]> git.ipfire.org Git - thirdparty/ipset.git/commitdiff
projects / thirdparty / ipset.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dfdbad5)
Add bucketsize parameter to all hash types
authorJozsef Kadlecsik <kadlec@netfilter.org>
Mon, 21 Sep 2020 08:21:39 +0000 (10:21 +0200)
committerJozsef Kadlecsik <kadlec@netfilter.org>
Mon, 21 Sep 2020 08:21:39 +0000 (10:21 +0200)
The parameter defines the upper limit in any hash bucket at adding new entries
from userspace - if the limit would be exceeded, ipset doubles the hash size
and rehashes. It means the set may consume more memory but gives faster
evaluation at matching in the set.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
102 files changed:
include/libipset/args.h patch | blob | blame | history
include/libipset/data.h patch | blob | blame | history
include/libipset/linux_ip_set.h patch | blob | blame | history
kernel/include/linux/netfilter/ipset/ip_set.h patch | blob | blame | history
kernel/include/uapi/linux/netfilter/ipset/ip_set.h patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_core.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_gen.h patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_ip.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_ipmac.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_ipmark.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_ipport.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_ipportip.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_mac.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_net.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_netiface.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_netnet.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_netport.c patch | blob | blame | history
kernel/net/netfilter/ipset/ip_set_hash_netportnet.c patch | blob | blame | history
lib/args.c patch | blob | blame | history
lib/data.c patch | blob | blame | history
lib/debug.c patch | blob | blame | history
lib/ipset_hash_ip.c patch | blob | blame | history
lib/ipset_hash_ipmac.c patch | blob | blame | history
lib/ipset_hash_ipmark.c patch | blob | blame | history
lib/ipset_hash_ipport.c patch | blob | blame | history
lib/ipset_hash_ipportip.c patch | blob | blame | history
lib/ipset_hash_ipportnet.c patch | blob | blame | history
lib/ipset_hash_mac.c patch | blob | blame | history
lib/ipset_hash_net.c patch | blob | blame | history
lib/ipset_hash_netiface.c patch | blob | blame | history
lib/ipset_hash_netnet.c patch | blob | blame | history
lib/ipset_hash_netport.c patch | blob | blame | history
lib/ipset_hash_netportnet.c patch | blob | blame | history
lib/print.c patch | blob | blame | history
lib/session.c patch | blob | blame | history
src/ipset.8 patch | blob | blame | history
tests/comment.t.list2 patch | blob | blame | history
tests/comment.t.list21 patch | blob | blame | history
tests/comment.t.list22 patch | blob | blame | history
tests/comment.t.list3 patch | blob | blame | history
tests/hash:ip,mark.t.list0 patch | blob | blame | history
tests/hash:ip,mark.t.list1 patch | blob | blame | history
tests/hash:ip,port,ip.t.list0 patch | blob | blame | history
tests/hash:ip,port,ip.t.list1 patch | blob | blame | history
tests/hash:ip,port,net.t.list0 patch | blob | blame | history
tests/hash:ip,port.t.list0 patch | blob | blame | history
tests/hash:ip,port.t.list1 patch | blob | blame | history
tests/hash:ip,port.t.list2 patch | blob | blame | history
tests/hash:ip.t.list0 patch | blob | blame | history
tests/hash:ip.t.list1 patch | blob | blame | history
tests/hash:ip.t.list2 patch | blob | blame | history
tests/hash:ip.t.list3 patch | blob | blame | history
tests/hash:ip6,mark.t.list0 patch | blob | blame | history
tests/hash:ip6,mark.t.list1 patch | blob | blame | history
tests/hash:ip6,port,ip6.t.list0 patch | blob | blame | history
tests/hash:ip6,port,ip6.t.list1 patch | blob | blame | history
tests/hash:ip6,port,net6.t.list0 patch | blob | blame | history
tests/hash:ip6,port.t.list0 patch | blob | blame | history
tests/hash:ip6,port.t.list1 patch | blob | blame | history
tests/hash:ip6.t.list0 patch | blob | blame | history
tests/hash:ip6.t.list1 patch | blob | blame | history
tests/hash:ip6.t.list2 patch | blob | blame | history
tests/hash:ip6.t.list3 patch | blob | blame | history
tests/hash:mac.t.list0 patch | blob | blame | history
tests/hash:mac.t.list1 patch | blob | blame | history
tests/hash:mac.t.list2 patch | blob | blame | history
tests/hash:mac.t.list3 patch | blob | blame | history
tests/hash:net,iface.t.list0 patch | blob | blame | history
tests/hash:net,iface.t.list1 patch | blob | blame | history
tests/hash:net,iface.t.list2 patch | blob | blame | history
tests/hash:net,net.t.list0 patch | blob | blame | history
tests/hash:net,net.t.list1 patch | blob | blame | history
tests/hash:net,net.t.list2 patch | blob | blame | history
tests/hash:net,port,net.t.list0 patch | blob | blame | history
tests/hash:net,port.t.list0 patch | blob | blame | history
tests/hash:net,port.t.list1 patch | blob | blame | history
tests/hash:net.t.list0 patch | blob | blame | history
tests/hash:net.t.list1 patch | blob | blame | history
tests/hash:net.t.list2 patch | blob | blame | history
tests/hash:net.t.list3 patch | blob | blame | history
tests/hash:net6,net6.t.list0 patch | blob | blame | history
tests/hash:net6,net6.t.list1 patch | blob | blame | history
tests/hash:net6,port,net6.t.list0 patch | blob | blame | history
tests/hash:net6,port.t.list0 patch | blob | blame | history
tests/hash:net6,port.t.list1 patch | blob | blame | history
tests/hash:net6.t.list0 patch | blob | blame | history
tests/hash:net6.t.list1 patch | blob | blame | history
tests/iphash.t.large patch | blob | blame | history
tests/iphash.t.list0 patch | blob | blame | history
tests/iphash.t.list1 patch | blob | blame | history
tests/iphash.t.restore.sorted patch | blob | blame | history
tests/ipmarkhash.t.list0 patch | blob | blame | history
tests/ipmarkhash.t.list1 patch | blob | blame | history
tests/ipporthash.t.list0 patch | blob | blame | history
tests/ipporthash.t.list1 patch | blob | blame | history
tests/ipportiphash.t.list0 patch | blob | blame | history
tests/ipportiphash.t.list1 patch | blob | blame | history
tests/nethash.t.list0 patch | blob | blame | history
tests/restore.t.list0 patch | blob | blame | history
tests/restore.t.list1 patch | blob | blame | history
tests/setlist.t.list4 patch | blob | blame | history

diff --git a/include/libipset/args.h b/include/libipset/args.h
index 616cca5e6581d1881b9584f966f2cb13f3e3928a..93b44569b29668b2e77e3ea629a35d00e70c8769 100644 (file)
--- a/include/libipset/args.h
+++ b/include/libipset/args.h
@@ -56,6 +56,7 @@ enum ipset_keywords {
        IPSET_ARG_SKBMARK,                      /* skbmark */
        IPSET_ARG_SKBPRIO,                      /* skbprio */
        IPSET_ARG_SKBQUEUE,                     /* skbqueue */
+       IPSET_ARG_BUCKETSIZE,                   /* bucketsize */
        IPSET_ARG_MAX,
 };
 
diff --git a/include/libipset/data.h b/include/libipset/data.h
index 851773ab80cfde5cf84ebe7e0b6299249a6c3dd6..cce64076cf74cd338744b991c66a0773170914af 100644 (file)
--- a/include/libipset/data.h
+++ b/include/libipset/data.h
@@ -67,6 +67,7 @@ enum ipset_opt {
        IPSET_OPT_SKBPRIO,
        IPSET_OPT_SKBQUEUE,
        IPSET_OPT_IFACE_WILDCARD,
+       IPSET_OPT_BUCKETSIZE,
        /* Internal options */
        IPSET_OPT_FLAGS = 48,   /* IPSET_FLAG_EXIST| */
        IPSET_OPT_CADT_FLAGS,   /* IPSET_FLAG_BEFORE| */
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index 7fd9948ab2b6150f0285d8f406015be51223b429..e67116f2ecb714bdea9b47a5d4bee77000272146 100644 (file)
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -96,7 +96,7 @@ enum {
        IPSET_ATTR_HASHSIZE,
        IPSET_ATTR_MAXELEM,
        IPSET_ATTR_NETMASK,
-       IPSET_ATTR_PROBES,
+       IPSET_ATTR_BUCKETSIZE,  /* was unused IPSET_ATTR_PROBES */
        IPSET_ATTR_RESIZE,
        IPSET_ATTR_SIZE,
        /* Kernel-only */
@@ -214,6 +214,8 @@ enum ipset_cadt_flags {
 enum ipset_create_flags {
        IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
        IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
+       IPSET_CREATE_FLAG_BIT_BUCKETSIZE = 1,
+       IPSET_CREATE_FLAG_BUCKETSIZE = (1 << IPSET_CREATE_FLAG_BIT_BUCKETSIZE),
        IPSET_CREATE_FLAG_BIT_MAX = 7,
 };
 
diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h
index ed9f82e7b959d6ff1f3d51926d1f17871887a798..554f90fab7e53cc0bd34df9df679faef585cd624 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set.h
@@ -199,6 +199,9 @@ struct ip_set_region {
        u32 elements;           /* Number of elements vs timeout */
 };
 
