Lines Matching refs:chain
6 * Each user chain starts with an ERROR node.
7 * Every chain ends with an unconditional jump: a RETURN for user chains,
16 * - Reimplementation of chain cache to use offsets instead of entries
19 * don't rebuild the chain cache after every operation, instead fix it
28 * - performance work: speedup chain list "name" searching.
94 IPTCC_R_JUMP, /* jump to other chain */
100 struct chain_head *chain;
121 STRUCT_COUNTERS counters; /* per-chain counters */
145 struct chain_head **chain_index; /* array for fast chain list access*/
146 unsigned int chain_index_sz;/* size of chain index array */
158 BSEARCH_NAME, /* Binary search after chain name */
162 /* allocate a new chain head for the cache */
185 r->chain = c;
292 * The chain index is an array with pointers into the chain list, with
294 * speedup chain list searching, by find a more optimal starting
298 * the chain index. Thus, reducing the previous search complexity of
301 * A nice property of the chain index, is that the "bucket" list
310 /* Another nice property of the chain index is that inserting/creating
311 * chains in chain list don't change the correctness of the chain
315 * penalty of rebuilding, the chain index is rebuild only when
324 /* Use binary search in the chain index array, to find a chain_head
327 * Notes that, binary search (obviously) requires that the chain list
330 * The not so obvious: The chain index array, is actually both sorted
332 * chain are stored sorted in the kernel (as we pushed it in sorted).
356 debug("bsearch Find chain:%s (pos:%d end:%d) (offset:%d)\n",
435 /* Wrapper for string chain name based bsearch */
444 /* Wrapper for offset chain based bsearch */
464 /* Trivial linear search of chain index. Function used for verifying
478 /* Linearly walk of chain index array */
501 /* Allocate memory for the chain index array */
532 /* Dump: contents of chain index array */
542 /* Build the chain index */
550 /* Build up the chain index array here */
551 debug("Building chain index\n");
587 debug("REBUILD chain index array\n");
595 /* Delete chain (pointer) from index array. Removing an element from
596 * the chain list only affects the chain index array, if the chain
600 * the chain index every time. The more advanced is to update the
604 * because list_for_each processing will always hit the first chain
605 * index, thus causing a rebuild for every chain.
615 debug("Del chain[%s] c->list:%p index_ptr:%p\n",
649 /* Is the given chain builtin (1) or user-defined (0) */
655 /* Get a specific rule within a chain */
670 /* Get a specific rule within a chain backwards */
685 /* Returns chain head if found, otherwise NULL. */
701 * targets, and a buildin chain is not a valid jump target */
709 debug("Offset search found chain:[%s]\n", c->name);
717 /* Returns chain head if found, otherwise NULL. */
738 /* Find a smart place to start the search via chain index */
769 /* Start searching through the chain list */
798 /* clean up reference count of called chain */
812 /* Delete policy rule of previous chain, since cache doesn't contain
813 * chain policy rules.
849 /* alphabetically insert a chain into the list */
859 /* Handle the case, where chain.name is smaller than index[0] */
861 h->chain_index[0] = c; /* Update chain index head */
907 * chain to be unsorted.
926 debug("NOTICE: chain:[%s] was NOT sorted(ctail:%s)\n",
947 /* This is the ERROR node at the end of the chain */
956 /* We know this is the start of a new chain if it's an ERROR
962 DEBUGP_C("%u:%u:new userdefined chain %s: %p\n", *num, offset,
968 h->num_chains++; /* New user defined chain */
976 DEBUGP_C("%u:%u new builtin chain: %p (rules=%p)\n",
1060 /* Build the chain index, used for chain list search speedup */
1141 /* compile chain from cache into blob */
1151 /* put chain header in place */
1171 /* put chain footer in place */
1238 /* Append one error rule at end of chain */
1260 /* Append error rule at end of chain */
1440 /* Does this chain exist? */
1441 int TC_IS_CHAIN(const char *chain, struct xtc_handle *const handle)
1444 return iptcc_find_label(chain, handle) != NULL;
1499 /* Get first rule in the given chain: NULL for empty chain. */
1501 TC_FIRST_RULE(const char *chain, struct xtc_handle *handle)
1508 DEBUGP("first rule(%s): ", chain);
1510 c = iptcc_find_label(chain, handle);
1516 /* Empty chain: single return/policy rule */
1549 &handle->rule_iterator_cur->chain->rules);
1551 if (&r->list == &handle->rule_iterator_cur->chain->rules) {
1621 /* Is this a built-in chain? Actually returns hook + 1. */
1623 TC_BUILTIN(const char *chain, struct xtc_handle *const handle)
1629 c = iptcc_find_label(chain, handle);
1638 /* Get the policy of a given built-in chain */
1640 TC_GET_POLICY(const char *chain,
1648 DEBUGP("called for chain %s\n", chain);
1650 c = iptcc_find_label(chain, handle);
1713 /* Maybe it's an existing chain name. */
1715 DEBUGP("trying to find chain `%s': ", t->u.user.name);
1738 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
1740 TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
1751 if (!(c = iptcc_find_label(chain, handle))) {
1797 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
1799 TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
1809 if (!(c = iptcc_find_label(chain, handle))) {
1847 /* Append entry `fw' to chain `chain'. Equivalent to insert with
1848 rulenum = length of chain. */
1850 TC_APPEND_ENTRY(const IPT_CHAINLABEL chain,
1858 if (!(c = iptcc_find_label(chain, handle))) {
1859 DEBUGP("unable to find chain `%s'\n", chain);
1865 DEBUGP("unable to allocate rule for chain `%s'\n", chain);
1874 DEBUGP("unable to map target of rule for chain `%s'\n", chain);
1956 /* find the first rule in `chain' which matches `fw' and remove it unless dry_run is set */
1957 static int delete_entry(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw,
1965 if (!(c = iptcc_find_label(chain, handle))) {
1980 DEBUGP("unable to map target of rule for chain `%s'\n", chain);
1984 /* iptcc_map_target increment target chain references
1986 * the chain references count is decremented again.
