1 /* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org> 2 * 3 * This program is free software; you can redistribute it and/or modify 4 * it under the terms of the GNU General Public License version 2 as 5 * published by the Free Software Foundation. 6 */ 7 8 /* Kernel module implementing an IP set type: the hash:ip,port,net type */ 9 10 #include <linux/jhash.h> 11 #include <linux/module.h> 12 #include <linux/ip.h> 13 #include <linux/skbuff.h> 14 #include <linux/errno.h> 15 #include <linux/random.h> 16 #include <net/ip.h> 17 #include <net/ipv6.h> 18 #include <net/netlink.h> 19 #include <net/tcp.h> 20 21 #include <linux/netfilter.h> 22 #include <linux/netfilter/ipset/pfxlen.h> 23 #include <linux/netfilter/ipset/ip_set.h> 24 #include <linux/netfilter/ipset/ip_set_getport.h> 25 #include <linux/netfilter/ipset/ip_set_hash.h> 26 27 #define IPSET_TYPE_REV_MIN 0 28 /* 0 Comments support added */ 29 /* 1 Forceadd support added */ 30 #define IPSET_TYPE_REV_MAX 2 /* skbinfo support added */ 31 32 MODULE_LICENSE("GPL"); 33 MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>"); 34 IP_SET_MODULE_DESC("hash:net,port,net", IPSET_TYPE_REV_MIN, IPSET_TYPE_REV_MAX); 35 MODULE_ALIAS("ip_set_hash:net,port,net"); 36 37 /* Type specific function prefix */ 38 #define HTYPE hash_netportnet 39 #define IP_SET_HASH_WITH_PROTO 40 #define IP_SET_HASH_WITH_NETS 41 #define IPSET_NET_COUNT 2 42 43 /* IPv4 variant */ 44 45 /* Member elements */ 46 struct hash_netportnet4_elem { 47 union { 48 __be32 ip[2]; 49 __be64 ipcmp; 50 }; 51 __be16 port; 52 union { 53 u8 cidr[2]; 54 u16 ccmp; 55 }; 56 u16 padding; 57 u8 nomatch; 58 u8 proto; 59 }; 60 61 /* Common functions */ 62 63 static inline bool 64 hash_netportnet4_data_equal(const struct hash_netportnet4_elem *ip1, 65 const struct hash_netportnet4_elem *ip2, 66 u32 *multi) 67 { 68 return ip1->ipcmp == ip2->ipcmp && 69 ip1->ccmp == ip2->ccmp && 70 ip1->port == ip2->port && 71 ip1->proto == ip2->proto; 72 } 73 74 static inline int 75 hash_netportnet4_do_data_match(const struct hash_netportnet4_elem *elem) 76 { 77 return elem->nomatch ? -ENOTEMPTY : 1; 78 } 79 80 static inline void 81 hash_netportnet4_data_set_flags(struct hash_netportnet4_elem *elem, u32 flags) 82 { 83 elem->nomatch = !!((flags >> 16) & IPSET_FLAG_NOMATCH); 84 } 85 86 static inline void 87 hash_netportnet4_data_reset_flags(struct hash_netportnet4_elem *elem, u8 *flags) 88 { 89 swap(*flags, elem->nomatch); 90 } 91 92 static inline void 93 hash_netportnet4_data_reset_elem(struct hash_netportnet4_elem *elem, 94 struct hash_netportnet4_elem *orig) 95 { 96 elem->ip[1] = orig->ip[1]; 97 } 98 99 static inline void 100 hash_netportnet4_data_netmask(struct hash_netportnet4_elem *elem, 101 u8 cidr, bool inner) 102 { 103 if (inner) { 104 elem->ip[1] &= ip_set_netmask(cidr); 105 elem->cidr[1] = cidr; 106 } else { 107 elem->ip[0] &= ip_set_netmask(cidr); 108 elem->cidr[0] = cidr; 109 } 110 } 111 112 static bool 113 hash_netportnet4_data_list(struct sk_buff *skb, 114 const struct hash_netportnet4_elem *data) 115 { 116 u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; 117 118 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip[0]) || 119 nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip[1]) || 120 nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || 121 nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) || 122 nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr[1]) || 123 nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || 124 (flags && 125 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) 126 goto nla_put_failure; 127 return