#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/netlink.h>
#include <linux/netfilter.h>
#include <linux/netfilter/x_tables.h>
#include <linux/stringify.h>
#include <linux/vmalloc.h>
#include <net/netlink.h>
#include <uapi/linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_compat.h>
#include <linux/netfilter/ipset/ip_set_timeout.h>
#include <linux/netfilter/ipset/ip_set_comment.h>

Include dependency graph for ip_set.h:

Data Structures
struct	ip_set_ext_type

struct	ip_set_ext

struct	ip_set_counter

struct	ip_set_comment

struct	ip_set_skbinfo

struct	ip_set_adt_opt

struct	ip_set_type_variant

struct	ip_set_type

struct	ip_set

Macros
#define	_IP_SET_MODULE_DESC(a, b, c) MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)

#define	IP_SET_MODULE_DESC(a, b, c) _IP_SET_MODULE_DESC(a, __stringify(b), __stringify(c))

#define	SET_WITH_TIMEOUT(s) ((s)->extensions & IPSET_EXT_TIMEOUT)

#define	SET_WITH_COUNTER(s) ((s)->extensions & IPSET_EXT_COUNTER)

#define	SET_WITH_COMMENT(s) ((s)->extensions & IPSET_EXT_COMMENT)

#define	SET_WITH_SKBINFO(s) ((s)->extensions & IPSET_EXT_SKBINFO)

#define	SET_WITH_FORCEADD(s) ((s)->flags & IPSET_CREATE_FLAG_FORCEADD)

#define	ext_timeout(e, s) (unsigned long )(((void )(e)) + (s)->offset[IPSET_EXT_ID_TIMEOUT])

#define	ext_counter(e, s) (struct ip_set_counter )(((void )(e)) + (s)->offset[IPSET_EXT_ID_COUNTER])

#define	ext_comment(e, s) (struct ip_set_comment )(((void )(e)) + (s)->offset[IPSET_EXT_ID_COMMENT])

#define	ext_skbinfo(e, s) (struct ip_set_skbinfo )(((void )(e)) + (s)->offset[IPSET_EXT_ID_SKBINFO])

#define	ip_set_rcu_deref(t)

#define	ipset_nest_start(skb, attr) nla_nest_start(skb, attr \| NLA_F_NESTED)

#define	ipset_nest_end(skb, start) nla_nest_end(skb, start)

#define	IP_SET_INIT_KEXT(skb, opt, set)

#define	IP_SET_INIT_UEXT(set)

#define	IP_SET_INIT_CIDR(a, b) ((a) ? (a) : (b))

#define	IPSET_CONCAT(a, b) a##b

#define	IPSET_TOKEN(a, b) IPSET_CONCAT(a, b)

Typedefs
typedef int(*	ipset_adtfn )(struct ip_set set, void value, const struct ip_set_ext ext, struct ip_set_ext mext, u32 cmdflags)

Enumerations
enum	ip_set_feature { IPSET_TYPE_IP_FLAG = 0, IPSET_TYPE_IP = (1 << IPSET_TYPE_IP_FLAG), IPSET_TYPE_PORT_FLAG = 1, IPSET_TYPE_PORT = (1 << IPSET_TYPE_PORT_FLAG), IPSET_TYPE_MAC_FLAG = 2, IPSET_TYPE_MAC = (1 << IPSET_TYPE_MAC_FLAG), IPSET_TYPE_IP2_FLAG = 3, IPSET_TYPE_IP2 = (1 << IPSET_TYPE_IP2_FLAG), IPSET_TYPE_NAME_FLAG = 4, IPSET_TYPE_NAME = (1 << IPSET_TYPE_NAME_FLAG), IPSET_TYPE_IFACE_FLAG = 5, IPSET_TYPE_IFACE = (1 << IPSET_TYPE_IFACE_FLAG), IPSET_TYPE_MARK_FLAG = 6, IPSET_TYPE_MARK = (1 << IPSET_TYPE_MARK_FLAG), IPSET_TYPE_NOMATCH_FLAG = 7, IPSET_TYPE_NOMATCH = (1 << IPSET_TYPE_NOMATCH_FLAG), IPSET_DUMP_LAST_FLAG = 8, IPSET_DUMP_LAST = (1 << IPSET_DUMP_LAST_FLAG) }

