[linux-2.6-block.git] / net / netfilter / ipset / ip_set_hash_ipport.c

// SPDX-License-Identifier: GPL-2.0-only
/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org> */

/* Kernel module implementing an IP set type: the hash:ip,port type */

#include <linux/jhash.h>
#include <linux/module.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/errno.h>
#include <linux/random.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <net/netlink.h>
#include <net/tcp.h>

#include <linux/netfilter.h>
#include <linux/netfilter/ipset/pfxlen.h>
#include <linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
#include <linux/netfilter/ipset/ip_set_hash.h>

#define IPSET_TYPE_REV_MIN	0
/*				1    SCTP and UDPLITE support added */
/*				2    Counters support added */
/*				3    Comments support added */
/*				4    Forceadd support added */
#define IPSET_TYPE_REV_MAX	5 /* skbinfo support added */

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
IP_SET_MODULE_DESC("hash:ip,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
MODULE_ALIAS("ip_set_hash:ip,port");

/* Type specific function prefix */
#define HTYPE		hash_ipport

/* IPv4 variant */

/* Member elements */
struct hash_ipport4_elem {
	__be32 ip;
	__be16 port;
	u8 proto;
	u8 padding;
};

/* Common functions */

static inline bool
hash_ipport4_data_equal(const struct hash_ipport4_elem *ip1,
			const struct hash_ipport4_elem *ip2,
			u32 *multi)
{
	return ip1->ip == ip2->ip &&
	       ip1->port == ip2->port &&
	       ip1->proto == ip2->proto;
}

static bool
hash_ipport4_data_list(struct sk_buff *skb,
		       const struct hash_ipport4_elem *data)
{
	if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
	    nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
	    nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
		goto nla_put_failure;
	return false;

nla_put_failure:
	return true;
}

static inline void
hash_ipport4_data_next(struct hash_ipport4_elem *next,
		       const struct hash_ipport4_elem *d)
{
	next->ip = d->ip;
	next->port = d->port;
}

#define MTYPE		hash_ipport4
#define HOST_MASK	32
#include "ip_set_hash_gen.h"

static int
hash_ipport4_kadt(struct ip_set *set, const struct sk_buff *skb,
		  const struct xt_action_param *par,
		  enum ipset_adt adt, struct ip_set_adt_opt *opt)
{
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipport4_elem e = { .ip = 0 };
	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);

	if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
				 &e.port, &e.proto))
		return -EINVAL;

	ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}

static int
hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
		  enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
	const struct hash_ipport4 *h = set->data;
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipport4_elem e = { .ip = 0 };
	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
	u32 ip, ip_to = 0, p = 0, port, port_to;
	bool with_ports = false;
	int ret;

	if (tb[IPSET_ATTR_LINENO])
		*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);

	if (unlikely(!tb[IPSET_ATTR_IP] ||
		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
		return -IPSET_ERR_PROTOCOL;

	ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
	if (ret)
		return ret;

	ret = ip_set_get_extensions(set, tb, &ext);
	if (ret)
		return ret;

	e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);

	if (tb[IPSET_ATTR_PROTO]) {
		e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
		with_ports = ip_set_proto_with_ports(e.proto);

		if (e.proto == 0)
			return -IPSET_ERR_INVALID_PROTO;
	} else {
		return -IPSET_ERR_MISSING_PROTO;
	}

	if (!(with_ports || e.proto == IPPROTO_ICMP))
		e.port = 0;

	if (adt == IPSET_TEST ||
	    !(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_CIDR] ||
	      tb[IPSET_ATTR_PORT_TO])) {
		ret = adtfn(set, &e, &ext, &ext, flags);
		return ip_set_eexist(ret, flags) ? 0 : ret;
	}

	ip_to = ip = ntohl(e.ip);
	if (tb[IPSET_ATTR_IP_TO]) {
		ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
		if (ret)
			return ret;
		if (ip > ip_to)
			swap(ip, ip_to);
	} else if (tb[IPSET_ATTR_CIDR]) {
		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);

