1 #ifndef _IP_SET_AHASH_H
2 #define _IP_SET_AHASH_H
4 #include <linux/rcupdate.h>
5 #include <linux/jhash.h>
6 #include <linux/netfilter/ipset/ip_set_timeout.h>
8 #define CONCAT(a, b, c) a##b##c
9 #define TOKEN(a, b, c) CONCAT(a, b, c)
11 #define type_pf_next TOKEN(TYPE, PF, _elem)
13 /* Hashing which uses arrays to resolve clashing. The hash table is resized
14 * (doubled) when searching becomes too long.
15 * Internally jhash is used with the assumption that the size of the
16 * stored data is a multiple of sizeof(u32). If storage supports timeout,
17 * the timeout field must be the last one in the data structure - that field
18 * is ignored when computing the hash key.
20 * Readers and resizing
22 * Resizing can be triggered by userspace command only, and those
23 * are serialized by the nfnl mutex. During resizing the set is
24 * read-locked, so the only possible concurrent operations are
25 * the kernel side readers. Those must be protected by proper RCU locking.
28 /* Number of elements to store in an initial array block */
29 #define AHASH_INIT_SIZE 4
30 /* Max number of elements to store in an array block */
31 #define AHASH_MAX_SIZE (3*4)
35 void *value; /* the array of the values */
36 u8 size; /* size of the array */
37 u8 pos; /* position of the first free entry */
40 /* The hash table: the table size stored here in order to make resizing easy */
42 u8 htable_bits; /* size of hash table == 2^htable_bits */
43 struct hbucket bucket[0]; /* hashtable buckets */
46 #define hbucket(h, i) (&((h)->bucket[i]))
48 /* Book-keeping of the prefixes added to the set */
49 struct ip_set_hash_nets {
50 u8 cidr; /* the different cidr values in the set */
51 u32 nets; /* number of elements per cidr */
54 /* The generic ip_set hash structure */
56 struct htable *table; /* the hash table */
57 u32 maxelem; /* max elements in the hash */
58 u32 elements; /* current element (vs timeout) */
59 u32 initval; /* random jhash init value */
60 u32 timeout; /* timeout value, if enabled */
61 struct timer_list gc; /* garbage collection when timeout enabled */
62 struct type_pf_next next; /* temporary storage for uadd */
63 #ifdef IP_SET_HASH_WITH_NETMASK
64 u8 netmask; /* netmask value for subnets to store */
66 #ifdef IP_SET_HASH_WITH_RBTREE
67 struct rb_root rbtree;
69 #ifdef IP_SET_HASH_WITH_NETS
70 struct ip_set_hash_nets nets[0]; /* book-keeping of prefixes */
74 /* Compute htable_bits from the user input parameter hashsize */
76 htable_bits(u32 hashsize)
78 /* Assume that hashsize == 2^htable_bits */
79 u8 bits = fls(hashsize - 1);
80 if (jhash_size(bits) != hashsize)
81 /* Round up to the first 2^n value */
87 #ifdef IP_SET_HASH_WITH_NETS
89 #define SET_HOST_MASK(family) (family == AF_INET ? 32 : 128)
91 /* Network cidr size book keeping when the hash stores different
94 add_cidr(struct ip_set_hash *h, u8 cidr, u8 host_mask)
98 ++h->nets[cidr-1].nets;
100 pr_debug("add_cidr added %u: %u\n", cidr, h->nets[cidr-1].nets);
102 if (h->nets[cidr-1].nets > 1)
106 for (i = 0; i < host_mask && h->nets[i].cidr; i++) {
