Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
Kernel
提交
07034aea
K
Kernel
项目概览
openeuler
/
Kernel
1 年多 前同步成功
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
Kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
07034aea
编写于
10年前
作者:
J
Jozsef Kadlecsik
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
netfilter: ipset: hash:mac type added to ipset
Signed-off-by:
N
Jozsef Kadlecsik
<
kadlec@blackhole.kfki.hu
>
上级
aef96193
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
193 addition
and
1 deletion
+193
-1
net/netfilter/ipset/Kconfig
net/netfilter/ipset/Kconfig
+9
-0
net/netfilter/ipset/Makefile
net/netfilter/ipset/Makefile
+1
-0
net/netfilter/ipset/ip_set_hash_gen.h
net/netfilter/ipset/ip_set_hash_gen.h
+10
-1
net/netfilter/ipset/ip_set_hash_mac.c
net/netfilter/ipset/ip_set_hash_mac.c
+173
-0
未找到文件。
net/netfilter/ipset/Kconfig
浏览文件 @
07034aea
...
...
@@ -99,6 +99,15 @@ config IP_SET_HASH_IPPORTNET
To compile it as a module, choose M here. If unsure, say N.
config IP_SET_HASH_MAC
tristate "hash:mac set support"
depends on IP_SET
help
This option adds the hash:mac set type support, by which
one can store MAC (ethernet address) elements in a set.
To compile it as a module, choose M here. If unsure, say N.
config IP_SET_HASH_NETPORTNET
tristate "hash:net,port,net set support"
depends on IP_SET
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/ipset/Makefile
浏览文件 @
07034aea
...
...
@@ -18,6 +18,7 @@ obj-$(CONFIG_IP_SET_HASH_IPMARK) += ip_set_hash_ipmark.o
obj-$(CONFIG_IP_SET_HASH_IPPORT)
+=
ip_set_hash_ipport.o
obj-$(CONFIG_IP_SET_HASH_IPPORTIP)
+=
ip_set_hash_ipportip.o
obj-$(CONFIG_IP_SET_HASH_IPPORTNET)
+=
ip_set_hash_ipportnet.o
obj-$(CONFIG_IP_SET_HASH_MAC)
+=
ip_set_hash_mac.o
obj-$(CONFIG_IP_SET_HASH_NET)
+=
ip_set_hash_net.o
obj-$(CONFIG_IP_SET_HASH_NETPORT)
+=
ip_set_hash_netport.o
obj-$(CONFIG_IP_SET_HASH_NETIFACE)
+=
ip_set_hash_netiface.o
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/ipset/ip_set_hash_gen.h
浏览文件 @
07034aea
...
...
@@ -1054,8 +1054,10 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
struct
HTYPE
*
h
;
struct
htable
*
t
;
#ifndef IP_SET_PROTO_UNDEF
if
(
!
(
set
->
family
==
NFPROTO_IPV4
||
set
->
family
==
NFPROTO_IPV6
))
return
-
IPSET_ERR_INVALID_FAMILY
;
#endif
#ifdef IP_SET_HASH_WITH_MARKMASK
markmask
=
0xffffffff
;
...
...
