#include <linux/netfilter_ipv4/ip_set_ipporthash.h>
#include <linux/netfilter_ipv4/ip_set_jhash.h>
+static int limit = MAX_RANGE;
+
/* We must handle non-linear skbs */
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
return -EEXIST;
if (!*elem) {
*elem = hash_ip;
+ map->elements++;
return 0;
}
}
__addip(struct ip_set_ipporthash *map, ip_set_ip_t ip, ip_set_ip_t port,
ip_set_ip_t *hash_ip)
{
+ if (map->elements > limit)
+ return -ERANGE;
if (ip < map->first_ip || ip > map->last_ip)
return -ERANGE;
return -ENOMEM;
}
tmp->hashsize = hashsize;
+ tmp->elements = 0;
tmp->probes = map->probes;
tmp->resize = map->resize;
tmp->first_ip = map->first_ip;
elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
*elem = 0;
+ map->elements--;
return 0;
}
}
for (i = 0; i < req->probes; i++)
get_random_bytes(((uint32_t *) map->initval)+i, 4);
+ map->elements = 0;
map->hashsize = req->hashsize;
map->probes = req->probes;
map->resize = req->resize;
{
struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data;
harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t));
+ map->elements = 0;
}
static void list_header(const struct ip_set *set, void *data)
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("ipporthash type of IP sets");
+module_param(limit, int, 0600);
+MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
static int __init init(void)
{