net/netfilter/ipset/ip_set_bitmap_ipmac.c

   1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
   2  *                         Patrick Schaaf <bof@bof.de>
   3  *                         Martin Josefsson <gandalf@wlug.westbo.se>
   4  * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  */
  10
  11 /* Kernel module implementing an IP set type: the bitmap:ip,mac type */
  12
  13 #include <linux/module.h>
  14 #include <linux/ip.h>
  15 #include <linux/etherdevice.h>
  16 #include <linux/skbuff.h>
  17 #include <linux/errno.h>
  18 #include <linux/if_ether.h>
  19 #include <linux/netlink.h>
  20 #include <linux/jiffies.h>
  21 #include <linux/timer.h>
  22 #include <net/netlink.h>
  23
  24 #include <linux/netfilter/ipset/pfxlen.h>
  25 #include <linux/netfilter/ipset/ip_set.h>
  26 #include <linux/netfilter/ipset/ip_set_timeout.h>
  27 #include <linux/netfilter/ipset/ip_set_bitmap.h>
  28
  29 #define REVISION_MIN    0
  30 #define REVISION_MAX    0
  31
  32 MODULE_LICENSE("GPL");
  33 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
  34 IP_SET_MODULE_DESC("bitmap:ip,mac", REVISION_MIN, REVISION_MAX);
  35 MODULE_ALIAS("ip_set_bitmap:ip,mac");
  36
  37 enum {
  38         MAC_EMPTY,              /* element is not set */
  39         MAC_FILLED,             /* element is set with MAC */
  40         MAC_UNSET,              /* element is set, without MAC */
  41 };
  42
  43 /* Type structure */
  44 struct bitmap_ipmac {
  45         void *members;          /* the set members */
  46         u32 first_ip;           /* host byte order, included in range */
  47         u32 last_ip;            /* host byte order, included in range */
  48         u32 timeout;            /* timeout value */
  49         struct timer_list gc;   /* garbage collector */
  50         size_t dsize;           /* size of element */
  51 };
  52
  53 /* ADT structure for generic function args */
  54 struct ipmac {
  55         u32 id;                 /* id in array */
  56         unsigned char *ether;   /* ethernet address */
  57 };
  58
  59 /* Member element without and with timeout */
  60
  61 struct ipmac_elem {
  62         unsigned char ether[ETH_ALEN];
  63         unsigned char match;
  64 } __attribute__ ((aligned));
  65
  66 struct ipmac_telem {
  67         unsigned char ether[ETH_ALEN];
  68         unsigned char match;
  69         unsigned long timeout;
  70 } __attribute__ ((aligned));
  71
  72 static inline void *
  73 bitmap_ipmac_elem(const struct bitmap_ipmac *map, u32 id)
  74 {
  75         return (void *)((char *)map->members + id * map->dsize);
  76 }
  77
  78 static inline bool
  79 bitmap_timeout(const struct bitmap_ipmac *map, u32 id)
  80 {
  81         const struct ipmac_telem *elem = bitmap_ipmac_elem(map, id);
  82
  83         return ip_set_timeout_test(elem->timeout);
  84 }
  85
  86 static inline bool
  87 bitmap_expired(const struct bitmap_ipmac *map, u32 id)
  88 {
  89         const struct ipmac_telem *elem = bitmap_ipmac_elem(map, id);
  90
  91         return ip_set_timeout_expired(elem->timeout);
  92 }
  93
  94 static inline int
  95 bitmap_ipmac_exist(const struct ipmac_telem *elem)
  96 {
  97         return elem->match == MAC_UNSET ||
  98                (elem->match == MAC_FILLED &&
  99                 !ip_set_timeout_expired(elem->timeout));
 100 }
 101
 102 /* Base variant */
 103
 104 static int
 105 bitmap_ipmac_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
 106 {
 107         const struct bitmap_ipmac *map = set->data;
 108         const struct ipmac *data = value;
 109         const struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 110
 111         switch (elem->match) {
 112         case MAC_UNSET:
 113                 /* Trigger kernel to fill out the ethernet address */
 114                 return -EAGAIN;
 115         case MAC_FILLED:
 116                 return data->ether == NULL ||
 117                        ether_addr_equal(data->ether, elem->ether);
 118         }
 119         return 0;
 120 }
 121
 122 static int
 123 bitmap_ipmac_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
 124 {
