Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 255566
b: refs/heads/master
c: 5416219
h: refs/heads/master
v: v3
  • Loading branch information
Jozsef Kadlecsik authored and Patrick McHardy committed Jun 16, 2011
1 parent f0aa1cb commit a25d689
Show file tree
Hide file tree
Showing 13 changed files with 137 additions and 102 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 619c15171f6f58681013cdd439632505fd563ba6
refs/heads/master: 5416219e5ca4504ea80d662fdda7337e52e86ee5
3 changes: 2 additions & 1 deletion trunk/include/linux/netfilter/ipset/ip_set.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,8 @@ enum ip_set_feature {

struct ip_set;

typedef int (*ipset_adtfn)(struct ip_set *set, void *value, u32 timeout);
typedef int (*ipset_adtfn)(struct ip_set *set, void *value,
u32 timeout, u32 flags);

/* Set type, variant-specific part */
struct ip_set_type_variant {
Expand Down
15 changes: 8 additions & 7 deletions trunk/include/linux/netfilter/ipset/ip_set_ahash.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ type_pf_resize(struct ip_set *set, bool retried)
/* Add an element to a hash and update the internal counters when succeeded,
* otherwise report the proper error code. */
static int
type_pf_add(struct ip_set *set, void *value, u32 timeout)
type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct ip_set_hash *h = set->data;
struct htable *t;
Expand Down Expand Up @@ -388,7 +388,7 @@ type_pf_add(struct ip_set *set, void *value, u32 timeout)
* and free up space if possible.
*/
static int
type_pf_del(struct ip_set *set, void *value, u32 timeout)
type_pf_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct ip_set_hash *h = set->data;
struct htable *t = h->table;
Expand Down Expand Up @@ -463,7 +463,7 @@ type_pf_test_cidrs(struct ip_set *set, struct type_pf_elem *d, u32 timeout)

/* Test whether the element is added to the set */
static int
type_pf_test(struct ip_set *set, void *value, u32 timeout)
type_pf_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct ip_set_hash *h = set->data;
struct htable *t = h->table;
Expand Down Expand Up @@ -776,14 +776,15 @@ type_pf_tresize(struct ip_set *set, bool retried)
}

static int
type_pf_tadd(struct ip_set *set, void *value, u32 timeout)
type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct ip_set_hash *h = set->data;
struct htable *t = h->table;
const struct type_pf_elem *d = value;
struct hbucket *n;
struct type_pf_elem *data;
int ret = 0, i, j = AHASH_MAX_SIZE + 1;
bool flag_exist = flags & IPSET_FLAG_EXIST;
u32 key;

if (h->elements >= h->maxelem)
Expand All @@ -799,7 +800,7 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout)
for (i = 0; i < n->pos; i++) {
data = ahash_tdata(n, i);
if (type_pf_data_equal(data, d)) {
if (type_pf_data_expired(data))
if (type_pf_data_expired(data) || flag_exist)
j = i;
else {
ret = -IPSET_ERR_EXIST;
Expand Down Expand Up @@ -833,7 +834,7 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout)
}

static int
type_pf_tdel(struct ip_set *set, void *value, u32 timeout)
type_pf_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct ip_set_hash *h = set->data;
struct htable *t = h->table;
Expand Down Expand Up @@ -905,7 +906,7 @@ type_pf_ttest_cidrs(struct ip_set *set, struct type_pf_elem *d, u32 timeout)
#endif

static int
type_pf_ttest(struct ip_set *set, void *value, u32 timeout)
type_pf_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct ip_set_hash *h = set->data;
struct htable *t = h->table;
Expand Down
20 changes: 10 additions & 10 deletions trunk/net/netfilter/ipset/ip_set_bitmap_ip.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ ip_to_id(const struct bitmap_ip *m, u32 ip)
}

static int
bitmap_ip_test(struct ip_set *set, void *value, u32 timeout)
bitmap_ip_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
const struct bitmap_ip *map = set->data;
u16 id = *(u16 *)value;
Expand All @@ -63,7 +63,7 @@ bitmap_ip_test(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ip_add(struct ip_set *set, void *value, u32 timeout)
bitmap_ip_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ip *map = set->data;
u16 id = *(u16 *)value;
Expand All @@ -75,7 +75,7 @@ bitmap_ip_add(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ip_del(struct ip_set *set, void *value, u32 timeout)
bitmap_ip_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ip *map = set->data;
u16 id = *(u16 *)value;
Expand Down Expand Up @@ -131,7 +131,7 @@ bitmap_ip_list(const struct ip_set *set,
/* Timeout variant */