+/* The max revision number supported by any set type + 1 */
+#define IPSET_REVISION_MAX     9
+
 /* The core set type structure */
 struct ip_set_type {
        struct list_head list;
@@ -216,6 +219,8 @@ struct ip_set_type {
        u8 family;
        /* Type revisions */
        u8 revision_min, revision_max;
+       /* Revision-specific supported (create) flags */
+       u8 create_flags[IPSET_REVISION_MAX+1];
        /* Set features to control swapping */
        u16 features;
 
diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
index 7545af48036319758ff5a620358e1103c68280f2..60c411cf799e74afd095228ee0c43449055fd59a 100644 (file)
--- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -96,7 +96,7 @@ enum {
        IPSET_ATTR_HASHSIZE,
        IPSET_ATTR_MAXELEM,
        IPSET_ATTR_NETMASK,
-       IPSET_ATTR_PROBES,
+       IPSET_ATTR_BUCKETSIZE,  /* was unused IPSET_ATTR_PROBES */
        IPSET_ATTR_RESIZE,
        IPSET_ATTR_SIZE,
        /* Kernel-only */
@@ -214,6 +214,8 @@ enum ipset_cadt_flags {
 enum ipset_create_flags {
        IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
        IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
+       IPSET_CREATE_FLAG_BIT_BUCKETSIZE = 1,
+       IPSET_CREATE_FLAG_BUCKETSIZE = (1 << IPSET_CREATE_FLAG_BIT_BUCKETSIZE),
        IPSET_CREATE_FLAG_BIT_MAX = 7,
 };
 
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 6e80fb4a8bc13e40c2ece0bd5c5530546ab5b995..fb35e23fbe0c99bf9958c35a6e040518b4f2cb22 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1128,6 +1128,8 @@ IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl,
                ret = -IPSET_ERR_PROTOCOL;
                goto put_out;
        }
+       /* Set create flags depending on the type revision */
+       set->flags |= set->type->create_flags[revision];
 
        ret = set->type->create(net, set, tb, flags);
        if (ret != 0)
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
index cbc3e9877c141139e81dddd9b41efb3beb397335..e84728ebd3b314929fe9bf6f3f54b4af972ff1d6 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
@@ -38,18 +38,18 @@
  */
 
 /* Number of elements to store in an initial array block */
-#define AHASH_INIT_SIZE                        4
+#define AHASH_INIT_SIZE                        2
 /* Max number of elements to store in an array block */
-#define AHASH_MAX_SIZE                 (3 * AHASH_INIT_SIZE)
+#define AHASH_MAX_SIZE                 (6 * AHASH_INIT_SIZE)
 /* Max muber of elements in the array block when tuned */
 #define AHASH_MAX_TUNED                        64
 
+#define AHASH_MAX(h)                   ((h)->bucketsize)
+
 /* Max number of elements can be tuned */
 #ifdef IP_SET_HASH_WITH_MULTI
-#define AHASH_MAX(h)                   ((h)->ahash_max)
-
 static u8
-tune_ahash_max(u8 curr, u32 multi)
+tune_bucketsize(u8 curr, u32 multi)
 {
        u32 n;
 
@@ -62,12 +62,10 @@ tune_ahash_max(u8 curr, u32 multi)
         */
        return n > curr && n <= AHASH_MAX_TUNED ? n : curr;
 }
-
-#define TUNE_AHASH_MAX(h, multi)       \
-       ((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi))
+#define TUNE_BUCKETSIZE(h, multi)      \
+       ((h)->bucketsize = tune_bucketsize((h)->bucketsize, multi))
 #else
-#define AHASH_MAX(h)                   AHASH_MAX_SIZE
-#define TUNE_AHASH_MAX(h, multi)
+#define TUNE_BUCKETSIZE(h, multi)
 #endif
 
 /* A hash bucket */
@@ -322,9 +320,7 @@ struct htype {
 #ifdef IP_SET_HASH_WITH_MARKMASK
        u32 markmask;           /* markmask value for mark mask to store */
 #endif
-#ifdef IP_SET_HASH_WITH_MULTI
-       u8 ahash_max;           /* max elements in an array block */
-#endif
+       u8 bucketsize;          /* max elements in an array block */
 #ifdef IP_SET_HASH_WITH_NETMASK
        u8 netmask;             /* netmask value for subnets to store */
 #endif
@@ -951,7 +947,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
                goto set_full;
        /* Create a new slot */
        if (n->pos >= n->size) {
-               TUNE_AHASH_MAX(h, multi);
+               TUNE_BUCKETSIZE(h, multi);
                if (n->size >= AHASH_MAX(h)) {
                        /* Trigger rehashing */
                        mtype_data_next(&h->next, d);
@@ -1306,6 +1302,9 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
        if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
                goto nla_put_failure;
 #endif
+       if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE &&
+           nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize))
+               goto nla_put_failure;
        if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
            nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
            nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements)))
@@ -1549,7 +1548,16 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
        h->markmask = markmask;
 #endif
        get_random_bytes(&h->initval, sizeof(h->initval));
-
+       h->bucketsize = AHASH_MAX_SIZE;
+       if (tb[IPSET_ATTR_BUCKETSIZE]) {
+               h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]);
+               if (h->bucketsize < AHASH_INIT_SIZE)
+                       h->bucketsize = AHASH_INIT_SIZE;
+               else if (h->bucketsize > AHASH_MAX_SIZE)
+                       h->bucketsize = AHASH_MAX_SIZE;
+               else if (h->bucketsize % 2)
+                       h->bucketsize += 1;
+       }
        t->htable_bits = hbits;
        t->maxelem = h->maxelem / ahash_numof_locks(hbits);
        RCU_INIT_POINTER(h->table, t);
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
index 41c576fab85bdd509748102899cdadba83bc9341..bb0cfd4fa9079ed4cbcb0fcc77000918fe1a59ac 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
@@ -24,7 +24,8 @@
 /*                             1          Counters support */
 /*                             2          Comments support */
 /*                             3          Forceadd support */
-#define IPSET_TYPE_REV_MAX     4       /* skbinfo support  */
+/*                             4          skbinfo support */
+#define IPSET_TYPE_REV_MAX     5       /* bucketsize support  */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -278,11 +279,12 @@ static struct ip_set_type hash_ip_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_ip_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_NETMASK]    = { .type = NLA_U8  },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
index eceb7bc4a93afff2da63e48eecbc9a0477a63435..2655501f9fe38b6d8142cf89c2a8e6df0bbc5d93 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -23,7 +23,7 @@
 #include <linux/netfilter/ipset/ip_set_hash.h>
 
 #define IPSET_TYPE_REV_MIN     0
-#define IPSET_TYPE_REV_MAX     0
+#define IPSET_TYPE_REV_MAX     1       /* bucketsize support  */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Tomasz Chilinski <tomasz.chilinski@chilan.com>");
@@ -268,11 +268,12 @@ static struct ip_set_type hash_ipmac_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_ipmac_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
index 4ebd21b203140eafdc9bc6159a34bc1bded4faa8..c379a170b0c12fd5dbf0016732e0d6888d53a30d 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmark.c
@@ -23,7 +23,8 @@
 
 #define IPSET_TYPE_REV_MIN     0
 /*                             1          Forceadd support */
-#define IPSET_TYPE_REV_MAX     2       /* skbinfo support  */
+/*                             2          skbinfo support */
+#define IPSET_TYPE_REV_MAX     3       /* bucketsize support  */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Vytas Dauksa <vytas.dauksa@smoothwall.net>");
@@ -276,12 +277,13 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_ipmark_create,
        .create_policy  = {
                [IPSET_ATTR_MARKMASK]   = { .type = NLA_U32 },
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
index 7e34bc415387180afe6f7ae2cf5f12b7a689d440..237804f1957acad209f270e0c7cbe615159a84ee 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -26,7 +26,8 @@
 /*                             2    Counters support added */
 /*                             3    Comments support added */
 /*                             4    Forceadd support added */
-#define IPSET_TYPE_REV_MAX     5 /* skbinfo support added */
+/*                             5    skbinfo support added */
+#define IPSET_TYPE_REV_MAX     6 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -342,11 +343,12 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_ipport_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_PROTO]      = { .type = NLA_U8 },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
index 81ce821fea0dcdc3dd62117c893d70e4985ce6a8..1caf698f608707124c3295174b2f8ae01930261a 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -26,7 +26,8 @@
 /*                             2    Counters support added */
 /*                             3    Comments support added */
 /*                             4    Forceadd support added */
-#define IPSET_TYPE_REV_MAX     5 /* skbinfo support added */
+/*                             5    skbinfo support added */
+#define IPSET_TYPE_REV_MAX     6 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -357,11 +358,12 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_ipportip_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 4d4d4436ffbc819b50882a94b487f073e3b31a53..03facf0cef9a422d7866ce82a225b32e7505687e 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -28,7 +28,8 @@
 /*                             4    Counters support added */
 /*                             5    Comments support added */
 /*                             6    Forceadd support added */
-#define IPSET_TYPE_REV_MAX     7 /* skbinfo support added */
+/*                             7    skbinfo support added */
+#define IPSET_TYPE_REV_MAX     8 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -514,11 +515,12 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_ipportnet_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_mac.c b/kernel/net/netfilter/ipset/ip_set_hash_mac.c
index 407c158ae63ec4d453c0265b3a4d99e06c53cde8..153ea36f3f05704b93a520e260c1808b2d361a61 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_mac.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_mac.c
@@ -17,7 +17,7 @@
 #include <linux/netfilter/ipset/ip_set_hash.h>
 
 #define IPSET_TYPE_REV_MIN     0
-#define IPSET_TYPE_REV_MAX     0
+#define IPSET_TYPE_REV_MAX     1       /* bucketsize support */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -126,11 +126,12 @@ static struct ip_set_type hash_mac_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_mac_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c
index 923bffbbe3aa9f6ea6a6895670ad7dbc630917ab..cc0034551621bc28736e648dcc4902d05d0ac626 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c
@@ -25,7 +25,8 @@
 /*                             3    Counters support added */
 /*                             4    Comments support added */
 /*                             5    Forceadd support added */
-#define IPSET_TYPE_REV_MAX     6 /* skbinfo mapping support added */
+/*                             6    skbinfo support added */
+#define IPSET_TYPE_REV_MAX     7 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -355,11 +356,12 @@ static struct ip_set_type hash_net_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_net_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
index 4202dd27cd8cffc635886d198b2ec5a8c4eadf22..682e99f6556f1f36f78c9d69b215d53d637d86ab 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -27,7 +27,8 @@
 /*                             4    Comments support added */
 /*                             5    Forceadd support added */
 /*                             6    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     7 /* interface wildcard support added */
+/*                             7    interface wildcard support added */
+#define IPSET_TYPE_REV_MAX     8 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -471,11 +472,12 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_netiface_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_PROTO]      = { .type = NLA_U8 },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
index da4ef910b12d10c6ef74f3a1d9cdcb9a72ba8fa7..0cc7970f36e91521c908a2987ab519ed9d4680c3 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netnet.c
@@ -22,7 +22,8 @@
 
