netfilter: ipset: Add bucketsize parameter to all hash types
The parameter defines the upper limit in any hash bucket at adding new entries from userspace - if the limit would be exceeded, ipset doubles the hash size and rehashes. It means the set may consume more memory but gives faster evaluation at matching in the set. Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
a304ea7daf
commit
ccf0a4b7fc
|
@ -198,6 +198,9 @@ struct ip_set_region {
|
||||||
u32 elements; /* Number of elements vs timeout */
|
u32 elements; /* Number of elements vs timeout */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* The max revision number supported by any set type + 1 */
|
||||||
|
#define IPSET_REVISION_MAX 9
|
||||||
|
|
||||||
/* The core set type structure */
|
/* The core set type structure */
|
||||||
struct ip_set_type {
|
struct ip_set_type {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
|
@ -215,6 +218,8 @@ struct ip_set_type {
|
||||||
u8 family;
|
u8 family;
|
||||||
/* Type revisions */
|
/* Type revisions */
|
||||||
u8 revision_min, revision_max;
|
u8 revision_min, revision_max;
|
||||||
|
/* Revision-specific supported (create) flags */
|
||||||
|
u8 create_flags[IPSET_REVISION_MAX+1];
|
||||||
/* Set features to control swapping */
|
/* Set features to control swapping */
|
||||||
u16 features;
|
u16 features;
|
||||||
|
|
||||||
|
|
|
@ -96,7 +96,7 @@ enum {
|
||||||
IPSET_ATTR_HASHSIZE,
|
IPSET_ATTR_HASHSIZE,
|
||||||
IPSET_ATTR_MAXELEM,
|
IPSET_ATTR_MAXELEM,
|
||||||
IPSET_ATTR_NETMASK,
|
IPSET_ATTR_NETMASK,
|
||||||
IPSET_ATTR_PROBES,
|
IPSET_ATTR_BUCKETSIZE, /* was unused IPSET_ATTR_PROBES */
|
||||||
IPSET_ATTR_RESIZE,
|
IPSET_ATTR_RESIZE,
|
||||||
IPSET_ATTR_SIZE,
|
IPSET_ATTR_SIZE,
|
||||||
/* Kernel-only */
|
/* Kernel-only */
|
||||||
|
@ -214,6 +214,8 @@ enum ipset_cadt_flags {
|
||||||
enum ipset_create_flags {
|
enum ipset_create_flags {
|
||||||
IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
|
IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
|
||||||
IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
|
IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
|
||||||
|
IPSET_CREATE_FLAG_BIT_BUCKETSIZE = 1,
|
||||||
|
IPSET_CREATE_FLAG_BUCKETSIZE = (1 << IPSET_CREATE_FLAG_BIT_BUCKETSIZE),
|
||||||
IPSET_CREATE_FLAG_BIT_MAX = 7,
|
IPSET_CREATE_FLAG_BIT_MAX = 7,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1109,6 +1109,8 @@ static int ip_set_create(struct net *net, struct sock *ctnl,
|
||||||
ret = -IPSET_ERR_PROTOCOL;
|
ret = -IPSET_ERR_PROTOCOL;
|
||||||
goto put_out;
|
goto put_out;
|
||||||
}
|
}
|
||||||
|
/* Set create flags depending on the type revision */
|
||||||
|
set->flags |= set->type->create_flags[revision];
|
||||||
|
|
||||||
ret = set->type->create(net, set, tb, flags);
|
ret = set->type->create(net, set, tb, flags);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
|
|
|
@ -37,18 +37,18 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Number of elements to store in an initial array block */
|
/* Number of elements to store in an initial array block */
|
||||||
#define AHASH_INIT_SIZE 4
|
#define AHASH_INIT_SIZE 2
|
||||||
/* Max number of elements to store in an array block */
|
/* Max number of elements to store in an array block */
|
||||||
#define AHASH_MAX_SIZE (3 * AHASH_INIT_SIZE)
|
#define AHASH_MAX_SIZE (6 * AHASH_INIT_SIZE)
|
||||||
/* Max muber of elements in the array block when tuned */
|
/* Max muber of elements in the array block when tuned */
|
||||||
#define AHASH_MAX_TUNED 64
|
#define AHASH_MAX_TUNED 64
|
||||||
|
|
||||||
|
#define AHASH_MAX(h) ((h)->bucketsize)
|
||||||
|
|
||||||
/* Max number of elements can be tuned */
|
/* Max number of elements can be tuned */
|
||||||
#ifdef IP_SET_HASH_WITH_MULTI
|
#ifdef IP_SET_HASH_WITH_MULTI
|
||||||
#define AHASH_MAX(h) ((h)->ahash_max)
|
|
||||||
|
|
||||||
static u8
|
static u8
|
||||||
