[-]
[+]
|
Changed |
xtables-addons.spec
|
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4
^
|
-(directory)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/.gitignore
^
|
@@ -1 +0,0 @@
-/ipset
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/Kbuild
^
|
@@ -1,7 +0,0 @@
-# -*- Makefile -*-
-
-obj-m += ipt_set.o ipt_SET.o
-obj-m += ip_set.o ip_set_ipmap.o ip_set_portmap.o ip_set_macipmap.o
-obj-m += ip_set_iphash.o ip_set_nethash.o ip_set_ipporthash.o
-obj-m += ip_set_ipportiphash.o ip_set_ipportnethash.o
-obj-m += ip_set_iptree.o ip_set_iptreemap.o ip_set_setlist.o
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/Makefile.am
^
|
@@ -1,13 +0,0 @@
-# -*- Makefile -*-
-
-AM_CPPFLAGS = ${regular_CPPFLAGS} -DIPSET_LIB_DIR=\"${xtlibdir}\" \
- -DIP_NF_SET_HASHSIZE=1024
-AM_CFLAGS = ${regular_CFLAGS}
-
-include ../../Makefile.extra
-
-sbin_PROGRAMS = ipset
-ipset_LDADD = -ldl
-ipset_LDFLAGS = -rdynamic
-
-man_MANS = ipset.8
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/Makefile.in
^
|
@@ -1,662 +0,0 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# -*- Makefile -*-
-
-# -*- Makefile -*-
-# AUTOMAKE
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/../../Makefile.extra $(srcdir)/Makefile.am \
- $(srcdir)/Makefile.in
-sbin_PROGRAMS = ipset$(EXEEXT)
-subdir = extensions/ipset-4
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
-PROGRAMS = $(sbin_PROGRAMS)
-ipset_SOURCES = ipset.c
-ipset_OBJECTS = ipset.$(OBJEXT)
-ipset_DEPENDENCIES =
-AM_V_lt = $(am__v_lt_$(V))
-am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
-am__v_lt_0 = --silent
-ipset_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(ipset_LDFLAGS) $(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_$(V))
-am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
-am__v_CC_0 = @echo " CC " $@;
-AM_V_at = $(am__v_at_$(V))
-am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
-am__v_at_0 = @
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_$(V))
-am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
-am__v_CCLD_0 = @echo " CCLD " $@;
-AM_V_GEN = $(am__v_GEN_$(V))
-am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
-am__v_GEN_0 = @echo " GEN " $@;
-SOURCES = ipset.c
-DIST_SOURCES = ipset.c
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-RANLIB = @RANLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-kbuilddir = @kbuilddir@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libmnl_CFLAGS = @libmnl_CFLAGS@
-libmnl_LIBS = @libmnl_LIBS@
-libxtables_CFLAGS = @libxtables_CFLAGS@
-libxtables_LIBS = @libxtables_LIBS@
-localedir = @localedir@
-localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-regular_CFLAGS = @regular_CFLAGS@
-regular_CPPFLAGS = @regular_CPPFLAGS@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-xtlibdir = @xtlibdir@
-AM_CPPFLAGS = ${regular_CPPFLAGS} -DIPSET_LIB_DIR=\"${xtlibdir}\" \
- -DIP_NF_SET_HASHSIZE=1024
-
-AM_CFLAGS = ${regular_CFLAGS}
-XA_SRCDIR = ${srcdir}
-XA_TOPSRCDIR = ${top_srcdir}
-XA_ABSTOPSRCDIR = ${abs_top_srcdir}
-_mcall = -f ${top_builddir}/Makefile.iptrules
-ipset_LDADD = -ldl
-ipset_LDFLAGS = -rdynamic
-man_MANS = ipset.8
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/../../Makefile.extra $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign extensions/ipset-4/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --foreign extensions/ipset-4/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
- @$(NORMAL_INSTALL)
- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p || test -f $$p1; \
- then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-sbinPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(sbindir)" && rm -f $$files
-
-clean-sbinPROGRAMS:
- @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-ipset$(EXEEXT): $(ipset_OBJECTS) $(ipset_DEPENDENCIES)
- @rm -f ipset$(EXEEXT)
- $(AM_V_CCLD)$(ipset_LINK) $(ipset_OBJECTS) $(ipset_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipset.Po@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-man8: $(man_MANS)
- @$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list=''; test -n "$(man8dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- mkid -fID $$unique
-tags: TAGS
-
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- set x; \
- here=`pwd`; \
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: CTAGS
-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @list='$(MANS)'; if test -n "$$list"; then \
- list=`for p in $$list; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
- if test -n "$$list" && \
- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
- echo " typically \`make maintainer-clean' will remove them" >&2; \
- exit 1; \
- else :; fi; \
- else :; fi
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
- for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-local clean-sbinPROGRAMS \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-exec-local install-sbinPROGRAMS
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am clean \
- clean-generic clean-libtool clean-local clean-sbinPROGRAMS \
- ctags distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-exec-local install-html \
- install-html-am install-info install-info-am install-man \
- install-man8 install-pdf install-pdf-am install-ps \
- install-ps-am install-sbinPROGRAMS install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-man uninstall-man8 \
- uninstall-sbinPROGRAMS
-
-
-export AM_CPPFLAGS
-export AM_CFLAGS
-export XA_SRCDIR
-export XA_TOPSRCDIR
-export XA_ABSTOPSRCDIR
-
-all-local: user-all-local
-
-install-exec-local: user-install-local
-
-clean-local: user-clean-local
-
-user-all-local:
- ${MAKE} ${_mcall} all;
-
-# Have no user-install-data-local ATM
-user-install-local: user-install-exec-local
-
-user-install-exec-local:
- ${MAKE} ${_mcall} install;
-
-user-clean-local:
- ${MAKE} ${_mcall} clean;
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/Mbuild
^
|
@@ -1,7 +0,0 @@
-# -*- Makefile -*-
-
-obj-m += $(addprefix lib,$(patsubst %.c,%.so,$(notdir \
- $(wildcard ${XA_SRCDIR}/ipset_*.c))))
-
-libipset_%.oo: ${XA_SRCDIR}/ipset_%.c
- ${AM_V_CC}${CC} ${AM_DEPFLAGS} ${AM_CPPFLAGS} ${AM_CFLAGS} -DPIC -fPIC ${CPPFLAGS} ${CFLAGS} -o $@ -c $<;
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/VERSION.txt
^
|
@@ -1 +0,0 @@
-4.5
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set.c
^
|
@@ -1,1531 +0,0 @@
-/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
- * Patrick Schaaf <bof@bof.de>
- * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module for IP set management */
-
-#include <linux/version.h>
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-#include <linux/config.h>
-#endif
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/kmod.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include <linux/random.h>
-#include "ip_set_jhash.h"
-#include <linux/errno.h>
-#include <linux/capability.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
-#include <asm/semaphore.h>
-#else
-#include <linux/semaphore.h>
-#endif
-#include <linux/spinlock.h>
-
-#define ASSERT_READ_LOCK(x)
-#define ASSERT_WRITE_LOCK(x)
-#include <linux/netfilter.h>
-#include "ip_set.h"
-
-static struct list_head set_type_list; /* all registered sets */
-static struct ip_set **ip_set_list; /* all individual sets */
-static DEFINE_RWLOCK(ip_set_lock); /* protects the lists and the hash */
-static struct semaphore ip_set_app_mutex; /* serializes user access */
-static ip_set_id_t ip_set_max = CONFIG_IP_NF_SET_MAX;
-static int protocol_version = IP_SET_PROTOCOL_VERSION;
-
-#define STREQ(a,b) (strncmp(a,b,IP_SET_MAXNAMELEN) == 0)
-#define DONT_ALIGN (protocol_version == IP_SET_PROTOCOL_UNALIGNED)
-#define ALIGNED(len) IPSET_VALIGN(len, DONT_ALIGN)
-
-/*
- * Sets are identified either by the index in ip_set_list or by id.
- * The id never changes. The index may change by swapping and used
- * by external references (set/SET netfilter modules, etc.)
- *
- * Userspace requests are serialized by ip_set_mutex and sets can
- * be deleted only from userspace. Therefore ip_set_list locking
- * must obey the following rules:
- *
- * - kernel requests: read and write locking mandatory
- * - user requests: read locking optional, write locking mandatory
- */
-
-static inline void
-__ip_set_get(ip_set_id_t index)
-{
- atomic_inc(&ip_set_list[index]->ref);
-}
-
-static inline void
-__ip_set_put(ip_set_id_t index)
-{
- atomic_dec(&ip_set_list[index]->ref);
-}
-
-/* Add, del and test set entries from kernel */
-
-int
-ip_set_testip_kernel(ip_set_id_t index,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- struct ip_set *set;
- int res;
-
- read_lock_bh(&ip_set_lock);
- set = ip_set_list[index];
- IP_SET_ASSERT(set);
- DP("set %s, index %u", set->name, index);
-
- read_lock_bh(&set->lock);
- res = set->type->testip_kernel(set, skb, flags);
- read_unlock_bh(&set->lock);
-
- read_unlock_bh(&ip_set_lock);
-
- return (res < 0 ? 0 : res);
-}
-
-int
-ip_set_addip_kernel(ip_set_id_t index,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- struct ip_set *set;
- int res;
-
- retry:
- read_lock_bh(&ip_set_lock);
- set = ip_set_list[index];
- IP_SET_ASSERT(set);
- DP("set %s, index %u", set->name, index);
-
- write_lock_bh(&set->lock);
- res = set->type->addip_kernel(set, skb, flags);
- write_unlock_bh(&set->lock);
-
- read_unlock_bh(&ip_set_lock);
- /* Retry function called without holding any lock */
- if (res == -EAGAIN
- && set->type->retry
- && (res = set->type->retry(set)) == 0)
- goto retry;
-
- return res;
-}
-
-int
-ip_set_delip_kernel(ip_set_id_t index,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- struct ip_set *set;
- int res;
-
- read_lock_bh(&ip_set_lock);
- set = ip_set_list[index];
- IP_SET_ASSERT(set);
- DP("set %s, index %u", set->name, index);
-
- write_lock_bh(&set->lock);
- res = set->type->delip_kernel(set, skb, flags);
- write_unlock_bh(&set->lock);
-
- read_unlock_bh(&ip_set_lock);
-
- return res;
-}
-
-/* Register and deregister settype */
-
-static inline struct ip_set_type *
-find_set_type(const char *name)
-{
- struct ip_set_type *set_type;
-
- list_for_each_entry(set_type, &set_type_list, list)
- if (STREQ(set_type->typename, name))
- return set_type;
- return NULL;
-}
-
-int
-ip_set_register_set_type(struct ip_set_type *set_type)
-{
- int ret = 0;
-
- if (set_type->protocol_version != IP_SET_PROTOCOL_VERSION) {
- ip_set_printk("'%s' uses wrong protocol version %u (want %u)",
- set_type->typename,
- set_type->protocol_version,
- IP_SET_PROTOCOL_VERSION);
- return -EINVAL;
- }
-
- write_lock_bh(&ip_set_lock);
- if (find_set_type(set_type->typename)) {
- /* Duplicate! */
- ip_set_printk("'%s' already registered!",
- set_type->typename);
- ret = -EINVAL;
- goto unlock;
- }
- if (!try_module_get(THIS_MODULE)) {
- ret = -EFAULT;
- goto unlock;
- }
- list_add(&set_type->list, &set_type_list);
- DP("'%s' registered.", set_type->typename);
- unlock:
- write_unlock_bh(&ip_set_lock);
- return ret;
-}
-
-void
-ip_set_unregister_set_type(struct ip_set_type *set_type)
-{
- write_lock_bh(&ip_set_lock);
- if (!find_set_type(set_type->typename)) {
- ip_set_printk("'%s' not registered?",
- set_type->typename);
- goto unlock;
- }
- list_del(&set_type->list);
- module_put(THIS_MODULE);
- DP("'%s' unregistered.", set_type->typename);
- unlock:
- write_unlock_bh(&ip_set_lock);
-
-}
-
-ip_set_id_t
-__ip_set_get_byname(const char *name, struct ip_set **set)
-{
- ip_set_id_t i, index = IP_SET_INVALID_ID;
-
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL
- && STREQ(ip_set_list[i]->name, name)) {
- __ip_set_get(i);
- index = i;
- *set = ip_set_list[i];
- break;
- }
- }
- return index;
-}
-
-void
-__ip_set_put_byindex(ip_set_id_t index)
-{
- if (ip_set_list[index])
- __ip_set_put(index);
-}
-
-/*
- * Userspace routines
- */
-
-/*
- * Find set by name, reference it once. The reference makes sure the
- * thing pointed to, does not go away under our feet. Drop the reference
- * later, using ip_set_put().
- */
-ip_set_id_t
-ip_set_get_byname(const char *name)
-{
- ip_set_id_t i, index = IP_SET_INVALID_ID;
-
- down(&ip_set_app_mutex);
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL
- && STREQ(ip_set_list[i]->name, name)) {
- __ip_set_get(i);
- index = i;
- break;
- }
- }
- up(&ip_set_app_mutex);
- return index;
-}
-
-/*
- * Find set by index, reference it once. The reference makes sure the
- * thing pointed to, does not go away under our feet. Drop the reference
- * later, using ip_set_put().
- */
-ip_set_id_t
-ip_set_get_byindex(ip_set_id_t index)
-{
- down(&ip_set_app_mutex);
-
- if (index >= ip_set_max)
- return IP_SET_INVALID_ID;
-
- if (ip_set_list[index])
- __ip_set_get(index);
- else
- index = IP_SET_INVALID_ID;
-
- up(&ip_set_app_mutex);
- return index;
-}
-
-/*
- * Find the set id belonging to the index.
- * We are protected by the mutex, so we do not need to use
- * ip_set_lock. There is no need to reference the sets either.
- */
-ip_set_id_t
-ip_set_id(ip_set_id_t index)
-{
- if (index >= ip_set_max || !ip_set_list[index])
- return IP_SET_INVALID_ID;
-
- return ip_set_list[index]->id;
-}
-
-/*
- * If the given set pointer points to a valid set, decrement
- * reference count by 1. The caller shall not assume the index
- * to be valid, after calling this function.
- */
-void
-ip_set_put_byindex(ip_set_id_t index)
-{
- down(&ip_set_app_mutex);
- if (ip_set_list[index])
- __ip_set_put(index);
- up(&ip_set_app_mutex);
-}
-
-/* Find a set by name or index */
-static ip_set_id_t
-ip_set_find_byname(const char *name)
-{
- ip_set_id_t i, index = IP_SET_INVALID_ID;
-
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL
- && STREQ(ip_set_list[i]->name, name)) {
- index = i;
- break;
- }
- }
- return index;
-}
-
-static ip_set_id_t
-ip_set_find_byindex(ip_set_id_t index)
-{
- if (index >= ip_set_max || ip_set_list[index] == NULL)
- index = IP_SET_INVALID_ID;
-
- return index;
-}
-
-/*
- * Add, del and test
- */
-
-static int
-ip_set_addip(struct ip_set *set, const void *data, u_int32_t size)
-{
- int res;
-
- IP_SET_ASSERT(set);
- do {
- write_lock_bh(&set->lock);
- res = set->type->addip(set, data, size);
- write_unlock_bh(&set->lock);
- } while (res == -EAGAIN
- && set->type->retry
- && (res = set->type->retry(set)) == 0);
-
- return res;
-}
-
-static int
-ip_set_delip(struct ip_set *set, const void *data, u_int32_t size)
-{
- int res;
-
- IP_SET_ASSERT(set);
-
- write_lock_bh(&set->lock);
- res = set->type->delip(set, data, size);
- write_unlock_bh(&set->lock);
-
- return res;
-}
-
-static int
-ip_set_testip(struct ip_set *set, const void *data, u_int32_t size)
-{
- int res;
-
- IP_SET_ASSERT(set);
-
- read_lock_bh(&set->lock);
- res = set->type->testip(set, data, size);
- read_unlock_bh(&set->lock);
-
- return (res > 0 ? -EEXIST : res);
-}
-
-static struct ip_set_type *
-find_set_type_rlock(const char *typename)
-{
- struct ip_set_type *type;
-
- read_lock_bh(&ip_set_lock);
- type = find_set_type(typename);
- if (type == NULL)
- read_unlock_bh(&ip_set_lock);
-
- return type;
-}
-
-static int
-find_free_id(const char *name,
- ip_set_id_t *index,
- ip_set_id_t *id)
-{
- ip_set_id_t i;
-
- *id = IP_SET_INVALID_ID;
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] == NULL) {
- if (*id == IP_SET_INVALID_ID)
- *id = *index = i;
- } else if (STREQ(name, ip_set_list[i]->name))
- /* Name clash */
- return -EEXIST;
- }
- if (*id == IP_SET_INVALID_ID)
- /* No free slot remained */
- return -ERANGE;
- /* Check that index is usable as id (swapping) */
- check:
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL
- && ip_set_list[i]->id == *id) {
- *id = i;
- goto check;
- }
- }
- return 0;
-}
-
-/*
- * Create a set
- */
-static int
-ip_set_create(const char *name,
- const char *typename,
- ip_set_id_t restore,
- const void *data,
- u_int32_t size)
-{
- struct ip_set *set;
- ip_set_id_t index = 0, id;
- int res = 0;
-
- DP("setname: %s, typename: %s, id: %u", name, typename, restore);
-
- /*
- * First, and without any locks, allocate and initialize
- * a normal base set structure.
- */
- set = kmalloc(sizeof(struct ip_set), GFP_KERNEL);
- if (!set)
- return -ENOMEM;
- rwlock_init(&set->lock);
- strncpy(set->name, name, IP_SET_MAXNAMELEN);
- atomic_set(&set->ref, 0);
-
- /*
- * Next, take the &ip_set_lock, check that we know the type,
- * and take a reference on the type, to make sure it
- * stays available while constructing our new set.
- *
- * After referencing the type, we drop the &ip_set_lock,
- * and let the new set construction run without locks.
- */
- set->type = find_set_type_rlock(typename);
- if (set->type == NULL) {
- /* Try loading the module */
- char modulename[IP_SET_MAXNAMELEN + strlen("ip_set_") + 1];
- strcpy(modulename, "ip_set_");
- strcat(modulename, typename);
- DP("try to load %s", modulename);
- request_module(modulename);
- set->type = find_set_type_rlock(typename);
- }
- if (set->type == NULL) {
- ip_set_printk("no set type '%s', set '%s' not created",
- typename, name);
- res = -ENOENT;
- goto out;
- }
- if (!try_module_get(set->type->me)) {
- read_unlock_bh(&ip_set_lock);
- res = -EFAULT;
- goto out;
- }
- read_unlock_bh(&ip_set_lock);
-
- /* Check request size */
- if (size != set->type->header_size) {
- ip_set_printk("data length wrong (want %lu, have %lu)",
- (long unsigned)set->type->header_size,
- (long unsigned)size);
- goto put_out;
- }
-
- /*
- * Without holding any locks, create private part.
- */
- res = set->type->create(set, data, size);
- if (res != 0)
- goto put_out;
-
- /* BTW, res==0 here. */
-
- /*
- * Here, we have a valid, constructed set. &ip_set_lock again,
- * find free id/index and check that it is not already in
- * ip_set_list.
- */
- write_lock_bh(&ip_set_lock);
- if ((res = find_free_id(set->name, &index, &id)) != 0) {
- DP("no free id!");
- goto cleanup;
- }
-
- /* Make sure restore gets the same index */
- if (restore != IP_SET_INVALID_ID && index != restore) {
- DP("Can't restore, sets are screwed up");
- res = -ERANGE;
- goto cleanup;
- }
-
- /*
- * Finally! Add our shiny new set to the list, and be done.
- */
- DP("create: '%s' created with index %u, id %u!", set->name, index, id);
- set->id = id;
- ip_set_list[index] = set;
- write_unlock_bh(&ip_set_lock);
- return res;
-
- cleanup:
- write_unlock_bh(&ip_set_lock);
- set->type->destroy(set);
- put_out:
- module_put(set->type->me);
- out:
- kfree(set);
- return res;
-}
-
-/*
- * Destroy a given existing set
- */
-static void
-ip_set_destroy_set(ip_set_id_t index)
-{
- struct ip_set *set = ip_set_list[index];
-
- IP_SET_ASSERT(set);
- DP("set: %s", set->name);
- write_lock_bh(&ip_set_lock);
- ip_set_list[index] = NULL;
- write_unlock_bh(&ip_set_lock);
-
- /* Must call it without holding any lock */
- set->type->destroy(set);
- module_put(set->type->me);
- kfree(set);
-}
-
-/*
- * Destroy a set - or all sets
- * Sets must not be referenced/used.
- */
-static int
-ip_set_destroy(ip_set_id_t index)
-{
- ip_set_id_t i;
-
- /* ref modification always protected by the mutex */
- if (index != IP_SET_INVALID_ID) {
- if (atomic_read(&ip_set_list[index]->ref))
- return -EBUSY;
- ip_set_destroy_set(index);
- } else {
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL
- && (atomic_read(&ip_set_list[i]->ref)))
- return -EBUSY;
- }
-
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL)
- ip_set_destroy_set(i);
- }
- }
- return 0;
-}
-
-static void
-ip_set_flush_set(struct ip_set *set)
-{
- DP("set: %s %u", set->name, set->id);
-
- write_lock_bh(&set->lock);
- set->type->flush(set);
- write_unlock_bh(&set->lock);
-}
-
-/*
- * Flush data in a set - or in all sets
- */
-static int
-ip_set_flush(ip_set_id_t index)
-{
- if (index != IP_SET_INVALID_ID) {
- IP_SET_ASSERT(ip_set_list[index]);
- ip_set_flush_set(ip_set_list[index]);
- } else {
- ip_set_id_t i;
-
- for (i = 0; i < ip_set_max; i++)
- if (ip_set_list[i] != NULL)
- ip_set_flush_set(ip_set_list[i]);
- }
-
- return 0;
-}
-
-/* Rename a set */
-static int
-ip_set_rename(ip_set_id_t index, const char *name)
-{
- struct ip_set *set = ip_set_list[index];
- ip_set_id_t i;
- int res = 0;
-
- DP("set: %s to %s", set->name, name);
- write_lock_bh(&ip_set_lock);
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL
- && STREQ(ip_set_list[i]->name, name)) {
- res = -EEXIST;
- goto unlock;
- }
- }
- strncpy(set->name, name, IP_SET_MAXNAMELEN);
- unlock:
- write_unlock_bh(&ip_set_lock);
- return res;
-}
-
-/*
- * Swap two sets so that name/index points to the other.
- * References are also swapped.
- */
-static int
-ip_set_swap(ip_set_id_t from_index, ip_set_id_t to_index)
-{
- struct ip_set *from = ip_set_list[from_index];
- struct ip_set *to = ip_set_list[to_index];
- char from_name[IP_SET_MAXNAMELEN];
- u_int32_t from_ref;
-
- DP("set: %s to %s", from->name, to->name);
- /* Features must not change.
