]>
Commit | Line | Data |
---|---|---|
d2912cb1 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
1c5ba67d | 2 | /* Copyright (C) 2011-2013 Jozsef Kadlecsik <kadlec@netfilter.org> */ |
e385357a JK |
3 | |
4 | /* Kernel module implementing an IP set type: the hash:net,iface type */ | |
5 | ||
6 | #include <linux/jhash.h> | |
7 | #include <linux/module.h> | |
8 | #include <linux/ip.h> | |
9 | #include <linux/skbuff.h> | |
10 | #include <linux/errno.h> | |
11 | #include <linux/random.h> | |
e385357a JK |
12 | #include <net/ip.h> |
13 | #include <net/ipv6.h> | |
14 | #include <net/netlink.h> | |
15 | ||
16 | #include <linux/netfilter.h> | |
c737b7c4 | 17 | #include <linux/netfilter_bridge.h> |
e385357a JK |
18 | #include <linux/netfilter/ipset/pfxlen.h> |
19 | #include <linux/netfilter/ipset/ip_set.h> | |
e385357a JK |
20 | #include <linux/netfilter/ipset/ip_set_hash.h> |
21 | ||
35b8dcf8 JK |
22 | #define IPSET_TYPE_REV_MIN 0 |
23 | /* 1 nomatch flag support added */ | |
24 | /* 2 /0 support added */ | |
fda75c6d | 25 | /* 3 Counters support added */ |
07cf8f5a | 26 | /* 4 Comments support added */ |
af331419 AD |
27 | /* 5 Forceadd support added */ |
28 | #define IPSET_TYPE_REV_MAX 6 /* skbinfo support added */ | |
10111a6e | 29 | |
e385357a | 30 | MODULE_LICENSE("GPL"); |
fe03d474 | 31 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>"); |
35b8dcf8 | 32 | IP_SET_MODULE_DESC("hash:net,iface", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); |
e385357a JK |
33 | MODULE_ALIAS("ip_set_hash:net,iface"); |
34 | ||
e385357a | 35 | /* Type specific function prefix */ |
5d50e1d8 JK |
36 | #define HTYPE hash_netiface |
37 | #define IP_SET_HASH_WITH_NETS | |
5d50e1d8 | 38 | #define IP_SET_HASH_WITH_MULTI |
59de79cf | 39 | #define IP_SET_HASH_WITH_NET0 |
e385357a | 40 | |
bd55389c | 41 | #define STRLCPY(a, b) strlcpy(a, b, IFNAMSIZ) |
e385357a | 42 | |
03c8b234 | 43 | /* IPv4 variant */ |
e385357a | 44 | |
89dc79b7 JK |
45 | struct hash_netiface4_elem_hashed { |
46 | __be32 ip; | |
47 | u8 physdev; | |
48 | u8 cidr; | |
2a7cef2a | 49 | u8 nomatch; |
bd9087e0 | 50 | u8 elem; |
89dc79b7 JK |
51 | }; |
52 | ||
03c8b234 | 53 | /* Member elements */ |
e385357a JK |
54 | struct hash_netiface4_elem { |
55 | __be32 ip; | |
e385357a JK |
56 | u8 physdev; |
57 | u8 cidr; | |
2a7cef2a | 58 | u8 nomatch; |
bd9087e0 | 59 | u8 elem; |
bd55389c | 60 | char iface[IFNAMSIZ]; |
e385357a JK |
61 | }; |
62 | ||
5d50e1d8 JK |
63 | /* Common functions */ |
64 | ||
8dea982a | 65 | static bool |
e385357a | 66 | hash_netiface4_data_equal(const struct hash_netiface4_elem *ip1, |
89dc79b7 JK |
67 | const struct hash_netiface4_elem *ip2, |
68 | u32 *multi) | |
e385357a JK |
69 | { |
70 | return ip1->ip == ip2->ip && | |
71 | ip1->cidr == ip2->cidr && | |
89dc79b7 | 72 | (++*multi) && |
e385357a | 73 | ip1->physdev == ip2->physdev && |
bd55389c | 74 | strcmp(ip1->iface, ip2->iface) == 0; |
e385357a JK |
75 | } |
76 | ||
8dea982a | 77 | static int |
5d50e1d8 | 78 | hash_netiface4_do_data_match(const struct hash_netiface4_elem *elem) |
e385357a | 79 | { |
5d50e1d8 | 80 | return elem->nomatch ? -ENOTEMPTY : 1; |
e385357a JK |
81 | } |
82 | ||
8dea982a | 83 | static void |
5d50e1d8 | 84 | hash_netiface4_data_set_flags(struct hash_netiface4_elem *elem, u32 flags) |
2a7cef2a | 85 | { |
5d50e1d8 | 86 | elem->nomatch = (flags >> 16) & IPSET_FLAG_NOMATCH; |