false; 128 129 nla_put_failure: 130 return true; 131 } 132 133 static inline void 134 hash_netportnet4_data_next(struct hash_netportnet4_elem *next, 135 const struct hash_netportnet4_elem *d) 136 { 137 next->ipcmp = d->ipcmp; 138 next->port = d->port; 139 } 140 141 #define MTYPE hash_netportnet4 142 #define HOST_MASK 32 143 #include "ip_set_hash_gen.h" 144 145 static void 146 hash_netportnet4_init(struct hash_netportnet4_elem *e) 147 { 148 e->cidr[0] = HOST_MASK; 149 e->cidr[1] = HOST_MASK; 150 } 151 152 static int 153 hash_netportnet4_kadt(struct ip_set *set, const struct sk_buff *skb, 154 const struct xt_action_param *par, 155 enum ipset_adt adt, struct ip_set_adt_opt *opt) 156 { 157 const struct hash_netportnet4 *h = set->data; 158 ipset_adtfn adtfn = set->variant->adt[adt]; 159 struct hash_netportnet4_elem e = { }; 160 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); 161 162 e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); 163 e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); 164 if (adt == IPSET_TEST) 165 e.ccmp = (HOST_MASK << (sizeof(e.cidr[0]) * 8)) | HOST_MASK; 166 167 if (!ip_set_get_ip4_port(skb, opt->flags & IPSET_DIM_TWO_SRC, 168 &e.port, &e.proto)) 169 return -EINVAL; 170 171 ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0]); 172 ip4addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip[1]); 173 e.ip[0] &= ip_set_netmask(e.cidr[0]); 174 e.ip[1] &= ip_set_netmask(e.cidr[1]); 175 176 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); 177 } 178 179 static int 180 hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[], 181 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) 182 { 183 const struct hash_netportnet4 *h = set->data; 184 ipset_adtfn adtfn = set->variant->adt[adt]; 185 struct hash_netportnet4_elem e = { }; 186 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); 187 u32 ip = 0, ip_to = 0, p = 0, port, port_to; 188 u32 ip2_from = 0, ip2_to = 0, ip2; 189 bool with_ports = false; 190 int ret; 191 192 if (tb[IPSET_ATTR_LINENO]) 193 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); 194 195 hash_netportnet4_init(&e); 196 if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || 197 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 198 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 199 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 200 return -IPSET_ERR_PROTOCOL; 201 202 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &ip); 203 if (ret) 204 return ret; 205 206 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2], &ip2_from); 207 if (ret) 208 return ret; 209 210 ret = ip_set_get_extensions(set, tb, &ext); 211 if (ret) 212 return ret; 213 214 if (tb[IPSET_ATTR_CIDR]) { 215 e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); 216 if (e.cidr[0] > HOST_MASK) 217 return -IPSET_ERR_INVALID_CIDR; 218 } 219 220 if (tb[IPSET_ATTR_CIDR2]) { 221 e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); 222 if (e.cidr[1] > HOST_MASK) 223 return -IPSET_ERR_INVALID_CIDR; 224 } 225 226 e.port = nla_get_be16(tb[IPSET_ATTR_PORT]); 227 228 if (tb[IPSET_ATTR_PROTO]) { 229 e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); 230 with_ports = ip_set_proto_with_ports(e.proto); 231 232 if (e.proto == 0) 233 return -IPSET_ERR_INVALID_PROTO; 234 } else { 235 return -IPSET_ERR_MISSING_PROTO; 236 } 237 238 if (!(with_ports || e.proto == IPPROTO_ICMP)) 239 e.port = 0; 240 241 if (tb[IPSET_ATTR_CADT_FLAGS]) { 242 u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 243 244 if (cadt_flags & IPSET_FLAG_NOMATCH) 245 flags |= (IPSET_FLAG_NOMATCH << 16); 246 } 247 248 with_ports = with_ports && tb[IPSET_ATTR_PORT_TO]; 249 if (adt == IPSET_TEST || 250 !