1 /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
8 /* Kernel module implementing an IP set type: the bitmap:port type */
10 #include <linux/module.h>
12 #include <linux/skbuff.h>
13 #include <linux/errno.h>
14 #include <linux/netlink.h>
15 #include <linux/jiffies.h>
16 #include <linux/timer.h>
17 #include <net/netlink.h>
19 #include <linux/netfilter/ipset/ip_set.h>
20 #include <linux/netfilter/ipset/ip_set_bitmap.h>
21 #include <linux/netfilter/ipset/ip_set_getport.h>
22 #define IP_SET_BITMAP_TIMEOUT
23 #include <linux/netfilter/ipset/ip_set_timeout.h>
25 #define REVISION_MIN 0
26 #define REVISION_MAX 0
28 MODULE_LICENSE("GPL");
29 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
30 IP_SET_MODULE_DESC("bitmap:port", REVISION_MIN, REVISION_MAX);
31 MODULE_ALIAS("ip_set_bitmap:port");
35 void *members; /* the set members */
36 u16 first_port; /* host byte order, included in range */
37 u16 last_port; /* host byte order, included in range */
38 size_t memsize; /* members size */
39 u32 timeout; /* timeout parameter */
40 struct timer_list gc; /* garbage collection */
46 bitmap_port_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
48 const struct bitmap_port *map = set->data;
49 u16 id = *(u16 *)value;
51 return !!test_bit(id, map->members);
55 bitmap_port_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
57 struct bitmap_port *map = set->data;
58 u16 id = *(u16 *)value;
60 if (test_and_set_bit(id, map->members))
61 return -IPSET_ERR_EXIST;
67 bitmap_port_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
69 struct bitmap_port *map = set->data;
70 u16 id = *(u16 *)value;
72 if (!test_and_clear_bit(id, map->members))
73 return -IPSET_ERR_EXIST;
79 bitmap_port_list(const struct ip_set *set,
80 struct sk_buff *skb, struct netlink_callback *cb)
82 const struct bitmap_port *map = set->data;
83 struct nlattr *atd, *nested;
84 u16 id, first = cb->args[2];
85 u16 last = map->last_port - map->first_port;
87 atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
90 for (; cb->args[2] <= last; cb->args[2]++) {
92 if (!test_bit(id, map->members))
94 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
97 nla_nest_cancel(skb, atd);
100 goto nla_put_failure;
102 if (nla_put_net16(skb, IPSET_ATTR_PORT,
103 htons(map->first_port + id)))
104 goto nla_put_failure;
105 ipset_nest_end(skb, nested);
107 ipset_nest_end(skb, atd);
108 /* Set listing finished */
114 nla_nest_cancel(skb, nested);
115 ipset_nest_end(skb, atd);
116 if (unlikely(id == first)) {
123 /* Timeout variant */
126 bitmap_port_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
128 const struct bitmap_port *map = set->data;
129 const unsigned long *members = map->members;
130 u16 id = *(u16 *)value;
132 return ip_set_timeout_test(members[id]);
136 bitmap_port_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
138 struct bitmap_port *map = set->data;
139 unsigned long *members = map->members;
140 u16 id = *(u16 *)value;
142 if (ip_set_timeout_test(members[id]) && !(flags & IPSET_FLAG_EXIST))
143 return -IPSET_ERR_EXIST;
145 members[id] = ip_set_timeout_set(timeout);
151 bitmap_port_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
153 struct bitmap_port *map = set->data;
154 unsigned long *members = map->members;
155 u16 id = *(u16 *)value;
156 int ret = -IPSET_ERR_EXIST;
158 if (ip_set_timeout_test(members[id]))
161 members[id] = IPSET_ELEM_UNSET;
166 bitmap_port_tlist(const struct ip_set *set,
167 struct sk_buff *skb, struct netlink_callback *cb)
169 const struct bitmap_port *map = set->data;
170 struct nlattr *adt, *nested;
171 u16 id, first = cb->args[2];
172 u16 last = map->last_port - map->first_port;
173 const unsigned long *members = map->members;
175 adt = ipset_nest_start(skb, IPSET_ATTR_ADT);
178 for (; cb->args[2] <= last; cb->args[2]++) {
180 if (!ip_set_timeout_test(members[id]))
