netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Data Structures | Macros | Typedefs | Functions | Variables
ip_set_core.c File Reference
#include <linux/init.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
#include <linux/netlink.h>
#include <linux/rculist.h>
#include <net/netlink.h>
#include <net/net_namespace.h>
#include <net/netns/generic.h>
#include <linux/netfilter.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/ipset/ip_set.h>
Include dependency graph for ip_set_core.c:

Data Structures

struct  ip_set_net
 

Macros

#define IP_SET_INC   64
 
#define STREQ(a, b)   (strncmp(a, b, IPSET_MAXNAMELEN) == 0)
 
#define _IP_SET_CORE_MODULE_DESC(a)   MODULE_DESCRIPTION("core IP set support (v" a ")")
 
#define IP_SET_CORE_MODULE_DESC(a)   _IP_SET_CORE_MODULE_DESC(__stringify(a))
 
#define ip_set_dereference(p)   rcu_dereference_protected(p, 1)
 
#define ip_set(inst, id)   ip_set_dereference((inst)->ip_set_list)[id]
 
#define find_set_type_get(name, family, revision, found)   __find_set_type_get(name, family, revision, found, false)
 
#define find_set_type_minmax(name, family, min, max)   __find_set_type_minmax(name, family, min, max, false)
 
#define family_name(f)
 
#define DUMP_INIT   0
 
#define DUMP_ALL   1
 
#define DUMP_ONE   2
 
#define DUMP_LAST   3
 
#define DUMP_TYPE(arg)   (((u32)(arg)) & 0x0000FFFF)
 
#define DUMP_FLAGS(arg)   (((u32)(arg)) >> 16)
 

Typedefs

typedef void(* destroyer )(void *)
 

Functions

 module_param (max_sets, int, 0600)
 
 MODULE_PARM_DESC (max_sets,"maximal number of sets")
 
 MODULE_LICENSE ("GPL")
 
 MODULE_AUTHOR ("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>")
 
 IP_SET_CORE_MODULE_DESC (PACKAGE_VERSION)
 
 MODULE_ALIAS_NFNL_SUBSYS (NFNL_SUBSYS_IPSET)
 
int ip_set_type_register (struct ip_set_type *type)
 
 EXPORT_SYMBOL_GPL (ip_set_type_register)
 
void ip_set_type_unregister (struct ip_set_type *type)
 
 EXPORT_SYMBOL_GPL (ip_set_type_unregister)
 
void * ip_set_alloc (size_t size)
 
 EXPORT_SYMBOL_GPL (ip_set_alloc)
 
void ip_set_free (void *members)
 
 EXPORT_SYMBOL_GPL (ip_set_free)
 
int ip_set_get_ipaddr4 (struct nlattr *nla, __be32 *ipaddr)
 
 EXPORT_SYMBOL_GPL (ip_set_get_ipaddr4)
 
int ip_set_get_ipaddr6 (struct nlattr *nla, union nf_inet_addr *ipaddr)
 
 EXPORT_SYMBOL_GPL (ip_set_get_ipaddr6)
 
 EXPORT_SYMBOL_GPL (ip_set_extensions)
 
size_t ip_set_elem_len (struct ip_set *set, struct nlattr *tb[], size_t len)
 
 EXPORT_SYMBOL_GPL (ip_set_elem_len)
 
int ip_set_get_extensions (struct ip_set *set, struct nlattr *tb[], struct ip_set_ext *ext)
 
 EXPORT_SYMBOL_GPL (ip_set_get_extensions)
 
int ip_set_test (ip_set_id_t index, const struct sk_buff *skb, const struct xt_action_param *par, struct ip_set_adt_opt *opt)
 
 EXPORT_SYMBOL_GPL (ip_set_test)
 
int ip_set_add (ip_set_id_t index, const struct sk_buff *skb, const struct xt_action_param *par, struct ip_set_adt_opt *opt)
 
 EXPORT_SYMBOL_GPL (ip_set_add)
 
int ip_set_del (ip_set_id_t index, const struct sk_buff *skb, const struct xt_action_param *par, struct ip_set_adt_opt *opt)
 