 #define IPSET_TYPE_REV_MIN     0
 /*                             1          Forceadd support added */
-#define IPSET_TYPE_REV_MAX     2       /* skbinfo support added */
+/*                             2          skbinfo support added */
+#define IPSET_TYPE_REV_MAX     3       /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
@@ -459,11 +460,12 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_netnet_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
index 48ad1c455335f3704d396571e91b4437d0d07923..21b9d7314b57d627ba5d20502fbc781729769f6a 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
@@ -27,7 +27,8 @@
 /*                             4    Counters support added */
 /*                             5    Comments support added */
 /*                             6    Forceadd support added */
-#define IPSET_TYPE_REV_MAX     7 /* skbinfo support added */
+/*                             7    skbinfo support added */
+#define IPSET_TYPE_REV_MAX     8 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -461,11 +462,12 @@ static struct ip_set_type hash_netport_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_netport_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_PROTO]      = { .type = NLA_U8 },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
index 686cbbc7e80734fa45e2d5ce91c382390400b12b..fef77bb45ca83c91c054902bbfedb4823f147336 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -24,7 +24,8 @@
 #define IPSET_TYPE_REV_MIN     0
 /*                             0    Comments support added */
 /*                             1    Forceadd support added */
-#define IPSET_TYPE_REV_MAX     2 /* skbinfo support added */
+/*                             2    skbinfo support added */
+#define IPSET_TYPE_REV_MAX     3 /* bucketsize support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
@@ -559,11 +560,12 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
        .family         = NFPROTO_UNSPEC,
        .revision_min   = IPSET_TYPE_REV_MIN,
        .revision_max   = IPSET_TYPE_REV_MAX,
+       .create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
        .create         = hash_netportnet_create,
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
-               [IPSET_ATTR_PROBES]     = { .type = NLA_U8 },
+               [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
                [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
diff --git a/lib/args.c b/lib/args.c
index c25bb8012083852c9e4798ee82f5c05889289b22..ab1022e200047294cd36dd90f611b57f41aebb13 100644 (file)
--- a/lib/args.c
+++ b/lib/args.c
@@ -284,6 +284,14 @@ static const struct ipset_arg ipset_args[] = {
                .print = ipset_print_number,
                .help = "[skbqueue VALUE]",
        },
+       [IPSET_ARG_BUCKETSIZE] = {
+               .name = { "bucketsize", NULL },
+               .has_arg = IPSET_MANDATORY_ARG,
+               .opt = IPSET_OPT_BUCKETSIZE,
+               .parse = ipset_parse_uint8,
+               .print = ipset_print_number,
+               .help = "[bucketsize VALUE]",
+       },
 };
 
