Rewind v3.13-rc3+ (78fd82238d0e5716) to v3.12

3 files changed, 28 insertions, 194 deletions

diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index c7174b8..9ac9fbd 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -49,68 +49,31 @@ enum ip_set_feature {
 
 /* Set extensions */
 enum ip_set_extension {
-	IPSET_EXT_BIT_TIMEOUT = 0,
+	IPSET_EXT_NONE = 0,
+	IPSET_EXT_BIT_TIMEOUT = 1,
 	IPSET_EXT_TIMEOUT = (1 << IPSET_EXT_BIT_TIMEOUT),
-	IPSET_EXT_BIT_COUNTER = 1,
+	IPSET_EXT_BIT_COUNTER = 2,
 	IPSET_EXT_COUNTER = (1 << IPSET_EXT_BIT_COUNTER),
-	IPSET_EXT_BIT_COMMENT = 2,
-	IPSET_EXT_COMMENT = (1 << IPSET_EXT_BIT_COMMENT),
-	/* Mark set with an extension which needs to call destroy */
-	IPSET_EXT_BIT_DESTROY = 7,
-	IPSET_EXT_DESTROY = (1 << IPSET_EXT_BIT_DESTROY),
 };
 
-#define SET_WITH_TIMEOUT(s)	((s)->extensions & IPSET_EXT_TIMEOUT)
-#define SET_WITH_COUNTER(s)	((s)->extensions & IPSET_EXT_COUNTER)
-#define SET_WITH_COMMENT(s)	((s)->extensions & IPSET_EXT_COMMENT)
-
-/* Extension id, in size order */
-enum ip_set_ext_id {
-	IPSET_EXT_ID_COUNTER = 0,
-	IPSET_EXT_ID_TIMEOUT,
-	IPSET_EXT_ID_COMMENT,
-	IPSET_EXT_ID_MAX,
+/* Extension offsets */
+enum ip_set_offset {
+	IPSET_OFFSET_TIMEOUT = 0,
+	IPSET_OFFSET_COUNTER,
+	IPSET_OFFSET_MAX,
 };
 
-/* Extension type */
-struct ip_set_ext_type {
-	/* Destroy extension private data (can be NULL) */
-	void (*destroy)(void *ext);
-	enum ip_set_extension type;
-	enum ipset_cadt_flags flag;
-	/* Size and minimal alignment */
-	u8 len;
-	u8 align;
-};
-
-extern const struct ip_set_ext_type ip_set_extensions[];
+#define SET_WITH_TIMEOUT(s)	((s)->extensions & IPSET_EXT_TIMEOUT)
+#define SET_WITH_COUNTER(s)	((s)->extensions & IPSET_EXT_COUNTER)
 
 struct ip_set_ext {
+	unsigned long timeout;
 	u64 packets;
 	u64 bytes;
-	u32 timeout;
-	char *comment;
-};
-
-struct ip_set_counter {
-	atomic64_t bytes;
-	atomic64_t packets;
-};
-
-struct ip_set_comment {
-	char *str;
 };
 
 struct ip_set;
 
-#define ext_timeout(e, s)	\
-(unsigned long *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_TIMEOUT])
-#define ext_counter(e, s)	\
-(struct ip_set_counter *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_COUNTER])
-#define ext_comment(e, s)	\
-(struct ip_set_comment *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_COMMENT])
-
-
 typedef int (*ipset_adtfn)(struct ip_set *set, void *value,
 			   const struct ip_set_ext *ext,
 			   struct ip_set_ext *mext, u32 cmdflags);
@@ -184,8 +147,7 @@ struct ip_set_type {
 	u8 revision_min, revision_max;
 
 	/* Create set */
-	int (*create)(struct net *net, struct ip_set *set,
-		      struct nlattr *tb[], u32 flags);
+	int (*create)(struct ip_set *set, struct nlattr *tb[], u32 flags);
 