- * Not an artifical restriction anymore, as we must prevent
- * possible loops created by swapping in setlist type of sets. */
- if (from->type->features != to->type->features)
- return -ENOEXEC;
-
- /* No magic here: ref munging protected by the mutex */
- write_lock_bh(&ip_set_lock);
- strncpy(from_name, from->name, IP_SET_MAXNAMELEN);
- from_ref = atomic_read(&from->ref);
-
- strncpy(from->name, to->name, IP_SET_MAXNAMELEN);
- atomic_set(&from->ref, atomic_read(&to->ref));
- strncpy(to->name, from_name, IP_SET_MAXNAMELEN);
- atomic_set(&to->ref, from_ref);
-
- ip_set_list[from_index] = to;
- ip_set_list[to_index] = from;
-
- write_unlock_bh(&ip_set_lock);
- return 0;
-}
-
-/*
- * List set data
- */
-
-static int
-ip_set_list_set(ip_set_id_t index, void *data, int *used, int len)
-{
- struct ip_set *set = ip_set_list[index];
- struct ip_set_list *set_list;
-
- /* Pointer to our header */
- set_list = data + *used;
-
- DP("set: %s, used: %d len %u %p %p", set->name, *used, len, data, data + *used);
-
- /* Get and ensure header size */
- if (*used + ALIGNED(sizeof(struct ip_set_list)) > len)
- goto not_enough_mem;
- *used += ALIGNED(sizeof(struct ip_set_list));
-
- read_lock_bh(&set->lock);
- /* Get and ensure set specific header size */
- set_list->header_size = ALIGNED(set->type->header_size);
- if (*used + set_list->header_size > len)
- goto unlock_set;
-
- /* Fill in the header */
- set_list->index = index;
- set_list->binding = IP_SET_INVALID_ID;
- set_list->ref = atomic_read(&set->ref);
-
- /* Fill in set spefific header data */
- set->type->list_header(set, data + *used);
- *used += set_list->header_size;
-
- /* Get and ensure set specific members size */
- set_list->members_size = set->type->list_members_size(set, DONT_ALIGN);
- if (*used + set_list->members_size > len)
- goto unlock_set;
-
- /* Fill in set spefific members data */
- set->type->list_members(set, data + *used, DONT_ALIGN);
- *used += set_list->members_size;
- read_unlock_bh(&set->lock);
-
- /* Bindings */
- set_list->bindings_size = 0;
-
- return 0;
-
- unlock_set:
- read_unlock_bh(&set->lock);
- not_enough_mem:
- DP("not enough mem, try again");
- return -EAGAIN;
-}
-
-/*
- * Save sets
- */
-static inline int
-ip_set_save_marker(void *data, int *used, int len)
-{
- struct ip_set_save *set_save;
-
- DP("used %u, len %u", *used, len);
- /* Get and ensure header size */
- if (*used + ALIGNED(sizeof(struct ip_set_save)) > len)
- return -ENOMEM;
-
- /* Marker: just for backward compatibility */
- set_save = data + *used;
- set_save->index = IP_SET_INVALID_ID;
- set_save->header_size = 0;
- set_save->members_size = 0;
- *used += ALIGNED(sizeof(struct ip_set_save));
-
- return 0;
-}
-
-static int
-ip_set_save_set(ip_set_id_t index, void *data, int *used, int len)
-{
- struct ip_set *set;
- struct ip_set_save *set_save;
-
- /* Pointer to our header */
- set_save = data + *used;
-
- /* Get and ensure header size */
- if (*used + ALIGNED(sizeof(struct ip_set_save)) > len)
- goto not_enough_mem;
- *used += ALIGNED(sizeof(struct ip_set_save));
-
- set = ip_set_list[index];
- DP("set: %s, used: %d(%d) %p %p", set->name, *used, len,
- data, data + *used);
-
- read_lock_bh(&set->lock);
- /* Get and ensure set specific header size */
- set_save->header_size = ALIGNED(set->type->header_size);
- if (*used + set_save->header_size > len)
- goto unlock_set;
-
- /* Fill in the header */
- set_save->index = index;
- set_save->binding = IP_SET_INVALID_ID;
-
- /* Fill in set spefific header data */
- set->type->list_header(set, data + *used);
- *used += set_save->header_size;
-
- DP("set header filled: %s, used: %d(%lu) %p %p", set->name, *used,
- (unsigned long)set_save->header_size, data, data + *used);
- /* Get and ensure set specific members size */
- set_save->members_size = set->type->list_members_size(set, DONT_ALIGN);
- if (*used + set_save->members_size > len)
- goto unlock_set;
-
- /* Fill in set spefific members data */
- set->type->list_members(set, data + *used, DONT_ALIGN);
- *used += set_save->members_size;
- read_unlock_bh(&set->lock);
- DP("set members filled: %s, used: %d(%lu) %p %p", set->name, *used,
- (unsigned long)set_save->members_size, data, data + *used);
- return 0;
-
- unlock_set:
- read_unlock_bh(&set->lock);
- not_enough_mem:
- DP("not enough mem, try again");
- return -EAGAIN;
-}
-
-/*
- * Restore sets
- */
-static int
-ip_set_restore(void *data, int len)
-{
- int res = 0;
- int line = 0, used = 0, members_size;
- struct ip_set *set;
- struct ip_set_restore *set_restore;
- ip_set_id_t index;
-
- /* Loop to restore sets */
- while (1) {
- line++;
-
- DP("%d %zu %d", used, ALIGNED(sizeof(struct ip_set_restore)), len);
- /* Get and ensure header size */
- if (used + ALIGNED(sizeof(struct ip_set_restore)) > len)
- return line;
- set_restore = data + used;
- used += ALIGNED(sizeof(struct ip_set_restore));
-
- /* Ensure data size */
- if (used
- + set_restore->header_size
- + set_restore->members_size > len)
- return line;
-
- /* Check marker */
- if (set_restore->index == IP_SET_INVALID_ID) {
- line--;
- goto finish;
- }
-
- /* Try to create the set */
- DP("restore %s %s", set_restore->name, set_restore->typename);
- res = ip_set_create(set_restore->name,
- set_restore->typename,
- set_restore->index,
- data + used,
- set_restore->header_size);
-
- if (res != 0)
- return line;
- used += ALIGNED(set_restore->header_size);
-
- index = ip_set_find_byindex(set_restore->index);
- DP("index %u, restore_index %u", index, set_restore->index);
- if (index != set_restore->index)
- return line;
- /* Try to restore members data */
- set = ip_set_list[index];
- members_size = 0;
- DP("members_size %lu reqsize %lu",
- (unsigned long)set_restore->members_size,
- (unsigned long)set->type->reqsize);
- while (members_size + ALIGNED(set->type->reqsize) <=
- set_restore->members_size) {
- line++;
- DP("members: %d, line %d", members_size, line);
- res = ip_set_addip(set,
- data + used + members_size,
- set->type->reqsize);
- if (!(res == 0 || res == -EEXIST))
- return line;
- members_size += ALIGNED(set->type->reqsize);
- }
-
- DP("members_size %lu %d",
- (unsigned long)set_restore->members_size, members_size);
- if (members_size != set_restore->members_size)
- return line++;
- used += set_restore->members_size;
- }
-
- finish:
- if (used != len)
- return line;
-
- return 0;
-}
-
-static int
-ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len)
-{
- void *data;
- int res = 0; /* Assume OK */
- size_t offset;
- unsigned *op;
- struct ip_set_req_adt *req_adt;
- ip_set_id_t index = IP_SET_INVALID_ID;
- int (*adtfn)(struct ip_set *set,
- const void *data, u_int32_t size);
- struct fn_table {
- int (*fn)(struct ip_set *set,
- const void *data, u_int32_t size);
- } adtfn_table[] =
- { { ip_set_addip }, { ip_set_delip }, { ip_set_testip},
- };
-
- DP("optval=%d, user=%p, len=%d", optval, user, len);
- if (!capable(CAP_NET_ADMIN))
- return -EPERM;
- if (optval != SO_IP_SET)
- return -EBADF;
- if (len <= sizeof(unsigned)) {
- ip_set_printk("short userdata (want >%zu, got %u)",
- sizeof(unsigned), len);
- return -EINVAL;
- }
- data = vmalloc(len);
- if (!data) {
- DP("out of mem for %u bytes", len);
- return -ENOMEM;
- }
- if (copy_from_user(data, user, len) != 0) {
- res = -EFAULT;
- goto cleanup;
- }
- if (down_interruptible(&ip_set_app_mutex)) {
- res = -EINTR;
- goto cleanup;
- }
-
- op = (unsigned *)data;
- DP("op=%x", *op);
-
- if (*op < IP_SET_OP_VERSION) {
- /* Check the version at the beginning of operations */
- struct ip_set_req_version *req_version = data;
- if (!(req_version->version == IP_SET_PROTOCOL_UNALIGNED
- || req_version->version == IP_SET_PROTOCOL_VERSION)) {
- res = -EPROTO;
- goto done;
- }
- protocol_version = req_version->version;
- }
-
- switch (*op) {
- case IP_SET_OP_CREATE:{
- struct ip_set_req_create *req_create = data;
- offset = ALIGNED(sizeof(struct ip_set_req_create));
-
- if (len < offset) {
- ip_set_printk("short CREATE data (want >=%zu, got %u)",
- offset, len);
- res = -EINVAL;
- goto done;
- }
- req_create->name[IP_SET_MAXNAMELEN - 1] = '\0';
- req_create->typename[IP_SET_MAXNAMELEN - 1] = '\0';
- res = ip_set_create(req_create->name,
- req_create->typename,
- IP_SET_INVALID_ID,
- data + offset,
- len - offset);
- goto done;
- }
- case IP_SET_OP_DESTROY:{
- struct ip_set_req_std *req_destroy = data;
-
- if (len != sizeof(struct ip_set_req_std)) {
- ip_set_printk("invalid DESTROY data (want %zu, got %u)",
- sizeof(struct ip_set_req_std), len);
- res = -EINVAL;
- goto done;
- }
- if (STREQ(req_destroy->name, IPSET_TOKEN_ALL)) {
- /* Destroy all sets */
- index = IP_SET_INVALID_ID;
- } else {
- req_destroy->name[IP_SET_MAXNAMELEN - 1] = '\0';
- index = ip_set_find_byname(req_destroy->name);
-
- if (index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- }
-
- res = ip_set_destroy(index);
- goto done;
- }
- case IP_SET_OP_FLUSH:{
- struct ip_set_req_std *req_flush = data;
-
- if (len != sizeof(struct ip_set_req_std)) {
- ip_set_printk("invalid FLUSH data (want %zu, got %u)",
- sizeof(struct ip_set_req_std), len);
- res = -EINVAL;
- goto done;
- }
- if (STREQ(req_flush->name, IPSET_TOKEN_ALL)) {
- /* Flush all sets */
- index = IP_SET_INVALID_ID;
- } else {
- req_flush->name[IP_SET_MAXNAMELEN - 1] = '\0';
- index = ip_set_find_byname(req_flush->name);
-
- if (index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- }
- res = ip_set_flush(index);
- goto done;
- }
- case IP_SET_OP_RENAME:{
- struct ip_set_req_create *req_rename = data;
-
- if (len != sizeof(struct ip_set_req_create)) {
- ip_set_printk("invalid RENAME data (want %zu, got %u)",
- sizeof(struct ip_set_req_create), len);
- res = -EINVAL;
- goto done;
- }
-
- req_rename->name[IP_SET_MAXNAMELEN - 1] = '\0';
- req_rename->typename[IP_SET_MAXNAMELEN - 1] = '\0';
-
- index = ip_set_find_byname(req_rename->name);
- if (index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- res = ip_set_rename(index, req_rename->typename);
- goto done;
- }
- case IP_SET_OP_SWAP:{
- struct ip_set_req_create *req_swap = data;
- ip_set_id_t to_index;
-
- if (len != sizeof(struct ip_set_req_create)) {
- ip_set_printk("invalid SWAP data (want %zu, got %u)",
- sizeof(struct ip_set_req_create), len);
- res = -EINVAL;
- goto done;
- }
-
- req_swap->name[IP_SET_MAXNAMELEN - 1] = '\0';
- req_swap->typename[IP_SET_MAXNAMELEN - 1] = '\0';
-
- index = ip_set_find_byname(req_swap->name);
- if (index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- to_index = ip_set_find_byname(req_swap->typename);
- if (to_index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- res = ip_set_swap(index, to_index);
- goto done;
- }
- default:
- break; /* Set identified by id */
- }
-
- /* There we may have add/del/test/bind/unbind/test_bind operations */
- if (*op < IP_SET_OP_ADD_IP || *op > IP_SET_OP_TEST_IP) {
- res = -EBADMSG;
- goto done;
- }
- adtfn = adtfn_table[*op - IP_SET_OP_ADD_IP].fn;
-
- if (len < ALIGNED(sizeof(struct ip_set_req_adt))) {
- ip_set_printk("short data in adt request (want >=%zu, got %u)",
- ALIGNED(sizeof(struct ip_set_req_adt)), len);
- res = -EINVAL;
- goto done;
- }
- req_adt = data;
-
- index = ip_set_find_byindex(req_adt->index);
- if (index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- do {
- struct ip_set *set = ip_set_list[index];
- size_t offset = ALIGNED(sizeof(struct ip_set_req_adt));
-
- IP_SET_ASSERT(set);
-
- if (len - offset != set->type->reqsize) {
- ip_set_printk("data length wrong (want %lu, have %zu)",
- (long unsigned)set->type->reqsize,
- len - offset);
- res = -EINVAL;
- goto done;
- }
- res = adtfn(set, data + offset, len - offset);
- } while (0);
-
- done:
- up(&ip_set_app_mutex);
- cleanup:
- vfree(data);
- if (res > 0)
- res = 0;
- DP("final result %d", res);
- return res;
-}
-
-static int
-ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len)
-{
- int res = 0;
- unsigned *op;
- ip_set_id_t index = IP_SET_INVALID_ID;
- void *data;
- int copylen = *len;
-
- DP("optval=%d, user=%p, len=%d", optval, user, *len);
- if (!capable(CAP_NET_ADMIN))
- return -EPERM;
- if (optval != SO_IP_SET)
- return -EBADF;
- if (*len < sizeof(unsigned)) {
- ip_set_printk("short userdata (want >=%zu, got %d)",
- sizeof(unsigned), *len);
- return -EINVAL;
- }
- data = vmalloc(*len);
- if (!data) {
- DP("out of mem for %d bytes", *len);
- return -ENOMEM;
- }
- if (copy_from_user(data, user, *len) != 0) {
- res = -EFAULT;
- goto cleanup;
- }
- if (down_interruptible(&ip_set_app_mutex)) {
- res = -EINTR;
- goto cleanup;
- }
-
- op = (unsigned *) data;
- DP("op=%x", *op);
-
- if (*op < IP_SET_OP_VERSION) {
- /* Check the version at the beginning of operations */
- struct ip_set_req_version *req_version = data;
- if (!(req_version->version == IP_SET_PROTOCOL_UNALIGNED
- || req_version->version == IP_SET_PROTOCOL_VERSION)) {
- res = -EPROTO;
- goto done;
- }
- protocol_version = req_version->version;
- }
-
- switch (*op) {
- case IP_SET_OP_VERSION: {
- struct ip_set_req_version *req_version = data;
-
- if (*len != sizeof(struct ip_set_req_version)) {
- ip_set_printk("invalid VERSION (want %zu, got %d)",
- sizeof(struct ip_set_req_version),
- *len);
- res = -EINVAL;
- goto done;
- }
-
- req_version->version = IP_SET_PROTOCOL_VERSION;
- res = copy_to_user(user, req_version,
- sizeof(struct ip_set_req_version));
- goto done;
- }
- case IP_SET_OP_GET_BYNAME: {
- struct ip_set_req_get_set *req_get = data;
-
- if (*len != sizeof(struct ip_set_req_get_set)) {
- ip_set_printk("invalid GET_BYNAME (want %zu, got %d)",
- sizeof(struct ip_set_req_get_set), *len);
- res = -EINVAL;
- goto done;
- }
- req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0';
- index = ip_set_find_byname(req_get->set.name);
- req_get->set.index = index;
- goto copy;
- }
- case IP_SET_OP_GET_BYINDEX: {
- struct ip_set_req_get_set *req_get = data;
-
- if (*len != sizeof(struct ip_set_req_get_set)) {
- ip_set_printk("invalid GET_BYINDEX (want %zu, got %d)",
- sizeof(struct ip_set_req_get_set), *len);
- res = -EINVAL;
- goto done;
- }
- req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0';
- index = ip_set_find_byindex(req_get->set.index);
- strncpy(req_get->set.name,
- index == IP_SET_INVALID_ID ? ""
- : ip_set_list[index]->name, IP_SET_MAXNAMELEN);
- goto copy;
- }
- case IP_SET_OP_ADT_GET: {
- struct ip_set_req_adt_get *req_get = data;
-
- if (*len != sizeof(struct ip_set_req_adt_get)) {
- ip_set_printk("invalid ADT_GET (want %zu, got %d)",
- sizeof(struct ip_set_req_adt_get), *len);
- res = -EINVAL;
- goto done;
- }
- req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0';
- index = ip_set_find_byname(req_get->set.name);
- if (index != IP_SET_INVALID_ID) {
- req_get->set.index = index;
- strncpy(req_get->typename,
- ip_set_list[index]->type->typename,
- IP_SET_MAXNAMELEN - 1);
- } else {
- res = -ENOENT;
- goto done;
- }
- goto copy;
- }
- case IP_SET_OP_MAX_SETS: {
- struct ip_set_req_max_sets *req_max_sets = data;
- ip_set_id_t i;
-
- if (*len != sizeof(struct ip_set_req_max_sets)) {
- ip_set_printk("invalid MAX_SETS (want %zu, got %d)",
- sizeof(struct ip_set_req_max_sets), *len);
- res = -EINVAL;
- goto done;
- }
-
- if (STREQ(req_max_sets->set.name, IPSET_TOKEN_ALL)) {
- req_max_sets->set.index = IP_SET_INVALID_ID;
- } else {
- req_max_sets->set.name[IP_SET_MAXNAMELEN - 1] = '\0';
- req_max_sets->set.index =
- ip_set_find_byname(req_max_sets->set.name);
- if (req_max_sets->set.index == IP_SET_INVALID_ID) {
- res = -ENOENT;
- goto done;
- }
- }
- req_max_sets->max_sets = ip_set_max;
- req_max_sets->sets = 0;
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] != NULL)
- req_max_sets->sets++;
- }
- goto copy;
- }
- case IP_SET_OP_LIST_SIZE:
- case IP_SET_OP_SAVE_SIZE: {
- struct ip_set_req_setnames *req_setnames = data;
- struct ip_set_name_list *name_list;
- struct ip_set *set;
- ip_set_id_t i;
- int used;
-
- if (*len < ALIGNED(sizeof(struct ip_set_req_setnames))) {
- ip_set_printk("short LIST_SIZE (want >=%zu, got %d)",
- ALIGNED(sizeof(struct ip_set_req_setnames)),
- *len);
- res = -EINVAL;
- goto done;
- }
-
- req_setnames->size = 0;
- used = ALIGNED(sizeof(struct ip_set_req_setnames));
- for (i = 0; i < ip_set_max; i++) {
- if (ip_set_list[i] == NULL)
- continue;
- name_list = data + used;
- used += ALIGNED(sizeof(struct ip_set_name_list));
- if (used > copylen) {
- res = -EAGAIN;
- goto done;
- }
- set = ip_set_list[i];
- /* Fill in index, name, etc. */
- name_list->index = i;
- name_list->id = set->id;
- strncpy(name_list->name,
- set->name,
- IP_SET_MAXNAMELEN - 1);
- strncpy(name_list->typename,
- set->type->typename,
- IP_SET_MAXNAMELEN - 1);
- DP("filled %s of type %s, index %u\n",
- name_list->name, name_list->typename,
- name_list->index);
- if (!(req_setnames->index == IP_SET_INVALID_ID
- || req_setnames->index == i))
- continue;
- /* Update size */
- req_setnames->size +=
- (*op == IP_SET_OP_LIST_SIZE ?
- ALIGNED(sizeof(struct ip_set_list)) :
- ALIGNED(sizeof(struct ip_set_save)))
- + ALIGNED(set->type->header_size)
- + set->type->list_members_size(set, DONT_ALIGN);
- }
- if (copylen != used) {
- res = -EAGAIN;
- goto done;
- }
- goto copy;
- }
- case IP_SET_OP_LIST: {
- struct ip_set_req_list *req_list = data;
- ip_set_id_t i;
- int used;
-
- if (*len < sizeof(struct ip_set_req_list)) {
- ip_set_printk("short LIST (want >=%zu, got %d)",
- sizeof(struct ip_set_req_list), *len);
- res = -EINVAL;
- goto done;
- }
- index = req_list->index;
- if (index != IP_SET_INVALID_ID
- && ip_set_find_byindex(index) != index) {
- res = -ENOENT;
- goto done;
- }
- used = 0;
- if (index == IP_SET_INVALID_ID) {
- /* List all sets */
- for (i = 0; i < ip_set_max && res == 0; i++) {
- if (ip_set_list[i] != NULL)
- res = ip_set_list_set(i, data, &used, *len);
- }
- } else {
- /* List an individual set */
- res = ip_set_list_set(index, data, &used, *len);
- }
- if (res != 0)
- goto done;
- else if (copylen != used) {
- res = -EAGAIN;
- goto done;
- }
- goto copy;
- }
- case IP_SET_OP_SAVE: {
- struct ip_set_req_list *req_save = data;
- ip_set_id_t i;
- int used;
-
- if (*len < sizeof(struct ip_set_req_list)) {
- ip_set_printk("short SAVE (want >=%zu, got %d)",
- sizeof(struct ip_set_req_list), *len);
- res = -EINVAL;
- goto done;
- }
- index = req_save->index;
- if (index != IP_SET_INVALID_ID
- && ip_set_find_byindex(index) != index) {
- res = -ENOENT;
- goto done;
- }
-
-#define SETLIST(set) (strcmp(set->type->typename, "setlist") == 0)
-
- used = 0;
- if (index == IP_SET_INVALID_ID) {
- /* Save all sets: ugly setlist type dependency */
- int setlist = 0;
- setlists:
- for (i = 0; i < ip_set_max && res == 0; i++) {
- if (ip_set_list[i] != NULL
- && !(setlist ^ SETLIST(ip_set_list[i])))
- res = ip_set_save_set(i, data, &used, *len);
- }
- if (!setlist) {
- setlist = 1;
- goto setlists;
- }
- } else {
- /* Save an individual set */
- res = ip_set_save_set(index, data, &used, *len);
- }
- if (res == 0)
- res = ip_set_save_marker(data, &used, *len);
-
- if (res != 0)
- goto done;
- else if (copylen != used) {
- res = -EAGAIN;
- goto done;
- }
- goto copy;
- }
- case IP_SET_OP_RESTORE: {
- struct ip_set_req_setnames *req_restore = data;
- size_t offset = ALIGNED(sizeof(struct ip_set_req_setnames));
- int line;
-
- if (*len < offset || *len != req_restore->size) {
- ip_set_printk("invalid RESTORE (want =%lu, got %d)",
- (long unsigned)req_restore->size, *len);
- res = -EINVAL;
- goto done;
- }
- line = ip_set_restore(data + offset, req_restore->size - offset);
- DP("ip_set_restore: %d", line);
- if (line != 0) {
- res = -EAGAIN;
- req_restore->size = line;
- copylen = sizeof(struct ip_set_req_setnames);
- goto copy;
- }
- goto done;
- }
- default:
- res = -EBADMSG;
- goto done;
- } /* end of switch(op) */
-
- copy:
- DP("set %s, copylen %d", index != IP_SET_INVALID_ID
- && ip_set_list[index]
- ? ip_set_list[index]->name
- : ":all:", copylen);
- res = copy_to_user(user, data, copylen);
-
- done:
- up(&ip_set_app_mutex);
- cleanup:
- vfree(data);
- if (res > 0)
- res = 0;
- DP("final result %d", res);
- return res;
-}
-
-static struct nf_sockopt_ops so_set = {
- .pf = PF_INET,
- .set_optmin = SO_IP_SET,
- .set_optmax = SO_IP_SET + 1,
- .set = &ip_set_sockfn_set,
- .get_optmin = SO_IP_SET,
- .get_optmax = SO_IP_SET + 1,
- .get = &ip_set_sockfn_get,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
- .use = 0,
-#else
- .owner = THIS_MODULE,
-#endif
-};
-
-static int max_sets;
-
-module_param(max_sets, int, 0600);
-MODULE_PARM_DESC(max_sets, "maximal number of sets");
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("module implementing core IP set support");
-
-static int __init
-ip_set_init(void)
-{
- int res;
-
- /* For the -rt branch, DECLARE_MUTEX/init_MUTEX avoided */
- sema_init(&ip_set_app_mutex, 1);
-
- if (max_sets)
- ip_set_max = max_sets;
- if (ip_set_max >= IP_SET_INVALID_ID)
- ip_set_max = IP_SET_INVALID_ID - 1;
-
- ip_set_list = vmalloc(sizeof(struct ip_set *) * ip_set_max);
- if (!ip_set_list) {
- printk(KERN_ERR "Unable to create ip_set_list\n");
- return -ENOMEM;
- }
- memset(ip_set_list, 0, sizeof(struct ip_set *) * ip_set_max);
-
- INIT_LIST_HEAD(&set_type_list);
-
- res = nf_register_sockopt(&so_set);
- if (res != 0) {
- ip_set_printk("SO_SET registry failed: %d", res);
- vfree(ip_set_list);
- return res;
- }
-
- printk("ip_set version %u loaded\n", IP_SET_PROTOCOL_VERSION);
- return 0;
-}
-
-static void __exit
-ip_set_fini(void)
-{
- /* There can't be any existing set or binding */
- nf_unregister_sockopt(&so_set);
- vfree(ip_set_list);
- DP("these are the famous last words");
-}
-
-EXPORT_SYMBOL(ip_set_register_set_type);
-EXPORT_SYMBOL(ip_set_unregister_set_type);
-
-EXPORT_SYMBOL(ip_set_get_byname);
-EXPORT_SYMBOL(ip_set_get_byindex);
-EXPORT_SYMBOL(ip_set_put_byindex);
-EXPORT_SYMBOL(ip_set_id);
-EXPORT_SYMBOL(__ip_set_get_byname);
-EXPORT_SYMBOL(__ip_set_put_byindex);
-
-EXPORT_SYMBOL(ip_set_addip_kernel);
-EXPORT_SYMBOL(ip_set_delip_kernel);
-EXPORT_SYMBOL(ip_set_testip_kernel);
-
-module_init(ip_set_init);
-module_exit(ip_set_fini);
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set.h
^
|
@@ -1,569 +0,0 @@
-#ifndef _IP_SET_H
-#define _IP_SET_H
-
-/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
- * Patrick Schaaf <bof@bof.de>
- * Martin Josefsson <gandalf@wlug.westbo.se>
- * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef CONFIG_IP_NF_SET_MAX
- /* from 2 to 65534 */
-# define CONFIG_IP_NF_SET_MAX 256
-#endif
-#ifndef CONFIG_IP_NF_SET_HASHSIZE
-# define CONFIG_IP_NF_SET_HASHSIZE 1024
-#endif
-
-#if 0
-#define IP_SET_DEBUG
-#endif
-
-/*
- * A sockopt of such quality has hardly ever been seen before on the open
- * market! This little beauty, hardly ever used: above 64, so it's
- * traditionally used for firewalling, not touched (even once!) by the
- * 2.0, 2.2 and 2.4 kernels!
- *
- * Comes with its own certificate of authenticity, valid anywhere in the
- * Free world!
- *
- * Rusty, 19.4.2000
- */
-#define SO_IP_SET 83
-
-/*
- * Heavily modify by Joakim Axelsson 08.03.2002
- * - Made it more modulebased
- *
- * Additional heavy modifications by Jozsef Kadlecsik 22.02.2004
- * - bindings added
- * - in order to "deal with" backward compatibility, renamed to ipset
- */
-
-/*
- * Used so that the kernel module and ipset-binary can match their versions
- */
-#define IP_SET_PROTOCOL_UNALIGNED 3
-#define IP_SET_PROTOCOL_VERSION 4
-
-#define IP_SET_MAXNAMELEN 32 /* set names and set typenames */
-
-/* Lets work with our own typedef for representing an IP address.
- * We hope to make the code more portable, possibly to IPv6...
- *
- * The representation works in HOST byte order, because most set types
- * will perform arithmetic operations and compare operations.
- *
- * For now the type is an uint32_t.
- *
- * Make sure to ONLY use the functions when translating and parsing
- * in order to keep the host byte order and make it more portable:
- * parse_ip()
- * parse_mask()
- * parse_ipandmask()
- * ip_tostring()
- * (Joakim: where are they???)
- */
-
-typedef uint32_t ip_set_ip_t;
-
-/* Sets are identified by an id in kernel space. Tweak with ip_set_id_t
- * and IP_SET_INVALID_ID if you want to increase the max number of sets.
- */
-typedef uint16_t ip_set_id_t;
-
-#define IP_SET_INVALID_ID 65535
-
-/* How deep we follow bindings */
-#define IP_SET_MAX_BINDINGS 6
-
-/*
- * Option flags for kernel operations (ipt_set_info)
- */
-#define IPSET_SRC 0x01 /* Source match/add */
-#define IPSET_DST 0x02 /* Destination match/add */
-#define IPSET_MATCH_INV 0x04 /* Inverse matching */
-
-/*
- * Set features
- */
-#define IPSET_TYPE_IP 0x01 /* IP address type of set */
-#define IPSET_TYPE_PORT 0x02 /* Port type of set */
-#define IPSET_DATA_SINGLE 0x04 /* Single data storage */
-#define IPSET_DATA_DOUBLE 0x08 /* Double data storage */
-#define IPSET_DATA_TRIPLE 0x10 /* Triple data storage */
-#define IPSET_TYPE_IP1 0x20 /* IP address type of set */
-#define IPSET_TYPE_SETNAME 0x40 /* setname type of set */
-
-/* Reserved keywords */
-#define IPSET_TOKEN_DEFAULT ":default:"
-#define IPSET_TOKEN_ALL ":all:"
-
-/* SO_IP_SET operation constants, and their request struct types.