 125         struct bitmap_ipmac *map = set->data;
 126         const struct ipmac *data = value;
 127         struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 128
 129         switch (elem->match) {
 130         case MAC_UNSET:
 131                 if (!data->ether)
 132                         /* Already added without ethernet address */
 133                         return -IPSET_ERR_EXIST;
 134                 /* Fill the MAC address */
 135                 memcpy(elem->ether, data->ether, ETH_ALEN);
 136                 elem->match = MAC_FILLED;
 137                 break;
 138         case MAC_FILLED:
 139                 return -IPSET_ERR_EXIST;
 140         case MAC_EMPTY:
 141                 if (data->ether) {
 142                         memcpy(elem->ether, data->ether, ETH_ALEN);
 143                         elem->match = MAC_FILLED;
 144                 } else
 145                         elem->match = MAC_UNSET;
 146         }
 147
 148         return 0;
 149 }
 150
 151 static int
 152 bitmap_ipmac_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
 153 {
 154         struct bitmap_ipmac *map = set->data;
 155         const struct ipmac *data = value;
 156         struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 157
 158         if (elem->match == MAC_EMPTY)
 159                 return -IPSET_ERR_EXIST;
 160
 161         elem->match = MAC_EMPTY;
 162
 163         return 0;
 164 }
 165
 166 static int
 167 bitmap_ipmac_list(const struct ip_set *set,
 168                   struct sk_buff *skb, struct netlink_callback *cb)
 169 {
 170         const struct bitmap_ipmac *map = set->data;
 171         const struct ipmac_elem *elem;
 172         struct nlattr *atd, *nested;
 173         u32 id, first = cb->args[2];
 174         u32 last = map->last_ip - map->first_ip;
 175
 176         atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
 177         if (!atd)
 178                 return -EMSGSIZE;
 179         for (; cb->args[2] <= last; cb->args[2]++) {
 180                 id = cb->args[2];
 181                 elem = bitmap_ipmac_elem(map, id);
 182                 if (elem->match == MAC_EMPTY)
 183                         continue;
 184                 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
 185                 if (!nested) {
 186                         if (id == first) {
 187                                 nla_nest_cancel(skb, atd);
 188                                 return -EMSGSIZE;
 189                         } else
 190                                 goto nla_put_failure;
 191                 }
 192                 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
 193                                     htonl(map->first_ip + id)) ||
 194                     (elem->match == MAC_FILLED &&
 195                      nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN,
 196                              elem->ether)))
 197                         goto nla_put_failure;
 198                 ipset_nest_end(skb, nested);
 199         }
 200         ipset_nest_end(skb, atd);
 201         /* Set listing finished */
 202         cb->args[2] = 0;
 203
 204         return 0;
 205
 206 nla_put_failure:
 207         nla_nest_cancel(skb, nested);
 208         ipset_nest_end(skb, atd);
 209         if (unlikely(id == first)) {
 210                 cb->args[2] = 0;
 211                 return -EMSGSIZE;
 212         }
 213         return 0;
 214 }
 215
 216 /* Timeout variant */
 217
 218 static int
 219 bitmap_ipmac_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
 220 {
 221         const struct bitmap_ipmac *map = set->data;
 222         const struct ipmac *data = value;
 223         const struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 224
 225         switch (elem->match) {
 226         case MAC_UNSET:
 227                 /* Trigger kernel to fill out the ethernet address */
 228                 return -EAGAIN;
 229         case MAC_FILLED:
 230                 return (data->ether == NULL ||
 231                         ether_addr_equal(data->ether, elem->ether)) &&
 232                        !bitmap_expired(map, data->id);
