search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
RT-AC66 3.0.0.4.374.130 core
[tomato.git] / release / src-rt-6.x / linux / linux-2.6 / net / ipv4 / netfilter / ip_set_ipporthash.c
blob4a79c8b50a9523d1b2ed2397140038a792cbd370
1 /* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
2 *
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
6 */
7
8 /* Kernel module implementing an ip+port hash set */
9
10 #include <linux/module.h>
11 #include <linux/moduleparam.h>
12 #include <linux/ip.h>
13 #include <linux/tcp.h>
14 #include <linux/udp.h>
15 #include <linux/skbuff.h>
16 #include <linux/netfilter_ipv4/ip_set_jhash.h>
17 #include <linux/errno.h>
18 #include <asm/uaccess.h>
19 #include <asm/bitops.h>
20 #include <linux/spinlock.h>
21 #include <linux/random.h>
22
23 #include <net/ip.h>
24
25 #include <linux/netfilter_ipv4/ip_set_ipporthash.h>
26 #include <linux/netfilter_ipv4/ip_set_getport.h>
27
28 static int limit = MAX_RANGE;
29
30 static inline __u32
31 ipporthash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
32 {
33 struct ip_set_ipporthash *map = set->data;
34 __u32 id;
35 u_int16_t i;
36 ip_set_ip_t *elem;
37
38 ip = pack_ip_port(map, ip, port);
39
40 if (!ip)
41 return UINT_MAX;
42
43 for (i = 0; i < map->probes; i++) {
44 id = jhash_ip(map, i, ip) % map->hashsize;
45 DP("hash key: %u", id);
46 elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
47 if (*elem == ip)
48 return id;
49 /* No shortcut - there can be deleted entries. */
50 }
51 return UINT_MAX;
52 }
53
54 static inline int
55 ipporthash_test(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
56 {
57 struct ip_set_ipporthash *map = set->data;
58
59 if (ip < map->first_ip || ip > map->last_ip)
60 return -ERANGE;
61
62 return (ipporthash_id(set, ip, port) != UINT_MAX);
63 }
64
65 #define KADT_CONDITION \
66 ip_set_ip_t port; \
67 \
68 if (flags[1] == 0) \
69 return 0; \
70 \
71 port = get_port(skb, ++flags); \
72 \
73 if (port == INVALID_PORT) \
74 return 0;
75
76 UADT(ipporthash, test, req->port)
77 KADT(ipporthash, test, ipaddr, port)
78
79 static inline int
80 __ipporthash_add(struct ip_set_ipporthash *map, ip_set_ip_t *ip)
81 {
82 __u32 probe;
83 u_int16_t i;
84 ip_set_ip_t *elem, *slot = NULL;
85
86 for (i = 0; i < map->probes; i++) {
87 probe = jhash_ip(map, i, *ip) % map->hashsize;
88 elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe);
89 if (*elem == *ip)
90 return -EEXIST;
91 if (!(slot || *elem))
92 slot = elem;
93 /* There can be deleted entries, must check all slots */
94 }
95 if (slot) {
96 *slot = *ip;
97 map->elements++;
98 return 0;
99 }
100 /* Trigger rehashing */
101 return -EAGAIN;
102 }
103
104 static inline int
105 ipporthash_add(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
106 {
107 struct ip_set_ipporthash *map = set->data;
108 if (map->elements > limit)
109 return -ERANGE;
110 if (ip < map->first_ip || ip > map->last_ip)
111 return -ERANGE;
112
113 ip = pack_ip_port(map, ip, port);
114
115 if (!ip)
116 return -ERANGE;
117
118 return __ipporthash_add(map, &ip);
119 }
120
121 UADT(ipporthash, add, req->port)
122 KADT(ipporthash, add, ipaddr, port)
123
124 static inline void
125 __ipporthash_retry(struct ip_set_ipporthash *tmp,
126 struct ip_set_ipporthash *map)
127 {
128 tmp->first_ip = map->first_ip;
129 tmp->last_ip = map->last_ip;
130 }
131
132 HASH_RETRY(ipporthash, ip_set_ip_t)
133
134 static inline int
135 ipporthash_del(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
136 {
137 struct ip_set_ipporthash *map = set->data;
138 ip_set_ip_t id;
139 ip_set_ip_t *elem;
140
141 if (ip < map->first_ip || ip > map->last_ip)
142 return -ERANGE;
143
144 id = ipporthash_id(set, ip, port);
145
146 if (id == UINT_MAX)
147 return -EEXIST;
148
149 elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
150 *elem = 0;
151 map->elements--;
152
153 return 0;
154 }
155
156 UADT(ipporthash, del, req->port)
157 KADT(ipporthash, del, ipaddr, port)
158
159 static inline int
160 __ipporthash_create(const struct ip_set_req_ipporthash_create *req,
161 struct ip_set_ipporthash *map)
162 {
163 if (req->to - req->from > MAX_RANGE) {
164 ip_set_printk("range too big, %d elements (max %d)",
165 req->to - req->from + 1, MAX_RANGE+1);
166 return -ENOEXEC;
167 }
168 map->first_ip = req->from;
169 map->last_ip = req->to;
170 return 0;
171 }
172
173 HASH_CREATE(ipporthash, ip_set_ip_t)
174 HASH_DESTROY(ipporthash)
175 HASH_FLUSH(ipporthash, ip_set_ip_t)
176
177 static inline void
178 __ipporthash_list_header(const struct ip_set_ipporthash *map,
179 struct ip_set_req_ipporthash_create *header)
180 {
181 header->from = map->first_ip;
182 header->to = map->last_ip;
183 }
184
185 HASH_LIST_HEADER(ipporthash)
186 HASH_LIST_MEMBERS_SIZE(ipporthash, ip_set_ip_t)
187 HASH_LIST_MEMBERS(ipporthash, ip_set_ip_t)
188
189 IP_SET_RTYPE(ipporthash, IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_DATA_DOUBLE)
190
191 MODULE_LICENSE("GPL");
192 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
193 MODULE_DESCRIPTION("ipporthash type of IP sets");
194 module_param(limit, int, 0600);
195 MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
196
197 REGISTER_MODULE(ipporthash)
Tomato firmware and modifications.