182 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
185 nla_nest_cancel(skb, adt);
188 goto nla_put_failure;
190 if (nla_put_net16(skb, IPSET_ATTR_PORT,
191 htons(map->first_port + id)) ||
192 nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
193 htonl(ip_set_timeout_get(members[id]))))
194 goto nla_put_failure;
195 ipset_nest_end(skb, nested);
197 ipset_nest_end(skb, adt);
199 /* Set listing finished */
205 nla_nest_cancel(skb, nested);
206 ipset_nest_end(skb, adt);
207 if (unlikely(id == first)) {
215 bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb,
216 const struct xt_action_param *par,
217 enum ipset_adt adt, const struct ip_set_adt_opt *opt)
219 struct bitmap_port *map = set->data;
220 ipset_adtfn adtfn = set->variant->adt[adt];
224 if (!ip_set_get_ip_port(skb, opt->family,
225 opt->flags & IPSET_DIM_ONE_SRC, &__port))
228 port = ntohs(__port);
230 if (port < map->first_port || port > map->last_port)
231 return -IPSET_ERR_BITMAP_RANGE;
233 port -= map->first_port;
235 return adtfn(set, &port, opt_timeout(opt, map), opt->cmdflags);
239 bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[],
240 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
242 struct bitmap_port *map = set->data;
243 ipset_adtfn adtfn = set->variant->adt[adt];
244 u32 timeout = map->timeout;
245 u32 port; /* wraparound */
249 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
250 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
251 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
252 return -IPSET_ERR_PROTOCOL;
254 if (tb[IPSET_ATTR_LINENO])
255 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
257 port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
258 if (port < map->first_port || port > map->last_port)
259 return -IPSET_ERR_BITMAP_RANGE;
261 if (tb[IPSET_ATTR_TIMEOUT]) {
262 if (!with_timeout(map->timeout))
263 return -IPSET_ERR_TIMEOUT;
264 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
267 if (adt == IPSET_TEST) {
268 id = port - map->first_port;
269 return adtfn(set, &id, timeout, flags);
272 if (tb[IPSET_ATTR_PORT_TO]) {
273 port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
274 if (port > port_to) {
276 if (port < map->first_port)
277 return -IPSET_ERR_BITMAP_RANGE;
282 if (port_to > map->last_port)
283 return -IPSET_ERR_BITMAP_RANGE;
285 for (; port <= port_to; port++) {
286 id = port - map->first_port;
287 ret = adtfn(set, &id, timeout, flags);
289 if (ret && !ip_set_eexist(ret, flags))
298 bitmap_port_destroy(struct ip_set *set)
300 struct bitmap_port *map = set->data;
302 if (with_timeout(map->timeout))
303 del_timer_sync(&map->gc);
305 ip_set_free(map->members);
312 bitmap_port_flush(struct ip_set *set)
314 struct bitmap_port *map = set->data;
316 memset(map->members, 0, map->memsize);
320 bitmap_port_head(struct ip_set *set, struct sk_buff *skb)
322 const struct bitmap_port *map = set->data;
323 struct nlattr *nested;
325 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
327 goto nla_put_failure;
328 if (nla_put_net16(skb, IPSET_ATTR_PORT, htons(map->first_port)) ||
329 nla_put_net16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port)) ||
330 nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
331 nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
332 htonl(sizeof(*map) + map->memsize)) ||
333 (with_timeout(map->timeout) &&
334 nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
335 goto nla_put_failure;
336 ipset_nest_end(skb, nested);
344 bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b)
346 const struct bitmap_port *x = a->data;
347 const struct bitmap_port *y = b->data;
349 return x->first_port == y->first_port &&
350 x->last_port == y->last_port &&
351 x->timeout == y->timeout;
354 static const struct ip_set_type_variant bitmap_port = {
355 .kadt = bitmap_port_kadt,
356 .uadt = bitmap_port_uadt,
