) |
239 | #define mtype_kadt IPSET_TOKEN(MTYPE, _kadt) | |
240 | #define mtype_uadt IPSET_TOKEN(MTYPE, _uadt) | |
1feab10d JK |
241 | #define mtype MTYPE |
242 | ||
35b8dcf8 JK |
243 | #define mtype_add IPSET_TOKEN(MTYPE, _add) |
244 | #define mtype_del IPSET_TOKEN(MTYPE, _del) | |
245 | #define mtype_test_cidrs IPSET_TOKEN(MTYPE, _test_cidrs) | |
246 | #define mtype_test IPSET_TOKEN(MTYPE, _test) | |
247 | #define mtype_expire IPSET_TOKEN(MTYPE, _expire) | |
248 | #define mtype_resize IPSET_TOKEN(MTYPE, _resize) | |
249 | #define mtype_head IPSET_TOKEN(MTYPE, _head) | |
250 | #define mtype_list IPSET_TOKEN(MTYPE, _list) | |
251 | #define mtype_gc IPSET_TOKEN(MTYPE, _gc) | |
43ef29c9 | 252 | #define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init) |
35b8dcf8 JK |
253 | #define mtype_variant IPSET_TOKEN(MTYPE, _variant) |
254 | #define mtype_data_match IPSET_TOKEN(MTYPE, _data_match) | |
1feab10d JK |
255 | |
256 | #ifndef HKEY_DATALEN | |
257 | #define HKEY_DATALEN sizeof(struct mtype_elem) | |
258 | #endif | |
259 | ||
260 | #define HKEY(data, initval, htable_bits) \ | |
261 | (jhash2((u32 *)(data), HKEY_DATALEN/sizeof(u32), initval) \ | |
262 | & jhash_mask(htable_bits)) | |
263 | ||
264 | #ifndef htype | |
265 | #define htype HTYPE | |
266 | ||
267 | /* The generic hash structure */ | |
268 | struct htype { | |
a0f28dc7 | 269 | struct htable __rcu *table; /* the hash table */ |
1feab10d JK |
270 | u32 maxelem; /* max elements in the hash */ |
271 | u32 elements; /* current element (vs timeout) */ | |
272 | u32 initval; /* random jhash init value */ | |
4d0e5c07 VD |
273 | #ifdef IP_SET_HASH_WITH_MARKMASK |
274 | u32 markmask; /* markmask value for mark mask to store */ | |
275 | #endif | |
1feab10d JK |
276 | struct timer_list gc; /* garbage collection when timeout enabled */ |
277 | struct mtype_elem next; /* temporary storage for uadd */ | |
278 | #ifdef IP_SET_HASH_WITH_MULTI | |
279 | u8 ahash_max; /* max elements in an array block */ | |
280 | #endif | |
281 | #ifdef IP_SET_HASH_WITH_NETMASK | |
282 | u8 netmask; /* netmask value for subnets to store */ | |
283 | #endif | |
284 | #ifdef IP_SET_HASH_WITH_RBTREE | |
285 | struct rb_root rbtree; | |
286 | #endif | |
287 | #ifdef IP_SET_HASH_WITH_NETS | |
288 | struct net_prefixes nets[0]; /* book-keeping of prefixes */ | |
289 | #endif | |
290 | }; | |
291 | #endif | |
292 | ||
293 | #ifdef IP_SET_HASH_WITH_NETS | |
294 | /* Network cidr size book keeping when the hash stores different | |
295 | * sized networks */ | |
296 | static void | |
a04d8b6b | 297 | mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n) |
1feab10d JK |
298 | { |
299 | int i, j; | |
300 | ||
301 | /* Add in increasing prefix order, so larger cidr first */ | |
25a76f34 | 302 | for (i = 0, j = -1; i < nets_length && h->nets[i].cidr[n]; i++) { |
1feab10d JK |
303 | if (j != -1) |
304 | continue; | |
a04d8b6b | 305 | else if (h->nets[i].cidr[n] < cidr) |
1feab10d | 306 | j = i; |
a04d8b6b | 307 | else if (h->nets[i].cidr[n] == cidr) { |
25a76f34 | 308 | h->nets[cidr - 1].nets[n]++; |
1feab10d JK |
309 | return; |
310 | } | |
311 | } | |
312 | if (j != -1) { | |
25a76f34 | 313 | for (; i > j; i--) |
a04d8b6b | 314 | h->nets[i].cidr[n] = h->nets[i - 1].cidr[n]; |
1feab10d | 315 | } |
a04d8b6b | 316 | h->nets[i].cidr[n] = cidr; |
25a76f34 | 317 | h->nets[cidr - 1].nets[n] = 1; |
1feab10d JK |
318 | } |
319 | ||
320 | static void | |
a04d8b6b | 321 | mtype_del_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n) |
1feab10d | 322 | { |
2cf55125 OS |
323 | u8 i, j, net_end = nets_length - 1; |
324 | ||
325 | for (i = 0; i < nets_length; i++) { | |
a04d8b6b | 326 | if (h->nets[i].cidr[n] != cidr) |
2cf55125 | 327 | continue; |
25a76f34 JK |
328 | h->nets[cidr -1].nets[n]--; |
329 | if (h->nets[cidr -1].nets[n] > 0) | |
2cf55125 | 330 | return; |
25a76f34 | 331 | for (j = i; j < net_end && h->nets[j].cidr[n]; j++) |
a04d8b6b | 332 | h->nets[j].cidr[n] = h->nets[j + 1].cidr[n]; |
25a76f34 | 333 | h->nets[j].cidr[n] = 0; |
2cf55125 | 334 | return; |
1feab10d JK |
335 | } |
336 | } | |
337 | #endif | |
338 | ||
339 | /* Calculate the actual memory size of the set data */ | |
340 | static size_t | |
a0f28dc7 | 341 | mtype_ahash_memsize(const struct htype *h, const struct htable *t, |
ca134ce8 | 342 | u8 nets_length, size_t dsize) |
1feab10d JK |
343 | { |
344 | u32 i; | |
1feab10d JK |
345 | size_t memsize = sizeof(*h) |
346 | + sizeof(*t) | |
347 | #ifdef IP_SET_HASH_WITH_NETS | |