 const struct ipset_arg *
diff --git a/lib/data.c b/lib/data.c
index f28d1d333d0d2cfbf4ebe476595f4633879fbbaf..43b6f711465de05e33ad4780f935034cbe0d39fc 100644 (file)
--- a/lib/data.c
+++ b/lib/data.c
@@ -50,7 +50,7 @@ struct ipset_data {
                char setname2[IPSET_MAXNAMELEN];
                /* CREATE/LIST/SAVE */
                struct {
-                       uint8_t probes;
+                       uint8_t bucketsize;
                        uint8_t resize;
                        uint8_t netmask;
                        uint32_t hashsize;
@@ -301,8 +301,8 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
        case IPSET_OPT_NETMASK:
                data->create.netmask = *(const uint8_t *) value;
                break;
-       case IPSET_OPT_PROBES:
-               data->create.probes = *(const uint8_t *) value;
+       case IPSET_OPT_BUCKETSIZE:
+               data->create.bucketsize = *(const uint8_t *) value;
                break;
        case IPSET_OPT_RESIZE:
                data->create.resize = *(const uint8_t *) value;
@@ -508,8 +508,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt)
                return &data->create.markmask;
        case IPSET_OPT_NETMASK:
                return &data->create.netmask;
-       case IPSET_OPT_PROBES:
-               return &data->create.probes;
+       case IPSET_OPT_BUCKETSIZE:
+               return &data->create.bucketsize;
        case IPSET_OPT_RESIZE:
                return &data->create.resize;
        case IPSET_OPT_SIZE:
@@ -625,7 +625,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family)
        case IPSET_OPT_CIDR:
        case IPSET_OPT_CIDR2:
        case IPSET_OPT_NETMASK:
-       case IPSET_OPT_PROBES:
+       case IPSET_OPT_BUCKETSIZE:
        case IPSET_OPT_RESIZE:
        case IPSET_OPT_PROTO:
                return sizeof(uint8_t);
diff --git a/lib/debug.c b/lib/debug.c
index 6b3ead28b98c472b5b7dc36a1960a75c7ad07b5f..89073b8deebda64352fbc321e40facfc4ed3a7b1 100644 (file)
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -40,7 +40,7 @@ static const struct ipset_attrname createattr2name[] = {
        [IPSET_ATTR_MAXELEM]    = { .name = "MAXELEM" },
        [IPSET_ATTR_MARKMASK]   = { .name = "MARKMASK" },
        [IPSET_ATTR_NETMASK]    = { .name = "NETMASK" },
-       [IPSET_ATTR_PROBES]     = { .name = "PROBES" },
+       [IPSET_ATTR_BUCKETSIZE] = { .name = "BUCKETSIZE" },
        [IPSET_ATTR_RESIZE]     = { .name = "RESIZE" },
        [IPSET_ATTR_SIZE]       = { .name = "SIZE" },
        [IPSET_ATTR_ELEMENTS]   = { .name = "ELEMENTS" },
diff --git a/lib/ipset_hash_ip.c b/lib/ipset_hash_ip.c
index 2ef1af3bd94f07e1853bec5bf7f441d75e91fdda..470a807588ea6cecaeda36a9c20c43e1f2dc20fa 100644 (file)
--- a/lib/ipset_hash_ip.c
+++ b/lib/ipset_hash_ip.c
@@ -393,6 +393,89 @@ static struct ipset_type ipset_hash_ip4 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_ip5 = {
+       .name = "hash:ip",
+       .alias = { "iphash", NULL },
+       .revision = 5,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_ONE,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_NETMASK,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_GC,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      is supported for IPv4.",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -401,4 +484,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_ip2);
        ipset_type_add(&ipset_hash_ip3);
        ipset_type_add(&ipset_hash_ip4);
+       ipset_type_add(&ipset_hash_ip5);
 }
diff --git a/lib/ipset_hash_ipmac.c b/lib/ipset_hash_ipmac.c
index c64e1bea36447bb24d525f6982b7e8d62ac2976c..e491e645b24f7a63ab93af145838c8fa2af53f80 100644 (file)
--- a/lib/ipset_hash_ipmac.c
+++ b/lib/ipset_hash_ipmac.c
@@ -91,8 +91,92 @@ static struct ipset_type ipset_hash_ipmac0 = {
        .description = "Initial revision",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_ipmac1 = {
+       .name = "hash:ip,mac",
+       .alias = { "ipmachash", NULL },
+       .revision = 1,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_ether,
+                       .print = ipset_print_ether,
+                       .opt = IPSET_OPT_ETHER
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_ETHER),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_ETHER),
+                       .help = "IP,MAC",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_ETHER),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_ETHER),
+                       .help = "IP,MAC",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_ETHER),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_ETHER),
+                       .help = "IP,MAC",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname),\n"
+                "      MAC is a MAC address.",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
        ipset_type_add(&ipset_hash_ipmac0);
+       ipset_type_add(&ipset_hash_ipmac1);
 }
diff --git a/lib/ipset_hash_ipmark.c b/lib/ipset_hash_ipmark.c
index 42b1979e888fd150ed11a731b8b8bd8165c95fde..941ce5d128cf1ea41ca54d371f894331733bef39 100644 (file)
--- a/lib/ipset_hash_ipmark.c
+++ b/lib/ipset_hash_ipmark.c
@@ -289,10 +289,108 @@ static struct ipset_type ipset_hash_ipmark2 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_ipmark3 = {
+       .name = "hash:ip,mark",
+       .alias = { "ipmarkhash", NULL },
+       .revision = 3,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_mark,
+                       .print = ipset_print_mark,
+                       .opt = IPSET_OPT_MARK
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_MARKMASK,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_IGNORED_FROM,
+                               IPSET_ARG_IGNORED_TO,
+                               IPSET_ARG_IGNORED_NETWORK,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_MARK),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_MARK),
+                       .help = "IP,MARK",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_MARK),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_MARK),
+                       .help = "IP,MARK",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_MARK),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_MARK),
+                       .help = "IP,MARK",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname).\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      is supported for IPv4.\n"
+                "      Adding/deleting single mark element\n"
+                "      is supported both for IPv4 and IPv6.",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
        ipset_type_add(&ipset_hash_ipmark0);
        ipset_type_add(&ipset_hash_ipmark1);
        ipset_type_add(&ipset_hash_ipmark2);
+       ipset_type_add(&ipset_hash_ipmark3);
 }
diff --git a/lib/ipset_hash_ipport.c b/lib/ipset_hash_ipport.c
index b48cac2059fa50f89923b951f029329c1b415d78..cb8832e6f70483c8edc95d9c12047448d7bec436 100644 (file)
--- a/lib/ipset_hash_ipport.c
+++ b/lib/ipset_hash_ipport.c
@@ -499,6 +499,110 @@ static struct ipset_type ipset_hash_ipport5 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_ipport6 = {
+       .name = "hash:ip,port",
+       .alias = { "ipporthash", NULL },
+       .revision = 6,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_proto_port,
+                       .print = ipset_print_proto_port,
+                       .opt = IPSET_OPT_PORT
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_IGNORED_FROM,
+                               IPSET_ARG_IGNORED_TO,
+                               IPSET_ARG_IGNORED_NETWORK,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO),
+                       .help = "IP,[PROTO:]PORT",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO),
+                       .help = "IP,[PROTO:]PORT",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .help = "IP,[PROTO:]PORT",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname).\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      is supported for IPv4.\n"
+                "      Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+                "      port range is supported both for IPv4 and IPv6.",
+       .usagefn = ipset_port_usage,
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -507,4 +611,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_ipport3);
        ipset_type_add(&ipset_hash_ipport4);
        ipset_type_add(&ipset_hash_ipport5);
+       ipset_type_add(&ipset_hash_ipport6);
 }
diff --git a/lib/ipset_hash_ipportip.c b/lib/ipset_hash_ipportip.c
index 545e50c8f8f9e0b1d2b9e0df8854d1f19b97270e..bc23c2184931835f87b963d7e6ab307354140970 100644 (file)
--- a/lib/ipset_hash_ipportip.c
+++ b/lib/ipset_hash_ipportip.c
@@ -554,6 +554,121 @@ static struct ipset_type ipset_hash_ipportip5 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_ipportip6 = {
+       .name = "hash:ip,port,ip",
+       .alias = { "ipportiphash", NULL },
+       .revision = 6,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_THREE,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_proto_port,
+                       .print = ipset_print_proto_port,
+                       .opt = IPSET_OPT_PORT
+               },
+               [IPSET_DIM_THREE - 1] = {
+                       .parse = ipset_parse_single_ip,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP2
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_IGNORED_FROM,
+                               IPSET_ARG_IGNORED_TO,
+                               IPSET_ARG_IGNORED_NETWORK,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .help = "IP,[PROTO:]PORT,IP",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .help = "IP,[PROTO:]PORT,IP",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .help = "IP,[PROTO:]PORT,IP",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname).\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      in the first IP component is supported for IPv4.\n"
+                "      Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+                "      port range is supported both for IPv4 and IPv6.",
+       .usagefn = ipset_port_usage,
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -562,4 +677,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_ipportip3);
        ipset_type_add(&ipset_hash_ipportip4);
        ipset_type_add(&ipset_hash_ipportip5);
+       ipset_type_add(&ipset_hash_ipportip6);
 }
diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c
index 94a680e8f9d1d31fbcb8b00328918882037f6d41..b2b46517aba1b5a5730c13e40126a18fe114ce4d 100644 (file)
--- a/lib/ipset_hash_ipportnet.c
+++ b/lib/ipset_hash_ipportnet.c
@@ -812,6 +812,129 @@ static struct ipset_type ipset_hash_ipportnet7 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_ipportnet8 = {
+       .name = "hash:ip,port,net",
+       .alias = { "ipportnethash", NULL },
+       .revision = 8,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_THREE,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_proto_port,
+                       .print = ipset_print_proto_port,
+                       .opt = IPSET_OPT_PORT
+               },
+               [IPSET_DIM_THREE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP2
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_IGNORED_FROM,
+                               IPSET_ARG_IGNORED_TO,
+                               IPSET_ARG_IGNORED_NETWORK,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2)
+                               | IPSET_FLAG(IPSET_OPT_IP2_TO),
+                       .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2)
+                               | IPSET_FLAG(IPSET_OPT_IP2_TO),
+                       .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2),
+                       .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      in the first IP component is supported for IPv4.\n"
+                "      Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+                "      port range is supported both for IPv4 and IPv6.",
+       .usagefn = ipset_port_usage,
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -822,4 +945,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_ipportnet5);
        ipset_type_add(&ipset_hash_ipportnet6);
        ipset_type_add(&ipset_hash_ipportnet7);
+       ipset_type_add(&ipset_hash_ipportnet8);
 }
diff --git a/lib/ipset_hash_mac.c b/lib/ipset_hash_mac.c
index 426c38489f1a23026e6fc9feaef9d56347475a1a..b1e799122dab09a3d2c3247414d59abe7731bfe7 100644 (file)
--- a/lib/ipset_hash_mac.c
+++ b/lib/ipset_hash_mac.c
@@ -75,8 +75,76 @@ static struct ipset_type ipset_hash_mac0 = {
        .description = "Initial revision",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_mac1 = {
+       .name = "hash:mac",
+       .alias = { "machash", NULL },
+       .revision = 1,
+       .family = NFPROTO_UNSPEC,
+       .dimension = IPSET_DIM_ONE,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ether,
+                       .print = ipset_print_ether,
+                       .opt = IPSET_OPT_ETHER
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_ETHER),
+                       .full = IPSET_FLAG(IPSET_OPT_ETHER),
+                       .help = "MAC",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_ETHER),
+                       .full = IPSET_FLAG(IPSET_OPT_ETHER),
+                       .help = "MAC",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_ETHER),
+                       .full = IPSET_FLAG(IPSET_OPT_ETHER),
+                       .help = "MAC",
+               },
+       },
+       .usage = "",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
        ipset_type_add(&ipset_hash_mac0);
+       ipset_type_add(&ipset_hash_mac1);
 }
diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c
index ef9e19cbaaf2f9349ea37f6c84ff087059747492..a943ea690a0e1ab068ef91f97ecec821d7f0be78 100644 (file)
--- a/lib/ipset_hash_net.c
+++ b/lib/ipset_hash_net.c
@@ -531,6 +531,89 @@ static struct ipset_type ipset_hash_net6 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_net7 = {
+       .name = "hash:net",
+       .alias = { "nethash", NULL },
+       .revision = 7,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_ONE,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP[/CIDR]",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP[/CIDR]",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR),
+                       .help = "IP[/CIDR]",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is an IPv4 or IPv6 address (or hostname),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -541,4 +624,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_net4);
        ipset_type_add(&ipset_hash_net5);
        ipset_type_add(&ipset_hash_net6);
+       ipset_type_add(&ipset_hash_net7);
 }
diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c
index 67557825b92520d0ce8e323d4834737c8b14f22d..7a720c65d413f8210742728630a0e2fbf219b7cf 100644 (file)
--- a/lib/ipset_hash_netiface.c
+++ b/lib/ipset_hash_netiface.c
@@ -619,6 +619,7 @@ static struct ipset_type ipset_hash_netiface6 = {
                 "      Adding/deleting multiple elements with IPv4 is supported.",
        .description = "skbinfo support",
 };
+
 /* interface wildcard support */
 static struct ipset_type ipset_hash_netiface7 = {
        .name = "hash:net,iface",
@@ -714,6 +715,102 @@ static struct ipset_type ipset_hash_netiface7 = {
        .description = "skbinfo and wildcard support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_netiface8 = {
+       .name = "hash:net,iface",
+       .alias = { "netifacehash", NULL },
+       .revision = 8,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_iface,
+                       .print = ipset_print_iface,
+                       .opt = IPSET_OPT_IFACE
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_IFACE_WILDCARD,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IFACE),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_IFACE)
+                               | IPSET_FLAG(IPSET_OPT_PHYSDEV),
+                       .help = "IP[/CIDR]|FROM-TO,[physdev:]IFACE",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IFACE),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_IFACE)
+                               | IPSET_FLAG(IPSET_OPT_PHYSDEV),
+                       .help = "IP[/CIDR]|FROM-TO,[physdev:]IFACE",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IFACE),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IFACE)
+                               | IPSET_FLAG(IPSET_OPT_PHYSDEV),
+                       .help = "IP[/CIDR],[physdev:]IFACE",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+                "      Adding/deleting multiple elements with IPv4 is supported.",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -725,4 +822,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_netiface5);
        ipset_type_add(&ipset_hash_netiface6);
        ipset_type_add(&ipset_hash_netiface7);
+       ipset_type_add(&ipset_hash_netiface8);
 }
diff --git a/lib/ipset_hash_netnet.c b/lib/ipset_hash_netnet.c
index 9918b47b3bf5627fcb32cc04bd6e04debf8d61de..e1da9ec8942ba73d6f122bffac9bc753ca3a0783 100644 (file)
--- a/lib/ipset_hash_netnet.c
+++ b/lib/ipset_hash_netnet.c
@@ -289,10 +289,108 @@ static struct ipset_type ipset_hash_netnet2 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_netnet3 = {
+       .name = "hash:net,net",
+       .alias = { "netnethash", NULL },
+       .revision = 3,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP2
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2)
+                               | IPSET_FLAG(IPSET_OPT_IP2_TO),
+                       .help = "IP[/CIDR]|FROM-TO,IP[/CIDR]|FROM-TO",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2)
+                               | IPSET_FLAG(IPSET_OPT_IP2_TO),
+                       .help = "IP[/CIDR]|FROM-TO,IP[/CIDR]|FROM-TO",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2),
+                       .help = "IP[/CIDR],IP[/CIDR]",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is an IPv4 or IPv6 address (or hostname),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+                "      IP range is not supported with IPv6.",
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
        ipset_type_add(&ipset_hash_netnet0);
        ipset_type_add(&ipset_hash_netnet1);
        ipset_type_add(&ipset_hash_netnet2);
+       ipset_type_add(&ipset_hash_netnet3);
 }
diff --git a/lib/ipset_hash_netport.c b/lib/ipset_hash_netport.c
index 48501cefe2b846bc7e96416ea3632429d732f011..2d08085778720c783e4805eb3cab01c7bfd403e9 100644 (file)
--- a/lib/ipset_hash_netport.c
+++ b/lib/ipset_hash_netport.c
@@ -665,6 +665,108 @@ static struct ipset_type ipset_hash_netport7 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_netport8 = {
+       .name = "hash:net,port",
+       .alias = { "netporthash", NULL },
+       .revision = 8,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_proto_port,
+                       .print = ipset_print_proto_port,
+                       .opt = IPSET_OPT_PORT
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP[/CIDR]|FROM-TO,[PROTO:]PORT",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO),
+                       .help = "IP[/CIDR]|FROM-TO,[PROTO:]PORT",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_CIDR),
+                       .help = "IP[/CIDR],[PROTO:]PORT",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+                "      Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+                "      port range is supported both for IPv4 and IPv6.",
+       .usagefn = ipset_port_usage,
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -675,4 +777,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_netport5);
        ipset_type_add(&ipset_hash_netport6);
        ipset_type_add(&ipset_hash_netport7);
+       ipset_type_add(&ipset_hash_netport8);
 }
diff --git a/lib/ipset_hash_netportnet.c b/lib/ipset_hash_netportnet.c
index 0b36bd50cb971fafa8d3ac1faa7586cae30ee329..e456fb1ea99e183222dd311a3b5fc14c8d215800 100644 (file)
--- a/lib/ipset_hash_netportnet.c
+++ b/lib/ipset_hash_netportnet.c
@@ -358,10 +358,131 @@ static struct ipset_type ipset_hash_netportnet2 = {
        .description = "skbinfo support",
 };
 
