netfilter: ipset: Expose the initval hash parameter to userspace

It makes possible to reproduce exactly the same set after a save/restore.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h
index 398f7b909b7dfad460603e46989dfb121068afd2..6397d75899bcee4cb1f162c0fc779054c846d667 100644 (file)
--- a/include/uapi/linux/netfilter/ipset/ip_set.h
+++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -92,7 +92,7 @@ enum {
        /* Reserve empty slots */
        IPSET_ATTR_CADT_MAX = 16,
        /* Create-only specific attributes */
-       IPSET_ATTR_GC,
+       IPSET_ATTR_INITVAL,     /* was unused IPSET_ATTR_GC */
        IPSET_ATTR_HASHSIZE,
        IPSET_ATTR_MAXELEM,
        IPSET_ATTR_NETMASK,

diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 4e3544442b2633e022478d0dda194db69038756b..5f1208ad049eed33d54b6f201b2a17ce19dcbd54 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -1301,9 +1301,11 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
        if (nla_put_u32(skb, IPSET_ATTR_MARKMASK, h->markmask))
                goto nla_put_failure;
 #endif
-       if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE &&
-           nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize))
-               goto nla_put_failure;
+       if (set->flags & IPSET_CREATE_FLAG_BUCKETSIZE) {
+               if (nla_put_u8(skb, IPSET_ATTR_BUCKETSIZE, h->bucketsize) ||
+                   nla_put_net32(skb, IPSET_ATTR_INITVAL, htonl(h->initval)))
+                       goto nla_put_failure;
+       }
        if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref)) ||
            nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
            nla_put_net32(skb, IPSET_ATTR_ELEMENTS, htonl(elements)))
@@ -1546,7 +1548,10 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
 #ifdef IP_SET_HASH_WITH_MARKMASK
        h->markmask = markmask;
 #endif
-       get_random_bytes(&h->initval, sizeof(h->initval));
+       if (tb[IPSET_ATTR_INITVAL])
+               h->initval = ntohl(nla_get_be32(tb[IPSET_ATTR_INITVAL]));
+       else
+               get_random_bytes(&h->initval, sizeof(h->initval));
        h->bucketsize = AHASH_MAX_SIZE;
        if (tb[IPSET_ATTR_BUCKETSIZE]) {
                h->bucketsize = nla_get_u8(tb[IPSET_ATTR_BUCKETSIZE]);

diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index 0495d515c4980e9f2be9e474ec70fb76966211d6..d1bef23fd4f582698f44429e19a31b85e5a4bfa6 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -24,7 +24,7 @@
 /*                             2          Comments support */
 /*                             3          Forceadd support */
 /*                             4          skbinfo support */
-#define IPSET_TYPE_REV_MAX     5       /* bucketsize support  */
+#define IPSET_TYPE_REV_MAX     5       /* bucketsize, initval support  */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -283,6 +283,7 @@ static struct ip_set_type hash_ip_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_ipmac.c b/net/netfilter/ipset/ip_set_hash_ipmac.c
index 2655501f9fe38b6d8142cf89c2a8e6df0bbc5d93..467c59a83c0abc5e6740dc617a1d906fdae3eb41 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -23,7 +23,7 @@
 #include <linux/netfilter/ipset/ip_set_hash.h>
 
 #define IPSET_TYPE_REV_MIN     0
-#define IPSET_TYPE_REV_MAX     1       /* bucketsize support  */
+#define IPSET_TYPE_REV_MAX     1       /* bucketsize, initval support  */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Tomasz Chilinski <tomasz.chilinski@chilan.com>");
@@ -273,6 +273,7 @@ static struct ip_set_type hash_ipmac_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_ipmark.c b/net/netfilter/ipset/ip_set_hash_ipmark.c
index 5bbed85d0e47655b28f5e695bf0e5bd2d26d4ae7..18346d18aa16c4ca6e5c290260237f810cfb65c3 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipmark.c
+++ b/net/netfilter/ipset/ip_set_hash_ipmark.c
@@ -22,7 +22,7 @@
 #define IPSET_TYPE_REV_MIN     0
 /*                             1          Forceadd support */
 /*                             2          skbinfo support */
-#define IPSET_TYPE_REV_MAX     3       /* bucketsize support  */
+#define IPSET_TYPE_REV_MAX     3       /* bucketsize, initval support  */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Vytas Dauksa <vytas.dauksa@smoothwall.net>");
@@ -281,6 +281,7 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
                [IPSET_ATTR_MARKMASK]   = { .type = NLA_U32 },
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c
index c1ac2e89e2d3447b2bda5e713f375e7e3106eb89..e1ca111965158345bc7250851a046968367ad50b 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -26,7 +26,7 @@
 /*                             3    Comments support added */
 /*                             4    Forceadd support added */
 /*                             5    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     6 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     6 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -347,6 +347,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_PROTO]      = { .type = NLA_U8 },

diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c
index d3f4a672986e6bc8a4619ab8c4a107a96f4cfdcf..ab179e064597c5e8efc1b32494fd569c5ec2d6bd 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -26,7 +26,7 @@
 /*                             3    Comments support added */
 /*                             4    Forceadd support added */
 /*                             5    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     6 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     6 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -362,6 +362,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 8f7fe360736a6a1489c3ab67ccee06a8d6799090..8f075b44cf64e0ccd6c50bf6bd7e2d056f0333f3 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -28,7 +28,7 @@
 /*                             5    Comments support added */
 /*                             6    Forceadd support added */
 /*                             7    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     8 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     8 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -519,6 +519,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_mac.c b/net/netfilter/ipset/ip_set_hash_mac.c
index 00dd7e20df3ca8c4b0b06d15ea4a182e9efdd962..718814730acf6bcdbc6c66f0af5a47569ea1b4ef 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_mac.c
+++ b/net/netfilter/ipset/ip_set_hash_mac.c
@@ -16,7 +16,7 @@
 #include <linux/netfilter/ipset/ip_set_hash.h>
 
 #define IPSET_TYPE_REV_MIN     0
-#define IPSET_TYPE_REV_MAX     1       /* bucketsize support */
+#define IPSET_TYPE_REV_MAX     1       /* bucketsize, initval support */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -130,6 +130,7 @@ static struct ip_set_type hash_mac_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index d366e816b6ed8de4f68b341f51a607e4c767301d..c1a11f041ac6b11b948657ee55bcab6daedfe17f 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -25,7 +25,7 @@
 /*                             4    Comments support added */
 /*                             5    Forceadd support added */
 /*                             6    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     7 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     7 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -360,6 +360,7 @@ static struct ip_set_type hash_net_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index 38b1d77584d45d8289d210108e3c55f13dbdb595..3d74169b794c81ad087c463663dd026acc8bbe99 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -27,7 +27,7 @@
 /*                             5    Forceadd support added */
 /*                             6    skbinfo support added */
 /*                             7    interface wildcard support added */
-#define IPSET_TYPE_REV_MAX     8 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     8 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -476,6 +476,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_PROTO]      = { .type = NLA_U8 },

diff --git a/net/netfilter/ipset/ip_set_hash_netnet.c b/net/netfilter/ipset/ip_set_hash_netnet.c
index 0cc7970f36e91521c908a2987ab519ed9d4680c3..6532f0505e66f8cab2f0f43f38a390354334899d 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netnet.c
@@ -23,7 +23,7 @@
 #define IPSET_TYPE_REV_MIN     0
 /*                             1          Forceadd support added */
 /*                             2          skbinfo support added */
-#define IPSET_TYPE_REV_MAX     3       /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     3       /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
@@ -465,6 +465,7 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },

diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index b356d7d85e347530304bc0c85bc8ee6d954f7165..ec1564a1cb5a59c36401bc4484ceaebac19689d3 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -27,7 +27,7 @@
 /*                             5    Comments support added */
 /*                             6    Forceadd support added */
 /*                             7    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     8 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     8 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -466,6 +466,7 @@ static struct ip_set_type hash_netport_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_PROTO]      = { .type = NLA_U8 },

diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c
index eeb39688f26fad7b4022713cdc31cc4a758cef35..0e91d1e82f1cfd3e0de59a3327125e723a6c9c31 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -24,7 +24,7 @@
 /*                             0    Comments support added */
 /*                             1    Forceadd support added */
 /*                             2    skbinfo support added */
-#define IPSET_TYPE_REV_MAX     3 /* bucketsize support added */
+#define IPSET_TYPE_REV_MAX     3 /* bucketsize, initval support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>");
@@ -564,6 +564,7 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
        .create_policy  = {
                [IPSET_ATTR_HASHSIZE]   = { .type = NLA_U32 },
                [IPSET_ATTR_MAXELEM]    = { .type = NLA_U32 },
+               [IPSET_ATTR_INITVAL]    = { .type = NLA_U32 },
                [IPSET_ATTR_BUCKETSIZE] = { .type = NLA_U8 },
                [IPSET_ATTR_RESIZE]     = { .type = NLA_U8  },
                [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },