[deliverable/linux.git] / net / netfilter / ipset / ip_set_bitmap_port.c

/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/* Kernel module implementing an IP set type: the bitmap:port type */

#include <linux/module.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/errno.h>
#include <linux/netlink.h>
#include <linux/jiffies.h>
#include <linux/timer.h>
#include <net/netlink.h>

#include <linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_bitmap.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
#define IP_SET_BITMAP_TIMEOUT
#include <linux/netfilter/ipset/ip_set_timeout.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("bitmap:port type of IP sets");
MODULE_ALIAS("ip_set_bitmap:port");

/* Type structure */
struct bitmap_port {
	void *members;		/* the set members */
	u16 first_port;		/* host byte order, included in range */
	u16 last_port;		/* host byte order, included in range */
	size_t memsize;		/* members size */
	u32 timeout;		/* timeout parameter */
	struct timer_list gc;	/* garbage collection */
};

/* Base variant */

static int
bitmap_port_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
	const struct bitmap_port *map = set->data;
	u16 id = *(u16 *)value;

	return !!test_bit(id, map->members);
}

static int
bitmap_port_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
	struct bitmap_port *map = set->data;
	u16 id = *(u16 *)value;

	if (test_and_set_bit(id, map->members))
		return -IPSET_ERR_EXIST;

	return 0;
}

static int
bitmap_port_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
	struct bitmap_port *map = set->data;
	u16 id = *(u16 *)value;

	if (!test_and_clear_bit(id, map->members))
		return -IPSET_ERR_EXIST;

	return 0;
}

static int
bitmap_port_list(const struct ip_set *set,
		 struct sk_buff *skb, struct netlink_callback *cb)
{
	const struct bitmap_port *map = set->data;
	struct nlattr *atd, *nested;
	u16 id, first = cb->args[2];
	u16 last = map->last_port - map->first_port;

	atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
	if (!atd)
		return -EMSGSIZE;
	for (; cb->args[2] <= last; cb->args[2]++) {
		id = cb->args[2];
		if (!test_bit(id, map->members))
			continue;
		nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
		if (!nested) {
			if (id == first) {
				nla_nest_cancel(skb, atd);
				return -EMSGSIZE;
			} else
				goto nla_put_failure;
		}
		NLA_PUT_NET16(skb, IPSET_ATTR_PORT,
			      htons(map->first_port + id));
		ipset_nest_end(skb, nested);
	}
	ipset_nest_end(skb, atd);
	/* Set listing finished */
	cb->args[2] = 0;

	return 0;

nla_put_failure:
	nla_nest_cancel(skb, nested);
	ipset_nest_end(skb, atd);
	if (unlikely(id == first)) {
		cb->args[2] = 0;
		return -EMSGSIZE;
	}
	return 0;
}

/* Timeout variant */

static int
bitmap_port_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
	const struct bitmap_port *map = set->data;
	const unsigned long *members = map->members;
	u16 id = *(u16 *)value;

	return ip_set_timeout_test(members[id]);
}

static int
bitmap_port_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
	struct bitmap_port *map = set->data;
	unsigned long *members = map->members;
	u16 id = *(u16 *)value;

	if (ip_set_timeout_test(members[id]) && !(flags & IPSET_FLAG_EXIST))
		return -IPSET_ERR_EXIST;

	members[id] = ip_set_timeout_set(timeout);

	return 0;
}

static int
bitmap_port_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
{
	struct bitmap_port *map = set->data;
	unsigned long *members = map->members;
	u16 id = *(u16 *)value;
	int ret = -IPSET_ERR_EXIST;

	if (ip_set_timeout_test(members[id]))
		ret = 0;

	members[id] = IPSET_ELEM_UNSET;
	return ret;
}

static int
bitmap_port_tlist(const struct ip_set *set,
		  struct sk_buff *skb, struct netlink_callback *cb)
{
	const struct bitmap_port *map = set->data;
	struct nlattr *adt, *nested;
	u16 id, first = cb->args[2];
	u16 last = map->last_port - map->first_port;
	const unsigned long *members = map->members;

