net/netfilter/ipset/ip_set_bitmap_ipmac.c

   1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
   2  *                         Patrick Schaaf <bof@bof.de>
   3  *                         Martin Josefsson <gandalf@wlug.westbo.se>
   4  * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  */
  10
  11 /* Kernel module implementing an IP set type: the bitmap:ip,mac type */
  12
  13 #include <linux/module.h>
  14 #include <linux/ip.h>
  15 #include <linux/etherdevice.h>
  16 #include <linux/skbuff.h>
  17 #include <linux/errno.h>
  18 #include <linux/if_ether.h>
  19 #include <linux/netlink.h>
  20 #include <linux/jiffies.h>
  21 #include <linux/timer.h>
  22 #include <net/netlink.h>
  23
  24 #include <linux/netfilter/ipset/pfxlen.h>
  25 #include <linux/netfilter/ipset/ip_set.h>
  26 #include <linux/netfilter/ipset/ip_set_timeout.h>
  27 #include <linux/netfilter/ipset/ip_set_bitmap.h>
  28
  29 MODULE_LICENSE("GPL");
  30 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
  31 MODULE_DESCRIPTION("bitmap:ip,mac type of IP sets");
  32 MODULE_ALIAS("ip_set_bitmap:ip,mac");
  33
  34 enum {
  35         MAC_EMPTY,              /* element is not set */
  36         MAC_FILLED,             /* element is set with MAC */
  37         MAC_UNSET,              /* element is set, without MAC */
  38 };
  39
  40 /* Type structure */
  41 struct bitmap_ipmac {
  42         void *members;          /* the set members */
  43         u32 first_ip;           /* host byte order, included in range */
  44         u32 last_ip;            /* host byte order, included in range */
  45         u32 timeout;            /* timeout value */
  46         struct timer_list gc;   /* garbage collector */
  47         size_t dsize;           /* size of element */
  48 };
  49
  50 /* ADT structure for generic function args */
  51 struct ipmac {
  52         u32 id;                 /* id in array */
  53         unsigned char *ether;   /* ethernet address */
  54 };
  55
  56 /* Member element without and with timeout */
  57
  58 struct ipmac_elem {
  59         unsigned char ether[ETH_ALEN];
  60         unsigned char match;
  61 } __attribute__ ((aligned));
  62
  63 struct ipmac_telem {
  64         unsigned char ether[ETH_ALEN];
  65         unsigned char match;
  66         unsigned long timeout;
  67 } __attribute__ ((aligned));
  68
  69 static inline void *
  70 bitmap_ipmac_elem(const struct bitmap_ipmac *map, u32 id)
  71 {
  72         return (void *)((char *)map->members + id * map->dsize);
  73 }
  74
  75 static inline bool
  76 bitmap_timeout(const struct bitmap_ipmac *map, u32 id)
  77 {
  78         const struct ipmac_telem *elem = bitmap_ipmac_elem(map, id);
  79
  80         return ip_set_timeout_test(elem->timeout);
  81 }
  82
  83 static inline bool
  84 bitmap_expired(const struct bitmap_ipmac *map, u32 id)
  85 {
  86         const struct ipmac_telem *elem = bitmap_ipmac_elem(map, id);
  87
  88         return ip_set_timeout_expired(elem->timeout);
  89 }
  90
  91 static inline int
  92 bitmap_ipmac_exist(const struct ipmac_telem *elem)
  93 {
  94         return elem->match == MAC_UNSET ||
  95                (elem->match == MAC_FILLED &&
  96                 !ip_set_timeout_expired(elem->timeout));
  97 }
  98
  99 /* Base variant */
 100
 101 static int
 102 bitmap_ipmac_test(struct ip_set *set, void *value, u32 timeout, u32 flags)
 103 {
 104         const struct bitmap_ipmac *map = set->data;
 105         const struct ipmac *data = value;
 106         const struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 107
 108         switch (elem->match) {
 109         case MAC_UNSET:
 110                 /* Trigger kernel to fill out the ethernet address */
 111                 return -EAGAIN;
 112         case MAC_FILLED:
 113                 return data->ether == NULL ||
 114                        ether_addr_equal(data->ether, elem->ether);
 115         }
 116         return 0;
 117 }
 118
 119 static int
 120 bitmap_ipmac_add(struct ip_set *set, void *value, u32 timeout, u32 flags)
 121 {
 122         struct bitmap_ipmac *map = set->data;
