Merge branch 'master' of git://blackhole.kfki.hu/nf

extern int ip_set_get_ipaddr4(struct nlattr *nla,  __be32 *ipaddr);

extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr);

extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[],

			      size_t len);

			      size_t len, size_t align);

extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],

				 struct ip_set_ext *ext);

#define mtype_gc		IPSET_TOKEN(MTYPE, _gc)

#define mtype			MTYPE

#define get_ext(set, map, id)	((map)->extensions + (set)->dsize * (id))

#define get_ext(set, map, id)	((map)->extensions + ((set)->dsize * (id)))

static void

mtype_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set))

		del_timer_sync(&map->gc);

	ip_set_free(map->members);

	if (set->dsize) {

		if (set->extensions & IPSET_EXT_DESTROY)

	if (set->dsize && set->extensions & IPSET_EXT_DESTROY)

		mtype_ext_cleanup(set);

		ip_set_free(map->extensions);

	}

	kfree(map);

	ip_set_free(map);

	set->data = NULL;

}

{

	const struct mtype *map = set->data;

	struct nlattr *nested;

	size_t memsize = sizeof(*map) + map->memsize;

	nested = ipset_nest_start(skb, IPSET_ATTR_DATA);

	if (!nested)

		goto nla_put_failure;

	if (mtype_do_head(skb, map) ||

	    nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||

	    nla_put_net32(skb, IPSET_ATTR_MEMSIZE,

			  htonl(sizeof(*map) +

				map->memsize +

				set->dsize * map->elements)))

	    nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)))

		goto nla_put_failure;

	if (unlikely(ip_set_put_flags(skb, set)))

		goto nla_put_failure;

/* Type structure */

struct bitmap_ip {

	void *members;		/* the set members */

	void *extensions;	/* data extensions */

	u32 first_ip;		/* host byte order, included in range */

	u32 last_ip;		/* host byte order, included in range */

	u32 elements;		/* number of max elements in the set */

	size_t memsize;		/* members size */

	u8 netmask;		/* subnet netmask */

	struct timer_list gc;	/* garbage collection */

	unsigned char extensions[0]	/* data extensions */

		__aligned(__alignof__(u64));

};

/* ADT structure for generic function args */

	map->members = ip_set_alloc(map->memsize);

	if (!map->members)

		return false;

	if (set->dsize) {

		map->extensions = ip_set_alloc(set->dsize * elements);

		if (!map->extensions) {

			kfree(map->members);

			return false;

		}

	}

	map->first_ip = first_ip;

	map->last_ip = last_ip;

	map->elements = elements;

	pr_debug("hosts %u, elements %llu\n",

		 hosts, (unsigned long long)elements);

	map = kzalloc(sizeof(*map), GFP_KERNEL);

	set->dsize = ip_set_elem_len(set, tb, 0, 0);

	map = ip_set_alloc(sizeof(*map) + elements * set->dsize);

	if (!map)

		return -ENOMEM;

	map->memsize = bitmap_bytes(0, elements - 1);

	set->variant = &bitmap_ip;

	set->dsize = ip_set_elem_len(set, tb, 0);

	if (!init_map_ip(set, map, first_ip, last_ip,

			 elements, hosts, netmask)) {

		kfree(map);

/* Type structure */

struct bitmap_ipmac {

	void *members;		/* the set members */

	void *extensions;	/* MAC + data extensions */

	u32 first_ip;		/* host byte order, included in range */

	u32 last_ip;		/* host byte order, included in range */

	u32 elements;		/* number of max elements in the set */

	size_t memsize;		/* members size */

	struct timer_list gc;	/* garbage collector */

	unsigned char extensions[0]	/* MAC + data extensions */

		__aligned(__alignof__(u64));

};

/* ADT structure for generic function args */

struct bitmap_ipmac_adt_elem {

	unsigned char ether[ETH_ALEN] __aligned(2);

	u16 id;

	unsigned char *ether;

	u16 add_mac;

};

struct bitmap_ipmac_elem {

	unsigned char ether[ETH_ALEN];

	unsigned char filled;

} __attribute__ ((aligned));

} __aligned(__alignof__(u64));

static inline u32

ip_to_id(const struct bitmap_ipmac *m, u32 ip)

	return ip - m->first_ip;

}

static inline struct bitmap_ipmac_elem *

get_elem(void *extensions, u16 id, size_t dsize)

{

	return (struct bitmap_ipmac_elem *)(extensions + id * dsize);

}

#define get_elem(extensions, id, dsize)		\

	(struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))

#define get_const_elem(extensions, id, dsize)	\

	(const struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))

/* Common functions */

	if (!test_bit(e->id, map->members))

		return 0;

	elem = get_elem(map->extensions, e->id, dsize);

	if (elem->filled == MAC_FILLED)

		return !e->ether ||

		       ether_addr_equal(e->ether, elem->ether);

	elem = get_const_elem(map->extensions, e->id, dsize);

	if (e->add_mac && elem->filled == MAC_FILLED)

		return ether_addr_equal(e->ether, elem->ether);

	/* Trigger kernel to fill out the ethernet address */

	return -EAGAIN;

}

	if (!test_bit(id, map->members))

		return 0;

	elem = get_elem(map->extensions, id, dsize);

	elem = get_const_elem(map->extensions, id, dsize);

	/* Timer not started for the incomplete elements */

	return elem->filled == MAC_FILLED;