 EXPORT_SYMBOL_GPL (ip_set_del)
 
ip_set_id_t ip_set_get_byname (struct net *net, const char *name, struct ip_set **set)
 
 EXPORT_SYMBOL_GPL (ip_set_get_byname)
 
void ip_set_put_byindex (struct net *net, ip_set_id_t index)
 
 EXPORT_SYMBOL_GPL (ip_set_put_byindex)
 
const char * ip_set_name_byindex (struct net *net, ip_set_id_t index)
 
 EXPORT_SYMBOL_GPL (ip_set_name_byindex)
 
ip_set_id_t ip_set_nfnl_get_byindex (struct net *net, ip_set_id_t index)
 
 EXPORT_SYMBOL_GPL (ip_set_nfnl_get_byindex)
 
void ip_set_nfnl_put (struct net *net, ip_set_id_t index)
 
 EXPORT_SYMBOL_GPL (ip_set_nfnl_put)
 
 module_init (ip_set_init)
 
 module_exit (ip_set_fini)
 

Variables

const struct ip_set_ext_type ip_set_extensions []
 

Macro Definition Documentation

#define _IP_SET_CORE_MODULE_DESC (   a)    MODULE_DESCRIPTION("core IP set support (v" a ")")
#define DUMP_ALL   1
#define DUMP_FLAGS (   arg)    (((u32)(arg)) >> 16)
#define DUMP_INIT   0
#define DUMP_LAST   3
#define DUMP_ONE   2
#define DUMP_TYPE (   arg)    (((u32)(arg)) & 0x0000FFFF)
#define family_name (   f)
Value:
((f) == NFPROTO_IPV4 ? "inet" : \
(f) == NFPROTO_IPV6 ? "inet6" : "any")
NFPROTO_IPV4
Definition: nfproto.h:11
NFPROTO_IPV6
Definition: nfproto.h:14

Referenced by ip_set_type_register(), and ip_set_type_unregister().

#define find_set_type_get (   name,
  family,
  revision,
  found 
)    __find_set_type_get(name, family, revision, found, false)
#define find_set_type_minmax (   name,
  family,
  min,
  max 
)    __find_set_type_minmax(name, family, min, max, false)
#define ip_set (   inst,
  id 
)    ip_set_dereference((inst)->ip_set_list)[id]

Referenced by ip_set_nfnl_get_byindex(), and ip_set_nfnl_put().

#define IP_SET_CORE_MODULE_DESC (   a)    _IP_SET_CORE_MODULE_DESC(__stringify(a))
#define ip_set_dereference (   p)    rcu_dereference_protected(p, 1)
#define IP_SET_INC   64
#define STREQ (   a,
 
)    (strncmp(a, b, IPSET_MAXNAMELEN) == 0)

Referenced by ip_set_get_byname().

Typedef Documentation

typedef void(* destroyer)(void *)

Function Documentation

EXPORT_SYMBOL_GPL ( ip_set_type_register  )
EXPORT_SYMBOL_GPL ( ip_set_type_unregister  )
EXPORT_SYMBOL_GPL ( ip_set_alloc  )
EXPORT_SYMBOL_GPL ( ip_set_free  )
EXPORT_SYMBOL_GPL ( ip_set_get_ipaddr4  )
EXPORT_SYMBOL_GPL ( ip_set_get_ipaddr6  )
EXPORT_SYMBOL_GPL ( ip_set_extensions  )
EXPORT_SYMBOL_GPL ( ip_set_elem_len  )
EXPORT_SYMBOL_GPL ( ip_set_get_extensions  )
EXPORT_SYMBOL_GPL ( ip_set_test  )
EXPORT_SYMBOL_GPL ( ip_set_add  )
EXPORT_SYMBOL_GPL ( ip_set_del  )
EXPORT_SYMBOL_GPL ( ip_set_get_byname  )
EXPORT_SYMBOL_GPL ( ip_set_put_byindex  )
EXPORT_SYMBOL_GPL ( ip_set_name_byindex  )
EXPORT_SYMBOL_GPL ( ip_set_nfnl_get_byindex  )
EXPORT_SYMBOL_GPL ( ip_set_nfnl_put  )
int ip_set_add ( ip_set_id_t  index,
const struct sk_buff *  skb,
const struct xt_action_param *  par,
struct ip_set_adt_opt opt 
)

References ip_set_adt_opt::dim, ip_set_type::dimension, ip_set_adt_opt::family, ip_set::family, IPSET_ADD, IPSET_ERR_TYPE_MISMATCH, ip_set_type_variant::kadt, ip_set::lock, ip_set::name, NFPROTO_UNSPEC, pr_debug, ip_set::type, and ip_set::variant.

void* ip_set_alloc ( size_t  size)

References NULL, and pr_debug.