@@ -1137,25 +1139,32 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
rcu_assign_pointer
(
h
->
table
,
t
);
set
->
data
=
h
;
#ifndef IP_SET_PROTO_UNDEF
if
(
set
->
family
==
NFPROTO_IPV4
)
{
#endif
set
->
variant
=
&
IPSET_TOKEN
(
HTYPE
,
4
_variant
);
set
->
dsize
=
ip_set_elem_len
(
set
,
tb
,
sizeof
(
struct
IPSET_TOKEN
(
HTYPE
,
4
_elem
)));
#ifndef IP_SET_PROTO_UNDEF
}
else
{
set
->
variant
=
&
IPSET_TOKEN
(
HTYPE
,
6
_variant
);
set
->
dsize
=
ip_set_elem_len
(
set
,
tb
,
sizeof
(
struct
IPSET_TOKEN
(
HTYPE
,
6
_elem
)));
}
#endif
if
(
tb
[
IPSET_ATTR_TIMEOUT
])
{
set
->
timeout
=
ip_set_timeout_uget
(
tb
[
IPSET_ATTR_TIMEOUT
]);
#ifndef IP_SET_PROTO_UNDEF
if
(
set
->
family
==
NFPROTO_IPV4
)
#endif
IPSET_TOKEN
(
HTYPE
,
4
_gc_init
)(
set
,
IPSET_TOKEN
(
HTYPE
,
4
_gc
));
#ifndef IP_SET_PROTO_UNDEF
else
IPSET_TOKEN
(
HTYPE
,
6
_gc_init
)(
set
,
IPSET_TOKEN
(
HTYPE
,
6
_gc
));
#endif
}
pr_debug
(
"create %s hashsize %u (%u) maxelem %u: %p(%p)
\n
"
,
set
->
name
,
jhash_size
(
t
->
htable_bits
),
t
->
htable_bits
,
h
->
maxelem
,
set
->
data
,
t
);
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/ipset/ip_set_hash_mac.c
0 → 100644
浏览文件 @
07034aea
/* Copyright (C) 2014 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
/* Kernel module implementing an IP set type: the hash:mac type */
#include <linux/jhash.h>
#include <linux/module.h>
#include <linux/etherdevice.h>
#include <linux/skbuff.h>
#include <linux/errno.h>
#include <linux/if_ether.h>
#include <net/netlink.h>
#include <linux/netfilter.h>
#include <linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_hash.h>
#define IPSET_TYPE_REV_MIN 0
#define IPSET_TYPE_REV_MAX 0
MODULE_LICENSE
(
"GPL"
);
MODULE_AUTHOR
(
"Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"
);
IP_SET_MODULE_DESC
(
"hash:mac"
,
IPSET_TYPE_REV_MIN
,
IPSET_TYPE_REV_MAX
);
MODULE_ALIAS
(
"ip_set_hash:mac"
);
/* Type specific function prefix */
#define HTYPE hash_mac
/* Member elements */
struct
hash_mac4_elem
{
/* Zero valued IP addresses cannot be stored */
union
{
unsigned
char
ether
[
ETH_ALEN
];
__be32
foo
[
2
];
};
};
/* Common functions */
static
inline
bool
hash_mac4_data_equal
(
const
struct
hash_mac4_elem
*
e1
,
const
struct
hash_mac4_elem
*
e2
,
u32
*
multi
)
{
return
ether_addr_equal
(
e1
->
ether
,
e2
->
ether
);
}
static
inline
bool
hash_mac4_data_list
(
struct
sk_buff
*
skb
,
const
struct
hash_mac4_elem
*
e
)
{
return
nla_put
(
skb
,
IPSET_ATTR_ETHER
,
ETH_ALEN
,
e
->
ether
);
}
static
inline
void
hash_mac4_data_next
(
struct
hash_mac4_elem
*
next
,
const
struct
hash_mac4_elem
*
e
)
{
}
#define MTYPE hash_mac4
#define PF 4
#define HOST_MASK 32
#define IP_SET_EMIT_CREATE
#define IP_SET_PROTO_UNDEF
#include "ip_set_hash_gen.h"
/* Zero valued element is not supported */
static
const
unsigned
char
invalid_ether
[
ETH_ALEN
]
=
{
0
};
static
int
hash_mac4_kadt
(
struct
ip_set
*
set
,
const
struct
sk_buff
*
skb
,
const
struct
xt_action_param
*
par
,
enum
ipset_adt
adt
,
struct
ip_set_adt_opt
*
opt
)
{
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_mac4_elem
e
=
{
{
.
foo
[
0
]
=
0
,
.
foo
[
1
]
=
0
}
};
struct
ip_set_ext
ext
=
IP_SET_INIT_KEXT
(
skb
,
opt
,
set
);
/* MAC can be src only */
if
(
!
(
opt
->
flags
&
IPSET_DIM_ONE_SRC
))
return
0
;
if
(
skb_mac_header
(
skb
)
<
skb
->
head
||
(
skb_mac_header
(
skb
)
+
ETH_HLEN
)
>
skb
->
data
)
return
-
EINVAL
;
memcpy
(
e
.
ether
,
eth_hdr
(
skb
)
->
h_source
,
ETH_ALEN
);
if
(
memcmp
(
e
.
ether
,
invalid_ether
,
ETH_ALEN
)
==
0
)
return
-
EINVAL
;
return
adtfn
(
set
,
&
e
,
&
ext
,
&
opt
->
ext
,
opt
->
cmdflags
);
}
static
int
hash_mac4_uadt
(
struct
ip_set
*
set
,
struct
nlattr
*
tb
[],
enum
ipset_adt
adt
,
u32
*
lineno
,
u32
flags
,
bool
retried
)
{
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_mac4_elem
e
=
{
{
.