static int
bitmap_ip_ttest(struct ip_set *set, void *value, u32 timeout)
bitmap_ip_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
const struct bitmap_ip *map = set->data;
const unsigned long *members = map->members;
Expand All @@ -141,13 +141,13 @@ bitmap_ip_ttest(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ip_tadd(struct ip_set *set, void *value, u32 timeout)
bitmap_ip_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ip *map = set->data;
unsigned long *members = map->members;
u16 id = *(u16 *)value;

if (ip_set_timeout_test(members[id]))
if (ip_set_timeout_test(members[id]) && !(flags & IPSET_FLAG_EXIST))
return -IPSET_ERR_EXIST;

members[id] = ip_set_timeout_set(timeout);
Expand All @@ -156,7 +156,7 @@ bitmap_ip_tadd(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ip_tdel(struct ip_set *set, void *value, u32 timeout)
bitmap_ip_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ip *map = set->data;
unsigned long *members = map->members;
Expand Down Expand Up @@ -231,7 +231,7 @@ bitmap_ip_kadt(struct ip_set *set, const struct sk_buff *skb,

ip = ip_to_id(map, ip);

return adtfn(set, &ip, map->timeout);
return adtfn(set, &ip, map->timeout, flags);
}

static int
Expand Down Expand Up @@ -266,7 +266,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],

if (adt == IPSET_TEST) {
id = ip_to_id(map, ip);
return adtfn(set, &id, timeout);
return adtfn(set, &id, timeout, flags);
}

if (tb[IPSET_ATTR_IP_TO]) {
Expand All @@ -293,7 +293,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],

for (; !before(ip_to, ip); ip += map->hosts) {
id = ip_to_id(map, ip);
ret = adtfn(set, &id, timeout);
ret = adtfn(set, &id, timeout, flags);

if (ret && !ip_set_eexist(ret, flags))
return ret;
Expand Down
21 changes: 11 additions & 10 deletions trunk/net/netfilter/ipset/ip_set_bitmap_ipmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ bitmap_ipmac_exist(const struct ipmac_telem *elem)
/* Base variant */

static int
bitmap_ipmac_test(struct ip_set *set, void *value, u32 timeout)
bitmap_ipmac_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
const struct bitmap_ipmac *map = set->data;
const struct ipmac *data = value;
Expand All @@ -117,7 +117,7 @@ bitmap_ipmac_test(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ipmac_add(struct ip_set *set, void *value, u32 timeout)
bitmap_ipmac_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ipmac *map = set->data;
const struct ipmac *data = value;
Expand Down Expand Up @@ -146,7 +146,7 @@ bitmap_ipmac_add(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ipmac_del(struct ip_set *set, void *value, u32 timeout)
bitmap_ipmac_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ipmac *map = set->data;
const struct ipmac *data = value;
Expand Down Expand Up @@ -212,7 +212,7 @@ bitmap_ipmac_list(const struct ip_set *set,
/* Timeout variant */

static int
bitmap_ipmac_ttest(struct ip_set *set, void *value, u32 timeout)
bitmap_ipmac_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
const struct bitmap_ipmac *map = set->data;
const struct ipmac *data = value;
Expand All @@ -231,15 +231,16 @@ bitmap_ipmac_ttest(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ipmac_tadd(struct ip_set *set, void *value, u32 timeout)
bitmap_ipmac_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ipmac *map = set->data;
const struct ipmac *data = value;
struct ipmac_telem *elem = bitmap_ipmac_elem(map, data->id);
bool flag_exist = flags & IPSET_FLAG_EXIST;

switch (elem->match) {
case MAC_UNSET:
if (!data->ether)
if (!(data->ether || flag_exist))
/* Already added without ethernet address */
return -IPSET_ERR_EXIST;
/* Fill the MAC address and activate the timer */
Expand All @@ -251,7 +252,7 @@ bitmap_ipmac_tadd(struct ip_set *set, void *value, u32 timeout)
elem->timeout = ip_set_timeout_set(timeout);
break;
case MAC_FILLED:
if (!bitmap_expired(map, data->id))
if (!(bitmap_expired(map, data->id) || flag_exist))
return -IPSET_ERR_EXIST;
/* Fall through */
case MAC_EMPTY:
Expand All @@ -273,7 +274,7 @@ bitmap_ipmac_tadd(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_ipmac_tdel(struct ip_set *set, void *value, u32 timeout)
bitmap_ipmac_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_ipmac *map = set->data;
const struct ipmac *data = value;
Expand Down Expand Up @@ -359,7 +360,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
data.id -= map->first_ip;
data.ether = eth_hdr(skb)->h_source;

return adtfn(set, &data, map->timeout);
return adtfn(set, &data, map->timeout, flags);
}

static int
Expand Down Expand Up @@ -399,7 +400,7 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],

data.id -= map->first_ip;