		if (!cidr || cidr > HOST_MASK)
			return -IPSET_ERR_INVALID_CIDR;
		ip_set_mask_from_to(ip, ip_to, cidr);
	}

	port_to = port = ntohs(e.port);
	if (with_ports && tb[IPSET_ATTR_PORT_TO]) {
		port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
		if (port > port_to)
			swap(port, port_to);
	}

	if (retried)
		ip = ntohl(h->next.ip);
	for (; ip <= ip_to; ip++) {
		p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
						       : port;
		for (; p <= port_to; p++) {
			e.ip = htonl(ip);
			e.port = htons(p);
			ret = adtfn(set, &e, &ext, &ext, flags);

			if (ret && !ip_set_eexist(ret, flags))
				return ret;

			ret = 0;
		}
	}
	return ret;
}

/* IPv6 variant */

struct hash_ipport6_elem {
	union nf_inet_addr ip;
	__be16 port;
	u8 proto;
	u8 padding;
};

/* Common functions */

static inline bool
hash_ipport6_data_equal(const struct hash_ipport6_elem *ip1,
			const struct hash_ipport6_elem *ip2,
			u32 *multi)
{
	return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
	       ip1->port == ip2->port &&
	       ip1->proto == ip2->proto;
}

static bool
hash_ipport6_data_list(struct sk_buff *skb,
		       const struct hash_ipport6_elem *data)
{
	if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
	    nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
	    nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
		goto nla_put_failure;
	return false;

nla_put_failure:
	return true;
}

static inline void
hash_ipport6_data_next(struct hash_ipport6_elem *next,
		       const struct hash_ipport6_elem *d)
{
	next->port = d->port;
}

#undef MTYPE
#undef HOST_MASK

#define MTYPE		hash_ipport6
#define HOST_MASK	128
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h"

static int
hash_ipport6_kadt(struct ip_set *set, const struct sk_buff *skb,
		  const struct xt_action_param *par,
		  enum ipset_adt adt, struct ip_set_adt_opt *opt)
{
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipport6_elem e = { .ip = { .all = { 0 } } };
	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);

	if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
				 &e.port, &e.proto))
		return -EINVAL;

	ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}

static int
hash_ipport6_uadt(struct ip_set *set, struct nlattr *tb[],
		  enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
	const struct hash_ipport6 *h = set->data;
	ipset_adtfn adtfn = set->variant->adt[adt];
	struct hash_ipport6_elem e = { .ip = { .all = { 0 } } };
	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
	u32 port, port_to;
	bool with_ports = false;
	int ret;

	if (tb[IPSET_ATTR_LINENO])
		*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);

	if (unlikely(!tb[IPSET_ATTR_IP] ||
		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
		return -IPSET_ERR_PROTOCOL;
	if (unlikely(tb[IPSET_ATTR_IP_TO]))
		return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;
	if (unlikely(tb[IPSET_ATTR_CIDR])) {
		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);

		if (cidr != HOST_MASK)
			return -IPSET_ERR_INVALID_CIDR;
	}

	ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
	if (ret)
		return ret;

	ret = ip_set_get_extensions(set, tb, &ext);
	if (ret)
		return ret;

	e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);

	if (tb[IPSET_ATTR_PROTO]) {
		e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
		with_ports = ip_set_proto_with_ports(e.proto);

		if (e.proto == 0)
			return -IPSET_ERR_INVALID_PROTO;
	} else {
		return -IPSET_ERR_MISSING_PROTO;
	}

	if (!(with_ports || e.proto == IPPROTO_ICMPV6))
		e.port = 0;

	if (adt == IPSET_TEST || !with_ports || !tb[IPSET_ATTR_PORT_TO]) {
		ret = adtfn(set, &e, &ext, &ext, flags);
		return ip_set_eexist(ret, flags) ? 0 : ret;
	}

	port = ntohs(e.port);
	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	if (port > port_to)
		swap(port, port_to);