107 /* Add in increasing prefix order, so larger cidr first */
108 if (h->nets[i].cidr < cidr)
109 swap(h->nets[i].cidr, cidr);
112 h->nets[i].cidr = cidr;
116 del_cidr(struct ip_set_hash *h, u8 cidr, u8 host_mask)
120 --h->nets[cidr-1].nets;
122 pr_debug("del_cidr deleted %u: %u\n", cidr, h->nets[cidr-1].nets);
124 if (h->nets[cidr-1].nets != 0)
127 /* All entries with this cidr size deleted, so cleanup h->cidr[] */
128 for (i = 0; i < host_mask - 1 && h->nets[i].cidr; i++) {
129 if (h->nets[i].cidr == cidr)
130 h->nets[i].cidr = cidr = h->nets[i+1].cidr;
132 h->nets[i - 1].cidr = 0;
136 /* Destroy the hashtable part of the set */
138 ahash_destroy(struct htable *t)
143 for (i = 0; i < jhash_size(t->htable_bits); i++) {
146 /* FIXME: use slab cache */
153 /* Calculate the actual memory size of the set data */
155 ahash_memsize(const struct ip_set_hash *h, size_t dsize, u8 host_mask)
158 struct htable *t = h->table;
159 size_t memsize = sizeof(*h)
161 #ifdef IP_SET_HASH_WITH_NETS
162 + sizeof(struct ip_set_hash_nets) * host_mask
164 + jhash_size(t->htable_bits) * sizeof(struct hbucket);
166 for (i = 0; i < jhash_size(t->htable_bits); i++)
167 memsize += t->bucket[i].size * dsize;
172 /* Flush a hash type of set: destroy all elements */
174 ip_set_hash_flush(struct ip_set *set)
176 struct ip_set_hash *h = set->data;
177 struct htable *t = h->table;
181 for (i = 0; i < jhash_size(t->htable_bits); i++) {
184 n->size = n->pos = 0;
185 /* FIXME: use slab cache */
189 #ifdef IP_SET_HASH_WITH_NETS
190 memset(h->nets, 0, sizeof(struct ip_set_hash_nets)
191 * SET_HOST_MASK(set->family));
196 /* Destroy a hash type of set */
198 ip_set_hash_destroy(struct ip_set *set)
200 struct ip_set_hash *h = set->data;
202 if (with_timeout(h->timeout))
203 del_timer_sync(&h->gc);
205 ahash_destroy(h->table);
206 #ifdef IP_SET_HASH_WITH_RBTREE
207 rbtree_destroy(&h->rbtree);
214 #define HKEY(data, initval, htable_bits) \
215 (jhash2((u32 *)(data), sizeof(struct type_pf_elem)/sizeof(u32), initval) \
216 & jhash_mask(htable_bits))
218 #endif /* _IP_SET_AHASH_H */
220 #define CONCAT(a, b, c) a##b##c
221 #define TOKEN(a, b, c) CONCAT(a, b, c)
223 /* Type/family dependent function prototypes */
225 #define type_pf_data_equal TOKEN(TYPE, PF, _data_equal)
226 #define type_pf_data_isnull TOKEN(TYPE, PF, _data_isnull)
227 #define type_pf_data_copy TOKEN(TYPE, PF, _data_copy)
228 #define type_pf_data_zero_out TOKEN(TYPE, PF, _data_zero_out)
229 #define type_pf_data_netmask TOKEN(TYPE, PF, _data_netmask)
230 #define type_pf_data_list TOKEN(TYPE, PF, _data_list)
231 #define type_pf_data_tlist TOKEN(TYPE, PF, _data_tlist)
232 #define type_pf_data_next TOKEN(TYPE, PF, _data_next)
234 #define type_pf_elem TOKEN(TYPE, PF, _elem)
235 #define type_pf_telem TOKEN(TYPE, PF, _telem)
236 #define type_pf_data_timeout TOKEN(TYPE, PF, _data_timeout)
237 #define type_pf_data_expired TOKEN(TYPE, PF, _data_expired)
238 #define type_pf_data_timeout_set TOKEN(TYPE, PF, _data_timeout_set)
240 #define type_pf_elem_add TOKEN(TYPE, PF, _elem_add)
241 #define type_pf_add TOKEN(TYPE, PF, _add)
242 #define type_pf_del TOKEN(TYPE, PF, _del)