2030 int TC_CHECK_ENTRY(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw,
2034 return delete_entry(chain, origfw, matchmask, handle, true);
2037 /* Delete the first rule in `chain' which matches `fw'. */
2038 int TC_DELETE_ENTRY(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw,
2041 return delete_entry(chain, origfw, matchmask, handle, false);
2044 /* Delete the rule in position `rulenum' in `chain'. */
2046 TC_DELETE_NUM_ENTRY(const IPT_CHAINLABEL chain,
2055 if (!(c = iptcc_find_label(chain, handle))) {
2089 /* Flushes the entries in the given chain (ie. empties chain). */
2091 TC_FLUSH_ENTRIES(const IPT_CHAINLABEL chain, struct xtc_handle *handle)
2097 if (!(c = iptcc_find_label(chain, handle))) {
2113 /* Zeroes the counters in a chain. */
2115 TC_ZERO_ENTRIES(const IPT_CHAINLABEL chain, struct xtc_handle *handle)
2121 if (!(c = iptcc_find_label(chain, handle))) {
2140 TC_READ_COUNTER(const IPT_CHAINLABEL chain,
2150 if (!(c = iptcc_find_label(chain, handle))) {
2164 TC_ZERO_COUNTER(const IPT_CHAINLABEL chain,
2174 if (!(c = iptcc_find_label(chain, handle))) {
2193 TC_SET_COUNTER(const IPT_CHAINLABEL chain,
2205 if (!(c = iptcc_find_label(chain, handle))) {
2225 /* Creates a new chain. */
2226 /* To create a chain, create two rules: error node and unconditional
2229 TC_CREATE_CHAIN(const IPT_CHAINLABEL chain, struct xtc_handle *handle)
2239 if (iptcc_find_label(chain, handle)
2240 || strcmp(chain, LABEL_DROP) == 0
2241 || strcmp(chain, LABEL_ACCEPT) == 0
2242 || strcmp(chain, LABEL_QUEUE) == 0
2243 || strcmp(chain, LABEL_RETURN) == 0) {
2244 DEBUGP("Chain `%s' already exists\n", chain);
2249 if (strlen(chain)+1 > sizeof(IPT_CHAINLABEL)) {
2250 DEBUGP("Chain name `%s' too long\n", chain);
2255 c = iptcc_alloc_chain_head(chain, 0);
2257 DEBUGP("Cannot allocate memory for chain `%s'\n", chain);
2262 handle->num_chains++; /* New user defined chain */
2264 DEBUGP("Creating chain `%s'\n", chain);
2267 /* Inserting chains don't change the correctness of the chain
2270 * in the buckets. Thus, only rebuild chain index when the
2286 /* Get the number of references to this chain. */
2288 TC_GET_REFERENCES(unsigned int *ref, const IPT_CHAINLABEL chain,
2294 if (!(c = iptcc_find_label(chain, handle))) {
2304 /* Deletes a chain. */
2306 TC_DELETE_CHAIN(const IPT_CHAINLABEL chain, struct xtc_handle *handle)
2313 if (!(c = iptcc_find_label(chain, handle))) {
2314 DEBUGP("cannot find chain `%s'\n", chain);
2319 if (TC_BUILTIN(chain, handle)) {
2320 DEBUGP("cannot remove builtin chain `%s'\n", chain);
2325 if (!TC_GET_REFERENCES(&references, chain, handle)) {
2326 DEBUGP("cannot get references on chain `%s'\n", chain);
2331 DEBUGP("chain `%s' still has references\n", chain);
2337 DEBUGP("chain `%s' is not empty\n", chain);
2342 /* If we are about to delete the chain that is the current
2343 * iterator, move chain iterator forward. */
2347 handle->num_chains--; /* One user defined chain deleted */
2353 DEBUGP("chain `%s' deleted\n", chain);
2360 /* Renames a chain. */
2393 /* Change the name of the chain */
2404 /* Sets the policy on a built-in chain. */
2406 TC_SET_POLICY(const IPT_CHAINLABEL chain,
2415 if (!(c = iptcc_find_label(chain, handle))) {
2416 DEBUGP("cannot find chain `%s'\n", chain);
2422 DEBUGP("cannot set policy of userdefinedchain `%s'\n", chain);
2611 DEBUGP("counter for chain-index %u: ", c->foot_index);
2710 { TC_DELETE_CHAIN, EINVAL, "Can't delete built-in chain" },
2712 "Can't delete chain with references left" },
2723 "Bad rule (does a matching rule exist in that chain?)" },
2725 "Bad built-in chain name" },
2733 { NULL, ENOENT, "No chain/target/match by that name" },