AC_SUBST(HAVE_LIST_LAST_ENTRY, undef)
fi
+AC_MSG_CHECKING([kernel source for list_next_entry])
+if test -f $ksourcedir/include/linux/list.h && \
+ $GREP -q 'list_next_entry' $ksourcedir/include/linux/list.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_LIST_NEXT_ENTRY, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_LIST_NEXT_ENTRY, undef)
+fi
+
AC_MSG_CHECKING([kernel source for struct net_generic])
if test -f $ksourcedir/include/net/netns/generic.h && \
$GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
#include <linux/stringify.h>
#include <linux/vmalloc.h>
#include <net/netlink.h>
-#include <uapi/linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_compat.h>
+#include <uapi/linux/netfilter/ipset/ip_set.h>
#define _IP_SET_MODULE_DESC(a, b, c) \
MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)
#@HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET@ HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET
#@HAVE_TCF_EMATCH_STRUCT_NET@ HAVE_TCF_EMATCH_STRUCT_NET
#@HAVE_LIST_LAST_ENTRY@ HAVE_LIST_LAST_ENTRY
+#@HAVE_LIST_NEXT_ENTRY@ HAVE_LIST_NEXT_ENTRY
/* Not everything could be moved here. Compatibility stuffs can be found in
* xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too.
#endif
#endif
+#ifndef kfree_rcu
+
+static inline void kfree_call_rcu(struct rcu_head *head,
+ void (*func)(struct rcu_head *rcu))
+{
+ call_rcu(head, func);
+}
+
+#define __is_kfree_rcu_offset(offset) ((offset) < 4096)
+
+#define __kfree_rcu(head, offset) \
+do { \
+ BUILD_BUG_ON(!__is_kfree_rcu_offset(offset)); \
+ kfree_call_rcu(head, (void (*)(struct rcu_head *))(unsigned long)(offset)); \
+} while (0)
+
+#define kfree_rcu(ptr, rcu_head) \
+ __kfree_rcu(&((ptr)->rcu_head), offsetof(typeof(*(ptr)), rcu_head))
+#endif
+
#ifdef CHECK_KCONFIG
#ifndef CONFIG_SPARSE_RCU_POINTER
#error "CONFIG_SPARSE_RCU_POINTER must be enabled"
#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid
#endif
-#ifndef HAVE_NS_CAPABLE
+#ifndef HAVE_USER_NS_IN_STRUCT_NET
#define ns_capable(ns, cap) capable(cap)
#endif
-#ifdef HAVE_NFNL_LOCK_SUBSYS
-#define lock_nfnl() nfnl_lock(NFNL_SUBSYS_IPSET)
-#define unlock_nfnl() nfnl_unlock(NFNL_SUBSYS_IPSET)
-#else
-#define lock_nfnl() nfnl_lock()
-#define unlock_nfnl() nfnl_unlock()
+#ifndef HAVE_NFNL_LOCK_SUBSYS
+#define nfnl_lock(x) nfnl_lock()
+#define nfnl_unlock(x) nfnl_unlock()
+#endif
+
+#if HAVE_IPV6_SKIP_EXTHDR_ARGS == 3
+#define ipv6_skip_exthdr(skbuff, start, nexthdrp, frag_offp) \
+ ipv6_skip_exthdr(skbuff, start, nexthdrp)
#endif
#ifndef HAVE_KVFREE
#define list_last_entry(ptr, type, member) \
list_entry((ptr)->prev, type, member)
#endif
+#ifndef HAVE_LIST_NEXT_ENTRY
+#define list_next_entry(pos, member) \
+ list_entry((pos)->member.next, typeof(*(pos)), member)
+#define list_prev_entry(pos, member) \
+ list_entry((pos)->member.prev, typeof(*(pos)), member)
+#endif
+
+#ifndef __aligned_u64
+#define __aligned_u64 __u64
+#endif
+
+#ifndef pr_warn
+#define pr_warn pr_warning
+#endif
+
+#ifndef SIZE_MAX
+#define SIZE_MAX (~(size_t)0)
+#endif
#endif /* __IP_SET_COMPAT_H */
#ifndef _UAPI_IP_SET_H
#define _UAPI_IP_SET_H
-