- *
- * Operation ids:
- * 0-99: commands with version checking
- * 100-199: add/del/test/bind/unbind
- * 200-299: list, save, restore
- */
-
-/* Single shot operations:
- * version, create, destroy, flush, rename and swap
- *
- * Sets are identified by name.
- */
-
-#define IP_SET_REQ_STD \
- unsigned op; \
- unsigned version; \
- char name[IP_SET_MAXNAMELEN]
-
-#define IP_SET_OP_CREATE 0x00000001 /* Create a new (empty) set */
-struct ip_set_req_create {
- IP_SET_REQ_STD;
- char typename[IP_SET_MAXNAMELEN];
-};
-
-#define IP_SET_OP_DESTROY 0x00000002 /* Remove a (empty) set */
-struct ip_set_req_std {
- IP_SET_REQ_STD;
-};
-
-#define IP_SET_OP_FLUSH 0x00000003 /* Remove all IPs in a set */
-/* Uses ip_set_req_std */
-
-#define IP_SET_OP_RENAME 0x00000004 /* Rename a set */
-/* Uses ip_set_req_create */
-
-#define IP_SET_OP_SWAP 0x00000005 /* Swap two sets */
-/* Uses ip_set_req_create */
-
-union ip_set_name_index {
- char name[IP_SET_MAXNAMELEN];
- ip_set_id_t index;
-};
-
-#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
-struct ip_set_req_get_set {
- unsigned op;
- unsigned version;
- union ip_set_name_index set;
-};
-
-#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
-/* Uses ip_set_req_get_set */
-
-#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
-struct ip_set_req_version {
- unsigned op;
- unsigned version;
-};
-
-/* Double shots operations:
- * add, del, test, bind and unbind.
- *
- * First we query the kernel to get the index and type of the target set,
- * then issue the command. Validity of IP is checked in kernel in order
- * to minimalize sockopt operations.
- */
-
-/* Get minimal set data for add/del/test/bind/unbind IP */
-#define IP_SET_OP_ADT_GET 0x00000010 /* Get set and type */
-struct ip_set_req_adt_get {
- unsigned op;
- unsigned version;
- union ip_set_name_index set;
- char typename[IP_SET_MAXNAMELEN];
-};
-
-#define IP_SET_REQ_BYINDEX \
- unsigned op; \
- ip_set_id_t index;
-
-struct ip_set_req_adt {
- IP_SET_REQ_BYINDEX;
-};
-
-#define IP_SET_OP_ADD_IP 0x00000101 /* Add an IP to a set */
-/* Uses ip_set_req_adt, with type specific addage */
-
-#define IP_SET_OP_DEL_IP 0x00000102 /* Remove an IP from a set */
-/* Uses ip_set_req_adt, with type specific addage */
-
-#define IP_SET_OP_TEST_IP 0x00000103 /* Test an IP in a set */
-/* Uses ip_set_req_adt, with type specific addage */
-
-#define IP_SET_OP_BIND_SET 0x00000104 /* Bind an IP to a set */
-/* Uses ip_set_req_bind, with type specific addage */
-struct ip_set_req_bind {
- IP_SET_REQ_BYINDEX;
- char binding[IP_SET_MAXNAMELEN];
-};
-
-#define IP_SET_OP_UNBIND_SET 0x00000105 /* Unbind an IP from a set */
-/* Uses ip_set_req_bind, with type speficic addage
- * index = 0 means unbinding for all sets */
-
-#define IP_SET_OP_TEST_BIND_SET 0x00000106 /* Test binding an IP to a set */
-/* Uses ip_set_req_bind, with type specific addage */
-
-/* Multiple shots operations: list, save, restore.
- *
- * - check kernel version and query the max number of sets
- * - get the basic information on all sets
- * and size required for the next step
- * - get actual set data: header, data, bindings
- */
-
-/* Get max_sets and the index of a queried set
- */
-#define IP_SET_OP_MAX_SETS 0x00000020
-struct ip_set_req_max_sets {
- unsigned op;
- unsigned version;
- ip_set_id_t max_sets; /* max_sets */
- ip_set_id_t sets; /* real number of sets */
- union ip_set_name_index set; /* index of set if name used */
-};
-
-/* Get the id and name of the sets plus size for next step */
-#define IP_SET_OP_LIST_SIZE 0x00000201
-#define IP_SET_OP_SAVE_SIZE 0x00000202
-struct ip_set_req_setnames {
- unsigned op;
- ip_set_id_t index; /* set to list/save */
- u_int32_t size; /* size to get setdata */
- /* followed by sets number of struct ip_set_name_list */
-};
-
-struct ip_set_name_list {
- char name[IP_SET_MAXNAMELEN];
- char typename[IP_SET_MAXNAMELEN];
- ip_set_id_t index;
- ip_set_id_t id;
-};
-
-/* The actual list operation */
-#define IP_SET_OP_LIST 0x00000203
-struct ip_set_req_list {
- IP_SET_REQ_BYINDEX;
- /* sets number of struct ip_set_list in reply */
-};
-
-struct ip_set_list {
- ip_set_id_t index;
- ip_set_id_t binding;
- u_int32_t ref;
- u_int32_t header_size; /* Set header data of header_size */
- u_int32_t members_size; /* Set members data of members_size */
- u_int32_t bindings_size;/* Set bindings data of bindings_size */
-};
-
-struct ip_set_hash_list {
- ip_set_ip_t ip;
- ip_set_id_t binding;
-};
-
-/* The save operation */
-#define IP_SET_OP_SAVE 0x00000204
-/* Uses ip_set_req_list, in the reply replaced by
- * sets number of struct ip_set_save plus a marker
- * ip_set_save followed by ip_set_hash_save structures.
- */
-struct ip_set_save {
- ip_set_id_t index;
- ip_set_id_t binding;
- u_int32_t header_size; /* Set header data of header_size */
- u_int32_t members_size; /* Set members data of members_size */
-};
-
-/* At restoring, ip == 0 means default binding for the given set: */
-struct ip_set_hash_save {
- ip_set_ip_t ip;
- ip_set_id_t id;
- ip_set_id_t binding;
-};
-
-/* The restore operation */
-#define IP_SET_OP_RESTORE 0x00000205
-/* Uses ip_set_req_setnames followed by ip_set_restore structures
- * plus a marker ip_set_restore, followed by ip_set_hash_save
- * structures.
- */
-struct ip_set_restore {
- char name[IP_SET_MAXNAMELEN];
- char typename[IP_SET_MAXNAMELEN];
- ip_set_id_t index;
- u_int32_t header_size; /* Create data of header_size */
- u_int32_t members_size; /* Set members data of members_size */
-};
-
-static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b)
-{
- return 4 * ((((b - a + 8) / 8) + 3) / 4);
-}
-
-/* General limit for the elements in a set */
-#define MAX_RANGE 0x0000FFFF
-
-/* Alignment: 'unsigned long' unsupported */
-#define IPSET_ALIGNTO 4
-#define IPSET_ALIGN(len) (((len) + IPSET_ALIGNTO - 1) & ~(IPSET_ALIGNTO - 1))
-#define IPSET_VALIGN(len, old) ((old) ? (len) : IPSET_ALIGN(len))
-
-#ifdef __KERNEL__
-#include "ip_set_compat.h"
-#include "ip_set_malloc.h"
-
-#define ip_set_printk(format, args...) \
- do { \
- printk("%s: %s: ", __FILE__, __FUNCTION__); \
- printk(format "\n" , ## args); \
- } while (0)
-
-#if defined(IP_SET_DEBUG)
-#define DP(format, args...) \
- do { \
- printk("%s: %s (DBG): ", __FILE__, __FUNCTION__);\
- printk(format "\n" , ## args); \
- } while (0)
-#define IP_SET_ASSERT(x) \
- do { \
- if (!(x)) \
- printk("IP_SET_ASSERT: %s:%i(%s)\n", \
- __FILE__, __LINE__, __FUNCTION__); \
- } while (0)
-#else
-#define DP(format, args...)
-#define IP_SET_ASSERT(x)
-#endif
-
-struct ip_set;
-
-/*
- * The ip_set_type definition - one per set type, e.g. "ipmap".
- *
- * Each individual set has a pointer, set->type, going to one
- * of these structures. Function pointers inside the structure implement
- * the real behaviour of the sets.
- *
- * If not mentioned differently, the implementation behind the function
- * pointers of a set_type, is expected to return 0 if ok, and a negative
- * errno (e.g. -EINVAL) on error.
- */
-struct ip_set_type {
- struct list_head list; /* next in list of set types */
-
- /* test for IP in set (kernel: iptables -m set src|dst)
- * return 0 if not in set, 1 if in set.
- */
- int (*testip_kernel) (struct ip_set *set,
- const struct sk_buff * skb,
- const u_int32_t *flags);
-
- /* test for IP in set (userspace: ipset -T set IP)
- * return 0 if not in set, 1 if in set.
- */
- int (*testip) (struct ip_set *set,
- const void *data, u_int32_t size);
-
- /*
- * Size of the data structure passed by when
- * adding/deletin/testing an entry.
- */
- u_int32_t reqsize;
-
- /* Add IP into set (userspace: ipset -A set IP)
- * Return -EEXIST if the address is already in the set,
- * and -ERANGE if the address lies outside the set bounds.
- * If the address was not already in the set, 0 is returned.
- */
- int (*addip) (struct ip_set *set,
- const void *data, u_int32_t size);
-
- /* Add IP into set (kernel: iptables ... -j SET set src|dst)
- * Return -EEXIST if the address is already in the set,
- * and -ERANGE if the address lies outside the set bounds.
- * If the address was not already in the set, 0 is returned.
- */
- int (*addip_kernel) (struct ip_set *set,
- const struct sk_buff * skb,
- const u_int32_t *flags);
-
- /* remove IP from set (userspace: ipset -D set --entry x)
- * Return -EEXIST if the address is NOT in the set,
- * and -ERANGE if the address lies outside the set bounds.
- * If the address really was in the set, 0 is returned.
- */
- int (*delip) (struct ip_set *set,
- const void *data, u_int32_t size);
-
- /* remove IP from set (kernel: iptables ... -j SET --entry x)
- * Return -EEXIST if the address is NOT in the set,
- * and -ERANGE if the address lies outside the set bounds.
- * If the address really was in the set, 0 is returned.
- */
- int (*delip_kernel) (struct ip_set *set,
- const struct sk_buff * skb,
- const u_int32_t *flags);
-
- /* new set creation - allocated type specific items
- */
- int (*create) (struct ip_set *set,
- const void *data, u_int32_t size);
-
- /* retry the operation after successfully tweaking the set
- */
- int (*retry) (struct ip_set *set);
-
- /* set destruction - free type specific items
- * There is no return value.
- * Can be called only when child sets are destroyed.
- */
- void (*destroy) (struct ip_set *set);
-
- /* set flushing - reset all bits in the set, or something similar.
- * There is no return value.
- */
- void (*flush) (struct ip_set *set);
-
- /* Listing: size needed for header
- */
- u_int32_t header_size;
-
- /* Listing: Get the header
- *
- * Fill in the information in "data".
- * This function is always run after list_header_size() under a
- * writelock on the set. Therefor is the length of "data" always
- * correct.
- */
- void (*list_header) (const struct ip_set *set,
- void *data);
-
- /* Listing: Get the size for the set members
- */
- int (*list_members_size) (const struct ip_set *set, char dont_align);
-
- /* Listing: Get the set members
- *
- * Fill in the information in "data".
- * This function is always run after list_member_size() under a
- * writelock on the set. Therefor is the length of "data" always
- * correct.
- */
- void (*list_members) (const struct ip_set *set,
- void *data, char dont_align);
-
- char typename[IP_SET_MAXNAMELEN];
- unsigned char features;
- int protocol_version;
-
- /* Set this to THIS_MODULE if you are a module, otherwise NULL */
- struct module *me;
-};
-
-extern int ip_set_register_set_type(struct ip_set_type *set_type);
-extern void ip_set_unregister_set_type(struct ip_set_type *set_type);
-
-/* A generic ipset */
-struct ip_set {
- char name[IP_SET_MAXNAMELEN]; /* the name of the set */
- rwlock_t lock; /* lock for concurrency control */
- ip_set_id_t id; /* set id for swapping */
- atomic_t ref; /* in kernel and in hash references */
- struct ip_set_type *type; /* the set types */
- void *data; /* pooltype specific data */
-};
-
-/* register and unregister set references */
-extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]);
-extern ip_set_id_t ip_set_get_byindex(ip_set_id_t index);
-extern void ip_set_put_byindex(ip_set_id_t index);
-extern ip_set_id_t ip_set_id(ip_set_id_t index);
-extern ip_set_id_t __ip_set_get_byname(const char name[IP_SET_MAXNAMELEN],
- struct ip_set **set);
-extern void __ip_set_put_byindex(ip_set_id_t index);
-
-/* API for iptables set match, and SET target */
-extern int ip_set_addip_kernel(ip_set_id_t id,
- const struct sk_buff *skb,
- const u_int32_t *flags);
-extern int ip_set_delip_kernel(ip_set_id_t id,
- const struct sk_buff *skb,
- const u_int32_t *flags);
-extern int ip_set_testip_kernel(ip_set_id_t id,
- const struct sk_buff *skb,
- const u_int32_t *flags);
-
-/* Macros to generate functions */
-
-#define STRUCT(pre, type) CONCAT2(pre, type)
-#define CONCAT2(pre, type) struct pre##type
-
-#define FNAME(pre, mid, post) CONCAT3(pre, mid, post)
-#define CONCAT3(pre, mid, post) pre##mid##post
-
-#define UADT0(type, adt, args...) \
-static int \
-FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size)\
-{ \
- const STRUCT(ip_set_req_,type) *req = data; \
- \
- return FNAME(type,_,adt)(set , ## args); \
-}
-
-#define UADT(type, adt, args...) \
- UADT0(type, adt, req->ip , ## args)
-
-#define KADT(type, adt, getfn, args...) \
-static int \
-FNAME(type,_k,adt)(struct ip_set *set, \
- const struct sk_buff *skb, \
- const u_int32_t *flags) \
-{ \
- ip_set_ip_t ip = getfn(skb, flags); \
- \
- KADT_CONDITION \
- return FNAME(type,_,adt)(set, ip , ##args); \
-}
-
-#define REGISTER_MODULE(type) \
-static int __init ip_set_##type##_init(void) \
-{ \
- init_max_page_size(); \
- return ip_set_register_set_type(&ip_set_##type); \
-} \
- \
-static void __exit ip_set_##type##_fini(void) \
-{ \
- /* FIXME: possible race with ip_set_create() */ \
- ip_set_unregister_set_type(&ip_set_##type); \
-} \
- \
-module_init(ip_set_##type##_init); \
-module_exit(ip_set_##type##_fini);
-
-/* Common functions */
-
-static inline ip_set_ip_t
-ipaddr(const struct sk_buff *skb, const u_int32_t *flags)
-{
- return ntohl(flags[0] & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr);
-}
-
-#define jhash_ip(map, i, ip) jhash_1word(ip, *(map->initval + i))
-
-#define pack_ip_port(map, ip, port) \
- (port + ((ip - ((map)->first_ip)) << 16))
-
-#endif /* __KERNEL__ */
-
-#define UNUSED __attribute__ ((unused))
-
-#endif /*_IP_SET_H*/
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_bitmaps.h
^
|
@@ -1,120 +0,0 @@
-#ifndef __IP_SET_BITMAPS_H
-#define __IP_SET_BITMAPS_H
-
-/* Macros to generate functions */
-
-#ifdef __KERNEL__
-#define BITMAP_CREATE(type) \
-static int \
-type##_create(struct ip_set *set, const void *data, u_int32_t size) \
-{ \
- int newbytes; \
- const struct ip_set_req_##type##_create *req = data; \
- struct ip_set_##type *map; \
- \
- if (req->from > req->to) { \
- DP("bad range"); \
- return -ENOEXEC; \
- } \
- \
- map = kmalloc(sizeof(struct ip_set_##type), GFP_KERNEL); \
- if (!map) { \
- DP("out of memory for %zu bytes", \
- sizeof(struct ip_set_##type)); \
- return -ENOMEM; \
- } \
- map->first_ip = req->from; \
- map->last_ip = req->to; \
- \
- newbytes = __##type##_create(req, map); \
- if (newbytes < 0) { \
- kfree(map); \
- return newbytes; \
- } \
- \
- map->size = newbytes; \
- map->members = ip_set_malloc(newbytes); \
- if (!map->members) { \
- DP("out of memory for %i bytes", newbytes); \
- kfree(map); \
- return -ENOMEM; \
- } \
- memset(map->members, 0, newbytes); \
- \
- set->data = map; \
- return 0; \
-}
-
-#define BITMAP_DESTROY(type) \
-static void \
-type##_destroy(struct ip_set *set) \
-{ \
- struct ip_set_##type *map = set->data; \
- \
- ip_set_free(map->members, map->size); \
- kfree(map); \
- \
- set->data = NULL; \
-}
-
-#define BITMAP_FLUSH(type) \
-static void \
-type##_flush(struct ip_set *set) \
-{ \
- struct ip_set_##type *map = set->data; \
- memset(map->members, 0, map->size); \
-}
-
-#define BITMAP_LIST_HEADER(type) \
-static void \
-type##_list_header(const struct ip_set *set, void *data) \
-{ \
- const struct ip_set_##type *map = set->data; \
- struct ip_set_req_##type##_create *header = data; \
- \
- header->from = map->first_ip; \
- header->to = map->last_ip; \
- __##type##_list_header(map, header); \
-}
-
-#define BITMAP_LIST_MEMBERS_SIZE(type, dtype, sizeid, testfn) \
-static int \
-type##_list_members_size(const struct ip_set *set, char dont_align) \
-{ \
- const struct ip_set_##type *map = set->data; \
- ip_set_ip_t i, elements = 0; \
- \
- if (dont_align) \
- return map->size; \
- \
- for (i = 0; i < sizeid; i++) \
- if (testfn) \
- elements++; \
- \
- return elements * IPSET_ALIGN(sizeof(dtype)); \
-}
-
-#define IP_SET_TYPE(type, __features) \
-struct ip_set_type ip_set_##type = { \
- .typename = #type, \
- .features = __features, \
- .protocol_version = IP_SET_PROTOCOL_VERSION, \
- .create = &type##_create, \
- .destroy = &type##_destroy, \
- .flush = &type##_flush, \
- .reqsize = sizeof(struct ip_set_req_##type), \
- .addip = &type##_uadd, \
- .addip_kernel = &type##_kadd, \
- .delip = &type##_udel, \
- .delip_kernel = &type##_kdel, \
- .testip = &type##_utest, \
- .testip_kernel = &type##_ktest, \
- .header_size = sizeof(struct ip_set_req_##type##_create),\
- .list_header = &type##_list_header, \
- .list_members_size = &type##_list_members_size, \
- .list_members = &type##_list_members, \
- .me = THIS_MODULE, \
-};
-#endif /* __KERNEL */
-
-#endif /* __IP_SET_BITMAPS_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_compat.h
^
|
@@ -1,92 +0,0 @@
-#ifndef _IP_SET_COMPAT_H
-#define _IP_SET_COMPAT_H
-
-#ifdef __KERNEL__
-#include <linux/version.h>
-
-/* Arrgh */
-#ifdef MODULE
-#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo)
-#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo)
-#else
-#define __MOD_INC(foo) 1
-#define __MOD_DEC(foo)
-#endif
-
-/* Backward compatibility */
-#ifndef __nocast
-#define __nocast
-#endif
-#ifndef __bitwise__
-#define __bitwise__
-#endif
-
-/* Compatibility glue code */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-#include <linux/interrupt.h>
-#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED
-#define try_module_get(x) __MOD_INC(x)
-#define module_put(x) __MOD_DEC(x)
-#define __clear_bit(nr, addr) clear_bit(nr, addr)
-#define __set_bit(nr, addr) set_bit(nr, addr)
-#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr)
-#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr)
-
-typedef unsigned __bitwise__ gfp_t;
-
-static inline void *kzalloc(size_t size, gfp_t flags)
-{
- void *data = kmalloc(size, flags);
-
- if (data)
- memset(data, 0, size);
-
- return data;
-}
-#endif
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
-#define __KMEM_CACHE_T__ kmem_cache_t
-#else
-#define __KMEM_CACHE_T__ struct kmem_cache
-#endif
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
-#define ip_hdr(skb) ((skb)->nh.iph)
-#define skb_mac_header(skb) ((skb)->mac.raw)
-#define eth_hdr(skb) ((struct ethhdr *)skb_mac_header(skb))
-#endif
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
-#include <linux/netfilter.h>
-#define KMEM_CACHE_CREATE(name, size) \
- kmem_cache_create(name, size, 0, 0, NULL, NULL)
-#else
-#define KMEM_CACHE_CREATE(name, size) \
- kmem_cache_create(name, size, 0, 0, NULL)
-#endif
-
-#ifndef NIPQUAD
-#define NIPQUAD(addr) \
- ((unsigned char *)&addr)[0], \
- ((unsigned char *)&addr)[1], \
- ((unsigned char *)&addr)[2], \
- ((unsigned char *)&addr)[3]
-#endif
-
-#ifndef HIPQUAD
-#if defined(__LITTLE_ENDIAN)
-#define HIPQUAD(addr) \
- ((unsigned char *)&addr)[3], \
- ((unsigned char *)&addr)[2], \
- ((unsigned char *)&addr)[1], \
- ((unsigned char *)&addr)[0]
-#elif defined(__BIG_ENDIAN)
-#define HIPQUAD NIPQUAD
-#else
-#error "Please fix asm/byteorder.h"
-#endif /* __LITTLE_ENDIAN */
-#endif
-
-#endif /* __KERNEL__ */
-#endif /* _IP_SET_COMPAT_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_getport.h
^
|
@@ -1,48 +0,0 @@
-#ifndef _IP_SET_GETPORT_H
-#define _IP_SET_GETPORT_H
-
-#ifdef __KERNEL__
-
-#define INVALID_PORT (MAX_RANGE + 1)
-
-/* We must handle non-linear skbs */
-static inline ip_set_ip_t
-get_port(const struct sk_buff *skb, const u_int32_t *flags)
-{
- struct iphdr *iph = ip_hdr(skb);
- u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
- switch (iph->protocol) {
- case IPPROTO_TCP: {
- struct tcphdr tcph;
-
- /* See comments at tcp_match in ip_tables.c */
- if (offset)
- return INVALID_PORT;
-
- if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
- /* No choice either */
- return INVALID_PORT;
-
- return ntohs(flags[0] & IPSET_SRC ?
- tcph.source : tcph.dest);
- }
- case IPPROTO_UDP: {
- struct udphdr udph;
-
- if (offset)
- return INVALID_PORT;
-
- if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
- /* No choice either */
- return INVALID_PORT;
-
- return ntohs(flags[0] & IPSET_SRC ?