2a7cef2a JK |
87 | } |
88 | ||
8dea982a | 89 | static void |
5d50e1d8 | 90 | hash_netiface4_data_reset_flags(struct hash_netiface4_elem *elem, u8 *flags) |
2a7cef2a | 91 | { |
5d50e1d8 | 92 | swap(*flags, elem->nomatch); |
e385357a JK |
93 | } |
94 | ||
8dea982a | 95 | static void |
e385357a JK |
96 | hash_netiface4_data_netmask(struct hash_netiface4_elem *elem, u8 cidr) |
97 | { | |
98 | elem->ip &= ip_set_netmask(cidr); | |
99 | elem->cidr = cidr; | |
100 | } | |
101 | ||
e385357a JK |
102 | static bool |
103 | hash_netiface4_data_list(struct sk_buff *skb, | |
104 | const struct hash_netiface4_elem *data) | |
105 | { | |
106 | u32 flags = data->physdev ? IPSET_FLAG_PHYSDEV : 0; | |
107 | ||
2a7cef2a JK |
108 | if (data->nomatch) |
109 | flags |= IPSET_FLAG_NOMATCH; | |
7cf7899d DM |
110 | if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || |
111 | nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
112 | nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) || | |
113 | (flags && | |
114 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
115 | goto nla_put_failure; | |
728a7e69 | 116 | return false; |
e385357a JK |
117 | |
118 | nla_put_failure: | |
728a7e69 | 119 | return true; |
e385357a JK |
120 | } |
121 | ||
8dea982a | 122 | static void |
5d50e1d8 JK |
123 | hash_netiface4_data_next(struct hash_netiface4_elem *next, |
124 | const struct hash_netiface4_elem *d) | |
e385357a | 125 | { |
5d50e1d8 | 126 | next->ip = d->ip; |
e385357a JK |
127 | } |
128 | ||
5d50e1d8 | 129 | #define MTYPE hash_netiface4 |
e385357a | 130 | #define HOST_MASK 32 |
5d50e1d8 JK |
131 | #define HKEY_DATALEN sizeof(struct hash_netiface4_elem_hashed) |
132 | #include "ip_set_hash_gen.h" | |
e385357a | 133 | |
c737b7c4 FW |
134 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) |
135 | static const char *get_physindev_name(const struct sk_buff *skb) | |
136 | { | |
137 | struct net_device *dev = nf_bridge_get_physindev(skb); | |
138 | ||
139 | return dev ? dev->name : NULL; | |
140 | } | |
141 | ||
ca0f6a5c | 142 | static const char *get_physoutdev_name(const struct sk_buff *skb) |
c737b7c4 FW |
143 | { |
144 | struct net_device *dev = nf_bridge_get_physoutdev(skb); | |
145 | ||
146 | return dev ? dev->name : NULL; | |
147 | } | |
148 | #endif | |
149 | ||
e385357a JK |
150 | static int |
151 | hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb, | |
152 | const struct xt_action_param *par, | |
5d50e1d8 | 153 | enum ipset_adt adt, struct ip_set_adt_opt *opt) |
e385357a | 154 | { |
21956ab2 | 155 | struct hash_netiface4 *h = set->data; |
e385357a | 156 | ipset_adtfn adtfn = set->variant->adt[adt]; |
5d50e1d8 | 157 | struct hash_netiface4_elem e = { |
f690cbae | 158 | .cidr = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK), |
bd9087e0 | 159 | .elem = 1, |
e385357a | 160 | }; |
ca134ce8 | 161 | struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); |
e385357a | 162 | |
e385357a | 163 | if (adt == IPSET_TEST) |
5d50e1d8 | 164 | e.cidr = HOST_MASK; |
e385357a | 165 | |
5d50e1d8 JK |
166 | ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip); |
167 | e.ip &= ip_set_netmask(e.cidr); | |
e385357a | 168 | |
613dbd95 | 169 | #define IFACE(dir) (par->state->dir ? par->state->dir->name : "") |
e385357a JK |
170 | #define SRCDIR (opt->flags & IPSET_DIM_TWO_SRC) |
171 | ||
172 | if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { | |
1109a90c | 173 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) |
bd55389c | 174 | const char *eiface = SRCDIR ? get_physindev_name(skb) : |
ca0f6a5c | 175 | get_physoutdev_name(skb); |
15b4d93f | 176 | |
bd55389c | 177 | if (!eiface) |
e385357a | 178 | return -EINVAL; |
bd55389c | 179 | STRLCPY(e.iface, eiface); |
5d50e1d8 | 180 | e.physdev = 1; |
e385357a | 181 | #endif |
ca0f6a5c | 182 | } else { |
bd55389c | 183 | STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out)); |
ca0f6a5c | 184 | } |
e385357a | 185 | |
bd55389c | 186 | if (strlen(e.iface) == 0) |
e385357a | 187 | return -EINVAL; |
5d50e1d8 | 188 | return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); |
e385357a JK |
189 | } |
190 | ||
191 | static int | |
192 | hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], | |
193 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) | |
194 | { | |
21956ab2 | 195 | struct hash_netiface4 *h = set->data; |
e385357a | 196 | ipset_adtfn adtfn = set->variant->adt[adt]; |
5d50e1d8 | 197 | struct hash_netiface4_elem e = { .cidr = HOST_MASK, .elem = 1 }; |
ca134ce8 | 198 | struct ip_set_ext ext = IP_SET_INIT_UEXT(set); |
0b8d9073 | 199 | u32 ip = 0, ip_to = 0; |
e385357a JK |
200 | int ret; |
201 | ||
a212e08e SP |
202 | if (tb[IPSET_ATTR_LINENO]) |
203 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
204 | ||
e385357a JK |
205 | if (unlikely(!tb[IPSET_ATTR_IP] || |
206 | !tb[IPSET_ATTR_IFACE] || | |
7dd37bc8 | 207 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) |
e385357a JK |
208 | return -IPSET_ERR_PROTOCOL; |
209 | ||
8e55d2e5 SP |
210 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip); |
211 | if (ret) | |
212 | return ret; | |
213 | ||
214 | ret = ip_set_get_extensions(set, tb, &ext); | |
e385357a JK |
215 | if (ret) |
216 | return ret; | |
217 | ||
218 | if (tb[IPSET_ATTR_CIDR]) { | |
5d50e1d8 JK |
219 | e.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); |
220 | if (e.cidr > HOST_MASK) | |
15b4d93f | 221 | return -IPSET_ERR_INVALID_CIDR; |
e385357a | 222 | } |
bd55389c | 223 | nla_strlcpy(e.iface, tb[IPSET_ATTR_IFACE], IFNAMSIZ); |
e385357a JK |
224 | |
225 | if (tb[IPSET_ATTR_CADT_FLAGS]) { | |
15b4d93f | 226 | u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); |
ca0f6a5c | 227 | |
15b4d93f | 228 | if (cadt_flags & IPSET_FLAG_PHYSDEV) |
5d50e1d8 | 229 | e.physdev = 1; |
43c56e59 JK |
230 | if (cadt_flags & IPSET_FLAG_NOMATCH) |
231 | flags |= (IPSET_FLAG_NOMATCH << 16); | |
e385357a | 232 | } |
e385357a | 233 | if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) { |
5d50e1d8 JK |
234 | e.ip = htonl(ip & ip_set_hostmask(e.cidr)); |
235 | ret = adtfn(set, &e, &ext, &ext, flags); | |
0f1799ba | 236 | return ip_set_enomatch(ret, flags, adt, set) ? -ret : |
43c56e59 | 237 | ip_set_eexist(ret, flags) ? 0 : ret; |
e385357a JK |
238 | } |
239 | ||
240 | if (tb[IPSET_ATTR_IP_TO]) { | |
241 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | |
242 | if (ret) | |
243 | return ret; | |
244 | if (ip_to < ip) | |
245 | swap(ip, ip_to); | |
246 | if (ip + UINT_MAX == ip_to) | |
247 | return -IPSET_ERR_HASH_RANGE; | |
ca0f6a5c | 248 | } else { |
5d50e1d8 | 249 | ip_set_mask_from_to(ip, ip_to, e.cidr); |
ca0f6a5c | 250 | } |
e385357a JK |
251 | |
252 | if (retried) | |
6e27c9b4 | 253 | ip = ntohl(h->next.ip); |
0b8d9073 | 254 | do { |