243 #define type_pf_test_cidrs TOKEN(TYPE, PF, _test_cidrs)
244 #define type_pf_test TOKEN(TYPE, PF, _test)
246 #define type_pf_elem_tadd TOKEN(TYPE, PF, _elem_tadd)
247 #define type_pf_del_telem TOKEN(TYPE, PF, _ahash_del_telem)
248 #define type_pf_expire TOKEN(TYPE, PF, _expire)
249 #define type_pf_tadd TOKEN(TYPE, PF, _tadd)
250 #define type_pf_tdel TOKEN(TYPE, PF, _tdel)
251 #define type_pf_ttest_cidrs TOKEN(TYPE, PF, _ahash_ttest_cidrs)
252 #define type_pf_ttest TOKEN(TYPE, PF, _ahash_ttest)
254 #define type_pf_resize TOKEN(TYPE, PF, _resize)
255 #define type_pf_tresize TOKEN(TYPE, PF, _tresize)
256 #define type_pf_flush ip_set_hash_flush
257 #define type_pf_destroy ip_set_hash_destroy
258 #define type_pf_head TOKEN(TYPE, PF, _head)
259 #define type_pf_list TOKEN(TYPE, PF, _list)
260 #define type_pf_tlist TOKEN(TYPE, PF, _tlist)
261 #define type_pf_same_set TOKEN(TYPE, PF, _same_set)
262 #define type_pf_kadt TOKEN(TYPE, PF, _kadt)
263 #define type_pf_uadt TOKEN(TYPE, PF, _uadt)
264 #define type_pf_gc TOKEN(TYPE, PF, _gc)
265 #define type_pf_gc_init TOKEN(TYPE, PF, _gc_init)
266 #define type_pf_variant TOKEN(TYPE, PF, _variant)
267 #define type_pf_tvariant TOKEN(TYPE, PF, _tvariant)
269 /* Flavour without timeout */
271 /* Get the ith element from the array block n */
272 #define ahash_data(n, i) \
273 ((struct type_pf_elem *)((n)->value) + (i))
275 /* Add an element to the hash table when resizing the set:
276 * we spare the maintenance of the internal counters. */
278 type_pf_elem_add(struct hbucket *n, const struct type_pf_elem *value)
280 if (n->pos >= n->size) {
283 if (n->size >= AHASH_MAX_SIZE)
284 /* Trigger rehashing */
287 tmp = kzalloc((n->size + AHASH_INIT_SIZE)
288 * sizeof(struct type_pf_elem),
293 memcpy(tmp, n->value,
294 sizeof(struct type_pf_elem) * n->size);
298 n->size += AHASH_INIT_SIZE;
300 type_pf_data_copy(ahash_data(n, n->pos++), value);
304 /* Resize a hash: create a new hash table with doubling the hashsize
305 * and inserting the elements to it. Repeat until we succeed or
306 * fail due to memory pressures. */
308 type_pf_resize(struct ip_set *set, bool retried)
310 struct ip_set_hash *h = set->data;
311 struct htable *t, *orig = h->table;
312 u8 htable_bits = orig->htable_bits;
313 const struct type_pf_elem *data;
314 struct hbucket *n, *m;
321 pr_debug("attempt to resize set %s from %u to %u, t %p\n",
322 set->name, orig->htable_bits, htable_bits, orig);
324 /* In case we have plenty of memory :-) */
325 return -IPSET_ERR_HASH_FULL;
326 t = ip_set_alloc(sizeof(*t)
327 + jhash_size(htable_bits) * sizeof(struct hbucket));
330 t->htable_bits = htable_bits;
332 read_lock_bh(&set->lock);
333 for (i = 0; i < jhash_size(orig->htable_bits); i++) {
334 n = hbucket(orig, i);
335 for (j = 0; j < n->pos; j++) {
336 data = ahash_data(n, j);
337 m = hbucket(t, HKEY(data, h->initval, htable_bits));
338 ret = type_pf_elem_add(m, data);
340 read_unlock_bh(&set->lock);
349 rcu_assign_pointer(h->table, t);
350 read_unlock_bh(&set->lock);
352 /* Give time to other readers of the set */