348 | + sizeof(struct net_prefixes) * nets_length | |
349 | #endif | |
350 | + jhash_size(t->htable_bits) * sizeof(struct hbucket); | |
351 | ||
352 | for (i = 0; i < jhash_size(t->htable_bits); i++) | |
ca134ce8 | 353 | memsize += t->bucket[i].size * dsize; |
1feab10d JK |
354 | |
355 | return memsize; | |
356 | } | |
357 | ||
40cd63bf JK |
358 | /* Get the ith element from the array block n */ |
359 | #define ahash_data(n, i, dsize) \ | |
360 | ((struct mtype_elem *)((n)->value + ((i) * (dsize)))) | |
361 | ||
362 | static void | |
363 | mtype_ext_cleanup(struct ip_set *set, struct hbucket *n) | |
364 | { | |
365 | int i; | |
366 | ||
367 | for (i = 0; i < n->pos; i++) | |
368 | ip_set_ext_destroy(set, ahash_data(n, i, set->dsize)); | |
369 | } | |
370 | ||
1feab10d JK |
371 | /* Flush a hash type of set: destroy all elements */ |
372 | static void | |
373 | mtype_flush(struct ip_set *set) | |
374 | { | |
375 | struct htype *h = set->data; | |
a0f28dc7 | 376 | struct htable *t; |
1feab10d JK |
377 | struct hbucket *n; |
378 | u32 i; | |
379 | ||
a0f28dc7 | 380 | t = rcu_dereference_bh_nfnl(h->table); |
1feab10d JK |
381 | for (i = 0; i < jhash_size(t->htable_bits); i++) { |
382 | n = hbucket(t, i); | |
383 | if (n->size) { | |
40cd63bf JK |
384 | if (set->extensions & IPSET_EXT_DESTROY) |
385 | mtype_ext_cleanup(set, n); | |
1feab10d JK |
386 | n->size = n->pos = 0; |
387 | /* FIXME: use slab cache */ | |
388 | kfree(n->value); | |
389 | } | |
390 | } | |
391 | #ifdef IP_SET_HASH_WITH_NETS | |
a04d8b6b | 392 | memset(h->nets, 0, sizeof(struct net_prefixes) * NLEN(set->family)); |
1feab10d JK |
393 | #endif |
394 | h->elements = 0; | |
395 | } | |
396 | ||
40cd63bf JK |
397 | /* Destroy the hashtable part of the set */ |
398 | static void | |
80571a9e | 399 | mtype_ahash_destroy(struct ip_set *set, struct htable *t, bool ext_destroy) |
40cd63bf JK |
400 | { |
401 | struct hbucket *n; | |
402 | u32 i; | |
403 | ||
404 | for (i = 0; i < jhash_size(t->htable_bits); i++) { | |
405 | n = hbucket(t, i); | |
406 | if (n->size) { | |
80571a9e | 407 | if (set->extensions & IPSET_EXT_DESTROY && ext_destroy) |
40cd63bf JK |
408 | mtype_ext_cleanup(set, n); |
409 | /* FIXME: use slab cache */ | |
410 | kfree(n->value); | |
411 | } | |
412 | } | |
413 | ||
414 | ip_set_free(t); | |
415 | } | |
416 | ||
1feab10d JK |
417 | /* Destroy a hash type of set */ |
418 | static void | |
419 | mtype_destroy(struct ip_set *set) | |
420 | { | |
421 | struct htype *h = set->data; | |
422 | ||
423 | if (set->extensions & IPSET_EXT_TIMEOUT) | |
424 | del_timer_sync(&h->gc); | |
425 | ||
80571a9e | 426 | mtype_ahash_destroy(set, rcu_dereference_bh_nfnl(h->table), true); |
1feab10d JK |
427 | #ifdef IP_SET_HASH_WITH_RBTREE |
428 | rbtree_destroy(&h->rbtree); | |
429 | #endif | |
430 | kfree(h); | |
431 | ||
432 | set->data = NULL; | |
433 | } | |
434 | ||
435 | static void | |
436 | mtype_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set)) | |
437 | { | |
438 | struct htype *h = set->data; | |
439 | ||
440 | init_timer(&h->gc); | |
441 | h->gc.data = (unsigned long) set; | |
442 | h->gc.function = gc; | |
ca134ce8 | 443 | h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ; |
1feab10d JK |
444 | add_timer(&h->gc); |
445 | pr_debug("gc initialized, run in every %u\n", | |
ca134ce8 | 446 | IPSET_GC_PERIOD(set->timeout)); |
1feab10d JK |
447 | } |
448 | ||
449 | static bool | |
450 | mtype_same_set(const struct ip_set *a, const struct ip_set *b) | |
451 | { | |
452 | const struct htype *x = a->data; | |
453 | const struct htype *y = b->data; | |
454 | ||
455 | /* Resizing changes htable_bits, so we ignore it */ | |
456 | return x->maxelem == y->maxelem && | |
ca134ce8 | 457 | a->timeout == b->timeout && |
1feab10d JK |
458 | #ifdef IP_SET_HASH_WITH_NETMASK |
459 | x->netmask == y->netmask && | |
4d0e5c07 VD |
460 | #endif |
461 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
462 | x->markmask == y->markmask && | |
1feab10d JK |
463 | #endif |
464 | a->extensions == b->extensions; | |
465 | } | |
466 | ||
1feab10d JK |
467 | /* Delete expired elements from the hashtable */ |
468 | static void | |
ca134ce8 | 469 | mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize) |
1feab10d | 470 | { |
a0f28dc7 | 471 | struct htable *t; |
1feab10d JK |
472 | struct hbucket *n; |
473 | struct mtype_elem *data; | |
474 | u32 i; | |
475 | int j; | |
ea53ac5b OS |
476 | #ifdef IP_SET_HASH_WITH_NETS |
477 | u8 k; | |
