1 /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
8 /* Kernel module implementing an IP set type: the bitmap:port type */
10 #include <linux/module.h>
12 #include <linux/skbuff.h>
13 #include <linux/errno.h>
14 #include <linux/netlink.h>
15 #include <linux/jiffies.h>
16 #include <linux/timer.h>
17 #include <net/netlink.h>
19 #include <linux/netfilter/ipset/ip_set.h>
20 #include <linux/netfilter/ipset/ip_set_bitmap.h>
21 #include <linux/netfilter/ipset/ip_set_getport.h>
22 #define IP_SET_BITMAP_TIMEOUT
23 #include <linux/netfilter/ipset/ip_set_timeout.h>
25 MODULE_LICENSE("GPL");
26 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
27 MODULE_DESCRIPTION("bitmap:port type of IP sets");
28 MODULE_ALIAS("ip_set_bitmap:port");
32 void *members; /* the set members */
33 u16 first_port; /* host byte order, included in range */
34 u16 last_port; /* host byte order, included in range */
35 size_t memsize; /* members size */
36 u32 timeout; /* timeout parameter */
37 struct timer_list gc; /* garbage collection */
43 bitmap_port_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
45 const struct bitmap_port *map = set->data;
46 u16 id = *(u16 *)value;
48 return !!test_bit(id, map->members);
52 bitmap_port_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
54 struct bitmap_port *map = set->data;
55 u16 id = *(u16 *)value;
57 if (test_and_set_bit(id, map->members))
58 return -IPSET_ERR_EXIST;
64 bitmap_port_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
66 struct bitmap_port *map = set->data;
67 u16 id = *(u16 *)value;
69 if (!test_and_clear_bit(id, map->members))
70 return -IPSET_ERR_EXIST;
76 bitmap_port_list(const struct ip_set *set,
77 struct sk_buff *skb, struct netlink_callback *cb)
79 const struct bitmap_port *map = set->data;
80 struct nlattr *atd, *nested;
81 u16 id, first = cb->args[2];
82 u16 last = map->last_port - map->first_port;
84 atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
87 for (; cb->args[2] <= last; cb->args[2]++) {
89 if (!test_bit(id, map->members))
91 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
94 nla_nest_cancel(skb, atd);
99 if (nla_put_net16(skb, IPSET_ATTR_PORT,
100 htons(map->first_port + id)))
101 goto nla_put_failure;
102 ipset_nest_end(skb, nested);
104 ipset_nest_end(skb, atd);
105 /* Set listing finished */
111 nla_nest_cancel(skb, nested);
112 ipset_nest_end(skb, atd);
113 if (unlikely(id == first)) {
120 /* Timeout variant */
123 bitmap_port_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
125 const struct bitmap_port *map = set->data;
126 const unsigned long *members = map->members;
127 u16 id = *(u16 *)value;
129 return ip_set_timeout_test(members[id]);
133 bitmap_port_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
135 struct bitmap_port *map = set->data;
136 unsigned long *members = map->members;
137 u16 id = *(u16 *)value;
139 if (ip_set_timeout_test(members[id]) && !(flags & IPSET_FLAG_EXIST))
140 return -IPSET_ERR_EXIST;
142 members[id] = ip_set_timeout_set(timeout);
148 bitmap_port_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
150 struct bitmap_port *map = set->data;
151 unsigned long *members = map->members;
152 u16 id = *(u16 *)value;
153 int ret = -IPSET_ERR_EXIST;
155 if (ip_set_timeout_test(members[id]))
158 members[id] = IPSET_ELEM_UNSET;
163 bitmap_port_tlist(const struct ip_set *set,
164 struct sk_buff *skb, struct netlink_callback *cb)
166 const struct bitmap_port *map = set->data;
167 struct nlattr *adt, *nested;
168 u16 id, first = cb->args[2];
169 u16 last = map->last_port - map->first_port;
170 const unsigned long *members = map->members;
172 adt = ipset_nest_start(skb, IPSET_ATTR_ADT);
175 for (; cb->args[2] <= last; cb->args[2]++) {
177 if (!ip_set_timeout_test(members[id]))
179 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