- udph.source : udph.dest);
- }
- default:
- return INVALID_PORT;
- }
-}
-#endif /* __KERNEL__ */
-
-#endif /*_IP_SET_GETPORT_H*/
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_hashes.h
^
|
@@ -1,314 +0,0 @@
-#ifndef __IP_SET_HASHES_H
-#define __IP_SET_HASHES_H
-
-#define initval_t uint32_t
-
-/* Macros to generate functions */
-
-#ifdef __KERNEL__
-#define HASH_RETRY0(type, dtype, cond) \
-static int \
-type##_retry(struct ip_set *set) \
-{ \
- struct ip_set_##type *map = set->data, *tmp; \
- dtype *elem; \
- void *members; \
- u_int32_t i, hashsize = map->hashsize; \
- int res; \
- \
- if (map->resize == 0) \
- return -ERANGE; \
- \
- again: \
- res = 0; \
- \
- /* Calculate new hash size */ \
- hashsize += (hashsize * map->resize)/100; \
- if (hashsize == map->hashsize) \
- hashsize++; \
- \
- ip_set_printk("rehashing of set %s triggered: " \
- "hashsize grows from %lu to %lu", \
- set->name, \
- (long unsigned)map->hashsize, \
- (long unsigned)hashsize); \
- \
- tmp = kmalloc(sizeof(struct ip_set_##type) \
- + map->probes * sizeof(initval_t), GFP_ATOMIC); \
- if (!tmp) { \
- DP("out of memory for %zu bytes", \
- sizeof(struct ip_set_##type) \
- + map->probes * sizeof(initval_t)); \
- return -ENOMEM; \
- } \
- tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\
- if (!tmp->members) { \
- DP("out of memory for %zu bytes", hashsize * sizeof(dtype));\
- kfree(tmp); \
- return -ENOMEM; \
- } \
- tmp->hashsize = hashsize; \
- tmp->elements = 0; \
- tmp->probes = map->probes; \
- tmp->resize = map->resize; \
- memcpy(tmp->initval, map->initval, map->probes * sizeof(initval_t));\
- __##type##_retry(tmp, map); \
- \
- write_lock_bh(&set->lock); \
- map = set->data; /* Play safe */ \
- for (i = 0; i < map->hashsize && res == 0; i++) { \
- elem = HARRAY_ELEM(map->members, dtype *, i); \
- if (cond) \
- res = __##type##_add(tmp, elem); \
- } \
- if (res) { \
- /* Failure, try again */ \
- write_unlock_bh(&set->lock); \
- harray_free(tmp->members); \
- kfree(tmp); \
- goto again; \
- } \
- \
- /* Success at resizing! */ \
- members = map->members; \
- \
- map->hashsize = tmp->hashsize; \
- map->members = tmp->members; \
- write_unlock_bh(&set->lock); \
- \
- harray_free(members); \
- kfree(tmp); \
- \
- return 0; \
-}
-
-#define HASH_RETRY(type, dtype) \
- HASH_RETRY0(type, dtype, *elem)
-
-#define HASH_RETRY2(type, dtype) \
- HASH_RETRY0(type, dtype, elem->ip || elem->ip1)
-
-#define HASH_CREATE(type, dtype) \
-static int \
-type##_create(struct ip_set *set, const void *data, u_int32_t size) \
-{ \
- const struct ip_set_req_##type##_create *req = data; \
- struct ip_set_##type *map; \
- uint16_t i; \
- \
- if (req->hashsize < 1) { \
- ip_set_printk("hashsize too small"); \
- return -ENOEXEC; \
- } \
- \
- if (req->probes < 1) { \
- ip_set_printk("probes too small"); \
- return -ENOEXEC; \
- } \
- \
- map = kmalloc(sizeof(struct ip_set_##type) \
- + req->probes * sizeof(initval_t), GFP_KERNEL); \
- if (!map) { \
- DP("out of memory for %zu bytes", \
- sizeof(struct ip_set_##type) \
- + req->probes * sizeof(initval_t)); \
- return -ENOMEM; \
- } \
- for (i = 0; i < req->probes; i++) \
- get_random_bytes(((initval_t *) map->initval)+i, 4); \
- map->elements = 0; \
- map->hashsize = req->hashsize; \
- map->probes = req->probes; \
- map->resize = req->resize; \
- if (__##type##_create(req, map)) { \
- kfree(map); \
- return -ENOEXEC; \
- } \
- map->members = harray_malloc(map->hashsize, sizeof(dtype), GFP_KERNEL);\
- if (!map->members) { \
- DP("out of memory for %zu bytes", map->hashsize * sizeof(dtype));\
- kfree(map); \
- return -ENOMEM; \
- } \
- \
- set->data = map; \
- return 0; \
-}
-
-#define HASH_DESTROY(type) \
-static void \
-type##_destroy(struct ip_set *set) \
-{ \
- struct ip_set_##type *map = set->data; \
- \
- harray_free(map->members); \
- kfree(map); \
- \
- set->data = NULL; \
-}
-
-#define HASH_FLUSH(type, dtype) \
-static void \
-type##_flush(struct ip_set *set) \
-{ \
- struct ip_set_##type *map = set->data; \
- harray_flush(map->members, map->hashsize, sizeof(dtype)); \
- map->elements = 0; \
-}
-
-#define HASH_FLUSH_CIDR(type, dtype) \
-static void \
-type##_flush(struct ip_set *set) \
-{ \
- struct ip_set_##type *map = set->data; \
- harray_flush(map->members, map->hashsize, sizeof(dtype)); \
- memset(map->cidr, 0, sizeof(map->cidr)); \
- memset(map->nets, 0, sizeof(map->nets)); \
- map->elements = 0; \
-}
-
-#define HASH_LIST_HEADER(type) \
-static void \
-type##_list_header(const struct ip_set *set, void *data) \
-{ \
- const struct ip_set_##type *map = set->data; \
- struct ip_set_req_##type##_create *header = data; \
- \
- header->hashsize = map->hashsize; \
- header->probes = map->probes; \
- header->resize = map->resize; \
- __##type##_list_header(map, header); \
-}
-
-#define HASH_LIST_MEMBERS_SIZE(type, dtype) \
-static int \
-type##_list_members_size(const struct ip_set *set, char dont_align) \
-{ \
- const struct ip_set_##type *map = set->data; \
- \
- return (map->elements * IPSET_VALIGN(sizeof(dtype), dont_align));\
-}
-
-#define HASH_LIST_MEMBERS(type, dtype) \
-static void \
-type##_list_members(const struct ip_set *set, void *data, char dont_align)\
-{ \
- const struct ip_set_##type *map = set->data; \
- dtype *elem, *d; \
- uint32_t i, n = 0; \
- \
- for (i = 0; i < map->hashsize; i++) { \
- elem = HARRAY_ELEM(map->members, dtype *, i); \
- if (*elem) { \
- d = data + n * IPSET_VALIGN(sizeof(dtype), dont_align);\
- *d = *elem; \
- n++; \
- } \
- } \
-}
-
-#define HASH_LIST_MEMBERS_MEMCPY(type, dtype, nonzero) \
-static void \
-type##_list_members(const struct ip_set *set, void *data, char dont_align)\
-{ \
- const struct ip_set_##type *map = set->data; \
- dtype *elem; \
- uint32_t i, n = 0; \
- \
- for (i = 0; i < map->hashsize; i++) { \
- elem = HARRAY_ELEM(map->members, dtype *, i); \
- if (nonzero) { \
- memcpy(data + n * IPSET_VALIGN(sizeof(dtype), dont_align),\
- elem, sizeof(dtype)); \
- n++; \
- } \
- } \
-}
-
-#define IP_SET_RTYPE(type, __features) \
-struct ip_set_type ip_set_##type = { \
- .typename = #type, \
- .features = __features, \
- .protocol_version = IP_SET_PROTOCOL_VERSION, \
- .create = &type##_create, \
- .retry = &type##_retry, \
- .destroy = &type##_destroy, \
- .flush = &type##_flush, \
- .reqsize = sizeof(struct ip_set_req_##type), \
- .addip = &type##_uadd, \
- .addip_kernel = &type##_kadd, \
- .delip = &type##_udel, \
- .delip_kernel = &type##_kdel, \
- .testip = &type##_utest, \
- .testip_kernel = &type##_ktest, \
- .header_size = sizeof(struct ip_set_req_##type##_create),\
- .list_header = &type##_list_header, \
- .list_members_size = &type##_list_members_size, \
- .list_members = &type##_list_members, \
- .me = THIS_MODULE, \
-};
-
-/* Helper functions */
-static inline void
-add_cidr_size(uint8_t *cidr, uint8_t size)
-{
- uint8_t next;
- int i;
-
- for (i = 0; i < 30 && cidr[i]; i++) {
- if (cidr[i] < size) {
- next = cidr[i];
- cidr[i] = size;
- size = next;
- }
- }
- if (i < 30)
- cidr[i] = size;
-}
-
-static inline void
-del_cidr_size(uint8_t *cidr, uint8_t size)
-{
- int i;
-
- for (i = 0; i < 29 && cidr[i]; i++) {
- if (cidr[i] == size)
- cidr[i] = size = cidr[i+1];
- }
- cidr[29] = 0;
-}
-#else
-#include <arpa/inet.h>
-#endif /* __KERNEL */
-
-#ifndef UINT16_MAX
-#define UINT16_MAX 65535
-#endif
-
-static unsigned char shifts[] = {255, 253, 249, 241, 225, 193, 129, 1};
-
-static inline ip_set_ip_t
-pack_ip_cidr(ip_set_ip_t ip, unsigned char cidr)
-{
- ip_set_ip_t addr, *paddr = &addr;
- unsigned char n, t, *a;
-
- addr = htonl(ip & (0xFFFFFFFF << (32 - (cidr))));
-#ifdef __KERNEL__
- DP("ip:%u.%u.%u.%u/%u", NIPQUAD(addr), cidr);
-#endif
- n = cidr / 8;
- t = cidr % 8;
- a = &((unsigned char *)paddr)[n];
- *a = *a /(1 << (8 - t)) + shifts[t];
-#ifdef __KERNEL__
- DP("n: %u, t: %u, a: %u", n, t, *a);
- DP("ip:%u.%u.%u.%u/%u, %u.%u.%u.%u",
- HIPQUAD(ip), cidr, NIPQUAD(addr));
-#endif
-
- return ntohl(addr);
-}
-
-
-#endif /* __IP_SET_HASHES_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iphash.c
^
|
@@ -1,164 +0,0 @@
-/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an ip hash set */
-
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include "ip_set_jhash.h"
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/random.h>
-
-#include <net/ip.h>
-
-#include "ip_set_iphash.h"
-
-static int limit = MAX_RANGE;
-
-static inline __u32
-iphash_id(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iphash *map = set->data;
- __u32 id;
- u_int16_t i;
- ip_set_ip_t *elem;
-
-
- ip &= map->netmask;
- DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip));
- for (i = 0; i < map->probes; i++) {
- id = jhash_ip(map, i, ip) % map->hashsize;
- DP("hash key: %u", id);
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
- if (*elem == ip)
- return id;
- /* No shortcut - there can be deleted entries. */
- }
- return UINT_MAX;
-}
-
-static inline int
-iphash_test(struct ip_set *set, ip_set_ip_t ip)
-{
- return (ip && iphash_id(set, ip) != UINT_MAX);
-}
-
-#define KADT_CONDITION
-
-UADT(iphash, test)
-KADT(iphash, test, ipaddr)
-
-static inline int
-__iphash_add(struct ip_set_iphash *map, ip_set_ip_t *ip)
-{
- __u32 probe;
- u_int16_t i;
- ip_set_ip_t *elem, *slot = NULL;
-
- for (i = 0; i < map->probes; i++) {
- probe = jhash_ip(map, i, *ip) % map->hashsize;
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe);
- if (*elem == *ip)
- return -EEXIST;
- if (!(slot || *elem))
- slot = elem;
- /* There can be deleted entries, must check all slots */
- }
- if (slot) {
- *slot = *ip;
- map->elements++;
- return 0;
- }
- /* Trigger rehashing */
- return -EAGAIN;
-}
-
-static inline int
-iphash_add(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iphash *map = set->data;
-
- if (!ip || map->elements >= limit)
- return -ERANGE;
-
- ip &= map->netmask;
- return __iphash_add(map, &ip);
-}
-
-UADT(iphash, add)
-KADT(iphash, add, ipaddr)
-
-static inline void
-__iphash_retry(struct ip_set_iphash *tmp, struct ip_set_iphash *map)
-{
- tmp->netmask = map->netmask;
-}
-
-HASH_RETRY(iphash, ip_set_ip_t)
-
-static inline int
-iphash_del(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iphash *map = set->data;
- ip_set_ip_t id, *elem;
-
- if (!ip)
- return -ERANGE;
-
- id = iphash_id(set, ip);
- if (id == UINT_MAX)
- return -EEXIST;
-
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
- *elem = 0;
- map->elements--;
-
- return 0;
-}
-
-UADT(iphash, del)
-KADT(iphash, del, ipaddr)
-
-static inline int
-__iphash_create(const struct ip_set_req_iphash_create *req,
- struct ip_set_iphash *map)
-{
- map->netmask = req->netmask;
-
- return 0;
-}
-
-HASH_CREATE(iphash, ip_set_ip_t)
-HASH_DESTROY(iphash)
-
-HASH_FLUSH(iphash, ip_set_ip_t)
-
-static inline void
-__iphash_list_header(const struct ip_set_iphash *map,
- struct ip_set_req_iphash_create *header)
-{
- header->netmask = map->netmask;
-}
-
-HASH_LIST_HEADER(iphash)
-HASH_LIST_MEMBERS_SIZE(iphash, ip_set_ip_t)
-HASH_LIST_MEMBERS(iphash, ip_set_ip_t)
-
-IP_SET_RTYPE(iphash, IPSET_TYPE_IP | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("iphash type of IP sets");
-module_param(limit, int, 0600);
-MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
-
-REGISTER_MODULE(iphash)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iphash.h
^
|
@@ -1,30 +0,0 @@
-#ifndef __IP_SET_IPHASH_H
-#define __IP_SET_IPHASH_H
-
-#include "ip_set.h"
-#include "ip_set_hashes.h"
-
-#define SETTYPE_NAME "iphash"
-
-struct ip_set_iphash {
- ip_set_ip_t *members; /* the iphash proper */
- uint32_t elements; /* number of elements */
- uint32_t hashsize; /* hash size */
- uint16_t probes; /* max number of probes */
- uint16_t resize; /* resize factor in percent */
- ip_set_ip_t netmask; /* netmask */
- initval_t initval[0]; /* initvals for jhash_1word */
-};
-
-struct ip_set_req_iphash_create {
- uint32_t hashsize;
- uint16_t probes;
- uint16_t resize;
- ip_set_ip_t netmask;
-};
-
-struct ip_set_req_iphash {
- ip_set_ip_t ip;
-};
-
-#endif /* __IP_SET_IPHASH_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipmap.c
^
|
@@ -1,158 +0,0 @@
-/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
- * Patrick Schaaf <bof@bof.de>
- * Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an IP set type: the single bitmap type */
-
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-
-#include "ip_set_ipmap.h"
-
-static inline ip_set_ip_t
-ip_to_id(const struct ip_set_ipmap *map, ip_set_ip_t ip)
-{
- return ((ip & map->netmask) - map->first_ip)/map->hosts;
-}
-
-static inline int
-ipmap_test(const struct ip_set *set, ip_set_ip_t ip)
-{
- const struct ip_set_ipmap *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip));
- return !!test_bit(ip_to_id(map, ip), map->members);
-}
-
-#define KADT_CONDITION
-
-UADT(ipmap, test)
-KADT(ipmap, test, ipaddr)
-
-static inline int
-ipmap_add(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_ipmap *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip));
- if (test_and_set_bit(ip_to_id(map, ip), map->members))
- return -EEXIST;
-
- return 0;
-}
-
-UADT(ipmap, add)
-KADT(ipmap, add, ipaddr)
-
-static inline int
-ipmap_del(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_ipmap *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip));
- if (!test_and_clear_bit(ip_to_id(map, ip), map->members))
- return -EEXIST;
-
- return 0;
-}
-
-UADT(ipmap, del)
-KADT(ipmap, del, ipaddr)
-
-static inline int
-__ipmap_create(const struct ip_set_req_ipmap_create *req,
- struct ip_set_ipmap *map)
-{
- map->netmask = req->netmask;
-
- if (req->netmask == 0xFFFFFFFF) {
- map->hosts = 1;
- map->sizeid = map->last_ip - map->first_ip + 1;
- } else {
- unsigned int mask_bits, netmask_bits;
- ip_set_ip_t mask;
-
- map->first_ip &= map->netmask; /* Should we better bark? */
-
- mask = range_to_mask(map->first_ip, map->last_ip, &mask_bits);
- netmask_bits = mask_to_bits(map->netmask);
-
- if ((!mask && (map->first_ip || map->last_ip != 0xFFFFFFFF))
- || netmask_bits <= mask_bits)
- return -ENOEXEC;
-
- DP("mask_bits %u, netmask_bits %u",
- mask_bits, netmask_bits);
- map->hosts = 2 << (32 - netmask_bits - 1);
- map->sizeid = 2 << (netmask_bits - mask_bits - 1);
- }
- if (map->sizeid > MAX_RANGE + 1) {
- ip_set_printk("range too big, %d elements (max %d)",
- map->sizeid, MAX_RANGE+1);
- return -ENOEXEC;
- }
- DP("hosts %u, sizeid %u", map->hosts, map->sizeid);
- return bitmap_bytes(0, map->sizeid - 1);
-}
-
-BITMAP_CREATE(ipmap)
-BITMAP_DESTROY(ipmap)
-BITMAP_FLUSH(ipmap)
-
-static inline void
-__ipmap_list_header(const struct ip_set_ipmap *map,
- struct ip_set_req_ipmap_create *header)
-{
- header->netmask = map->netmask;
-}
-
-BITMAP_LIST_HEADER(ipmap)
-BITMAP_LIST_MEMBERS_SIZE(ipmap, ip_set_ip_t, map->sizeid,
- test_bit(i, map->members))
-
-static void
-ipmap_list_members(const struct ip_set *set, void *data, char dont_align)
-{
- const struct ip_set_ipmap *map = set->data;
- uint32_t i, n = 0;
- ip_set_ip_t *d;
-
- if (dont_align) {
- memcpy(data, map->members, map->size);
- return;
- }
-
- for (i = 0; i < map->sizeid; i++)
- if (test_bit(i, map->members)) {
- d = data + n * IPSET_ALIGN(sizeof(ip_set_ip_t));
- *d = map->first_ip + i * map->hosts;
- n++;
- }
-}
-
-IP_SET_TYPE(ipmap, IPSET_TYPE_IP | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("ipmap type of IP sets");
-
-REGISTER_MODULE(ipmap)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipmap.h
^
|
@@ -1,57 +0,0 @@
-#ifndef __IP_SET_IPMAP_H
-#define __IP_SET_IPMAP_H
-
-#include "ip_set.h"
-#include "ip_set_bitmaps.h"
-
-#define SETTYPE_NAME "ipmap"
-
-struct ip_set_ipmap {
- void *members; /* the ipmap proper */
- ip_set_ip_t first_ip; /* host byte order, included in range */
- ip_set_ip_t last_ip; /* host byte order, included in range */
- ip_set_ip_t netmask; /* subnet netmask */
- ip_set_ip_t sizeid; /* size of set in IPs */
- ip_set_ip_t hosts; /* number of hosts in a subnet */
- u_int32_t size; /* size of the ipmap proper */
-};
-
-struct ip_set_req_ipmap_create {
- ip_set_ip_t from;
- ip_set_ip_t to;
- ip_set_ip_t netmask;
-};
-
-struct ip_set_req_ipmap {
- ip_set_ip_t ip;
-};
-
-static inline unsigned int
-mask_to_bits(ip_set_ip_t mask)
-{
- unsigned int bits = 32;
- ip_set_ip_t maskaddr;
-
- if (mask == 0xFFFFFFFF)
- return bits;
-
- maskaddr = 0xFFFFFFFE;
- while (--bits > 0 && maskaddr != mask)
- maskaddr <<= 1;
-
- return bits;
-}
-
-static inline ip_set_ip_t
-range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits)
-{
- ip_set_ip_t mask = 0xFFFFFFFE;
-
- *bits = 32;
- while (--(*bits) > 0 && mask && (to & mask) != from)
- mask <<= 1;
-
- return mask;
-}
-
-#endif /* __IP_SET_IPMAP_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipporthash.c
^
|
@@ -1,197 +0,0 @@
-/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an ip+port hash set */
-
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/ip.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/skbuff.h>
-#include "ip_set_jhash.h"
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/random.h>
-
-#include <net/ip.h>
-
-#include "ip_set_ipporthash.h"
-#include "ip_set_getport.h"
-
-static int limit = MAX_RANGE;
-
-static inline __u32
-ipporthash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
-{
- struct ip_set_ipporthash *map = set->data;
- __u32 id;
- u_int16_t i;
- ip_set_ip_t *elem;
-
- ip = pack_ip_port(map, ip, port);
-
- if (!ip)
- return UINT_MAX;
-
- for (i = 0; i < map->probes; i++) {
- id = jhash_ip(map, i, ip) % map->hashsize;
- DP("hash key: %u", id);
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
- if (*elem == ip)
- return id;
- /* No shortcut - there can be deleted entries. */
- }
- return UINT_MAX;
-}
-
-static inline int
-ipporthash_test(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
-{
- struct ip_set_ipporthash *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- return (ipporthash_id(set, ip, port) != UINT_MAX);
-}
-
-#define KADT_CONDITION \
- ip_set_ip_t port; \
- \
- if (flags[1] == 0) \
- return 0; \
- \
- port = get_port(skb, ++flags); \
- \
- if (port == INVALID_PORT) \
- return 0;
-
-UADT(ipporthash, test, req->port)
-KADT(ipporthash, test, ipaddr, port)
-
-static inline int
-__ipporthash_add(struct ip_set_ipporthash *map, ip_set_ip_t *ip)
-{
- __u32 probe;
- u_int16_t i;
- ip_set_ip_t *elem, *slot = NULL;
-
- for (i = 0; i < map->probes; i++) {
- probe = jhash_ip(map, i, *ip) % map->hashsize;
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe);
- if (*elem == *ip)
- return -EEXIST;
- if (!(slot || *elem))
- slot = elem;
- /* There can be deleted entries, must check all slots */
- }
- if (slot) {
- *slot = *ip;
- map->elements++;
- return 0;
- }
- /* Trigger rehashing */
- return -EAGAIN;
-}
-
-static inline int
-ipporthash_add(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
-{
- struct ip_set_ipporthash *map = set->data;
- if (map->elements > limit)
- return -ERANGE;
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- ip = pack_ip_port(map, ip, port);
-
- if (!ip)
- return -ERANGE;
-
- return __ipporthash_add(map, &ip);
-}
-
-UADT(ipporthash, add, req->port)
-KADT(ipporthash, add, ipaddr, port)
-
-static inline void
-__ipporthash_retry(struct ip_set_ipporthash *tmp,
- struct ip_set_ipporthash *map)
-{
- tmp->first_ip = map->first_ip;
- tmp->last_ip = map->last_ip;
-}
-
-HASH_RETRY(ipporthash, ip_set_ip_t)
-
-static inline int
-ipporthash_del(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port)
-{
- struct ip_set_ipporthash *map = set->data;
- ip_set_ip_t id;
- ip_set_ip_t *elem;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- id = ipporthash_id(set, ip, port);
-
- if (id == UINT_MAX)
- return -EEXIST;
-
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
- *elem = 0;
- map->elements--;
-
- return 0;
-}
-
-UADT(ipporthash, del, req->port)
-KADT(ipporthash, del, ipaddr, port)
-
-static inline int
-__ipporthash_create(const struct ip_set_req_ipporthash_create *req,
- struct ip_set_ipporthash *map)
-{
- if (req->to - req->from > MAX_RANGE) {
- ip_set_printk("range too big, %d elements (max %d)",
- req->to - req->from + 1, MAX_RANGE+1);
- return -ENOEXEC;
- }
- map->first_ip = req->from;
- map->last_ip = req->to;
- return 0;
-}
-
-HASH_CREATE(ipporthash, ip_set_ip_t)
-HASH_DESTROY(ipporthash)
-HASH_FLUSH(ipporthash, ip_set_ip_t)
-
-static inline void
-__ipporthash_list_header(const struct ip_set_ipporthash *map,
- struct ip_set_req_ipporthash_create *header)
-{
- header->from = map->first_ip;
- header->to = map->last_ip;
-}
-
-HASH_LIST_HEADER(ipporthash)
-HASH_LIST_MEMBERS_SIZE(ipporthash, ip_set_ip_t)
-HASH_LIST_MEMBERS(ipporthash, ip_set_ip_t)
-
-IP_SET_RTYPE(ipporthash, IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_DATA_DOUBLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("ipporthash type of IP sets");
-module_param(limit, int, 0600);
-MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
-
-REGISTER_MODULE(ipporthash)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipporthash.h
^
|
@@ -1,33 +0,0 @@
-#ifndef __IP_SET_IPPORTHASH_H
-#define __IP_SET_IPPORTHASH_H
-
-#include "ip_set.h"
-#include "ip_set_hashes.h"
-
-#define SETTYPE_NAME "ipporthash"
-
-struct ip_set_ipporthash {
- ip_set_ip_t *members; /* the ipporthash proper */
- uint32_t elements; /* number of elements */
- uint32_t hashsize; /* hash size */
- uint16_t probes; /* max number of probes */
- uint16_t resize; /* resize factor in percent */
- ip_set_ip_t first_ip; /* host byte order, included in range */
- ip_set_ip_t last_ip; /* host byte order, included in range */
- initval_t initval[0]; /* initvals for jhash_1word */
-};
-
-struct ip_set_req_ipporthash_create {
- uint32_t hashsize;
- uint16_t probes;
- uint16_t resize;
- ip_set_ip_t from;
- ip_set_ip_t to;
-};
-
-struct ip_set_req_ipporthash {
- ip_set_ip_t ip;
- ip_set_ip_t port;
-};
-
-#endif /* __IP_SET_IPPORTHASH_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportiphash.c
^
|
@@ -1,215 +0,0 @@
-/* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an ip+port+ip hash set */
-
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/ip.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/skbuff.h>
-#include "ip_set_jhash.h"
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/random.h>
-
-#include <net/ip.h>
-
-#include "ip_set_ipportiphash.h"
-#include "ip_set_getport.h"
-
-static int limit = MAX_RANGE;
-
-#define jhash_ip2(map, i, ipport, ip1) \
- jhash_2words(ipport, ip1, *(map->initval + i))
-
-static inline __u32
-ipportiphash_id(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1)
-{
- struct ip_set_ipportiphash *map = set->data;
- __u32 id;
- u_int16_t i;
- struct ipportip *elem;
-
- ip = pack_ip_port(map, ip, port);
- if (!(ip || ip1))
- return UINT_MAX;
-
- for (i = 0; i < map->probes; i++) {
- id = jhash_ip2(map, i, ip, ip1) % map->hashsize;
- DP("hash key: %u", id);
- elem = HARRAY_ELEM(map->members, struct ipportip *, id);
- if (elem->ip == ip && elem->ip1 == ip1)
- return id;
- /* No shortcut - there can be deleted entries. */
- }
- return UINT_MAX;
-}
-
-static inline int
-ipportiphash_test(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1)
-{
- struct ip_set_ipportiphash *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- return (ipportiphash_id(set, ip, port, ip1) != UINT_MAX);
-}
-
-#define KADT_CONDITION \
- ip_set_ip_t port, ip1; \
- \
- if (flags[2] == 0) \
- return 0; \
- \
- port = get_port(skb, ++flags); \
- ip1 = ipaddr(skb, ++flags); \
- \
- if (port == INVALID_PORT) \
- return 0;
-
-UADT(ipportiphash, test, req->port, req->ip1)
-KADT(ipportiphash, test, ipaddr, port, ip1)
-
-static inline int
-__ipportip_add(struct ip_set_ipportiphash *map,
- ip_set_ip_t ip, ip_set_ip_t ip1)
-{
- __u32 probe;
- u_int16_t i;
- struct ipportip *elem, *slot = NULL;
-
- for (i = 0; i < map->probes; i++) {
- probe = jhash_ip2(map, i, ip, ip1) % map->hashsize;
- elem = HARRAY_ELEM(map->members, struct ipportip *, probe);
- if (elem->ip == ip && elem->ip1 == ip1)
- return -EEXIST;
- if (!(slot || elem->ip || elem->ip1))
- slot = elem;
- /* There can be deleted entries, must check all slots */
- }
- if (slot) {
- slot->ip = ip;
- slot->ip1 = ip1;
- map->elements++;
- return 0;
- }
- /* Trigger rehashing */
- return -EAGAIN;
-}
-
-static inline int
-__ipportiphash_add(struct ip_set_ipportiphash *map,
- struct ipportip *elem)
-{
- return __ipportip_add(map, elem->ip, elem->ip1);
-}
-
-static inline int
-ipportiphash_add(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1)
-{
- struct ip_set_ipportiphash *map = set->data;
-
- if (map->elements > limit)
- return -ERANGE;
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- ip = pack_ip_port(map, ip, port);
- if (!(ip || ip1))
- return -ERANGE;
-
- return __ipportip_add(map, ip, ip1);
-}
-
-UADT(ipportiphash, add, req->port, req->ip1)
-KADT(ipportiphash, add, ipaddr, port, ip1)
-
-static inline void
-__ipportiphash_retry(struct ip_set_ipportiphash *tmp,
- struct ip_set_ipportiphash *map)
-{
- tmp->first_ip = map->first_ip;
- tmp->last_ip = map->last_ip;
-}
-
-HASH_RETRY2(ipportiphash, struct ipportip)
-
-static inline int
-ipportiphash_del(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1)
-{
- struct ip_set_ipportiphash *map = set->data;
- ip_set_ip_t id;
- struct ipportip *elem;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- id = ipportiphash_id(set, ip, port, ip1);
-
- if (id == UINT_MAX)
- return -EEXIST;
-
- elem = HARRAY_ELEM(map->members, struct ipportip *, id);
- elem->ip = elem->ip1 = 0;
- map->elements--;
-
- return 0;
-}
-
-UADT(ipportiphash, del, req->port, req->ip1)
-KADT(ipportiphash, del, ipaddr, port, ip1)
-
-static inline int
-__ipportiphash_create(const struct ip_set_req_ipportiphash_create *req,
- struct ip_set_ipportiphash *map)
-{
- if (req->to - req->from > MAX_RANGE) {
- ip_set_printk("range too big, %d elements (max %d)",
- req->to - req->from + 1, MAX_RANGE+1);
- return -ENOEXEC;
- }
- map->first_ip = req->from;
- map->last_ip = req->to;
- return 0;
-}
-
-HASH_CREATE(ipportiphash, struct ipportip)
-HASH_DESTROY(ipportiphash)
-HASH_FLUSH(ipportiphash, struct ipportip)
-
-static inline void
-__ipportiphash_list_header(const struct ip_set_ipportiphash *map,
- struct ip_set_req_ipportiphash_create *header)
-{
- header->from = map->first_ip;
- header->to = map->last_ip;
-}
-
-HASH_LIST_HEADER(ipportiphash)
-HASH_LIST_MEMBERS_SIZE(ipportiphash, struct ipportip)
-HASH_LIST_MEMBERS_MEMCPY(ipportiphash, struct ipportip,
- (elem->ip || elem->ip1))
-
-IP_SET_RTYPE(ipportiphash, IPSET_TYPE_IP | IPSET_TYPE_PORT
- | IPSET_TYPE_IP1 | IPSET_DATA_TRIPLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("ipportiphash type of IP sets");
-module_param(limit, int, 0600);
-MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
-
-REGISTER_MODULE(ipportiphash)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportiphash.h
^
|
@@ -1,39 +0,0 @@
-#ifndef __IP_SET_IPPORTIPHASH_H
-#define __IP_SET_IPPORTIPHASH_H
-
-#include "ip_set.h"
-#include "ip_set_hashes.h"
-
-#define SETTYPE_NAME "ipportiphash"
-
-struct ipportip {
- ip_set_ip_t ip;
- ip_set_ip_t ip1;
-};
-
-struct ip_set_ipportiphash {
- struct ipportip *members; /* the ipportip proper */
- uint32_t elements; /* number of elements */
- uint32_t hashsize; /* hash size */
- uint16_t probes; /* max number of probes */
- uint16_t resize; /* resize factor in percent */
- ip_set_ip_t first_ip; /* host byte order, included in range */
- ip_set_ip_t last_ip; /* host byte order, included in range */
- initval_t initval[0]; /* initvals for jhash_1word */
-};
-
-struct ip_set_req_ipportiphash_create {
- uint32_t hashsize;
- uint16_t probes;
- uint16_t resize;
- ip_set_ip_t from;
- ip_set_ip_t to;
-};
-
-struct ip_set_req_ipportiphash {
- ip_set_ip_t ip;
- ip_set_ip_t port;
- ip_set_ip_t ip1;
-};
-
-#endif /* __IP_SET_IPPORTIPHASH_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportnethash.c
^
|
@@ -1,298 +0,0 @@
-/* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an ip+port+net hash set */
-
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/ip.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/skbuff.h>
-#include "ip_set_jhash.h"
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/random.h>
-
-#include <net/ip.h>
-
-#include "ip_set_ipportnethash.h"
-#include "ip_set_getport.h"
-
-static int limit = MAX_RANGE;
-
-#define jhash_ip2(map, i, ipport, ip1) \
- jhash_2words(ipport, ip1, *(map->initval + i))
-
-static inline __u32
-ipportnethash_id_cidr(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port,
- ip_set_ip_t ip1, uint8_t cidr)
-{
- struct ip_set_ipportnethash *map = set->data;
- __u32 id;
- u_int16_t i;
- struct ipportip *elem;
-
- ip = pack_ip_port(map, ip, port);
- ip1 = pack_ip_cidr(ip1, cidr);
- if (!(ip || ip1))
- return UINT_MAX;
-
- for (i = 0; i < map->probes; i++) {
- id = jhash_ip2(map, i, ip, ip1) % map->hashsize;
- DP("hash key: %u", id);
- elem = HARRAY_ELEM(map->members, struct ipportip *, id);
- if (elem->ip == ip && elem->ip1 == ip1)
- return id;
- /* No shortcut - there can be deleted entries. */
- }
- return UINT_MAX;
-}
-
-static inline __u32
-ipportnethash_id(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1)
-{
- struct ip_set_ipportnethash *map = set->data;
- __u32 id = UINT_MAX;
- int i;
-
- for (i = 0; i < 30 && map->cidr[i]; i++) {
- id = ipportnethash_id_cidr(set, ip, port, ip1, map->cidr[i]);
- if (id != UINT_MAX)
- break;
- }
- return id;
-}
-
-static inline int
-ipportnethash_test_cidr(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port,
- ip_set_ip_t ip1, uint8_t cidr)
-{
- struct ip_set_ipportnethash *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- return (ipportnethash_id_cidr(set, ip, port, ip1, cidr) != UINT_MAX);
-}
-
-static inline int
-ipportnethash_test(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1)
-{
- struct ip_set_ipportnethash *map = set->data;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
-
- return (ipportnethash_id(set, ip, port, ip1) != UINT_MAX);
-}
-
-static int
-ipportnethash_utest(struct ip_set *set, const void *data, u_int32_t size)
-{
- const struct ip_set_req_ipportnethash *req = data;
-
- if (req->cidr <= 0 || req->cidr > 32)
- return -EINVAL;
- return (req->cidr == 32
- ? ipportnethash_test(set, req->ip, req->port, req->ip1)
- : ipportnethash_test_cidr(set, req->ip, req->port,
- req->ip1, req->cidr));
-}
-
-#define KADT_CONDITION \
- ip_set_ip_t port, ip1; \
- \
- if (flags[2] == 0) \
- return 0; \
- \
- port = get_port(skb, ++flags); \
- ip1 = ipaddr(skb, ++flags); \
- \
- if (port == INVALID_PORT) \
- return 0;
-
-KADT(ipportnethash, test, ipaddr, port, ip1)
-
-static inline int
-__ipportnet_add(struct ip_set_ipportnethash *map,
- ip_set_ip_t ip, ip_set_ip_t ip1)
-{
- __u32 probe;
- u_int16_t i;
- struct ipportip *elem, *slot = NULL;
-
- for (i = 0; i < map->probes; i++) {
- probe = jhash_ip2(map, i, ip, ip1) % map->hashsize;
- elem = HARRAY_ELEM(map->members, struct ipportip *, probe);
- if (elem->ip == ip && elem->ip1 == ip1)
- return -EEXIST;
- if (!(slot || elem->ip || elem->ip1))
- slot = elem;
- /* There can be deleted entries, must check all slots */
- }
- if (slot) {
- slot->ip = ip;
- slot->ip1 = ip1;
- map->elements++;
- return 0;
- }
- /* Trigger rehashing */
- return -EAGAIN;
-}
-
-static inline int
-__ipportnethash_add(struct ip_set_ipportnethash *map,
- struct ipportip *elem)
-{
- return __ipportnet_add(map, elem->ip, elem->ip1);
-}
-
-static inline int
-ipportnethash_add(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port,
- ip_set_ip_t ip1, uint8_t cidr)
-{
- struct ip_set_ipportnethash *map = set->data;
- struct ipportip;
- int ret;
-
- if (map->elements > limit)
- return -ERANGE;
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
- if (cidr <= 0 || cidr >= 32)
- return -EINVAL;
- if (map->nets[cidr-1] == UINT16_MAX)
- return -ERANGE;
-
- ip = pack_ip_port(map, ip, port);
- ip1 = pack_ip_cidr(ip1, cidr);
- if (!(ip || ip1))
- return -ERANGE;
-
- ret =__ipportnet_add(map, ip, ip1);
- if (ret == 0) {
- if (!map->nets[cidr-1]++)
- add_cidr_size(map->cidr, cidr);
- }
- return ret;
-}
-
-#undef KADT_CONDITION
-#define KADT_CONDITION \
- struct ip_set_ipportnethash *map = set->data; \
- uint8_t cidr = map->cidr[0] ? map->cidr[0] : 31; \
- ip_set_ip_t port, ip1; \
- \
- if (flags[2] == 0) \
- return 0; \
- \
- port = get_port(skb, flags++); \
- ip1 = ipaddr(skb, flags++); \
- \
- if (port == INVALID_PORT) \
- return 0;
-
-UADT(ipportnethash, add, req->port, req->ip1, req->cidr)
-KADT(ipportnethash, add, ipaddr, port, ip1, cidr)
-
-static inline void
-__ipportnethash_retry(struct ip_set_ipportnethash *tmp,
- struct ip_set_ipportnethash *map)
-{
- tmp->first_ip = map->first_ip;
- tmp->last_ip = map->last_ip;
- memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr));
- memcpy(tmp->nets, map->nets, sizeof(tmp->nets));
-}
-
-HASH_RETRY2(ipportnethash, struct ipportip)
-
-static inline int
-ipportnethash_del(struct ip_set *set,
- ip_set_ip_t ip, ip_set_ip_t port,
- ip_set_ip_t ip1, uint8_t cidr)
-{
- struct ip_set_ipportnethash *map = set->data;
- ip_set_ip_t id;
- struct ipportip *elem;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
- if (!ip)
- return -ERANGE;
- if (cidr <= 0 || cidr >= 32)
- return -EINVAL;
-
- id = ipportnethash_id_cidr(set, ip, port, ip1, cidr);
-
- if (id == UINT_MAX)
- return -EEXIST;
-
- elem = HARRAY_ELEM(map->members, struct ipportip *, id);
- elem->ip = elem->ip1 = 0;
- map->elements--;
- if (!map->nets[cidr-1]--)
- del_cidr_size(map->cidr, cidr);
-
- return 0;
-}
-
-UADT(ipportnethash, del, req->port, req->ip1, req->cidr)
-KADT(ipportnethash, del, ipaddr, port, ip1, cidr)
-
-static inline int
-__ipportnethash_create(const struct ip_set_req_ipportnethash_create *req,
- struct ip_set_ipportnethash *map)
-{
- if (req->to - req->from > MAX_RANGE) {
- ip_set_printk("range too big, %d elements (max %d)",
- req->to - req->from + 1, MAX_RANGE+1);
- return -ENOEXEC;
- }
- map->first_ip = req->from;
- map->last_ip = req->to;
- memset(map->cidr, 0, sizeof(map->cidr));
- memset(map->nets, 0, sizeof(map->nets));
- return 0;
-}
-
-HASH_CREATE(ipportnethash, struct ipportip)
-HASH_DESTROY(ipportnethash)
-HASH_FLUSH_CIDR(ipportnethash, struct ipportip);
-
-static inline void
-__ipportnethash_list_header(const struct ip_set_ipportnethash *map,
- struct ip_set_req_ipportnethash_create *header)
-{
- header->from = map->first_ip;
- header->to = map->last_ip;
-}
-
-HASH_LIST_HEADER(ipportnethash)
-
-HASH_LIST_MEMBERS_SIZE(ipportnethash, struct ipportip)
-HASH_LIST_MEMBERS_MEMCPY(ipportnethash, struct ipportip,
- (elem->ip || elem->ip1))
-
-IP_SET_RTYPE(ipportnethash, IPSET_TYPE_IP | IPSET_TYPE_PORT
- | IPSET_TYPE_IP1 | IPSET_DATA_TRIPLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("ipportnethash type of IP sets");
-module_param(limit, int, 0600);
-MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
-
-REGISTER_MODULE(ipportnethash)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportnethash.h
^
|
@@ -1,42 +0,0 @@
-#ifndef __IP_SET_IPPORTNETHASH_H
-#define __IP_SET_IPPORTNETHASH_H
-
-#include "ip_set.h"
-#include "ip_set_hashes.h"
-
-#define SETTYPE_NAME "ipportnethash"
-
-struct ipportip {
- ip_set_ip_t ip;
- ip_set_ip_t ip1;
-};
-
-struct ip_set_ipportnethash {
- struct ipportip *members; /* the ipportip proper */
- uint32_t elements; /* number of elements */
- uint32_t hashsize; /* hash size */
- uint16_t probes; /* max number of probes */
- uint16_t resize; /* resize factor in percent */
- ip_set_ip_t first_ip; /* host byte order, included in range */
- ip_set_ip_t last_ip; /* host byte order, included in range */
- uint8_t cidr[30]; /* CIDR sizes */
- uint16_t nets[30]; /* nr of nets by CIDR sizes */
- initval_t initval[0]; /* initvals for jhash_1word */
-};
-
-struct ip_set_req_ipportnethash_create {
- uint32_t hashsize;
- uint16_t probes;
- uint16_t resize;
- ip_set_ip_t from;
- ip_set_ip_t to;
-};
-
-struct ip_set_req_ipportnethash {
- ip_set_ip_t ip;
- ip_set_ip_t port;
- ip_set_ip_t ip1;
- uint8_t cidr;
-};
-
-#endif /* __IP_SET_IPPORTNETHASH_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptree.c
^
|
@@ -1,464 +0,0 @@
-/* Copyright (C) 2005-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an IP set type: the iptree type */
-
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/ip.h>
-#include <linux/jiffies.h>
-#include <linux/skbuff.h>
-#include <linux/slab.h>
-#include <linux/delay.h>
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/timer.h>
-
-#include "ip_set.h"
-#include "ip_set_bitmaps.h"
-#include "ip_set_iptree.h"
-
-static int limit = MAX_RANGE;
-
-/* Garbage collection interval in seconds: */
-#define IPTREE_GC_TIME 5*60
-/* Sleep so many milliseconds before trying again
- * to delete the gc timer at destroying/flushing a set */
-#define IPTREE_DESTROY_SLEEP 100
-
-static __KMEM_CACHE_T__ *branch_cachep;
-static __KMEM_CACHE_T__ *leaf_cachep;
-
-
-#if defined(__LITTLE_ENDIAN)
-#define ABCD(a,b,c,d,addrp) do { \
- a = ((unsigned char *)addrp)[3]; \
- b = ((unsigned char *)addrp)[2]; \
- c = ((unsigned char *)addrp)[1]; \
- d = ((unsigned char *)addrp)[0]; \
-} while (0)
-#elif defined(__BIG_ENDIAN)
-#define ABCD(a,b,c,d,addrp) do { \
- a = ((unsigned char *)addrp)[0]; \
- b = ((unsigned char *)addrp)[1]; \
- c = ((unsigned char *)addrp)[2]; \
- d = ((unsigned char *)addrp)[3]; \
-} while (0)
-#else
-#error "Please fix asm/byteorder.h"
-#endif /* __LITTLE_ENDIAN */
-
-#define TESTIP_WALK(map, elem, branch) do { \
- if ((map)->tree[elem]) { \
- branch = (map)->tree[elem]; \
- } else \
- return 0; \
-} while (0)
-
-static inline int
-iptree_test(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iptree *map = set->data;
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
-
- if (!ip)
- return -ERANGE;
-
- ABCD(a, b, c, d, &ip);
- DP("%u %u %u %u timeout %u", a, b, c, d, map->timeout);
- TESTIP_WALK(map, a, btree);
- TESTIP_WALK(btree, b, ctree);
- TESTIP_WALK(ctree, c, dtree);
- DP("%lu %lu", dtree->expires[d], jiffies);
- return dtree->expires[d]
- && (!map->timeout
- || time_after(dtree->expires[d], jiffies));
-}
-
-#define KADT_CONDITION
-
-UADT(iptree, test)
-KADT(iptree, test, ipaddr)
-
-#define ADDIP_WALK(map, elem, branch, type, cachep) do { \
- if ((map)->tree[elem]) { \
- DP("found %u", elem); \
- branch = (map)->tree[elem]; \
- } else { \
- branch = (type *) \
- kmem_cache_alloc(cachep, GFP_ATOMIC); \
- if (branch == NULL) \
- return -ENOMEM; \
- memset(branch, 0, sizeof(*branch)); \
- (map)->tree[elem] = branch; \
- DP("alloc %u", elem); \
- } \
-} while (0)
-
-static inline int
-iptree_add(struct ip_set *set, ip_set_ip_t ip, unsigned int timeout)
-{
- struct ip_set_iptree *map = set->data;
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
- int ret = 0;
-
- if (!ip || map->elements >= limit)
- /* We could call the garbage collector
- * but it's probably overkill */
- return -ERANGE;
-
- ABCD(a, b, c, d, &ip);
- DP("%u %u %u %u timeout %u", a, b, c, d, timeout);
- ADDIP_WALK(map, a, btree, struct ip_set_iptreeb, branch_cachep);
- ADDIP_WALK(btree, b, ctree, struct ip_set_iptreec, branch_cachep);
- ADDIP_WALK(ctree, c, dtree, struct ip_set_iptreed, leaf_cachep);
- if (dtree->expires[d]
- && (!map->timeout || time_after(dtree->expires[d], jiffies)))
- ret = -EEXIST;
- if (map->timeout && timeout == 0)
- timeout = map->timeout;
- dtree->expires[d] = map->timeout ? (timeout * HZ + jiffies) : 1;
- /* Lottery: I won! */
- if (dtree->expires[d] == 0)
- dtree->expires[d] = 1;
- DP("%u %lu", d, dtree->expires[d]);
- if (ret == 0)
- map->elements++;
- return ret;
-}
-
-UADT(iptree, add, req->timeout)
-KADT(iptree, add, ipaddr, 0)
-
-#define DELIP_WALK(map, elem, branch) do { \
- if ((map)->tree[elem]) { \
- branch = (map)->tree[elem]; \
- } else \
- return -EEXIST; \
-} while (0)
-
-static inline int
-iptree_del(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iptree *map = set->data;
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned char a,b,c,d;
-
- if (!ip)
- return -ERANGE;
-
- ABCD(a, b, c, d, &ip);
- DELIP_WALK(map, a, btree);
- DELIP_WALK(btree, b, ctree);
- DELIP_WALK(ctree, c, dtree);
-
- if (dtree->expires[d]) {
- dtree->expires[d] = 0;
- map->elements--;
- return 0;
- }
- return -EEXIST;
-}
-
-UADT(iptree, del)
-KADT(iptree, del, ipaddr)
-
-#define LOOP_WALK_BEGIN(map, i, branch) \
- for (i = 0; i < 256; i++) { \
- if (!(map)->tree[i]) \
- continue; \
- branch = (map)->tree[i]
-
-#define LOOP_WALK_END }
-
-static void
-ip_tree_gc(unsigned long ul_set)
-{
- struct ip_set *set = (struct ip_set *) ul_set;
- struct ip_set_iptree *map = set->data;
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned int a,b,c,d;
- unsigned char i,j,k;
-
- i = j = k = 0;
- DP("gc: %s", set->name);
- write_lock_bh(&set->lock);
- LOOP_WALK_BEGIN(map, a, btree);
- LOOP_WALK_BEGIN(btree, b, ctree);
- LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 256; d++) {
- if (dtree->expires[d]) {
- DP("gc: %u %u %u %u: expires %lu jiffies %lu",
- a, b, c, d,
- dtree->expires[d], jiffies);
- if (map->timeout
- && time_before(dtree->expires[d], jiffies)) {
- dtree->expires[d] = 0;
- map->elements--;
- } else
- k = 1;
- }
- }
- if (k == 0) {
- DP("gc: %s: leaf %u %u %u empty",
- set->name, a, b, c);
- kmem_cache_free(leaf_cachep, dtree);
- ctree->tree[c] = NULL;
- } else {
- DP("gc: %s: leaf %u %u %u not empty",
- set->name, a, b, c);
- j = 1;
- k = 0;
- }
- LOOP_WALK_END;
- if (j == 0) {
- DP("gc: %s: branch %u %u empty",
- set->name, a, b);
- kmem_cache_free(branch_cachep, ctree);
- btree->tree[b] = NULL;
- } else {
- DP("gc: %s: branch %u %u not empty",
- set->name, a, b);
- i = 1;
- j = k = 0;
- }
- LOOP_WALK_END;
- if (i == 0) {
- DP("gc: %s: branch %u empty",
- set->name, a);
- kmem_cache_free(branch_cachep, btree);
- map->tree[a] = NULL;
- } else {
- DP("gc: %s: branch %u not empty",
- set->name, a);
- i = j = k = 0;
- }
- LOOP_WALK_END;
- write_unlock_bh(&set->lock);
-
- map->gc.expires = jiffies + map->gc_interval * HZ;
- add_timer(&map->gc);
-}
-
-static inline void
-init_gc_timer(struct ip_set *set)
-{
- struct ip_set_iptree *map = set->data;
-
- /* Even if there is no timeout for the entries,
- * we still have to call gc because delete
- * do not clean up empty branches */
- map->gc_interval = IPTREE_GC_TIME;
- init_timer(&map->gc);
- map->gc.data = (unsigned long) set;
- map->gc.function = ip_tree_gc;
- map->gc.expires = jiffies + map->gc_interval * HZ;
- add_timer(&map->gc);
-}
-
-static int
-iptree_create(struct ip_set *set, const void *data, u_int32_t size)
-{
- const struct ip_set_req_iptree_create *req = data;
- struct ip_set_iptree *map;
-
- if (size != sizeof(struct ip_set_req_iptree_create)) {
- ip_set_printk("data length wrong (want %zu, have %lu)",
- sizeof(struct ip_set_req_iptree_create),
- (unsigned long)size);
- return -EINVAL;
- }
-
- map = kmalloc(sizeof(struct ip_set_iptree), GFP_KERNEL);
- if (!map) {
- DP("out of memory for %zu bytes",
- sizeof(struct ip_set_iptree));
- return -ENOMEM;
- }
- memset(map, 0, sizeof(*map));
- map->timeout = req->timeout;
- map->elements = 0;
- set->data = map;
-
- init_gc_timer(set);
-
- return 0;
-}
-
-static inline void
-__flush(struct ip_set_iptree *map)
-{
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned int a,b,c;
-
- LOOP_WALK_BEGIN(map, a, btree);
- LOOP_WALK_BEGIN(btree, b, ctree);
- LOOP_WALK_BEGIN(ctree, c, dtree);
- kmem_cache_free(leaf_cachep, dtree);
- LOOP_WALK_END;
- kmem_cache_free(branch_cachep, ctree);
- LOOP_WALK_END;
- kmem_cache_free(branch_cachep, btree);
- LOOP_WALK_END;
- map->elements = 0;
-}
-
-static void
-iptree_destroy(struct ip_set *set)
-{
- struct ip_set_iptree *map = set->data;
-
- /* gc might be running */
- while (!del_timer(&map->gc))
- msleep(IPTREE_DESTROY_SLEEP);
- __flush(map);
- kfree(map);
- set->data = NULL;
-}
-
-static void
-iptree_flush(struct ip_set *set)
-{
- struct ip_set_iptree *map = set->data;
- unsigned int timeout = map->timeout;
-
- /* gc might be running */
- while (!del_timer(&map->gc))
- msleep(IPTREE_DESTROY_SLEEP);
- __flush(map);
- memset(map, 0, sizeof(*map));
- map->timeout = timeout;
-
- init_gc_timer(set);
-}
-
-static void
-iptree_list_header(const struct ip_set *set, void *data)
-{
- const struct ip_set_iptree *map = set->data;
- struct ip_set_req_iptree_create *header = data;
-
- header->timeout = map->timeout;
-}
-
-static int
-iptree_list_members_size(const struct ip_set *set, char dont_align)
-{
- const struct ip_set_iptree *map = set->data;
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned int a,b,c,d;
- unsigned int count = 0;
-
- LOOP_WALK_BEGIN(map, a, btree);
- LOOP_WALK_BEGIN(btree, b, ctree);
- LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 256; d++) {
- if (dtree->expires[d]
- && (!map->timeout || time_after(dtree->expires[d], jiffies)))
- count++;
- }
- LOOP_WALK_END;
- LOOP_WALK_END;
- LOOP_WALK_END;
-
- DP("members %u", count);
- return (count * IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align));
-}
-
-static void
-iptree_list_members(const struct ip_set *set, void *data, char dont_align)
-{
- const struct ip_set_iptree *map = set->data;
- struct ip_set_iptreeb *btree;
- struct ip_set_iptreec *ctree;
- struct ip_set_iptreed *dtree;
- unsigned int a,b,c,d;
- size_t offset = 0, datasize;
- struct ip_set_req_iptree *entry;
-
- datasize = IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align);
- LOOP_WALK_BEGIN(map, a, btree);
- LOOP_WALK_BEGIN(btree, b, ctree);
- LOOP_WALK_BEGIN(ctree, c, dtree);
- for (d = 0; d < 256; d++) {
- if (dtree->expires[d]
- && (!map->timeout || time_after(dtree->expires[d], jiffies))) {
- entry = data + offset;
- entry->ip = ((a << 24) | (b << 16) | (c << 8) | d);
- entry->timeout = !map->timeout ? 0
- : (dtree->expires[d] - jiffies)/HZ;
- offset += datasize;
- }
- }
- LOOP_WALK_END;
- LOOP_WALK_END;
- LOOP_WALK_END;
-}
-
-IP_SET_TYPE(iptree, IPSET_TYPE_IP | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("iptree type of IP sets");
-module_param(limit, int, 0600);
-MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
-
-static int __init ip_set_iptree_init(void)
-{
- int ret;
-
- branch_cachep = KMEM_CACHE_CREATE("ip_set_iptreeb",
- sizeof(struct ip_set_iptreeb));
- if (!branch_cachep) {
- printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n");
- ret = -ENOMEM;
- goto out;
- }
- leaf_cachep = KMEM_CACHE_CREATE("ip_set_iptreed",
- sizeof(struct ip_set_iptreed));
- if (!leaf_cachep) {
- printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n");
- ret = -ENOMEM;
- goto free_branch;
- }
- ret = ip_set_register_set_type(&ip_set_iptree);
- if (ret == 0)
- goto out;
-
- kmem_cache_destroy(leaf_cachep);
- free_branch:
- kmem_cache_destroy(branch_cachep);
- out:
- return ret;
-}
-
-static void __exit ip_set_iptree_fini(void)
-{
- /* FIXME: possible race with ip_set_create() */
- ip_set_unregister_set_type(&ip_set_iptree);
- kmem_cache_destroy(leaf_cachep);
- kmem_cache_destroy(branch_cachep);
-}
-
-module_init(ip_set_iptree_init);
-module_exit(ip_set_iptree_fini);
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptree.h
^
|
@@ -1,39 +0,0 @@
-#ifndef __IP_SET_IPTREE_H
-#define __IP_SET_IPTREE_H
-
-#include "ip_set.h"
-
-#define SETTYPE_NAME "iptree"
-
-struct ip_set_iptreed {
- unsigned long expires[256]; /* x.x.x.ADDR */
-};
-
-struct ip_set_iptreec {
- struct ip_set_iptreed *tree[256]; /* x.x.ADDR.* */
-};
-
-struct ip_set_iptreeb {
- struct ip_set_iptreec *tree[256]; /* x.ADDR.*.* */
-};
-
-struct ip_set_iptree {
- unsigned int timeout;
- unsigned int gc_interval;
-#ifdef __KERNEL__
- uint32_t elements; /* number of elements */
- struct timer_list gc;
- struct ip_set_iptreeb *tree[256]; /* ADDR.*.*.* */
-#endif
-};
-
-struct ip_set_req_iptree_create {
- unsigned int timeout;
-};
-
-struct ip_set_req_iptree {
- ip_set_ip_t ip;
- unsigned int timeout;
-};
-
-#endif /* __IP_SET_IPTREE_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptreemap.c
^
|
@@ -1,699 +0,0 @@
-/* Copyright (C) 2007 Sven Wegener <sven.wegener@stealer.net>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published by
- * the Free Software Foundation.
