| /net/netfilter/ipset/ |
| D | ip_set_bitmap_gen.h | 34 #define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id))) argument
37 mtype_gc_init(struct ip_set *set, void (*gc)(struct timer_list *t)) in mtype_gc_init() argument
39 struct mtype *map = set->data; in mtype_gc_init()
42 mod_timer(&map->gc, jiffies + IPSET_GC_PERIOD(set->timeout) * HZ); in mtype_gc_init()
46 mtype_ext_cleanup(struct ip_set *set) in mtype_ext_cleanup() argument
48 struct mtype *map = set->data; in mtype_ext_cleanup()
53 ip_set_ext_destroy(set, get_ext(set, map, id)); in mtype_ext_cleanup()
57 mtype_destroy(struct ip_set *set) in mtype_destroy() argument
59 struct mtype *map = set->data; in mtype_destroy()
61 if (set->dsize && set->extensions & IPSET_EXT_DESTROY) in mtype_destroy()
[all …]
|
| D | ip_set_list_set.c | 29 struct ip_set *set; /* Sigh, in order to cleanup reference */ member
43 struct ip_set *set; /* attached to this ip_set */ member
49 list_set_ktest(struct ip_set *set, const struct sk_buff *skb, in list_set_ktest() argument
53 struct list_set *map = set->data; in list_set_ktest()
67 if (ip_set_match_extensions(set, ext, mext, flags, e)) in list_set_ktest()
74 list_set_kadd(struct ip_set *set, const struct sk_buff *skb, in list_set_kadd() argument
78 struct list_set *map = set->data; in list_set_kadd()
83 if (SET_WITH_TIMEOUT(set) && in list_set_kadd()
84 ip_set_timeout_expired(ext_timeout(e, set))) in list_set_kadd()
94 list_set_kdel(struct ip_set *set, const struct sk_buff *skb, in list_set_kdel() argument
[all …]
|
| D | ip_set_core.c | 340 ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment, in ip_set_init_comment() argument
347 set->ext_size -= sizeof(*c) + strlen(c->str) + 1; in ip_set_init_comment()
359 set->ext_size += sizeof(*c) + strlen(c->str) + 1; in ip_set_init_comment()
381 ip_set_comment_free(struct ip_set *set, void *ptr) in ip_set_comment_free() argument
389 set->ext_size -= sizeof(*c) + strlen(c->str) + 1; in ip_set_comment_free()
434 ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len, in ip_set_elem_len() argument
443 set->flags |= IPSET_CREATE_FLAG_FORCEADD; in ip_set_elem_len()
452 set->offset[id] = len; in ip_set_elem_len()
453 set->extensions |= ip_set_extensions[id].type; in ip_set_elem_len()
461 ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[], in ip_set_get_extensions() argument
[all …]
|
| D | ip_set_hash_gen.h | 18 #define ipset_dereference_set(p, set) \ argument
21 lockdep_is_held(&(set)->lock))
76 struct ip_set *set; /* Set the gc belongs to */ member
158 #define SET_ELEM_EXPIRED(set, d) \ argument
159 (SET_WITH_TIMEOUT(set) && \
160 ip_set_timeout_expired(ext_timeout(d, set)))
313 mtype_add_cidr(struct ip_set *set, struct htype *h, u8 cidr, u8 n) in mtype_add_cidr() argument
317 spin_lock_bh(&set->lock); in mtype_add_cidr()
336 spin_unlock_bh(&set->lock); in mtype_add_cidr()
340 mtype_del_cidr(struct ip_set *set, struct htype *h, u8 cidr, u8 n) in mtype_del_cidr() argument
[all …]
|
| D | Kconfig | 3 tristate "IP set support"