#include <linux/types.h>
/* The protocol version */
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
-#include <linux/netlink.h>
#include <linux/rculist.h>
#include <net/netlink.h>
#include <net/net_namespace.h>
static bool
load_settype(const char *name)
{
- unlock_nfnl();
+ nfnl_unlock(NFNL_SUBSYS_IPSET);
pr_debug("try to load ip_set_%s\n", name);
if (request_module("ip_set_%s", name) < 0) {
pr_warn("Can't find ip_set type %s\n", name);
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
return false;
}
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
return true;
}
if (index >= inst->ip_set_max)
return IPSET_INVALID_ID;
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
set = ip_set(inst, index);
if (set)
__ip_set_get(set);
else
index = IPSET_INVALID_ID;
- unlock_nfnl();
+ nfnl_unlock(NFNL_SUBSYS_IPSET);
return index;
}
struct ip_set *set;
struct ip_set_net *inst = ip_set_pernet(net);
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
if (!inst->is_deleted) { /* already deleted from ip_set_net_exit() */
set = ip_set(inst, index);
if (set != NULL)
__ip_set_put(set);
}
- unlock_nfnl();
+ nfnl_unlock(NFNL_SUBSYS_IPSET);
}
EXPORT_SYMBOL_GPL(ip_set_nfnl_put);
struct net *net = sock_net(sk);
struct ip_set_net *inst = ip_set_pernet(net);
-#ifdef HAVE_USER_NS_IN_STRUCT_NET
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
-#else
- if (!capable(CAP_NET_ADMIN))
-#endif
return -EPERM;
if (optval != SO_IP_SET)
return -EBADF;
goto done;
}
req_get->set.name[IPSET_MAXNAMELEN - 1] = '\0';
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
find_set_and_id(inst, req_get->set.name, &id);
req_get->set.index = id;
- unlock_nfnl();
+ nfnl_unlock(NFNL_SUBSYS_IPSET);
goto copy;
}
case IP_SET_OP_GET_FNAME: {
goto done;
}
req_get->set.name[IPSET_MAXNAMELEN - 1] = '\0';
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
find_set_and_id(inst, req_get->set.name, &id);
req_get->set.index = id;
if (id != IPSET_INVALID_ID)
req_get->family = ip_set(inst, id)->family;
- unlock_nfnl();
+ nfnl_unlock(NFNL_SUBSYS_IPSET);
goto copy;
}
case IP_SET_OP_GET_BYINDEX: {
ret = -EINVAL;
goto done;
}
- lock_nfnl();
+ nfnl_lock(NFNL_SUBSYS_IPSET);
set = ip_set(inst, req_get->set.index);
strncpy(req_get->set.name, set ? set->name : "",
IPSET_MAXNAMELEN);
- unlock_nfnl();
+ nfnl_unlock(NFNL_SUBSYS_IPSET);
goto copy;
}
default:
__be16 frag_off = 0;
nexthdr = ipv6_hdr(skb)->nexthdr;
-#if HAVE_IPV6_SKIP_EXTHDR_ARGS == 4
protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
&frag_off);
-#else
- protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
-#endif
if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
return false;
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h"
-
static int
hash_ipmark6_kadt(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
map_opt.cmdflags |= info->flags & (IPSET_FLAG_MAP_SKBMARK |
IPSET_FLAG_MAP_SKBPRIO |
IPSET_FLAG_MAP_SKBQUEUE);
- ret = match_set(info->map_set.index, skb, par, &map_opt,
+ ret = match_set(info->map_set.index, skb, CAST_TO_MATCH par,
+ &map_opt,
info->map_set.flags & IPSET_INV_MATCH);
if (!ret)
return XT_CONTINUE;
projects / ipset / commitdiff