release/src-rt-6.x/linux/linux-2.6/net/ipv4/netfilter/ip_set_setlist.c

   1 /* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   2  *
   3  * This program is free software; you can redistribute it and/or modify
   4  * it under the terms of the GNU General Public License version 2 as
   5  * published by the Free Software Foundation.
   6  */
   7
   8 /* Kernel module implementing an IP set type: the setlist type */
   9
  10 #include <linux/module.h>
  11 #include <linux/ip.h>
  12 #include <linux/skbuff.h>
  13 #include <linux/errno.h>
  14
  15 #include <linux/netfilter_ipv4/ip_set.h>
  16 #include <linux/netfilter_ipv4/ip_set_bitmaps.h>
  17 #include <linux/netfilter_ipv4/ip_set_setlist.h>
  18
  19 /*
  20  * before ==> index, ref
  21  * after  ==> ref, index
  22  */
  23
  24 static inline int
  25 next_index_eq(const struct ip_set_setlist *map, int i, ip_set_id_t index)
  26 {
  27         return i < map->size && map->index[i] == index;
  28 }
  29
  30 static int
  31 setlist_utest(struct ip_set *set, const void *data, u_int32_t size)
  32 {
  33         const struct ip_set_setlist *map = set->data;
  34         const struct ip_set_req_setlist *req = data;
  35         ip_set_id_t index, ref = IP_SET_INVALID_ID;
  36         int i, res = 0;
  37         struct ip_set *s;
  38
  39         if (req->before && req->ref[0] == '\0')
  40                 return 0;
  41
  42         index = __ip_set_get_byname(req->name, &s);
  43         if (index == IP_SET_INVALID_ID)
  44                 return 0;
  45         if (req->ref[0] != '\0') {
  46                 ref = __ip_set_get_byname(req->ref, &s);
  47                 if (ref == IP_SET_INVALID_ID)
  48                         goto finish;
  49         }
  50         for (i = 0; i < map->size
  51                     && map->index[i] != IP_SET_INVALID_ID; i++) {
  52                 if (req->before && map->index[i] == index) {
  53                         res = next_index_eq(map, i + 1, ref);
  54                         break;
  55                 } else if (!req->before) {
  56                         if ((ref == IP_SET_INVALID_ID
  57                              && map->index[i] == index)
  58                             || (map->index[i] == ref
  59                                 && next_index_eq(map, i + 1, index))) {
  60                                 res = 1;
  61                                 break;
  62                         }
  63                 }
  64         }
  65         if (ref != IP_SET_INVALID_ID)
  66                 __ip_set_put_byindex(ref);
  67 finish:
  68         __ip_set_put_byindex(index);
  69         return res;
  70 }
  71
  72 static int
  73 setlist_ktest(struct ip_set *set,
  74               const struct sk_buff *skb,
  75               const u_int32_t *flags)
  76 {
  77         struct ip_set_setlist *map = set->data;
  78         int i, res = 0;
  79
  80         for (i = 0; i < map->size
  81                     && map->index[i] != IP_SET_INVALID_ID
  82                     && res == 0; i++)
  83                 res = ip_set_testip_kernel(map->index[i], skb, flags);
  84         return res;
  85 }
  86
  87 static inline int
  88 insert_setlist(struct ip_set_setlist *map, int i, ip_set_id_t index)
  89 {
  90         ip_set_id_t tmp;
  91         int j;
  92
  93         DP("i: %u, last %u\n", i, map->index[map->size - 1]);
  94         if (i >= map->size || map->index[map->size - 1] != IP_SET_INVALID_ID)
  95                 return -ERANGE;
  96
  97         for (j = i; j < map->size
  98                     && index != IP_SET_INVALID_ID; j++) {
  99                 tmp = map->index[j];
 100                 map->index[j] = index;
 101                 index = tmp;
 102         }
 103         return 0;
 104 }
 105
 106 static int