	adt = ipset_nest_start(skb, IPSET_ATTR_ADT);
	if (!adt)
		return -EMSGSIZE;
	for (; cb->args[2] <= last; cb->args[2]++) {
		id = cb->args[2];
		if (!ip_set_timeout_test(members[id]))
			continue;
		nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
		if (!nested) {
			if (id == first) {
				nla_nest_cancel(skb, adt);
				return -EMSGSIZE;
			} else
				goto nla_put_failure;
		}
		NLA_PUT_NET16(skb, IPSET_ATTR_PORT,
			      htons(map->first_port + id));
		NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT,
			      htonl(ip_set_timeout_get(members[id])));
		ipset_nest_end(skb, nested);
	}
	ipset_nest_end(skb, adt);

	/* Set listing finished */
	cb->args[2] = 0;

	return 0;

nla_put_failure:
	nla_nest_cancel(skb, nested);
	ipset_nest_end(skb, adt);
	if (unlikely(id == first)) {
		cb->args[2] = 0;
		return -EMSGSIZE;
	}
	return 0;
}

static int
bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb,
		 enum ipset_adt adt, const struct ip_set_adt_opt *opt)
{
	struct bitmap_port *map = set->data;
	ipset_adtfn adtfn = set->variant->adt[adt];
	__be16 __port;
	u16 port = 0;

	if (!ip_set_get_ip_port(skb, opt->family,
				opt->flags & IPSET_DIM_ONE_SRC, &__port))
		return -EINVAL;

	port = ntohs(__port);

	if (port < map->first_port || port > map->last_port)
		return -IPSET_ERR_BITMAP_RANGE;

	port -= map->first_port;

	return adtfn(set, &port, opt_timeout(opt, map), opt->cmdflags);
}

static int
bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[],
		 enum ipset_adt adt, u32 *lineno, u32 flags)
{
	struct bitmap_port *map = set->data;
	ipset_adtfn adtfn = set->variant->adt[adt];
	u32 timeout = map->timeout;
	u32 port;	/* wraparound */
	u16 id, port_to;
	int ret = 0;

	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
		return -IPSET_ERR_PROTOCOL;

	if (tb[IPSET_ATTR_LINENO])
		*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);

	port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
	if (port < map->first_port || port > map->last_port)
		return -IPSET_ERR_BITMAP_RANGE;

	if (tb[IPSET_ATTR_TIMEOUT]) {
		if (!with_timeout(map->timeout))
			return -IPSET_ERR_TIMEOUT;
		timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
	}

	if (adt == IPSET_TEST) {
		id = port - map->first_port;
		return adtfn(set, &id, timeout, flags);
	}

	if (tb[IPSET_ATTR_PORT_TO]) {
		port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
		if (port > port_to) {
			swap(port, port_to);
			if (port < map->first_port)
				return -IPSET_ERR_BITMAP_RANGE;
		}
	} else
		port_to = port;

	if (port_to > map->last_port)
		return -IPSET_ERR_BITMAP_RANGE;

	for (; port <= port_to; port++) {
		id = port - map->first_port;
		ret = adtfn(set, &id, timeout, flags);

		if (ret && !ip_set_eexist(ret, flags))
			return ret;
		else
			ret = 0;
	}
	return ret;
}

static void
bitmap_port_destroy(struct ip_set *set)
{
	struct bitmap_port *map = set->data;

	if (with_timeout(map->timeout))
		del_timer_sync(&map->gc);

	ip_set_free(map->members);
	kfree(map);

	set->data = NULL;
}

static void
bitmap_port_flush(struct ip_set *set)
{
	struct bitmap_port *map = set->data;

