Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

};

/* Max range where every element is added/deleted in one step */

#define IPSET_MAX_RANGE		(1<<20)

#define IPSET_MAX_RANGE		(1<<14)

/* The max revision number supported by any set type + 1 */

#define IPSET_REVISION_MAX	9

/**

 *	struct nft_set_desc - description of set elements

 *

 *	@ktype: key type

 *	@klen: key length

 *	@dtype: data type

 *	@dlen: data length

 *	@objtype: object type

 *	@flags: flags

 *	@size: number of set elements

 *	@policy: set policy

 *	@gc_int: garbage collector interval

 *	@field_len: length of each field in concatenation, bytes

 *	@field_count: number of concatenated fields in element

 *	@expr: set must support for expressions

 */

struct nft_set_desc {

	u32			ktype;

	unsigned int		klen;

	u32			dtype;

	unsigned int		dlen;

	u32			objtype;

	unsigned int		size;

	u32			policy;

	u32			gc_int;

	u64			timeout;

	u8			field_len[NFT_REG32_COUNT];

	u8			field_count;

	bool			expr;

static inline unsigned long nft_set_gc_interval(const struct nft_set *set)

{

	return set->gc_int ? msecs_to_jiffies(set->gc_int) : HZ;

	u32 gc_int = READ_ONCE(set->gc_int);

	return gc_int ? msecs_to_jiffies(gc_int) : HZ;

}

/**

struct nft_trans_set {

	struct nft_set			*set;

	u32				set_id;

	u32				gc_int;

	u64				timeout;

	bool				update;

	bool				bound;

};

	(((struct nft_trans_set *)trans->data)->set_id)

#define nft_trans_set_bound(trans)	\

	(((struct nft_trans_set *)trans->data)->bound)

#define nft_trans_set_update(trans)	\

	(((struct nft_trans_set *)trans->data)->update)

#define nft_trans_set_timeout(trans)	\

	(((struct nft_trans_set *)trans->data)->timeout)

#define nft_trans_set_gc_int(trans)	\

	(((struct nft_trans_set *)trans->data)->gc_int)

struct nft_trans_chain {

	bool				update;

		ret = set->variant->uadt(set, tb, adt, &lineno, flags, retried);

		ip_set_unlock(set);

		retried = true;

	} while (ret == -EAGAIN &&

	} while (ret == -ERANGE ||

		 (ret == -EAGAIN &&

		  set->variant->resize &&

		 (ret = set->variant->resize(set, retried)) == 0);

		  (ret = set->variant->resize(set, retried)) == 0));

	if (!ret || (ret == -IPSET_ERR_EXIST && eexist))

		return 0;

hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],

	      enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)

{

	const struct hash_ip4 *h = set->data;

	struct hash_ip4 *h = set->data;

	ipset_adtfn adtfn = set->variant->adt[adt];

	struct hash_ip4_elem e = { 0 };

	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);

	u32 ip = 0, ip_to = 0, hosts;

	u32 ip = 0, ip_to = 0, hosts, i = 0;

	int ret = 0;

	if (tb[IPSET_ATTR_LINENO])

	hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1);

	/* 64bit division is not allowed on 32bit */

	if (((u64)ip_to - ip + 1) >> (32 - h->netmask) > IPSET_MAX_RANGE)

		return -ERANGE;

	if (retried)

		ip = ntohl(h->next.ip);

	for (; ip <= ip_to;) {

	for (; ip <= ip_to; i++) {

		e.ip = htonl(ip);

		if (i > IPSET_MAX_RANGE) {

			hash_ip4_data_next(&h->next, &e);

			return -ERANGE;

		}

		ret = adtfn(set, &e, &ext, &ext, flags);

		if (ret && !ip_set_eexist(ret, flags))

			return ret;

hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],

		  enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)

{

	const struct hash_ipmark4 *h = set->data;

	struct hash_ipmark4 *h = set->data;

	ipset_adtfn adtfn = set->variant->adt[adt];

	struct hash_ipmark4_elem e = { };

	struct ip_set_ext ext = IP_SET_INIT_UEXT(set);

	u32 ip, ip_to = 0;

	u32 ip, ip_to = 0, i = 0;

	int ret;

	if (tb[IPSET_ATTR_LINENO])

		ip_set_mask_from_to(ip, ip_to, cidr);

	}

	if (((u64)ip_to - ip + 1) > IPSET_MAX_RANGE)

		return -ERANGE;

	if (retried)

		ip = ntohl(h->next.ip);

	for (; ip <= ip_to; ip++) {

	for (; ip <= ip_to; ip++, i++) {

		e.ip = htonl(ip);

		if (i > IPSET_MAX_RANGE) {

			hash_ipmark4_data_next(&h->next, &e);

			return -ERANGE;

		}

		ret = adtfn(set, &e, &ext, &ext, flags);

		if (ret && !ip_set_eexist(ret, flags))