- */
-
-/* This modules implements the iptreemap ipset type. It uses bitmaps to
- * represent every single IPv4 address as a bit. The bitmaps are managed in a
- * tree structure, where the first three octets of an address are used as an
- * index to find the bitmap and the last octet is used as the bit number.
- */
-
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/jiffies.h>
-#include <linux/skbuff.h>
-#include <linux/slab.h>
-#include <linux/delay.h>
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/timer.h>
-
-#include "ip_set.h"
-#include "ip_set_bitmaps.h"
-#include "ip_set_iptreemap.h"
-
-#define IPTREEMAP_DEFAULT_GC_TIME (5 * 60)
-#define IPTREEMAP_DESTROY_SLEEP (100)
-
-static __KMEM_CACHE_T__ *cachep_b;
-static __KMEM_CACHE_T__ *cachep_c;
-static __KMEM_CACHE_T__ *cachep_d;
-
-static struct ip_set_iptreemap_d *fullbitmap_d;
-static struct ip_set_iptreemap_c *fullbitmap_c;
-static struct ip_set_iptreemap_b *fullbitmap_b;
-
-#if defined(__LITTLE_ENDIAN)
-#define ABCD(a, b, c, d, addr) \
- do { \
- a = ((unsigned char *)addr)[3]; \
- b = ((unsigned char *)addr)[2]; \
- c = ((unsigned char *)addr)[1]; \
- d = ((unsigned char *)addr)[0]; \
- } while (0)
-#elif defined(__BIG_ENDIAN)
-#define ABCD(a,b,c,d,addrp) do { \
- a = ((unsigned char *)addrp)[0]; \
- b = ((unsigned char *)addrp)[1]; \
- c = ((unsigned char *)addrp)[2]; \
- d = ((unsigned char *)addrp)[3]; \
-} while (0)
-#else
-#error "Please fix asm/byteorder.h"
-#endif /* __LITTLE_ENDIAN */
-
-#define TESTIP_WALK(map, elem, branch, full) \
- do { \
- branch = (map)->tree[elem]; \
- if (!branch) \
- return 0; \
- else if (branch == full) \
- return 1; \
- } while (0)
-
-#define ADDIP_WALK(map, elem, branch, type, cachep, full) \
- do { \
- branch = (map)->tree[elem]; \
- if (!branch) { \
- branch = (type *) kmem_cache_alloc(cachep, GFP_ATOMIC); \
- if (!branch) \
- return -ENOMEM; \
- memset(branch, 0, sizeof(*branch)); \
- (map)->tree[elem] = branch; \
- } else if (branch == full) { \
- return -EEXIST; \
- } \
- } while (0)
-
-#define ADDIP_RANGE_LOOP(map, a, a1, a2, hint, branch, full, cachep, free) \
- for (a = a1; a <= a2; a++) { \
- branch = (map)->tree[a]; \
- if (branch != full) { \
- if ((a > a1 && a < a2) || (hint)) { \
- if (branch) \
- free(branch); \
- (map)->tree[a] = full; \
- continue; \
- } else if (!branch) { \
- branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \
- if (!branch) \
- return -ENOMEM; \
- memset(branch, 0, sizeof(*branch)); \
- (map)->tree[a] = branch; \
- }
-
-#define ADDIP_RANGE_LOOP_END() \
- } \
- }
-
-#define DELIP_WALK(map, elem, branch, cachep, full) \
- do { \
- branch = (map)->tree[elem]; \
- if (!branch) { \
- return -EEXIST; \
- } else if (branch == full) { \
- branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \
- if (!branch) \
- return -ENOMEM; \
- memcpy(branch, full, sizeof(*full)); \
- (map)->tree[elem] = branch; \
- } \
- } while (0)
-
-#define DELIP_RANGE_LOOP(map, a, a1, a2, hint, branch, full, cachep, free) \
- for (a = a1; a <= a2; a++) { \
- branch = (map)->tree[a]; \
- if (branch) { \
- if ((a > a1 && a < a2) || (hint)) { \
- if (branch != full) \
- free(branch); \
- (map)->tree[a] = NULL; \
- continue; \
- } else if (branch == full) { \
- branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \
- if (!branch) \
- return -ENOMEM; \
- memcpy(branch, full, sizeof(*branch)); \
- (map)->tree[a] = branch; \
- }
-
-#define DELIP_RANGE_LOOP_END() \
- } \
- }
-
-#define LOOP_WALK_BEGIN(map, i, branch) \
- for (i = 0; i < 256; i++) { \
- branch = (map)->tree[i]; \
- if (likely(!branch)) \
- continue;
-
-#define LOOP_WALK_END() \
- }
-
-#define LOOP_WALK_BEGIN_GC(map, i, branch, full, cachep, count) \
- count = -256; \
- for (i = 0; i < 256; i++) { \
- branch = (map)->tree[i]; \
- if (likely(!branch)) \
- continue; \
- count++; \
- if (branch == full) { \
- count++; \
- continue; \
- }
-
-#define LOOP_WALK_END_GC(map, i, branch, full, cachep, count) \
- if (-256 == count) { \
- kmem_cache_free(cachep, branch); \
- (map)->tree[i] = NULL; \
- } else if (256 == count) { \
- kmem_cache_free(cachep, branch); \
- (map)->tree[i] = full; \
- } \
- }
-
-#define LOOP_WALK_BEGIN_COUNT(map, i, branch, inrange, count) \
- for (i = 0; i < 256; i++) { \
- if (!(map)->tree[i]) { \
- if (inrange) { \
- count++; \
- inrange = 0; \
- } \
- continue; \
- } \
- branch = (map)->tree[i];
-
-#define LOOP_WALK_END_COUNT() \
- }
-
-#define GETVALUE1(a, a1, b1, r) \
- (a == a1 ? b1 : r)
-
-#define GETVALUE2(a, b, a1, b1, c1, r) \
- (a == a1 && b == b1 ? c1 : r)
-
-#define GETVALUE3(a, b, c, a1, b1, c1, d1, r) \
- (a == a1 && b == b1 && c == c1 ? d1 : r)
-
-#define CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2) \
- ( \
- GETVALUE1(a, a1, b1, 0) == 0 \
- && GETVALUE1(a, a2, b2, 255) == 255 \
- && c1 == 0 \
- && c2 == 255 \
- && d1 == 0 \
- && d2 == 255 \
- )
-
-#define CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2) \
- ( \
- GETVALUE2(a, b, a1, b1, c1, 0) == 0 \
- && GETVALUE2(a, b, a2, b2, c2, 255) == 255 \
- && d1 == 0 \
- && d2 == 255 \
- )
-
-#define CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2) \
- ( \
- GETVALUE3(a, b, c, a1, b1, c1, d1, 0) == 0 \
- && GETVALUE3(a, b, c, a2, b2, c2, d2, 255) == 255 \
- )
-
-
-static inline void
-free_d(struct ip_set_iptreemap_d *map)
-{
- kmem_cache_free(cachep_d, map);
-}
-
-static inline void
-free_c(struct ip_set_iptreemap_c *map)
-{
- struct ip_set_iptreemap_d *dtree;
- unsigned int i;
-
- LOOP_WALK_BEGIN(map, i, dtree) {
- if (dtree != fullbitmap_d)
- free_d(dtree);
- } LOOP_WALK_END();
-
- kmem_cache_free(cachep_c, map);
-}
-
-static inline void
-free_b(struct ip_set_iptreemap_b *map)
-{
- struct ip_set_iptreemap_c *ctree;
- unsigned int i;
-
- LOOP_WALK_BEGIN(map, i, ctree) {
- if (ctree != fullbitmap_c)
- free_c(ctree);
- } LOOP_WALK_END();
-
- kmem_cache_free(cachep_b, map);
-}
-
-static inline int
-iptreemap_test(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned char a, b, c, d;
-
- ABCD(a, b, c, d, &ip);
-
- TESTIP_WALK(map, a, btree, fullbitmap_b);
- TESTIP_WALK(btree, b, ctree, fullbitmap_c);
- TESTIP_WALK(ctree, c, dtree, fullbitmap_d);
-
- return !!test_bit(d, (void *) dtree->bitmap);
-}
-
-#define KADT_CONDITION
-
-UADT(iptreemap, test)
-KADT(iptreemap, test, ipaddr)
-
-static inline int
-__addip_single(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned char a, b, c, d;
-
- ABCD(a, b, c, d, &ip);
-
- ADDIP_WALK(map, a, btree, struct ip_set_iptreemap_b, cachep_b, fullbitmap_b);
- ADDIP_WALK(btree, b, ctree, struct ip_set_iptreemap_c, cachep_c, fullbitmap_c);
- ADDIP_WALK(ctree, c, dtree, struct ip_set_iptreemap_d, cachep_d, fullbitmap_d);
-
- if (__test_and_set_bit(d, (void *) dtree->bitmap))
- return -EEXIST;
-
- __set_bit(b, (void *) btree->dirty);
-
- return 0;
-}
-
-static inline int
-iptreemap_add(struct ip_set *set, ip_set_ip_t start, ip_set_ip_t end)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned int a, b, c, d;
- unsigned char a1, b1, c1, d1;
- unsigned char a2, b2, c2, d2;
-
- if (start == end)
- return __addip_single(set, start);
-
- ABCD(a1, b1, c1, d1, &start);
- ABCD(a2, b2, c2, d2, &end);
-
- /* This is sooo ugly... */
- ADDIP_RANGE_LOOP(map, a, a1, a2, CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2), btree, fullbitmap_b, cachep_b, free_b) {
- ADDIP_RANGE_LOOP(btree, b, GETVALUE1(a, a1, b1, 0), GETVALUE1(a, a2, b2, 255), CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2), ctree, fullbitmap_c, cachep_c, free_c) {
- ADDIP_RANGE_LOOP(ctree, c, GETVALUE2(a, b, a1, b1, c1, 0), GETVALUE2(a, b, a2, b2, c2, 255), CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2), dtree, fullbitmap_d, cachep_d, free_d) {
- for (d = GETVALUE3(a, b, c, a1, b1, c1, d1, 0); d <= GETVALUE3(a, b, c, a2, b2, c2, d2, 255); d++)
- __set_bit(d, (void *) dtree->bitmap);
- __set_bit(b, (void *) btree->dirty);
- } ADDIP_RANGE_LOOP_END();
- } ADDIP_RANGE_LOOP_END();
- } ADDIP_RANGE_LOOP_END();
-
- return 0;
-}
-
-UADT0(iptreemap, add, min(req->ip, req->end), max(req->ip, req->end))
-KADT(iptreemap, add, ipaddr, ip)
-
-static inline int
-__delip_single(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned char a,b,c,d;
-
- ABCD(a, b, c, d, &ip);
-
- DELIP_WALK(map, a, btree, cachep_b, fullbitmap_b);
- DELIP_WALK(btree, b, ctree, cachep_c, fullbitmap_c);
- DELIP_WALK(ctree, c, dtree, cachep_d, fullbitmap_d);
-
- if (!__test_and_clear_bit(d, (void *) dtree->bitmap))
- return -EEXIST;
-
- __set_bit(b, (void *) btree->dirty);
-
- return 0;
-}
-
-static inline int
-iptreemap_del(struct ip_set *set, ip_set_ip_t start, ip_set_ip_t end)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned int a, b, c, d;
- unsigned char a1, b1, c1, d1;
- unsigned char a2, b2, c2, d2;
-
- if (start == end)
- return __delip_single(set, start);
-
- ABCD(a1, b1, c1, d1, &start);
- ABCD(a2, b2, c2, d2, &end);
-
- /* This is sooo ugly... */
- DELIP_RANGE_LOOP(map, a, a1, a2, CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2), btree, fullbitmap_b, cachep_b, free_b) {
- DELIP_RANGE_LOOP(btree, b, GETVALUE1(a, a1, b1, 0), GETVALUE1(a, a2, b2, 255), CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2), ctree, fullbitmap_c, cachep_c, free_c) {
- DELIP_RANGE_LOOP(ctree, c, GETVALUE2(a, b, a1, b1, c1, 0), GETVALUE2(a, b, a2, b2, c2, 255), CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2), dtree, fullbitmap_d, cachep_d, free_d) {
- for (d = GETVALUE3(a, b, c, a1, b1, c1, d1, 0); d <= GETVALUE3(a, b, c, a2, b2, c2, d2, 255); d++)
- __clear_bit(d, (void *) dtree->bitmap);
- __set_bit(b, (void *) btree->dirty);
- } DELIP_RANGE_LOOP_END();
- } DELIP_RANGE_LOOP_END();
- } DELIP_RANGE_LOOP_END();
-
- return 0;
-}
-
-UADT0(iptreemap, del, min(req->ip, req->end), max(req->ip, req->end))
-KADT(iptreemap, del, ipaddr, ip)
-
-/* Check the status of the bitmap
- * -1 == all bits cleared
- * 1 == all bits set
- * 0 == anything else
- */
-static inline int
-bitmap_status(struct ip_set_iptreemap_d *dtree)
-{
- unsigned char first = dtree->bitmap[0];
- int a;
-
- for (a = 1; a < 32; a++)
- if (dtree->bitmap[a] != first)
- return 0;
-
- return (first == 0 ? -1 : (first == 255 ? 1 : 0));
-}
-
-static void
-gc(unsigned long addr)
-{
- struct ip_set *set = (struct ip_set *) addr;
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned int a, b, c;
- int i, j, k;
-
- write_lock_bh(&set->lock);
-
- LOOP_WALK_BEGIN_GC(map, a, btree, fullbitmap_b, cachep_b, i) {
- LOOP_WALK_BEGIN_GC(btree, b, ctree, fullbitmap_c, cachep_c, j) {
- if (!__test_and_clear_bit(b, (void *) btree->dirty))
- continue;
- LOOP_WALK_BEGIN_GC(ctree, c, dtree, fullbitmap_d, cachep_d, k) {
- switch (bitmap_status(dtree)) {
- case -1:
- kmem_cache_free(cachep_d, dtree);
- ctree->tree[c] = NULL;
- k--;
- break;
- case 1:
- kmem_cache_free(cachep_d, dtree);
- ctree->tree[c] = fullbitmap_d;
- k++;
- break;
- }
- } LOOP_WALK_END();
- } LOOP_WALK_END_GC(btree, b, ctree, fullbitmap_c, cachep_c, k);
- } LOOP_WALK_END_GC(map, a, btree, fullbitmap_b, cachep_b, j);
-
- write_unlock_bh(&set->lock);
-
- map->gc.expires = jiffies + map->gc_interval * HZ;
- add_timer(&map->gc);
-}
-
-static inline void
-init_gc_timer(struct ip_set *set)
-{
- struct ip_set_iptreemap *map = set->data;
-
- init_timer(&map->gc);
- map->gc.data = (unsigned long) set;
- map->gc.function = gc;
- map->gc.expires = jiffies + map->gc_interval * HZ;
- add_timer(&map->gc);
-}
-
-static int
-iptreemap_create(struct ip_set *set, const void *data, u_int32_t size)
-{
- const struct ip_set_req_iptreemap_create *req = data;
- struct ip_set_iptreemap *map;
-
- map = kzalloc(sizeof(*map), GFP_KERNEL);
- if (!map)
- return -ENOMEM;
-
- map->gc_interval = req->gc_interval ? req->gc_interval : IPTREEMAP_DEFAULT_GC_TIME;
- set->data = map;
-
- init_gc_timer(set);
-
- return 0;
-}
-
-static inline void
-__flush(struct ip_set_iptreemap *map)
-{
- struct ip_set_iptreemap_b *btree;
- unsigned int a;
-
- LOOP_WALK_BEGIN(map, a, btree);
- if (btree != fullbitmap_b)
- free_b(btree);
- LOOP_WALK_END();
-}
-
-static void
-iptreemap_destroy(struct ip_set *set)
-{
- struct ip_set_iptreemap *map = set->data;
-
- while (!del_timer(&map->gc))
- msleep(IPTREEMAP_DESTROY_SLEEP);
-
- __flush(map);
- kfree(map);
-
- set->data = NULL;
-}
-
-static void
-iptreemap_flush(struct ip_set *set)
-{
- struct ip_set_iptreemap *map = set->data;
- unsigned int gc_interval = map->gc_interval;
-
- while (!del_timer(&map->gc))
- msleep(IPTREEMAP_DESTROY_SLEEP);
-
- __flush(map);
-
- memset(map, 0, sizeof(*map));
- map->gc_interval = gc_interval;
-
- init_gc_timer(set);
-}
-
-static void
-iptreemap_list_header(const struct ip_set *set, void *data)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_req_iptreemap_create *header = data;
-
- header->gc_interval = map->gc_interval;
-}
-
-static int
-iptreemap_list_members_size(const struct ip_set *set, char dont_align)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned int a, b, c, d, inrange = 0, count = 0;
-
- LOOP_WALK_BEGIN_COUNT(map, a, btree, inrange, count) {
- LOOP_WALK_BEGIN_COUNT(btree, b, ctree, inrange, count) {
- LOOP_WALK_BEGIN_COUNT(ctree, c, dtree, inrange, count) {
- for (d = 0; d < 256; d++) {
- if (test_bit(d, (void *) dtree->bitmap)) {
- inrange = 1;
- } else if (inrange) {
- count++;
- inrange = 0;
- }
- }
- } LOOP_WALK_END_COUNT();
- } LOOP_WALK_END_COUNT();
- } LOOP_WALK_END_COUNT();
-
- if (inrange)
- count++;
-
- return (count * IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align));
-}
-
-static inline void
-add_member(void *data, size_t offset, ip_set_ip_t start, ip_set_ip_t end)
-{
- struct ip_set_req_iptreemap *entry = data + offset;
-
- entry->ip = start;
- entry->end = end;
-}
-
-static void
-iptreemap_list_members(const struct ip_set *set, void *data, char dont_align)
-{
- struct ip_set_iptreemap *map = set->data;
- struct ip_set_iptreemap_b *btree;
- struct ip_set_iptreemap_c *ctree;
- struct ip_set_iptreemap_d *dtree;
- unsigned int a, b, c, d, inrange = 0;
- size_t offset = 0, datasize;
- ip_set_ip_t start = 0, end = 0, ip;
-
- datasize = IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align);
- LOOP_WALK_BEGIN(map, a, btree) {
- LOOP_WALK_BEGIN(btree, b, ctree) {
- LOOP_WALK_BEGIN(ctree, c, dtree) {
- for (d = 0; d < 256; d++) {
- if (test_bit(d, (void *) dtree->bitmap)) {
- ip = ((a << 24) | (b << 16) | (c << 8) | d);
- if (!inrange) {
- inrange = 1;
- start = ip;
- } else if (end < ip - 1) {
- add_member(data, offset, start, end);
- offset += datasize;
- start = ip;
- }
- end = ip;
- } else if (inrange) {
- add_member(data, offset, start, end);
- offset += datasize;
- inrange = 0;
- }
- }
- } LOOP_WALK_END();
- } LOOP_WALK_END();
- } LOOP_WALK_END();
-
- if (inrange)
- add_member(data, offset, start, end);
-}
-
-IP_SET_TYPE(iptreemap, IPSET_TYPE_IP | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Sven Wegener <sven.wegener@stealer.net>");
-MODULE_DESCRIPTION("iptreemap type of IP sets");
-
-static int __init ip_set_iptreemap_init(void)
-{
- int ret = -ENOMEM;
- int a;
-
- cachep_b = KMEM_CACHE_CREATE("ip_set_iptreemap_b",
- sizeof(struct ip_set_iptreemap_b));
- if (!cachep_b) {
- ip_set_printk("Unable to create ip_set_iptreemap_b slab cache");
- goto out;
- }
-
- cachep_c = KMEM_CACHE_CREATE("ip_set_iptreemap_c",
- sizeof(struct ip_set_iptreemap_c));
- if (!cachep_c) {
- ip_set_printk("Unable to create ip_set_iptreemap_c slab cache");
- goto outb;
- }
-
- cachep_d = KMEM_CACHE_CREATE("ip_set_iptreemap_d",
- sizeof(struct ip_set_iptreemap_d));
- if (!cachep_d) {
- ip_set_printk("Unable to create ip_set_iptreemap_d slab cache");
- goto outc;
- }
-
- fullbitmap_d = kmem_cache_alloc(cachep_d, GFP_KERNEL);
- if (!fullbitmap_d)
- goto outd;
-
- fullbitmap_c = kmem_cache_alloc(cachep_c, GFP_KERNEL);
- if (!fullbitmap_c)
- goto outbitmapd;
-
- fullbitmap_b = kmem_cache_alloc(cachep_b, GFP_KERNEL);
- if (!fullbitmap_b)
- goto outbitmapc;
-
- ret = ip_set_register_set_type(&ip_set_iptreemap);
- if (0 > ret)
- goto outbitmapb;
-
- /* Now init our global bitmaps */
- memset(fullbitmap_d->bitmap, 0xff, sizeof(fullbitmap_d->bitmap));
-
- for (a = 0; a < 256; a++)
- fullbitmap_c->tree[a] = fullbitmap_d;
-
- for (a = 0; a < 256; a++)
- fullbitmap_b->tree[a] = fullbitmap_c;
- memset(fullbitmap_b->dirty, 0, sizeof(fullbitmap_b->dirty));
-
- return 0;
-
-outbitmapb:
- kmem_cache_free(cachep_b, fullbitmap_b);
-outbitmapc:
- kmem_cache_free(cachep_c, fullbitmap_c);
-outbitmapd:
- kmem_cache_free(cachep_d, fullbitmap_d);
-outd:
- kmem_cache_destroy(cachep_d);
-outc:
- kmem_cache_destroy(cachep_c);
-outb:
- kmem_cache_destroy(cachep_b);
-out:
-
- return ret;
-}
-
-static void __exit ip_set_iptreemap_fini(void)
-{
- ip_set_unregister_set_type(&ip_set_iptreemap);
- kmem_cache_free(cachep_d, fullbitmap_d);
- kmem_cache_free(cachep_c, fullbitmap_c);
- kmem_cache_free(cachep_b, fullbitmap_b);
- kmem_cache_destroy(cachep_d);
- kmem_cache_destroy(cachep_c);
- kmem_cache_destroy(cachep_b);
-}
-
-module_init(ip_set_iptreemap_init);
-module_exit(ip_set_iptreemap_fini);
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptreemap.h
^
|
@@ -1,40 +0,0 @@
-#ifndef __IP_SET_IPTREEMAP_H
-#define __IP_SET_IPTREEMAP_H
-
-#include "ip_set.h"
-
-#define SETTYPE_NAME "iptreemap"
-
-#ifdef __KERNEL__
-struct ip_set_iptreemap_d {
- unsigned char bitmap[32]; /* x.x.x.y */
-};
-
-struct ip_set_iptreemap_c {
- struct ip_set_iptreemap_d *tree[256]; /* x.x.y.x */
-};
-
-struct ip_set_iptreemap_b {
- struct ip_set_iptreemap_c *tree[256]; /* x.y.x.x */
- unsigned char dirty[32];
-};
-#endif
-
-struct ip_set_iptreemap {
- unsigned int gc_interval;
-#ifdef __KERNEL__
- struct timer_list gc;
- struct ip_set_iptreemap_b *tree[256]; /* y.x.x.x */
-#endif
-};
-
-struct ip_set_req_iptreemap_create {
- unsigned int gc_interval;
-};
-
-struct ip_set_req_iptreemap {
- ip_set_ip_t ip;
- ip_set_ip_t end;
-};
-
-#endif /* __IP_SET_IPTREEMAP_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_jhash.h
^
|
@@ -1,157 +0,0 @@
-#ifndef _LINUX_JHASH_H
-#define _LINUX_JHASH_H
-
-/* jhash.h: Jenkins hash support.
- *
- * Copyright (C) 2006. Bob Jenkins (bob_jenkins@burtleburtle.net)
- *
- * http://burtleburtle.net/bob/hash/
- *
- * These are the credits from Bob's sources:
- *
- * lookup3.c, by Bob Jenkins, May 2006, Public Domain.
- *
- * These are functions for producing 32-bit hashes for hash table lookup.
- * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
- * are externally useful functions. Routines to test the hash are included
- * if SELF_TEST is defined. You can use this free for any purpose. It's in
- * the public domain. It has no warranty.
- *
- * Copyright (C) 2009 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * I've modified Bob's hash to be useful in the Linux kernel, and
- * any bugs present are my fault. Jozsef
- */
-
-#define __rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
-
-/* __jhash_mix - mix 3 32-bit values reversibly. */
-#define __jhash_mix(a,b,c) \
-{ \
- a -= c; a ^= __rot(c, 4); c += b; \
- b -= a; b ^= __rot(a, 6); a += c; \
- c -= b; c ^= __rot(b, 8); b += a; \
- a -= c; a ^= __rot(c,16); c += b; \
- b -= a; b ^= __rot(a,19); a += c; \
- c -= b; c ^= __rot(b, 4); b += a; \
-}
-
-/* __jhash_final - final mixing of 3 32-bit values (a,b,c) into c */
-#define __jhash_final(a,b,c) \
-{ \
- c ^= b; c -= __rot(b,14); \
- a ^= c; a -= __rot(c,11); \
- b ^= a; b -= __rot(a,25); \
- c ^= b; c -= __rot(b,16); \
- a ^= c; a -= __rot(c,4); \
- b ^= a; b -= __rot(a,14); \
- c ^= b; c -= __rot(b,24); \
-}
-
-/* The golden ration: an arbitrary value */
-#define JHASH_GOLDEN_RATIO 0xdeadbeef
-
-/* The most generic version, hashes an arbitrary sequence
- * of bytes. No alignment or length assumptions are made about
- * the input key. The result depends on endianness.