353 synchronize_rcu_bh();
355 pr_debug("set %s resized from %u (%p) to %u (%p)\n", set->name,
356 orig->htable_bits, orig, t->htable_bits, t);
363 type_pf_data_next(struct ip_set_hash *h, const struct type_pf_elem *d);
365 /* Add an element to a hash and update the internal counters when succeeded,
366 * otherwise report the proper error code. */
368 type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
370 struct ip_set_hash *h = set->data;
372 const struct type_pf_elem *d = value;
377 if (h->elements >= h->maxelem)
378 return -IPSET_ERR_HASH_FULL;
381 t = rcu_dereference_bh(h->table);
382 key = HKEY(value, h->initval, t->htable_bits);
384 for (i = 0; i < n->pos; i++)
385 if (type_pf_data_equal(ahash_data(n, i), d)) {
386 ret = -IPSET_ERR_EXIST;
390 ret = type_pf_elem_add(n, value);
393 type_pf_data_next(h, d);
397 #ifdef IP_SET_HASH_WITH_NETS
398 add_cidr(h, d->cidr, HOST_MASK);
402 rcu_read_unlock_bh();
406 /* Delete an element from the hash: swap it with the last element
407 * and free up space if possible.
410 type_pf_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
412 struct ip_set_hash *h = set->data;
413 struct htable *t = h->table;
414 const struct type_pf_elem *d = value;
417 struct type_pf_elem *data;
420 key = HKEY(value, h->initval, t->htable_bits);
422 for (i = 0; i < n->pos; i++) {
423 data = ahash_data(n, i);
424 if (!type_pf_data_equal(data, d))
428 type_pf_data_copy(data, ahash_data(n, n->pos - 1));
432 #ifdef IP_SET_HASH_WITH_NETS
433 del_cidr(h, d->cidr, HOST_MASK);
435 if (n->pos + AHASH_INIT_SIZE < n->size) {
436 void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
437 * sizeof(struct type_pf_elem),
441 n->size -= AHASH_INIT_SIZE;
442 memcpy(tmp, n->value,
443 n->size * sizeof(struct type_pf_elem));
450 return -IPSET_ERR_EXIST;
453 #ifdef IP_SET_HASH_WITH_NETS
455 /* Special test function which takes into account the different network
456 * sizes added to the set */
458 type_pf_test_cidrs(struct ip_set *set, struct type_pf_elem *d, u32 timeout)
460 struct ip_set_hash *h = set->data;
461 struct htable *t = h->table;
463 const struct type_pf_elem *data;
466 u8 host_mask = SET_HOST_MASK(set->family);
468 pr_debug("test by nets\n");
469 for (; j < host_mask && h->nets[j].cidr; j++) {
470 type_pf_data_netmask(d, h->nets[j].cidr);
471 key = HKEY(d, h->initval, t->htable_bits);
473 for (i = 0; i < n->pos; i++) {
474 data = ahash_data(n, i);
475 if (type_pf_data_equal(data, d))
483 /* Test whether the element is added to the set */
485 type_pf_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
487 struct ip_set_hash *h = set->data;
488 struct htable *t = h->table;
489 struct type_pf_elem *d = value;
491 const struct type_pf_elem *data;
495 #ifdef IP_SET_HASH_WITH_NETS
496 /* If we test an IP address and not a network address,
497 * try all possible network sizes */
498 if (d->cidr == SET_HOST_MASK(set->family))
499 return type_pf_test_cidrs(set, d, timeout);
502 key = HKEY(d, h->initval, t->htable_bits);
504 for (i = 0; i < n->pos; i++) {
505 data = ahash_data(n, i);
506 if (type_pf_data_equal(data, d))