5d50e1d8 | 255 | e.ip = htonl(ip); |
0b8d9073 | 256 | ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr); |
5d50e1d8 | 257 | ret = adtfn(set, &e, &ext, &ext, flags); |
e385357a JK |
258 | |
259 | if (ret && !ip_set_eexist(ret, flags)) | |
260 | return ret; | |
ca0f6a5c JK |
261 | |
262 | ret = 0; | |
0b8d9073 | 263 | } while (ip++ < ip_to); |
e385357a JK |
264 | return ret; |
265 | } | |
266 | ||
03c8b234 | 267 | /* IPv6 variant */ |
e385357a | 268 | |
89dc79b7 JK |
269 | struct hash_netiface6_elem_hashed { |
270 | union nf_inet_addr ip; | |
271 | u8 physdev; | |
272 | u8 cidr; | |
2a7cef2a | 273 | u8 nomatch; |
bd9087e0 | 274 | u8 elem; |
89dc79b7 JK |
275 | }; |
276 | ||
e385357a JK |
277 | struct hash_netiface6_elem { |
278 | union nf_inet_addr ip; | |
e385357a JK |
279 | u8 physdev; |
280 | u8 cidr; | |
2a7cef2a | 281 | u8 nomatch; |
bd9087e0 | 282 | u8 elem; |
bd55389c | 283 | char iface[IFNAMSIZ]; |
e385357a JK |
284 | }; |
285 | ||
5d50e1d8 JK |
286 | /* Common functions */ |
287 | ||
8dea982a | 288 | static bool |
e385357a | 289 | hash_netiface6_data_equal(const struct hash_netiface6_elem *ip1, |
89dc79b7 JK |
290 | const struct hash_netiface6_elem *ip2, |
291 | u32 *multi) | |
e385357a | 292 | { |
29e3b160 | 293 | return ipv6_addr_equal(&ip1->ip.in6, &ip2->ip.in6) && |
e385357a | 294 | ip1->cidr == ip2->cidr && |
89dc79b7 | 295 | (++*multi) && |
e385357a | 296 | ip1->physdev == ip2->physdev && |
bd55389c | 297 | strcmp(ip1->iface, ip2->iface) == 0; |
e385357a JK |
298 | } |
299 | ||
8dea982a | 300 | static int |
5d50e1d8 | 301 | hash_netiface6_do_data_match(const struct hash_netiface6_elem *elem) |
2a7cef2a | 302 | { |
3e0304a5 | 303 | return elem->nomatch ? -ENOTEMPTY : 1; |
2a7cef2a JK |
304 | } |
305 | ||
8dea982a | 306 | static void |
5d50e1d8 | 307 | hash_netiface6_data_set_flags(struct hash_netiface6_elem *elem, u32 flags) |
6eb4c7e9 | 308 | { |
5d50e1d8 | 309 | elem->nomatch = (flags >> 16) & IPSET_FLAG_NOMATCH; |
6eb4c7e9 JK |
310 | } |
311 | ||
8dea982a | 312 | static void |
5d50e1d8 | 313 | hash_netiface6_data_reset_flags(struct hash_netiface6_elem *elem, u8 *flags) |
e385357a | 314 | { |
5d50e1d8 | 315 | swap(*flags, elem->nomatch); |
e385357a JK |
316 | } |
317 | ||
8dea982a | 318 | static void |
e385357a JK |
319 | hash_netiface6_data_netmask(struct hash_netiface6_elem *elem, u8 cidr) |
320 | { | |
321 | ip6_netmask(&elem->ip, cidr); | |
322 | elem->cidr = cidr; | |
323 | } | |
324 | ||
325 | static bool | |
326 | hash_netiface6_data_list(struct sk_buff *skb, | |
327 | const struct hash_netiface6_elem *data) | |
328 | { | |
329 | u32 flags = data->physdev ? IPSET_FLAG_PHYSDEV : 0; | |
330 | ||
2a7cef2a JK |
331 | if (data->nomatch) |
332 | flags |= IPSET_FLAG_NOMATCH; | |
7cf7899d DM |
333 | if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || |
334 | nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
335 | nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) || | |
336 | (flags && | |
337 | nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
338 | goto nla_put_failure; | |
728a7e69 | 339 | return false; |
e385357a JK |
340 | |
341 | nla_put_failure: | |
728a7e69 | 342 | return true; |
e385357a JK |
343 | } |
344 | ||
8dea982a | 345 | static void |
21956ab2 | 346 | hash_netiface6_data_next(struct hash_netiface6_elem *next, |
5d50e1d8 | 347 | const struct hash_netiface6_elem *d) |