IP_SET_CORE_MODULE_DESC ( PACKAGE_VERSION  )
int ip_set_del ( ip_set_id_t  index,
const struct sk_buff *  skb,
const struct xt_action_param *  par,
struct ip_set_adt_opt opt 
)

References ip_set_adt_opt::dim, ip_set_type::dimension, ip_set_adt_opt::family, ip_set::family, IPSET_DEL, IPSET_ERR_TYPE_MISMATCH, ip_set_type_variant::kadt, ip_set::lock, ip_set::name, NFPROTO_UNSPEC, pr_debug, ip_set::type, and ip_set::variant.

size_t ip_set_elem_len ( struct ip_set set,
struct nlattr tb[],
size_t  len 
)

References ALIGN, ip_set::extensions, ip_set::flags, id, IPSET_ATTR_CADT_FLAGS, IPSET_CREATE_FLAG_FORCEADD, IPSET_EXT_ID_MAX, IPSET_FLAG_WITH_FORCEADD, ip_set_ext_type::len, ip_set::offset, ip_set_ext_type::type, and u32.

void ip_set_free ( void *  members)

References pr_debug.

ip_set_id_t ip_set_get_byname ( struct net *  net,
const char *  name,
struct ip_set **  set 
)

References ip_set_net::ip_set_list, ip_set_net::ip_set_max, IPSET_INVALID_ID, ip_set::name, s, and STREQ.

int ip_set_get_extensions ( struct ip_set set,
struct nlattr tb[],
struct ip_set_ext ext 
)

References ip_set_ext::bytes, ip_set_ext::comment, ip_set::extensions, IPSET_ATTR_BYTES, IPSET_ATTR_COMMENT, IPSET_ATTR_PACKETS, IPSET_ATTR_SKBMARK, IPSET_ATTR_SKBPRIO, IPSET_ATTR_SKBQUEUE, IPSET_ATTR_TIMEOUT, IPSET_ERR_COMMENT, IPSET_ERR_COUNTER, IPSET_ERR_SKBINFO, IPSET_ERR_TIMEOUT, IPSET_EXT_COMMENT, IPSET_EXT_COUNTER, IPSET_EXT_SKBINFO, IPSET_EXT_TIMEOUT, ip_set_ext::packets, ip_set_ext::skbmark, ip_set_ext::skbmarkmask, ip_set_ext::skbprio, ip_set_ext::skbqueue, and ip_set_ext::timeout.

int ip_set_get_ipaddr4 ( struct nlattr nla,
__be32 ipaddr 
)

References IPSET_ATTR_IPADDR_IPV4, IPSET_ATTR_IPADDR_MAX, IPSET_ERR_PROTOCOL, nla_parse_nested(), tb, and unlikely.

Here is the call graph for this function:

int ip_set_get_ipaddr6 ( struct nlattr nla,
union nf_inet_addr ipaddr 
)

References IPSET_ATTR_IPADDR_IPV6, IPSET_ATTR_IPADDR_MAX, IPSET_ERR_PROTOCOL, nla_data(), nla_parse_nested(), tb, and unlikely.