512 /* Reply a HEADER request: fill out the header part of the set */
514 type_pf_head(struct ip_set *set, struct sk_buff *skb)
516 const struct ip_set_hash *h = set->data;
517 struct nlattr *nested;
520 read_lock_bh(&set->lock);
521 memsize = ahash_memsize(h, with_timeout(h->timeout)
522 ? sizeof(struct type_pf_telem)
523 : sizeof(struct type_pf_elem),
524 set->family == AF_INET ? 32 : 128);
525 read_unlock_bh(&set->lock);
527 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
529 goto nla_put_failure;
530 NLA_PUT_NET32(skb, IPSET_ATTR_HASHSIZE,
531 htonl(jhash_size(h->table->htable_bits)));
532 NLA_PUT_NET32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem));
533 #ifdef IP_SET_HASH_WITH_NETMASK
534 if (h->netmask != HOST_MASK)
535 NLA_PUT_U8(skb, IPSET_ATTR_NETMASK, h->netmask);
537 NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1));
538 NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize));
539 if (with_timeout(h->timeout))
540 NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout));
541 ipset_nest_end(skb, nested);
548 /* Reply a LIST/SAVE request: dump the elements of the specified set */
550 type_pf_list(const struct ip_set *set,
551 struct sk_buff *skb, struct netlink_callback *cb)
553 const struct ip_set_hash *h = set->data;
554 const struct htable *t = h->table;
555 struct nlattr *atd, *nested;
556 const struct hbucket *n;
557 const struct type_pf_elem *data;
558 u32 first = cb->args[2];
559 /* We assume that one hash bucket fills into one page */
563 atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
566 pr_debug("list hash set %s\n", set->name);
567 for (; cb->args[2] < jhash_size(t->htable_bits); cb->args[2]++) {
568 incomplete = skb_tail_pointer(skb);
569 n = hbucket(t, cb->args[2]);
570 pr_debug("cb->args[2]: %lu, t %p n %p\n", cb->args[2], t, n);
571 for (i = 0; i < n->pos; i++) {
572 data = ahash_data(n, i);
573 pr_debug("list hash %lu hbucket %p i %u, data %p\n",
574 cb->args[2], n, i, data);
575 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
577 if (cb->args[2] == first) {
578 nla_nest_cancel(skb, atd);
581 goto nla_put_failure;
583 if (type_pf_data_list(skb, data))
584 goto nla_put_failure;
585 ipset_nest_end(skb, nested);
588 ipset_nest_end(skb, atd);
589 /* Set listing finished */
595 nlmsg_trim(skb, incomplete);
596 ipset_nest_end(skb, atd);
597 if (unlikely(first == cb->args[2])) {
598 pr_warning("Can't list set %s: one bucket does not fit into "
599 "a message. Please report it!\n", set->name);
607 type_pf_kadt(struct ip_set *set, const struct sk_buff * skb,
608 const struct xt_action_param *par,
609 enum ipset_adt adt, const struct ip_set_adt_opt *opt);
611 type_pf_uadt(struct ip_set *set, struct nlattr *tb[],
612 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried);
614 static const struct ip_set_type_variant type_pf_variant = {
615 .kadt = type_pf_kadt,
616 .uadt = type_pf_uadt,
618 [IPSET_ADD] = type_pf_add,
619 [IPSET_DEL] = type_pf_del,
620 [IPSET_TEST] = type_pf_test,
622 .destroy = type_pf_destroy,
623 .flush = type_pf_flush,
624 .head = type_pf_head,