 	/* Attribute policies */
 	const struct nla_policy create_policy[IPSET_ATTR_CREATE_MAX + 1];
@@ -217,45 +179,14 @@ struct ip_set {
 	u8 revision;
 	/* Extensions */
 	u8 extensions;
-	/* Default timeout value, if enabled */
-	u32 timeout;
-	/* Element data size */
-	size_t dsize;
-	/* Offsets to extensions in elements */
-	size_t offset[IPSET_EXT_ID_MAX];
 	/* The type specific data */
 	void *data;
 };
 
-static inline void
-ip_set_ext_destroy(struct ip_set *set, void *data)
-{
-	/* Check that the extension is enabled for the set and
-	 * call it's destroy function for its extension part in data.
-	 */
-	if (SET_WITH_COMMENT(set))
-		ip_set_extensions[IPSET_EXT_ID_COMMENT].destroy(
-			ext_comment(data, set));
-}
-
-static inline int
-ip_set_put_flags(struct sk_buff *skb, struct ip_set *set)
-{
-	u32 cadt_flags = 0;
-
-	if (SET_WITH_TIMEOUT(set))
-		if (unlikely(nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
-					   htonl(set->timeout))))
-			return -EMSGSIZE;
-	if (SET_WITH_COUNTER(set))
-		cadt_flags |= IPSET_FLAG_WITH_COUNTERS;
-	if (SET_WITH_COMMENT(set))
-		cadt_flags |= IPSET_FLAG_WITH_COMMENT;
-
-	if (!cadt_flags)
-		return 0;
-	return nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(cadt_flags));
-}
+struct ip_set_counter {
+	atomic64_t bytes;
+	atomic64_t packets;
+};
 
 static inline void
 ip_set_add_bytes(u64 bytes, struct ip_set_counter *counter)
@@ -316,24 +247,13 @@ ip_set_init_counter(struct ip_set_counter *counter,
 		atomic64_set(&(counter)->packets, (long long)(ext->packets));
 }
 
-/* Netlink CB args */
-enum {
-	IPSET_CB_NET = 0,
-	IPSET_CB_DUMP,
-	IPSET_CB_INDEX,
-	IPSET_CB_ARG0,
-	IPSET_CB_ARG1,
-	IPSET_CB_ARG2,
-};
-
 /* register and unregister set references */
-extern ip_set_id_t ip_set_get_byname(struct net *net,
-				     const char *name, struct ip_set **set);
-extern void ip_set_put_byindex(struct net *net, ip_set_id_t index);
-extern const char *ip_set_name_byindex(struct net *net, ip_set_id_t index);
-extern ip_set_id_t ip_set_nfnl_get(struct net *net, const char *name);
-extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index);
-extern void ip_set_nfnl_put(struct net *net, ip_set_id_t index);
+extern ip_set_id_t ip_set_get_byname(const char *name, struct ip_set **set);
+extern void ip_set_put_byindex(ip_set_id_t index);
+extern const char *ip_set_name_byindex(ip_set_id_t index);
+extern ip_set_id_t ip_set_nfnl_get(const char *name);
+extern ip_set_id_t ip_set_nfnl_get_byindex(ip_set_id_t index);
+extern void ip_set_nfnl_put(ip_set_id_t index);
 
 /* API for iptables set match, and SET target */
 
@@ -352,8 +272,6 @@ extern void *ip_set_alloc(size_t size);
 extern void ip_set_free(void *members);
 extern int ip_set_get_ipaddr4(struct nlattr *nla,  __be32 *ipaddr);
 extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr);
-extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[],
-			      size_t len);
 extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
 				 struct ip_set_ext *ext);
 
@@ -471,40 +389,13 @@ bitmap_bytes(u32 a, u32 b)
 }
 
 #include <linux/netfilter/ipset/ip_set_timeout.h>
-#include <linux/netfilter/ipset/ip_set_comment.h>
-
-static inline int
-ip_set_put_extensions(struct sk_buff *skb, const struct ip_set *set,
-		      const void *e, bool active)
-{
-	if (SET_WITH_TIMEOUT(set)) {
-		unsigned long *timeout = ext_timeout(e, set);
-
-		if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
-			htonl(active ? ip_set_timeout_get(timeout)
-				: *timeout)))
-			return -EMSGSIZE;
-	}
-	if (SET_WITH_COUNTER(set) &&
-	    ip_set_put_counter(skb, ext_counter(e, set)))
-		return -EMSGSIZE;
-	if (SET_WITH_COMMENT(set) &&
-	    ip_set_put_comment(skb, ext_comment(e, set)))
-		return -EMSGSIZE;
-	return 0;
-}
 
-#define IP_SET_INIT_KEXT(skb, opt, set)			\
+#define IP_SET_INIT_KEXT(skb, opt, map)			\
 	{ .bytes = (skb)->len, .packets = 1,		\
-	  .timeout = ip_set_adt_opt_timeout(opt, set) }
+	  .timeout = ip_set_adt_opt_timeout(opt, map) }
 
-#define IP_SET_INIT_UEXT(set)				\
+#define IP_SET_INIT_UEXT(map)				\
 	{ .bytes = ULLONG_MAX, .packets = ULLONG_MAX,	\
-	  .timeout = (set)->timeout }
-
-#define IP_SET_INIT_CIDR(a, b) ((a) ? (a) : (b))
-
-#define IPSET_CONCAT(a, b)		a##b
-#define IPSET_TOKEN(a, b)		IPSET_CONCAT(a, b)
+	  .timeout = (map)->timeout }
 
 #endif /*_IP_SET_H */
diff --git a/include/linux/netfilter/ipset/ip_set_comment.h b/include/linux/netfilter/ipset/ip_set_comment.h
deleted file mode 100644
index 21217ea..0000000
--- a/include/linux/netfilter/ipset/ip_set_comment.h
+++ /dev/null
@@ -1,57 +0,0 @@
-#ifndef _IP_SET_COMMENT_H
-#define _IP_SET_COMMENT_H
-
-/* Copyright (C) 2013 Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifdef __KERNEL__
-
-static inline char*
-ip_set_comment_uget(struct nlattr *tb)
-{
-	return nla_data(tb);
-}
-
-static inline void
-ip_set_init_comment(struct ip_set_comment *comment,
-		    const struct ip_set_ext *ext)
-{
-	size_t len = ext->comment ? strlen(ext->comment) : 0;
-
-	if (unlikely(comment->str)) {
-		kfree(comment->str);
-		comment->str = NULL;
-	}
-	if (!len)
-		return;
-	if (unlikely(len > IPSET_MAX_COMMENT_SIZE))
-		len = IPSET_MAX_COMMENT_SIZE;
-	comment->str = kzalloc(len + 1, GFP_ATOMIC);
-	if (unlikely(!comment->str))
-		return;
-	strlcpy(comment->str, ext->comment, len + 1);
-}
-
-static inline int
-ip_set_put_comment(struct sk_buff *skb, struct ip_set_comment *comment)
-{
-	if (!comment->str)
-		return 0;
-	return nla_put_string(skb, IPSET_ATTR_COMMENT, comment->str);
-}
-
-static inline void
-ip_set_comment_free(struct ip_set_comment *comment)
-{
-	if (unlikely(!comment->str))
-		return;
-	kfree(comment->str);
-	comment->str = NULL;
-}
-
-#endif
-#endif
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index 83c2f9e..3aac041 100644
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -23,8 +23,8 @@
 /* Set is defined with timeout support: timeout value may be 0 */
 #define IPSET_NO_TIMEOUT	UINT_MAX
 
-#define ip_set_adt_opt_timeout(opt, set)	\
-((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout)
+#define ip_set_adt_opt_timeout(opt, map)	\
+((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (map)->timeout)
 
 static inline unsigned int
 ip_set_timeout_uget(struct nlattr *tb)