enum	ip_set_extension { IPSET_EXT_BIT_TIMEOUT = 0, IPSET_EXT_TIMEOUT = (1 << IPSET_EXT_BIT_TIMEOUT), IPSET_EXT_BIT_COUNTER = 1, IPSET_EXT_COUNTER = (1 << IPSET_EXT_BIT_COUNTER), IPSET_EXT_BIT_COMMENT = 2, IPSET_EXT_COMMENT = (1 << IPSET_EXT_BIT_COMMENT), IPSET_EXT_BIT_SKBINFO = 3, IPSET_EXT_SKBINFO = (1 << IPSET_EXT_BIT_SKBINFO), IPSET_EXT_BIT_DESTROY = 7, IPSET_EXT_DESTROY = (1 << IPSET_EXT_BIT_DESTROY) }

enum	ip_set_ext_id { IPSET_EXT_ID_COUNTER = 0, IPSET_EXT_ID_TIMEOUT, IPSET_EXT_ID_SKBINFO, IPSET_EXT_ID_COMMENT, IPSET_EXT_ID_MAX }

enum	{ IPSET_CB_NET = 0, IPSET_CB_DUMP, IPSET_CB_INDEX, IPSET_CB_PRIVATE, IPSET_CB_ARG0, IPSET_CB_ARG1 }

Functions
int	ip_set_type_register (struct ip_set_type *set_type)

void	ip_set_type_unregister (struct ip_set_type *set_type)

ip_set_id_t	ip_set_get_byname (struct net net, const char name, struct ip_set **set)

void	ip_set_put_byindex (struct net *net, ip_set_id_t index)

const char *	ip_set_name_byindex (struct net *net, ip_set_id_t index)

ip_set_id_t	ip_set_nfnl_get_byindex (struct net *net, ip_set_id_t index)

void	ip_set_nfnl_put (struct net *net, ip_set_id_t index)

int	ip_set_add (ip_set_id_t id, const struct sk_buff skb, const struct xt_action_param par, struct ip_set_adt_opt *opt)

int	ip_set_del (ip_set_id_t id, const struct sk_buff skb, const struct xt_action_param par, struct ip_set_adt_opt *opt)

int	ip_set_test (ip_set_id_t id, const struct sk_buff skb, const struct xt_action_param par, struct ip_set_adt_opt *opt)

void *	ip_set_alloc (size_t size)

void	ip_set_free (void *members)

int	ip_set_get_ipaddr4 (struct nlattr nla, __be32 ipaddr)

int	ip_set_get_ipaddr6 (struct nlattr nla, union nf_inet_addr ipaddr)

size_t	ip_set_elem_len (struct ip_set set, struct nlattr tb[], size_t len)

int	ip_set_get_extensions (struct ip_set set, struct nlattr tb[], struct ip_set_ext *ext)

Variables
const struct ip_set_ext_type	ip_set_extensions []

Macro Definition Documentation

#define _IP_SET_MODULE_DESC	(	a,
		b,
		c
	)	MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)

#define ext_comment	(	e,
		s
	)	(struct ip_set_comment )(((void )(e)) + (s)->offset[IPSET_EXT_ID_COMMENT])

#define ext_counter	(	e,
		s
	)	(struct ip_set_counter )(((void )(e)) + (s)->offset[IPSET_EXT_ID_COUNTER])

#define ext_skbinfo	(	e,
		s
	)	(struct ip_set_skbinfo )(((void )(e)) + (s)->offset[IPSET_EXT_ID_SKBINFO])

#define ext_timeout	(	e,
		s
	)	(unsigned long )(((void )(e)) + (s)->offset[IPSET_EXT_ID_TIMEOUT])

#define IP_SET_INIT_CIDR	(	a,
		b
	)	((a) ? (a) : (b))

#define IP_SET_INIT_KEXT	(	skb,
		opt,
		set
	)

Value:

{ .bytes = (skb)->len, .packets = 1, \

.timeout = ip_set_adt_opt_timeout(opt, set) }

opt

static int const struct sk_buff const struct xt_action_param enum ipset_adt adt struct ip_set_adt_opt * opt