 233         }
 234         return 0;
 235 }
 236
 237 static int
 238 bitmap_ipmac_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
 239 {
 240         struct bitmap_ipmac *map = set->data;
 241         const struct ipmac *data = value;
 242         struct ipmac_telem *elem = bitmap_ipmac_elem(map, data->id);
 243         bool flag_exist = flags & IPSET_FLAG_EXIST;
 244
 245         switch (elem->match) {
 246         case MAC_UNSET:
 247                 if (!(data->ether || flag_exist))
 248                         /* Already added without ethernet address */
 249                         return -IPSET_ERR_EXIST;
 250                 /* Fill the MAC address and activate the timer */
 251                 memcpy(elem->ether, data->ether, ETH_ALEN);
 252                 elem->match = MAC_FILLED;
 253                 if (timeout == map->timeout)
 254                         /* Timeout was not specified, get stored one */
 255                         timeout = elem->timeout;
 256                 elem->timeout = ip_set_timeout_set(timeout);
 257                 break;
 258         case MAC_FILLED:
 259                 if (!(bitmap_expired(map, data->id) || flag_exist))
 260                         return -IPSET_ERR_EXIST;
 261                 /* Fall through */
 262         case MAC_EMPTY:
 263                 if (data->ether) {
 264                         memcpy(elem->ether, data->ether, ETH_ALEN);
 265                         elem->match = MAC_FILLED;
 266                 } else
 267                         elem->match = MAC_UNSET;
 268                 /* If MAC is unset yet, we store plain timeout value
 269                  * because the timer is not activated yet
 270                  * and we can reuse it later when MAC is filled out,
 271                  * possibly by the kernel */
 272                 elem->timeout = data->ether ? ip_set_timeout_set(timeout)
 273                                             : timeout;
 274                 break;
 275         }
 276
 277         return 0;
 278 }
 279
 280 static int
 281 bitmap_ipmac_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
 282 {
 283         struct bitmap_ipmac *map = set->data;
 284         const struct ipmac *data = value;
 285         struct ipmac_telem *elem = bitmap_ipmac_elem(map, data->id);
 286
 287         if (elem->match == MAC_EMPTY || bitmap_expired(map, data->id))
 288                 return -IPSET_ERR_EXIST;
 289
 290         elem->match = MAC_EMPTY;
 291
 292         return 0;
 293 }
 294
 295 static int
 296 bitmap_ipmac_tlist(const struct ip_set *set,
 297                    struct sk_buff *skb, struct netlink_callback *cb)
 298 {
 299         const struct bitmap_ipmac *map = set->data;
 300         const struct ipmac_telem *elem;
 301         struct nlattr *atd, *nested;
 302         u32 id, first = cb->args[2];
 303         u32 timeout, last = map->last_ip - map->first_ip;
 304
 305         atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
 306         if (!atd)
 307                 return -EMSGSIZE;
 308         for (; cb->args[2] <= last; cb->args[2]++) {
 309                 id = cb->args[2];
 310                 elem = bitmap_ipmac_elem(map, id);
 311                 if (!bitmap_ipmac_exist(elem))
 312                         continue;
 313                 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
 314                 if (!nested) {
 315                         if (id == first) {
 316                                 nla_nest_cancel(skb, atd);
 317                                 return -EMSGSIZE;
 318                         } else
 319                                 goto nla_put_failure;
 320                 }
 321                 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
 322                                     htonl(map->first_ip + id)) ||
 323                     (elem->match == MAC_FILLED &&
 324                      nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN,
 325                              elem->ether)))
 326                         goto nla_put_failure;
 327                 timeout = elem->match == MAC_UNSET ? elem->timeout
