1 /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
8 /* Kernel module implementing an IP set type: the hash:ip,port,net type */
10 #include <linux/jhash.h>
11 #include <linux/module.h>
13 #include <linux/skbuff.h>
14 #include <linux/errno.h>
15 #include <linux/random.h>
18 #include <net/netlink.h>
21 #include <linux/netfilter.h>
22 #include <linux/netfilter/ipset/pfxlen.h>
23 #include <linux/netfilter/ipset/ip_set.h>
24 #include <linux/netfilter/ipset/ip_set_timeout.h>
25 #include <linux/netfilter/ipset/ip_set_getport.h>
26 #include <linux/netfilter/ipset/ip_set_hash.h>
28 MODULE_LICENSE("GPL");
29 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
30 MODULE_DESCRIPTION("hash:ip,port,net type of IP sets");
31 MODULE_ALIAS("ip_set_hash:ip,port,net");
33 /* Type specific function prefix */
34 #define TYPE hash_ipportnet
37 hash_ipportnet_same_set(const struct ip_set *a, const struct ip_set *b);
39 #define hash_ipportnet4_same_set hash_ipportnet_same_set
40 #define hash_ipportnet6_same_set hash_ipportnet_same_set
42 /* The type variant functions: IPv4 */
44 /* We squeeze the "nomatch" flag into cidr: we don't support cidr == 0
45 * However this way we have to store internally cidr - 1,
46 * dancing back and forth.
48 #define IP_SET_HASH_WITH_NETS_PACKED
50 /* Member elements without timeout */
51 struct hash_ipportnet4_elem {
60 /* Member elements with timeout support */
61 struct hash_ipportnet4_telem {
68 unsigned long timeout;
72 hash_ipportnet4_data_equal(const struct hash_ipportnet4_elem *ip1,
73 const struct hash_ipportnet4_elem *ip2,
76 return ip1->ip == ip2->ip &&
77 ip1->ip2 == ip2->ip2 &&
78 ip1->cidr == ip2->cidr &&
79 ip1->port == ip2->port &&
80 ip1->proto == ip2->proto;
84 hash_ipportnet4_data_isnull(const struct hash_ipportnet4_elem *elem)
86 return elem->proto == 0;
90 hash_ipportnet4_data_copy(struct hash_ipportnet4_elem *dst,
91 const struct hash_ipportnet4_elem *src)
93 memcpy(dst, src, sizeof(*dst));
97 hash_ipportnet4_data_flags(struct hash_ipportnet4_elem *dst, u32 flags)
99 dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH);
103 hash_ipportnet4_data_match(const struct hash_ipportnet4_elem *elem)
105 return !elem->nomatch;
109 hash_ipportnet4_data_netmask(struct hash_ipportnet4_elem *elem, u8 cidr)
111 elem->ip2 &= ip_set_netmask(cidr);
112 elem->cidr = cidr - 1;
116 hash_ipportnet4_data_zero_out(struct hash_ipportnet4_elem *elem)
122 hash_ipportnet4_data_list(struct sk_buff *skb,
123 const struct hash_ipportnet4_elem *data)
125 u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
127 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
128 nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) ||
129 nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
130 nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
131 nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
133 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
134 goto nla_put_failure;
142 hash_ipportnet4_data_tlist(struct sk_buff *skb,
143 const struct hash_ipportnet4_elem *data)
145 const struct hash_ipportnet4_telem *tdata =
146 (const struct hash_ipportnet4_telem *)data;
147 u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
149 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
150 nla_put_ipaddr4(skb, IPSET_ATTR_IP2, tdata->ip2) ||
151 nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) ||
152 nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
153 nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
154 nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
155 htonl(ip_set_timeout_get(tdata->timeout))) ||
157 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
158 goto nla_put_failure;
165 #define IP_SET_HASH_WITH_PROTO
166 #define IP_SET_HASH_WITH_NETS
170 #include <linux/netfilter/ipset/ip_set_ahash.h>
173 hash_ipportnet4_data_next(struct ip_set_hash *h,
174 const struct hash_ipportnet4_elem *d)
176 h->next.ip = ntohl(d->ip);
177 h->next.port = ntohs(d->port);
178 h->next.ip2 = ntohl(d->ip2);
182 hash_ipportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
183 const struct xt_action_param *par,
184 enum ipset_adt adt, const struct ip_set_adt_opt *opt)
186 const struct ip_set_hash *h = set->data;
187 ipset_adtfn adtfn = set->variant->adt[adt];
188 struct hash_ipportnet4_elem data = {
189 .cidr = h->nets[0].cidr ? h->nets[0].cidr - 1 : HOST_MASK - 1
192 if (adt == IPSET_TEST)
193 data.cidr = HOST_MASK - 1;
195 if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