625 .list = type_pf_list,
626 .resize = type_pf_resize,
627 .same_set = type_pf_same_set,
630 /* Flavour with timeout support */
632 #define ahash_tdata(n, i) \
633 (struct type_pf_elem *)((struct type_pf_telem *)((n)->value) + (i))
636 type_pf_data_timeout(const struct type_pf_elem *data)
638 const struct type_pf_telem *tdata =
639 (const struct type_pf_telem *) data;
641 return tdata->timeout;
645 type_pf_data_expired(const struct type_pf_elem *data)
647 const struct type_pf_telem *tdata =
648 (const struct type_pf_telem *) data;
650 return ip_set_timeout_expired(tdata->timeout);
654 type_pf_data_timeout_set(struct type_pf_elem *data, u32 timeout)
656 struct type_pf_telem *tdata = (struct type_pf_telem *) data;
658 tdata->timeout = ip_set_timeout_set(timeout);
662 type_pf_elem_tadd(struct hbucket *n, const struct type_pf_elem *value,
665 struct type_pf_elem *data;
667 if (n->pos >= n->size) {
670 if (n->size >= AHASH_MAX_SIZE)
671 /* Trigger rehashing */
674 tmp = kzalloc((n->size + AHASH_INIT_SIZE)
675 * sizeof(struct type_pf_telem),
680 memcpy(tmp, n->value,
681 sizeof(struct type_pf_telem) * n->size);
685 n->size += AHASH_INIT_SIZE;
687 data = ahash_tdata(n, n->pos++);
688 type_pf_data_copy(data, value);
689 type_pf_data_timeout_set(data, timeout);
693 /* Delete expired elements from the hashtable */
695 type_pf_expire(struct ip_set_hash *h)
697 struct htable *t = h->table;
699 struct type_pf_elem *data;
703 for (i = 0; i < jhash_size(t->htable_bits); i++) {
705 for (j = 0; j < n->pos; j++) {
706 data = ahash_tdata(n, j);
707 if (type_pf_data_expired(data)) {
708 pr_debug("expired %u/%u\n", i, j);
709 #ifdef IP_SET_HASH_WITH_NETS
710 del_cidr(h, data->cidr, HOST_MASK);
714 type_pf_data_copy(data,
715 ahash_tdata(n, n->pos - 1));
720 if (n->pos + AHASH_INIT_SIZE < n->size) {
721 void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
722 * sizeof(struct type_pf_telem),
725 /* Still try to delete expired elements */
727 n->size -= AHASH_INIT_SIZE;
728 memcpy(tmp, n->value,
729 n->size * sizeof(struct type_pf_telem));
737 type_pf_tresize(struct ip_set *set, bool retried)
739 struct ip_set_hash *h = set->data;
740 struct htable *t, *orig = h->table;
741 u8 htable_bits = orig->htable_bits;
742 const struct type_pf_elem *data;
743 struct hbucket *n, *m;
747 /* Try to cleanup once */
750 write_lock_bh(&set->lock);
751 type_pf_expire(set->data);
752 write_unlock_bh(&set->lock);
761 /* In case we have plenty of memory :-) */
762 return -IPSET_ERR_HASH_FULL;
763 t = ip_set_alloc(sizeof(*t)
764 + jhash_size(htable_bits) * sizeof(struct hbucket));
767 t->htable_bits = htable_bits;
769 read_lock_bh(&set->lock);
770 for (i = 0; i < jhash_size(orig->htable_bits); i++) {
771 n = hbucket(orig, i);
772 for (j = 0; j < n->pos; j++) {
773 data = ahash_tdata(n, j);
774 m = hbucket(t, HKEY(data, h->initval, htable_bits));
775 ret = type_pf_elem_tadd(m, data,
776 type_pf_data_timeout(data));
778 read_unlock_bh(&set->lock);
787 rcu_assign_pointer(h->table, t);
788 read_unlock_bh(&set->lock);
790 /* Give time to other readers of the set */