	memset(map->members, 0, map->memsize);
}

static int
bitmap_port_head(struct ip_set *set, struct sk_buff *skb)
{
	const struct bitmap_port *map = set->data;
	struct nlattr *nested;

	nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
	if (!nested)
		goto nla_put_failure;
	NLA_PUT_NET16(skb, IPSET_ATTR_PORT, htons(map->first_port));
	NLA_PUT_NET16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port));
	NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1));
	NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE,
		      htonl(sizeof(*map) + map->memsize));
	if (with_timeout(map->timeout))
		NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout));
	ipset_nest_end(skb, nested);

	return 0;
nla_put_failure:
	return -EMSGSIZE;
}

static bool
bitmap_port_same_set(const struct ip_set *a, const struct ip_set *b)
{
	const struct bitmap_port *x = a->data;
	const struct bitmap_port *y = b->data;

	return x->first_port == y->first_port &&
	       x->last_port == y->last_port &&
	       x->timeout == y->timeout;
}

static const struct ip_set_type_variant bitmap_port = {
	.kadt	= bitmap_port_kadt,
	.uadt	= bitmap_port_uadt,
	.adt	= {
		[IPSET_ADD] = bitmap_port_add,
		[IPSET_DEL] = bitmap_port_del,
		[IPSET_TEST] = bitmap_port_test,
	},
	.destroy = bitmap_port_destroy,
	.flush	= bitmap_port_flush,
	.head	= bitmap_port_head,
	.list	= bitmap_port_list,
	.same_set = bitmap_port_same_set,
};

static const struct ip_set_type_variant bitmap_tport = {
	.kadt	= bitmap_port_kadt,
	.uadt	= bitmap_port_uadt,
	.adt	= {
		[IPSET_ADD] = bitmap_port_tadd,
		[IPSET_DEL] = bitmap_port_tdel,
		[IPSET_TEST] = bitmap_port_ttest,
	},
	.destroy = bitmap_port_destroy,
	.flush	= bitmap_port_flush,
	.head	= bitmap_port_head,
	.list	= bitmap_port_tlist,
	.same_set = bitmap_port_same_set,
};

static void
bitmap_port_gc(unsigned long ul_set)
{
	struct ip_set *set = (struct ip_set *) ul_set;
	struct bitmap_port *map = set->data;
	unsigned long *table = map->members;
	u32 id;	/* wraparound */
	u16 last = map->last_port - map->first_port;

	/* We run parallel with other readers (test element)
	 * but adding/deleting new entries is locked out */
	read_lock_bh(&set->lock);
	for (id = 0; id <= last; id++)
		if (ip_set_timeout_expired(table[id]))
			table[id] = IPSET_ELEM_UNSET;
	read_unlock_bh(&set->lock);

	map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
	add_timer(&map->gc);
}

static void
bitmap_port_gc_init(struct ip_set *set)
{
	struct bitmap_port *map = set->data;

	init_timer(&map->gc);
	map->gc.data = (unsigned long) set;
	map->gc.function = bitmap_port_gc;
	map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
	add_timer(&map->gc);
}

/* Create bitmap:ip type of sets */

static bool
init_map_port(struct ip_set *set, struct bitmap_port *map,
	      u16 first_port, u16 last_port)
{
	map->members = ip_set_alloc(map->memsize);
	if (!map->members)
		return false;
	map->first_port = first_port;
	map->last_port = last_port;
	map->timeout = IPSET_NO_TIMEOUT;

	set->data = map;
	set->family = AF_UNSPEC;

	return true;
}

static int
bitmap_port_create(struct ip_set *set, struct nlattr *tb[],
		 u32 flags)
{
	struct bitmap_port *map;
	u16 first_port, last_port;