 107 setlist_uadd(struct ip_set *set, const void *data, u_int32_t size)
 108 {
 109         struct ip_set_setlist *map = set->data;
 110         const struct ip_set_req_setlist *req = data;
 111         ip_set_id_t index, ref = IP_SET_INVALID_ID;
 112         int i, res = -ERANGE;
 113         struct ip_set *s;
 114
 115         if (req->before && req->ref[0] == '\0')
 116                 return -EINVAL;
 117
 118         index = __ip_set_get_byname(req->name, &s);
 119         if (index == IP_SET_INVALID_ID)
 120                 return -EEXIST;
 121         /* "Loop detection" */
 122         if (strcmp(s->type->typename, "setlist") == 0)
 123                 goto finish;
 124
 125         if (req->ref[0] != '\0') {
 126                 ref = __ip_set_get_byname(req->ref, &s);
 127                 if (ref == IP_SET_INVALID_ID) {
 128                         res = -EEXIST;
 129                         goto finish;
 130                 }
 131         }
 132         for (i = 0; i < map->size; i++) {
 133                 if (map->index[i] != ref)
 134                         continue;
 135                 if (req->before)
 136                         res = insert_setlist(map, i, index);
 137                 else
 138                         res = insert_setlist(map,
 139                                 ref == IP_SET_INVALID_ID ? i : i + 1,
 140                                 index);
 141                 break;
 142         }
 143         if (ref != IP_SET_INVALID_ID)
 144                 __ip_set_put_byindex(ref);
 145         /* In case of success, we keep the reference to the set */
 146 finish:
 147         if (res != 0)
 148                 __ip_set_put_byindex(index);
 149         return res;
 150 }
 151
 152 static int
 153 setlist_kadd(struct ip_set *set,
 154              const struct sk_buff *skb,
 155              const u_int32_t *flags)
 156 {
 157         struct ip_set_setlist *map = set->data;
 158         int i, res = -EINVAL;
 159
 160         for (i = 0; i < map->size
 161                     && map->index[i] != IP_SET_INVALID_ID
 162                     && res != 0; i++)
 163                 res = ip_set_addip_kernel(map->index[i], skb, flags);
 164         return res;
 165 }
 166
 167 static inline int
 168 unshift_setlist(struct ip_set_setlist *map, int i)
 169 {
 170         int j;
 171
 172         for (j = i; j < map->size - 1; j++)
 173                 map->index[j] = map->index[j+1];
 174         map->index[map->size-1] = IP_SET_INVALID_ID;
 175         return 0;
 176 }
 177
 178 static int
 179 setlist_udel(struct ip_set *set, const void *data, u_int32_t size)
 180 {
 181         struct ip_set_setlist *map = set->data;
 182         const struct ip_set_req_setlist *req = data;
 183         ip_set_id_t index, ref = IP_SET_INVALID_ID;
 184         int i, res = -EEXIST;
 185         struct ip_set *s;
 186
 187         if (req->before && req->ref[0] == '\0')
 188                 return -EINVAL;
 189
 190         index = __ip_set_get_byname(req->name, &s);
 191         if (index == IP_SET_INVALID_ID)
 192                 return -EEXIST;
 193         if (req->ref[0] != '\0') {
 194                 ref = __ip_set_get_byname(req->ref, &s);
 195                 if (ref == IP_SET_INVALID_ID)
 196                         goto finish;
 197         }
 198         for (i = 0; i < map->size
 199                     && map->index[i] != IP_SET_INVALID_ID; i++) {
 200                 if (req->before) {
 201                         if (map->index[i] == index
 202                             && next_index_eq(map, i + 1, ref)) {
 203                                 res = unshift_setlist(map, i);
 204                                 break;
 205                         }
 206                 } else if (ref == IP_SET_INVALID_ID) {
 207                         if (map->index[i] == index) {