- */
-static inline u32 jhash(const void *key, u32 length, u32 initval)
-{
- u32 a,b,c;
- const u8 *k = key;
-
- /* Set up the internal state */
- a = b = c = JHASH_GOLDEN_RATIO + length + initval;
-
- /* all but the last block: affect some 32 bits of (a,b,c) */
- while (length > 12) {
- a += (k[0] + ((u32)k[1]<<8) + ((u32)k[2]<<16) + ((u32)k[3]<<24));
- b += (k[4] + ((u32)k[5]<<8) + ((u32)k[6]<<16) + ((u32)k[7]<<24));
- c += (k[8] + ((u32)k[9]<<8) + ((u32)k[10]<<16) + ((u32)k[11]<<24));
- __jhash_mix(a, b, c);
- length -= 12;
- k += 12;
- }
-
- /* last block: affect all 32 bits of (c) */
- /* all the case statements fall through */
- switch (length) {
- case 12: c += (u32)k[11]<<24;
- case 11: c += (u32)k[10]<<16;
- case 10: c += (u32)k[9]<<8;
- case 9 : c += k[8];
- case 8 : b += (u32)k[7]<<24;
- case 7 : b += (u32)k[6]<<16;
- case 6 : b += (u32)k[5]<<8;
- case 5 : b += k[4];
- case 4 : a += (u32)k[3]<<24;
- case 3 : a += (u32)k[2]<<16;
- case 2 : a += (u32)k[1]<<8;
- case 1 : a += k[0];
- __jhash_final(a, b, c);
- case 0 :
- break;
- }
-
- return c;
-}
-
-/* A special optimized version that handles 1 or more of u32s.
- * The length parameter here is the number of u32s in the key.
- */
-static inline u32 jhash2(const u32 *k, u32 length, u32 initval)
-{
- u32 a, b, c;
-
- /* Set up the internal state */
- a = b = c = JHASH_GOLDEN_RATIO + (length<<2) + initval;
-
- /* handle most of the key */
- while (length > 3) {
- a += k[0];
- b += k[1];
- c += k[2];
- __jhash_mix(a, b, c);
- length -= 3;
- k += 3;
- }
-
- /* handle the last 3 u32's */
- /* all the case statements fall through */
- switch (length) {
- case 3: c += k[2];
- case 2: b += k[1];
- case 1: a += k[0];
- __jhash_final(a, b, c);
- case 0: /* case 0: nothing left to add */
- break;
- }
-
- return c;
-}
-
-/* A special ultra-optimized versions that knows they are hashing exactly
- * 3, 2 or 1 word(s).
- */
-static inline u32 jhash_3words(u32 a, u32 b, u32 c, u32 initval)
-{
- a += JHASH_GOLDEN_RATIO + initval;
- b += JHASH_GOLDEN_RATIO + initval;
- c += JHASH_GOLDEN_RATIO + initval;
-
- __jhash_final(a, b, c);
-
- return c;
-}
-
-static inline u32 jhash_2words(u32 a, u32 b, u32 initval)
-{
- return jhash_3words(0, a, b, initval);
-}
-
-static inline u32 jhash_1word(u32 a, u32 initval)
-{
- return jhash_3words(0, 0, a, initval);
-}
-
-#endif /* _LINUX_JHASH_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_macipmap.c
^
|
@@ -1,179 +0,0 @@
-/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
- * Patrick Schaaf <bof@bof.de>
- * Martin Josefsson <gandalf@wlug.westbo.se>
- * Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an IP set type: the macipmap type */
-
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/if_ether.h>
-
-#include "ip_set_macipmap.h"
-
-static int
-macipmap_utest(struct ip_set *set, const void *data, u_int32_t size)
-{
- const struct ip_set_macipmap *map = set->data;
- const struct ip_set_macip *table = map->members;
- const struct ip_set_req_macipmap *req = data;
-
- if (req->ip < map->first_ip || req->ip > map->last_ip)
- return -ERANGE;
-
- DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(req->ip));
- if (table[req->ip - map->first_ip].match) {
- return (memcmp(req->ethernet,
- &table[req->ip - map->first_ip].ethernet,
- ETH_ALEN) == 0);
- } else {
- return (map->flags & IPSET_MACIP_MATCHUNSET ? 1 : 0);
- }
-}
-
-static int
-macipmap_ktest(struct ip_set *set,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- const struct ip_set_macipmap *map = set->data;
- const struct ip_set_macip *table = map->members;
- ip_set_ip_t ip;
-
- ip = ipaddr(skb, flags);
-
- if (ip < map->first_ip || ip > map->last_ip)
- return 0;
-
- DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip));
- if (table[ip - map->first_ip].match) {
- /* Is mac pointer valid?
- * If so, compare... */
- return (skb_mac_header(skb) >= skb->head
- && (skb_mac_header(skb) + ETH_HLEN) <= skb->data
- && (memcmp(eth_hdr(skb)->h_source,
- &table[ip - map->first_ip].ethernet,
- ETH_ALEN) == 0));
- } else {
- return (map->flags & IPSET_MACIP_MATCHUNSET ? 1 : 0);
- }
-}
-
-/* returns 0 on success */
-static inline int
-macipmap_add(struct ip_set *set,
- ip_set_ip_t ip, const unsigned char *ethernet)
-{
- struct ip_set_macipmap *map = set->data;
- struct ip_set_macip *table = map->members;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
- if (table[ip - map->first_ip].match)
- return -EEXIST;
-
- DP("set: %s, ip: %u.%u.%u.%u", set->name, HIPQUAD(ip));
- memcpy(&table[ip - map->first_ip].ethernet, ethernet, ETH_ALEN);
- table[ip - map->first_ip].match = IPSET_MACIP_ISSET;
- return 0;
-}
-
-#define KADT_CONDITION \
- if (!(skb_mac_header(skb) >= skb->head \
- && (skb_mac_header(skb) + ETH_HLEN) <= skb->data))\
- return -EINVAL;
-
-UADT(macipmap, add, req->ethernet)
-KADT(macipmap, add, ipaddr, eth_hdr(skb)->h_source)
-
-static inline int
-macipmap_del(struct ip_set *set, ip_set_ip_t ip)
-{
- struct ip_set_macipmap *map = set->data;
- struct ip_set_macip *table = map->members;
-
- if (ip < map->first_ip || ip > map->last_ip)
- return -ERANGE;
- if (!table[ip - map->first_ip].match)
- return -EEXIST;
-
- table[ip - map->first_ip].match = 0;
- DP("set: %s, ip: %u.%u.%u.%u", set->name, HIPQUAD(ip));
- return 0;
-}
-
-#undef KADT_CONDITION
-#define KADT_CONDITION
-
-UADT(macipmap, del)
-KADT(macipmap, del, ipaddr)
-
-static inline int
-__macipmap_create(const struct ip_set_req_macipmap_create *req,
- struct ip_set_macipmap *map)
-{
- if (req->to - req->from > MAX_RANGE) {
- ip_set_printk("range too big, %d elements (max %d)",
- req->to - req->from + 1, MAX_RANGE+1);
- return -ENOEXEC;
- }
- map->flags = req->flags;
- return (req->to - req->from + 1) * sizeof(struct ip_set_macip);
-}
-
-BITMAP_CREATE(macipmap)
-BITMAP_DESTROY(macipmap)
-BITMAP_FLUSH(macipmap)
-
-static inline void
-__macipmap_list_header(const struct ip_set_macipmap *map,
- struct ip_set_req_macipmap_create *header)
-{
- header->flags = map->flags;
-}
-
-BITMAP_LIST_HEADER(macipmap)
-BITMAP_LIST_MEMBERS_SIZE(macipmap, struct ip_set_req_macipmap,
- (map->last_ip - map->first_ip + 1),
- ((const struct ip_set_macip *)map->members)[i].match)
-
-
-static void
-macipmap_list_members(const struct ip_set *set, void *data, char dont_align)
-{
- const struct ip_set_macipmap *map = set->data;
- const struct ip_set_macip *table = map->members;
- uint32_t i, n = 0;
- struct ip_set_req_macipmap *d;
-
- if (dont_align) {
- memcpy(data, map->members, map->size);
- return;
- }
-
- for (i = 0; i < map->last_ip - map->first_ip + 1; i++)
- if (table[i].match) {
- d = data + n * IPSET_ALIGN(sizeof(struct ip_set_req_macipmap));
- d->ip = map->first_ip + i;
- memcpy(d->ethernet, &table[i].ethernet, ETH_ALEN);
- n++;
- }
-}
-
-IP_SET_TYPE(macipmap, IPSET_TYPE_IP | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("macipmap type of IP sets");
-
-REGISTER_MODULE(macipmap)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_macipmap.h
^
|
@@ -1,39 +0,0 @@
-#ifndef __IP_SET_MACIPMAP_H
-#define __IP_SET_MACIPMAP_H
-
-#include "ip_set.h"
-#include "ip_set_bitmaps.h"
-
-#define SETTYPE_NAME "macipmap"
-
-/* general flags */
-#define IPSET_MACIP_MATCHUNSET 1
-
-/* per ip flags */
-#define IPSET_MACIP_ISSET 1
-
-struct ip_set_macipmap {
- void *members; /* the macipmap proper */
- ip_set_ip_t first_ip; /* host byte order, included in range */
- ip_set_ip_t last_ip; /* host byte order, included in range */
- u_int32_t flags;
- u_int32_t size; /* size of the ipmap proper */
-};
-
-struct ip_set_req_macipmap_create {
- ip_set_ip_t from;
- ip_set_ip_t to;
- u_int32_t flags;
-};
-
-struct ip_set_req_macipmap {
- ip_set_ip_t ip;
- unsigned char ethernet[ETH_ALEN];
-};
-
-struct ip_set_macip {
- unsigned short match;
- unsigned char ethernet[ETH_ALEN];
-};
-
-#endif /* __IP_SET_MACIPMAP_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_malloc.h
^
|
@@ -1,153 +0,0 @@
-#ifndef _IP_SET_MALLOC_H
-#define _IP_SET_MALLOC_H
-
-#ifdef __KERNEL__
-#include <linux/vmalloc.h>
-
-static size_t max_malloc_size = 0, max_page_size = 0;
-static size_t default_max_malloc_size = 131072; /* Guaranteed: slab.c */
-
-static inline int init_max_page_size(void)
-{
-/* Compatibility glues to support 2.4.36 */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-#define __GFP_NOWARN 0
-
- /* Guaranteed: slab.c */
- max_malloc_size = max_page_size = default_max_malloc_size;
-#else
- size_t page_size = 0;
-
-#define CACHE(x) if (max_page_size == 0 || x < max_page_size) \
- page_size = x;
-#include <linux/kmalloc_sizes.h>
-#undef CACHE
- if (page_size) {
- if (max_malloc_size == 0)
- max_malloc_size = page_size;
-
- max_page_size = page_size;
-
- return 1;
- }
-#endif
- return 0;
-}
-
-struct harray {
- size_t max_elements;
- void *arrays[0];
-};
-
-static inline void *
-__harray_malloc(size_t hashsize, size_t typesize, gfp_t flags)
-{
- struct harray *harray;
- size_t max_elements, size, i, j;
-
- BUG_ON(max_page_size == 0);
-
- if (typesize > max_page_size)
- return NULL;
-
- max_elements = max_page_size/typesize;
- size = hashsize/max_elements;
- if (hashsize % max_elements)
- size++;
-
- /* Last pointer signals end of arrays */
- harray = kmalloc(sizeof(struct harray) + (size + 1) * sizeof(void *),
- flags);
-
- if (!harray)
- return NULL;
-
- for (i = 0; i < size - 1; i++) {
- harray->arrays[i] = kmalloc(max_elements * typesize, flags);
- if (!harray->arrays[i])
- goto undo;
- memset(harray->arrays[i], 0, max_elements * typesize);
- }
- harray->arrays[i] = kmalloc((hashsize - i * max_elements) * typesize,
- flags);
- if (!harray->arrays[i])
- goto undo;
- memset(harray->arrays[i], 0, (hashsize - i * max_elements) * typesize);
-
- harray->max_elements = max_elements;
- harray->arrays[size] = NULL;
-
- return (void *)harray;
-
- undo:
- for (j = 0; j < i; j++) {
- kfree(harray->arrays[j]);
- }
- kfree(harray);
- return NULL;
-}
-
-static inline void *
-harray_malloc(size_t hashsize, size_t typesize, gfp_t flags)
-{
- void *harray;
-
- do {
- harray = __harray_malloc(hashsize, typesize, flags|__GFP_NOWARN);
- } while (harray == NULL && init_max_page_size());
-
- return harray;
-}
-
-static inline void harray_free(void *h)
-{
- struct harray *harray = (struct harray *) h;
- size_t i;
-
- for (i = 0; harray->arrays[i] != NULL; i++)
- kfree(harray->arrays[i]);
- kfree(harray);
-}
-
-static inline void harray_flush(void *h, size_t hashsize, size_t typesize)
-{
- struct harray *harray = (struct harray *) h;
- size_t i;
-
- for (i = 0; harray->arrays[i+1] != NULL; i++)
- memset(harray->arrays[i], 0, harray->max_elements * typesize);
- memset(harray->arrays[i], 0,
- (hashsize - i * harray->max_elements) * typesize);
-}
-
-#define HARRAY_ELEM(h, type, which) \
-({ \
- struct harray *__h = (struct harray *)(h); \
- ((type)((__h)->arrays[(which)/(__h)->max_elements]) \
- + (which)%(__h)->max_elements); \
-})
-
-/* General memory allocation and deallocation */
-static inline void * ip_set_malloc(size_t bytes)
-{
- BUG_ON(max_malloc_size == 0);
-
- if (bytes > default_max_malloc_size)
- return vmalloc(bytes);
- else
- return kmalloc(bytes, GFP_KERNEL | __GFP_NOWARN);
-}
-
-static inline void ip_set_free(void * data, size_t bytes)
-{
- BUG_ON(max_malloc_size == 0);
-
- if (bytes > default_max_malloc_size)
- vfree(data);
- else
- kfree(data);
-}
-
-#endif /* __KERNEL__ */
-
-#endif /*_IP_SET_MALLOC_H*/
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_nethash.c
^
|
@@ -1,218 +0,0 @@
-/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing a cidr nethash set */
-
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include "ip_set_jhash.h"
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-#include <linux/random.h>
-
-#include <net/ip.h>
-
-#include "ip_set_nethash.h"
-
-static int limit = MAX_RANGE;
-
-static inline __u32
-nethash_id_cidr(const struct ip_set_nethash *map,
- ip_set_ip_t ip,
- uint8_t cidr)
-{
- __u32 id;
- u_int16_t i;
- ip_set_ip_t *elem;
-
- ip = pack_ip_cidr(ip, cidr);
- if (!ip)
- return MAX_RANGE;
-
- for (i = 0; i < map->probes; i++) {
- id = jhash_ip(map, i, ip) % map->hashsize;
- DP("hash key: %u", id);
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
- if (*elem == ip)
- return id;
- /* No shortcut - there can be deleted entries. */
- }
- return UINT_MAX;
-}
-
-static inline __u32
-nethash_id(struct ip_set *set, ip_set_ip_t ip)
-{
- const struct ip_set_nethash *map = set->data;
- __u32 id = UINT_MAX;
- int i;
-
- for (i = 0; i < 30 && map->cidr[i]; i++) {
- id = nethash_id_cidr(map, ip, map->cidr[i]);
- if (id != UINT_MAX)
- break;
- }
- return id;
-}
-
-static inline int
-nethash_test_cidr(struct ip_set *set, ip_set_ip_t ip, uint8_t cidr)
-{
- const struct ip_set_nethash *map = set->data;
-
- return (nethash_id_cidr(map, ip, cidr) != UINT_MAX);
-}
-
-static inline int
-nethash_test(struct ip_set *set, ip_set_ip_t ip)
-{
- return (nethash_id(set, ip) != UINT_MAX);
-}
-
-static int
-nethash_utest(struct ip_set *set, const void *data, u_int32_t size)
-{
- const struct ip_set_req_nethash *req = data;
-
- if (req->cidr <= 0 || req->cidr > 32)
- return -EINVAL;
- return (req->cidr == 32 ? nethash_test(set, req->ip)
- : nethash_test_cidr(set, req->ip, req->cidr));
-}
-
-#define KADT_CONDITION
-
-KADT(nethash, test, ipaddr)
-
-static inline int
-__nethash_add(struct ip_set_nethash *map, ip_set_ip_t *ip)
-{
- __u32 probe;
- u_int16_t i;
- ip_set_ip_t *elem, *slot = NULL;
-
- for (i = 0; i < map->probes; i++) {
- probe = jhash_ip(map, i, *ip) % map->hashsize;
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe);
- if (*elem == *ip)
- return -EEXIST;
- if (!(slot || *elem))
- slot = elem;
- /* There can be deleted entries, must check all slots */
- }
- if (slot) {
- *slot = *ip;
- map->elements++;
- return 0;
- }
- /* Trigger rehashing */
- return -EAGAIN;
-}
-
-static inline int
-nethash_add(struct ip_set *set, ip_set_ip_t ip, uint8_t cidr)
-{
- struct ip_set_nethash *map = set->data;
- int ret;
-
- if (map->elements >= limit || map->nets[cidr-1] == UINT16_MAX)
- return -ERANGE;
- if (cidr <= 0 || cidr >= 32)
- return -EINVAL;
-
- ip = pack_ip_cidr(ip, cidr);
- if (!ip)
- return -ERANGE;
-
- ret = __nethash_add(map, &ip);
- if (ret == 0) {
- if (!map->nets[cidr-1]++)
- add_cidr_size(map->cidr, cidr);
- }
-
- return ret;
-}
-
-#undef KADT_CONDITION
-#define KADT_CONDITION \
- struct ip_set_nethash *map = set->data; \
- uint8_t cidr = map->cidr[0] ? map->cidr[0] : 31;
-
-UADT(nethash, add, req->cidr)
-KADT(nethash, add, ipaddr, cidr)
-
-static inline void
-__nethash_retry(struct ip_set_nethash *tmp, struct ip_set_nethash *map)
-{
- memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr));
- memcpy(tmp->nets, map->nets, sizeof(tmp->nets));
-}
-
-HASH_RETRY(nethash, ip_set_ip_t)
-
-static inline int
-nethash_del(struct ip_set *set, ip_set_ip_t ip, uint8_t cidr)
-{
- struct ip_set_nethash *map = set->data;
- ip_set_ip_t id, *elem;
-
- if (cidr <= 0 || cidr >= 32)
- return -EINVAL;
-
- id = nethash_id_cidr(map, ip, cidr);
- if (id == UINT_MAX)
- return -EEXIST;
-
- elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id);
- *elem = 0;
- map->elements--;
- if (!map->nets[cidr-1]--)
- del_cidr_size(map->cidr, cidr);
- return 0;
-}
-
-UADT(nethash, del, req->cidr)
-KADT(nethash, del, ipaddr, cidr)
-
-static inline int
-__nethash_create(const struct ip_set_req_nethash_create *req,
- struct ip_set_nethash *map)
-{
- memset(map->cidr, 0, sizeof(map->cidr));
- memset(map->nets, 0, sizeof(map->nets));
-
- return 0;
-}
-
-HASH_CREATE(nethash, ip_set_ip_t)
-HASH_DESTROY(nethash)
-
-HASH_FLUSH_CIDR(nethash, ip_set_ip_t)
-
-static inline void
-__nethash_list_header(const struct ip_set_nethash *map,
- struct ip_set_req_nethash_create *header)
-{
-}
-
-HASH_LIST_HEADER(nethash)
-HASH_LIST_MEMBERS_SIZE(nethash, ip_set_ip_t)
-HASH_LIST_MEMBERS(nethash, ip_set_ip_t)
-
-IP_SET_RTYPE(nethash, IPSET_TYPE_IP | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("nethash type of IP sets");
-module_param(limit, int, 0600);
-MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets");
-
-REGISTER_MODULE(nethash)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_nethash.h
^
|
@@ -1,31 +0,0 @@
-#ifndef __IP_SET_NETHASH_H
-#define __IP_SET_NETHASH_H
-
-#include "ip_set.h"
-#include "ip_set_hashes.h"
-
-#define SETTYPE_NAME "nethash"
-
-struct ip_set_nethash {
- ip_set_ip_t *members; /* the nethash proper */
- uint32_t elements; /* number of elements */
- uint32_t hashsize; /* hash size */
- uint16_t probes; /* max number of probes */
- uint16_t resize; /* resize factor in percent */
- uint8_t cidr[30]; /* CIDR sizes */
- uint16_t nets[30]; /* nr of nets by CIDR sizes */
- initval_t initval[0]; /* initvals for jhash_1word */
-};
-
-struct ip_set_req_nethash_create {
- uint32_t hashsize;
- uint16_t probes;
- uint16_t resize;
-};
-
-struct ip_set_req_nethash {
- ip_set_ip_t ip;
- uint8_t cidr;
-};
-
-#endif /* __IP_SET_NETHASH_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_portmap.c
^
|
@@ -1,130 +0,0 @@
-/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing a port set type as a bitmap */
-
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <linux/skbuff.h>
-#include <linux/errno.h>
-#include <asm/uaccess.h>
-#include <asm/bitops.h>
-#include <linux/spinlock.h>
-
-#include <net/ip.h>
-
-#include "ip_set_portmap.h"
-#include "ip_set_getport.h"
-
-static inline int
-portmap_test(const struct ip_set *set, ip_set_ip_t port)
-{
- const struct ip_set_portmap *map = set->data;
-
- if (port < map->first_ip || port > map->last_ip)
- return -ERANGE;
-
- DP("set: %s, port: %u", set->name, port);
- return !!test_bit(port - map->first_ip, map->members);
-}
-
-#define KADT_CONDITION \
- if (ip == INVALID_PORT) \
- return 0;
-
-UADT(portmap, test)
-KADT(portmap, test, get_port)
-
-static inline int
-portmap_add(struct ip_set *set, ip_set_ip_t port)
-{
- struct ip_set_portmap *map = set->data;
-
- if (port < map->first_ip || port > map->last_ip)
- return -ERANGE;
- if (test_and_set_bit(port - map->first_ip, map->members))
- return -EEXIST;
-
- DP("set: %s, port %u", set->name, port);
- return 0;
-}
-
-UADT(portmap, add)
-KADT(portmap, add, get_port)
-
-static inline int
-portmap_del(struct ip_set *set, ip_set_ip_t port)
-{
- struct ip_set_portmap *map = set->data;
-
- if (port < map->first_ip || port > map->last_ip)
- return -ERANGE;
- if (!test_and_clear_bit(port - map->first_ip, map->members))
- return -EEXIST;
-
- DP("set: %s, port %u", set->name, port);
- return 0;
-}
-
-UADT(portmap, del)
-KADT(portmap, del, get_port)
-
-static inline int
-__portmap_create(const struct ip_set_req_portmap_create *req,
- struct ip_set_portmap *map)
-{
- if (req->to - req->from > MAX_RANGE) {
- ip_set_printk("range too big, %d elements (max %d)",
- req->to - req->from + 1, MAX_RANGE+1);
- return -ENOEXEC;
- }
- return bitmap_bytes(req->from, req->to);
-}
-
-BITMAP_CREATE(portmap)
-BITMAP_DESTROY(portmap)
-BITMAP_FLUSH(portmap)
-
-static inline void
-__portmap_list_header(const struct ip_set_portmap *map,
- struct ip_set_req_portmap_create *header)
-{
-}
-
-BITMAP_LIST_HEADER(portmap)
-BITMAP_LIST_MEMBERS_SIZE(portmap, ip_set_ip_t, (map->last_ip - map->first_ip + 1),
- test_bit(i, map->members))
-
-static void
-portmap_list_members(const struct ip_set *set, void *data, char dont_align)
-{
- const struct ip_set_portmap *map = set->data;
- uint32_t i, n = 0;
- ip_set_ip_t *d;
-
- if (dont_align) {
- memcpy(data, map->members, map->size);
- return;
- }
-
- for (i = 0; i < map->last_ip - map->first_ip + 1; i++)
- if (test_bit(i, map->members)) {
- d = data + n * IPSET_ALIGN(sizeof(ip_set_ip_t));
- *d = map->first_ip + i;
- n++;
- }
-}
-
-IP_SET_TYPE(portmap, IPSET_TYPE_PORT | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("portmap type of IP sets");
-
-REGISTER_MODULE(portmap)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_portmap.h
^
|
@@ -1,25 +0,0 @@
-#ifndef __IP_SET_PORTMAP_H
-#define __IP_SET_PORTMAP_H
-
-#include "ip_set.h"
-#include "ip_set_bitmaps.h"
-
-#define SETTYPE_NAME "portmap"
-
-struct ip_set_portmap {
- void *members; /* the portmap proper */
- ip_set_ip_t first_ip; /* host byte order, included in range */
- ip_set_ip_t last_ip; /* host byte order, included in range */
- u_int32_t size; /* size of the ipmap proper */
-};
-
-struct ip_set_req_portmap_create {
- ip_set_ip_t from;
- ip_set_ip_t to;
-};
-
-struct ip_set_req_portmap {
- ip_set_ip_t ip;
-};
-
-#endif /* __IP_SET_PORTMAP_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_setlist.c
^
|
@@ -1,324 +0,0 @@
-/* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module implementing an IP set type: the setlist type */
-
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include <linux/errno.h>
-
-#include "ip_set.h"
-#include "ip_set_bitmaps.h"
-#include "ip_set_setlist.h"
-
-/*
- * before ==> index, ref
- * after ==> ref, index
- */
-
-static inline int
-next_index_eq(const struct ip_set_setlist *map, int i, ip_set_id_t index)
-{
- return i < map->size && map->index[i] == index;
-}
-
-static int
-setlist_utest(struct ip_set *set, const void *data, u_int32_t size)
-{
- const struct ip_set_setlist *map = set->data;
- const struct ip_set_req_setlist *req = data;
- ip_set_id_t index, ref = IP_SET_INVALID_ID;
- int i, res = 0;
- struct ip_set *s;
-
- if (req->before && req->ref[0] == '\0')
- return 0;
-
- index = __ip_set_get_byname(req->name, &s);
- if (index == IP_SET_INVALID_ID)
- return 0;
- if (req->ref[0] != '\0') {
- ref = __ip_set_get_byname(req->ref, &s);
- if (ref == IP_SET_INVALID_ID)
- goto finish;
- }
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID; i++) {
- if (req->before && map->index[i] == index) {
- res = next_index_eq(map, i + 1, ref);
- break;
- } else if (!req->before) {
- if ((ref == IP_SET_INVALID_ID
- && map->index[i] == index)
- || (map->index[i] == ref
- && next_index_eq(map, i + 1, index))) {
- res = 1;
- break;
- }
- }
- }
- if (ref != IP_SET_INVALID_ID)
- __ip_set_put_byindex(ref);
-finish:
- __ip_set_put_byindex(index);
- return res;
-}
-
-static int
-setlist_ktest(struct ip_set *set,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- struct ip_set_setlist *map = set->data;
- int i, res = 0;
-
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID
- && res == 0; i++)
- res = ip_set_testip_kernel(map->index[i], skb, flags);
- return res;
-}
-
-static inline int
-insert_setlist(struct ip_set_setlist *map, int i, ip_set_id_t index)
-{
- ip_set_id_t tmp;
- int j;
-
- DP("i: %u, last %u\n", i, map->index[map->size - 1]);
- if (i >= map->size || map->index[map->size - 1] != IP_SET_INVALID_ID)
- return -ERANGE;
-
- for (j = i; j < map->size
- && index != IP_SET_INVALID_ID; j++) {
- tmp = map->index[j];
- map->index[j] = index;
- index = tmp;
- }
- return 0;
-}
-
-static int
-setlist_uadd(struct ip_set *set, const void *data, u_int32_t size)
-{
- struct ip_set_setlist *map = set->data;
- const struct ip_set_req_setlist *req = data;
- ip_set_id_t index, ref = IP_SET_INVALID_ID;