Here is the call graph for this function:

const char* ip_set_name_byindex ( struct net *  net,
ip_set_id_t  index 
)

References ip_set::name, and ip_set::ref.

ip_set_id_t ip_set_nfnl_get_byindex ( struct net *  net,
ip_set_id_t  index 
)

References ip_set, ip_set_net::ip_set_max, and IPSET_INVALID_ID.

void ip_set_nfnl_put ( struct net *  net,
ip_set_id_t  index 
)

References ip_set, and ip_set_net::is_deleted.

void ip_set_put_byindex ( struct net *  net,
ip_set_id_t  index 
)
int ip_set_test ( ip_set_id_t  index,
const struct sk_buff *  skb,
const struct xt_action_param *  par,
struct ip_set_adt_opt opt 
)

References ip_set_adt_opt::cmdflags, ip_set_adt_opt::dim, ip_set_type::dimension, ip_set_adt_opt::family, ip_set::family, ip_set_type::features, IPSET_ADD, IPSET_FLAG_RETURN_NOMATCH, IPSET_TEST, IPSET_TYPE_NOMATCH, ip_set_type_variant::kadt, ip_set::lock, ip_set::name, NFPROTO_UNSPEC, pr_debug, ip_set::type, and ip_set::variant.

int ip_set_type_register ( struct ip_set_type type)

References ip_set_type::family, family_name, IPSET_PROTOCOL, ip_set_type::list, ip_set_type::name, pr_debug, ip_set_type::protocol, ip_set_type::revision_max, and ip_set_type::revision_min.

void ip_set_type_unregister ( struct ip_set_type type)

References ip_set_type::family, family_name, ip_set_type::list, ip_set_type::name, pr_debug, and ip_set_type::revision_min.

MODULE_ALIAS_NFNL_SUBSYS ( NFNL_SUBSYS_IPSET  )
MODULE_AUTHOR ( "Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"  )
module_exit ( ip_set_fini  )
module_init ( ip_set_init  )
MODULE_LICENSE ( "GPL"  )
module_param ( max_sets  ,
int  ,
0600   
)
MODULE_PARM_DESC ( max_sets  ,
"maximal number of sets"   
)

Variable Documentation

const struct ip_set_ext_type ip_set_extensions[]
Initial value:
= {
[IPSET_EXT_ID_COUNTER] = {
.type = IPSET_EXT_COUNTER,
.flag = IPSET_FLAG_WITH_COUNTERS,
.len = sizeof(struct ip_set_counter),
.align = __alignof__(struct ip_set_counter),
},
[IPSET_EXT_ID_TIMEOUT] = {
.type = IPSET_EXT_TIMEOUT,
.len = sizeof(unsigned long),
.align = __alignof__(unsigned long),
},
[IPSET_EXT_ID_SKBINFO] = {
.type = IPSET_EXT_SKBINFO,
.flag = IPSET_FLAG_WITH_SKBINFO,
.len = sizeof(struct ip_set_skbinfo),
.align = __alignof__(struct ip_set_skbinfo),
},
[IPSET_EXT_ID_COMMENT] = {
.type = IPSET_EXT_COMMENT | IPSET_EXT_DESTROY,
.flag = IPSET_FLAG_WITH_COMMENT,
.len = sizeof(struct ip_set_comment),
.align = __alignof__(struct ip_set_comment),
.destroy = (destroyer) ip_set_comment_free,
},
}
IPSET_FLAG_WITH_COUNTERS
Definition: linux_ip_set.h:196
IPSET_EXT_ID_TIMEOUT
Definition: ip_set.h:77
IPSET_EXT_ID_COMMENT
Definition: ip_set.h:79
IPSET_EXT_ID_SKBINFO
Definition: ip_set.h:78
IPSET_EXT_COMMENT
Definition: ip_set.h:60
IPSET_EXT_TIMEOUT
Definition: ip_set.h:56
ip_set_skbinfo
Definition: ip_set.h:116
IPSET_FLAG_WITH_COMMENT
Definition: linux_ip_set.h:198
ip_set_counter
Definition: ip_set.h:107
ip_set_comment
Definition: ip_set.h:112
IPSET_FLAG_WITH_SKBINFO
Definition: linux_ip_set.h:202
IPSET_EXT_COUNTER
Definition: ip_set.h:58
IPSET_EXT_DESTROY
Definition: ip_set.h:65
IPSET_EXT_ID_COUNTER
Definition: ip_set.h:76
IPSET_EXT_SKBINFO
Definition: ip_set.h:62
destroyer
void(* destroyer)(void *)
Definition: ip_set_core.c:332