#include <linux/netfilter_ipv4/ip_set_iphash.h>
#include <linux/netfilter_ipv4/ip_set_jhash.h>
+static int limit = MAX_RANGE;
+
static inline __u32
jhash_ip(const struct ip_set_iphash *map, uint16_t i, ip_set_ip_t ip)
{
static inline int
__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip)
{
- return (hash_id(set, ip, hash_ip) != UINT_MAX);
+ return (ip && hash_id(set, ip, hash_ip) != UINT_MAX);
}
static int
__u32 probe;
u_int16_t i;
ip_set_ip_t *elem;
+
+ if (!ip || map->elements > limit)
+ return -ERANGE;
*hash_ip = ip & map->netmask;
return -EEXIST;
if (!*elem) {
*elem = *hash_ip;
+ map->elements++;
return 0;
}
}
return -ENOMEM;
}
tmp->hashsize = hashsize;
+ tmp->elements = 0;
tmp->probes = map->probes;
tmp->resize = map->resize;
tmp->netmask = map->netmask;
__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip)
{
struct ip_set_iphash *map = (struct ip_set_iphash *) set->data;
- ip_set_ip_t id = hash_id(set, ip, hash_ip);
- ip_set_ip_t *elem;
+ ip_set_ip_t id, *elem;
+
+ if (!ip)
+ return -ERANGE;
+ id = hash_id(set, ip, hash_ip);
if (id == UINT_MAX)
return -EEXIST;
elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
*elem = 0;
+ map->elements--;
return 0;
}
}
for (i = 0; i < req->probes; i++)
get_random_bytes(((uint32_t *) map->initval)+i, 4);
+ map->elements = 0;
map->hashsize = req->hashsize;
map->probes = req->probes;
map->resize = req->resize;
{
struct ip_set_iphash *map = (struct ip_set_iphash *) set->data;
harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t));
+ map->elements = 0;
}
static void list_header(const struct ip_set *set, void *data)
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("iphash type of IP sets");
+module_param(limit, int, 0600);
+MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
static int __init init(void)
{