From patchwork Tue Mar 21 18:29:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Hunt X-Patchwork-Id: 741703 X-Patchwork-Delegate: kadlec@blackhole.kfki.hu Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vnhS55Hxpz9s7g for ; Wed, 22 Mar 2017 05:39:33 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=akamai.com header.i=@akamai.com header.b="cs7iWBwi"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757773AbdCUSgK (ORCPT ); Tue, 21 Mar 2017 14:36:10 -0400 Received: from prod-mail-xrelay06.akamai.com ([96.6.114.98]:41444 "EHLO prod-mail-xrelay06.akamai.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757921AbdCUSfC (ORCPT ); Tue, 21 Mar 2017 14:35:02 -0400 Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id DD2AC496C0C; Tue, 21 Mar 2017 18:29:09 +0000 (GMT) Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id C677C496C06; Tue, 21 Mar 2017 18:29:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1490120949; bh=JzEXw9MaBStZkqMGp417adkMrZGzLNpRnyD4NRbHn3w=; l=3070; h=From:To:Cc:Date:In-Reply-To:References:From; b=cs7iWBwigBda9vBwpJ5w0k7HouN04cKp0Nn300vdHVaBn1dCB3tRaoaWLxbj9aHzd c0mzZzvihyHsY/p71hZ5o/ze9JkOSVM7GG/edroB9oiG63WdMVdG3y+/j9UrCXZEiO HhuD+pJkhAnboO9ZsDlwW+ZHtJAVGbQfAHvDQ9PM= Received: from bos-lpwg1 (bos-lpwg1.kendall.corp.akamai.com [172.28.12.251]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id B74051E08A; Tue, 21 Mar 2017 18:29:09 +0000 (GMT) Received: from johunt by bos-lpwg1 with local (Exim 4.82) (envelope-from ) id 1cqOWr-0000TT-Fs; Tue, 21 Mar 2017 14:29:09 -0400 From: Josh Hunt To: kadlec@blackhole.kfki.hu Cc: pablo@netfilter.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, Josh Hunt Subject: [PATCH 3/4] netfilter: ipset: hash:ip: add support for new netmask types Date: Tue, 21 Mar 2017 14:29:03 -0400 Message-Id: <1490120944-1770-4-git-send-email-johunt@akamai.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1490120944-1770-1-git-send-email-johunt@akamai.com> References: <1490120944-1770-1-git-send-email-johunt@akamai.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Enable new netmask suport for hash:ip set types. Example usage: Legacy behavior: ipset create foo hash:ip family inet6 netmask 64 New netmask support (equivalent to legacy example): ipset create foo hash:ip family inet6 netmask ffff:ffff:ffff:ffff:: New wildcard mask support: ipset create foo hash:ip family inet6 netmask ffff:ffff:ffff:0:0:ffff:ffff:ffff The 3 mask types are supported for ipv4 sets as well. Signed-off-by: Josh Hunt --- net/netfilter/ipset/ip_set_hash_ip.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index 20bfbd3..74aa4a6 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c @@ -27,7 +27,8 @@ /* 1 Counters support */ /* 2 Comments support */ /* 3 Forceadd support */ -#define IPSET_TYPE_REV_MAX 4 /* skbinfo support */ +/* 4 skbinfo support */ +#define IPSET_TYPE_REV_MAX 5 /* nf_inet_addr netmask support */ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); @@ -89,7 +90,7 @@ struct hash_ip4_elem { __be32 ip; ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &ip); - ip &= ip_set_netmask(h->netmask); + ip &= h->netmask.mask.ip; if (ip == 0) return -EINVAL; @@ -122,7 +123,7 @@ struct hash_ip4_elem { if (ret) return ret; - ip &= ip_set_hostmask(h->netmask); + ip &= ntohl(h->netmask.mask.ip); if (adt == IPSET_TEST) { e.ip = htonl(ip); @@ -146,7 +147,7 @@ struct hash_ip4_elem { ip_set_mask_from_to(ip, ip_to, cidr); } - hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1); + hosts = (h->netmask.cidr == 32 || !h->netmask.cidr) ? 1 : 2 << (32 - h->netmask.cidr - 1); if (retried) ip = ntohl(h->next.ip); @@ -182,9 +183,9 @@ struct hash_ip6_elem { } static inline void -hash_ip6_netmask(union nf_inet_addr *ip, u8 prefix) +hash_ip6_netmask(union nf_inet_addr *ip, const union nf_inet_addr *mask) { - ip6_netmask(ip, prefix); + nf_inet_addr_mask_inplace(ip, mask); } static bool @@ -223,7 +224,7 @@ struct hash_ip6_elem { struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6); - hash_ip6_netmask(&e.ip, h->netmask); + hash_ip6_netmask(&e.ip, &h->netmask.mask); if (ipv6_addr_any(&e.ip.in6)) return -EINVAL; @@ -262,7 +263,7 @@ struct hash_ip6_elem { if (ret) return ret; - hash_ip6_netmask(&e.ip, h->netmask); + hash_ip6_netmask(&e.ip, &h->netmask.mask); if (ipv6_addr_any(&e.ip.in6)) return -IPSET_ERR_HASH_ELEM; @@ -286,7 +287,8 @@ struct hash_ip6_elem { [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, - [IPSET_ATTR_NETMASK] = { .type = NLA_U8 }, + [IPSET_ATTR_NETMASK] = { .type = NLA_U8 }, + [IPSET_ATTR_NETMASK_MASK] = { .type = NLA_NESTED }, [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, }, .adt_policy = {