7 This option adds IP set support to the kernel.
9 ipset(8). You can use the sets in netfilter via the "set" match
29 tristate "bitmap:ip set support"
32 This option adds the bitmap:ip set type support, by which one
38 tristate "bitmap:ip,mac set support"
41 This option adds the bitmap:ip,mac set type support, by which one
47 tristate "bitmap:port set support"
50 This option adds the bitmap:port set type support, by which one
56 tristate "hash:ip set support"
[all …]
|
| D | ip_set_bitmap_port.c | 39 struct ip_set *set; /* attached to this ip_set */ member
127 bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb, in bitmap_port_kadt() argument
131 struct bitmap_port *map = set->data; in bitmap_port_kadt()
132 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_port_kadt()
134 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in bitmap_port_kadt()
149 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in bitmap_port_kadt()
153 bitmap_port_uadt(struct ip_set *set, struct nlattr *tb[], in bitmap_port_uadt() argument
156 struct bitmap_port *map = set->data; in bitmap_port_uadt()
157 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_port_uadt()
159 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in bitmap_port_uadt()
[all …]
|
| D | ip_set_hash_ipmark.c | 80 hash_ipmark4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipmark4_kadt() argument
84 const struct hash_ipmark4 *h = set->data; in hash_ipmark4_kadt()
85 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmark4_kadt()
87 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipmark4_kadt()
93 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipmark4_kadt()
97 hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipmark4_uadt() argument
100 struct hash_ipmark4 *h = set->data; in hash_ipmark4_uadt()
101 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmark4_uadt()
103 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipmark4_uadt()
118 ret = ip_set_get_extensions(set, tb, &ext); in hash_ipmark4_uadt()
[all …]
|
| D | ip_set_bitmap_ip.c | 48 struct ip_set *set; /* attached to this ip_set */ member
110 bitmap_ip_kadt(struct ip_set *set, const struct sk_buff *skb, in bitmap_ip_kadt() argument
114 struct bitmap_ip *map = set->data; in bitmap_ip_kadt()
115 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_ip_kadt()
117 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in bitmap_ip_kadt()
126 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in bitmap_ip_kadt()
130 bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], in bitmap_ip_uadt() argument
133 struct bitmap_ip *map = set->data; in bitmap_ip_uadt()
134 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_ip_uadt()
137 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in bitmap_ip_uadt()
[all …]
|
| D | ip_set_hash_ip.c | 78 hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ip4_kadt() argument
82 const struct hash_ip4 *h = set->data; in hash_ip4_kadt()
83 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ip4_kadt()
85 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ip4_kadt()
94 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ip4_kadt()
98 hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ip4_uadt() argument
101 struct hash_ip4 *h = set->data; in hash_ip4_uadt()
102 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ip4_uadt()
104 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ip4_uadt()
118 ret = ip_set_get_extensions(set, tb, &ext); in hash_ip4_uadt()
[all …]
|
| D | ip_set_bitmap_ipmac.c | 51 struct ip_set *set; /* attached to this ip_set */ member
118 const struct ip_set_ext *ext, struct ip_set *set, in bitmap_ipmac_add_timeout() argument
124 if (t == set->timeout) in bitmap_ipmac_add_timeout()
208 bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb, in bitmap_ipmac_kadt() argument
212 struct bitmap_ipmac *map = set->data; in bitmap_ipmac_kadt()
213 ipset_adtfn adtfn = set->variant->adt[adt]; in bitmap_ipmac_kadt()
215 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in bitmap_ipmac_kadt()
237 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in bitmap_ipmac_kadt()
241 bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[], in bitmap_ipmac_uadt() argument
244 const struct bitmap_ipmac *map = set->data; in bitmap_ipmac_uadt()
[all …]
|
| D | ip_set_hash_net.c | 113 hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_net4_kadt() argument
117 const struct hash_net4 *h = set->data; in hash_net4_kadt()
118 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_net4_kadt()
122 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_net4_kadt()
132 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_net4_kadt()
136 hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_net4_uadt() argument
139 struct hash_net4 *h = set->data; in hash_net4_uadt()
140 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_net4_uadt()
142 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_net4_uadt()
157 ret = ip_set_get_extensions(set, tb, &ext); in hash_net4_uadt()
[all …]
|
| D | ip_set_hash_netport.c | 129 hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_netport4_kadt() argument
133 const struct hash_netport4 *h = set->data; in hash_netport4_kadt()
134 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netport4_kadt()
138 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_netport4_kadt()
150 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_netport4_kadt()
154 hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_netport4_uadt() argument
157 struct hash_netport4 *h = set->data; in hash_netport4_uadt()
158 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netport4_uadt()
160 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_netport4_uadt()
179 ret = ip_set_get_extensions(set, tb, &ext); in hash_netport4_uadt()
[all …]
|
| D | ip_set_hash_ipport.c | 88 hash_ipport4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipport4_kadt() argument
92 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipport4_kadt()
94 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipport4_kadt()
101 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipport4_kadt()
105 hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipport4_uadt() argument
108 struct hash_ipport4 *h = set->data; in hash_ipport4_uadt()
109 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipport4_uadt()
111 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipport4_uadt()
128 ret = ip_set_get_extensions(set, tb, &ext); in hash_ipport4_uadt()
150 ret = adtfn(set, &e, &ext, &ext, flags); in hash_ipport4_uadt()
[all …]
|
| D | ip_set_hash_ipmac.c | 84 hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipmac4_kadt() argument
88 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmac4_kadt()
90 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipmac4_kadt()
106 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipmac4_kadt()
110 hash_ipmac4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipmac4_uadt() argument
113 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipmac4_uadt()
115 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipmac4_uadt()
133 ip_set_get_extensions(set, tb, &ext); in hash_ipmac4_uadt()
140 return adtfn(set, &e, &ext, &ext, flags); in hash_ipmac4_uadt()
197 hash_ipmac6_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipmac6_kadt() argument
[all …]
|
| D | ip_set_hash_ipportip.c | 90 hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_ipportip4_kadt() argument
94 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipportip4_kadt()
96 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_ipportip4_kadt()
104 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_ipportip4_kadt()
108 hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_ipportip4_uadt() argument
111 struct hash_ipportip4 *h = set->data; in hash_ipportip4_uadt()
112 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_ipportip4_uadt()
114 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_ipportip4_uadt()
131 ret = ip_set_get_extensions(set, tb, &ext); in hash_ipportip4_uadt()
157 ret = adtfn(set, &e, &ext, &ext, flags); in hash_ipportip4_uadt()
[all …]
|
| D | ip_set_hash_netnet.c | 140 hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb, in hash_netnet4_kadt() argument
144 const struct hash_netnet4 *h = set->data; in hash_netnet4_kadt()
145 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netnet4_kadt()
147 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); in hash_netnet4_kadt()
159 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); in hash_netnet4_kadt()
163 hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[], in hash_netnet4_uadt() argument
166 struct hash_netnet4 *h = set->data; in hash_netnet4_uadt()
167 ipset_adtfn adtfn = set->variant->adt[adt]; in hash_netnet4_uadt()
169 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); in hash_netnet4_uadt()
190 ret = ip_set_get_extensions(set, tb, &ext); in hash_netnet4_uadt()
[all …]
|
| /net/netfilter/ |
| D | nft_lookup.c | 19 struct nft_set *set; member
27 bool nft_set_do_lookup(const struct net *net, const struct nft_set *set, in nft_set_do_lookup() argument
30 if (set->ops == &nft_set_hash_fast_type.ops) in nft_set_do_lookup()
31 return nft_hash_lookup_fast(net, set, key, ext); in nft_set_do_lookup()
32 if (set->ops == &nft_set_hash_type.ops) in nft_set_do_lookup()
33 return nft_hash_lookup(net, set, key, ext); in nft_set_do_lookup()
35 if (set->ops == &nft_set_rhash_type.ops) in nft_set_do_lookup()
36 return nft_rhash_lookup(net, set, key, ext); in nft_set_do_lookup()
38 if (set->ops == &nft_set_bitmap_type.ops) in nft_set_do_lookup()
39 return nft_bitmap_lookup(net, set, key, ext); in nft_set_do_lookup()
[all …]
|
| D | nft_set_hash.c | 35 const struct nft_set *set; member
60 if (memcmp(nft_set_ext_key(&he->ext), x->key, x->set->klen)) in nft_rhash_cmp()
80 bool nft_rhash_lookup(const struct net *net, const struct nft_set *set, in nft_rhash_lookup() argument
83 struct nft_rhash *priv = nft_set_priv(set); in nft_rhash_lookup()
87 .set = set, in nft_rhash_lookup()
98 static void *nft_rhash_get(const struct net *net, const struct nft_set *set, in nft_rhash_get() argument
101 struct nft_rhash *priv = nft_set_priv(set); in nft_rhash_get()
105 .set = set, in nft_rhash_get()
116 static bool nft_rhash_update(struct nft_set *set, const u32 *key, in nft_rhash_update() argument
124 struct nft_rhash *priv = nft_set_priv(set); in nft_rhash_update()
[all …]
|
| D | nft_dynset.c | 16 struct nft_set *set; member
47 static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, in nft_dynset_new() argument
55 if (!atomic_add_unless(&set->nelems, 1, set->size)) in nft_dynset_new()
58 timeout = priv->timeout ? : set->timeout; in nft_dynset_new()
59 elem = nft_set_elem_init(set, &priv->tmpl, in nft_dynset_new()
66 ext = nft_set_elem_ext(set, elem); in nft_dynset_new()
73 nft_set_elem_destroy(set, elem, false); in nft_dynset_new()
75 if (set->size) in nft_dynset_new()
76 atomic_dec(&set->nelems); in nft_dynset_new()
84 struct nft_set *set = priv->set; in nft_dynset_eval() local
[all …]
|
| D | nft_set_bitmap.c | 51 static inline void nft_bitmap_location(const struct nft_set *set, in nft_bitmap_location() argument
57 if (set->klen == 2) in nft_bitmap_location()
77 bool nft_bitmap_lookup(const struct net *net, const struct nft_set *set, in nft_bitmap_lookup() argument
80 const struct nft_bitmap *priv = nft_set_priv(set); in nft_bitmap_lookup()
84 nft_bitmap_location(set, key, &idx, &off); in nft_bitmap_lookup()
90 nft_bitmap_elem_find(const struct nft_set *set, struct nft_bitmap_elem *this, in nft_bitmap_elem_find() argument
93 const struct nft_bitmap *priv = nft_set_priv(set); in nft_bitmap_elem_find()
98 nft_set_ext_key(&this->ext), set->klen) || in nft_bitmap_elem_find()
107 static void *nft_bitmap_get(const struct net *net, const struct nft_set *set, in nft_bitmap_get() argument
110 const struct nft_bitmap *priv = nft_set_priv(set); in nft_bitmap_get()
[all …]
|
| D | nft_set_rbtree.c | 41 static int nft_rbtree_cmp(const struct nft_set *set, in nft_rbtree_cmp() argument
46 set->klen); in nft_rbtree_cmp()
55 static bool __nft_rbtree_lookup(const struct net *net, const struct nft_set *set, in __nft_rbtree_lookup() argument
59 struct nft_rbtree *priv = nft_set_priv(set); in __nft_rbtree_lookup()
72 d = memcmp(nft_set_ext_key(&rbe->ext), key, set->klen); in __nft_rbtree_lookup()
76 !nft_rbtree_cmp(set, rbe, interval) && in __nft_rbtree_lookup()
93 if (nft_set_is_anonymous(set)) in __nft_rbtree_lookup()
105 if (set->flags & NFT_SET_INTERVAL && interval != NULL && in __nft_rbtree_lookup()
117 bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set, in nft_rbtree_lookup() argument
120 struct nft_rbtree *priv = nft_set_priv(set); in nft_rbtree_lookup()
[all …]
|
| D | nf_tables_api.c | 187 static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set, in __nft_set_trans_bind() argument
194 if (!nft_set_is_anonymous(set)) in __nft_set_trans_bind()
201 if (nft_trans_set(trans) == set) in __nft_set_trans_bind()
205 if (nft_trans_elem_set(trans) == set) in __nft_set_trans_bind()
212 static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set) in nft_set_trans_bind() argument
214 return __nft_set_trans_bind(ctx, set, true); in nft_set_trans_bind()
217 static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set) in nft_set_trans_unbind() argument
219 return __nft_set_trans_bind(ctx, set, false); in nft_set_trans_unbind()
561 struct nft_set *set, in __nft_trans_set_add() argument
573 nft_activate_next(ctx->net, set); in __nft_trans_set_add()
[all …]
|
| D | nft_objref.c | 99 struct nft_set *set; member
109 const struct nft_set *set = priv->set; in nft_objref_map_eval() local
115 found = nft_set_do_lookup(net, set, ®s->data[priv->sreg], &ext); in nft_objref_map_eval()
117 ext = nft_set_catchall_lookup(net, set); in nft_objref_map_eval()
133 struct nft_set *set; in nft_objref_map_init() local
136 set = nft_set_lookup_global(ctx->net, ctx->table, in nft_objref_map_init()
139 if (IS_ERR(set)) in nft_objref_map_init()
140 return PTR_ERR(set); in nft_objref_map_init()
142 if (!(set->flags & NFT_SET_OBJECT)) in nft_objref_map_init()
146 set->klen); in nft_objref_map_init()
[all …]
|
| /net/netfilter/ipvs/ |
| D | ip_vs_lblcr.c | 99 static void ip_vs_dest_set_insert(struct ip_vs_dest_set *set, in ip_vs_dest_set_insert() argument
105 list_for_each_entry(e, &set->list, list) { in ip_vs_dest_set_insert()
118 list_add_rcu(&e->list, &set->list); in ip_vs_dest_set_insert()
119 atomic_inc(&set->size); in ip_vs_dest_set_insert()
121 set->lastmod = jiffies; in ip_vs_dest_set_insert()
134 ip_vs_dest_set_erase(struct ip_vs_dest_set *set, struct ip_vs_dest *dest) in ip_vs_dest_set_erase() argument
138 list_for_each_entry(e, &set->list, list) { in ip_vs_dest_set_erase()
141 atomic_dec(&set->size); in ip_vs_dest_set_erase()
142 set->lastmod = jiffies; in ip_vs_dest_set_erase()
150 static void ip_vs_dest_set_eraseall(struct ip_vs_dest_set *set) in ip_vs_dest_set_eraseall() argument
[all …]
|
| /net/sched/ |
| D | em_ipset.c | 22 struct xt_set_info *set = data; in em_ipset_change() local
25 if (data_len != sizeof(*set)) in em_ipset_change()
28 index = ip_set_nfnl_get_byindex(net, set->index); in em_ipset_change()
32 em->datalen = sizeof(*set); in em_ipset_change()
43 const struct xt_set_info *set = (const void *) em->data; in em_ipset_destroy() local
44 if (set) { in em_ipset_destroy()
45 ip_set_nfnl_put(em->net, set->index); in em_ipset_destroy()
55 const struct xt_set_info *set = (const void *) em->data; in em_ipset_match() local
81 opt.dim = set->dim; in em_ipset_match()
82 opt.flags = set->flags; in em_ipset_match()
[all …]
|