| /net/netfilter/ipset/ |
| D | ip_set_bitmap_gen.h | 34 #define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id))) argument
37 mtype_gc_init(struct ip_set *set, void (*gc)(struct timer_list *t)) in mtype_gc_init() argument
39 struct mtype *map = set->data; in mtype_gc_init()
42 mod_timer(&map->gc, jiffies + IPSET_GC_PERIOD(set->timeout) * HZ); in mtype_gc_init()
46 mtype_ext_cleanup(struct ip_set *set) in mtype_ext_cleanup() argument
48 struct mtype *map = set->data; in mtype_ext_cleanup()
53 ip_set_ext_destroy(set, get_ext(set, map, id)); in mtype_ext_cleanup()
57 mtype_destroy(struct ip_set *set) in mtype_destroy() argument
59 struct mtype *map = set->data; in mtype_destroy()
61 if (set->dsize && set->extensions & IPSET_EXT_DESTROY) in mtype_destroy()
[all …]
|
| D | ip_set_list_set.c | 29 struct ip_set *set; /* Sigh, in order to cleanup reference */ member
43 struct ip_set *set; /* attached to this ip_set */ member
49 list_set_ktest(struct ip_set *set, const struct sk_buff *skb, in list_set_ktest() argument
53 struct list_set *map = set->data; in list_set_ktest()
67 if (ip_set_match_extensions(set, ext, mext, flags, e)) in list_set_ktest()
74 list_set_kadd(struct ip_set *set, const struct sk_buff *skb, in list_set_kadd() argument
78 struct list_set *map = set->data; in list_set_kadd()
83 if (SET_WITH_TIMEOUT(set) && in list_set_kadd()
84 ip_set_timeout_expired(ext_timeout(e, set))) in list_set_kadd()
94 list_set_kdel(struct ip_set *set, const struct sk_buff *skb, in list_set_kdel() argument
[all …]
|
| D | ip_set_core.c | 340 ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment, in ip_set_init_comment() argument
347 set->ext_size -= sizeof(*c) + strlen(c->str) + 1; in ip_set_init_comment()
359 set->ext_size += sizeof(*c) + strlen(c->str) + 1; in ip_set_init_comment()
381 ip_set_comment_free(struct ip_set *set, void *ptr) in ip_set_comment_free() argument
389 set->ext_size -= sizeof(*c) + strlen(c->str) + 1; in ip_set_comment_free()
434 ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len, in ip_set_elem_len() argument
443 set->flags |= IPSET_CREATE_FLAG_FORCEADD; in ip_set_elem_len()
452 set->offset[id] = len; in ip_set_elem_len()
453 set->extensions |= ip_set_extensions[id].type; in ip_set_elem_len()
461 ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], in ip_set_get_extensions() argument
[all …]
|
| D | ip_set_hash_gen.h | 18 #define ipset_dereference_set(p, set) \ argument
21 lockdep_is_held(&(set)->lock))
101 struct ip_set *set; /* Set the gc belongs to */ member
183 #define SET_ELEM_EXPIRED(set, d) \ argument
184 (SET_WITH_TIMEOUT(set) && \
185 ip_set_timeout_expired(ext_timeout(d, set)))
340 mtype_add_cidr(struct ip_set *set, struct htype *h, u8 cidr, u8 n) in mtype_add_cidr() argument
344 spin_lock_bh(&set->lock); in mtype_add_cidr()
363 spin_unlock_bh(&set->lock); in mtype_add_cidr()
367 mtype_del_cidr(struct ip_set *set, struct htype *h, u8 cidr, u8 n) in mtype_del_cidr() argument
[all …]
|
| D | Kconfig | 3 tristate "IP set support"