182 nla_nest_cancel(skb, adt);
185 goto nla_put_failure;
187 if (nla_put_net16(skb, IPSET_ATTR_PORT,
188 htons(map->first_port + id)) ||
189 nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
190 htonl(ip_set_timeout_get(members[id]))))
191 goto nla_put_failure;
192 ipset_nest_end(skb, nested);
194 ipset_nest_end(skb, adt);
196 /* Set listing finished */
202 nla_nest_cancel(skb, nested);
203 ipset_nest_end(skb, adt);
204 if (unlikely(id == first)) {
212 bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb,
213 const struct xt_action_param *par,
214 enum ipset_adt adt, const struct ip_set_adt_opt *opt)
216 struct bitmap_port *map = set->data;
217 ipset_adtfn adtfn = set->variant->adt[adt];
221 if (!ip_set_get_ip_port(skb, opt->family,
222 opt->flags & IPSET_DIM_ONE_SRC, &__port))
225 port = ntohs(__port);
227 if (port < map->first_port || port > map->last_port)
228 return -IPSET_ERR_BITMAP_RANGE;
230 port -= map->first_port;
232 return adtfn(set, &port, opt_timeout(opt, map), opt->cmdflags);
236 bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[],
237 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
239 struct bitmap_port *map = set->data;
240 ipset_adtfn adtfn = set->variant->adt[adt];
241 u32 timeout = map->timeout;
242 u32 port; /* wraparound */
246 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
247 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
248 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
249 return -IPSET_ERR_PROTOCOL;
251 if (tb[IPSET_ATTR_LINENO])
252 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
254 port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
255 if (port < map->first_port || port > map->last_port)
256 return -IPSET_ERR_BITMAP_RANGE;
258 if (tb[IPSET_ATTR_TIMEOUT]) {
259 if (!with_timeout(map->timeout))
260 return -IPSET_ERR_TIMEOUT;
261 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
264 if (adt == IPSET_TEST) {
265 id = port - map->first_port;
266 return adtfn(set, &id, timeout, flags);
269 if (tb[IPSET_ATTR_PORT_TO]) {
270 port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
271 if (port > port_to) {
273 if (port < map->first_port)
274 return -IPSET_ERR_BITMAP_RANGE;
279 if (port_to > map->last_port)
280 return -IPSET_ERR_BITMAP_RANGE;
282 for (; port <= port_to; port++) {
283 id = port - map->first_port;
284 ret = adtfn(set, &id, timeout, flags);
286 if (ret && !ip_set_eexist(ret, flags))
295 bitmap_port_destroy(struct ip_set *set)
297 struct bitmap_port *map = set->data;
299 if (with_timeout(map->timeout))
300 del_timer_sync(&map->gc);
302 ip_set_free(map->members);
309 bitmap_port_flush(struct ip_set *set)
311 struct bitmap_port *map = set->data;
313 memset(map->members, 0, map->memsize);
317 bitmap_port_head(struct ip_set *set, struct sk_buff *skb)
319 const struct bitmap_port *map = set->data;
320 struct nlattr *nested;
322 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
324 goto nla_put_failure;
325 if (nla_put_net16(skb, IPSET_ATTR_PORT, htons(map->first_port)) ||
326 nla_put_net16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port)) ||
327 nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
328 nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
329 htonl(sizeof(*map) + map->memsize)) ||
330 (with_timeout(map->timeout) &&
331 nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
332 goto nla_put_failure;
333 ipset_nest_end(skb, nested);
341 bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b)
343 const struct bitmap_port *x = a->data;
344 const struct bitmap_port *y = b->data;
346 return x->first_port == y->first_port &&
347 x->last_port == y->last_port &&
348 x->timeout == y->timeout;
351 static const struct ip_set_type_variant bitmap_port = {
352 .kadt = bitmap_port_kadt,