Definition: ip_set_hash_gen.h:1153

timeout

struct timeval timeout

Definition: nssocket.h:66

set

struct set - nftables set

Definition: rule.h:186

skb

static int const struct sk_buff * skb

Definition: ip_set_hash_gen.h:1151

len

int len

Definition: utils.c:56

#define IP_SET_INIT_UEXT ( set )

Value:

{ .bytes = ULLONG_MAX, .packets = ULLONG_MAX, \

.timeout = (set)->timeout }

timeout

struct timeval timeout

Definition: nssocket.h:66

set

struct set - nftables set

Definition: rule.h:186

ULLONG_MAX

#define ULLONG_MAX

Definition: parse.c:30

#define IP_SET_MODULE_DESC	(	a,
		b,
		c
	)	_IP_SET_MODULE_DESC(a, __stringify(b), __stringify(c))

#define ip_set_rcu_deref ( t )

Value:

rcu_dereference_index_check(t, \

rcu_read_lock_held() || rcu_read_lock_bh_held())

#define IPSET_CONCAT	(	a,
		b
	)	a##b

#define ipset_nest_end	(	skb,
		start
	)	nla_nest_end(skb, start)

#define ipset_nest_start	(	skb,
		attr
	)	nla_nest_start(skb, attr \| NLA_F_NESTED)

#define IPSET_TOKEN	(	a,
		b
	)	IPSET_CONCAT(a, b)

#define SET_WITH_COMMENT ( s ) ((s)->extensions & IPSET_EXT_COMMENT)

#define SET_WITH_COUNTER ( s ) ((s)->extensions & IPSET_EXT_COUNTER)

#define SET_WITH_FORCEADD ( s ) ((s)->flags & IPSET_CREATE_FLAG_FORCEADD)

#define SET_WITH_SKBINFO ( s ) ((s)->extensions & IPSET_EXT_SKBINFO)

#define SET_WITH_TIMEOUT ( s ) ((s)->extensions & IPSET_EXT_TIMEOUT)

Typedef Documentation

typedef int(* ipset_adtfn)(struct ip_set *set, void *value, const struct ip_set_ext *ext, struct ip_set_ext *mext, u32 cmdflags)

Enumeration Type Documentation

anonymous enum

Enumerator
IPSET_CB_NET
IPSET_CB_DUMP
IPSET_CB_INDEX
IPSET_CB_PRIVATE
IPSET_CB_ARG0
IPSET_CB_ARG1

enum ip_set_ext_id

Enumerator
IPSET_EXT_ID_COUNTER
IPSET_EXT_ID_TIMEOUT
IPSET_EXT_ID_SKBINFO
IPSET_EXT_ID_COMMENT
IPSET_EXT_ID_MAX

enum ip_set_extension

Enumerator
IPSET_EXT_BIT_TIMEOUT
IPSET_EXT_TIMEOUT
IPSET_EXT_BIT_COUNTER
IPSET_EXT_COUNTER
IPSET_EXT_BIT_COMMENT
IPSET_EXT_COMMENT
IPSET_EXT_BIT_SKBINFO
IPSET_EXT_SKBINFO
IPSET_EXT_BIT_DESTROY
IPSET_EXT_DESTROY

enum ip_set_feature

Enumerator
IPSET_TYPE_IP_FLAG
IPSET_TYPE_IP
IPSET_TYPE_PORT_FLAG
IPSET_TYPE_PORT
IPSET_TYPE_MAC_FLAG
IPSET_TYPE_MAC
IPSET_TYPE_IP2_FLAG
IPSET_TYPE_IP2
IPSET_TYPE_NAME_FLAG
IPSET_TYPE_NAME
IPSET_TYPE_IFACE_FLAG
IPSET_TYPE_IFACE
IPSET_TYPE_MARK_FLAG
IPSET_TYPE_MARK
IPSET_TYPE_NOMATCH_FLAG
IPSET_TYPE_NOMATCH
IPSET_DUMP_LAST_FLAG
IPSET_DUMP_LAST

Function Documentation

int ip_set_add	(	ip_set_id_t	id,
		const struct sk_buff *	skb,
		const struct xt_action_param *	par,
		struct ip_set_adt_opt *	opt
	)

References ip_set_adt_opt::dim, ip_set_type::dimension, ip_set_adt_opt::family, ip_set::family, IPSET_ADD, IPSET_ERR_TYPE_MISMATCH, ip_set_type_variant::kadt, ip_set::lock, ip_set::name, NFPROTO_UNSPEC, pr_debug, ip_set::type, and ip_set::variant.