 328                                 : ip_set_timeout_get(elem->timeout);
 329                 if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(timeout)))
 330                         goto nla_put_failure;
 331                 ipset_nest_end(skb, nested);
 332         }
 333         ipset_nest_end(skb, atd);
 334         /* Set listing finished */
 335         cb->args[2] = 0;
 336
 337         return 0;
 338
 339 nla_put_failure:
 340         nla_nest_cancel(skb, nested);
 341         ipset_nest_end(skb, atd);
 342         if (unlikely(id == first)) {
 343                 cb->args[2] = 0;
 344                 return -EMSGSIZE;
 345         }
 346         return 0;
 347 }
 348
 349 static int
 350 bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
 351                   const struct xt_action_param *par,
 352                   enum ipset_adt adt, const struct ip_set_adt_opt *opt)
 353 {
 354         struct bitmap_ipmac *map = set->data;
 355         ipset_adtfn adtfn = set->variant->adt[adt];
 356         struct ipmac data;
 357
 358         /* MAC can be src only */
 359         if (!(opt->flags & IPSET_DIM_TWO_SRC))
 360                 return 0;
 361
 362         data.id = ntohl(ip4addr(skb, opt->flags & IPSET_DIM_ONE_SRC));
 363         if (data.id < map->first_ip || data.id > map->last_ip)
 364                 return -IPSET_ERR_BITMAP_RANGE;
 365
 366         /* Backward compatibility: we don't check the second flag */
 367         if (skb_mac_header(skb) < skb->head ||
 368             (skb_mac_header(skb) + ETH_HLEN) > skb->data)
 369                 return -EINVAL;
 370
 371         data.id -= map->first_ip;
 372         data.ether = eth_hdr(skb)->h_source;
 373
 374         return adtfn(set, &data, opt_timeout(opt, map), opt->cmdflags);
 375 }
 376
 377 static int
 378 bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
 379                   enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
 380 {
 381         const struct bitmap_ipmac *map = set->data;
 382         ipset_adtfn adtfn = set->variant->adt[adt];
 383         struct ipmac data;
 384         u32 timeout = map->timeout;
 385         int ret = 0;
 386
 387         if (unlikely(!tb[IPSET_ATTR_IP] ||
 388                      !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
 389                 return -IPSET_ERR_PROTOCOL;
 390
 391         if (tb[IPSET_ATTR_LINENO])
 392                 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
 393
 394         ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &data.id);
 395         if (ret)
 396                 return ret;
 397
 398         if (data.id < map->first_ip || data.id > map->last_ip)
 399                 return -IPSET_ERR_BITMAP_RANGE;
 400
 401         if (tb[IPSET_ATTR_ETHER])
 402                 data.ether = nla_data(tb[IPSET_ATTR_ETHER]);
 403         else
 404                 data.ether = NULL;
 405
 406         if (tb[IPSET_ATTR_TIMEOUT]) {
 407                 if (!with_timeout(map->timeout))
 408                         return -IPSET_ERR_TIMEOUT;
 409                 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 410         }
 411
 412         data.id -= map->first_ip;
 413
 414         ret = adtfn(set, &data, timeout, flags);
 415
 416         return ip_set_eexist(ret, flags) ? 0 : ret;
 417 }
 418
 419 static void
 420 bitmap_ipmac_destroy(struct ip_set *set)
 421 {
 422         struct bitmap_ipmac *map = set->data;
 423
 424         if (with_timeout(map->timeout))
 425                 del_timer_sync(&map->gc);
 426
 427         ip_set_free(map->members);
 428         kfree(map);
 429
 430         set->data = NULL;
 431 }
 432
 433 static void
 434 bitmap_ipmac_flush(struct ip_set *set)
 435 {
 436         struct bitmap_ipmac *map = set->data;
 437
 438         memset(map->members, 0,
 439                (map->last_ip - map->first_ip + 1) * map->dsize);
 440 }
 441
 442 static int
 443 bitmap_ipmac_head(struct ip_set *set, struct sk_buff *skb)
 444 {
 445         const struct bitmap_ipmac *map = set->data;
 446         struct nlattr *nested;
 447
 448         nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
