netfilter: ipset: add forceadd kernel support for hash set types (07cf8f5a) · Commits · e / devices / android_kernel_teracube_emerald

include/linux/netfilter/ipset/ip_set.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,7 @@ enum ip_set_extension {
		#define SET_WITH_TIMEOUT(s) ((s)->extensions & IPSET_EXT_TIMEOUT)
		#define SET_WITH_COUNTER(s) ((s)->extensions & IPSET_EXT_COUNTER)
		#define SET_WITH_COMMENT(s) ((s)->extensions & IPSET_EXT_COMMENT)
		#define SET_WITH_FORCEADD(s) ((s)->flags & IPSET_CREATE_FLAG_FORCEADD)

		/* Extension id, in size order */
		enum ip_set_ext_id {
		@@ -255,6 +256,8 @@ ip_set_put_flags(struct sk_buff skb, struct ip_set set)
		cadt_flags \|= IPSET_FLAG_WITH_COUNTERS;
		if (SET_WITH_COMMENT(set))
		cadt_flags \|= IPSET_FLAG_WITH_COMMENT;
		if (SET_WITH_FORCEADD(set))
		cadt_flags \|= IPSET_FLAG_WITH_FORCEADD;

		if (!cadt_flags)
		return 0;

+5 −2

Original line number	Diff line number	Diff line
		@@ -185,13 +185,16 @@ enum ipset_cadt_flags {
		IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS),
		IPSET_FLAG_BIT_WITH_COMMENT = 4,
		IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT),
		IPSET_FLAG_BIT_WITH_FORCEADD = 5,
		IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD),
		IPSET_FLAG_CADT_MAX = 15,
		};

		/* The flag bits which correspond to the non-extension create flags */
		enum ipset_create_flags {
		IPSET_CREATE_FLAG_NONE = 0,
		IPSET_CREATE_FLAG_MAX = 7,
		IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
		IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
		IPSET_CREATE_FLAG_BIT_MAX = 7,
		};

		/* Commands with settype-specific attributes */

+2 −0

Original line number	Diff line number	Diff line
		@@ -368,6 +368,8 @@ ip_set_elem_len(struct ip_set set, struct nlattr tb[], size_t len)

		if (tb[IPSET_ATTR_CADT_FLAGS])
		cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
		if (cadt_flags & IPSET_FLAG_WITH_FORCEADD)
		set->flags \|= IPSET_CREATE_FLAG_FORCEADD;
		for (id = 0; id < IPSET_EXT_ID_MAX; id++) {
		if (!add_extension(id, cadt_flags, tb))
		continue;

+12 −0

Original line number	Diff line number	Diff line
		@@ -633,6 +633,18 @@ mtype_add(struct ip_set set, void value, const struct ip_set_ext *ext,
		bool flag_exist = flags & IPSET_FLAG_EXIST;
		u32 key, multi = 0;

		if (h->elements >= h->maxelem && SET_WITH_FORCEADD(set)) {
		rcu_read_lock_bh();
		t = rcu_dereference_bh(h->table);
		key = HKEY(value, h->initval, t->htable_bits);
		n = hbucket(t,key);
		if (n->pos) {
		/* Choosing the first entry in the array to replace */
		j = 0;
		goto reuse_slot;
		}
		rcu_read_unlock_bh();
		}
		if (SET_WITH_TIMEOUT(set) && h->elements >= h->maxelem)
		/* FIXME: when set is full, we slow down here */
		mtype_expire(set, h, NLEN(set->family), set->dsize);

+2 −1

Original line number	Diff line number	Diff line
		@@ -25,7 +25,8 @@

		#define IPSET_TYPE_REV_MIN 0
		/* 1 Counters support */
		#define IPSET_TYPE_REV_MAX 2 /* Comments support */
		/* 2 Comments support */
		#define IPSET_TYPE_REV_MAX 3 /* Forceadd support */

		MODULE_LICENSE("GPL");
		MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");