	if (retried)
		port = ntohs(h->next.port);
	for (; port <= port_to; port++) {
		e.port = htons(port);
		ret = adtfn(set, &e, &ext, &ext, flags);

		if (ret && !ip_set_eexist(ret, flags))
			return ret;

		ret = 0;
	}
	return ret;
}

static struct ip_set_type hash_ipport_type __read_mostly = {
	.name		= "hash:ip,port",
	.protocol	= IPSET_PROTOCOL,
	.features	= IPSET_TYPE_IP | IPSET_TYPE_PORT,
	.dimension	= IPSET_DIM_TWO,
	.family		= NFPROTO_UNSPEC,
	.revision_min	= IPSET_TYPE_REV_MIN,
	.revision_max	= IPSET_TYPE_REV_MAX,
	.create		= hash_ipport_create,
	.create_policy	= {
		[IPSET_ATTR_HASHSIZE]	= { .type = NLA_U32 },
		[IPSET_ATTR_MAXELEM]	= { .type = NLA_U32 },
		[IPSET_ATTR_PROBES]	= { .type = NLA_U8 },
		[IPSET_ATTR_RESIZE]	= { .type = NLA_U8  },
		[IPSET_ATTR_PROTO]	= { .type = NLA_U8 },
		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
		[IPSET_ATTR_CADT_FLAGS]	= { .type = NLA_U32 },
	},
	.adt_policy	= {
		[IPSET_ATTR_IP]		= { .type = NLA_NESTED },
		[IPSET_ATTR_IP_TO]	= { .type = NLA_NESTED },
		[IPSET_ATTR_PORT]	= { .type = NLA_U16 },
		[IPSET_ATTR_PORT_TO]	= { .type = NLA_U16 },
		[IPSET_ATTR_CIDR]	= { .type = NLA_U8 },
		[IPSET_ATTR_PROTO]	= { .type = NLA_U8 },
		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },
		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },
		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },
		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING,
					    .len  = IPSET_MAX_COMMENT_SIZE },
		[IPSET_ATTR_SKBMARK]	= { .type = NLA_U64 },
		[IPSET_ATTR_SKBPRIO]	= { .type = NLA_U32 },
		[IPSET_ATTR_SKBQUEUE]	= { .type = NLA_U16 },
	},
	.me		= THIS_MODULE,
};

static int __init
hash_ipport_init(void)
{
	return ip_set_type_register(&hash_ipport_type);
}

static void __exit
hash_ipport_fini(void)
{
	rcu_barrier();
	ip_set_type_unregister(&hash_ipport_type);
}