foo
[
0
]
=
0
,
.
foo
[
1
]
=
0
}
};
struct
ip_set_ext
ext
=
IP_SET_INIT_UEXT
(
set
);
int
ret
;
if
(
unlikely
(
!
tb
[
IPSET_ATTR_ETHER
]
||
!
ip_set_optattr_netorder
(
tb
,
IPSET_ATTR_TIMEOUT
)
||
!
ip_set_optattr_netorder
(
tb
,
IPSET_ATTR_PACKETS
)
||
!
ip_set_optattr_netorder
(
tb
,
IPSET_ATTR_BYTES
)
||
!
ip_set_optattr_netorder
(
tb
,
IPSET_ATTR_SKBMARK
)
||
!
ip_set_optattr_netorder
(
tb
,
IPSET_ATTR_SKBPRIO
)
||
!
ip_set_optattr_netorder
(
tb
,
IPSET_ATTR_SKBQUEUE
)))
return
-
IPSET_ERR_PROTOCOL
;
if
(
tb
[
IPSET_ATTR_LINENO
])
*
lineno
=
nla_get_u32
(
tb
[
IPSET_ATTR_LINENO
]);
ret
=
ip_set_get_extensions
(
set
,
tb
,
&
ext
);
if
(
ret
)
return
ret
;
memcpy
(
e
.
ether
,
nla_data
(
tb
[
IPSET_ATTR_ETHER
]),
ETH_ALEN
);
if
(
memcmp
(
e
.
ether
,
invalid_ether
,
ETH_ALEN
)
==
0
)
return
-
IPSET_ERR_HASH_ELEM
;
return
adtfn
(
set
,
&
e
,
&
ext
,
&
ext
,
flags
);
}
static
struct
ip_set_type
hash_mac_type
__read_mostly
=
{
.
name
=
"hash:mac"
,
.
protocol
=
IPSET_PROTOCOL
,
.
features
=
IPSET_TYPE_MAC
,
.
dimension
=
IPSET_DIM_ONE
,
.
family
=
NFPROTO_UNSPEC
,
.
revision_min
=
IPSET_TYPE_REV_MIN
,
.
revision_max
=
IPSET_TYPE_REV_MAX
,
.
create
=
hash_mac_create
,
.
create_policy
=
{
[
IPSET_ATTR_HASHSIZE
]
=
{
.
type
=
NLA_U32
},
[
IPSET_ATTR_MAXELEM
]
=
{
.
type
=
NLA_U32
},
[
IPSET_ATTR_PROBES
]
=
{
.
type
=
NLA_U8
},
[
IPSET_ATTR_RESIZE
]
=
{
.
type
=
NLA_U8
},
[
IPSET_ATTR_TIMEOUT
]
=
{
.
type
=
NLA_U32
},
[
IPSET_ATTR_CADT_FLAGS
]
=
{
.
type
=
NLA_U32
},
},
.
adt_policy
=
{
[
IPSET_ATTR_ETHER
]
=
{
.
type
=
NLA_BINARY
,
.
len
=
ETH_ALEN
},
[
IPSET_ATTR_TIMEOUT
]
=
{
.
type
=
NLA_U32
},
[
IPSET_ATTR_LINENO
]
=
{
.
type
=
NLA_U32
},
[
IPSET_ATTR_BYTES
]
=
{
.
type
=
NLA_U64
},
[
IPSET_ATTR_PACKETS
]
=
{
.
type
=
NLA_U64
},
[
IPSET_ATTR_COMMENT
]
=
{
.
type
=
NLA_NUL_STRING
},
[
IPSET_ATTR_SKBMARK
]
=
{
.
type
=
NLA_U64
},
[
IPSET_ATTR_SKBPRIO
]
=
{
.
type
=
NLA_U32
},
[
IPSET_ATTR_SKBQUEUE
]
=
{
.
type
=
NLA_U16
},
},
.
me
=
THIS_MODULE
,
};
static
int
__init
hash_mac_init
(
void
)
{
return
ip_set_type_register
(
&
hash_mac_type
);
}
static
void
__exit
hash_mac_fini
(
void
)
{
ip_set_type_unregister
(
&
hash_mac_type
);
}
module_init
(
hash_mac_init
);
module_exit
(
hash_mac_fini
);
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
反馈
建议
客服
返回
顶部