+/* bucketsize support */
+static struct ipset_type ipset_hash_netportnet3 = {
+       .name = "hash:net,port,net",
+       .alias = { "netportnethash", NULL },
+       .revision = 3,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_THREE,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_proto_port,
+                       .print = ipset_print_proto_port,
+                       .opt = IPSET_OPT_PORT
+               },
+               [IPSET_DIM_THREE - 1] = {
+                       .parse = ipset_parse_ip4_net6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP2
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2)
+                               | IPSET_FLAG(IPSET_OPT_IP2_TO),
+                       .help = "IP[/CIDR],[PROTO:]PORT,IP[/CIDR]",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2)
+                               | IPSET_FLAG(IPSET_OPT_IP2_TO),
+                       .help = "IP[/CIDR],[PROTO:]PORT,IP[/CIDR]",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NOMATCH,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_IP2),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_CIDR)
+                               | IPSET_FLAG(IPSET_OPT_IP2)
+                               | IPSET_FLAG(IPSET_OPT_CIDR2),
+                       .help = "IP[/CIDR],[PROTO:]PORT,IP[/CIDR]",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+                "      CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      in both IP components are supported for IPv4.\n"
+                "      Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+                "      port range is supported both for IPv4 and IPv6.",
+       .usagefn = ipset_port_usage,
+       .description = "bucketsize support",
+};
+
 void _init(void);
 void _init(void)
 {
        ipset_type_add(&ipset_hash_netportnet0);
        ipset_type_add(&ipset_hash_netportnet1);
        ipset_type_add(&ipset_hash_netportnet2);
+       ipset_type_add(&ipset_hash_netportnet3);
 }
diff --git a/lib/print.c b/lib/print.c
index bafe58f066e216df60cea8a618194adf9b5aac44..d1d5a20c3747cde02392d1f6ac8110894797101e 100644 (file)
--- a/lib/print.c
+++ b/lib/print.c
@@ -945,7 +945,7 @@ ipset_print_data(char *buf, unsigned int len,
        case IPSET_OPT_MAXELEM:
        case IPSET_OPT_MARKMASK:
        case IPSET_OPT_NETMASK:
-       case IPSET_OPT_PROBES:
+       case IPSET_OPT_BUCKETSIZE:
        case IPSET_OPT_RESIZE:
        case IPSET_OPT_TIMEOUT:
        case IPSET_OPT_REFERENCES:
diff --git a/lib/session.c b/lib/session.c
index 9e3eae35955d25de10f55eacee5cc0d1a3bb940a..8416308f3e09c3b96202705e9df082939c9c3e32 100644 (file)
--- a/lib/session.c
+++ b/lib/session.c
@@ -438,9 +438,9 @@ static const struct ipset_attr_policy create_attrs[] = {
                .type = MNL_TYPE_U8,
                .opt = IPSET_OPT_NETMASK,
        },
-       [IPSET_ATTR_PROBES] = {
+       [IPSET_ATTR_BUCKETSIZE] = {
                .type = MNL_TYPE_U8,
-               .opt = IPSET_OPT_PROBES,
+               .opt = IPSET_OPT_BUCKETSIZE,
        },
        [IPSET_ATTR_RESIZE] = {
                .type = MNL_TYPE_U8,
diff --git a/src/ipset.8 b/src/ipset.8
index 7787d7997ddc8591ff184e8c4f377536fd902687..97cece9fb04b5f455790190e399d1bf7f021558c 100644 (file)
--- a/src/ipset.8
+++ b/src/ipset.8
@@ -346,10 +346,20 @@ ipset create test hash:ip hashsize 1536
 .PP
 .SS maxelem
 This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets.
-It does define the maximal number of elements which can be stored in the set, default 65536.
+It defines the maximal number of elements which can be stored in the set, default 65536.
 Example:
 .IP
-ipset create test hash:ip maxelem 2048.
+ipset create test hash:ip maxelem 2048
+.PP
+.SS bucketsize
+This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets.
+It specifies the maximal number of elements which can be stored in a hash
+bucket. Possible values are any even number between 2-14 and the default is
+14. Setting the value lower forces ipset to create larger hashes which
+consumes more memory but gives more speed at matching in the set.
+Example:
+.IP
+ipset create test hash:ip bucketsize 2
 .PP
 .SS family { inet | inet6 }
 This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets
@@ -514,7 +524,7 @@ The \fBhash:ip\fR set type uses a hash to store IP host addresses (default) or
 network addresses. Zero valued IP address cannot be stored in a \fBhash:ip\fR
 type of set.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fIipaddr\fR
 .PP
@@ -543,7 +553,7 @@ ipset test foo 192.168.1.2
 The \fBhash:mac\fR set type uses a hash to store MAC addresses. Zero valued MAC addresses cannot be stored in a \fBhash:mac\fR
 type of set. For matches on destination MAC addresses, see COMMENTS below.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fImacaddr\fR
 .PP
@@ -565,7 +575,7 @@ ipset test foo 01:02:03:04:05:06
 The \fBhash:ip,mac\fR set type uses a hash to store IP and a MAC address pairs. Zero valued MAC addresses cannot be stored in a \fBhash:ip,mac\fR
 type of set. For matches on destination MAC addresses, see COMMENTS below.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fIipaddr\fR,\fImacaddr\fR
 .PP
@@ -587,7 +597,7 @@ ipset test foo 1.1.1.1,01:02:03:04:05:06
 The \fBhash:net\fR set type uses a hash to store different sized IP network addresses.
 Network address with zero prefix size cannot be stored in this type of sets.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fInetaddr\fR
 .PP
@@ -638,7 +648,7 @@ over the second, so a nomatch entry could be potentially be ineffective if a mor
 first parameter existed with a suitable second parameter.
 Network address with zero prefix size cannot be stored in this type of set.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fInetaddr\fR,\fInetaddr\fR
 .PP
@@ -691,7 +701,7 @@ The \fBhash:ip,port\fR set type uses a hash to store IP address and port number
 The port number is interpreted together with a protocol (default TCP) and zero
 protocol number cannot be used.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR
 .PP
@@ -748,7 +758,7 @@ address and port pairs. The port number is interpreted together with a protocol
 (default TCP) and zero protocol number cannot be used. Network
 address with zero prefix size is not accepted either.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR
 .PP
@@ -798,7 +808,7 @@ The \fBhash:ip,port,ip\fR set type uses a hash to store IP address, port number
 and a second IP address triples. The port number is interpreted together with a
 protocol (default TCP) and zero protocol number cannot be used.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR
 .PP
@@ -830,7 +840,7 @@ and IP network address triples. The port number is interpreted together with a
 protocol (default TCP) and zero protocol number cannot be used. Network
 address with zero prefix size cannot be stored either.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR
 .PP
@@ -875,7 +885,7 @@ ipset test foo 192.168.1,80.10.0.0/24
 .SS hash:ip,mark
 The \fBhash:ip,mark\fR set type uses a hash to store IP address and packet mark pairs.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBmarkmask\fR \fIvalue\fR ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBmarkmask\fR \fIvalue\fR ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fIipaddr\fR,\fImark\fR
 .PP
@@ -913,7 +923,7 @@ The \fBhash:net,port,net\fR set type behaves similarly to hash:ip,port,net but a
 cidr value for both the first and last parameter. Either subnet is permitted to be a /0
 should you wish to match port between all destinations.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR
 .PP
@@ -960,7 +970,7 @@ ipset test foo 192.168.1.1,80,10.0.0.1
 The \fBhash:net,iface\fR set type uses a hash to store different sized IP network
 address and interface name pairs.
 .PP
-\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBbucketsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
 .PP
 \fIADD\-ENTRY\fR := \fInetaddr\fR,[\fBphysdev\fR:]\fIiface\fR
 .PP
diff --git a/tests/comment.t.list2 b/tests/comment.t.list2
index 90a7e9bf9902eaf9be91619b75b85d1a762b9728..bf7837f7d30f095b67a5b984556299d6b81c1f62 100644 (file)
--- a/tests/comment.t.list2
+++ b/tests/comment.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,net
-Header: family inet hashsize 128 maxelem 65536 comment
-Size in memory: 1288
+Header: family inet hashsize 128 maxelem 65536 comment bucketsize 12
+Size in memory: 1190
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/comment.t.list21 b/tests/comment.t.list21
index 973b34430d0bcb9f3bd4db41c512aede818971c5..7a546f3e1aaf7b436713c188b4780c35882708fc 100644 (file)
--- a/tests/comment.t.list21
+++ b/tests/comment.t.list21
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536 timeout x comment
-Size in memory: 95168
+Header: family inet hashsize 1024 maxelem 65536 timeout x comment bucketsize 12
+Size in memory: 51092
 References: 0
 Number of entries: 512
 Members:
diff --git a/tests/comment.t.list22 b/tests/comment.t.list22
index 9215b0d1a76485b265d0b13b6baf9ddaaf88929c..f24319ecd54c59cfa94d82ae01891c57719c36fd 100644 (file)
--- a/tests/comment.t.list22
+++ b/tests/comment.t.list22
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536 timeout x comment
-Size in memory: 57634
+Header: family inet hashsize 1024 maxelem 65536 timeout x comment bucketsize 12
+Size in memory: 40034
 References: 0
 Number of entries: 256
 Members:
diff --git a/tests/comment.t.list3 b/tests/comment.t.list3
index 673678a0eef95d01772bb87f4d722843285965cd..528796f27e412bcb054160b4fc76786a2643ce43 100644 (file)
--- a/tests/comment.t.list3
+++ b/tests/comment.t.list3
@@ -1,23 +1,23 @@
 Name: a
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 1
 Number of entries: 0
 Members:
 
