summaryrefslogtreecommitdiff
path: root/include/linux/netfilter
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-04-27 14:28:55 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-04-29 20:08:54 +0200
commit075e64c041b5d3c29651965608e1e76505e01d54 (patch)
tree471cbca37506311f347a673335aba37040591d88 /include/linux/netfilter
parent8672d4d1a00b59057bb1f9659259967d2a19e086 (diff)
netfilter: ipset: Introduce extensions to elements in the core
Introduce extensions to elements in the core and prepare timeout as the first one. This patch also modifies the em_ipset classifier to use the new extension struct layout. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/ipset/ip_set.h46
-rw-r--r--include/linux/netfilter/ipset/ip_set_timeout.h102
2 files changed, 61 insertions, 87 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 970187187f5b..bf0220cbf46a 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -1,7 +1,7 @@
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se>
- * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ * Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -47,10 +47,30 @@ enum ip_set_feature {
IPSET_DUMP_LAST = (1 << IPSET_DUMP_LAST_FLAG),
};
+/* Set extensions */
+enum ip_set_extension {
+ IPSET_EXT_NONE = 0,
+ IPSET_EXT_BIT_TIMEOUT = 1,
+ IPSET_EXT_TIMEOUT = (1 << IPSET_EXT_BIT_TIMEOUT),
+};
+
+/* Extension offsets */
+enum ip_set_offset {
+ IPSET_OFFSET_TIMEOUT = 0,
+ IPSET_OFFSET_MAX,
+};
+
+#define SET_WITH_TIMEOUT(s) ((s)->extensions & IPSET_EXT_TIMEOUT)
+
+struct ip_set_ext {
+ unsigned long timeout;
+};
+
struct ip_set;
typedef int (*ipset_adtfn)(struct ip_set *set, void *value,
- u32 timeout, u32 flags);
+ const struct ip_set_ext *ext,
+ struct ip_set_ext *mext, u32 flags);
/* Kernel API function options */
struct ip_set_adt_opt {
@@ -58,7 +78,7 @@ struct ip_set_adt_opt {
u8 dim; /* Dimension of match/target */
u8 flags; /* Direction and negation flags */
u32 cmdflags; /* Command-like flags */
- u32 timeout; /* Timeout value */
+ struct ip_set_ext ext; /* Extensions */
};
/* Set type, variant-specific part */
@@ -69,7 +89,7 @@ struct ip_set_type_variant {
* positive for matching element */
int (*kadt)(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
- enum ipset_adt adt, const struct ip_set_adt_opt *opt);
+ enum ipset_adt adt, struct ip_set_adt_opt *opt);
/* Userspace: test/add/del entries
* returns negative error code,
@@ -151,6 +171,8 @@ struct ip_set {
u8 family;
/* The type revision */
u8 revision;
+ /* Extensions */
+ u8 extensions;
/* The type specific data */
void *data;
};
@@ -167,19 +189,21 @@ extern void ip_set_nfnl_put(ip_set_id_t index);
extern int ip_set_add(ip_set_id_t id, const struct sk_buff *skb,
const struct xt_action_param *par,
- const struct ip_set_adt_opt *opt);
+ struct ip_set_adt_opt *opt);
extern int ip_set_del(ip_set_id_t id, const struct sk_buff *skb,
const struct xt_action_param *par,
- const struct ip_set_adt_opt *opt);
+ struct ip_set_adt_opt *opt);
extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb,
const struct xt_action_param *par,
- const struct ip_set_adt_opt *opt);
+ struct ip_set_adt_opt *opt);
/* Utility functions */
extern void *ip_set_alloc(size_t size);
extern void ip_set_free(void *members);
extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr);
extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr);
+extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
+ struct ip_set_ext *ext);
static inline int
ip_set_get_hostipaddr4(struct nlattr *nla, u32 *ipaddr)
@@ -292,4 +316,12 @@ bitmap_bytes(u32 a, u32 b)
return 4 * ((((b - a + 8) / 8) + 3) / 4);
}
+#include <linux/netfilter/ipset/ip_set_timeout.h>
+
+#define IP_SET_INIT_KEXT(skb, opt, map) \
+ { .timeout = ip_set_adt_opt_timeout(opt, map) }