791 synchronize_rcu_bh();
799 type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
801 struct ip_set_hash *h = set->data;
802 struct htable *t = h->table;
803 const struct type_pf_elem *d = value;
805 struct type_pf_elem *data;
806 int ret = 0, i, j = AHASH_MAX_SIZE + 1;
807 bool flag_exist = flags & IPSET_FLAG_EXIST;
810 if (h->elements >= h->maxelem)
811 /* FIXME: when set is full, we slow down here */
813 if (h->elements >= h->maxelem)
814 return -IPSET_ERR_HASH_FULL;
817 t = rcu_dereference_bh(h->table);
818 key = HKEY(d, h->initval, t->htable_bits);
820 for (i = 0; i < n->pos; i++) {
821 data = ahash_tdata(n, i);
822 if (type_pf_data_equal(data, d)) {
823 if (type_pf_data_expired(data) || flag_exist)
826 ret = -IPSET_ERR_EXIST;
829 } else if (j == AHASH_MAX_SIZE + 1 &&
830 type_pf_data_expired(data))
833 if (j != AHASH_MAX_SIZE + 1) {
834 data = ahash_tdata(n, j);
835 #ifdef IP_SET_HASH_WITH_NETS
836 del_cidr(h, data->cidr, HOST_MASK);
837 add_cidr(h, d->cidr, HOST_MASK);
839 type_pf_data_copy(data, d);
840 type_pf_data_timeout_set(data, timeout);
843 ret = type_pf_elem_tadd(n, d, timeout);
846 type_pf_data_next(h, d);
850 #ifdef IP_SET_HASH_WITH_NETS
851 add_cidr(h, d->cidr, HOST_MASK);
855 rcu_read_unlock_bh();
860 type_pf_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
862 struct ip_set_hash *h = set->data;
863 struct htable *t = h->table;
864 const struct type_pf_elem *d = value;
867 struct type_pf_elem *data;
870 key = HKEY(value, h->initval, t->htable_bits);
872 for (i = 0; i < n->pos; i++) {
873 data = ahash_tdata(n, i);
874 if (!type_pf_data_equal(data, d))
876 if (type_pf_data_expired(data))
877 return -IPSET_ERR_EXIST;
880 type_pf_data_copy(data, ahash_tdata(n, n->pos - 1));
884 #ifdef IP_SET_HASH_WITH_NETS
885 del_cidr(h, d->cidr, HOST_MASK);
887 if (n->pos + AHASH_INIT_SIZE < n->size) {
888 void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
889 * sizeof(struct type_pf_telem),
893 n->size -= AHASH_INIT_SIZE;
894 memcpy(tmp, n->value,
895 n->size * sizeof(struct type_pf_telem));
902 return -IPSET_ERR_EXIST;
905 #ifdef IP_SET_HASH_WITH_NETS
907 type_pf_ttest_cidrs(struct ip_set *set, struct type_pf_elem *d, u32 timeout)
909 struct ip_set_hash *h = set->data;
910 struct htable *t = h->table;
911 struct type_pf_elem *data;
915 u8 host_mask = SET_HOST_MASK(set->family);
917 for (; j < host_mask && h->nets[j].cidr; j++) {
918 type_pf_data_netmask(d, h->nets[j].cidr);
919 key = HKEY(d, h->initval, t->htable_bits);
921 for (i = 0; i < n->pos; i++) {
922 data = ahash_tdata(n, i);
923 if (type_pf_data_equal(data, d))
924 return !type_pf_data_expired(data);
932 type_pf_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
934 struct ip_set_hash *h = set->data;
935 struct htable *t = h->table;
936 struct type_pf_elem *data, *d = value;
941 #ifdef IP_SET_HASH_WITH_NETS
942 if (d->cidr == SET_HOST_MASK(set->family))
943 return type_pf_ttest_cidrs(set, d, timeout);
945 key = HKEY(d, h->initval, t->htable_bits);
947 for (i = 0; i < n->pos; i++) {
948 data = ahash_tdata(n, i);
949 if (type_pf_data_equal(data, d))
