Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fda75c6d authored by Oliver Smith's avatar Oliver Smith Committed by Jozsef Kadlecsik
Browse files

netfilter: ipset: Support comments in hash-type ipsets. 



This provides kernel support for creating ipsets with comment support.

This does incur a penalty to flushing/destroying an ipset since all
entries are walked in order to free the allocated strings, this penalty
is of course less expensive than the operation of listing an ipset to
userspace, so for general-purpose usage the overall impact is expected
to be little to none.

Signed-off-by: default avatarOliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent 81b10bb4

net/netfilter/ipset/ip_set_hash_gen.h

+8 −6
Original line number Diff line number Diff line
@@ -701,6 +701,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, 
		ip_set_timeout_set(ext_timeout(data, set), ext->timeout);

	if (SET_WITH_COUNTER(set))

		ip_set_init_counter(ext_counter(data, set), ext);

	if (SET_WITH_COMMENT(set))

		ip_set_init_comment(ext_comment(data, set), ext);



out:

	rcu_read_unlock_bh();
@@ -908,12 +910,9 @@ mtype_head(struct ip_set *set, struct sk_buff *skb) 
		goto nla_put_failure;

#endif

	if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||

	    nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||

	    ((set->extensions & IPSET_EXT_TIMEOUT) &&

	     nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(set->timeout))) ||

	    ((set->extensions & IPSET_EXT_COUNTER) &&

	     nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS,

			   htonl(IPSET_FLAG_WITH_COUNTERS))))

	    nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)))

		goto nla_put_failure;

	if (unlikely(ip_set_put_flags(skb, set)))

		goto nla_put_failure;

	ipset_nest_end(skb, nested);
@@ -970,6 +969,9 @@ mtype_list(const struct ip_set *set, 
			if (SET_WITH_COUNTER(set) &&

			    ip_set_put_counter(skb, ext_counter(e, set)))

				goto nla_put_failure;

			if (SET_WITH_COMMENT(set) &&

			    ip_set_put_comment(skb, ext_comment(e, set)))

				goto nla_put_failure;

			ipset_nest_end(skb, nested);

		}

	}

net/netfilter/ipset/ip_set_hash_ip.c

+3 −1
Original line number Diff line number Diff line
@@ -24,7 +24,8 @@ 
#include <linux/netfilter/ipset/ip_set_hash.h>



#define IPSET_TYPE_REV_MIN	0

#define IPSET_TYPE_REV_MAX	1	/* Counters support */

/*				1	   Counters support */

#define IPSET_TYPE_REV_MAX	2	/* Comments support */



MODULE_LICENSE("GPL");

MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -292,6 +293,7 @@ static struct ip_set_type hash_ip_type __read_mostly = { 
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },

		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },

		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },

		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },

	},

	.me		= THIS_MODULE,

};

net/netfilter/ipset/ip_set_hash_ipport.c

+3 −1
Original line number Diff line number Diff line
@@ -26,7 +26,8 @@ 


#define IPSET_TYPE_REV_MIN	0

/*				1    SCTP and UDPLITE support added */

#define IPSET_TYPE_REV_MAX	2 /* Counters support added */

/*				2    Counters support added */

#define IPSET_TYPE_REV_MAX	3 /* Comments support added */



MODULE_LICENSE("GPL");

MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -367,6 +368,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = { 
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },

		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },

		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },

		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },

	},

	.me		= THIS_MODULE,

};

net/netfilter/ipset/ip_set_hash_ipportip.c

+3 −1
Original line number Diff line number Diff line
@@ -26,7 +26,8 @@ 


#define IPSET_TYPE_REV_MIN	0

/*				1    SCTP and UDPLITE support added */

#define IPSET_TYPE_REV_MAX	2 /* Counters support added */

/*				2    Counters support added */

#define IPSET_TYPE_REV_MAX	3 /* Comments support added */



MODULE_LICENSE("GPL");

MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -379,6 +380,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { 
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },

		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },

		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },

		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },

	},

	.me		= THIS_MODULE,

};

net/netfilter/ipset/ip_set_hash_ipportnet.c

+3 −1
Original line number Diff line number Diff line
@@ -28,7 +28,8 @@ 
/*				1    SCTP and UDPLITE support added */

/*				2    Range as input support for IPv4 added */

/*				3    nomatch flag support added */

#define IPSET_TYPE_REV_MAX	4 /* Counters support added */

/*				4    Counters support added */

#define IPSET_TYPE_REV_MAX	5 /* Comments support added */



MODULE_LICENSE("GPL");

MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -538,6 +539,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { 
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },

		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },

		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },

		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },

	},

	.me		= THIS_MODULE,

};