(tb[IPSET_ATTR_IP_TO] || with_ports || tb[IPSET_ATTR_IP2_TO])) { 251 e.ip[0] = htonl(ip & ip_set_hostmask(e.cidr[0])); 252 e.ip[1] = htonl(ip2_from & ip_set_hostmask(e.cidr[1])); 253 ret = adtfn(set, &e, &ext, &ext, flags); 254 return ip_set_enomatch(ret, flags, adt, set) ? -ret : 255 ip_set_eexist(ret, flags) ? 0 : ret; 256 } 257 258 ip_to = ip; 259 if (tb[IPSET_ATTR_IP_TO]) { 260 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); 261 if (ret) 262 return ret; 263 if (ip > ip_to) 264 swap(ip, ip_to); 265 if (unlikely(ip + UINT_MAX == ip_to)) 266 return -IPSET_ERR_HASH_RANGE; 267 } else { 268 ip_set_mask_from_to(ip, ip_to, e.cidr[0]); 269 } 270 271 port_to = port = ntohs(e.port); 272 if (tb[IPSET_ATTR_PORT_TO]) { 273 port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); 274 if (port > port_to) 275 swap(port, port_to); 276 } 277 278 ip2_to = ip2_from; 279 if (tb[IPSET_ATTR_IP2_TO]) { 280 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to); 281 if (ret) 282 return ret; 283 if (ip2_from > ip2_to) 284 swap(ip2_from, ip2_to); 285 if (unlikely(ip2_from + UINT_MAX == ip2_to)) 286 return -IPSET_ERR_HASH_RANGE; 287 } else { 288 ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]); 289 } 290 291 if (retried) { 292 ip = ntohl(h->next.ip[0]); 293 p = ntohs(h->next.port); 294 ip2 = ntohl(h->next.ip[1]); 295 } else { 296 p = port; 297 ip2 = ip2_from; 298 } 299 300 do { 301 e.ip[0] = htonl(ip); 302 ip = ip_set_range_to_cidr(ip, ip_to, &e.cidr[0]); 303 for (; p <= port_to; p++) { 304 e.port = htons(p); 305 do { 306 e.ip[1] = htonl(ip2); 307 ip2 = ip_set_range_to_cidr(ip2, ip2_to, 308 &e.cidr[1]); 309 ret = adtfn(set, &e, &ext, &ext, flags); 310 if (ret && !ip_set_eexist(ret, flags)) 311 return ret; 312 313 ret = 0; 314 } while (ip2++ < ip2_to); 315 ip2 = ip2_from; 316 } 317 p = port; 318 } while (ip++ < ip_to); 319 return ret; 320 } 321 322 /* IPv6 variant */ 323 324 struct hash_netportnet6_elem { 325 union nf_inet_addr ip[2]; 326 __be16 port; 327 union { 328 u8 cidr[2]; 329 u16 ccmp; 330 }; 331 u16 padding; 332 u8 nomatch; 333 u8 proto; 334 }; 335 336 /* Common functions */ 337 338 static inline bool 339 hash_netportnet6_data_equal(const struct hash_netportnet6_elem *ip1, 340 const struct hash_netportnet6_elem *ip2, 341 u32 *multi) 342 { 343 return ipv6_addr_equal(&ip1->ip[0].in6, &ip2->ip[0].in6) && 344 ipv6_addr_equal(&ip1->ip[1].in6, &ip2->ip[1].in6) && 345 ip1->ccmp == ip2->ccmp && 346 ip1->port == ip2->port && 347 ip1->proto == ip2->proto; 348 } 349 350 static inline int 351 hash_netportnet6_do_data_match(const struct hash_netportnet6_elem *elem) 352 { 353 return elem->nomatch ? -ENOTEMPTY : 1; 354 } 355 356 static inline void 357 hash_netportnet6_data_set_flags(struct hash_netportnet6_elem *elem, u32 flags) 358 { 359 elem->nomatch = !!((flags >> 16) & IPSET_FLAG_NOMATCH); 360 } 361 362 static inline void 363 hash_netportnet6_data_reset_flags(struct hash_netportnet6_elem *elem, u8 *flags) 364 { 365 swap(*flags, elem->nomatch); 366 } 367 368 static inline void 369 hash_netportnet6_data_reset_elem(struct hash_netportnet6_elem *elem, 370 struct hash_netportnet6_elem *orig) 371 { 372 elem->ip[1] = orig->ip[1]; 373 } 374 375 static inline void 376 hash_netportnet6_data_netmask(struct hash_netportnet6_elem *elem, 377 u8 cidr, bool inner) 378 { 379 if (inner) { 380 ip6_netmask(&elem->ip[1], cidr); 381 elem->cidr[1] = cidr; 382 } else { 383 ip6_netmask(&elem->ip[0], cidr); 384 elem->cidr[0] = cidr; 385 } 386 } 387 388 static bool 389 hash_netportnet6_data_list(struct