module_init(hash_ipport_init);
module_exit(hash_ipport_fini);
Commit	Line	Data
d2912cb1	1	// SPDX-License-Identifier: GPL-2.0-only
1c5ba67d	2	/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org> */
07896ed3 JK	3
	4	/* Kernel module implementing an IP set type: the hash:ip,port type */
	5
	6	#include <linux/jhash.h>
	7	#include <linux/module.h>
	8	#include <linux/ip.h>
	9	#include <linux/skbuff.h>
	10	#include <linux/errno.h>
07896ed3 JK	11	#include <linux/random.h>
	12	#include <net/ip.h>
	13	#include <net/ipv6.h>
	14	#include <net/netlink.h>
	15	#include <net/tcp.h>
	16
	17	#include <linux/netfilter.h>
	18	#include <linux/netfilter/ipset/pfxlen.h>
	19	#include <linux/netfilter/ipset/ip_set.h>
07896ed3 JK	20	#include <linux/netfilter/ipset/ip_set_getport.h>
	21	#include <linux/netfilter/ipset/ip_set_hash.h>
	22
35b8dcf8 JK	23	#define IPSET_TYPE_REV_MIN 0
35b8dcf8 JK	24	/* 1 SCTP and UDPLITE support added */
fda75c6d	25	/* 2 Counters support added */
07cf8f5a	26	/* 3 Comments support added */
af331419 AD	27	/* 4 Forceadd support added */
af331419 AD	28	#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
10111a6e	29
07896ed3	30	MODULE_LICENSE("GPL");
fe03d474	31	MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
35b8dcf8	32	IP_SET_MODULE_DESC("hash:ip,port", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX);
07896ed3 JK	33	MODULE_ALIAS("ip_set_hash:ip,port");
	34
	35	/* Type specific function prefix */
5d50e1d8	36	#define HTYPE hash_ipport
07896ed3	37
03c8b234	38	/* IPv4 variant */
07896ed3	39
5d50e1d8	40	/* Member elements */
07896ed3 JK	41	struct hash_ipport4_elem {
	42	__be32 ip;
	43	__be16 port;
	44	u8 proto;
	45	u8 padding;
	46	};
	47
5d50e1d8 JK	48	/* Common functions */
5d50e1d8 JK	49
07896ed3 JK	50	static inline bool
07896ed3 JK	51	hash_ipport4_data_equal(const struct hash_ipport4_elem *ip1,
89dc79b7 JK	52	const struct hash_ipport4_elem *ip2,
89dc79b7 JK	53	u32 *multi)
07896ed3 JK	54	{
	55	return ip1->ip == ip2->ip &&
	56	ip1->port == ip2->port &&
	57	ip1->proto == ip2->proto;
	58	}
	59
07896ed3 JK	60	static bool
	61	hash_ipport4_data_list(struct sk_buff *skb,
	62	const struct hash_ipport4_elem *data)
	63	{
7cf7899d DM	64	if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) \|\|
	65	nla_put_net16(skb, IPSET_ATTR_PORT, data->port) \|\|
	66	nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
	67	goto nla_put_failure;
728a7e69	68	return false;
07896ed3 JK	69
07896ed3 JK	70	nla_put_failure:
728a7e69	71	return true;
07896ed3 JK	72	}
07896ed3 JK	73
3d14b171	74	static inline void
5d50e1d8	75	hash_ipport4_data_next(struct hash_ipport4_elem *next,
3d14b171 JK	76	const struct hash_ipport4_elem *d)
3d14b171 JK	77	{
5d50e1d8 JK	78	next->ip = d->ip;
5d50e1d8 JK	79	next->port = d->port;
3d14b171 JK	80	}
3d14b171 JK	81
1823fb79 SP	82	#define MTYPE hash_ipport4
1823fb79 SP	83	#define HOST_MASK 32
5d50e1d8 JK	84	#include "ip_set_hash_gen.h"
5d50e1d8 JK	85
07896ed3 JK	86	static int
07896ed3 JK	87	hash_ipport4_kadt(struct ip_set set, const struct sk_buff skb,
b66554cf	88	const struct xt_action_param *par,
5d50e1d8	89	enum ipset_adt adt, struct ip_set_adt_opt *opt)
07896ed3	90	{
07896ed3	91	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	92	struct hash_ipport4_elem e = { .ip = 0 };
ca134ce8	93	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
07896ed3	94
ac8cc925	95	if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
5d50e1d8	96	&e.port, &e.proto))
07896ed3 JK	97	return -EINVAL;
07896ed3 JK	98