 208                                 res = unshift_setlist(map, i);
 209                                 break;
 210                         }
 211                 } else if (map->index[i] == ref
 212                            && next_index_eq(map, i + 1, index)) {
 213                         res = unshift_setlist(map, i + 1);
 214                         break;
 215                 }
 216         }
 217         if (ref != IP_SET_INVALID_ID)
 218                 __ip_set_put_byindex(ref);
 219 finish:
 220         __ip_set_put_byindex(index);
 221         /* In case of success, release the reference to the set */
 222         if (res == 0)
 223                 __ip_set_put_byindex(index);
 224         return res;
 225 }
 226
 227 static int
 228 setlist_kdel(struct ip_set *set,
 229              const struct sk_buff *skb,
 230              const u_int32_t *flags)
 231 {
 232         struct ip_set_setlist *map = set->data;
 233         int i, res = -EINVAL;
 234
 235         for (i = 0; i < map->size
 236                     && map->index[i] != IP_SET_INVALID_ID
 237                     && res != 0; i++)
 238                 res = ip_set_delip_kernel(map->index[i], skb, flags);
 239         return res;
 240 }
 241
 242 static int
 243 setlist_create(struct ip_set *set, const void *data, u_int32_t size)
 244 {
 245         struct ip_set_setlist *map;
 246         const struct ip_set_req_setlist_create *req = data;
 247         int i;
 248
 249         map = kmalloc(sizeof(struct ip_set_setlist) +
 250                       req->size * sizeof(ip_set_id_t), GFP_KERNEL);
 251         if (!map)
 252                 return -ENOMEM;
 253         map->size = req->size;
 254         for (i = 0; i < map->size; i++)
 255                 map->index[i] = IP_SET_INVALID_ID;
 256
 257         set->data = map;
 258         return 0;
 259 }
 260
 261 static void
 262 setlist_destroy(struct ip_set *set)
 263 {
 264         struct ip_set_setlist *map = set->data;
 265         int i;
 266
 267         for (i = 0; i < map->size
 268                     && map->index[i] != IP_SET_INVALID_ID; i++)
 269                 __ip_set_put_byindex(map->index[i]);
 270
 271         kfree(map);
 272         set->data = NULL;
 273 }
 274
 275 static void
 276 setlist_flush(struct ip_set *set)
 277 {
 278         struct ip_set_setlist *map = set->data;
 279         int i;
 280
 281         for (i = 0; i < map->size
 282                     && map->index[i] != IP_SET_INVALID_ID; i++) {
 283                 __ip_set_put_byindex(map->index[i]);
 284                 map->index[i] = IP_SET_INVALID_ID;
 285         }
 286 }
 287
 288 static void
 289 setlist_list_header(const struct ip_set *set, void *data)
 290 {
 291         const struct ip_set_setlist *map = set->data;
 292         struct ip_set_req_setlist_create *header = data;
 293
 294         header->size = map->size;
 295 }
 296
 297 static int
 298 setlist_list_members_size(const struct ip_set *set, char dont_align)
 299 {
 300         const struct ip_set_setlist *map = set->data;
 301
 302         return map->size * IPSET_VALIGN(sizeof(ip_set_id_t), dont_align);
 303 }
 304
 305 static void
 306 setlist_list_members(const struct ip_set *set, void *data, char dont_align)
 307 {
 308         struct ip_set_setlist *map = set->data;
 309         ip_set_id_t *d;
 310         int i;
 311
 312         for (i = 0; i < map->size; i++) {
 313                 d = data + i * IPSET_VALIGN(sizeof(ip_set_id_t), dont_align);
 314                 *d = ip_set_id(map->index[i]);
 315         }
 316 }
 317
 318 IP_SET_TYPE(setlist, IPSET_TYPE_SETNAME | IPSET_DATA_SINGLE)
 319
 320 MODULE_LICENSE("GPL");
 321 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
 322 MODULE_DESCRIPTION("setlist type of IP sets");
 323
 324 REGISTER_MODULE(setlist)