sk_buff *skb, 390 const struct hash_netportnet6_elem *data) 391 { 392 u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; 393 394 if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip[0].in6) || 395 nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip[1].in6) || 396 nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || 397 nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr[0]) || 398 nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr[1]) || 399 nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || 400 (flags && 401 nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) 402 goto nla_put_failure; 403 return false; 404 405 nla_put_failure: 406 return true; 407 } 408 409 static inline void 410 hash_netportnet6_data_next(struct hash_netportnet6_elem *next, 411 const struct hash_netportnet6_elem *d) 412 { 413 next->port = d->port; 414 } 415 416 #undef MTYPE 417 #undef HOST_MASK 418 419 #define MTYPE hash_netportnet6 420 #define HOST_MASK 128 421 #define IP_SET_EMIT_CREATE 422 #include "ip_set_hash_gen.h" 423 424 static void 425 hash_netportnet6_init(struct hash_netportnet6_elem *e) 426 { 427 e->cidr[0] = HOST_MASK; 428 e->cidr[1] = HOST_MASK; 429 } 430 431 static int 432 hash_netportnet6_kadt(struct ip_set *set, const struct sk_buff *skb, 433 const struct xt_action_param *par, 434 enum ipset_adt adt, struct ip_set_adt_opt *opt) 435 { 436 const struct hash_netportnet6 *h = set->data; 437 ipset_adtfn adtfn = set->variant->adt[adt]; 438 struct hash_netportnet6_elem e = { }; 439 struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); 440 441 e.cidr[0] = INIT_CIDR(h->nets[0].cidr[0], HOST_MASK); 442 e.cidr[1] = INIT_CIDR(h->nets[0].cidr[1], HOST_MASK); 443 if (adt == IPSET_TEST) 444 e.ccmp = (HOST_MASK << (sizeof(u8) * 8)) | HOST_MASK; 445 446 if (!ip_set_get_ip6_port(skb, opt->flags & IPSET_DIM_TWO_SRC, 447 &e.port, &e.proto)) 448 return -EINVAL; 449 450 ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip[0].in6); 451 ip6addrptr(skb, opt->flags & IPSET_DIM_THREE_SRC, &e.ip[1].in6); 452 ip6_netmask(&e.ip[0], e.cidr[0]); 453 ip6_netmask(&e.ip[1], e.cidr[1]); 454 455 return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); 456 } 457 458 static int 459 hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[], 460 enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) 461 { 462 const struct hash_netportnet6 *h = set->data; 463 ipset_adtfn adtfn = set->variant->adt[adt]; 464 struct hash_netportnet6_elem e = { }; 465 struct ip_set_ext ext = IP_SET_INIT_UEXT(set); 466 u32 port, port_to; 467 bool with_ports = false; 468 int ret; 469 470 if (tb[IPSET_ATTR_LINENO]) 471 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); 472 473 hash_netportnet6_init(&e); 474 if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] || 475 !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || 476 !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || 477 !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS))) 478 return -IPSET_ERR_PROTOCOL; 479 if (unlikely(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_IP2_TO])) 480 return -IPSET_ERR_HASH_RANGE_UNSUPPORTED; 481 482 ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP], &e.ip[0]); 483 if (ret) 484 return ret; 485 486 ret = ip_set_get_ipaddr6(tb[IPSET_ATTR_IP2], &e.ip[1]); 487 if (ret) 488 return ret; 489 490 ret = ip_set_get_extensions(set, tb, &ext); 491 if (ret) 492 return ret; 493 494 if (tb[IPSET_ATTR_CIDR]) { 495 e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); 496 if (e.cidr[0] > HOST_MASK) 497 return -IPSET_ERR_INVALID_CIDR; 498 } 499 500 if (tb[IPSET_ATTR_CIDR2]) { 501 e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); 502 if (e.cidr[1] > HOST_MASK) 503 return -IPSET_ERR_INVALID_CIDR; 504 } 505 506 ip6_netmask(&e.ip[0], e.cidr[0]); 507 ip6_netmask(&e.ip[1], e.cidr[1]); 508 509 e.port = nla_get_be16(tb[IPSET_ATTR_PORT]); 510 511 if (tb[IPSET_ATTR_PROTO]) { 512 e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]); 513 with_ports = ip_set_proto_with_ports(e.proto); 514 515 if (e.proto == 0) 516 return -IPSET_ERR_INVALID_PROTO; 517 } else { 518 return -IPSET_ERR_MISSING_PROTO; 519 } 520 521 if (!(with_ports || e.proto == IPPROTO_ICMPV6)) 522 e.port = 0; 523 524 if (tb[IPSET_ATTR_CADT_FLAGS]) { 525 u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); 526 527 if (cadt_flags & IPSET_FLAG_NOMATCH) 528 flags |= (IPSET_FLAG_NOMATCH << 16); 529 } 530 531 if (adt == IPSET_TEST || !with_ports || !tb[IPSET_ATTR_PORT_TO]) { 532 ret = adtfn(set, &e, &ext, &ext, flags); 533 return ip_set_enomatch(ret, flags, adt, set) ? -ret : 534 ip_set_eexist(ret, flags) ? 0 : ret; 535 } 536 537 port = ntohs(e.port); 538 port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); 539 if (port > port_to) 540 swap(port, port_to); 541 542 if (retried) 543 port = ntohs(h->next.port); 544 for (; port <= port_to; port++) { 545 e.port = htons(port); 546 ret = adtfn(set, &e, &ext, &ext, flags); 547 548 if (ret && !ip_set_eexist(ret, flags)) 549 return ret; 550 551 ret = 0; 552 } 553 return ret; 554 } 555 556 static struct ip_set_type hash_netportnet_type __read_mostly = { 557 .name = "hash:net,port,net", 558 .protocol = IPSET_PROTOCOL, 559 .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2 | 560 IPSET_TYPE_NOMATCH, 561 .dimension = IPSET_DIM_THREE, 562 .family = NFPROTO_UNSPEC, 563 .revision_min = IPSET_TYPE_REV_MIN, 564 .revision_max = IPSET_TYPE_REV_MAX, 565 .create = hash_netportnet_create, 566 .create_policy = { 567 [IPSET_ATTR_HASHSIZE] = { .type = NLA_U32 }, 568 [IPSET_ATTR_MAXELEM] = { .type = NLA_U32 }, 569 [IPSET_ATTR_PROBES] = { .type = NLA_U8 }, 570 [IPSET_ATTR_RESIZE] = { .type = NLA_U8 }, 571 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 572 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, 573 }, 574 .adt_policy = { 575 [IPSET_ATTR_IP] = { .type = NLA_NESTED }, 576 [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED }, 577 [IPSET_ATTR_IP2] = { .type = NLA_NESTED }, 578 [IPSET_ATTR_IP2_TO] = { .type = NLA_NESTED }, 579 [IPSET_ATTR_PORT] = { .type = NLA_U16 }, 580 [IPSET_ATTR_PORT_TO] = { .type = NLA_U16 }, 581 [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, 582 [IPSET_ATTR_CIDR2] = { .type = NLA_U8 }, 583 [IPSET_ATTR_PROTO] = { .type = NLA_U8 }, 584 [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, 585 [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, 586 [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, 587 [IPSET_ATTR_BYTES] = { .type = NLA_U64 }, 588 [IPSET_ATTR_PACKETS] = { .type = NLA_U64 }, 589 [IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING, 590 .len = IPSET_MAX_COMMENT_SIZE }, 591 [IPSET_ATTR_SKBMARK] = { .type = NLA_U64 }, 592 [IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 }, 593 [IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 }, 594 }, 595 .me = THIS_MODULE, 596 }; 597 598 static int __init 599 hash_netportnet_init(void) 600 { 601 return ip_set_type_register(&hash_netportnet_type); 602 } 603 604 static void __exit 605 hash_netportnet_fini(void) 606 { 607 rcu_barrier(); 608 ip_set_type_unregister(&hash_netportnet_type); 609 } 610 611 module_init(hash_netportnet_init); 612 module_exit(hash_netportnet_fini); 613