 Name: b
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 1
 Number of entries: 0
 Members:
 
 Name: c
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 1
 Number of entries: 0
 Members:
@@ -25,7 +25,7 @@ Members:
 Name: test
 Type: list:set
 Header: size 8 comment
-Size in memory: 288
+Size in memory: 378
 References: 0
 Number of entries: 3
 Members:
diff --git a/tests/hash:ip,mark.t.list0 b/tests/hash:ip,mark.t.list0
index 3866bf546f03ad76e6ba8988cae0b8628f3006d7..865ac1e4d6cac039985f83ee25726ed73abdf3ac 100644 (file)
--- a/tests/hash:ip,mark.t.list0
+++ b/tests/hash:ip,mark.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,mark
-Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x
-Size in memory: 640
+Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 592
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip,mark.t.list1 b/tests/hash:ip,mark.t.list1
index c959e4cb52fdec44d26711f84d0ab38b18db700a..9c6a87da6c7311d799df485254ee23de408bf334 100644 (file)
--- a/tests/hash:ip,mark.t.list1
+++ b/tests/hash:ip,mark.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,mark
-Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4
-Size in memory: 536
+Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 592
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:ip,port,ip.t.list0 b/tests/hash:ip,port,ip.t.list0
index 57adef1ae4349f406e89d165aaa37c8d4dabc72e..ab68f0241b93a9ab966d5a0887c7370656950a50 100644 (file)
--- a/tests/hash:ip,port,ip.t.list0
+++ b/tests/hash:ip,port,ip.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port,ip
-Header: family inet hashsize 1024 maxelem 65536 timeout x
-Size in memory: 840
+Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 664
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip,port,ip.t.list1 b/tests/hash:ip,port,ip.t.list1
index 7c7d5609042c3d646bcd230577cf7fe104585216..9011673b6eb1899f27adc6a7e3ddd07877db8417 100644 (file)
--- a/tests/hash:ip,port,ip.t.list1
+++ b/tests/hash:ip,port,ip.t.list1
@@ -1,6 +1,6 @@
 Name: test
 Type: hash:ip,port,ip
-Header: family inet hashsize 1024 maxelem 65536 timeout 4
+Header: family inet hashsize 1024 maxelem 65536 timeout 4 bucketsize 12
 Size in memory: 664
 References: 0
 Number of entries: 0
diff --git a/tests/hash:ip,port,net.t.list0 b/tests/hash:ip,port,net.t.list0
index 44c53c5b2c6b17939e87b302f34a76d0bb89bb76..ea46beb1648efa1c66ddb8fcd9abeaba837f0c85 100644 (file)
--- a/tests/hash:ip,port,net.t.list0
+++ b/tests/hash:ip,port,net.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port,net
-Header: family inet hashsize 1024 maxelem 65536 timeout x
-Size in memory: 1096
+Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 840
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip,port.t.list0 b/tests/hash:ip,port.t.list0
index 49e303346c65f90e2bd421d5ffff6261b87e513d..1693e855b990243d1709f9d407476ec048ff7df8 100644 (file)
--- a/tests/hash:ip,port.t.list0
+++ b/tests/hash:ip,port.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet hashsize 1024 maxelem 65536 timeout x
-Size in memory: 640
+Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 592
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip,port.t.list1 b/tests/hash:ip,port.t.list1
index 4b7912426b393ec2868aad3071303742b573f0ad..eaf7ff5e191594b218ec5584490bf9d3711cd7e0 100644 (file)
--- a/tests/hash:ip,port.t.list1
+++ b/tests/hash:ip,port.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet hashsize 1024 maxelem 65536 timeout 4
-Size in memory: 528
+Header: family inet hashsize 1024 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 592
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:ip,port.t.list2 b/tests/hash:ip,port.t.list2
index 624d0505e90c9c882985bbe2935ff6bd08b4aee1..75a5d235266fedfd04d9cef8d2347012f4b4e015 100644 (file)
--- a/tests/hash:ip,port.t.list2
+++ b/tests/hash:ip,port.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 320
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 480
 References: 0
 Number of entries: 3
 Members:
diff --git a/tests/hash:ip.t.list0 b/tests/hash:ip.t.list0
index 1859015866433289955a08947521bf79facb978c..908cd188d528516a5ea24c6d8061c31052a911e5 100644 (file)
--- a/tests/hash:ip.t.list0
+++ b/tests/hash:ip.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 128 maxelem 65536 timeout 4
-Size in memory: 336
+Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 464
 References: 0
 Number of entries: 1
 Members:
diff --git a/tests/hash:ip.t.list1 b/tests/hash:ip.t.list1
index 09773247f81cf761890e221a2e484e751e80124a..f67ec085188e5b8cf8bde15b12f766c3233f1050 100644 (file)
--- a/tests/hash:ip.t.list1
+++ b/tests/hash:ip.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout 4
-Size in memory: 432
+Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout 4 bucketsize 12
+Size in memory: 528
 References: 0
 Number of entries: 1
 Members:
diff --git a/tests/hash:ip.t.list2 b/tests/hash:ip.t.list2
index 6cd2bf45e069457e70da9a4beeea2597912ad3c9..9446f21c506a6c3b81457f605b63c2841703e614 100644 (file)
--- a/tests/hash:ip.t.list2
+++ b/tests/hash:ip.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 128 maxelem 65536 timeout x
-Size in memory: 352
+Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 464
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/hash:ip.t.list3 b/tests/hash:ip.t.list3
index 500abbc703def4e909870b97e11e8a79a96aa2e2..661fcf48e990b7abaf4e90bc9e8928a6e49f7cb5 100644 (file)
--- a/tests/hash:ip.t.list3
+++ b/tests/hash:ip.t.list3
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout x
-Size in memory: 464
+Header: family inet hashsize 128 maxelem 65536 netmask 24 timeout x bucketsize 12
+Size in memory: 528
 References: 0
 Number of entries: 3
 Members:
diff --git a/tests/hash:ip6,mark.t.list0 b/tests/hash:ip6,mark.t.list0
index be7c06997ca8c951a5f5fd73e139ab847de55a46..1a6448784249e831a20d2219bd9b128e5740ccb1 100644 (file)
--- a/tests/hash:ip6,mark.t.list0
+++ b/tests/hash:ip6,mark.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,mark
-Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x
-Size in memory: 1088
+Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 736
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip6,mark.t.list1 b/tests/hash:ip6,mark.t.list1
index 5c7b730cea68ef9f0c38a522b9f24feaa8369c5d..7fef4a94399f5bf04ee55ff205d6968a4bf67296 100644 (file)
--- a/tests/hash:ip6,mark.t.list1
+++ b/tests/hash:ip6,mark.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,mark
-Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4
-Size in memory: 800
+Header: family inet6 markmask 0xffffffff hashsize 1024 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 736
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:ip6,port,ip6.t.list0 b/tests/hash:ip6,port,ip6.t.list0
index 6fc67711ab536571618f32939735cf496146bfd8..1594411c7aa33ab979819dfa4711e1dc7bb48e0d 100644 (file)
--- a/tests/hash:ip6,port,ip6.t.list0
+++ b/tests/hash:ip6,port,ip6.t.list0
@@ -1,9 +1,8 @@
 Name: test
 Type: hash:ip,port,ip
-Header: family inet6 hashsize 1024 maxelem 65536 timeout x
-Size in memory: 1608
+Header: family inet6 hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 880
 References: 0
-Size in memory: 9104
 Number of entries: 4
 Members:
 2:1::,tcp:128,2:2:2::2 timeout x
diff --git a/tests/hash:ip6,port,ip6.t.list1 b/tests/hash:ip6,port,ip6.t.list1
index d3b61b783d95f5e399c3676871d4aae2937ee694..afd5f6818d70ac23ea1c3f44df203429039c4519 100644 (file)
--- a/tests/hash:ip6,port,ip6.t.list1
+++ b/tests/hash:ip6,port,ip6.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port,ip
-Header: family inet6 hashsize 1024 maxelem 65536 timeout 4
-Size in memory: 1072
+Header: family inet6 hashsize 1024 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 880
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:ip6,port,net6.t.list0 b/tests/hash:ip6,port,net6.t.list0
index ad8ea8f5c4fadb22d1fbe656aab6a8d249444739..e18056b5b517b324b456b7595a95b2a2a59d7063 100644 (file)
--- a/tests/hash:ip6,port,net6.t.list0
+++ b/tests/hash:ip6,port,net6.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port,net
-Header: family inet6 hashsize 1024 maxelem 65536
-Size in memory: 1864
+Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 1808
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip6,port.t.list0 b/tests/hash:ip6,port.t.list0
index 926c4ec935c6e01616e5fda6db532cab8e089d69..13a94eb9a403548cff5c7bf068e2e2ea33e0f2dd 100644 (file)
--- a/tests/hash:ip6,port.t.list0
+++ b/tests/hash:ip6,port.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet6 hashsize 1024 maxelem 65536 timeout x
-Size in memory: 1088
+Header: family inet6 hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 736
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:ip6,port.t.list1 b/tests/hash:ip6,port.t.list1
index d707af517ecc3e2b7141eb2bf0d8ec51ceb69bc1..f956f3e18f37eab8b846197b6a1903653b200724 100644 (file)
--- a/tests/hash:ip6,port.t.list1
+++ b/tests/hash:ip6,port.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet6 hashsize 1024 maxelem 65536 timeout 4
-Size in memory: 800
+Header: family inet6 hashsize 1024 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 736
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:ip6.t.list0 b/tests/hash:ip6.t.list0
index 44b6fb42b7875a9e7c484542e4bd00d2c01e08f1..8c8958a4a0a6e461b445ece1bdfb2283c677d1c4 100644 (file)
--- a/tests/hash:ip6.t.list0
+++ b/tests/hash:ip6.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet6 hashsize 128 maxelem 65536 timeout 4
-Size in memory: 416
+Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 504
 References: 0
 Number of entries: 1