950 return !type_pf_data_expired(data);
956 type_pf_tlist(const struct ip_set *set,
957 struct sk_buff *skb, struct netlink_callback *cb)
959 const struct ip_set_hash *h = set->data;
960 const struct htable *t = h->table;
961 struct nlattr *atd, *nested;
962 const struct hbucket *n;
963 const struct type_pf_elem *data;
964 u32 first = cb->args[2];
965 /* We assume that one hash bucket fills into one page */
969 atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
972 for (; cb->args[2] < jhash_size(t->htable_bits); cb->args[2]++) {
973 incomplete = skb_tail_pointer(skb);
974 n = hbucket(t, cb->args[2]);
975 for (i = 0; i < n->pos; i++) {
976 data = ahash_tdata(n, i);
977 pr_debug("list %p %u\n", n, i);
978 if (type_pf_data_expired(data))
980 pr_debug("do list %p %u\n", n, i);
981 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
983 if (cb->args[2] == first) {
984 nla_nest_cancel(skb, atd);
987 goto nla_put_failure;
989 if (type_pf_data_tlist(skb, data))
990 goto nla_put_failure;
991 ipset_nest_end(skb, nested);
994 ipset_nest_end(skb, atd);
995 /* Set listing finished */
1001 nlmsg_trim(skb, incomplete);
1002 ipset_nest_end(skb, atd);
1003 if (unlikely(first == cb->args[2])) {
1004 pr_warning("Can't list set %s: one bucket does not fit into "
1005 "a message. Please report it!\n", set->name);
1012 static const struct ip_set_type_variant type_pf_tvariant = {
1013 .kadt = type_pf_kadt,
1014 .uadt = type_pf_uadt,
1016 [IPSET_ADD] = type_pf_tadd,
1017 [IPSET_DEL] = type_pf_tdel,
1018 [IPSET_TEST] = type_pf_ttest,
1020 .destroy = type_pf_destroy,
1021 .flush = type_pf_flush,
1022 .head = type_pf_head,
1023 .list = type_pf_tlist,
1024 .resize = type_pf_tresize,
1025 .same_set = type_pf_same_set,
1029 type_pf_gc(unsigned long ul_set)
1031 struct ip_set *set = (struct ip_set *) ul_set;
1032 struct ip_set_hash *h = set->data;
1034 pr_debug("called\n");
1035 write_lock_bh(&set->lock);
1037 write_unlock_bh(&set->lock);
1039 h->gc.expires = jiffies + IPSET_GC_PERIOD(h->timeout) * HZ;
1044 type_pf_gc_init(struct ip_set *set)
1046 struct ip_set_hash *h = set->data;
1049 h->gc.data = (unsigned long) set;
1050 h->gc.function = type_pf_gc;
1051 h->gc.expires = jiffies + IPSET_GC_PERIOD(h->timeout) * HZ;
1053 pr_debug("gc initialized, run in every %u\n",
1054 IPSET_GC_PERIOD(h->timeout));
1057 #undef type_pf_data_equal
1058 #undef type_pf_data_isnull
1059 #undef type_pf_data_copy
1060 #undef type_pf_data_zero_out
1061 #undef type_pf_data_list
1062 #undef type_pf_data_tlist
1065 #undef type_pf_telem
1066 #undef type_pf_data_timeout
1067 #undef type_pf_data_expired
1068 #undef type_pf_data_netmask
1069 #undef type_pf_data_timeout_set
1071 #undef type_pf_elem_add
1074 #undef type_pf_test_cidrs
1077 #undef type_pf_elem_tadd
1078 #undef type_pf_expire
1081 #undef type_pf_ttest_cidrs
1082 #undef type_pf_ttest
1084 #undef type_pf_resize
1085 #undef type_pf_tresize
1086 #undef type_pf_flush
1087 #undef type_pf_destroy
1090 #undef type_pf_tlist
1091 #undef type_pf_same_set
1095 #undef type_pf_gc_init
1096 #undef type_pf_variant
1097 #undef type_pf_tvariant