tune_ahash_max(u8 curr, u32 multi)
|
tune_bucketsize(u8 curr, u32 multi)
|
||||||
{
|
{
|
||||||
u32 n;
|
u32 n;
|
||||||
|
|
||||||
|
@ -61,12 +61,10 @@ tune_ahash_max(u8 curr, u32 multi)
|
||||||
*/
|
*/
|
||||||
return n > curr && n <= AHASH_MAX_TUNED ? n : curr;
|
return n > curr && n <= AHASH_MAX_TUNED ? n : curr;
|
||||||
}
|
}
|
||||||
|
#define TUNE_BUCKETSIZE(h, multi) \
|
||||||
#define TUNE_AHASH_MAX(h, multi) \
|
((h)->bucketsize = tune_bucketsize((h)->bucketsize, multi))
|
||||||
((h)->ahash_max = tune_ahash_max((h)->ahash_max, multi))
|
|
||||||
#else
|
#else
|
||||||
#define AHASH_MAX(h) AHASH_MAX_SIZE
|
#define TUNE_BUCKETSIZE(h, multi)
|
||||||
#define TUNE_AHASH_MAX(h, multi)
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* A hash bucket */
|
/* A hash bucket */
|
||||||
|
@ -321,9 +319,7 @@ struct htype {
|
||||||
#ifdef IP_SET_HASH_WITH_MARKMASK
|
#ifdef IP_SET_HASH_WITH_MARKMASK
|
||||||
u32 markmask; /* markmask value for mark mask to store */
|
u32 markmask; /* markmask value for mark mask to store */
|
||||||
#endif
|
#endif
|
||||||
#ifdef IP_SET_HASH_WITH_MULTI
|
u8 bucketsize; /* max elements in an array block */
|
||||||
u8 ahash_max; /* max elements in an array block */
|
|
||||||
#endif
|
|
||||||
#ifdef IP_SET_HASH_WITH_NETMASK
|
#ifdef IP_SET_HASH_WITH_NETMASK
|
||||||
u8 netmask; /* netmask value for subnets to store */
|
u8 netmask; /* netmask value for subnets to store */
|
||||||
#endif
|
#endif
|
||||||
|
@ -950,7 +946,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
|
||||||
goto set_full;
|
goto set_full;
|
||||||
/* Create a new slot */
|
/* Create a new slot */
|
||||||
if (n->pos >= n->size) {
|
if (n->pos >= n->size) {
|
||||||
TUNE_AHASH_MAX(h, multi);
|
TUNE_BUCKETSIZE(h, multi);
|
||||||
if (n->size >= AHASH_MAX(h)) {
|
if (n->size >= AHASH_MAX(h)) {
|
||||||
/* Trigger rehashing */
|
/* Trigger rehashing */
|
||||||
mtype_data_next(&h->next, d);
|
mtype_data_next(&h->next, d);
|
||||||
|
@ -1305,6 +1301,9 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
|
||||||
if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
|
if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
#endif
|
#endif
|
||||||
|
if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE &&
|
||||||
|
nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize))
|
||||||
|
goto nla_put_failure;
|
||||||
if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
|
if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
|
||||||
nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
|
nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
|
||||||
nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements)))
|
nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements)))
|
||||||
|
@ -1548,7 +1547,16 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
|
||||||
h->markmask = markmask;
|
h->markmask = markmask;
|
||||||
#endif
|
#endif
|
||||||
get_random_bytes(&h->initval, sizeof(h->initval));
|
get_random_bytes(&h->initval, sizeof(h->initval));
|
||||||
|
h->bucketsize = AHASH_MAX_SIZE;
|
||||||
|
if (tb[IPSET_ATTR_BUCKETSIZE]) {
|
||||||
|
h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]);
|
||||||
|
if (h->bucketsize < AHASH_INIT_SIZE)
|
||||||
|
h->bucketsize = AHASH_INIT_SIZE;
|
||||||
|
else if (h->bucketsize > AHASH_MAX_SIZE)
|
||||||
|
h->bucketsize = AHASH_MAX_SIZE;
|
||||||
|
else if (h->bucketsize % 2)
|
||||||
|
h->bucketsize += 1;
|
||||||
|
}
|
||||||
t->htable_bits = hbits;
|
t->htable_bits = hbits;
|
||||||
t->maxelem = h->maxelem / ahash_numof_locks(hbits);
|
t->maxelem = h->maxelem / ahash_numof_locks(hbits);
|
||||||
RCU_INIT_POINTER(h->table, t);
|
RCU_INIT_POINTER(h->table, t);
|
||||||
|
|
|
@ -23,7 +23,8 @@
|
||||||
/* 1 Counters support */
|
/* 1 Counters support */
|
||||||
/* 2 Comments support */
|
/* 2 Comments support */
|
||||||
/* 3 Forceadd support */
|
/* 3 Forceadd support */
|
||||||