 123         const struct ipmac *data = value;
 124         struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 125
 126         switch (elem->match) {
 127         case MAC_UNSET:
 128                 if (!data->ether)
 129                         /* Already added without ethernet address */
 130                         return -IPSET_ERR_EXIST;
 131                 /* Fill the MAC address */
 132                 memcpy(elem->ether, data->ether, ETH_ALEN);
 133                 elem->match = MAC_FILLED;
 134                 break;
 135         case MAC_FILLED:
 136                 return -IPSET_ERR_EXIST;
 137         case MAC_EMPTY:
 138                 if (data->ether) {
 139                         memcpy(elem->ether, data->ether, ETH_ALEN);
 140                         elem->match = MAC_FILLED;
 141                 } else
 142                         elem->match = MAC_UNSET;
 143         }
 144
 145         return 0;
 146 }
 147
 148 static int
 149 bitmap_ipmac_del(struct ip_set *set, void *value, u32 timeout, u32 flags)
 150 {
 151         struct bitmap_ipmac *map = set->data;
 152         const struct ipmac *data = value;
 153         struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 154
 155         if (elem->match == MAC_EMPTY)
 156                 return -IPSET_ERR_EXIST;
 157
 158         elem->match = MAC_EMPTY;
 159
 160         return 0;
 161 }
 162
 163 static int
 164 bitmap_ipmac_list(const struct ip_set *set,
 165                   struct sk_buff *skb, struct netlink_callback *cb)
 166 {
 167         const struct bitmap_ipmac *map = set->data;
 168         const struct ipmac_elem *elem;
 169         struct nlattr *atd, *nested;
 170         u32 id, first = cb->args[2];
 171         u32 last = map->last_ip - map->first_ip;
 172
 173         atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
 174         if (!atd)
 175                 return -EMSGSIZE;
 176         for (; cb->args[2] <= last; cb->args[2]++) {
 177                 id = cb->args[2];
 178                 elem = bitmap_ipmac_elem(map, id);
 179                 if (elem->match == MAC_EMPTY)
 180                         continue;
 181                 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
 182                 if (!nested) {
 183                         if (id == first) {
 184                                 nla_nest_cancel(skb, atd);
 185                                 return -EMSGSIZE;
 186                         } else
 187                                 goto nla_put_failure;
 188                 }
 189                 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
 190                                     htonl(map->first_ip + id)) ||
 191                     (elem->match == MAC_FILLED &&
 192                      nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN,
 193                              elem->ether)))
 194                         goto nla_put_failure;
 195                 ipset_nest_end(skb, nested);
 196         }
 197         ipset_nest_end(skb, atd);
 198         /* Set listing finished */
 199         cb->args[2] = 0;
 200
 201         return 0;
 202
 203 nla_put_failure:
 204         nla_nest_cancel(skb, nested);
 205         ipset_nest_end(skb, atd);
 206         if (unlikely(id == first)) {
 207                 cb->args[2] = 0;
 208                 return -EMSGSIZE;
 209         }
 210         return 0;
 211 }
 212
 213 /* Timeout variant */
 214
 215 static int
 216 bitmap_ipmac_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags)
 217 {
 218         const struct bitmap_ipmac *map = set->data;
 219         const struct ipmac *data = value;
 220         const struct ipmac_elem *elem = bitmap_ipmac_elem(map, data->id);
 221
 222         switch (elem->match) {
 223         case MAC_UNSET:
 224                 /* Trigger kernel to fill out the ethernet address */
 225                 return -EAGAIN;
 226         case MAC_FILLED:
 227                 return (data->ether == NULL ||
 228                         ether_addr_equal(data->ether, elem->ether)) &&
 229                        !bitmap_expired(map, data->id);