}

		 * and we can reuse it later when MAC is filled out,

		 * possibly by the kernel

		 */

		if (e->ether)

		if (e->add_mac)

			ip_set_timeout_set(timeout, t);

		else

			*timeout = t;

	elem = get_elem(map->extensions, e->id, dsize);

	if (test_bit(e->id, map->members)) {

		if (elem->filled == MAC_FILLED) {

			if (e->ether &&

			if (e->add_mac &&

			    (flags & IPSET_FLAG_EXIST) &&

			    !ether_addr_equal(e->ether, elem->ether)) {

				/* memcpy isn't atomic */

				ether_addr_copy(elem->ether, e->ether);

			}

			return IPSET_ADD_FAILED;

		} else if (!e->ether)

		} else if (!e->add_mac)

			/* Already added without ethernet address */

			return IPSET_ADD_FAILED;

		/* Fill the MAC address and trigger the timer activation */

		ether_addr_copy(elem->ether, e->ether);

		elem->filled = MAC_FILLED;

		return IPSET_ADD_START_STORED_TIMEOUT;

	} else if (e->ether) {

	} else if (e->add_mac) {

		/* We can store MAC too */

		ether_addr_copy(elem->ether, e->ether);

		elem->filled = MAC_FILLED;

		     u32 id, size_t dsize)

{

	const struct bitmap_ipmac_elem *elem =

		get_elem(map->extensions, id, dsize);

		get_const_elem(map->extensions, id, dsize);

	return nla_put_ipaddr4(skb, IPSET_ATTR_IP,

			       htonl(map->first_ip + id)) ||

{

	struct bitmap_ipmac *map = set->data;

	ipset_adtfn adtfn = set->variant->adt[adt];

	struct bitmap_ipmac_adt_elem e = { .id = 0 };

	struct bitmap_ipmac_adt_elem e = { .id = 0, .add_mac = 1 };

	struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);

	u32 ip;

		return -EINVAL;

	e.id = ip_to_id(map, ip);

	e.ether = eth_hdr(skb)->h_source;

	memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN);

	return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);

}

		return -IPSET_ERR_BITMAP_RANGE;

	e.id = ip_to_id(map, ip);

	if (tb[IPSET_ATTR_ETHER])

		e.ether = nla_data(tb[IPSET_ATTR_ETHER]);

	else

		e.ether = NULL;

	if (tb[IPSET_ATTR_ETHER]) {

		memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);

		e.add_mac = 1;

	}

	ret = adtfn(set, &e, &ext, &ext, flags);

	return ip_set_eexist(ret, flags) ? 0 : ret;

	map->members = ip_set_alloc(map->memsize);

	if (!map->members)

		return false;

	if (set->dsize) {

		map->extensions = ip_set_alloc(set->dsize * elements);

		if (!map->extensions) {

			kfree(map->members);

			return false;

		}

	}

	map->first_ip = first_ip;

	map->last_ip = last_ip;

	map->elements = elements;

	if (elements > IPSET_BITMAP_MAX_RANGE + 1)

		return -IPSET_ERR_BITMAP_RANGE_SIZE;

	map = kzalloc(sizeof(*map), GFP_KERNEL);

	set->dsize = ip_set_elem_len(set, tb,

				     sizeof(struct bitmap_ipmac_elem),

				     __alignof__(struct bitmap_ipmac_elem));

	map = ip_set_alloc(sizeof(*map) + elements * set->dsize);

	if (!map)

		return -ENOMEM;

	map->memsize = bitmap_bytes(0, elements - 1);

	set->variant = &bitmap_ipmac;

	set->dsize = ip_set_elem_len(set, tb,

				     sizeof(struct bitmap_ipmac_elem));

	if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {

		kfree(map);

		return -ENOMEM;

/* Type structure */

struct bitmap_port {

	void *members;		/* the set members */

	void *extensions;	/* data extensions */

	u16 first_port;		/* host byte order, included in range */

	u16 last_port;		/* host byte order, included in range */

	u32 elements;		/* number of max elements in the set */

	size_t memsize;		/* members size */

	struct timer_list gc;	/* garbage collection */

	unsigned char extensions[0]	/* data extensions */

		__aligned(__alignof__(u64));

};

/* ADT structure for generic function args */

	map->members = ip_set_alloc(map->memsize);

	if (!map->members)

		return false;

	if (set->dsize) {

		map->extensions = ip_set_alloc(set->dsize * map->elements);

		if (!map->extensions) {

			kfree(map->members);

			return false;

		}

	}

	map->first_port = first_port;

	map->last_port = last_port;

	set->timeout = IPSET_NO_TIMEOUT;

{

	struct bitmap_port *map;

	u16 first_port, last_port;

	u32 elements;

	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||

		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||

		last_port = tmp;

	}

	map = kzalloc(sizeof(*map), GFP_KERNEL);

	elements = last_port - first_port + 1;

	set->dsize = ip_set_elem_len(set, tb, 0, 0);

	map = ip_set_alloc(sizeof(*map) + elements * set->dsize);

	if (!map)

		return -ENOMEM;

	map->elements = last_port - first_port + 1;

	map->elements = elements;

	map->memsize = bitmap_bytes(0, map->elements);

	set->variant = &bitmap_port;

	set->dsize = ip_set_elem_len(set, tb, 0);

	if (!init_map_port(set, map, first_port, last_port)) {

		kfree(map);

		return -ENOMEM;