196 &data.port, &data.proto))
199 ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &data.ip);
200 ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &data.ip2);
201 data.ip2 &= ip_set_netmask(data.cidr + 1);
203 return adtfn(set, &data, opt_timeout(opt, h), opt->cmdflags);
207 hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
208 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
210 const struct ip_set_hash *h = set->data;
211 ipset_adtfn adtfn = set->variant->adt[adt];
212 struct hash_ipportnet4_elem data = { .cidr = HOST_MASK - 1 };
213 u32 ip, ip_to = 0, p = 0, port, port_to;
214 u32 ip2_from = 0, ip2_to, ip2_last, ip2;
215 u32 timeout = h->timeout;
216 bool with_ports = false;
220 if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
221 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
222 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
223 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
224 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
225 return -IPSET_ERR_PROTOCOL;
227 if (tb[IPSET_ATTR_LINENO])
228 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
230 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip);
234 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from);
238 if (tb[IPSET_ATTR_CIDR2]) {
239 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR2]);
240 if (!cidr || cidr > HOST_MASK)
241 return -IPSET_ERR_INVALID_CIDR;
242 data.cidr = cidr - 1;
245 if (tb[IPSET_ATTR_PORT])
246 data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
248 return -IPSET_ERR_PROTOCOL;
250 if (tb[IPSET_ATTR_PROTO]) {
251 data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
252 with_ports = ip_set_proto_with_ports(data.proto);
255 return -IPSET_ERR_INVALID_PROTO;
257 return -IPSET_ERR_MISSING_PROTO;
259 if (!(with_ports || data.proto == IPPROTO_ICMP))
262 if (tb[IPSET_ATTR_TIMEOUT]) {
263 if (!with_timeout(h->timeout))
264 return -IPSET_ERR_TIMEOUT;
265 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
268 if (tb[IPSET_ATTR_CADT_FLAGS] && adt == IPSET_ADD) {
269 u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
270 if (cadt_flags & IPSET_FLAG_NOMATCH)
271 flags |= (cadt_flags << 16);
274 with_ports = with_ports && tb[IPSET_ATTR_PORT_TO];
275 if (adt == IPSET_TEST ||
276 !(tb[IPSET_ATTR_CIDR] || tb[IPSET_ATTR_IP_TO] || with_ports ||
277 tb[IPSET_ATTR_IP2_TO])) {
279 data.ip2 = htonl(ip2_from & ip_set_hostmask(data.cidr + 1));
280 ret = adtfn(set, &data, timeout, flags);
281 return ip_set_eexist(ret, flags) ? 0 : ret;
284 if (tb[IPSET_ATTR_IP_TO]) {
285 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
290 } else if (tb[IPSET_ATTR_CIDR]) {
291 u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
294 return -IPSET_ERR_INVALID_CIDR;
295 ip_set_mask_from_to(ip, ip_to, cidr);
298 port_to = port = ntohs(data.port);
299 if (tb[IPSET_ATTR_PORT_TO]) {
300 port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
304 if (tb[IPSET_ATTR_IP2_TO]) {
305 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to);
308 if (ip2_from > ip2_to)
309 swap(ip2_from, ip2_to);
310 if (ip2_from + UINT_MAX == ip2_to)
311 return -IPSET_ERR_HASH_RANGE;
313 ip_set_mask_from_to(ip2_from, ip2_to, data.cidr + 1);
318 for (; !before(ip_to, ip); ip++) {
320 p = retried && ip == h->next.ip ? h->next.port : port;
321 for (; p <= port_to; p++) {
322 data.port = htons(p);
323 ip2 = retried && ip == h->next.ip && p == h->next.port
324 ? h->next.ip2 : ip2_from;
325 while (!after(ip2, ip2_to)) {
326 data.ip2 = htonl(ip2);
327 ip2_last = ip_set_range_to_cidr(ip2, ip2_to,
329 data.cidr = cidr - 1;
330 ret = adtfn(set, &data, timeout, flags);
332 if (ret && !ip_set_eexist(ret, flags))
344 hash_ipportnet_same_set(const struct ip_set *a, const struct ip_set *b)
346 const struct ip_set_hash *x = a->data;
347 const struct ip_set_hash *y = b->data;
349 /* Resizing changes htable_bits, so we ignore it */
350 return x->maxelem == y->maxelem &&
351 x->timeout == y->timeout;
354 /* The type variant functions: IPv6 */
356 struct hash_ipportnet6_elem {
357 union nf_inet_addr ip;
358 union nf_inet_addr ip2;
365 struct hash_ipportnet6_telem {
366 union nf_inet_addr ip;
367 union nf_inet_addr ip2;
372 unsigned long timeout;
376 hash_ipportnet6_data_equal(const struct hash_ipportnet6_elem *ip1,
377 const struct hash_ipportnet6_elem *ip2,
380 return ipv6_addr_cmp(&ip1->ip.in6, &ip2->ip.in6) == 0 &&
381 ipv6_addr_cmp(&ip1->ip2.in6, &ip2->ip2.in6) == 0 &&
382 ip1->cidr == ip2->cidr &&
383 ip1->port == ip2->port &&