	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
		     !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||
		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
		return -IPSET_ERR_PROTOCOL;

	first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
	last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	if (first_port > last_port) {
		u16 tmp = first_port;

		first_port = last_port;
		last_port = tmp;
	}

	map = kzalloc(sizeof(*map), GFP_KERNEL);
	if (!map)
		return -ENOMEM;

	if (tb[IPSET_ATTR_TIMEOUT]) {
		map->memsize = (last_port - first_port + 1)
			       * sizeof(unsigned long);

		if (!init_map_port(set, map, first_port, last_port)) {
			kfree(map);
			return -ENOMEM;
		}

		map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
		set->variant = &bitmap_tport;

		bitmap_port_gc_init(set);
	} else {
		map->memsize = bitmap_bytes(0, last_port - first_port);
		pr_debug("memsize: %zu\n", map->memsize);
		if (!init_map_port(set, map, first_port, last_port)) {
			kfree(map);
			return -ENOMEM;
		}

		set->variant = &bitmap_port;
	}
	return 0;
}

static struct ip_set_type bitmap_port_type = {
	.name		= "bitmap:port",
	.protocol	= IPSET_PROTOCOL,
	.features	= IPSET_TYPE_PORT,
	.dimension	= IPSET_DIM_ONE,
	.family		= AF_UNSPEC,
	.revision	= 0,
	.create		= bitmap_port_create,
	.create_policy	= {
		[IPSET_ATTR_PORT]	= { .type = NLA_U16 },
		[IPSET_ATTR_PORT_TO]	= { .type = NLA_U16 },
		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
	},
	.adt_policy	= {
		[IPSET_ATTR_PORT]	= { .type = NLA_U16 },
		[IPSET_ATTR_PORT_TO]	= { .type = NLA_U16 },
		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },
	},
	.me		= THIS_MODULE,
};

static int __init
bitmap_port_init(void)
{
	return ip_set_type_register(&bitmap_port_type);
}

static void __exit
bitmap_port_fini(void)
{
	ip_set_type_unregister(&bitmap_port_type);
}