5d50e1d8 JK	99	ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
5d50e1d8 JK	100	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
07896ed3 JK	101	}
	102
	103	static int
	104	hash_ipport4_uadt(struct ip_set set, struct nlattr tb[],
3d14b171	105	enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
07896ed3	106	{
21956ab2	107	const struct hash_ipport4 *h = set->data;
07896ed3	108	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	109	struct hash_ipport4_elem e = { .ip = 0 };
ca134ce8	110	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
20b2fab4	111	u32 ip, ip_to = 0, p = 0, port, port_to;
5e0c1eb7	112	bool with_ports = false;
07896ed3 JK	113	int ret;
07896ed3 JK	114
a212e08e SP	115	if (tb[IPSET_ATTR_LINENO])
	116	*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
	117
07896ed3 JK	118	if (unlikely(!tb[IPSET_ATTR_IP] \|\|
07896ed3 JK	119	!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) \|\|
7dd37bc8	120	!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
07896ed3 JK	121	return -IPSET_ERR_PROTOCOL;
07896ed3 JK	122
8e55d2e5 SP	123	ret = ip_set_get_ipaddr4(tb[IPSET_ATTR_IP], &e.ip);
	124	if (ret)
	125	return ret;
	126
	127	ret = ip_set_get_extensions(set, tb, &ext);
07896ed3 JK	128	if (ret)
	129	return ret;
	130
d25472e4	131	e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
07896ed3 JK	132
07896ed3 JK	133	if (tb[IPSET_ATTR_PROTO]) {
5d50e1d8 JK	134	e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
5d50e1d8 JK	135	with_ports = ip_set_proto_with_ports(e.proto);
07896ed3	136
5d50e1d8	137	if (e.proto == 0)
07896ed3	138	return -IPSET_ERR_INVALID_PROTO;
ca0f6a5c	139	} else {
07896ed3	140	return -IPSET_ERR_MISSING_PROTO;
ca0f6a5c	141	}
07896ed3	142
5d50e1d8 JK	143	if (!(with_ports \|\| e.proto == IPPROTO_ICMP))
5d50e1d8 JK	144	e.port = 0;
07896ed3 JK	145
07896ed3 JK	146	if (adt == IPSET_TEST \|\|
07896ed3 JK	147	!(tb[IPSET_ATTR_IP_TO] \|\| tb[IPSET_ATTR_CIDR] \|\|
07896ed3 JK	148	tb[IPSET_ATTR_PORT_TO])) {
5d50e1d8	149	ret = adtfn(set, &e, &ext, &ext, flags);
07896ed3 JK	150	return ip_set_eexist(ret, flags) ? 0 : ret;
	151	}
	152
5d50e1d8	153	ip_to = ip = ntohl(e.ip);
07896ed3 JK	154	if (tb[IPSET_ATTR_IP_TO]) {
	155	ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
	156	if (ret)
	157	return ret;
	158	if (ip > ip_to)
	159	swap(ip, ip_to);
	160	} else if (tb[IPSET_ATTR_CIDR]) {
	161	u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
	162
cabfd139	163	if (!cidr \|\| cidr > HOST_MASK)
07896ed3	164	return -IPSET_ERR_INVALID_CIDR;
e6146e86	165	ip_set_mask_from_to(ip, ip_to, cidr);
4fe198e6	166	}
07896ed3	167
5d50e1d8	168	port_to = port = ntohs(e.port);
5e0c1eb7	169	if (with_ports && tb[IPSET_ATTR_PORT_TO]) {
07896ed3 JK	170	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	171	if (port > port_to)
	172	swap(port, port_to);
5e0c1eb7	173	}
07896ed3	174
3d14b171	175	if (retried)
6e27c9b4	176	ip = ntohl(h->next.ip);
48596a8d	177	for (; ip <= ip_to; ip++) {
6e27c9b4 JK	178	p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)
6e27c9b4 JK	179	: port;
3d14b171	180	for (; p <= port_to; p++) {
5d50e1d8 JK	181	e.ip = htonl(ip);
	182	e.port = htons(p);
	183	ret = adtfn(set, &e, &ext, &ext, flags);
07896ed3 JK	184
	185	if (ret && !ip_set_eexist(ret, flags))
	186	return ret;
ca0f6a5c JK	187
ca0f6a5c JK	188	ret = 0;
07896ed3	189	}
3d14b171	190	}
07896ed3 JK	191	return ret;
	192	}
	193
03c8b234	194	/* IPv6 variant */
07896ed3 JK	195
	196	struct hash_ipport6_elem {
	197	union nf_inet_addr ip;
	198	__be16 port;
	199	u8 proto;
	200	u8 padding;
	201	};
	202