 449         if (!nested)
 450                 goto nla_put_failure;
 451         if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) ||
 452             nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)) ||
 453             nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
 454             nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
 455                           htonl(sizeof(*map) +
 456                                 ((map->last_ip - map->first_ip + 1) *
 457                                  map->dsize))) ||
 458             (with_timeout(map->timeout) &&
 459              nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
 460                 goto nla_put_failure;
 461         ipset_nest_end(skb, nested);
 462
 463         return 0;
 464 nla_put_failure:
 465         return -EMSGSIZE;
 466 }
 467
 468 static bool
 469 bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b)
 470 {
 471         const struct bitmap_ipmac *x = a->data;
 472         const struct bitmap_ipmac *y = b->data;
 473
 474         return x->first_ip == y->first_ip &&
 475                x->last_ip == y->last_ip &&
 476                x->timeout == y->timeout;
 477 }
 478
 479 static const struct ip_set_type_variant bitmap_ipmac = {
 480         .kadt   = bitmap_ipmac_kadt,
 481         .uadt   = bitmap_ipmac_uadt,
 482         .adt    = {
 483                 [IPSET_ADD] = bitmap_ipmac_add,
 484                 [IPSET_DEL] = bitmap_ipmac_del,
 485                 [IPSET_TEST] = bitmap_ipmac_test,
 486         },
 487         .destroy = bitmap_ipmac_destroy,
 488         .flush  = bitmap_ipmac_flush,
 489         .head   = bitmap_ipmac_head,
 490         .list   = bitmap_ipmac_list,
 491         .same_set = bitmap_ipmac_same_set,
 492 };
 493
 494 static const struct ip_set_type_variant bitmap_tipmac = {
 495         .kadt   = bitmap_ipmac_kadt,
 496         .uadt   = bitmap_ipmac_uadt,
 497         .adt    = {
 498                 [IPSET_ADD] = bitmap_ipmac_tadd,
 499                 [IPSET_DEL] = bitmap_ipmac_tdel,
 500                 [IPSET_TEST] = bitmap_ipmac_ttest,
 501         },
 502         .destroy = bitmap_ipmac_destroy,
 503         .flush  = bitmap_ipmac_flush,
 504         .head   = bitmap_ipmac_head,
 505         .list   = bitmap_ipmac_tlist,
 506         .same_set = bitmap_ipmac_same_set,
 507 };
 508
 509 static void
 510 bitmap_ipmac_gc(unsigned long ul_set)
 511 {
 512         struct ip_set *set = (struct ip_set *) ul_set;
 513         struct bitmap_ipmac *map = set->data;
 514         struct ipmac_telem *elem;
 515         u32 id, last = map->last_ip - map->first_ip;
 516
 517         /* We run parallel with other readers (test element)
 518          * but adding/deleting new entries is locked out */
 519         read_lock_bh(&set->lock);
 520         for (id = 0; id <= last; id++) {
 521                 elem = bitmap_ipmac_elem(map, id);
 522                 if (elem->match == MAC_FILLED &&
 523                     ip_set_timeout_expired(elem->timeout))
 524                         elem->match = MAC_EMPTY;
 525         }
 526         read_unlock_bh(&set->lock);
 527
 528         map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
 529         add_timer(&map->gc);
 530 }
 531
 532 static void
 533 bitmap_ipmac_gc_init(struct ip_set *set)
 534 {
 535         struct bitmap_ipmac *map = set->data;
 536
 537         init_timer(&map->gc);
 538         map->gc.data = (unsigned long) set;
 539         map->gc.function = bitmap_ipmac_gc;
 540         map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
 541         add_timer(&map->gc);
 542 }
 543
 544 /* Create bitmap:ip,mac type of sets */
 545
 546 static bool
 547 init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
 548                u32 first_ip, u32 last_ip)
 549 {
 550         map->members = ip_set_alloc((last_ip - first_ip + 1) * map->dsize);
 551         if (!map->members)
 552                 return false;
 553         map->first_ip = first_ip;
 554         map->last_ip = last_ip;
 555         map->timeout = IPSET_NO_TIMEOUT;
 556
 557         set->data = map;