#define IPSET_TYPE_REV_MAX 4 /* skbinfo support */
|
/* 4 skbinfo support */
|
||||||
|
#define IPSET_TYPE_REV_MAX 5 /* bucketsize support */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -277,11 +278,12 @@ static struct ip_set_type hash_ip_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_ip_create,
|
.create = hash_ip_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_NETMASK] = { .type = NLA_U8 },
|
[IPSET_ATTR_NETMASK] = { .type = NLA_U8 },
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
#include <linux/netfilter/ipset/ip_set_hash.h>
|
#include <linux/netfilter/ipset/ip_set_hash.h>
|
||||||
|
|
||||||
#define IPSET_TYPE_REV_MIN 0
|
#define IPSET_TYPE_REV_MIN 0
|
||||||
#define IPSET_TYPE_REV_MAX 0
|
#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Tomasz Chilinski <tomasz.chilinski@chilan.com>");
|
MODULE_AUTHOR("Tomasz Chilinski <tomasz.chilinski@chilan.com>");
|
||||||
|
@ -268,11 +268,12 @@ static struct ip_set_type hash_ipmac_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_ipmac_create,
|
.create = hash_ipmac_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -21,7 +21,8 @@
|
||||||
|
|
||||||
#define IPSET_TYPE_REV_MIN 0
|
#define IPSET_TYPE_REV_MIN 0
|
||||||
/* 1 Forceadd support */
|
/* 1 Forceadd support */
|
||||||
#define IPSET_TYPE_REV_MAX 2 /* skbinfo support */
|
/* 2 skbinfo support */
|
||||||
|
#define IPSET_TYPE_REV_MAX 3 /* bucketsize support */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Vytas Dauksa <vytas.dauksa@smoothwall.net>");
|
MODULE_AUTHOR("Vytas Dauksa <vytas.dauksa@smoothwall.net>");
|
||||||
|
@ -274,12 +275,13 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_ipmark_create,
|
.create = hash_ipmark_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_MARKMASK] = { .type = NLA_U32 },
|
[IPSET_ATTR_MARKMASK] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -25,7 +25,8 @@
|
||||||
/* 2 Counters support added */
|
/* 2 Counters support added */
|
||||||
/* 3 Comments support added */
|
/* 3 Comments support added */
|
||||||
/* 4 Forceadd support added */
|
/* 4 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
|
/* 5 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -341,11 +342,12 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_ipport_create,
|
.create = hash_ipport_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -25,7 +25,8 @@
|
||||||
/* 2 Counters support added */
|
/* 2 Counters support added */
|
||||||
/* 3 Comments support added */
|
/* 3 Comments support added */
|
||||||
/* 4 Forceadd support added */
|
/* 4 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 5 /* skbinfo support added */
|
/* 5 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 6 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -356,11 +357,12 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_ipportip_create,
|
.create = hash_ipportip_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -27,7 +27,8 @@
|
||||||
/* 4 Counters support added */
|
/* 4 Counters support added */
|
||||||
/* 5 Comments support added */
|
/* 5 Comments support added */
|
||||||
/* 6 Forceadd support added */
|
/* 6 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */
|
/* 7 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -513,11 +514,12 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_ipportnet_create,
|
.create = hash_ipportnet_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
#include <linux/netfilter/ipset/ip_set_hash.h>
|
#include <linux/netfilter/ipset/ip_set_hash.h>
|
||||||
|
|
||||||
#define IPSET_TYPE_REV_MIN 0
|
#define IPSET_TYPE_REV_MIN 0
|
||||||
#define IPSET_TYPE_REV_MAX 0
|
#define IPSET_TYPE_REV_MAX 1 /* bucketsize support */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -125,11 +125,12 @@ static struct ip_set_type hash_mac_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_mac_create,
|
.create = hash_mac_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -24,7 +24,8 @@