5d50e1d8 JK	203	/* Common functions */
5d50e1d8 JK	204
07896ed3 JK	205	static inline bool
07896ed3 JK	206	hash_ipport6_data_equal(const struct hash_ipport6_elem *ip1,
89dc79b7 JK	207	const struct hash_ipport6_elem *ip2,
89dc79b7 JK	208	u32 *multi)
07896ed3	209	{
29e3b160	210	return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) &&
07896ed3 JK	211	ip1->port == ip2->port &&
	212	ip1->proto == ip2->proto;
	213	}
	214
07896ed3 JK	215	static bool
	216	hash_ipport6_data_list(struct sk_buff *skb,
	217	const struct hash_ipport6_elem *data)
	218	{
7cf7899d DM	219	if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) \|\|
	220	nla_put_net16(skb, IPSET_ATTR_PORT, data->port) \|\|
	221	nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
	222	goto nla_put_failure;
728a7e69	223	return false;
07896ed3 JK	224
07896ed3 JK	225	nla_put_failure:
728a7e69	226	return true;
07896ed3 JK	227	}
07896ed3 JK	228
5d50e1d8	229	static inline void
21956ab2	230	hash_ipport6_data_next(struct hash_ipport6_elem *next,
5d50e1d8	231	const struct hash_ipport6_elem *d)
07896ed3	232	{
5d50e1d8	233	next->port = d->port;
07896ed3 JK	234	}
07896ed3 JK	235
5d50e1d8	236	#undef MTYPE
07896ed3 JK	237	#undef HOST_MASK
07896ed3 JK	238
5d50e1d8	239	#define MTYPE hash_ipport6
07896ed3	240	#define HOST_MASK 128
1823fb79	241	#define IP_SET_EMIT_CREATE
5d50e1d8	242	#include "ip_set_hash_gen.h"
3d14b171	243
07896ed3 JK	244	static int
07896ed3 JK	245	hash_ipport6_kadt(struct ip_set set, const struct sk_buff skb,
b66554cf	246	const struct xt_action_param *par,
5d50e1d8	247	enum ipset_adt adt, struct ip_set_adt_opt *opt)
07896ed3	248	{
07896ed3	249	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	250	struct hash_ipport6_elem e = { .ip = { .all = { 0 } } };
ca134ce8	251	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
07896ed3	252
ac8cc925	253	if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
5d50e1d8	254	&e.port, &e.proto))
07896ed3 JK	255	return -EINVAL;
07896ed3 JK	256
5d50e1d8 JK	257	ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
5d50e1d8 JK	258	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
07896ed3 JK	259	}
	260
	261	static int
	262	hash_ipport6_uadt(struct ip_set set, struct nlattr tb[],
3d14b171	263	enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
07896ed3	264	{
21956ab2	265	const struct hash_ipport6 *h = set->data;
07896ed3	266	ipset_adtfn adtfn = set->variant->adt[adt];
94729f8a	267	struct hash_ipport6_elem e = { .ip = { .all = { 0 } } };
ca134ce8	268	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
07896ed3	269	u32 port, port_to;
5e0c1eb7	270	bool with_ports = false;
07896ed3 JK	271	int ret;
07896ed3 JK	272
a212e08e SP	273	if (tb[IPSET_ATTR_LINENO])
	274	*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
	275
07896ed3 JK	276	if (unlikely(!tb[IPSET_ATTR_IP] \|\|
07896ed3 JK	277	!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) \|\|
2c227f27	278	!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO)))
07896ed3	279	return -IPSET_ERR_PROTOCOL;
2c227f27 SP	280	if (unlikely(tb[IPSET_ATTR_IP_TO]))
	281	return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;
	282	if (unlikely(tb[IPSET_ATTR_CIDR])) {
	283	u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
	284
	285	if (cidr != HOST_MASK)
	286	return -IPSET_ERR_INVALID_CIDR;
	287	}
07896ed3	288
8e55d2e5 SP	289	ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip);
	290	if (ret)
	291	return ret;
	292
	293	ret = ip_set_get_extensions(set, tb, &ext);
07896ed3 JK	294	if (ret)