module_init(bitmap_port_init);
module_exit(bitmap_port_fini);
Commit	Line	Data
54326190 JK	1	/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	2	*
	3	* This program is free software; you can redistribute it and/or modify
	4	* it under the terms of the GNU General Public License version 2 as
	5	* published by the Free Software Foundation.
	6	*/
	7
	8	/* Kernel module implementing an IP set type: the bitmap:port type */
	9
	10	#include <linux/module.h>
	11	#include <linux/ip.h>
54326190 JK	12	#include <linux/skbuff.h>
54326190 JK	13	#include <linux/errno.h>
54326190 JK	14	#include <linux/netlink.h>
	15	#include <linux/jiffies.h>
	16	#include <linux/timer.h>
	17	#include <net/netlink.h>
	18
	19	#include <linux/netfilter/ipset/ip_set.h>
	20	#include <linux/netfilter/ipset/ip_set_bitmap.h>
	21	#include <linux/netfilter/ipset/ip_set_getport.h>
	22	#define IP_SET_BITMAP_TIMEOUT
	23	#include <linux/netfilter/ipset/ip_set_timeout.h>
	24
	25	MODULE_LICENSE("GPL");
	26	MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
	27	MODULE_DESCRIPTION("bitmap:port type of IP sets");
	28	MODULE_ALIAS("ip_set_bitmap:port");
	29
	30	/* Type structure */
	31	struct bitmap_port {
	32	void members; / the set members */
	33	u16 first_port; /* host byte order, included in range */
	34	u16 last_port; /* host byte order, included in range */
	35	size_t memsize; /* members size */
	36	u32 timeout; /* timeout parameter */
	37	struct timer_list gc; /* garbage collection */
	38	};
	39
	40	/* Base variant */
	41
	42	static int
5416219e	43	bitmap_port_test(struct ip_set set, void value, u32 timeout, u32 flags)
54326190 JK	44	{
	45	const struct bitmap_port *map = set->data;
	46	u16 id = (u16 )value;
	47
	48	return !!test_bit(id, map->members);
	49	}
	50
	51	static int
5416219e	52	bitmap_port_add(struct ip_set set, void value, u32 timeout, u32 flags)
54326190 JK	53	{
	54	struct bitmap_port *map = set->data;
	55	u16 id = (u16 )value;
	56
	57	if (test_and_set_bit(id, map->members))
	58	return -IPSET_ERR_EXIST;
	59
	60	return 0;
	61	}
	62
	63	static int
5416219e	64	bitmap_port_del(struct ip_set set, void value, u32 timeout, u32 flags)
54326190 JK	65	{
	66	struct bitmap_port *map = set->data;
	67	u16 id = (u16 )value;
	68
	69	if (!test_and_clear_bit(id, map->members))
	70	return -IPSET_ERR_EXIST;
	71
	72	return 0;
	73	}
	74
	75	static int
	76	bitmap_port_list(const struct ip_set *set,
	77	struct sk_buff skb, struct netlink_callback cb)
	78	{
	79	const struct bitmap_port *map = set->data;
	80	struct nlattr atd, nested;
	81	u16 id, first = cb->args[2];
	82	u16 last = map->last_port - map->first_port;
	83
	84	atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
	85	if (!atd)
	86	return -EMSGSIZE;
	87	for (; cb->args[2] <= last; cb->args[2]++) {
	88	id = cb->args[2];
	89	if (!test_bit(id, map->members))
	90	continue;
	91	nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
	92	if (!nested) {
	93	if (id == first) {
	94	nla_nest_cancel(skb, atd);
	95	return -EMSGSIZE;
	96	} else
	97	goto nla_put_failure;
	98	}
	99	NLA_PUT_NET16(skb, IPSET_ATTR_PORT,
	100	htons(map->first_port + id));
	101	ipset_nest_end(skb, nested);
	102	}
	103	ipset_nest_end(skb, atd);
	104	/* Set listing finished */
	105	cb->args[2] = 0;
	106
	107	return 0;
	108
	109	nla_put_failure:
	110	nla_nest_cancel(skb, nested);
	111	ipset_nest_end(skb, atd);
	112	if (unlikely(id == first)) {
	113	cb->args[2] = 0;
	114	return -EMSGSIZE;
	115	}
	116	return 0;
	117	}
	118
	119	/* Timeout variant */
	120
	121	static int
5416219e	122	bitmap_port_ttest(struct ip_set set, void value, u32 timeout, u32 flags)
54326190 JK	123	{
	124	const struct bitmap_port *map = set->data;