 230         }
 231         return 0;
 232 }
 233
 234 static int
 235 bitmap_ipmac_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags)
 236 {
 237         struct bitmap_ipmac *map = set->data;
 238         const struct ipmac *data = value;
 239         struct ipmac_telem *elem = bitmap_ipmac_elem(map, data->id);
 240         bool flag_exist = flags & IPSET_FLAG_EXIST;
 241
 242         switch (elem->match) {
 243         case MAC_UNSET:
 244                 if (!(data->ether || flag_exist))
 245                         /* Already added without ethernet address */
 246                         return -IPSET_ERR_EXIST;
 247                 /* Fill the MAC address and activate the timer */
 248                 memcpy(elem->ether, data->ether, ETH_ALEN);
 249                 elem->match = MAC_FILLED;
 250                 if (timeout == map->timeout)
 251                         /* Timeout was not specified, get stored one */
 252                         timeout = elem->timeout;
 253                 elem->timeout = ip_set_timeout_set(timeout);
 254                 break;
 255         case MAC_FILLED:
 256                 if (!(bitmap_expired(map, data->id) || flag_exist))
 257                         return -IPSET_ERR_EXIST;
 258                 /* Fall through */
 259         case MAC_EMPTY:
 260                 if (data->ether) {
 261                         memcpy(elem->ether, data->ether, ETH_ALEN);
 262                         elem->match = MAC_FILLED;
 263                 } else
 264                         elem->match = MAC_UNSET;
 265                 /* If MAC is unset yet, we store plain timeout value
 266                  * because the timer is not activated yet
 267                  * and we can reuse it later when MAC is filled out,
 268                  * possibly by the kernel */
 269                 elem->timeout = data->ether ? ip_set_timeout_set(timeout)
 270                                             : timeout;
 271                 break;
 272         }
 273
 274         return 0;
 275 }
 276
 277 static int
 278 bitmap_ipmac_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags)
 279 {
 280         struct bitmap_ipmac *map = set->data;
 281         const struct ipmac *data = value;
 282         struct ipmac_telem *elem = bitmap_ipmac_elem(map, data->id);
 283
 284         if (elem->match == MAC_EMPTY || bitmap_expired(map, data->id))
 285                 return -IPSET_ERR_EXIST;
 286
 287         elem->match = MAC_EMPTY;
 288
 289         return 0;
 290 }
 291
 292 static int
 293 bitmap_ipmac_tlist(const struct ip_set *set,
 294                    struct sk_buff *skb, struct netlink_callback *cb)
 295 {
 296         const struct bitmap_ipmac *map = set->data;
 297         const struct ipmac_telem *elem;
 298         struct nlattr *atd, *nested;
 299         u32 id, first = cb->args[2];
 300         u32 timeout, last = map->last_ip - map->first_ip;
 301
 302         atd = ipset_nest_start(skb, IPSET_ATTR_ADT);
 303         if (!atd)
 304                 return -EMSGSIZE;
 305         for (; cb->args[2] <= last; cb->args[2]++) {
 306                 id = cb->args[2];
 307                 elem = bitmap_ipmac_elem(map, id);
 308                 if (!bitmap_ipmac_exist(elem))
 309                         continue;
 310                 nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
 311                 if (!nested) {
 312                         if (id == first) {
 313                                 nla_nest_cancel(skb, atd);
 314                                 return -EMSGSIZE;
 315                         } else
 316                                 goto nla_put_failure;
 317                 }
 318                 if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
 319                                     htonl(map->first_ip + id)) ||
 320                     (elem->match == MAC_FILLED &&
 321                      nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN,
 322                              elem->ether)))
 323                     goto nla_put_failure;