e385357a | 348 | { |
e385357a JK |
349 | } |
350 | ||
5d50e1d8 | 351 | #undef MTYPE |
e385357a JK |
352 | #undef HOST_MASK |
353 | ||
5d50e1d8 | 354 | #define MTYPE hash_netiface6 |
e385357a | 355 | #define HOST_MASK 128 |
5d50e1d8 JK |
356 | #define HKEY_DATALEN sizeof(struct hash_netiface6_elem_hashed) |
357 | #define IP_SET_EMIT_CREATE | |
358 | #include "ip_set_hash_gen.h" | |
e385357a JK |
359 | |
360 | static int | |
361 | hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb, | |
362 | const struct xt_action_param *par, | |
5d50e1d8 | 363 | enum ipset_adt adt, struct ip_set_adt_opt *opt) |
e385357a | 364 | { |
21956ab2 | 365 | struct hash_netiface6 *h = set->data; |
e385357a | 366 | ipset_adtfn adtfn = set->variant->adt[adt]; |
5d50e1d8 | 367 | struct hash_netiface6_elem e = { |
f690cbae | 368 | .cidr = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK), |
bd9087e0 | 369 | .elem = 1, |
e385357a | 370 | }; |
ca134ce8 | 371 | struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); |
e385357a | 372 | |
e385357a | 373 | if (adt == IPSET_TEST) |
5d50e1d8 | 374 | e.cidr = HOST_MASK; |
e385357a | 375 | |
5d50e1d8 JK |
376 | ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6); |
377 | ip6_netmask(&e.ip, e.cidr); | |
e385357a JK |
378 | |
379 | if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { | |
1109a90c | 380 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) |
bd55389c | 381 | const char *eiface = SRCDIR ? get_physindev_name(skb) : |
ca0f6a5c JK |
382 | get_physoutdev_name(skb); |
383 | ||
bd55389c | 384 | if (!eiface) |
e385357a | 385 | return -EINVAL; |
bd55389c | 386 | STRLCPY(e.iface, eiface); |
5d50e1d8 | 387 | e.physdev = 1; |
e385357a | 388 | #endif |
ca0f6a5c | 389 | } else { |
bd55389c | 390 | STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out)); |
ca0f6a5c | 391 | } |
e385357a | 392 | |
bd55389c | 393 | if (strlen(e.iface) == 0) |
e385357a | 394 | return -EINVAL; |
e385357a | 395 | |
5d50e1d8 | 396 | return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); |
e385357a JK |
397 | } |
398 | ||
399 | static int | |
400 | hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[], | |
ca0f6a5c | 401 | enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) |
e385357a | 402 | { |
e385357a | 403 | ipset_adtfn adtfn = set->variant->adt[adt]; |
5d50e1d8 | 404 | struct hash_netiface6_elem e = { .cidr = HOST_MASK, .elem = 1 }; |
ca134ce8 | 405 | struct ip_set_ext ext = IP_SET_INIT_UEXT(set); |
e385357a JK |
406 | int ret; |
407 | ||
a212e08e SP |
408 | if (tb[IPSET_ATTR_LINENO]) |
409 | *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); | |
410 | ||
e385357a JK |
411 | if (unlikely(!tb[IPSET_ATTR_IP] || |
412 | !tb[IPSET_ATTR_IFACE] || | |
7dd37bc8 | 413 | !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) |
e385357a JK |
414 | return -IPSET_ERR_PROTOCOL; |
415 | if (unlikely(tb[IPSET_ATTR_IP_TO])) | |
416 | return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; | |
417 | ||
8e55d2e5 SP |
418 | ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip); |
419 | if (ret) | |
420 | return ret; | |
421 | ||
422 | ret = ip_set_get_extensions(set, tb, &ext); | |
e385357a JK |
423 | if (ret) |
424 | return ret; | |
425 | ||
aff22758 | 426 | if (tb[IPSET_ATTR_CIDR]) { |
5d50e1d8 | 427 | e.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); |
aff22758 SP |
428 | if (e.cidr > HOST_MASK) |