void* ip_set_alloc ( size_t size )

References NULL, and pr_debug.

int ip_set_del	(	ip_set_id_t	id,
		const struct sk_buff *	skb,
		const struct xt_action_param *	par,
		struct ip_set_adt_opt *	opt
	)

References ip_set_adt_opt::dim, ip_set_type::dimension, ip_set_adt_opt::family, ip_set::family, IPSET_DEL, IPSET_ERR_TYPE_MISMATCH, ip_set_type_variant::kadt, ip_set::lock, ip_set::name, NFPROTO_UNSPEC, pr_debug, ip_set::type, and ip_set::variant.

size_t ip_set_elem_len	(	struct ip_set *	set,
		struct nlattr *	tb[],
		size_t	len
	)

References ALIGN, ip_set::extensions, ip_set::flags, id, IPSET_ATTR_CADT_FLAGS, IPSET_CREATE_FLAG_FORCEADD, IPSET_EXT_ID_MAX, IPSET_FLAG_WITH_FORCEADD, ip_set_ext_type::len, ip_set::offset, ip_set_ext_type::type, and u32.

void ip_set_free ( void * members )

References pr_debug.

ip_set_id_t ip_set_get_byname	(	struct net *	net,
		const char *	name,
		struct ip_set **	set
	)

References ip_set_net::ip_set_list, ip_set_net::ip_set_max, IPSET_INVALID_ID, ip_set::name, s, and STREQ.

int ip_set_get_extensions	(	struct ip_set *	set,
		struct nlattr *	tb[],
		struct ip_set_ext *	ext
	)

int ip_set_get_ipaddr4	(	struct nlattr *	nla,
		__be32 *	ipaddr
	)

References IPSET_ATTR_IPADDR_IPV4, IPSET_ATTR_IPADDR_MAX, IPSET_ERR_PROTOCOL, nla_parse_nested(), tb, and unlikely.

Here is the call graph for this function:

int ip_set_get_ipaddr6	(	struct nlattr *	nla,
		union nf_inet_addr *	ipaddr
	)

References IPSET_ATTR_IPADDR_IPV6, IPSET_ATTR_IPADDR_MAX, IPSET_ERR_PROTOCOL, nla_data(), nla_parse_nested(), tb, and unlikely.

Here is the call graph for this function:

const char* ip_set_name_byindex	(	struct net *	net,
		ip_set_id_t	index
	)

References ip_set::name, and ip_set::ref.

ip_set_id_t ip_set_nfnl_get_byindex	(	struct net *	net,
		ip_set_id_t	index
	)

References ip_set, ip_set_net::ip_set_max, and IPSET_INVALID_ID.

void ip_set_nfnl_put	(	struct net *	net,
		ip_set_id_t	index
	)

References ip_set, and ip_set_net::is_deleted.

void ip_set_put_byindex	(	struct net *	net,
		ip_set_id_t	index
	)

int ip_set_test	(	ip_set_id_t	id,
		const struct sk_buff *	skb,
		const struct xt_action_param *	par,
		struct ip_set_adt_opt *	opt
	)

References ip_set_adt_opt::cmdflags, ip_set_adt_opt::dim, ip_set_type::dimension, ip_set_adt_opt::family, ip_set::family, ip_set_type::features, IPSET_ADD, IPSET_FLAG_RETURN_NOMATCH, IPSET_TEST, IPSET_TYPE_NOMATCH, ip_set_type_variant::kadt, ip_set::lock, ip_set::name, NFPROTO_UNSPEC, pr_debug, ip_set::type, and ip_set::variant.

int ip_set_type_register ( struct ip_set_type * set_type )

References ip_set_type::family, family_name, IPSET_PROTOCOL, ip_set_type::list, ip_set_type::name, pr_debug, ip_set_type::protocol, ip_set_type::revision_max, and ip_set_type::revision_min.

void ip_set_type_unregister ( struct ip_set_type * set_type )

References ip_set_type::family, family_name, ip_set_type::list, ip_set_type::name, pr_debug, and ip_set_type::revision_min.

Variable Documentation

const struct ip_set_ext_type ip_set_extensions[]

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation