netfilter: ipset: Expose the initval hash parameter to userspace
It makes possible to reproduce exactly the same set after a save/restore. Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Jozsef Kadlecsik
Pablo Neira Ayuso
parent
ccf0a4b7fc
commit
3976ca1019
|
|
@ -92,7 +92,7 @@ enum {
|
|||
/* Reserve empty slots */
|
||||
IPSET_ATTR_CADT_MAX = 16,
|
||||
/* Create-only specific attributes */
|
||||
IPSET_ATTR_GC,
|
||||
IPSET_ATTR_INITVAL, /* was unused IPSET_ATTR_GC */
|
||||
IPSET_ATTR_HASHSIZE,
|
||||
IPSET_ATTR_MAXELEM,
|
||||
IPSET_ATTR_NETMASK,
|
||||
|
|
|
|||
|
|
@ -1301,9 +1301,11 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
|
|||
if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
|
||||
goto nla_put_failure;
|
||||
#endif
|
||||
if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE &&
|
||||
nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize))
|
||||
goto nla_put_failure;
|
||||
if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE) {
|
||||
if (nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize) ||
|
||||
nla_put_net32(skb, IPSET_ATTR_INITVAL, htonl(h->initval)))
|
||||
goto nla_put_failure;
|
||||
}
|
||||
if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
|
||||
nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
|
||||
nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements)))
|
||||
|
|
@ -1546,7 +1548,10 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
|
|||
#ifdef IP_SET_HASH_WITH_MARKMASK
|
||||
h->markmask = markmask;
|
||||
#endif
|
||||
get_random_bytes(&h->initval, sizeof(h->initval));
|
||||
if (tb[IPSET_ATTR_INITVAL])
|
||||
h->initval = ntohl(nla_get_be32(tb[IPSET_ATTR_INITVAL]));
|
||||
else
|
||||
get_random_bytes(&h->initval, sizeof(h->initval));
|
||||
h->bucketsize = AHASH_MAX_SIZE;
|
||||
if (tb[IPSET_ATTR_BUCKETSIZE]) {
|
||||
h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]);
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
/* 2 Comments support */
|
||||
/* 3 Forceadd support */
|
||||
/* 4 skbinfo support */
|
||||
#define IPSET_TYPE_REV_MAX 5 /* bucketsize support */
|
||||
#define IPSET_TYPE_REV_MAX 5 /* bucketsize, initval support */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -283,6 +283,7 @@ static struct ip_set_type hash_ip_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
#include <linux/netfilter/ipset/ip_set_hash.h>
|
||||
|
||||
#define IPSET_TYPE_REV_MIN 0
|
||||
#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */
|
||||
#define IPSET_TYPE_REV_MAX 1 /* bucketsize, initval support */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Tomasz Chilinski <tomasz.chilinski@chilan.com>");
|
||||
|
|
@ -273,6 +273,7 @@ static struct ip_set_type hash_ipmac_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
#define IPSET_TYPE_REV_MIN 0
|
||||
/* 1 Forceadd support */
|
||||
/* 2 skbinfo support */
|
||||
#define IPSET_TYPE_REV_MAX 3 /* bucketsize support */
|
||||
#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Vytas Dauksa <vytas.dauksa@smoothwall.net>");
|
||||
|
|
@ -281,6 +281,7 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
|
|||
[IPSET_ATTR_MARKMASK] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
/* 3 Comments support added */
|
||||
/* 4 Forceadd support added */
|
||||
/* 5 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 6 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -347,6 +347,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
/* 3 Comments support added */
|
||||
/* 4 Forceadd support added */
|
||||
/* 5 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 6 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -362,6 +362,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
/* 5 Comments support added */
|
||||
/* 6 Forceadd support added */
|
||||
/* 7 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -519,6 +519,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
#include <linux/netfilter/ipset/ip_set_hash.h>
|
||||
|
||||
#define IPSET_TYPE_REV_MIN 0
|
||||
#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */
|
||||
#define IPSET_TYPE_REV_MAX 1 /* bucketsize, initval support */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -130,6 +130,7 @@ static struct ip_set_type hash_mac_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
/* 4 Comments support added */
|
||||
/* 5 Forceadd support added */
|
||||
/* 6 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 7 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 7 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -360,6 +360,7 @@ static struct ip_set_type hash_net_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
/* 5 Forceadd support added */
|
||||
/* 6 skbinfo support added */
|
||||
/* 7 interface wildcard support added */
|
||||
#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -476,6 +476,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
#define IPSET_TYPE_REV_MIN 0
|
||||
/* 1 Forceadd support added */
|
||||
/* 2 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
|
||||
|
|
@ -465,6 +465,7 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
/* 5 Comments support added */
|
||||
/* 6 Forceadd support added */
|
||||
/* 7 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 8 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||
|
|
@ -466,6 +466,7 @@ static struct ip_set_type hash_netport_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
/* 0 Comments support added */
|
||||
/* 1 Forceadd support added */
|
||||
/* 2 skbinfo support added */
|
||||
#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */
|
||||
#define IPSET_TYPE_REV_MAX 3 /* bucketsize, initval support added */
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
|
||||
|
|
@ -564,6 +564,7 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
|
|||
.create_policy = {
|
||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_INITVAL] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||
|
|
|
|||
Loading…
Reference in New Issue