 324                 timeout = elem->match == MAC_UNSET ? elem->timeout
 325                                 : ip_set_timeout_get(elem->timeout);
 326                 if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(timeout)))
 327                     goto nla_put_failure;
 328                 ipset_nest_end(skb, nested);
 329         }
 330         ipset_nest_end(skb, atd);
 331         /* Set listing finished */
 332         cb->args[2] = 0;
 333
 334         return 0;
 335
 336 nla_put_failure:
 337         nla_nest_cancel(skb, nested);
 338         ipset_nest_end(skb, atd);
 339         return -EMSGSIZE;
 340 }
 341
 342 static int
 343 bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
 344                   const struct xt_action_param *par,
 345                   enum ipset_adt adt, const struct ip_set_adt_opt *opt)
 346 {
 347         struct bitmap_ipmac *map = set->data;
 348         ipset_adtfn adtfn = set->variant->adt[adt];
 349         struct ipmac data;
 350
 351         /* MAC can be src only */
 352         if (!(opt->flags & IPSET_DIM_TWO_SRC))
 353                 return 0;
 354
 355         data.id = ntohl(ip4addr(skb, opt->flags & IPSET_DIM_ONE_SRC));
 356         if (data.id < map->first_ip || data.id > map->last_ip)
 357                 return -IPSET_ERR_BITMAP_RANGE;
 358
 359         /* Backward compatibility: we don't check the second flag */
 360         if (skb_mac_header(skb) < skb->head ||
 361             (skb_mac_header(skb) + ETH_HLEN) > skb->data)
 362                 return -EINVAL;
 363
 364         data.id -= map->first_ip;
 365         data.ether = eth_hdr(skb)->h_source;
 366
 367         return adtfn(set, &data, opt_timeout(opt, map), opt->cmdflags);
 368 }
 369
 370 static int
 371 bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
 372                   enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
 373 {
 374         const struct bitmap_ipmac *map = set->data;
 375         ipset_adtfn adtfn = set->variant->adt[adt];
 376         struct ipmac data;
 377         u32 timeout = map->timeout;
 378         int ret = 0;
 379
 380         if (unlikely(!tb[IPSET_ATTR_IP] ||
 381                      !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
 382                 return -IPSET_ERR_PROTOCOL;
 383
 384         if (tb[IPSET_ATTR_LINENO])
 385                 *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
 386
 387         ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &data.id);
 388         if (ret)
 389                 return ret;
 390
 391         if (data.id < map->first_ip || data.id > map->last_ip)
 392                 return -IPSET_ERR_BITMAP_RANGE;
 393
 394         if (tb[IPSET_ATTR_ETHER])
 395                 data.ether = nla_data(tb[IPSET_ATTR_ETHER]);
 396         else
 397                 data.ether = NULL;
 398
 399         if (tb[IPSET_ATTR_TIMEOUT]) {
 400                 if (!with_timeout(map->timeout))
 401                         return -IPSET_ERR_TIMEOUT;
 402                 timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 403         }
 404
 405         data.id -= map->first_ip;
 406
 407         ret = adtfn(set, &data, timeout, flags);
 408
 409         return ip_set_eexist(ret, flags) ? 0 : ret;
 410 }
 411
 412 static void
 413 bitmap_ipmac_destroy(struct ip_set *set)
 414 {
 415         struct bitmap_ipmac *map = set->data;
 416
 417         if (with_timeout(map->timeout))
 418                 del_timer_sync(&map->gc);
 419
 420         ip_set_free(map->members);
 421         kfree(map);
 422
 423         set->data = NULL;
 424 }
 425
 426 static void
 427 bitmap_ipmac_flush(struct ip_set *set)
 428 {
 429         struct bitmap_ipmac *map = set->data;
 430
 431         memset(map->members, 0,
 432                (map->last_ip - map->first_ip + 1) * map->dsize);
 433 }
 434
 435 static int
 436 bitmap_ipmac_head(struct ip_set *set, struct sk_buff *skb)
 437 {
 438         const struct bitmap_ipmac *map = set->data;
 439         struct nlattr *nested;
 440
 441         nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
 442         if (!nested)