7 This option adds IP set support to the kernel.
9 ipset(8). You can use the sets in netfilter via the "set" match
29 tristate "bitmap:ip set support"
32 This option adds the bitmap:ip set type support, by which one
38 tristate "bitmap:ip,mac set support"
41 This option adds the bitmap:ip,mac set type support, by which one
47 tristate "bitmap:port set support"
50 This option adds the bitmap:port set type support, by which one
56 tristate "hash:ip set support"
[all …]
|
| D | ip_set_bitmap_port.c | 39 struct ip_set *set; /* attached to this ip_set */ member
127 bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb, in bitmap_port_kadt() argument
131 struct bitmap_port *map = set->data; in bitmap_port_kadt()
132 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_port_kadt()
134 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in bitmap_port_kadt()
149 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in bitmap_port_kadt()
153 bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[], in bitmap_port_uadt() argument
156 struct bitmap_port *map = set->data; in bitmap_port_uadt()
157 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_port_uadt()
159 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in bitmap_port_uadt()
[all …]
|
| D | ip_set_hash_ipmark.c | 79 hash_ipmark4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipmark4_kadt() argument
83 const struct hash_ipmark4 *h = set->data; in hash_ipmark4_kadt()
84 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmark4_kadt()
86 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipmark4_kadt()
92 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipmark4_kadt()
96 hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipmark4_uadt() argument
99 struct hash_ipmark4 *h = set->data; in hash_ipmark4_uadt()
100 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmark4_uadt()
102 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipmark4_uadt()
117 ret = ip_set_get_extensions(set, tb, &ext); in hash_ipmark4_uadt()
[all …]
|
| D | ip_set_bitmap_ip.c | 48 struct ip_set *set; /* attached to this ip_set */ member
110 bitmap_ip_kadt(struct ip_set *set, const struct sk_buff *skb, in bitmap_ip_kadt() argument
114 struct bitmap_ip *map = set->data; in bitmap_ip_kadt()
115 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_ip_kadt()
117 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in bitmap_ip_kadt()
126 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in bitmap_ip_kadt()
130 bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], in bitmap_ip_uadt() argument
133 struct bitmap_ip *map = set->data; in bitmap_ip_uadt()
134 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_ip_uadt()
137 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in bitmap_ip_uadt()
[all …]
|
| D | ip_set_hash_ip.c | 77 hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ip4_kadt() argument
81 const struct hash_ip4 *h = set->data; in hash_ip4_kadt()
82 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ip4_kadt()
84 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ip4_kadt()
93 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ip4_kadt()
97 hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ip4_uadt() argument
100 struct hash_ip4 *h = set->data; in hash_ip4_uadt()
101 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ip4_uadt()
103 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ip4_uadt()
117 ret = ip_set_get_extensions(set, tb, &ext); in hash_ip4_uadt()
[all …]
|
| D | ip_set_bitmap_ipmac.c | 51 struct ip_set *set; /* attached to this ip_set */ member
118 const struct ip_set_ext *ext, struct ip_set *set, in bitmap_ipmac_add_timeout() argument
124 if (t == set->timeout) in bitmap_ipmac_add_timeout()
208 bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb, in bitmap_ipmac_kadt() argument
212 struct bitmap_ipmac *map = set->data; in bitmap_ipmac_kadt()
213 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_ipmac_kadt()
215 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in bitmap_ipmac_kadt()
237 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in bitmap_ipmac_kadt()
241 bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[], in bitmap_ipmac_uadt() argument
244 const struct bitmap_ipmac *map = set->data; in bitmap_ipmac_uadt()
[all …]
|
| D | ip_set_hash_net.c | 112 hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_net4_kadt() argument
116 const struct hash_net4 *h = set->data; in hash_net4_kadt()
117 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_net4_kadt()
121 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_net4_kadt()
131 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_net4_kadt()
135 hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_net4_uadt() argument
138 struct hash_net4 *h = set->data; in hash_net4_uadt()
139 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_net4_uadt()
141 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_net4_uadt()
156 ret = ip_set_get_extensions(set, tb, &ext); in hash_net4_uadt()
[all …]
|
| D | ip_set_hash_netport.c | 128 hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_netport4_kadt() argument
132 const struct hash_netport4 *h = set->data; in hash_netport4_kadt()