 Members:
diff --git a/tests/hash:ip6.t.list1 b/tests/hash:ip6.t.list1
index 838fa77c4b8e0295c10b91968d5c2dffa8cf2b68..432f58046a820350813f9ef46fbb2f1dccb3ffca 100644 (file)
--- a/tests/hash:ip6.t.list1
+++ b/tests/hash:ip6.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout 4
-Size in memory: 544
+Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout 4 bucketsize 12
+Size in memory: 584
 References: 0
 Number of entries: 1
 Members:
diff --git a/tests/hash:ip6.t.list2 b/tests/hash:ip6.t.list2
index 46a92f78fd83f9a97d14cb721e3bc2ffa55940a7..f16369705b3f9d81c8ceb2ee4b82df49ca133e17 100644 (file)
--- a/tests/hash:ip6.t.list2
+++ b/tests/hash:ip6.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet6 hashsize 128 maxelem 65536 timeout x
-Size in memory: 512
+Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 504
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/hash:ip6.t.list3 b/tests/hash:ip6.t.list3
index c6e2990601a0b4376ecfe9a50e019f510509c89e..574ebc1213dc0f335fcd1bc49e1e134fe63cc55c 100644 (file)
--- a/tests/hash:ip6.t.list3
+++ b/tests/hash:ip6.t.list3
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout x
-Size in memory: 704
+Header: family inet6 hashsize 128 maxelem 65536 netmask 64 timeout x bucketsize 12
+Size in memory: 584
 References: 0
 Number of entries: 3
 Members:
diff --git a/tests/hash:mac.t.list0 b/tests/hash:mac.t.list0
index 232b932925e3bbe57a73da8f9b7f40d297448cab..e444c48ff8bff4b5ffc4536bc4e6b2da7cccadee 100644 (file)
--- a/tests/hash:mac.t.list0
+++ b/tests/hash:mac.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:mac
-Header: hashsize 128 maxelem 65536 timeout 4
-Size in memory: 336
+Header: hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 464
 References: 0
 Number of entries: 1
 Members:
diff --git a/tests/hash:mac.t.list1 b/tests/hash:mac.t.list1
index 0c971ffd9623ab90dc9e50820e348541f3616176..1760e553b55533605317af301db6d72076e8b58a 100644 (file)
--- a/tests/hash:mac.t.list1
+++ b/tests/hash:mac.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:mac
-Header: hashsize 1024 maxelem 65536 skbinfo
-Size in memory: 1088
+Header: hashsize 1024 maxelem 65536 skbinfo bucketsize 12
+Size in memory: 816
 References: 0
 Number of entries: 6
 Members:
diff --git a/tests/hash:mac.t.list2 b/tests/hash:mac.t.list2
index 166f266c1c7f8c45de99cb07dc2953d298f3f8c3..4c3707ccc40da6d00c04d1a53f50ed5cb81f9439 100644 (file)
--- a/tests/hash:mac.t.list2
+++ b/tests/hash:mac.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:mac
-Header: hashsize 128 maxelem 65536 timeout x
-Size in memory: 384
+Header: hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 464
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/hash:mac.t.list3 b/tests/hash:mac.t.list3
index 41543421ddc2b549933cc01447a856d5a43e6acd..233a56d4a7b4cd158157f42dab3111cd89383575 100644 (file)
--- a/tests/hash:mac.t.list3
+++ b/tests/hash:mac.t.list3
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:mac
-Header: hashsize 1024 maxelem 2 skbinfo
-Size in memory: 448
+Header: hashsize 1024 maxelem 2 skbinfo bucketsize 12
+Size in memory: 496
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/hash:net,iface.t.list0 b/tests/hash:net,iface.t.list0
index e29a7d6d1b656e5c512029f83a11532578dba27b..fa2e5ef6d9eb5b50f6215ed124235dfd370807a2 100644 (file)
--- a/tests/hash:net,iface.t.list0
+++ b/tests/hash:net,iface.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,iface
-Header: family inet hashsize 128 maxelem 65536
-Size in memory: 928
+Header: family inet hashsize 128 maxelem 65536 bucketsize 12
+Size in memory: 976
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net,iface.t.list1 b/tests/hash:net,iface.t.list1
index 00f7d807dd485686611a3c88e5ca918fe41edf17..fabc3a72b0581958619698e88ead6c7acf7be87d 100644 (file)
--- a/tests/hash:net,iface.t.list1
+++ b/tests/hash:net,iface.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,iface
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 3872
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 3000
 References: 0
 Number of entries: 27
 Members:
diff --git a/tests/hash:net,iface.t.list2 b/tests/hash:net,iface.t.list2
index 4f5cc90043590e6dea8d6d6c50e7079eab7f381c..6185742d4594fd0243db5cd06787abe152e86f88 100644 (file)
--- a/tests/hash:net,iface.t.list2
+++ b/tests/hash:net,iface.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,iface
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 928
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 976
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net,net.t.list0 b/tests/hash:net,net.t.list0
index 4b806ea8f4ba93ade4516f2e5f4525e10a34cb9f..c2d00ade11222b92391b7a226efc90adf3402095 100644 (file)
--- a/tests/hash:net,net.t.list0
+++ b/tests/hash:net,net.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,net
-Header: family inet hashsize 128 maxelem 65536 timeout x
-Size in memory: 1288
+Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 1048
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net,net.t.list1 b/tests/hash:net,net.t.list1
index 99e62c1fb7eb5d46d60087f152fe7dc26cf5fc50..8e9748600537d389f72694d347b1a59e3816ab29 100644 (file)
--- a/tests/hash:net,net.t.list1
+++ b/tests/hash:net,net.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,net
-Header: family inet hashsize 128 maxelem 65536 timeout 4
-Size in memory: 920
+Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 1048
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:net,net.t.list2 b/tests/hash:net,net.t.list2
index 139b3e2b46572cbf2b7620d66577ba32faf9edcb..f47a7f552b9891f084881e92370f6094faa3584a 100644 (file)
--- a/tests/hash:net,net.t.list2
+++ b/tests/hash:net,net.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,net
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 2056
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 1752
 References: 0
 Number of entries: 16
 Members:
diff --git a/tests/hash:net,port,net.t.list0 b/tests/hash:net,port,net.t.list0
index 9f20e7d7a9f8004129622af3d5103efbf9add0a4..bc3e7fa1c40809c4b939c8e6819be887563ade4f 100644 (file)
--- a/tests/hash:net,port,net.t.list0
+++ b/tests/hash:net,port,net.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,port,net
-Header: family inet hashsize 1024 maxelem 65536 timeout x
-Size in memory: 1288
+Header: family inet hashsize 1024 maxelem 65536 timeout x bucketsize 12
+Size in memory: 1048
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net,port.t.list0 b/tests/hash:net,port.t.list0
index fbfab7f97f81af8bb67438b5edf4d8f18fe2c94d..727f07f1fa81cf96e178ee47e41175e105f4d935 100644 (file)
--- a/tests/hash:net,port.t.list0
+++ b/tests/hash:net,port.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,port
-Header: family inet hashsize 128 maxelem 65536 timeout x
-Size in memory: 1024
+Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 912
 References: 0
 Number of entries: 5
 Members:
diff --git a/tests/hash:net,port.t.list1 b/tests/hash:net,port.t.list1
index 66f0955e9908c184ffbed1aba2d5cde399661a1a..4f17cf4e92603aff1a23bc28c6a15c6573a6d45a 100644 (file)
--- a/tests/hash:net,port.t.list1
+++ b/tests/hash:net,port.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,port
-Header: family inet hashsize 128 maxelem 65536 timeout 4
-Size in memory: 880
+Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 912
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:net.t.list0 b/tests/hash:net.t.list0
index e22f183f1295aa6a791552f3898e917e6dd6f9d4..60fc10aefa7cb5f357dfcb4a432be7244d82920a 100644 (file)
--- a/tests/hash:net.t.list0
+++ b/tests/hash:net.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet hashsize 128 maxelem 65536 timeout x
-Size in memory: 896
+Header: family inet hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 848
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net.t.list1 b/tests/hash:net.t.list1
index 6e74a1dce3b465662cf1a61de0bbd7fc9e59cedd..6409a7c0525cc839d2470a17194c6a4f4b09c0c6 100644 (file)
--- a/tests/hash:net.t.list1
+++ b/tests/hash:net.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet hashsize 128 maxelem 65536 timeout 4
-Size in memory: 784
+Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 848
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:net.t.list2 b/tests/hash:net.t.list2
index 893ac9d87ec25d711701aa04c4a0dc688d6de8c0..1ebef49d4630267fca5aa8fe5fbb03e71d9851cd 100644 (file)
--- a/tests/hash:net.t.list2
+++ b/tests/hash:net.t.list2
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 640
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 784
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net.t.list3 b/tests/hash:net.t.list3
index 265fcbda2555e6380a578dea9039d85de706bd2f..8f3e6d8e256a31f646c85a988e62bf819f57e9da 100644 (file)
--- a/tests/hash:net.t.list3
+++ b/tests/hash:net.t.list3
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 504
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 688
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/hash:net6,net6.t.list0 b/tests/hash:net6,net6.t.list0
index 1f021e510ae8b442e9c7ac4023067c0b1734b656..7456b6b67dec79b5780e22661d73e254f3823050 100644 (file)
--- a/tests/hash:net6,net6.t.list0
+++ b/tests/hash:net6,net6.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,net
-Header: family inet6 hashsize 128 maxelem 65536 timeout x
-Size in memory: 3144
+Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 2416
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net6,net6.t.list1 b/tests/hash:net6,net6.t.list1
index 2ccfd5106ee67360964c79334438532819590722..2fde68c8dbb5d53a0214b82374ca92af89e3210a 100644 (file)
--- a/tests/hash:net6,net6.t.list1