478 | #endif | |
1feab10d | 479 | |
a0f28dc7 JK |
480 | rcu_read_lock_bh(); |
481 | t = rcu_dereference_bh(h->table); | |
1feab10d JK |
482 | for (i = 0; i < jhash_size(t->htable_bits); i++) { |
483 | n = hbucket(t, i); | |
484 | for (j = 0; j < n->pos; j++) { | |
485 | data = ahash_data(n, j, dsize); | |
ca134ce8 | 486 | if (ip_set_timeout_expired(ext_timeout(data, set))) { |
1feab10d JK |
487 | pr_debug("expired %u/%u\n", i, j); |
488 | #ifdef IP_SET_HASH_WITH_NETS | |
ea53ac5b | 489 | for (k = 0; k < IPSET_NET_COUNT; k++) |
25a76f34 | 490 | mtype_del_cidr(h, SCIDR(data->cidr, k), |
ea53ac5b | 491 | nets_length, k); |
1feab10d | 492 | #endif |
40cd63bf | 493 | ip_set_ext_destroy(set, data); |
1feab10d JK |
494 | if (j != n->pos - 1) |
495 | /* Not last one */ | |
496 | memcpy(data, | |
497 | ahash_data(n, n->pos - 1, dsize), | |
498 | dsize); | |
499 | n->pos--; | |
500 | h->elements--; | |
501 | } | |
502 | } | |
503 | if (n->pos + AHASH_INIT_SIZE < n->size) { | |
504 | void *tmp = kzalloc((n->size - AHASH_INIT_SIZE) | |
505 | * dsize, | |
506 | GFP_ATOMIC); | |
507 | if (!tmp) | |
508 | /* Still try to delete expired elements */ | |
509 | continue; | |
510 | n->size -= AHASH_INIT_SIZE; | |
511 | memcpy(tmp, n->value, n->size * dsize); | |
512 | kfree(n->value); | |
513 | n->value = tmp; | |
514 | } | |
515 | } | |
a0f28dc7 | 516 | rcu_read_unlock_bh(); |
1feab10d JK |
517 | } |
518 | ||
519 | static void | |
520 | mtype_gc(unsigned long ul_set) | |
521 | { | |
522 | struct ip_set *set = (struct ip_set *) ul_set; | |
523 | struct htype *h = set->data; | |
524 | ||
525 | pr_debug("called\n"); | |
526 | write_lock_bh(&set->lock); | |
ca134ce8 | 527 | mtype_expire(set, h, NLEN(set->family), set->dsize); |
1feab10d JK |
528 | write_unlock_bh(&set->lock); |
529 | ||
ca134ce8 | 530 | h->gc.expires = jiffies + IPSET_GC_PERIOD(set->timeout) * HZ; |
1feab10d JK |
531 | add_timer(&h->gc); |
532 | } | |
533 | ||
534 | /* Resize a hash: create a new hash table with doubling the hashsize | |
535 | * and inserting the elements to it. Repeat until we succeed or | |
536 | * fail due to memory pressures. */ | |
537 | static int | |
538 | mtype_resize(struct ip_set *set, bool retried) | |
539 | { | |
540 | struct htype *h = set->data; | |
a0f28dc7 | 541 | struct htable *t, *orig = rcu_dereference_bh_nfnl(h->table); |
1feab10d JK |
542 | u8 htable_bits = orig->htable_bits; |
543 | #ifdef IP_SET_HASH_WITH_NETS | |
544 | u8 flags; | |
545 | #endif | |
546 | struct mtype_elem *data; | |
547 | struct mtype_elem *d; | |
548 | struct hbucket *n, *m; | |
549 | u32 i, j; | |
550 | int ret; | |
551 | ||
552 | /* Try to cleanup once */ | |
553 | if (SET_WITH_TIMEOUT(set) && !retried) { | |
554 | i = h->elements; | |
555 | write_lock_bh(&set->lock); | |
ca134ce8 | 556 | mtype_expire(set, set->data, NLEN(set->family), set->dsize); |
1feab10d JK |
557 | write_unlock_bh(&set->lock); |
558 | if (h->elements < i) | |
559 | return 0; | |
560 | } | |
561 | ||
562 | retry: | |
563 | ret = 0; | |
564 | htable_bits++; | |
565 | pr_debug("attempt to resize set %s from %u to %u, t %p\n", | |
566 | set->name, orig->htable_bits, htable_bits, orig); | |
567 | if (!htable_bits) { | |
568 | /* In case we have plenty of memory :-) */ | |
b167a37c JP |
569 | pr_warn("Cannot increase the hashsize of set %s further\n", |
570 | set->name); | |
1feab10d JK |
571 | return -IPSET_ERR_HASH_FULL; |
572 | } | |
573 | t = ip_set_alloc(sizeof(*t) | |
574 | + jhash_size(htable_bits) * sizeof(struct hbucket)); | |
575 | if (!t) | |
576 | return -ENOMEM; | |
577 | t->htable_bits = htable_bits; | |
578 | ||
579 | read_lock_bh(&set->lock); | |
580 | for (i = 0; i < jhash_size(orig->htable_bits); i++) { | |
581 | n = hbucket(orig, i); | |
582 | for (j = 0; j < n->pos; j++) { | |
ca134ce8 | 583 | data = ahash_data(n, j, set->dsize); |
1feab10d JK |
584 | #ifdef IP_SET_HASH_WITH_NETS |
585 | flags = 0; | |
586 | mtype_data_reset_flags(data, &flags); | |
587 | #endif | |
588 | m = hbucket(t, HKEY(data, h->initval, htable_bits)); | |
ca134ce8 | 589 | ret = hbucket_elem_add(m, AHASH_MAX(h), set->dsize); |
1feab10d JK |
590 | if (ret < 0) { |
591 | #ifdef IP_SET_HASH_WITH_NETS | |
592 | mtype_data_reset_flags(data, &flags); | |
593 | #endif | |
594 | read_unlock_bh(&set->lock); | |
80571a9e | 595 | mtype_ahash_destroy(set, t, false); |
1feab10d JK |
596 | if (ret == -EAGAIN) |
597 | goto retry; | |
598 | return ret; | |
599 | } | |
ca134ce8 JK |