133 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netport4_kadt()
137 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_netport4_kadt()
149 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_netport4_kadt()
153 hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_netport4_uadt() argument
156 struct hash_netport4 *h = set->data; in hash_netport4_uadt()
157 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netport4_uadt()
159 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_netport4_uadt()
178 ret = ip_set_get_extensions(set, tb, &ext); in hash_netport4_uadt()
[all …]
|
| D | ip_set_hash_ipport.c | 87 hash_ipport4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipport4_kadt() argument
91 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipport4_kadt()
93 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipport4_kadt()
100 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipport4_kadt()
104 hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipport4_uadt() argument
107 struct hash_ipport4 *h = set->data; in hash_ipport4_uadt()
108 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipport4_uadt()
110 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipport4_uadt()
127 ret = ip_set_get_extensions(set, tb, &ext); in hash_ipport4_uadt()
149 ret = adtfn(set, &e, &ext, &ext, flags); in hash_ipport4_uadt()
[all …]
|
| D | ip_set_hash_ipmac.c | 84 hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipmac4_kadt() argument
88 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmac4_kadt()
90 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipmac4_kadt()
106 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipmac4_kadt()
110 hash_ipmac4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipmac4_uadt() argument
113 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmac4_uadt()
115 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipmac4_uadt()
133 ip_set_get_extensions(set, tb, &ext); in hash_ipmac4_uadt()
140 return adtfn(set, &e, &ext, &ext, flags); in hash_ipmac4_uadt()
197 hash_ipmac6_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipmac6_kadt() argument
[all …]
|
| D | ip_set_hash_ipportip.c | 89 hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipportip4_kadt() argument
93 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipportip4_kadt()
95 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipportip4_kadt()
103 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipportip4_kadt()
107 hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipportip4_uadt() argument
110 struct hash_ipportip4 *h = set->data; in hash_ipportip4_uadt()
111 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipportip4_uadt()
113 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipportip4_uadt()
130 ret = ip_set_get_extensions(set, tb, &ext); in hash_ipportip4_uadt()
156 ret = adtfn(set, &e, &ext, &ext, flags); in hash_ipportip4_uadt()
[all …]
|
| D | ip_set_hash_netiface.c | 156 hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_netiface4_kadt() argument
160 struct hash_netiface4 *h = set->data; in hash_netiface4_kadt()
161 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netiface4_kadt()
166 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_netiface4_kadt()
193 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_netiface4_kadt()
197 hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_netiface4_uadt() argument
200 struct hash_netiface4 *h = set->data; in hash_netiface4_uadt()
201 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netiface4_uadt()
203 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_netiface4_uadt()
219 ret = ip_set_get_extensions(set, tb, &ext); in hash_netiface4_uadt()
[all …]
|
| /net/netfilter/ |
| D | nft_set_hash.c | 38 const struct nft_set *set; member
63 if (memcmp(nft_set_ext_key(&he->ext), x->key, x->set->klen)) in nft_rhash_cmp()
82 static bool nft_rhash_lookup(const struct net *net, const struct nft_set *set, in nft_rhash_lookup() argument
85 struct nft_rhash *priv = nft_set_priv(set); in nft_rhash_lookup()
89 .set = set, in nft_rhash_lookup()
100 static void *nft_rhash_get(const struct net *net, const struct nft_set *set, in nft_rhash_get() argument
103 struct nft_rhash *priv = nft_set_priv(set); in nft_rhash_get()
107 .set = set, in nft_rhash_get()
118 static bool nft_rhash_update(struct nft_set *set, const u32 *key, in nft_rhash_update() argument
126 struct nft_rhash *priv = nft_set_priv(set); in nft_rhash_update()
[all …]
|
| D | nft_dynset.c | 19 struct nft_set *set; member
30 static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, in nft_dynset_new() argument
38 if (!atomic_add_unless(&set->nelems, 1, set->size)) in nft_dynset_new()
41 timeout = priv->timeout ? : set->timeout; in nft_dynset_new()
42 elem = nft_set_elem_init(set, &priv->tmpl, in nft_dynset_new()
49 ext = nft_set_elem_ext(set, elem); in nft_dynset_new()
57 nft_set_elem_destroy(set, elem, false); in nft_dynset_new()
59 if (set->size) in nft_dynset_new()
60 atomic_dec(&set->nelems); in nft_dynset_new()
68 struct nft_set *set = priv->set; in nft_dynset_eval() local
[all …]
|