429 | return -IPSET_ERR_INVALID_CIDR; | |
430 | } | |
431 | ||
5d50e1d8 | 432 | ip6_netmask(&e.ip, e.cidr); |
e385357a | 433 | |
bd55389c | 434 | nla_strlcpy(e.iface, tb[IPSET_ATTR_IFACE], IFNAMSIZ); |
e385357a JK |
435 | |
436 | if (tb[IPSET_ATTR_CADT_FLAGS]) { | |
15b4d93f | 437 | u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); |
ca0f6a5c | 438 | |
15b4d93f | 439 | if (cadt_flags & IPSET_FLAG_PHYSDEV) |
5d50e1d8 | 440 | e.physdev = 1; |
43c56e59 JK |
441 | if (cadt_flags & IPSET_FLAG_NOMATCH) |
442 | flags |= (IPSET_FLAG_NOMATCH << 16); | |
e385357a JK |
443 | } |
444 | ||
5d50e1d8 | 445 | ret = adtfn(set, &e, &ext, &ext, flags); |
e385357a | 446 | |
0f1799ba | 447 | return ip_set_enomatch(ret, flags, adt, set) ? -ret : |
43c56e59 | 448 | ip_set_eexist(ret, flags) ? 0 : ret; |
e385357a JK |
449 | } |
450 | ||
e385357a JK |
451 | static struct ip_set_type hash_netiface_type __read_mostly = { |
452 | .name = "hash:net,iface", | |
453 | .protocol = IPSET_PROTOCOL, | |
3e0304a5 JK |
454 | .features = IPSET_TYPE_IP | IPSET_TYPE_IFACE | |
455 | IPSET_TYPE_NOMATCH, | |
e385357a | 456 | .dimension = IPSET_DIM_TWO, |
c15f1c83 | 457 | .family = NFPROTO_UNSPEC, |
35b8dcf8 JK |
458 | .revision_min = IPSET_TYPE_REV_MIN, |
459 | .revision_max = IPSET_TYPE_REV_MAX, | |
e385357a JK |
460 | .create = hash_netiface_create, |
461 | .create_policy = { | |
462 | [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, | |
463 | [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, | |
464 | [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, | |
465 | [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, | |
466 | [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, | |
467 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
5d50e1d8 | 468 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
e385357a JK |
469 | }, |
470 | .adt_policy = { | |
471 | [IPSET_ATTR_IP] = { .type = NLA_NESTED }, | |
472 | [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED }, | |
473 | [IPSET_ATTR_IFACE] = { .type = NLA_NUL_STRING, | |
4a6dd664 | 474 | .len = IFNAMSIZ - 1 }, |
e385357a JK |
475 | [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, |
476 | [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, | |
477 | [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, | |
478 | [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, | |
00d71b27 JK |
479 | [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, |
480 | [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, | |
03726186 SP |
481 | [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING, |
482 | .len = IPSET_MAX_COMMENT_SIZE }, | |
af331419 AD |
483 | [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, |
484 | [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, | |
485 | [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, | |
e385357a JK |
486 | }, |
487 | .me = THIS_MODULE, | |
488 | }; | |
489 | ||
490 | static int __init | |
491 | hash_netiface_init(void) | |
492 | { | |
493 | return ip_set_type_register(&hash_netiface_type); | |
494 | } | |
495 | ||
496 | static void __exit | |
497 | hash_netiface_fini(void) | |
498 | { | |
18f84d41 | 499 | rcu_barrier(); |
e385357a JK |
500 | ip_set_type_unregister(&hash_netiface_type); |
501 | } | |
502 | ||
503 | module_init(hash_netiface_init); | |
504 | module_exit(hash_netiface_fini); |