384 ip1->proto == ip2->proto;
388 hash_ipportnet6_data_isnull(const struct hash_ipportnet6_elem *elem)
390 return elem->proto == 0;
394 hash_ipportnet6_data_copy(struct hash_ipportnet6_elem *dst,
395 const struct hash_ipportnet6_elem *src)
397 memcpy(dst, src, sizeof(*dst));
401 hash_ipportnet6_data_flags(struct hash_ipportnet6_elem *dst, u32 flags)
403 dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH);
407 hash_ipportnet6_data_match(const struct hash_ipportnet6_elem *elem)
409 return !elem->nomatch;
413 hash_ipportnet6_data_zero_out(struct hash_ipportnet6_elem *elem)
419 ip6_netmask(union nf_inet_addr *ip, u8 prefix)
421 ip->ip6[0] &= ip_set_netmask6(prefix)[0];
422 ip->ip6[1] &= ip_set_netmask6(prefix)[1];
423 ip->ip6[2] &= ip_set_netmask6(prefix)[2];
424 ip->ip6[3] &= ip_set_netmask6(prefix)[3];
428 hash_ipportnet6_data_netmask(struct hash_ipportnet6_elem *elem, u8 cidr)
430 ip6_netmask(&elem->ip2, cidr);
431 elem->cidr = cidr - 1;
435 hash_ipportnet6_data_list(struct sk_buff *skb,
436 const struct hash_ipportnet6_elem *data)
438 u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
440 if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
441 nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
442 nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
443 nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
444 nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
446 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
447 goto nla_put_failure;
455 hash_ipportnet6_data_tlist(struct sk_buff *skb,
456 const struct hash_ipportnet6_elem *data)
458 const struct hash_ipportnet6_telem *e =
459 (const struct hash_ipportnet6_telem *)data;
460 u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
462 if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
463 nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
464 nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
465 nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
466 nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
467 nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
468 htonl(ip_set_timeout_get(e->timeout))) ||
470 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
471 goto nla_put_failure;
482 #define HOST_MASK 128
483 #include <linux/netfilter/ipset/ip_set_ahash.h>
486 hash_ipportnet6_data_next(struct ip_set_hash *h,
487 const struct hash_ipportnet6_elem *d)
489 h->next.port = ntohs(d->port);
493 hash_ipportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
494 const struct xt_action_param *par,
495 enum ipset_adt adt, const struct ip_set_adt_opt *opt)
497 const struct ip_set_hash *h = set->data;
498 ipset_adtfn adtfn = set->variant->adt[adt];
499 struct hash_ipportnet6_elem data = {
500 .cidr = h->nets[0].cidr ? h->nets[0].cidr - 1 : HOST_MASK - 1
503 if (adt == IPSET_TEST)
504 data.cidr = HOST_MASK - 1;
506 if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC,
507 &data.port, &data.proto))
510 ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &data.ip.in6);
511 ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &data.ip2.in6);
512 ip6_netmask(&data.ip2, data.cidr + 1);
514 return adtfn(set, &data, opt_timeout(opt, h), opt->cmdflags);
518 hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
519 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
521 const struct ip_set_hash *h = set->data;
522 ipset_adtfn adtfn = set->variant->adt[adt];
523 struct hash_ipportnet6_elem data = { .cidr = HOST_MASK - 1 };
525 u32 timeout = h->timeout;
526 bool with_ports = false;
530 if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
531 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
532 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
533 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
534 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS) ||
535 tb[IPSET_ATTR_IP_TO] ||
536 tb[IPSET_ATTR_CIDR]))
537 return -IPSET_ERR_PROTOCOL;
538 if (unlikely(tb[IPSET_ATTR_IP_TO]))
539 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED;
541 if (tb[IPSET_ATTR_LINENO])
542 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
544 ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &data.ip);
548 ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &data.ip2);
552 if (tb[IPSET_ATTR_CIDR2]) {
553 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR2]);
554 if (!cidr || cidr > HOST_MASK)
555 return -IPSET_ERR_INVALID_CIDR;
556 data.cidr = cidr - 1;
559 ip6_netmask(&data.ip2, data.cidr + 1);