|
||||||
/* 3 Counters support added */
|
/* 3 Counters support added */
|
||||||
/* 4 Comments support added */
|
/* 4 Comments support added */
|
||||||
/* 5 Forceadd support added */
|
/* 5 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 6 /* skbinfo mapping support added */
|
/* 6 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 7 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -354,11 +355,12 @@ static struct ip_set_type hash_net_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_net_create,
|
.create = hash_net_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -26,7 +26,8 @@
|
||||||
/* 4 Comments support added */
|
/* 4 Comments support added */
|
||||||
/* 5 Forceadd support added */
|
/* 5 Forceadd support added */
|
||||||
/* 6 skbinfo support added */
|
/* 6 skbinfo support added */
|
||||||
#define IPSET_TYPE_REV_MAX 7 /* interface wildcard support added */
|
/* 7 interface wildcard support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -470,11 +471,12 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_netiface_create,
|
.create = hash_netiface_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -22,7 +22,8 @@
|
||||||
|
|
||||||
#define IPSET_TYPE_REV_MIN 0
|
#define IPSET_TYPE_REV_MIN 0
|
||||||
/* 1 Forceadd support added */
|
/* 1 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 2 /* skbinfo support added */
|
/* 2 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
|
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
|
||||||
|
@ -459,11 +460,12 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_netnet_create,
|
.create = hash_netnet_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -26,7 +26,8 @@
|
||||||
/* 4 Counters support added */
|
/* 4 Counters support added */
|
||||||
/* 5 Comments support added */
|
/* 5 Comments support added */
|
||||||
/* 6 Forceadd support added */
|
/* 6 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 7 /* skbinfo support added */
|
/* 7 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 8 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
|
||||||
|
@ -460,11 +461,12 @@ static struct ip_set_type hash_netport_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_netport_create,
|
.create = hash_netport_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
[IPSET_ATTR_PROTO] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
|
|
|
@ -23,7 +23,8 @@
|
||||||
#define IPSET_TYPE_REV_MIN 0
|
#define IPSET_TYPE_REV_MIN 0
|
||||||
/* 0 Comments support added */
|
/* 0 Comments support added */
|
||||||
/* 1 Forceadd support added */
|
/* 1 Forceadd support added */
|
||||||
#define IPSET_TYPE_REV_MAX 2 /* skbinfo support added */
|
/* 2 skbinfo support added */
|
||||||
|
#define IPSET_TYPE_REV_MAX 3 /* bucketsize support added */
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
|
MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
|
||||||
|
@ -558,11 +559,12 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision_min = IPSET_TYPE_REV_MIN,
|
.revision_min = IPSET_TYPE_REV_MIN,
|
||||||
.revision_max = IPSET_TYPE_REV_MAX,
|
.revision_max = IPSET_TYPE_REV_MAX,
|
||||||
|
.create_flags[IPSET_TYPE_REV_MAX] = IPSET_CREATE_FLAG_BUCKETSIZE,
|
||||||
.create = hash_netportnet_create,
|
.create = hash_netportnet_create,
|
||||||
.create_policy = {
|
.create_policy = {
|
||||||
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
[IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
[IPSET_ATTR_MAXELEM] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_PROBES] = { .type = NLA_U8 },
|
[IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
[IPSET_ATTR_RESIZE] = { .type = NLA_U8 },
|
||||||
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
[IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
|
||||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||||
|
|
Loading…
Reference in New Issue