+++ b/tests/hash:net6,net6.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,net
-Header: family inet6 hashsize 128 maxelem 65536 timeout 4
-Size in memory: 2608
+Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 2416
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/hash:net6,port,net6.t.list0 b/tests/hash:net6,port,net6.t.list0
index 4b9f8f8b28455605db65c8880a647fc8a251f438..f8e091e71c7c344678634b3594892407c2f04fa3 100644 (file)
--- a/tests/hash:net6,port,net6.t.list0
+++ b/tests/hash:net6,port,net6.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,port,net
-Header: family inet6 hashsize 1024 maxelem 65536
-Size in memory: 2440
+Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 2352
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net6,port.t.list0 b/tests/hash:net6,port.t.list0
index 2d3596c619f5a01f3be229c71d9406cbbae3e07a..6c80999d41211f85b424c2dec114d3b793b65143 100644 (file)
--- a/tests/hash:net6,port.t.list0
+++ b/tests/hash:net6,port.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,port
-Header: family inet6 hashsize 128 maxelem 65536 timeout x
-Size in memory: 2352
+Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 1856
 References: 0
 Number of entries: 5
 Members:
diff --git a/tests/hash:net6,port.t.list1 b/tests/hash:net6,port.t.list1
index 788358b01c041d2be62136c9a5dd92a3b30ac7d9..a2044ce5dbe52c15dd68674f9289295f642eeeab 100644 (file)
--- a/tests/hash:net6,port.t.list1
+++ b/tests/hash:net6,port.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net,port
-Header: family inet6 hashsize 128 maxelem 65536 timeout 4
-Size in memory: 1984
+Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 1856
 References: 0
 Number of entries: 1
 Members:
diff --git a/tests/hash:net6.t.list0 b/tests/hash:net6.t.list0
index ad7133aa14aca0c411bec0af40a292948ef7c3e9..06530aa184dff0ba834e4f4899ca2ba6bbd818cc 100644 (file)
--- a/tests/hash:net6.t.list0
+++ b/tests/hash:net6.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet6 hashsize 128 maxelem 65536 timeout x
-Size in memory: 2112
+Header: family inet6 hashsize 128 maxelem 65536 timeout x bucketsize 12
+Size in memory: 1760
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/hash:net6.t.list1 b/tests/hash:net6.t.list1
index bf7dd88651ed8c5a1c625a3724eac795cad821a7..4d248d5006b239781890091ab8f9924ebedd4e3c 100644 (file)
--- a/tests/hash:net6.t.list1
+++ b/tests/hash:net6.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet6 hashsize 128 maxelem 65536 timeout 4
-Size in memory: 1824
+Header: family inet6 hashsize 128 maxelem 65536 timeout 4 bucketsize 12
+Size in memory: 1760
 References: 0
 Number of entries: 0
 Members:
diff --git a/tests/iphash.t.large b/tests/iphash.t.large
index 24cc1258c88d680ec21059d2d1becf8593aa529a..73c61e40df913b806986ecefeed4c47ebdd7107e 100644 (file)
--- a/tests/iphash.t.large
+++ b/tests/iphash.t.large
@@ -1,4 +1,4 @@
-create test hash:ip family inet hashsize 1024 maxelem 65536
+create test hash:ip family inet hashsize 1024 maxelem 65536 bucketsize 12
 add test 10.10.0.0
 add test 10.10.0.1
 add test 10.10.0.2
diff --git a/tests/iphash.t.list0 b/tests/iphash.t.list0
index 4d757112c3788669091a8bfe8a848a1bb3675a79..b8e349688bdfc65173bce572234262ebbd441521 100644 (file)
--- a/tests/iphash.t.list0
+++ b/tests/iphash.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 128 maxelem 65536
-Size in memory: 224
+Header: family inet hashsize 128 maxelem 65536 bucketsize 12
+Size in memory: 416
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/iphash.t.list1 b/tests/iphash.t.list1
index 18ec02703fd6d8510ee7879110fbd4f7621309e2..4a3c8d140d85810e6ff4fc234e6a42fe9a3d30f4 100644 (file)
--- a/tests/iphash.t.list1
+++ b/tests/iphash.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip
-Header: family inet hashsize 128 maxelem 65536 netmask 24
-Size in memory: 224
+Header: family inet hashsize 128 maxelem 65536 netmask 24 bucketsize 12
+Size in memory: 416
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/iphash.t.restore.sorted b/tests/iphash.t.restore.sorted
index e94406165b49352f6c315273987a87d649d3ac63..4b7ff6ddee4c2327b9958c1988262434359a418d 100644 (file)
--- a/tests/iphash.t.restore.sorted
+++ b/tests/iphash.t.restore.sorted
@@ -1,4 +1,4 @@
-create test hash:ip family inet hashsize 128 maxelem 65536
+create test hash:ip family inet hashsize 128 maxelem 65536 bucketsize 12
 add test 10.0.0.0
 add test 10.0.0.1
 add test 10.0.0.2
@@ -128,7 +128,7 @@ add test 10.0.0.125
 add test 10.0.0.126
 add test 10.0.0.127
 add test 10.0.0.128
-create test2 hash:ip family inet hashsize 128 maxelem 65536
+create test2 hash:ip family inet hashsize 128 maxelem 65536 bucketsize 12
 add test2 20.0.0.0
 add test2 20.0.0.1
 add test2 20.0.0.2
diff --git a/tests/ipmarkhash.t.list0 b/tests/ipmarkhash.t.list0
index 9ebf116be52d85fe451f3bcdefde675e74704efe..a3bffcc1ceb9f1f389e969ff14ba86ca1df26209 100644 (file)
--- a/tests/ipmarkhash.t.list0
+++ b/tests/ipmarkhash.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,mark
-Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536
-Size in memory: 384
+Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 528
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/ipmarkhash.t.list1 b/tests/ipmarkhash.t.list1
index af399986ab0a628f0424b17934bafa2633b03950..34a7207a28b8e0334bca4ae7b99157816814099f 100644 (file)
--- a/tests/ipmarkhash.t.list1
+++ b/tests/ipmarkhash.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,mark
-Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536
-Size in memory: 384
+Header: family inet markmask 0xffffffff hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 528
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/ipporthash.t.list0 b/tests/ipporthash.t.list0
index 902160f6b210319260a427f75628db5af75c11d0..e8a00b38ffba187cf6c44f98120b442ebc21ad36 100644 (file)
--- a/tests/ipporthash.t.list0
+++ b/tests/ipporthash.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 384
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 528
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/ipporthash.t.list1 b/tests/ipporthash.t.list1
index d298cc0927de62c9f37cd9704ccdff49d3596231..7ba2900d59f6d20cb0c4e61d149fbde479ec5a73 100644 (file)
--- a/tests/ipporthash.t.list1
+++ b/tests/ipporthash.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 384
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 528
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/ipportiphash.t.list0 b/tests/ipportiphash.t.list0
index bde5356a3555f637abd38af93c870961bac07f91..b34c3a0b7d8dd1ce667459ca152eb2ed8dcfd24c 100644 (file)
--- a/tests/ipportiphash.t.list0
+++ b/tests/ipportiphash.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port,ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 456
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 568
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/ipportiphash.t.list1 b/tests/ipportiphash.t.list1
index d5cc29ec88fb05d60e329f4620eb861b8df2f5d4..bce53148b05948d8838b88a7266942cc08fb790e 100644 (file)
--- a/tests/ipportiphash.t.list1
+++ b/tests/ipportiphash.t.list1
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:ip,port,ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 296
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 456
 References: 0
 Number of entries: 2
 Members:
diff --git a/tests/nethash.t.list0 b/tests/nethash.t.list0
index 0aeb8522c250ccfea80aab9e3e52cf24ed8a6296..e927599be7caab4a7b846763bef046ea16314fe2 100644 (file)
--- a/tests/nethash.t.list0
+++ b/tests/nethash.t.list0
@@ -1,7 +1,7 @@
 Name: test
 Type: hash:net
-Header: family inet hashsize 128 maxelem 65536
-Size in memory: 640
+Header: family inet hashsize 128 maxelem 65536 bucketsize 12
+Size in memory: 784
 References: 0
 Number of entries: 4
 Members:
diff --git a/tests/restore.t.list0 b/tests/restore.t.list0
index 3c73ab35862f29b00f88fdf9e5521736144323bf..1177d6c94447c6482051fde6a98e14c1381fff27 100644 (file)
--- a/tests/restore.t.list0
+++ b/tests/restore.t.list0
@@ -1,7 +1,7 @@
 Name: a
 Type: hash:ip
-Header: family inet6 hashsize 1024 maxelem 65536
-Size in memory: 416
+Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 536
 References: 0
 Number of entries: 3
 Members:
diff --git a/tests/restore.t.list1 b/tests/restore.t.list1
index e2c1f8e9d4681fd9e5ca5ff2d1581c59e8a6c250..f7e06b825cf178e2e47dcec02821d09df7a9a911 100644 (file)
--- a/tests/restore.t.list1
+++ b/tests/restore.t.list1
@@ -1,7 +1,7 @@
 Name: b
 Type: hash:ip
-Header: family inet6 hashsize 1024 maxelem 65536
-Size in memory: 416
+Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 536
 References: 0
 Number of entries: 3
 Members:
diff --git a/tests/setlist.t.list4 b/tests/setlist.t.list4
index 6b115d9d260a4d155ae86db3adf38021c3a125fb..8767afeeea5850d3d1f77d10cb1eb24b514e45dd 100644 (file)
--- a/tests/setlist.t.list4
+++ b/tests/setlist.t.list4
@@ -1,31 +1,31 @@
 Name: a
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 1
 Number of entries: 0
 Members:
 
 Name: b
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 0
 Number of entries: 0
 Members:
 
 Name: c
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 0
 Number of entries: 0
 Members:
 
 Name: d
 Type: hash:ip
-Header: family inet hashsize 1024 maxelem 65536
-Size in memory: 152
+Header: family inet hashsize 1024 maxelem 65536 bucketsize 12
+Size in memory: 336
 References: 0
 Number of entries: 0
 Members:
@@ -33,7 +33,7 @@ Members:
 Name: test
 Type: list:set
 Header: size 8
-Size in memory: 184
+Size in memory: 168
 References: 0
 Number of entries: 1
 Members:
Mirror of git://git.netfilter.org/ipset