#include <linux/netfilter_ipv4/ip_set_nethash.h>
#include <linux/netfilter_ipv4/ip_set_jhash.h>
+static int limit = MAX_RANGE;
+
static inline __u32
jhash_ip(const struct ip_set_nethash *map, uint16_t i, ip_set_ip_t ip)
{
{
struct ip_set_nethash *map = (struct ip_set_nethash *) set->data;
- return (hash_id_cidr(map, ip, cidr, hash_ip) != UINT_MAX);
+ return (ip && hash_id_cidr(map, ip, cidr, hash_ip) != UINT_MAX);
}
static inline int
__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip)
{
- return (hash_id(set, ip, hash_ip) != UINT_MAX);
+ return (ip && hash_id(set, ip, hash_ip) != UINT_MAX);
}
static int
return -EEXIST;
if (!*elem) {
*elem = ip;
+ map->elements++;
return 0;
}
}
__addip(struct ip_set_nethash *map, ip_set_ip_t ip, unsigned char cidr,
ip_set_ip_t *hash_ip)
{
+ if (!ip || map->elements > limit)
+ return -ERANGE;
+
*hash_ip = pack(ip, cidr);
DP("%u.%u.%u.%u/%u, %u.%u.%u.%u", HIPQUAD(ip), cidr, HIPQUAD(*hash_ip));
return -ENOMEM;
}
tmp->hashsize = hashsize;
+ tmp->elements = 0;
tmp->probes = map->probes;
tmp->resize = map->resize;
memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t));
__delip(struct ip_set_nethash *map, ip_set_ip_t ip, unsigned char cidr,
ip_set_ip_t *hash_ip)
{
- ip_set_ip_t id = hash_id_cidr(map, ip, cidr, hash_ip);
- ip_set_ip_t *elem;
+ ip_set_ip_t id, *elem;
+ if (!ip)
+ return -ERANGE;
+
+ id = hash_id_cidr(map, ip, cidr, hash_ip);
if (id == UINT_MAX)
return -EEXIST;
elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
*elem = 0;
+ map->elements--;
return 0;
}
}
for (i = 0; i < req->probes; i++)
get_random_bytes(((uint32_t *) map->initval)+i, 4);
+ map->elements = 0;
map->hashsize = req->hashsize;
map->probes = req->probes;
map->resize = req->resize;
struct ip_set_nethash *map = (struct ip_set_nethash *) set->data;
harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t));
memset(map->cidr, 0, 30 * sizeof(unsigned char));
+ map->elements = 0;
}
static void list_header(const struct ip_set *set, void *data)
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("nethash type of IP sets");
+module_param(limit, int, 0600);
+MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
static int __init init(void)
{