	125	const unsigned long *members = map->members;
	126	u16 id = (u16 )value;
	127
	128	return ip_set_timeout_test(members[id]);
	129	}
	130
	131	static int
5416219e	132	bitmap_port_tadd(struct ip_set set, void value, u32 timeout, u32 flags)
54326190 JK	133	{
	134	struct bitmap_port *map = set->data;
	135	unsigned long *members = map->members;
	136	u16 id = (u16 )value;
	137
5416219e	138	if (ip_set_timeout_test(members[id]) && !(flags & IPSET_FLAG_EXIST))
54326190 JK	139	return -IPSET_ERR_EXIST;
	140
	141	members[id] = ip_set_timeout_set(timeout);
	142
	143	return 0;
	144	}
	145
	146	static int
5416219e	147	bitmap_port_tdel(struct ip_set set, void value, u32 timeout, u32 flags)
54326190 JK	148	{
	149	struct bitmap_port *map = set->data;
	150	unsigned long *members = map->members;
	151	u16 id = (u16 )value;
	152	int ret = -IPSET_ERR_EXIST;
	153
	154	if (ip_set_timeout_test(members[id]))
	155	ret = 0;
	156
	157	members[id] = IPSET_ELEM_UNSET;
	158	return ret;
	159	}
	160
	161	static int
	162	bitmap_port_tlist(const struct ip_set *set,
	163	struct sk_buff skb, struct netlink_callback cb)
	164	{
	165	const struct bitmap_port *map = set->data;
	166	struct nlattr adt, nested;
	167	u16 id, first = cb->args[2];
	168	u16 last = map->last_port - map->first_port;
	169	const unsigned long *members = map->members;
	170
	171	adt = ipset_nest_start(skb, IPSET_ATTR_ADT);
	172	if (!adt)
	173	return -EMSGSIZE;
	174	for (; cb->args[2] <= last; cb->args[2]++) {
	175	id = cb->args[2];
	176	if (!ip_set_timeout_test(members[id]))
	177	continue;
	178	nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
	179	if (!nested) {
	180	if (id == first) {
	181	nla_nest_cancel(skb, adt);
	182	return -EMSGSIZE;
	183	} else
	184	goto nla_put_failure;
	185	}
	186	NLA_PUT_NET16(skb, IPSET_ATTR_PORT,
	187	htons(map->first_port + id));
	188	NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT,
	189	htonl(ip_set_timeout_get(members[id])));
	190	ipset_nest_end(skb, nested);
	191	}
	192	ipset_nest_end(skb, adt);
	193
	194	/* Set listing finished */
	195	cb->args[2] = 0;
	196
	197	return 0;
	198
	199	nla_put_failure:
	200	nla_nest_cancel(skb, nested);
	201	ipset_nest_end(skb, adt);
	202	if (unlikely(id == first)) {
	203	cb->args[2] = 0;
	204	return -EMSGSIZE;
	205	}
	206	return 0;
	207	}
	208
	209	static int
	210	bitmap_port_kadt(struct ip_set set, const struct sk_buff skb,
ac8cc925	211	enum ipset_adt adt, const struct ip_set_adt_opt *opt)
54326190 JK	212	{
	213	struct bitmap_port *map = set->data;
	214	ipset_adtfn adtfn = set->variant->adt[adt];
	215	__be16 __port;
	216	u16 port = 0;
	217
ac8cc925 JK	218	if (!ip_set_get_ip_port(skb, opt->family,
ac8cc925 JK	219	opt->flags & IPSET_DIM_ONE_SRC, &__port))
54326190 JK	220	return -EINVAL;
	221
	222	port = ntohs(__port);
	223
	224	if (port < map->first_port \|\| port > map->last_port)
	225	return -IPSET_ERR_BITMAP_RANGE;
	226
	227	port -= map->first_port;
	228
ac8cc925	229	return adtfn(set, &port, opt_timeout(opt, map), opt->cmdflags);
54326190 JK	230	}
	231
	232	static int
	233	bitmap_port_uadt(struct ip_set set, struct nlattr tb[],
	234	enum ipset_adt adt, u32 *lineno, u32 flags)
	235	{
	236	struct bitmap_port *map = set->data;
	237	ipset_adtfn adtfn = set->variant->adt[adt];
	238	u32 timeout = map->timeout;
	239	u32 port; /* wraparound */
	240	u16 id, port_to;
	241	int ret = 0;
	242
	243	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) \|\|
	244	!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) \|\|
	245	!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
	246	return -IPSET_ERR_PROTOCOL;
	247
	248	if (tb[IPSET_ATTR_LINENO])
	249	*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
	250