 443                 goto nla_put_failure;
 444         if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) ||
 445             nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)) ||
 446             nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
 447             nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
 448                           htonl(sizeof(*map) +
 449                                 ((map->last_ip - map->first_ip + 1) *
 450                                  map->dsize))) ||
 451             (with_timeout(map->timeout) &&
 452              nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
 453                 goto nla_put_failure;
 454         ipset_nest_end(skb, nested);
 455
 456         return 0;
 457 nla_put_failure:
 458         return -EMSGSIZE;
 459 }
 460
 461 static bool
 462 bitmap_ipmac_same_set(const struct ip_set *a, const struct ip_set *b)
 463 {
 464         const struct bitmap_ipmac *x = a->data;
 465         const struct bitmap_ipmac *y = b->data;
 466
 467         return x->first_ip == y->first_ip &&
 468                x->last_ip == y->last_ip &&
 469                x->timeout == y->timeout;
 470 }
 471
 472 static const struct ip_set_type_variant bitmap_ipmac = {
 473         .kadt   = bitmap_ipmac_kadt,
 474         .uadt   = bitmap_ipmac_uadt,
 475         .adt    = {
 476                 [IPSET_ADD] = bitmap_ipmac_add,
 477                 [IPSET_DEL] = bitmap_ipmac_del,
 478                 [IPSET_TEST] = bitmap_ipmac_test,
 479         },
 480         .destroy = bitmap_ipmac_destroy,
 481         .flush  = bitmap_ipmac_flush,
 482         .head   = bitmap_ipmac_head,
 483         .list   = bitmap_ipmac_list,
 484         .same_set = bitmap_ipmac_same_set,
 485 };
 486
 487 static const struct ip_set_type_variant bitmap_tipmac = {
 488         .kadt   = bitmap_ipmac_kadt,
 489         .uadt   = bitmap_ipmac_uadt,
 490         .adt    = {
 491                 [IPSET_ADD] = bitmap_ipmac_tadd,
 492                 [IPSET_DEL] = bitmap_ipmac_tdel,
 493                 [IPSET_TEST] = bitmap_ipmac_ttest,
 494         },
 495         .destroy = bitmap_ipmac_destroy,
 496         .flush  = bitmap_ipmac_flush,
 497         .head   = bitmap_ipmac_head,
 498         .list   = bitmap_ipmac_tlist,
 499         .same_set = bitmap_ipmac_same_set,
 500 };
 501
 502 static void
 503 bitmap_ipmac_gc(unsigned long ul_set)
 504 {
 505         struct ip_set *set = (struct ip_set *) ul_set;
 506         struct bitmap_ipmac *map = set->data;
 507         struct ipmac_telem *elem;
 508         u32 id, last = map->last_ip - map->first_ip;
 509
 510         /* We run parallel with other readers (test element)
 511          * but adding/deleting new entries is locked out */
 512         read_lock_bh(&set->lock);
 513         for (id = 0; id <= last; id++) {
 514                 elem = bitmap_ipmac_elem(map, id);
 515                 if (elem->match == MAC_FILLED &&
 516                     ip_set_timeout_expired(elem->timeout))
 517                         elem->match = MAC_EMPTY;
 518         }
 519         read_unlock_bh(&set->lock);
 520
 521         map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
 522         add_timer(&map->gc);
 523 }
 524
 525 static void
 526 bitmap_ipmac_gc_init(struct ip_set *set)
 527 {
 528         struct bitmap_ipmac *map = set->data;
 529
 530         init_timer(&map->gc);
 531         map->gc.data = (unsigned long) set;
 532         map->gc.function = bitmap_ipmac_gc;
 533         map->gc.expires = jiffies + IPSET_GC_PERIOD(map->timeout) * HZ;
 534         add_timer(&map->gc);
 535 }
 536
 537 /* Create bitmap:ip,mac type of sets */
 538
 539 static bool
 540 init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
 541                u32 first_ip, u32 last_ip)
 542 {
 543         map->members = ip_set_alloc((last_ip - first_ip + 1) * map->dsize);
 544         if (!map->members)
 545                 return false;
 546         map->first_ip = first_ip;
 547         map->last_ip = last_ip;
 548         map->timeout = IPSET_NO_TIMEOUT;
 549
 550         set->data = map;