600 | d = ahash_data(m, m->pos++, set->dsize); |
601 | memcpy(d, data, set->dsize); | |
1feab10d JK |
602 | #ifdef IP_SET_HASH_WITH_NETS |
603 | mtype_data_reset_flags(d, &flags); | |
604 | #endif | |
605 | } | |
606 | } | |
607 | ||
608 | rcu_assign_pointer(h->table, t); | |
609 | read_unlock_bh(&set->lock); | |
610 | ||
611 | /* Give time to other readers of the set */ | |
612 | synchronize_rcu_bh(); | |
613 | ||
614 | pr_debug("set %s resized from %u (%p) to %u (%p)\n", set->name, | |
615 | orig->htable_bits, orig, t->htable_bits, t); | |
80571a9e | 616 | mtype_ahash_destroy(set, orig, false); |
1feab10d JK |
617 | |
618 | return 0; | |
619 | } | |
620 | ||
621 | /* Add an element to a hash and update the internal counters when succeeded, | |
622 | * otherwise report the proper error code. */ | |
623 | static int | |
624 | mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
625 | struct ip_set_ext *mext, u32 flags) | |
626 | { | |
627 | struct htype *h = set->data; | |
628 | struct htable *t; | |
629 | const struct mtype_elem *d = value; | |
630 | struct mtype_elem *data; | |
631 | struct hbucket *n; | |
632 | int i, ret = 0; | |
633 | int j = AHASH_MAX(h) + 1; | |
634 | bool flag_exist = flags & IPSET_FLAG_EXIST; | |
635 | u32 key, multi = 0; | |
636 | ||
1feab10d JK |
637 | rcu_read_lock_bh(); |
638 | t = rcu_dereference_bh(h->table); | |
639 | key = HKEY(value, h->initval, t->htable_bits); | |
640 | n = hbucket(t, key); | |
641 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 642 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
643 | if (mtype_data_equal(data, d, &multi)) { |
644 | if (flag_exist || | |
645 | (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 646 | ip_set_timeout_expired(ext_timeout(data, set)))) { |
1feab10d JK |
647 | /* Just the extensions could be overwritten */ |
648 | j = i; | |
649 | goto reuse_slot; | |
650 | } else { | |
651 | ret = -IPSET_ERR_EXIST; | |
652 | goto out; | |
653 | } | |
654 | } | |
655 | /* Reuse first timed out entry */ | |
656 | if (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 657 | ip_set_timeout_expired(ext_timeout(data, set)) && |
1feab10d JK |
658 | j != AHASH_MAX(h) + 1) |
659 | j = i; | |
660 | } | |
86ac79c7 JK |
661 | if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set) && n->pos) { |
662 | /* Choosing the first entry in the array to replace */ | |
663 | j = 0; | |
664 | goto reuse_slot; | |
665 | } | |
666 | if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem) | |
667 | /* FIXME: when set is full, we slow down here */ | |
668 | mtype_expire(set, h, NLEN(set->family), set->dsize); | |
669 | ||
670 | if (h->elements >= h->maxelem) { | |
671 | if (net_ratelimit()) | |
672 | pr_warn("Set %s is full, maxelem %u reached\n", | |
673 | set->name, h->maxelem); | |
674 | ret = -IPSET_ERR_HASH_FULL; | |
675 | goto out; | |
676 | } | |
677 | ||
1feab10d JK |
678 | reuse_slot: |
679 | if (j != AHASH_MAX(h) + 1) { | |
680 | /* Fill out reused slot */ | |
ca134ce8 | 681 | data = ahash_data(n, j, set->dsize); |
1feab10d | 682 | #ifdef IP_SET_HASH_WITH_NETS |
ea53ac5b | 683 | for (i = 0; i < IPSET_NET_COUNT; i++) { |
25a76f34 | 684 | mtype_del_cidr(h, SCIDR(data->cidr, i), |
ea53ac5b | 685 | NLEN(set->family), i); |
25a76f34 | 686 | mtype_add_cidr(h, SCIDR(d->cidr, i), |
ea53ac5b OS |
687 | NLEN(set->family), i); |
688 | } | |
1feab10d | 689 | #endif |
40cd63bf | 690 | ip_set_ext_destroy(set, data); |
1feab10d JK |
691 | } else { |
692 | /* Use/create a new slot */ | |
693 | TUNE_AHASH_MAX(h, multi); | |
ca134ce8 | 694 | ret = hbucket_elem_add(n, AHASH_MAX(h), set->dsize); |
1feab10d JK |
695 | if (ret != 0) { |
696 | if (ret == -EAGAIN) | |
697 | mtype_data_next(&h->next, d); | |
698 | goto out; | |
699 | } | |
ca134ce8 | 700 | data = ahash_data(n, n->pos++, set->dsize); |
1feab10d | 701 | #ifdef IP_SET_HASH_WITH_NETS |
ea53ac5b | 702 | for (i = 0; i < IPSET_NET_COUNT; i++) |
25a76f34 | 703 | mtype_add_cidr(h, SCIDR(d->cidr, i), NLEN(set->family), |
ea53ac5b | 704 | i); |
1feab10d JK |
705 | #endif |
706 | h->elements++; | |
707 | } | |
708 | memcpy(data, d, sizeof(struct mtype_elem)); | |
709 | #ifdef IP_SET_HASH_WITH_NETS | |
710 | mtype_data_set_flags(data, flags); | |
711 | #endif | |
712 | if (SET_WITH_TIMEOUT(set)) | |
ca134ce8 | 713 | ip_set_timeout_set(ext_timeout(data, set), ext->timeout); |
00d71b27 | 714 | if (SET_WITH_COUNTER(set)) |
ca134ce8 | 715 | ip_set_init_counter(ext_counter(data, set), ext); |
fda75c6d OS |
