From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 22/33] netfilter: ipset: Support comments in bitmap-type ipsets.
Date: Fri, 4 Oct 2013 10:33:07 +0200 [thread overview]
Message-ID: <1380875598-5250-23-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1380875598-5250-1-git-send-email-pablo@netfilter.org>
From: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
This provides kernel support for creating bitmap ipsets with comment
support.
As is the case for hashes, this incurs a penalty when flushing or
destroying the entire ipset as the entries must first be walked in order
to free the comment strings. This penalty is of course far less than the
cost of listing an ipset to userspace. Any set created without support
for comments will be flushed/destroyed as before.
Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_bitmap_gen.h | 14 ++++++++------
net/netfilter/ipset/ip_set_bitmap_ip.c | 4 +++-
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 4 +++-
net/netfilter/ipset/ip_set_bitmap_port.c | 4 +++-
4 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h
index 4515fe8..6167fc9 100644
--- a/net/netfilter/ipset/ip_set_bitmap_gen.h
+++ b/net/netfilter/ipset/ip_set_bitmap_gen.h
@@ -101,12 +101,9 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
htonl(sizeof(*map) +
map->memsize +
- set->dsize * map->elements)) ||
- (SET_WITH_TIMEOUT(set) &&
- nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(set->timeout))) ||
- (SET_WITH_COUNTER(set) &&
- nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS,
- htonl(IPSET_FLAG_WITH_COUNTERS))))
+ set->dsize * map->elements)))
+ goto nla_put_failure;
+ if (unlikely(ip_set_put_flags(skb, set)))
goto nla_put_failure;
ipset_nest_end(skb, nested);
@@ -162,6 +159,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
if (SET_WITH_COUNTER(set))
ip_set_init_counter(ext_counter(x, set), ext);
+ if (SET_WITH_COMMENT(set))
+ ip_set_init_comment(ext_comment(x, set), ext);
return 0;
}
@@ -233,6 +232,9 @@ mtype_list(const struct ip_set *set,
if (SET_WITH_COUNTER(set) &&
ip_set_put_counter(skb, ext_counter(x, set)))
goto nla_put_failure;
+ if (SET_WITH_COMMENT(set) &&
+ ip_set_put_comment(skb, ext_comment(x, set)))
+ goto nla_put_failure;
ipset_nest_end(skb, nested);
}
ipset_nest_end(skb, adt);
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
index 94d9854..faac124 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -26,7 +26,8 @@
#include <linux/netfilter/ipset/ip_set_bitmap.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counter support added */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Comment support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -354,6 +355,7 @@ static struct ip_set_type bitmap_ip_type __read_mostly = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
+ [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
},
.me = THIS_MODULE,
};
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 654a97b..fb4d163 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -26,7 +26,8 @@
#include <linux/netfilter/ipset/ip_set_bitmap.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counter support added */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Comment support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -403,6 +404,7 @@ static struct ip_set_type bitmap_ipmac_type = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
+ [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
},
.me = THIS_MODULE,
};
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
index 1ef2f31..407a63c 100644
--- a/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -21,7 +21,8 @@
#include <linux/netfilter/ipset/ip_set_getport.h>
#define IPSET_TYPE_REV_MIN 0
-#define IPSET_TYPE_REV_MAX 1 /* Counter support added */
+/* 1 Counter support added */
+#define IPSET_TYPE_REV_MAX 2 /* Comment support added */
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
@@ -288,6 +289,7 @@ static struct ip_set_type bitmap_port_type = {
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
+ [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
},
.me = THIS_MODULE,
};
--
1.7.10.4
next prev parent reply other threads:[~2013-10-04 8:34 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-04 8:32 [PATCH 00/33] Netfilter updates for net-next Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 01/33] netfilter: nf_ct_sip: extend RCU read lock in set_expected_rtp_rtcp() Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 02/33] netfilter: xt_TCPMSS: Get mtu only if clamp-mss-to-pmtu is specified Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 03/33] netfilter: xt_TCPMSS: lookup route from proper net namespace Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 04/33] netfilter: ipset: Don't call ip_nest_end needlessly in the error path Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 05/33] netfilter: ipset: Sparse warning about shadowed variable fixed Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 06/33] netfilter: ipset: Fix sparse warnings due to missing rcu annotations Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 07/33] netfilter: ipset: Rename simple macro names to avoid namespace issues Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 08/33] netfilter: ipset: Fix "may be used uninitialized" warnings Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 09/33] netfilter: ipset: Use fix sized type for timeout in the extension part Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 10/33] netfilter: ipset: Support package fragments for IPv4 protos without ports Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 11/33] netfilter: ipset: order matches and targets separatedly in xt_set.c Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 12/33] netfilter: ipset: Introduce new operation to get both setname and family Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 13/33] netfilter: ipset: Prepare ipset to support multiple networks for hash types Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 14/33] netfilter: ipset: Rename extension offset ids to extension ids Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 15/33] netfilter: ipset: Move extension data to set structure Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 16/33] netfilter: ipset: Generalize extensions support Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 17/33] netfilter: ipset: Support extensions which need a per data destroy function Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 18/33] netfilter: ipset: list:set: make sure all elements are checked by the gc Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 19/33] netfilter: ipset: Kconfig: ipset needs NETFILTER_NETLINK Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 20/33] netfilter: ipset: Add hash:net,net module to kernel Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 21/33] netfilter: ipset: Support comments for ipset entries in the core Pablo Neira Ayuso
2013-10-04 8:33 ` Pablo Neira Ayuso [this message]
2013-10-04 8:33 ` [PATCH 23/33] netfilter: ipset: Support comments in the list-type ipset Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 24/33] netfilter: ipset: Support comments in hash-type ipsets Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 25/33] netfilter: ipset: Fix hash resizing with comments Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 26/33] netfilter: ipset: For set:list types, replaced elements must be zeroed out Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 27/33] netfilter: ipset: Use a common function at listing the extensions Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 28/33] netfiler: ipset: Add net namespace for ipset Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 29/33] netfilter: ipset: Add hash:net,port,net module to kernel Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 30/33] netfilter: nfnetlink_queue: use proper net namespace to allocate skb Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 31/33] netfilter: nfnetlink_log: use proper net " Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 32/33] netfilter: nf_ct_sip: consolidate NAT hook functions Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 33/33] netfilter: cttimeout: allow to set/get default protocol timeouts Pablo Neira Ayuso
2013-10-04 17:59 ` [PATCH 00/33] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1380875598-5250-23-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).