| D | nft_set_bitmap.c | 51 static inline void nft_bitmap_location(const struct nft_set *set, in nft_bitmap_location() argument
57 if (set->klen == 2) in nft_bitmap_location()
76 static bool nft_bitmap_lookup(const struct net *net, const struct nft_set *set, in nft_bitmap_lookup() argument
79 const struct nft_bitmap *priv = nft_set_priv(set); in nft_bitmap_lookup()
83 nft_bitmap_location(set, key, &idx, &off); in nft_bitmap_lookup()
89 nft_bitmap_elem_find(const struct nft_set *set, struct nft_bitmap_elem *this, in nft_bitmap_elem_find() argument
92 const struct nft_bitmap *priv = nft_set_priv(set); in nft_bitmap_elem_find()
97 nft_set_ext_key(&this->ext), set->klen) || in nft_bitmap_elem_find()
106 static void *nft_bitmap_get(const struct net *net, const struct nft_set *set, in nft_bitmap_get() argument
109 const struct nft_bitmap *priv = nft_set_priv(set); in nft_bitmap_get()
[all …]
|
| D | nft_lookup.c | 19 struct nft_set *set; member
31 const struct nft_set *set = priv->set; in nft_lookup_eval() local
35 found = set->ops->lookup(nft_net(pkt), set, ®s->data[priv->sreg], in nft_lookup_eval()
43 if (set->flags & NFT_SET_MAP) in nft_lookup_eval()
45 nft_set_ext_data(ext), set->dlen); in nft_lookup_eval()
66 struct nft_set *set; in nft_lookup_init() local
74 set = nft_set_lookup_global(ctx->net, ctx->table, tb[NFTA_LOOKUP_SET], in nft_lookup_init()
76 if (IS_ERR(set)) in nft_lookup_init()
77 return PTR_ERR(set); in nft_lookup_init()
80 set->klen); in nft_lookup_init()
[all …]
|
| D | nft_set_rbtree.c | 44 static int nft_rbtree_cmp(const struct nft_set *set, in nft_rbtree_cmp() argument
49 set->klen); in nft_rbtree_cmp()
58 static bool __nft_rbtree_lookup(const struct net *net, const struct nft_set *set, in __nft_rbtree_lookup() argument
62 struct nft_rbtree *priv = nft_set_priv(set); in __nft_rbtree_lookup()
75 d = memcmp(nft_set_ext_key(&rbe->ext), key, set->klen); in __nft_rbtree_lookup()
79 !nft_rbtree_cmp(set, rbe, interval) && in __nft_rbtree_lookup()
96 if (nft_set_is_anonymous(set)) in __nft_rbtree_lookup()
108 if (set->flags & NFT_SET_INTERVAL && interval != NULL && in __nft_rbtree_lookup()
119 static bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set, in nft_rbtree_lookup() argument
122 struct nft_rbtree *priv = nft_set_priv(set); in nft_rbtree_lookup()
[all …]
|
| D | nft_objref.c | 99 struct nft_set *set; member
109 const struct nft_set *set = priv->set; in nft_objref_map_eval() local
114 found = set->ops->lookup(nft_net(pkt), set, ®s->data[priv->sreg], in nft_objref_map_eval()
130 struct nft_set *set; in nft_objref_map_init() local
133 set = nft_set_lookup_global(ctx->net, ctx->table, in nft_objref_map_init()
136 if (IS_ERR(set)) in nft_objref_map_init()
137 return PTR_ERR(set); in nft_objref_map_init()
139 if (!(set->flags & NFT_SET_OBJECT)) in nft_objref_map_init()
143 set->klen); in nft_objref_map_init()
147 priv->binding.flags = set->flags & NFT_SET_OBJECT; in nft_objref_map_init()
[all …]
|
| D | nf_tables_api.c | 189 static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set, in __nft_set_trans_bind() argument
196 if (!nft_set_is_anonymous(set)) in __nft_set_trans_bind()
203 if (nft_trans_set(trans) == set) in __nft_set_trans_bind()
207 if (nft_trans_elem_set(trans) == set) in __nft_set_trans_bind()
214 static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set) in nft_set_trans_bind() argument
216 return __nft_set_trans_bind(ctx, set, true); in nft_set_trans_bind()
219 static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set) in nft_set_trans_unbind() argument
221 return __nft_set_trans_bind(ctx, set, false); in nft_set_trans_unbind()
564 struct nft_set *set) in nft_trans_set_add() argument
575 nft_activate_next(ctx->net, set); in nft_trans_set_add()
[all …]
|
| /net/netfilter/ipvs/ |
| D | ip_vs_lblcr.c | 99 static void ip_vs_dest_set_insert(struct ip_vs_dest_set *set, in ip_vs_dest_set_insert() argument
105 list_for_each_entry(e, &set->list, list) { in ip_vs_dest_set_insert()
118 list_add_rcu(&e->list, &set->list); in ip_vs_dest_set_insert()
119 atomic_inc(&set->size); in ip_vs_dest_set_insert()
121 set->lastmod = jiffies; in ip_vs_dest_set_insert()
134 ip_vs_dest_set_erase(struct ip_vs_dest_set *set, struct ip_vs_dest *dest) in ip_vs_dest_set_erase() argument
138 list_for_each_entry(e, &set->list, list) { in ip_vs_dest_set_erase()
141 atomic_dec(&set->size); in ip_vs_dest_set_erase()
142 set->lastmod = jiffies; in ip_vs_dest_set_erase()
150 static void ip_vs_dest_set_eraseall(struct ip_vs_dest_set *set) in ip_vs_dest_set_eraseall() argument
[all …]
|
| /net/sched/ |
| D | em_ipset.c | 22 struct xt_set_info *set = data; in em_ipset_change() local
25 if (data_len != sizeof(*set)) in em_ipset_change()
28 index = ip_set_nfnl_get_byindex(net, set->index); in em_ipset_change()
32 em->datalen = sizeof(*set); in em_ipset_change()
43 const struct xt_set_info *set = (const void *) em->data; in em_ipset_destroy() local
44 if (set) { in em_ipset_destroy()
45 ip_set_nfnl_put(em->net, set->index); in em_ipset_destroy()
55 const struct xt_set_info *set = (const void *) em->data; in em_ipset_match() local
81 opt.dim = set->dim; in em_ipset_match()
82 opt.flags = set->flags; in em_ipset_match()
[all …]
|