716 | if (SET_WITH_COMMENT(set)) |
717 | ip_set_init_comment(ext_comment(data, set), ext); | |
af331419 AD |
718 | if (SET_WITH_SKBINFO(set)) |
719 | ip_set_init_skbinfo(ext_skbinfo(data, set), ext); | |
1feab10d JK |
720 | |
721 | out: | |
722 | rcu_read_unlock_bh(); | |
723 | return ret; | |
724 | } | |
725 | ||
726 | /* Delete an element from the hash: swap it with the last element | |
727 | * and free up space if possible. | |
728 | */ | |
729 | static int | |
730 | mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
731 | struct ip_set_ext *mext, u32 flags) | |
732 | { | |
733 | struct htype *h = set->data; | |
a0f28dc7 | 734 | struct htable *t; |
1feab10d JK |
735 | const struct mtype_elem *d = value; |
736 | struct mtype_elem *data; | |
737 | struct hbucket *n; | |
a0f28dc7 | 738 | int i, ret = -IPSET_ERR_EXIST; |
ea53ac5b OS |
739 | #ifdef IP_SET_HASH_WITH_NETS |
740 | u8 j; | |
741 | #endif | |
1feab10d JK |
742 | u32 key, multi = 0; |
743 | ||
a0f28dc7 JK |
744 | rcu_read_lock_bh(); |
745 | t = rcu_dereference_bh(h->table); | |
1feab10d JK |
746 | key = HKEY(value, h->initval, t->htable_bits); |
747 | n = hbucket(t, key); | |
748 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 749 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
750 | if (!mtype_data_equal(data, d, &multi)) |
751 | continue; | |
752 | if (SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 753 | ip_set_timeout_expired(ext_timeout(data, set))) |
a0f28dc7 | 754 | goto out; |
1feab10d JK |
755 | if (i != n->pos - 1) |
756 | /* Not last one */ | |
ca134ce8 JK |
757 | memcpy(data, ahash_data(n, n->pos - 1, set->dsize), |
758 | set->dsize); | |
1feab10d JK |
759 | |
760 | n->pos--; | |
761 | h->elements--; | |
762 | #ifdef IP_SET_HASH_WITH_NETS | |
ea53ac5b | 763 | for (j = 0; j < IPSET_NET_COUNT; j++) |
25a76f34 | 764 | mtype_del_cidr(h, SCIDR(d->cidr, j), NLEN(set->family), |
ea53ac5b | 765 | j); |
1feab10d | 766 | #endif |
40cd63bf | 767 | ip_set_ext_destroy(set, data); |
1feab10d JK |
768 | if (n->pos + AHASH_INIT_SIZE < n->size) { |
769 | void *tmp = kzalloc((n->size - AHASH_INIT_SIZE) | |
ca134ce8 | 770 | * set->dsize, |
1feab10d | 771 | GFP_ATOMIC); |
a0f28dc7 JK |
772 | if (!tmp) { |
773 | ret = 0; | |
774 | goto out; | |
775 | } | |
1feab10d | 776 | n->size -= AHASH_INIT_SIZE; |
ca134ce8 | 777 | memcpy(tmp, n->value, n->size * set->dsize); |
1feab10d JK |
778 | kfree(n->value); |
779 | n->value = tmp; | |
780 | } | |
a0f28dc7 JK |
781 | ret = 0; |
782 | goto out; | |
1feab10d JK |
783 | } |
784 | ||
a0f28dc7 JK |
785 | out: |
786 | rcu_read_unlock_bh(); | |
787 | return ret; | |
1feab10d JK |
788 | } |
789 | ||
790 | static inline int | |
791 | mtype_data_match(struct mtype_elem *data, const struct ip_set_ext *ext, | |
792 | struct ip_set_ext *mext, struct ip_set *set, u32 flags) | |
793 | { | |
00d71b27 | 794 | if (SET_WITH_COUNTER(set)) |
ca134ce8 | 795 | ip_set_update_counter(ext_counter(data, set), |
00d71b27 | 796 | ext, mext, flags); |
af331419 AD |
797 | if (SET_WITH_SKBINFO(set)) |
798 | ip_set_get_skbinfo(ext_skbinfo(data, set), | |
799 | ext, mext, flags); | |
1feab10d JK |
800 | return mtype_do_data_match(data); |
801 | } | |
802 | ||
803 | #ifdef IP_SET_HASH_WITH_NETS | |
804 | /* Special test function which takes into account the different network | |
805 | * sizes added to the set */ | |
806 | static int | |
807 | mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d, | |
808 | const struct ip_set_ext *ext, | |
809 | struct ip_set_ext *mext, u32 flags) | |
810 | { | |
811 | struct htype *h = set->data; | |
a0f28dc7 | 812 | struct htable *t = rcu_dereference_bh(h->table); |
1feab10d JK |
813 | struct hbucket *n; |
814 | struct mtype_elem *data; | |
ea53ac5b OS |
815 | #if IPSET_NET_COUNT == 2 |
816 | struct mtype_elem orig = *d; | |
817 | int i, j = 0, k; | |
818 | #else | |
1feab10d | 819 | int i, j = 0; |
ea53ac5b | 820 | #endif |
1feab10d | 821 | u32 key, multi = 0; |
a04d8b6b | 822 | u8 nets_length = NLEN(set->family); |
1feab10d JK |
823 | |
824 | pr_debug("test by nets\n"); | |
25a76f34 | 825 | for (; j < nets_length && h->nets[j].cidr[0] && !multi; j++) { |
ea53ac5b OS |
826 | #if IPSET_NET_COUNT == 2 |
827 | mtype_data_reset_elem(d, &orig); | |
25a76f34 JK |
828 | mtype_data_netmask(d, NCIDR(h->nets[j].cidr[0]), false); |
829 | for (k = 0; k < nets_length && h->nets[k].cidr[1] && !multi; | |
ea53ac5b | 830 | k++) { |
25a76f34 | 831 | mtype_data_netmask(d, NCIDR(h->nets[k].cidr[1]), true); |