561 if (tb[IPSET_ATTR_PORT])
562 data.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
564 return -IPSET_ERR_PROTOCOL;
566 if (tb[IPSET_ATTR_PROTO]) {
567 data.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
568 with_ports = ip_set_proto_with_ports(data.proto);
571 return -IPSET_ERR_INVALID_PROTO;
573 return -IPSET_ERR_MISSING_PROTO;
575 if (!(with_ports || data.proto == IPPROTO_ICMPV6))
578 if (tb[IPSET_ATTR_TIMEOUT]) {
579 if (!with_timeout(h->timeout))
580 return -IPSET_ERR_TIMEOUT;
581 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
584 if (tb[IPSET_ATTR_CADT_FLAGS] && adt == IPSET_ADD) {
585 u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
586 if (cadt_flags & IPSET_FLAG_NOMATCH)
587 flags |= (cadt_flags << 16);
590 if (adt == IPSET_TEST || !with_ports || !tb[IPSET_ATTR_PORT_TO]) {
591 ret = adtfn(set, &data, timeout, flags);
592 return ip_set_eexist(ret, flags) ? 0 : ret;
595 port = ntohs(data.port);
596 port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
602 for (; port <= port_to; port++) {
603 data.port = htons(port);
604 ret = adtfn(set, &data, timeout, flags);
606 if (ret && !ip_set_eexist(ret, flags))
614 /* Create hash:ip type of sets */
617 hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
619 struct ip_set_hash *h;
620 u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
624 if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
625 return -IPSET_ERR_INVALID_FAMILY;
627 if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
628 !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
629 !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
630 return -IPSET_ERR_PROTOCOL;
632 if (tb[IPSET_ATTR_HASHSIZE]) {
633 hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]);
634 if (hashsize < IPSET_MIMINAL_HASHSIZE)
635 hashsize = IPSET_MIMINAL_HASHSIZE;
638 if (tb[IPSET_ATTR_MAXELEM])
639 maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]);
641 h = kzalloc(sizeof(*h)
642 + sizeof(struct ip_set_hash_nets)
643 * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
647 h->maxelem = maxelem;
648 get_random_bytes(&h->initval, sizeof(h->initval));
649 h->timeout = IPSET_NO_TIMEOUT;
651 hbits = htable_bits(hashsize);
652 hsize = htable_size(hbits);
657 h->table = ip_set_alloc(hsize);
662 h->table->htable_bits = hbits;
666 if (tb[IPSET_ATTR_TIMEOUT]) {
667 h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
669 set->variant = set->family == NFPROTO_IPV4
670 ? &hash_ipportnet4_tvariant
671 : &hash_ipportnet6_tvariant;
673 if (set->family == NFPROTO_IPV4)
674 hash_ipportnet4_gc_init(set);
676 hash_ipportnet6_gc_init(set);
678 set->variant = set->family == NFPROTO_IPV4
679 ? &hash_ipportnet4_variant : &hash_ipportnet6_variant;
682 pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n",
683 set->name, jhash_size(h->table->htable_bits),
684 h->table->htable_bits, h->maxelem, set->data, h->table);
689 static struct ip_set_type hash_ipportnet_type __read_mostly = {
690 .name = "hash:ip,port,net",
691 .protocol = IPSET_PROTOCOL,
692 .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
693 .dimension = IPSET_DIM_THREE,
694 .family = NFPROTO_UNSPEC,
696 /* 1 SCTP and UDPLITE support added */
697 /* 2 Range as input support for IPv4 added */
698 .revision_max = 3, /* nomatch flag support added */
699 .create = hash_ipportnet_create,
701 [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
702 [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
703 [IPSET_ATTR_PROBES] = { .type = NLA_U8 },
704 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
705 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
708 [IPSET_ATTR_IP] = { .type = NLA_NESTED },
709 [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED },
710 [IPSET_ATTR_IP2] = { .type = NLA_NESTED },
711 [IPSET_ATTR_IP2_TO] = { .type = NLA_NESTED },
712 [IPSET_ATTR_PORT] = { .type = NLA_U16 },
713 [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
714 [IPSET_ATTR_CIDR] = { .type = NLA_U8 },
715 [IPSET_ATTR_CIDR2] = { .type = NLA_U8 },
716 [IPSET_ATTR_PROTO] = { .type = NLA_U8 },
717 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
718 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
719 [IPSET_ATTR_LINENO] = { .type = NLA_U32 },
725 hash_ipportnet_init(void)
727 return ip_set_type_register(&hash_ipportnet_type);
731 hash_ipportnet_fini(void)
733 ip_set_type_unregister(&hash_ipportnet_type);
736 module_init(hash_ipportnet_init);
737 module_exit(hash_ipportnet_fini);
projects / karo-tx-linux.git / blob