	251	port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
	252	if (port < map->first_port \|\| port > map->last_port)
	253	return -IPSET_ERR_BITMAP_RANGE;
	254
	255	if (tb[IPSET_ATTR_TIMEOUT]) {
	256	if (!with_timeout(map->timeout))
	257	return -IPSET_ERR_TIMEOUT;
	258	timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
	259	}
	260
	261	if (adt == IPSET_TEST) {
	262	id = port - map->first_port;
5416219e	263	return adtfn(set, &id, timeout, flags);
54326190 JK	264	}
	265
	266	if (tb[IPSET_ATTR_PORT_TO]) {
	267	port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
	268	if (port > port_to) {
	269	swap(port, port_to);
	270	if (port < map->first_port)
	271	return -IPSET_ERR_BITMAP_RANGE;
	272	}
	273	} else
	274	port_to = port;
	275
	276	if (port_to > map->last_port)
	277	return -IPSET_ERR_BITMAP_RANGE;
	278
	279	for (; port <= port_to; port++) {
	280	id = port - map->first_port;
5416219e	281	ret = adtfn(set, &id, timeout, flags);
54326190 JK	282
	283	if (ret && !ip_set_eexist(ret, flags))
	284	return ret;
	285	else
	286	ret = 0;
	287	}
	288	return ret;
	289	}
	290
	291	static void
	292	bitmap_port_destroy(struct ip_set *set)
	293	{
	294	struct bitmap_port *map = set->data;
	295
	296	if (with_timeout(map->timeout))
	297	del_timer_sync(&map->gc);
	298
	299	ip_set_free(map->members);
	300	kfree(map);
	301
	302	set->data = NULL;
	303	}
	304
	305	static void
	306	bitmap_port_flush(struct ip_set *set)
	307	{
	308	struct bitmap_port *map = set->data;
	309
	310	memset(map->members, 0, map->memsize);
	311	}
	312
	313	static int
	314	bitmap_port_head(struct ip_set set, struct sk_buff skb)
	315	{
	316	const struct bitmap_port *map = set->data;
	317	struct nlattr *nested;
	318
	319	nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
	320	if (!nested)
	321	goto nla_put_failure;
	322	NLA_PUT_NET16(skb, IPSET_ATTR_PORT, htons(map->first_port));
	323	NLA_PUT_NET16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port));
2f9f28b2	324	NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1));
54326190 JK	325	NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE,
	326	htonl(sizeof(*map) + map->memsize));
	327	if (with_timeout(map->timeout))
	328	NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout));
	329	ipset_nest_end(skb, nested);
	330
	331	return 0;
	332	nla_put_failure:
	333	return -EMSGSIZE;
	334	}
	335
	336	static bool
	337	bitmap_port_same_set(const struct ip_set a, const struct ip_set b)
	338	{
	339	const struct bitmap_port *x = a->data;
	340	const struct bitmap_port *y = b->data;
	341
	342	return x->first_port == y->first_port &&
	343	x->last_port == y->last_port &&
	344	x->timeout == y->timeout;
	345	}
	346
	347	static const struct ip_set_type_variant bitmap_port = {
	348	.kadt = bitmap_port_kadt,
	349	.uadt = bitmap_port_uadt,
	350	.adt = {
	351	[IPSET_ADD] = bitmap_port_add,
	352	[IPSET_DEL] = bitmap_port_del,
	353	[IPSET_TEST] = bitmap_port_test,
	354	},
	355	.destroy = bitmap_port_destroy,
	356	.flush = bitmap_port_flush,
	357	.head = bitmap_port_head,
	358	.list = bitmap_port_list,
	359	.same_set = bitmap_port_same_set,
	360	};
	361
	362	static const struct ip_set_type_variant bitmap_tport = {
	363	.kadt = bitmap_port_kadt,
	364	.uadt = bitmap_port_uadt,
	365	.adt = {
	366	[IPSET_ADD] = bitmap_port_tadd,
	367	[IPSET_DEL] = bitmap_port_tdel,
	368	[IPSET_TEST] = bitmap_port_ttest,
	369	},
	370	.destroy = bitmap_port_destroy,
	371	.flush = bitmap_port_flush,
	372	.head = bitmap_port_head,
	373	.list = bitmap_port_tlist,
	374	.same_set = bitmap_port_same_set,
	375	};
	376
	377	static void
	378	bitmap_port_gc(unsigned long ul_set)
	379	{
	380	struct ip_set set = (struct ip_set ) ul_set;