ea53ac5b | 832 | #else |
25a76f34 | 833 | mtype_data_netmask(d, NCIDR(h->nets[j].cidr[0])); |
ea53ac5b | 834 | #endif |
1feab10d JK |
835 | key = HKEY(d, h->initval, t->htable_bits); |
836 | n = hbucket(t, key); | |
837 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 838 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
839 | if (!mtype_data_equal(data, d, &multi)) |
840 | continue; | |
841 | if (SET_WITH_TIMEOUT(set)) { | |
842 | if (!ip_set_timeout_expired( | |
ca134ce8 | 843 | ext_timeout(data, set))) |
1feab10d JK |
844 | return mtype_data_match(data, ext, |
845 | mext, set, | |
846 | flags); | |
847 | #ifdef IP_SET_HASH_WITH_MULTI | |
848 | multi = 0; | |
849 | #endif | |
850 | } else | |
851 | return mtype_data_match(data, ext, | |
852 | mext, set, flags); | |
853 | } | |
ea53ac5b OS |
854 | #if IPSET_NET_COUNT == 2 |
855 | } | |
856 | #endif | |
1feab10d JK |
857 | } |
858 | return 0; | |
859 | } | |
860 | #endif | |
861 | ||
862 | /* Test whether the element is added to the set */ | |
863 | static int | |
864 | mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext, | |
865 | struct ip_set_ext *mext, u32 flags) | |
866 | { | |
867 | struct htype *h = set->data; | |
a0f28dc7 | 868 | struct htable *t; |
1feab10d JK |
869 | struct mtype_elem *d = value; |
870 | struct hbucket *n; | |
871 | struct mtype_elem *data; | |
a0f28dc7 | 872 | int i, ret = 0; |
1feab10d JK |
873 | u32 key, multi = 0; |
874 | ||
a0f28dc7 JK |
875 | rcu_read_lock_bh(); |
876 | t = rcu_dereference_bh(h->table); | |
1feab10d JK |
877 | #ifdef IP_SET_HASH_WITH_NETS |
878 | /* If we test an IP address and not a network address, | |
879 | * try all possible network sizes */ | |
ea53ac5b | 880 | for (i = 0; i < IPSET_NET_COUNT; i++) |
25a76f34 | 881 | if (GCIDR(d->cidr, i) != SET_HOST_MASK(set->family)) |
ea53ac5b OS |
882 | break; |
883 | if (i == IPSET_NET_COUNT) { | |
a0f28dc7 JK |
884 | ret = mtype_test_cidrs(set, d, ext, mext, flags); |
885 | goto out; | |
886 | } | |
1feab10d JK |
887 | #endif |
888 | ||
889 | key = HKEY(d, h->initval, t->htable_bits); | |
890 | n = hbucket(t, key); | |
891 | for (i = 0; i < n->pos; i++) { | |
ca134ce8 | 892 | data = ahash_data(n, i, set->dsize); |
1feab10d JK |
893 | if (mtype_data_equal(data, d, &multi) && |
894 | !(SET_WITH_TIMEOUT(set) && | |
ca134ce8 | 895 | ip_set_timeout_expired(ext_timeout(data, set)))) { |
a0f28dc7 JK |
896 | ret = mtype_data_match(data, ext, mext, set, flags); |
897 | goto out; | |
898 | } | |
1feab10d | 899 | } |
a0f28dc7 JK |
900 | out: |
901 | rcu_read_unlock_bh(); | |
902 | return ret; | |
1feab10d JK |
903 | } |
904 | ||
905 | /* Reply a HEADER request: fill out the header part of the set */ | |
906 | static int | |
907 | mtype_head(struct ip_set *set, struct sk_buff *skb) | |
908 | { | |
909 | const struct htype *h = set->data; | |
a0f28dc7 | 910 | const struct htable *t; |
1feab10d JK |
911 | struct nlattr *nested; |
912 | size_t memsize; | |
913 | ||
a0f28dc7 | 914 | t = rcu_dereference_bh_nfnl(h->table); |
ca134ce8 | 915 | memsize = mtype_ahash_memsize(h, t, NLEN(set->family), set->dsize); |
1feab10d JK |
916 | |
917 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); | |
918 | if (!nested) | |
919 | goto nla_put_failure; | |
920 | if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE, | |
a0f28dc7 | 921 | htonl(jhash_size(t->htable_bits))) || |
1feab10d JK |
922 | nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem))) |
923 | goto nla_put_failure; | |
924 | #ifdef IP_SET_HASH_WITH_NETMASK | |
925 | if (h->netmask != HOST_MASK && | |
926 | nla_put_u8(skb, IPSET_ATTR_NETMASK, h->netmask)) | |
927 | goto nla_put_failure; | |
4d0e5c07 VD |
928 | #endif |
929 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
930 | if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask)) | |
931 | goto nla_put_failure; | |
1feab10d JK |
932 | #endif |
933 | if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
fda75c6d OS |
934 | nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize))) |
935 | goto nla_put_failure; | |
936 | if (unlikely(ip_set_put_flags(skb, set))) | |
1feab10d JK |
937 | goto nla_put_failure; |
938 | ipset_nest_end(skb, nested); | |
939 | ||
940 | return 0; | |
941 | nla_put_failure: | |
942 | return -EMSGSIZE; | |
943 | } | |
944 | ||
945 | /* Reply a LIST/SAVE request: dump the elements of the specified set */ | |
946 | static int | |
947 | mtype_list(const struct ip_set *set, | |