	295	return ret;
	296
d25472e4	297	e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
07896ed3 JK	298
07896ed3 JK	299	if (tb[IPSET_ATTR_PROTO]) {
5d50e1d8 JK	300	e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
5d50e1d8 JK	301	with_ports = ip_set_proto_with_ports(e.proto);
07896ed3	302
5d50e1d8	303	if (e.proto == 0)
07896ed3	304	return -IPSET_ERR_INVALID_PROTO;
ca0f6a5c	305	} else {
07896ed3	306	return -IPSET_ERR_MISSING_PROTO;
ca0f6a5c	307	}
07896ed3	308
5d50e1d8 JK	309	if (!(with_ports \|\| e.proto == IPPROTO_ICMPV6))
5d50e1d8 JK	310	e.port = 0;
07896ed3	311
5e0c1eb7	312	if (adt == IPSET_TEST \|\| !with_ports \|\| !tb[IPSET_ATTR_PORT_TO]) {
5d50e1d8	313	ret = adtfn(set, &e, &ext, &ext, flags);
07896ed3 JK	314	return ip_set_eexist(ret, flags) ? 0 : ret;
	315	}
	316
5d50e1d8	317	port = ntohs(e.port);
07896ed3 JK	318	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	319	if (port > port_to)
	320	swap(port, port_to);
	321
3d14b171	322	if (retried)
6e27c9b4	323	port = ntohs(h->next.port);
07896ed3	324	for (; port <= port_to; port++) {
5d50e1d8 JK	325	e.port = htons(port);
5d50e1d8 JK	326	ret = adtfn(set, &e, &ext, &ext, flags);
07896ed3 JK	327
	328	if (ret && !ip_set_eexist(ret, flags))
	329	return ret;
ca0f6a5c JK	330
ca0f6a5c JK	331	ret = 0;
07896ed3 JK	332	}
	333	return ret;
	334	}
	335
07896ed3 JK	336	static struct ip_set_type hash_ipport_type __read_mostly = {
	337	.name = "hash:ip,port",
	338	.protocol = IPSET_PROTOCOL,
	339	.features = IPSET_TYPE_IP \| IPSET_TYPE_PORT,
	340	.dimension = IPSET_DIM_TWO,
c15f1c83	341	.family = NFPROTO_UNSPEC,
35b8dcf8 JK	342	.revision_min = IPSET_TYPE_REV_MIN,
35b8dcf8 JK	343	.revision_max = IPSET_TYPE_REV_MAX,
07896ed3 JK	344	.create = hash_ipport_create,
	345	.create_policy = {
	346	[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
	347	[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
	348	[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
	349	[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
	350	[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
	351	[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
00d71b27	352	[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
07896ed3 JK	353	},
	354	.adt_policy = {
	355	[IPSET_ATTR_IP] = { .type = NLA_NESTED },
	356	[IPSET_ATTR_IP_TO] = { .type = NLA_NESTED },
	357	[IPSET_ATTR_PORT] = { .type = NLA_U16 },
	358	[IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
	359	[IPSET_ATTR_CIDR] = { .type = NLA_U8 },
	360	[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
	361	[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
	362	[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
00d71b27 JK	363	[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
00d71b27 JK	364	[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
03726186 SP	365	[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
03726186 SP	366	.len = IPSET_MAX_COMMENT_SIZE },
af331419 AD	367	[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
	368	[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
	369	[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
07896ed3 JK	370	},
	371	.me = THIS_MODULE,
	372	};
	373
	374	static int __init
	375	hash_ipport_init(void)
	376	{
	377	return ip_set_type_register(&hash_ipport_type);
	378	}
	379
	380	static void __exit
	381	hash_ipport_fini(void)
	382	{
18f84d41	383	rcu_barrier();
07896ed3 JK	384	ip_set_type_unregister(&hash_ipport_type);
	385	}
	386
	387	module_init(hash_ipport_init);
	388	module_exit(hash_ipport_fini);