353 .uadt = bitmap_port_uadt,
355 [IPSET_ADD] = bitmap_port_add,
356 [IPSET_DEL] = bitmap_port_del,
357 [IPSET_TEST] = bitmap_port_test,
359 .destroy = bitmap_port_destroy,
360 .flush = bitmap_port_flush,
361 .head = bitmap_port_head,
362 .list = bitmap_port_list,
363 .same_set = bitmap_port_same_set,
366 static const struct ip_set_type_variant bitmap_tport = {
367 .kadt = bitmap_port_kadt,
368 .uadt = bitmap_port_uadt,
370 [IPSET_ADD] = bitmap_port_tadd,
371 [IPSET_DEL] = bitmap_port_tdel,
372 [IPSET_TEST] = bitmap_port_ttest,
374 .destroy = bitmap_port_destroy,
375 .flush = bitmap_port_flush,
376 .head = bitmap_port_head,
377 .list = bitmap_port_tlist,
378 .same_set = bitmap_port_same_set,
382 bitmap_port_gc(unsigned long ul_set)
384 struct ip_set *set = (struct ip_set *) ul_set;
385 struct bitmap_port *map = set->data;
386 unsigned long *table = map->members;
387 u32 id; /* wraparound */
388 u16 last = map->last_port - map->first_port;
390 /* We run parallel with other readers (test element)
391 * but adding/deleting new entries is locked out */
392 read_lock_bh(&set->lock);
393 for (id = 0; id <= last; id++)
394 if (ip_set_timeout_expired(table[id]))
395 table[id] = IPSET_ELEM_UNSET;
396 read_unlock_bh(&set->lock);
398 map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
403 bitmap_port_gc_init(struct ip_set *set)
405 struct bitmap_port *map = set->data;
407 init_timer(&map->gc);
408 map->gc.data = (unsigned long) set;
409 map->gc.function = bitmap_port_gc;
410 map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
414 /* Create bitmap:ip type of sets */
417 init_map_port(struct ip_set *set, struct bitmap_port *map,
418 u16 first_port, u16 last_port)
420 map->members = ip_set_alloc(map->memsize);
423 map->first_port = first_port;
424 map->last_port = last_port;
425 map->timeout = IPSET_NO_TIMEOUT;
428 set->family = NFPROTO_UNSPEC;
434 bitmap_port_create(struct ip_set *set, struct nlattr *tb[],
437 struct bitmap_port *map;
438 u16 first_port, last_port;
440 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
441 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||
442 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
443 return -IPSET_ERR_PROTOCOL;
445 first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
446 last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
447 if (first_port > last_port) {
448 u16 tmp = first_port;
450 first_port = last_port;
454 map = kzalloc(sizeof(*map), GFP_KERNEL);
458 if (tb[IPSET_ATTR_TIMEOUT]) {
459 map->memsize = (last_port - first_port + 1)
460 * sizeof(unsigned long);
462 if (!init_map_port(set, map, first_port, last_port)) {
467 map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
468 set->variant = &bitmap_tport;
470 bitmap_port_gc_init(set);
472 map->memsize = bitmap_bytes(0, last_port - first_port);
473 pr_debug("memsize: %zu\n", map->memsize);
474 if (!init_map_port(set, map, first_port, last_port)) {
479 set->variant = &bitmap_port;
484 static struct ip_set_type bitmap_port_type = {
485 .name = "bitmap:port",
486 .protocol = IPSET_PROTOCOL,
487 .features = IPSET_TYPE_PORT,
488 .dimension = IPSET_DIM_ONE,
489 .family = NFPROTO_UNSPEC,
492 .create = bitmap_port_create,
494 [IPSET_ATTR_PORT] = { .type = NLA_U16 },
495 [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
496 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
499 [IPSET_ATTR_PORT] = { .type = NLA_U16 },
500 [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
501 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
502 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
508 bitmap_port_init(void)
510 return ip_set_type_register(&bitmap_port_type);
514 bitmap_port_fini(void)
516 ip_set_type_unregister(&bitmap_port_type);
519 module_init(bitmap_port_init);
520 module_exit(bitmap_port_fini);