948 | struct sk_buff *skb, struct netlink_callback *cb) | |
949 | { | |
950 | const struct htype *h = set->data; | |
a0f28dc7 | 951 | const struct htable *t = rcu_dereference_bh_nfnl(h->table); |
1feab10d JK |
952 | struct nlattr *atd, *nested; |
953 | const struct hbucket *n; | |
954 | const struct mtype_elem *e; | |
93302880 | 955 | u32 first = cb->args[IPSET_CB_ARG0]; |
1feab10d JK |
956 | /* We assume that one hash bucket fills into one page */ |
957 | void *incomplete; | |
958 | int i; | |
959 | ||
960 | atd = ipset_nest_start(skb, IPSET_ATTR_ADT); | |
961 | if (!atd) | |
962 | return -EMSGSIZE; | |
963 | pr_debug("list hash set %s\n", set->name); | |
93302880 JK |
964 | for (; cb->args[IPSET_CB_ARG0] < jhash_size(t->htable_bits); |
965 | cb->args[IPSET_CB_ARG0]++) { | |
1feab10d | 966 | incomplete = skb_tail_pointer(skb); |
93302880 JK |
967 | n = hbucket(t, cb->args[IPSET_CB_ARG0]); |
968 | pr_debug("cb->arg bucket: %lu, t %p n %p\n", | |
969 | cb->args[IPSET_CB_ARG0], t, n); | |
1feab10d | 970 | for (i = 0; i < n->pos; i++) { |
ca134ce8 | 971 | e = ahash_data(n, i, set->dsize); |
1feab10d | 972 | if (SET_WITH_TIMEOUT(set) && |
ca134ce8 | 973 | ip_set_timeout_expired(ext_timeout(e, set))) |
1feab10d JK |
974 | continue; |
975 | pr_debug("list hash %lu hbucket %p i %u, data %p\n", | |
93302880 | 976 | cb->args[IPSET_CB_ARG0], n, i, e); |
1feab10d JK |
977 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
978 | if (!nested) { | |
93302880 | 979 | if (cb->args[IPSET_CB_ARG0] == first) { |
1feab10d JK |
980 | nla_nest_cancel(skb, atd); |
981 | return -EMSGSIZE; | |
982 | } else | |
983 | goto nla_put_failure; | |
984 | } | |
985 | if (mtype_data_list(skb, e)) | |
986 | goto nla_put_failure; | |
3fd986b3 | 987 | if (ip_set_put_extensions(skb, set, e, true)) |
fda75c6d | 988 | goto nla_put_failure; |
1feab10d JK |
989 | ipset_nest_end(skb, nested); |
990 | } | |
991 | } | |
992 | ipset_nest_end(skb, atd); | |
993 | /* Set listing finished */ | |
93302880 | 994 | cb->args[IPSET_CB_ARG0] = 0; |
1feab10d JK |
995 | |
996 | return 0; | |
997 | ||
998 | nla_put_failure: | |
999 | nlmsg_trim(skb, incomplete); | |
93302880 | 1000 | if (unlikely(first == cb->args[IPSET_CB_ARG0])) { |
b167a37c JP |
1001 | pr_warn("Can't list set %s: one bucket does not fit into a message. Please report it!\n", |
1002 | set->name); | |
93302880 | 1003 | cb->args[IPSET_CB_ARG0] = 0; |
1feab10d JK |
1004 | return -EMSGSIZE; |
1005 | } | |
122ebbf2 | 1006 | ipset_nest_end(skb, atd); |
1feab10d JK |
1007 | return 0; |
1008 | } | |
1009 | ||
1010 | static int | |
35b8dcf8 JK |
1011 | IPSET_TOKEN(MTYPE, _kadt)(struct ip_set *set, const struct sk_buff *skb, |
1012 | const struct xt_action_param *par, | |
1013 | enum ipset_adt adt, struct ip_set_adt_opt *opt); | |
1feab10d JK |
1014 | |
1015 | static int | |
35b8dcf8 JK |
1016 | IPSET_TOKEN(MTYPE, _uadt)(struct ip_set *set, struct nlattr *tb[], |
1017 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried); | |
1feab10d JK |
1018 | |
1019 | static const struct ip_set_type_variant mtype_variant = { | |
1020 | .kadt = mtype_kadt, | |
1021 | .uadt = mtype_uadt, | |
1022 | .adt = { | |
1023 | [IPSET_ADD] = mtype_add, | |
1024 | [IPSET_DEL] = mtype_del, | |
1025 | [IPSET_TEST] = mtype_test, | |
1026 | }, | |
1027 | .destroy = mtype_destroy, | |
1028 | .flush = mtype_flush, | |
1029 | .head = mtype_head, | |
1030 | .list = mtype_list, | |
1031 | .resize = mtype_resize, | |
1032 | .same_set = mtype_same_set, | |
1033 | }; | |
1034 | ||
1035 | #ifdef IP_SET_EMIT_CREATE | |
1036 | static int | |
1785e8f4 VL |
1037 | IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, |
1038 | struct nlattr *tb[], u32 flags) | |
1feab10d JK |
1039 | { |
1040 | u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; | |
4d0e5c07 VD |
1041 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1042 | u32 markmask; | |
1043 | #endif | |
1feab10d JK |
1044 | u8 hbits; |
1045 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1046 | u8 netmask; | |
1047 | #endif | |
1048 | size_t hsize; | |
43ef29c9 | 1049 | struct htype *h; |
a0f28dc7 | 1050 | struct htable *t; |
1feab10d | 1051 | |
07034aea | 1052 | #ifndef IP_SET_PROTO_UNDEF |
1feab10d JK |
1053 | if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) |
1054 | return -IPSET_ERR_INVALID_FAMILY; | |
07034aea | 1055 | #endif |
4d0e5c07 VD |
1056 | |
1057 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
1058 | markmask = 0xffffffff; | |
1059 | #endif | |
1feab10d JK |