+
+#define IP_SET_INIT_UEXT(map) \
+ { .timeout = (map)->timeout }
+
#endif /*_IP_SET_H */
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index 41d9cfa08167..3aac04167ca7 100644
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -1,7 +1,7 @@
#ifndef _IP_SET_TIMEOUT_H
#define _IP_SET_TIMEOUT_H
-/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -17,13 +17,14 @@
#define IPSET_GC_PERIOD(timeout) \
((timeout/3) ? min_t(u32, (timeout)/3, IPSET_GC_TIME) : 1)
-/* Set is defined without timeout support: timeout value may be 0 */
-#define IPSET_NO_TIMEOUT UINT_MAX
+/* Entry is set with no timeout value */
+#define IPSET_ELEM_PERMANENT 0
-#define with_timeout(timeout) ((timeout) != IPSET_NO_TIMEOUT)
+/* Set is defined with timeout support: timeout value may be 0 */
+#define IPSET_NO_TIMEOUT UINT_MAX
-#define opt_timeout(opt, map) \
- (with_timeout((opt)->timeout) ? (opt)->timeout : (map)->timeout)
+#define ip_set_adt_opt_timeout(opt, map) \
+((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (map)->timeout)
static inline unsigned int
ip_set_timeout_uget(struct nlattr *tb)
@@ -38,61 +39,6 @@ ip_set_timeout_uget(struct nlattr *tb)
return timeout == IPSET_NO_TIMEOUT ? IPSET_NO_TIMEOUT - 1 : timeout;
}
-#ifdef IP_SET_BITMAP_TIMEOUT
-
-/* Bitmap specific timeout constants and macros for the entries */
-
-/* Bitmap entry is unset */
-#define IPSET_ELEM_UNSET 0
-/* Bitmap entry is set with no timeout value */
-#define IPSET_ELEM_PERMANENT (UINT_MAX/2)
-
-static inline bool
-ip_set_timeout_test(unsigned long timeout)
-{
- return timeout != IPSET_ELEM_UNSET &&
- (timeout == IPSET_ELEM_PERMANENT ||
- time_is_after_jiffies(timeout));
-}
-
-static inline bool
-ip_set_timeout_expired(unsigned long timeout)
-{
- return timeout != IPSET_ELEM_UNSET &&
- timeout != IPSET_ELEM_PERMANENT &&
- time_is_before_jiffies(timeout);
-}
-
-static inline unsigned long
-ip_set_timeout_set(u32 timeout)
-{
- unsigned long t;
-
- if (!timeout)
- return IPSET_ELEM_PERMANENT;
-
- t = msecs_to_jiffies(timeout * 1000) + jiffies;
- if (t == IPSET_ELEM_UNSET || t == IPSET_ELEM_PERMANENT)
- /* Bingo! */
- t++;
-
- return t;
-}
-
-static inline u32
-ip_set_timeout_get(unsigned long timeout)
-{
- return timeout == IPSET_ELEM_PERMANENT ? 0 :
- jiffies_to_msecs(timeout - jiffies)/1000;
-}
-
-#else
-
-/* Hash specific timeout constants and macros for the entries */
-
-/* Hash entry is set with no timeout value */
-#define IPSET_ELEM_PERMANENT 0
-
static inline bool
ip_set_timeout_test(unsigned long timeout)
{
@@ -101,36 +47,32 @@ ip_set_timeout_test(unsigned long timeout)
}
static inline bool
-ip_set_timeout_expired(unsigned long timeout)
+ip_set_timeout_expired(unsigned long *timeout)
{
- return timeout != IPSET_ELEM_PERMANENT &&
- time_is_before_jiffies(timeout);
+ return *timeout != IPSET_ELEM_PERMANENT &&
+ time_is_before_jiffies(*timeout);
}
-static inline unsigned long
-ip_set_timeout_set(u32 timeout)
+static inline void
+ip_set_timeout_set(unsigned long *timeout, u32 t)
{
- unsigned long t;
-
- if (!timeout)
- return IPSET_ELEM_PERMANENT;
+ if (!t) {
+ *timeout = IPSET_ELEM_PERMANENT;
+ return;
+ }
- t = msecs_to_jiffies(timeout * 1000) + jiffies;
- if (t == IPSET_ELEM_PERMANENT)
+ *timeout = msecs_to_jiffies(t * 1000) + jiffies;
+ if (*timeout == IPSET_ELEM_PERMANENT)
/* Bingo! :-) */
- t++;
-
- return t;
+ (*timeout)--;
}
static inline u32
-ip_set_timeout_get(unsigned long timeout)
+ip_set_timeout_get(unsigned long *timeout)
{
- return timeout == IPSET_ELEM_PERMANENT ? 0 :
- jiffies_to_msecs(timeout - jiffies)/1000;
+ return *timeout == IPSET_ELEM_PERMANENT ? 0 :
+ jiffies_to_msecs(*timeout - jiffies)/1000;
}
-#endif /* ! IP_SET_BITMAP_TIMEOUT */
#endif /* __KERNEL__ */
-
#endif /* _IP_SET_TIMEOUT_H */