 558         set->family = NFPROTO_IPV4;
 559
 560         return true;
 561 }
 562
 563 static int
 564 bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],
 565                     u32 flags)
 566 {
 567         u32 first_ip, last_ip;
 568         u64 elements;
 569         struct bitmap_ipmac *map;
 570         int ret;
 571
 572         if (unlikely(!tb[IPSET_ATTR_IP] ||
 573                      !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
 574                 return -IPSET_ERR_PROTOCOL;
 575
 576         ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &first_ip);
 577         if (ret)
 578                 return ret;
 579
 580         if (tb[IPSET_ATTR_IP_TO]) {
 581                 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &last_ip);
 582                 if (ret)
 583                         return ret;
 584                 if (first_ip > last_ip) {
 585                         u32 tmp = first_ip;
 586
 587                         first_ip = last_ip;
 588                         last_ip = tmp;
 589                 }
 590         } else if (tb[IPSET_ATTR_CIDR]) {
 591                 u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
 592
 593                 if (cidr >= 32)
 594                         return -IPSET_ERR_INVALID_CIDR;
 595                 ip_set_mask_from_to(first_ip, last_ip, cidr);
 596         } else
 597                 return -IPSET_ERR_PROTOCOL;
 598
 599         elements = (u64)last_ip - first_ip + 1;
 600
 601         if (elements > IPSET_BITMAP_MAX_RANGE + 1)
 602                 return -IPSET_ERR_BITMAP_RANGE_SIZE;
 603
 604         map = kzalloc(sizeof(*map), GFP_KERNEL);
 605         if (!map)
 606                 return -ENOMEM;
 607
 608         if (tb[IPSET_ATTR_TIMEOUT]) {
 609                 map->dsize = sizeof(struct ipmac_telem);
 610
 611                 if (!init_map_ipmac(set, map, first_ip, last_ip)) {
 612                         kfree(map);
 613                         return -ENOMEM;
 614                 }
 615
 616                 map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 617
 618                 set->variant = &bitmap_tipmac;
 619
 620                 bitmap_ipmac_gc_init(set);
 621         } else {
 622                 map->dsize = sizeof(struct ipmac_elem);
 623
 624                 if (!init_map_ipmac(set, map, first_ip, last_ip)) {
 625                         kfree(map);
 626                         return -ENOMEM;
 627                 }
 628                 set->variant = &bitmap_ipmac;
 629
 630         }
 631         return 0;
 632 }
 633
 634 static struct ip_set_type bitmap_ipmac_type = {
 635         .name           = "bitmap:ip,mac",
 636         .protocol       = IPSET_PROTOCOL,
 637         .features       = IPSET_TYPE_IP | IPSET_TYPE_MAC,
 638         .dimension      = IPSET_DIM_TWO,
 639         .family         = NFPROTO_IPV4,
 640         .revision_min   = REVISION_MIN,
 641         .revision_max   = REVISION_MAX,
 642         .create         = bitmap_ipmac_create,
 643         .create_policy  = {
 644                 [IPSET_ATTR_IP]         = { .type = NLA_NESTED },
 645                 [IPSET_ATTR_IP_TO]      = { .type = NLA_NESTED },
 646                 [IPSET_ATTR_CIDR]       = { .type = NLA_U8 },
 647                 [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
 648         },
 649         .adt_policy     = {
 650                 [IPSET_ATTR_IP]         = { .type = NLA_NESTED },
 651                 [IPSET_ATTR_ETHER]      = { .type = NLA_BINARY,
 652                                             .len  = ETH_ALEN },
 653                 [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
 654                 [IPSET_ATTR_LINENO]     = { .type = NLA_U32 },
 655         },
 656         .me             = THIS_MODULE,
 657 };
 658
 659 static int __init
 660 bitmap_ipmac_init(void)
 661 {
 662         return ip_set_type_register(&bitmap_ipmac_type);
 663 }
 664
 665 static void __exit
 666 bitmap_ipmac_fini(void)
 667 {
 668         ip_set_type_unregister(&bitmap_ipmac_type);
 669 }
 670
 671 module_init(bitmap_ipmac_init);
 672 module_exit(bitmap_ipmac_fini);