ret = adtfn(set, &data, timeout);
ret = adtfn(set, &data, timeout, flags);

return ip_set_eexist(ret, flags) ? 0 : ret;
}
Expand Down
20 changes: 10 additions & 10 deletions trunk/net/netfilter/ipset/ip_set_bitmap_port.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ struct bitmap_port {
/* Base variant */

static int
bitmap_port_test(struct ip_set *set, void *value, u32 timeout)
bitmap_port_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
const struct bitmap_port *map = set->data;
u16 id = *(u16 *)value;
Expand All @@ -49,7 +49,7 @@ bitmap_port_test(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_port_add(struct ip_set *set, void *value, u32 timeout)
bitmap_port_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_port *map = set->data;
u16 id = *(u16 *)value;
Expand All @@ -61,7 +61,7 @@ bitmap_port_add(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_port_del(struct ip_set *set, void *value, u32 timeout)
bitmap_port_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_port *map = set->data;
u16 id = *(u16 *)value;
Expand Down Expand Up @@ -119,7 +119,7 @@ bitmap_port_list(const struct ip_set *set,
/* Timeout variant */

static int
bitmap_port_ttest(struct ip_set *set, void *value, u32 timeout)
bitmap_port_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
const struct bitmap_port *map = set->data;
const unsigned long *members = map->members;
Expand All @@ -129,13 +129,13 @@ bitmap_port_ttest(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_port_tadd(struct ip_set *set, void *value, u32 timeout)
bitmap_port_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_port *map = set->data;
unsigned long *members = map->members;
u16 id = *(u16 *)value;

if (ip_set_timeout_test(members[id]))
if (ip_set_timeout_test(members[id]) && !(flags & IPSET_FLAG_EXIST))
return -IPSET_ERR_EXIST;

members[id] = ip_set_timeout_set(timeout);
Expand All @@ -144,7 +144,7 @@ bitmap_port_tadd(struct ip_set *set, void *value, u32 timeout)
}

static int
bitmap_port_tdel(struct ip_set *set, void *value, u32 timeout)
bitmap_port_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
struct bitmap_port *map = set->data;
unsigned long *members = map->members;
Expand Down Expand Up @@ -225,7 +225,7 @@ bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb,

port -= map->first_port;

return adtfn(set, &port, map->timeout);
return adtfn(set, &port, map->timeout, flags);
}

static int
Expand Down Expand Up @@ -259,7 +259,7 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[],

if (adt == IPSET_TEST) {
id = port - map->first_port;
return adtfn(set, &id, timeout);
return adtfn(set, &id, timeout, flags);
}

if (tb[IPSET_ATTR_PORT_TO]) {
Expand All @@ -277,7 +277,7 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[],

for (; port <= port_to; port++) {
id = port - map->first_port;
ret = adtfn(set, &id, timeout);
ret = adtfn(set, &id, timeout, flags);

if (ret && !ip_set_eexist(ret, flags))
return ret;
Expand Down
10 changes: 5 additions & 5 deletions trunk/net/netfilter/ipset/ip_set_hash_ip.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb,
if (ip == 0)
return -EINVAL;

return adtfn(set, &ip, h->timeout);
return adtfn(set, &ip, h->timeout, flags);
}

static int
Expand Down Expand Up @@ -157,7 +157,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
nip = htonl(ip);
if (nip == 0)
return -IPSET_ERR_HASH_ELEM;
return adtfn(set, &nip, timeout);
return adtfn(set, &nip, timeout, flags);
}

if (tb[IPSET_ATTR_IP_TO]) {
Expand All @@ -182,7 +182,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
nip = htonl(ip);
if (nip == 0)
return -IPSET_ERR_HASH_ELEM;
ret = adtfn(set, &nip, timeout);
ret = adtfn(set, &nip, timeout, flags);

if (ret && !ip_set_eexist(ret, flags))
return ret;
Expand Down Expand Up @@ -294,7 +294,7 @@ hash_ip6_kadt(struct ip_set *set, const struct sk_buff *skb,
if (ipv6_addr_any(&ip.in6))
return -EINVAL;

return adtfn(set, &ip, h->timeout);
return adtfn(set, &ip, h->timeout, flags);
}

static const struct nla_policy hash_ip6_adt_policy[IPSET_ATTR_ADT_MAX + 1] = {
Expand Down Expand Up @@ -336,7 +336,7 @@ hash_ip6_uadt(struct ip_set *set, struct nlattr *tb[],
timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
}

ret = adtfn(set, &ip, timeout);
ret = adtfn(set, &ip, timeout, flags);

return ip_set_eexist(ret, flags) ? 0 : ret;
}
Expand Down
Loading

0 comments on commit a25d689

Please sign in to comment.