1060 | #ifdef IP_SET_HASH_WITH_NETMASK |
1061 | netmask = set->family == NFPROTO_IPV4 ? 32 : 128; | |
1062 | pr_debug("Create set %s with family %s\n", | |
1063 | set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); | |
1064 | #endif | |
1065 | ||
1066 | if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || | |
1067 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || | |
4d0e5c07 VD |
1068 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1069 | !ip_set_optattr_netorder(tb, IPSET_ATTR_MARKMASK) || | |
1070 | #endif | |
1feab10d JK |
1071 | !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) || |
1072 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) | |
1073 | return -IPSET_ERR_PROTOCOL; | |
1074 | ||
1075 | if (tb[IPSET_ATTR_HASHSIZE]) { | |
1076 | hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]); | |
1077 | if (hashsize < IPSET_MIMINAL_HASHSIZE) | |
1078 | hashsize = IPSET_MIMINAL_HASHSIZE; | |
1079 | } | |
1080 | ||
1081 | if (tb[IPSET_ATTR_MAXELEM]) | |
1082 | maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]); | |
1083 | ||
1084 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1085 | if (tb[IPSET_ATTR_NETMASK]) { | |
1086 | netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); | |
1087 | ||
1088 | if ((set->family == NFPROTO_IPV4 && netmask > 32) || | |
1089 | (set->family == NFPROTO_IPV6 && netmask > 128) || | |
1090 | netmask == 0) | |
1091 | return -IPSET_ERR_INVALID_NETMASK; | |
1092 | } | |
1093 | #endif | |
4d0e5c07 VD |
1094 | #ifdef IP_SET_HASH_WITH_MARKMASK |
1095 | if (tb[IPSET_ATTR_MARKMASK]) { | |
1096 | markmask = ntohl(nla_get_u32(tb[IPSET_ATTR_MARKMASK])); | |
1097 | ||
ecc245c2 | 1098 | if (markmask == 0) |
4d0e5c07 VD |
1099 | return -IPSET_ERR_INVALID_MARKMASK; |
1100 | } | |
1101 | #endif | |
1feab10d JK |
1102 | |
1103 | hsize = sizeof(*h); | |
1104 | #ifdef IP_SET_HASH_WITH_NETS | |
77b4311d | 1105 | hsize += sizeof(struct net_prefixes) * NLEN(set->family); |
1feab10d JK |
1106 | #endif |
1107 | h = kzalloc(hsize, GFP_KERNEL); | |
1108 | if (!h) | |
1109 | return -ENOMEM; | |
1110 | ||
1111 | h->maxelem = maxelem; | |
1112 | #ifdef IP_SET_HASH_WITH_NETMASK | |
1113 | h->netmask = netmask; | |
4d0e5c07 VD |
1114 | #endif |
1115 | #ifdef IP_SET_HASH_WITH_MARKMASK | |
1116 | h->markmask = markmask; | |
1feab10d JK |
1117 | #endif |
1118 | get_random_bytes(&h->initval, sizeof(h->initval)); | |
ca134ce8 | 1119 | set->timeout = IPSET_NO_TIMEOUT; |
1feab10d JK |
1120 | |
1121 | hbits = htable_bits(hashsize); | |
1122 | hsize = htable_size(hbits); | |
1123 | if (hsize == 0) { | |
1124 | kfree(h); | |
1125 | return -ENOMEM; | |
1126 | } | |
a0f28dc7 JK |
1127 | t = ip_set_alloc(hsize); |
1128 | if (!t) { | |
1feab10d JK |
1129 | kfree(h); |
1130 | return -ENOMEM; | |
1131 | } | |
a0f28dc7 JK |
1132 | t->htable_bits = hbits; |
1133 | rcu_assign_pointer(h->table, t); | |
1feab10d JK |
1134 | |
1135 | set->data = h; | |
07034aea | 1136 | #ifndef IP_SET_PROTO_UNDEF |
40cd63bf | 1137 | if (set->family == NFPROTO_IPV4) { |
07034aea | 1138 | #endif |
35b8dcf8 | 1139 | set->variant = &IPSET_TOKEN(HTYPE, 4_variant); |
03c8b234 JK |
1140 | set->dsize = ip_set_elem_len(set, tb, |
1141 | sizeof(struct IPSET_TOKEN(HTYPE, 4_elem))); | |
07034aea | 1142 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1143 | } else { |
35b8dcf8 | 1144 | set->variant = &IPSET_TOKEN(HTYPE, 6_variant); |
03c8b234 JK |
1145 | set->dsize = ip_set_elem_len(set, tb, |
1146 | sizeof(struct IPSET_TOKEN(HTYPE, 6_elem))); | |
1147 | } | |
07034aea | 1148 | #endif |
03c8b234 | 1149 | if (tb[IPSET_ATTR_TIMEOUT]) { |
ca134ce8 | 1150 | set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); |
07034aea | 1151 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1152 | if (set->family == NFPROTO_IPV4) |
07034aea | 1153 | #endif |
35b8dcf8 JK |
1154 | IPSET_TOKEN(HTYPE, 4_gc_init)(set, |
1155 | IPSET_TOKEN(HTYPE, 4_gc)); | |
07034aea | 1156 | #ifndef IP_SET_PROTO_UNDEF |
03c8b234 | 1157 | else |
35b8dcf8 JK |
1158 | IPSET_TOKEN(HTYPE, 6_gc_init)(set, |
1159 | IPSET_TOKEN(HTYPE, 6_gc)); | |
07034aea | 1160 | #endif |
1feab10d | 1161 | } |
1feab10d | 1162 | pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n", |
a0f28dc7 JK |
1163 | set->name, jhash_size(t->htable_bits), |
1164 | t->htable_bits, h->maxelem, set->data, t); | |
1feab10d JK |
1165 | |
1166 | return 0; | |
1167 | } | |
1168 | #endif /* IP_SET_EMIT_CREATE */ | |
58cc06da SP |
1169 | |
1170 | #undef HKEY_DATALEN |