 551         set->family = NFPROTO_IPV4;
 552
 553         return true;
 554 }
 555
 556 static int
 557 bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],
 558                     u32 flags)
 559 {
 560         u32 first_ip, last_ip, elements;
 561         struct bitmap_ipmac *map;
 562         int ret;
 563
 564         if (unlikely(!tb[IPSET_ATTR_IP] ||
 565                      !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
 566                 return -IPSET_ERR_PROTOCOL;
 567
 568         ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP], &first_ip);
 569         if (ret)
 570                 return ret;
 571
 572         if (tb[IPSET_ATTR_IP_TO]) {
 573                 ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &last_ip);
 574                 if (ret)
 575                         return ret;
 576                 if (first_ip > last_ip) {
 577                         u32 tmp = first_ip;
 578
 579                         first_ip = last_ip;
 580                         last_ip = tmp;
 581                 }
 582         } else if (tb[IPSET_ATTR_CIDR]) {
 583                 u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
 584
 585                 if (cidr >= 32)
 586                         return -IPSET_ERR_INVALID_CIDR;
 587                 ip_set_mask_from_to(first_ip, last_ip, cidr);
 588         } else
 589                 return -IPSET_ERR_PROTOCOL;
 590
 591         elements = last_ip - first_ip + 1;
 592
 593         if (elements > IPSET_BITMAP_MAX_RANGE + 1)
 594                 return -IPSET_ERR_BITMAP_RANGE_SIZE;
 595
 596         map = kzalloc(sizeof(*map), GFP_KERNEL);
 597         if (!map)
 598                 return -ENOMEM;
 599
 600         if (tb[IPSET_ATTR_TIMEOUT]) {
 601                 map->dsize = sizeof(struct ipmac_telem);
 602
 603                 if (!init_map_ipmac(set, map, first_ip, last_ip)) {
 604                         kfree(map);
 605                         return -ENOMEM;
 606                 }
 607
 608                 map->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 609
 610                 set->variant = &bitmap_tipmac;
 611
 612                 bitmap_ipmac_gc_init(set);
 613         } else {
 614                 map->dsize = sizeof(struct ipmac_elem);
 615
 616                 if (!init_map_ipmac(set, map, first_ip, last_ip)) {
 617                         kfree(map);
 618                         return -ENOMEM;
 619                 }
 620                 set->variant = &bitmap_ipmac;
 621
 622         }
 623         return 0;
 624 }
 625
 626 static struct ip_set_type bitmap_ipmac_type = {
 627         .name           = "bitmap:ip,mac",
 628         .protocol       = IPSET_PROTOCOL,
 629         .features       = IPSET_TYPE_IP | IPSET_TYPE_MAC,
 630         .dimension      = IPSET_DIM_TWO,
 631         .family         = NFPROTO_IPV4,
 632         .revision_min   = 0,
 633         .revision_max   = 0,
 634         .create         = bitmap_ipmac_create,
 635         .create_policy  = {
 636                 [IPSET_ATTR_IP]         = { .type = NLA_NESTED },
 637                 [IPSET_ATTR_IP_TO]      = { .type = NLA_NESTED },
 638                 [IPSET_ATTR_CIDR]       = { .type = NLA_U8 },
 639                 [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
 640         },
 641         .adt_policy     = {
 642                 [IPSET_ATTR_IP]         = { .type = NLA_NESTED },
 643                 [IPSET_ATTR_ETHER]      = { .type = NLA_BINARY,
 644                                             .len  = ETH_ALEN },
 645                 [IPSET_ATTR_TIMEOUT]    = { .type = NLA_U32 },
 646                 [IPSET_ATTR_LINENO]     = { .type = NLA_U32 },
 647         },
 648         .me             = THIS_MODULE,
 649 };
 650
 651 static int __init
 652 bitmap_ipmac_init(void)
 653 {
 654         return ip_set_type_register(&bitmap_ipmac_type);
 655 }
 656
 657 static void __exit
 658 bitmap_ipmac_fini(void)
 659 {
 660         ip_set_type_unregister(&bitmap_ipmac_type);
 661 }
 662
 663 module_init(bitmap_ipmac_init);
 664 module_exit(bitmap_ipmac_fini);