	381	struct bitmap_port *map = set->data;
	382	unsigned long *table = map->members;
	383	u32 id; /* wraparound */
	384	u16 last = map->last_port - map->first_port;
	385
	386	/* We run parallel with other readers (test element)
	387	* but adding/deleting new entries is locked out */
	388	read_lock_bh(&set->lock);
389	for (id = 0; id <= last; id++)
390	if (ip_set_timeout_expired(table[id]))
391	table[id] = IPSET_ELEM_UNSET;
392	read_unlock_bh(&set->lock);
393
394	map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
395	add_timer(&map->gc);
396	}
397
398	static void
399	bitmap_port_gc_init(struct ip_set *set)
400	{
401	struct bitmap_port *map = set->data;
402
403	init_timer(&map->gc);
404	map->gc.data = (unsigned long) set;
405	map->gc.function = bitmap_port_gc;
406	map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
407	add_timer(&map->gc);
408	}
409
410	/* Create bitmap:ip type of sets */
411
412	static bool
413	init_map_port(struct ip_set set, struct bitmap_port map,
414	u16 first_port, u16 last_port)
415	{
416	map->members = ip_set_alloc(map->memsize);
417	if (!map->members)
418	return false;
419	map->first_port = first_port;
420	map->last_port = last_port;
421	map->timeout = IPSET_NO_TIMEOUT;
422
423	set->data = map;
424	set->family = AF_UNSPEC;
425
426	return true;
427	}
428
429	static int
430	bitmap_port_create(struct ip_set set, struct nlattr tb[],
431	u32 flags)
432	{
433	struct bitmap_port *map;
434	u16 first_port, last_port;
435
436	if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) \|\|
437	!ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) \|\|
438	!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
439	return -IPSET_ERR_PROTOCOL;
440
441	first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]);
442	last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
443	if (first_port > last_port) {
444	u16 tmp = first_port;
445
446	first_port = last_port;
447	last_port = tmp;
448	}
449
450	map = kzalloc(sizeof(*map), GFP_KERNEL);
451	if (!map)
452	return -ENOMEM;
453
454	if (tb[IPSET_ATTR_TIMEOUT]) {
455	map->memsize = (last_port - first_port + 1)
456	* sizeof(unsigned long);
457
458	if (!init_map_port(set, map, first_port, last_port)) {
459	kfree(map);
460	return -ENOMEM;
461	}
462
463	map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
464	set->variant = &bitmap_tport;
465
466	bitmap_port_gc_init(set);
467	} else {
468	map->memsize = bitmap_bytes(0, last_port - first_port);
469	pr_debug("memsize: %zu\n", map->memsize);
470	if (!init_map_port(set, map, first_port, last_port)) {
471	kfree(map);
472	return -ENOMEM;
473	}
474
475	set->variant = &bitmap_port;
476	}
477	return 0;
478	}
479
480	static struct ip_set_type bitmap_port_type = {
481	.name = "bitmap:port",
482	.protocol = IPSET_PROTOCOL,
483	.features = IPSET_TYPE_PORT,
484	.dimension = IPSET_DIM_ONE,
485	.family = AF_UNSPEC,
486	.revision = 0,
487	.create = bitmap_port_create,
488	.create_policy = {
489	[IPSET_ATTR_PORT] = { .type = NLA_U16 },
490	[IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
491	[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
492	},
493	.adt_policy = {
494	[IPSET_ATTR_PORT] = { .type = NLA_U16 },
495	[IPSET_ATTR_PORT_TO] = { .type = NLA_U16 },
496	[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
497	[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
498	},
499	.me = THIS_MODULE,
500	};
501
502	static int __init
503	bitmap_port_init(void)
504	{
505	return ip_set_type_register(&bitmap_port_type);
506	}
507
508	static void __exit
509	bitmap_port_fini(void)
510	{
511	ip_set_type_unregister(&bitmap_port_type);
512	}
513
514	module_init(bitmap_port_init);
515	module_exit(bitmap_port_fini);