358 [IPSET_ADD] = bitmap_port_add,
359 [IPSET_DEL] = bitmap_port_del,
360 [IPSET_TEST] = bitmap_port_test,
362 .destroy = bitmap_port_destroy,
363 .flush = bitmap_port_flush,
364 .head = bitmap_port_head,
365 .list = bitmap_port_list,
366 .same_set = bitmap_port_same_set,
369 static const struct ip_set_type_variant bitmap_tport = {
370 .kadt = bitmap_port_kadt,
371 .uadt = bitmap_port_uadt,
373 [IPSET_ADD] = bitmap_port_tadd,
374 [IPSET_DEL] = bitmap_port_tdel,
375 [IPSET_TEST] = bitmap_port_ttest,
377 .destroy = bitmap_port_destroy,
378 .flush = bitmap_port_flush,
379 .head = bitmap_port_head,
380 .list = bitmap_port_tlist,
381 .same_set = bitmap_port_same_set,
385 bitmap_port_gc(unsigned long ul_set)
387 struct ip_set *set = (struct ip_set *) ul_set;
388 struct bitmap_port *map = set->data;
389 unsigned long *table = map->members;
390 u32 id; /* wraparound */
391 u16 last = map->last_port - map->first_port;
393 /* We run parallel with other readers (test element)
394 * but adding/deleting new entries is locked out */
395 read_lock_bh(&set->lock);
396 for (id = 0; id <= last; id++)
397 if (ip_set_timeout_expired(table[id]))
398 table[id] = IPSET_ELEM_UNSET;
399 read_unlock_bh(&set->lock);
401 map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
406 bitmap_port_gc_init(struct ip_set *set)
408 struct bitmap_port *map = set->data;
410 init_timer(&map->gc);
411 map->gc.data = (unsigned long) set;
412 map->gc.function = bitmap_port_gc;
413 map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
417 /* Create bitmap:ip type of sets */
420 init_map_port(struct ip_set *set, struct bitmap_port *map,
421 u16 first_port, u16 last_port)
423 map->members = ip_set_alloc(map->memsize);
426 map->first_port = first_port;
427 map->last_port = last_port;
428 map->timeout = IPSET_NO_TIMEOUT;
431 set->family = NFPROTO_UNSPEC;
437 bitmap_port_create(struct ip_set *set, struct nlattr *tb[],
440 struct bitmap_port *map;
441 u16 first_port, last_port;
443 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
444 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||
445 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
446 return -IPSET_ERR_PROTOCOL;
448 first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
449 last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
450 if (first_port > last_port) {
451 u16 tmp = first_port;
453 first_port = last_port;
457 map = kzalloc(sizeof(*map), GFP_KERNEL);
461 if (tb[IPSET_ATTR_TIMEOUT]) {
462 map->memsize = (last_port - first_port + 1)
463 * sizeof(unsigned long);
465 if (!init_map_port(set, map, first_port, last_port)) {
470 map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
471 set->variant = &bitmap_tport;
473 bitmap_port_gc_init(set);
475 map->memsize = bitmap_bytes(0, last_port - first_port);
476 pr_debug("memsize: %zu\n", map->memsize);
477 if (!init_map_port(set, map, first_port, last_port)) {
482 set->variant = &bitmap_port;
487 static struct ip_set_type bitmap_port_type = {
488 .name = "bitmap:port",
489 .protocol = IPSET_PROTOCOL,
490 .features = IPSET_TYPE_PORT,
491 .dimension = IPSET_DIM_ONE,
492 .family = NFPROTO_UNSPEC,
493 .revision_min = REVISION_MIN,
494 .revision_max = REVISION_MAX,
495 .create = bitmap_port_create,
497 [IPSET_ATTR_PORT] = { .type = NLA_U16 },
498 [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
499 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
502 [IPSET_ATTR_PORT] = { .type = NLA_U16 },
503 [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
504 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
505 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
511 bitmap_port_init(void)
513 return ip_set_type_register(&bitmap_port_type);
517 bitmap_port_fini(void)
519 ip_set_type_unregister(&bitmap_port_type);
522 module_init(bitmap_port_init);
523 module_exit(bitmap_port_fini);
projects / ~andy / linux / blob