- int i, res = -ERANGE;
- struct ip_set *s;
-
- if (req->before && req->ref[0] == '\0')
- return -EINVAL;
-
- index = __ip_set_get_byname(req->name, &s);
- if (index == IP_SET_INVALID_ID)
- return -EEXIST;
- /* "Loop detection" */
- if (strcmp(s->type->typename, "setlist") == 0)
- goto finish;
-
- if (req->ref[0] != '\0') {
- ref = __ip_set_get_byname(req->ref, &s);
- if (ref == IP_SET_INVALID_ID) {
- res = -EEXIST;
- goto finish;
- }
- }
- for (i = 0; i < map->size; i++) {
- if (map->index[i] != ref)
- continue;
- if (req->before)
- res = insert_setlist(map, i, index);
- else
- res = insert_setlist(map,
- ref == IP_SET_INVALID_ID ? i : i + 1,
- index);
- break;
- }
- if (ref != IP_SET_INVALID_ID)
- __ip_set_put_byindex(ref);
- /* In case of success, we keep the reference to the set */
-finish:
- if (res != 0)
- __ip_set_put_byindex(index);
- return res;
-}
-
-static int
-setlist_kadd(struct ip_set *set,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- struct ip_set_setlist *map = set->data;
- int i, res = -EINVAL;
-
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID
- && res != 0; i++)
- res = ip_set_addip_kernel(map->index[i], skb, flags);
- return res;
-}
-
-static inline int
-unshift_setlist(struct ip_set_setlist *map, int i)
-{
- int j;
-
- for (j = i; j < map->size - 1; j++)
- map->index[j] = map->index[j+1];
- map->index[map->size-1] = IP_SET_INVALID_ID;
- return 0;
-}
-
-static int
-setlist_udel(struct ip_set *set, const void *data, u_int32_t size)
-{
- struct ip_set_setlist *map = set->data;
- const struct ip_set_req_setlist *req = data;
- ip_set_id_t index, ref = IP_SET_INVALID_ID;
- int i, res = -EEXIST;
- struct ip_set *s;
-
- if (req->before && req->ref[0] == '\0')
- return -EINVAL;
-
- index = __ip_set_get_byname(req->name, &s);
- if (index == IP_SET_INVALID_ID)
- return -EEXIST;
- if (req->ref[0] != '\0') {
- ref = __ip_set_get_byname(req->ref, &s);
- if (ref == IP_SET_INVALID_ID)
- goto finish;
- }
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID; i++) {
- if (req->before) {
- if (map->index[i] == index
- && next_index_eq(map, i + 1, ref)) {
- res = unshift_setlist(map, i);
- break;
- }
- } else if (ref == IP_SET_INVALID_ID) {
- if (map->index[i] == index) {
- res = unshift_setlist(map, i);
- break;
- }
- } else if (map->index[i] == ref
- && next_index_eq(map, i + 1, index)) {
- res = unshift_setlist(map, i + 1);
- break;
- }
- }
- if (ref != IP_SET_INVALID_ID)
- __ip_set_put_byindex(ref);
-finish:
- __ip_set_put_byindex(index);
- /* In case of success, release the reference to the set */
- if (res == 0)
- __ip_set_put_byindex(index);
- return res;
-}
-
-static int
-setlist_kdel(struct ip_set *set,
- const struct sk_buff *skb,
- const u_int32_t *flags)
-{
- struct ip_set_setlist *map = set->data;
- int i, res = -EINVAL;
-
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID
- && res != 0; i++)
- res = ip_set_delip_kernel(map->index[i], skb, flags);
- return res;
-}
-
-static int
-setlist_create(struct ip_set *set, const void *data, u_int32_t size)
-{
- struct ip_set_setlist *map;
- const struct ip_set_req_setlist_create *req = data;
- int i;
-
- map = kmalloc(sizeof(struct ip_set_setlist) +
- req->size * sizeof(ip_set_id_t), GFP_KERNEL);
- if (!map)
- return -ENOMEM;
- map->size = req->size;
- for (i = 0; i < map->size; i++)
- map->index[i] = IP_SET_INVALID_ID;
-
- set->data = map;
- return 0;
-}
-
-static void
-setlist_destroy(struct ip_set *set)
-{
- struct ip_set_setlist *map = set->data;
- int i;
-
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID; i++)
- __ip_set_put_byindex(map->index[i]);
-
- kfree(map);
- set->data = NULL;
-}
-
-static void
-setlist_flush(struct ip_set *set)
-{
- struct ip_set_setlist *map = set->data;
- int i;
-
- for (i = 0; i < map->size
- && map->index[i] != IP_SET_INVALID_ID; i++) {
- __ip_set_put_byindex(map->index[i]);
- map->index[i] = IP_SET_INVALID_ID;
- }
-}
-
-static void
-setlist_list_header(const struct ip_set *set, void *data)
-{
- const struct ip_set_setlist *map = set->data;
- struct ip_set_req_setlist_create *header = data;
-
- header->size = map->size;
-}
-
-static int
-setlist_list_members_size(const struct ip_set *set, char dont_align)
-{
- const struct ip_set_setlist *map = set->data;
-
- return map->size * IPSET_VALIGN(sizeof(ip_set_id_t), dont_align);
-}
-
-static void
-setlist_list_members(const struct ip_set *set, void *data, char dont_align)
-{
- struct ip_set_setlist *map = set->data;
- ip_set_id_t *d;
- int i;
-
- for (i = 0; i < map->size; i++) {
- d = data + i * IPSET_VALIGN(sizeof(ip_set_id_t), dont_align);
- *d = ip_set_id(map->index[i]);
- }
-}
-
-IP_SET_TYPE(setlist, IPSET_TYPE_SETNAME | IPSET_DATA_SINGLE)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("setlist type of IP sets");
-
-REGISTER_MODULE(setlist)
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_setlist.h
^
|
@@ -1,26 +0,0 @@
-#ifndef __IP_SET_SETLIST_H
-#define __IP_SET_SETLIST_H
-
-#include "ip_set.h"
-
-#define SETTYPE_NAME "setlist"
-
-#define IP_SET_SETLIST_ADD_AFTER 0
-#define IP_SET_SETLIST_ADD_BEFORE 1
-
-struct ip_set_setlist {
- uint8_t size;
- ip_set_id_t index[0];
-};
-
-struct ip_set_req_setlist_create {
- uint8_t size;
-};
-
-struct ip_set_req_setlist {
- char name[IP_SET_MAXNAMELEN];
- char ref[IP_SET_MAXNAMELEN];
- uint8_t before;
-};
-
-#endif /* __IP_SET_SETLIST_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset.8
^
|
@@ -1,541 +0,0 @@
-.TH IPSET 8 "Feb 05, 2004" "" ""
-.\"
-.\" Man page written by Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
-.\"
-.\" This program is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
-.\"
-.\" This program is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public License
-.\" along with this program; if not, write to the Free Software
-.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-ipset \(em administration tool for IP sets
-.SH SYNOPSIS
-.PP
-\fBipset \-N\fP \fIset\fP \fItype-specification\fP [\fIoptions\fP...]
-.PP
-\fBipset\fP {\fB\-F\fP|\fB\-H\fP|\fB\-L\fP|\fB\-S\fP|\fB\-X\fP} [\fIset\fP]
-[\fIoptions\fP...]
-.PP
-\fBipset\fP {\fB\-E\fP|\fB\-W\fP} \fIfrom-set\fP \fIto-set\fP
-.PP
-\fBipset\fP {\fB\-A\fP|\fB\-D\fP|\fB\-T\fP} \fIset\fP \fIentry\fP
-.PP
-\fBipset \-R\fP
-.PP
-\fBipset\fP {\fB-V\fP|\fB\-v\fP}
-.SH DESCRIPTION
-.B ipset
-is used to set up, maintain and inspect so called IP sets in the Linux
-kernel. Depending on the type, an IP set may store IP addresses, (TCP/UDP)
-port numbers or additional informations besides IP addresses: the word IP
-means a general term here. See the set type definitions below.
-.P
-Iptables matches and targets referring to sets creates references, which
-protects the given sets in the kernel. A set cannot be removed (destroyed)
-while there is a single reference pointing to it.
-.SH OPTIONS
-The options that are recognized by
-.B ipset
-can be divided into several different groups.
-.SS COMMANDS
-These options specify the specific action to perform. Only one of them
-can be specified on the command line unless otherwise specified
-below. For all the long versions of the command and option names, you
-need to use only enough letters to ensure that
-.B ipset
-can differentiate it from all other options.
-.TP
-\fB\-N\fP, \fB\-\-create\fP \fIsetname\fP \fItype\fP \fItype-specific-options\fP
-Create a set identified with setname and specified type.
-Type-specific options must be supplied.
-.TP
-\fB\-X\fP, \fB\-\-destroy\fP [\fIsetname\fP]
-Destroy the specified set or all the sets if none is given.
-
-If the set has got references, nothing is done.
-.TP
-\fB\-F\fP, \fB\-\-flush\fP [\fIsetname\fP]
-Delete all entries from the specified set or flush
-all sets if none is given.
-.TP
-\fB\-E\fP, \fB\-\-rename\fP \fIfrom-setname\fP \fIto-setname\fP
-Rename a set. Set identified by to-setname must not exist.
-.TP
-\fB\-W\fP, \fB\-\-swap\fP \fIfrom-setname\fP \fIto-setname\fP
-Swap the content of two sets, or in another words,
-exchange the name of two sets. The referred sets must exist and
-identical type of sets can be swapped only.
-.TP
-\fB\-L\fP, \fB\-\-list\fP [\fIsetname\fP]
-List the entries for the specified set, or for
-all sets if none is given. The
-\fB\-r\fP/\fB\-\-resolve\fP
-option can be used to force name lookups (which may be slow). When the
-\fB\-s\fP/\fB\-\-sorted\fP
-option is given, the entries are listed sorted (if the given set
-type supports the operation).
-.TP
-\fB\-S\fP, \fB\-\-save\fP [\fIsetname\fP]
-Save the given set, or all sets if none is given
-to stdout in a format that \fB\-\-restore\fP can read.
-.TP
-\fB\-R\fP, \fB\-\-restore\fP
-Restore a saved session generated by \fB\-\-save\fP. The saved session
-can be fed from stdin.
-
-When generating a session file please note that the supported commands
-(create set and add element) must appear in a strict order: first create
-the set, then add all elements. Then create the next set, add all its elements
-and so on. Also, it is a restore operation, so the sets being restored must
-not exist.
-.TP
-\fB\-A\fP, \fB\-\-add\fP \fIsetname\fP \fIentry\fP
-Add an entry to a set.
-.TP
-\fB\-D\fP, \fB\-\-del\fP \fIsetname\fP \fIentry\fP
-Delete an entry from a set.
-.TP
-\fB-T\fP, \fB\-\-test\fP \fIsetname\fP \fIentry\fP
-Test wether an entry is in a set or not. Exit status number is zero
-if the tested entry is in the set and nonzero if it is missing from
-the set.
-.TP
-\fB\-H\fP, \fB\-\-help\fP [\fIsettype\fP]
-Print help and settype specific help if settype specified.
-.TP
-\fB\-V\fP, \fB\-v\fP, \fB\-\-version\fP
-Print program version and protocol version.
-.P
-.SS "OTHER OPTIONS"
-The following additional options can be specified:
-.TP
-\fB\-r\fP, \fB\-\-resolve\fP
-When listing sets, enforce name lookup. The
-program will try to display the IP entries resolved to
-host names or services (whenever applicable), which can trigger
-.B
-slow
-DNS
-lookups.
-.TP
-\fB\-s\fP, \fB\-\-sorted\fP
-Sorted output. When listing sets, entries are listed sorted.
-.TP
-\fB\-n\fP, \fB\-\-numeric\fP
-Numeric output. When listing sets, IP addresses and
-port numbers will be printed in numeric format. This is the default.
-.TP
-\fB\-q\fP, \fB\-\-quiet\fP
-Suppress any output to stdout and stderr. ipset will still return
-possible errors.
-.SH SET TYPES
-ipset supports the following set types:
-.SS ipmap
-The ipmap set type uses a memory range, where each bit represents
-one IP address. An ipmap set can store up to 65536 (B-class network)
-IP addresses. The ipmap set type is very fast and memory cheap, great
-for use when one want to match certain IPs in a range. If the optional
-\fB\-\-netmask\fP
-parameter is specified with a CIDR netmask value between 1-31 then
-network addresses are stored in the given set: i.e an
-IP address will be in the set if the network address, which is resulted
-by masking the address with the specified netmask, can be found in the set.
-.P
-Options to use when creating an ipmap set:
-.TP
-\fB\-\-from\fP \fIfrom-addr\fP
-.TP
-\fB\-\-to\fP \fIto-addr\fP
-Create an ipmap set from the specified address range.
-.TP
-\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
-Create an ipmap set from the specified network.
-.TP
-\fB\-\-netmask\fP \fIprefixlen\fP
-When the optional
-\fB\-\-netmask\fP
-parameter specified, network addresses will be
-stored in the set instead of IP addresses, and the \fIfrom-addr\fP parameter
-must be a network address. The \fIprefixlen\fP value must be between 1-31.
-.PP
-Example:
-.IP
-ipset \-N test ipmap \-\-network 192.168.0.0/16
-.SS macipmap
-The macipmap set type uses a memory range, where each 8 bytes
-represents one IP and a MAC addresses. A macipmap set type can store
-up to 65536 (B-class network) IP addresses with MAC.
-When adding an entry to a macipmap set, you must specify the entry as
-"\fIaddress\fP\fB,\fP\fImac\fP".
-When deleting or testing macipmap entries, the
-"\fB,\fP\fImac\fP"
-part is not mandatory.
-.P
-Options to use when creating an macipmap set:
-.TP
-\fB\-\-from\fP \fIfrom-addr\fP
-.TP
-\fB\-\-to\fP \fIto-addr\fP
-Create a macipmap set from the specified address range.
-.TP
-\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
-Create a macipmap set from the specified network.
-.TP
-\fB\-\-matchunset\fP
-When the optional
-\fB\-\-matchunset\fP
-parameter specified, IP addresses which could be stored
-in the set but not set yet, will always match.
-.P
-Please note, the
-"set"
-and
-"SET"
-netfilter kernel modules
-.B
-always
-use the source MAC address from the packet to match, add or delete
-entries from a macipmap type of set.
-.SS portmap
-The portmap set type uses a memory range, where each bit represents
-one port. A portmap set type can store up to 65536 ports.
-The portmap set type is very fast and memory cheap.
-.P
-Options to use when creating an portmap set:
-.TP
-\fB\-\-from\fP \fIfrom-port\fP
-.TP
-\fB\-\-to\fP \fIto-port\fP
-Create a portmap set from the specified port range.
-.SS iphash
-The iphash set type uses a hash to store IP addresses.
-In order to avoid clashes in the hash double-hashing, and as a last
-resort, dynamic growing of the hash performed. The iphash set type is
-great to store random addresses. If the optional
-\fB\-\-netmask\fP
-parameter is specified with a CIDR prefix length value between 1-31 then
-network addresses are stored in the given set: i.e an
-IP address will be in the set if the network address, which is resulted
-by masking the address with the specified netmask, can be found in the set.
-.P
-Options to use when creating an iphash set:
-.TP
-\fB\-\-hashsize\fP \fIhashsize\fP
-The initial hash size (default 1024)
-.TP
-\fB\-\-probes\fP \fIprobes\fP
-How many times try to resolve clashing at adding an IP to the hash
-by double-hashing (default 8).
-.TP
-\fB\-\-resize\fP \fIpercent\fP
-Increase the hash size by this many percent (default 50) when adding
-an IP to the hash could not be performed after
-\fIprobes\fP
-number of double-hashing.
-.TP
-\fB\-\-netmask\fP \fIprefixlen\fP
-When the optional
-\fB\-\-netmask\fP
-parameter specified, network addresses will be
-stored in the set instead of IP addresses. The \fIprefixlen\fP value must
-be between 1-31.
-.P
-The iphash type of sets can store up to 65536 entries. If a set is full,
-no new entries can be added to it.
-.P
-Sets created by zero valued resize parameter won't be resized at all.
-The lookup time in an iphash type of set grows approximately linearly with
-the value of the
-\fIprobes\fP
-parameter. In general higher
-\fIprobes\fP
-value results better utilized hash while smaller value
-produces larger, sparser hash.
-.PP
-Example:
-.IP
-ipset \-N test iphash \-\-probes 2
-.SS nethash
-The nethash set type uses a hash to store different size of
-network addresses. The
-.I
-entry
-used in the ipset commands must be in the form
-"\fIaddress\fP\fB/\fP\fIprefixlen\fP"
-where prefixlen must be in the inclusive range of 1-31.
-In order to avoid clashes in the hash
-double-hashing, and as a last resort, dynamic growing of the hash performed.
-.P
-Options to use when creating an nethash set:
-.TP
-\fB\-\-hashsize\fP \fIhashsize\fP
-The initial hash size (default 1024)
-.TP
-\fB\-\-probes\fP \fIprobes\fP
-How many times try to resolve clashing at adding an IP to the hash
-by double-hashing (default 4).
-.TP
-\fB\-\-resize\fP \fIpercent\fP
-Increase the hash size by this many percent (default 50) when adding
-an IP to the hash could not be performed after
-.P
-The nethash type of sets can store up to 65536 entries. If a set is full,
-no new entries can be added to it.
-.P
-An IP address will be in a nethash type of set if it belongs to any of the
-netblocks added to the set. The matching always start from the smallest
-size of netblock (most specific netmask) to the largest ones (least
-specific netmasks). When adding/deleting IP addresses
-to a nethash set by the
-"SET"
-netfilter kernel module, it will be added/deleted by the smallest
-netblock size which can be found in the set, or by /31 if the set is empty.
-.P
-The lookup time in a nethash type of set grows approximately linearly
-with the times of the
-\fIprobes\fP
-parameter and the number of different mask parameters in the hash.
-Otherwise the same speed and memory efficiency comments applies here
-as at the iphash type.
-.SS ipporthash
-The ipporthash set type uses a hash to store IP address and port pairs.
-In order to avoid clashes in the hash double-hashing, and as a last
-resort, dynamic growing of the hash performed. An ipporthash set can
-store up to 65536 (B-class network) IP addresses with all possible port
-values. When adding, deleting and testing values in an ipporthash type of
-set, the entries must be specified as
-"\fIaddress\fP\fB,\fP\fIport\fP".
-.P
-The ipporthash types of sets evaluates two src/dst parameters of the
-"set"
-match and
-"SET"
-target.
-.P
-Options to use when creating an ipporthash set:
-.TP
-\fB\-\-from\fP \fIfrom-addr\fP
-.TP
-\fB\-\-to\fP \fIto-addr\fP
-Create an ipporthash set from the specified address range.
-.TP
-\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
-Create an ipporthash set from the specified network.
-.TP
-\fB\-\-hashsize\fP \fIhashsize\fP
-The initial hash size (default 1024)
-.TP
-\fB\-\-probes\fP \fIprobes\fP
-How many times try to resolve clashing at adding an IP to the hash
-by double-hashing (default 8).
-.TP
-\fB\-\-resize\fP \fIpercent\fP
-Increase the hash size by this many percent (default 50) when adding
-an IP to the hash could not be performed after
-\fIprobes\fP
-number of double-hashing.
-.P
-The same resizing, speed and memory efficiency comments applies here
-as at the iphash type.
-.SS ipportiphash
-The ipportiphash set type uses a hash to store IP address,port and IP
-address triples. The first IP address must come form a maximum /16
-sized network or range while the port number and the second IP address
-parameters are arbitrary. When adding, deleting and testing values in an
-ipportiphash type of set, the entries must be specified as
-"\fIaddress\fP\fB,\fP\fIport\fP\fB,\fP\fIaddress\fP".
-.P
-The ipportiphash types of sets evaluates three src/dst parameters of the
-"set"
-match and
-"SET"
-target.
-.P
-Options to use when creating an ipportiphash set:
-.TP
-\fB\-\-from\fP \fIfrom-addr\fP
-.TP
-\fB\-\-to\fP \fIto-addr\fP
-Create an ipportiphash set from the specified address range.
-.TP
-\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
-Create an ipportiphash set from the specified network.
-.TP
-\fB\-\-hashsize\fP \fIhashsize\fP
-The initial hash size (default 1024)
-.TP
-\fB\-\-probes\fP \fIprobes\fP
-How many times try to resolve clashing at adding an IP to the hash
-by double-hashing (default 8).
-.TP
-\fB\-\-resize\fP \fIpercent\fP
-Increase the hash size by this many percent (default 50) when adding
-an IP to the hash could not be performed after
-\fIprobes\fP
-number of double-hashing.
-.P
-The same resizing, speed and memory efficiency comments applies here
-as at the iphash type.
-.SS ipportnethash
-The ipportnethash set type uses a hash to store IP address, port, and
-network address triples. The IP address must come form a maximum /16
-sized network or range while the port number and the network address
-parameters are arbitrary, but the size of the network address must be
-between /1-/31. When adding, deleting
-and testing values in an ipportnethash type of set, the entries must be
-specified as
-"\fIaddress\fP\fB,\fP\fIport\fP\fB,\fP\fIaddress\fP\fB/\fP\fIprefixlen\fP".
-.P
-The ipportnethash types of sets evaluates three src/dst parameters of the
-"set"
-match and
-"SET"
-target.
-.P
-Options to use when creating an ipportnethash set:
-.TP
-\fB\-\-from\fP \fIfrom-address\fP
-.TP
-\fB\-\-to\fP \fIto-address\fP
-Create an ipporthash set from the specified range.
-.TP
-\fB\-\-network\fP \fIaddress\fP\fB/\fP\fImask\fP
-Create an ipporthash set from the specified network.
-.TP
-\fB\-\-hashsize\fP \fIhashsize\fP
-The initial hash size (default 1024)
-.TP
-\fB\-\-probes\fP \fIprobes\fP
-How many times try to resolve clashing at adding an IP to the hash
-by double-hashing (default 8).
-.TP
-\fB\-\-resize\fP \fIpercent\fP
-Increase the hash size by this many percent (default 50) when adding
-an IP to the hash could not be performed after
-\fIprobes\fP
-number of double-hashing.
-.P
-The same resizing, speed and memory efficiency comments applies here
-as at the iphash type.
-.SS iptree
-The iptree set type uses a tree to store IP addresses, optionally
-with timeout values.
-.P
-Options to use when creating an iptree set:
-.TP
-\fB\-\-timeout\fP \fIvalue\fP
-The timeout value for the entries in seconds (default 0)
-.P
-If a set was created with a nonzero valued
-\fB\-\-timeout\fP
-parameter then one may add IP addresses to the set with a specific
-timeout value using the syntax
-"\fIaddress\fP\fB,\fP\fItimeout-value\fP".
-Similarly to the hash types, the iptree type of sets can store up to 65536
-entries.
-.SS iptreemap
-The iptreemap set type uses a tree to store IP addresses or networks,
-where the last octet of an IP address are stored in a bitmap.
-As input entry, you can add IP addresses, CIDR blocks or network ranges
-to the set. Network ranges can be specified in the format
-"\fIaddress1\fP\fB-\fP\fIaddress2\fP".
-.P
-Options to use when creating an iptreemap set:
-.TP
-\fB\-\-gc\fP \fIvalue\fP
-How often the garbage collection should be called, in seconds (default 300)
-.SS setlist
-The setlist type uses a simple list in which you can store sets. By the
-ipset
-command you can add, delete and test sets in a setlist type of set.
-You can specify the sets as
-"\fIsetname\fP[\fB,\fP{\fBafter\fP|\fBbefore\fP},\fIsetname\fP]".
-By default new sets are added after (appended to) the existing
-elements. Setlist type of sets cannot be added to a setlist type of set.
-.P
-Options to use when creating a setlist type of set:
-.TP
-\fB\-\-size\fP \fIsize\fP
-Create a setlist type of set with the given size (default 8).
-.PP
-By the
-"set"
-match or
-"SET"
-target of
-\fBiptables\fP(8)
-you can test, add or delete entries in the sets. The match
-will try to find a matching IP address/port in the sets and
-the target will try to add the IP address/port to the first set
-to which it can be added. The number of src,dst options of
-the match and target are important: sets which eats more src,dst
-parameters than specified are skipped, while sets with equal
-or less parameters are checked, elements added. For example
-if
-.I
-a
-and
-.I
-b
-are setlist type of sets then in the command
-.IP
-iptables \-m set \-\-match\-set a src,dst \-j SET \-\-add-set b src,dst
-.PP
-the match and target will skip any set in
-.I a
-and
-.I b
-which stores
-data triples, but will check all sets with single or double
-data storage in
-.I a
-set and add src to the first single or src,dst to the first double
-data storage set in
-\fIb\fP.
-You can imagine a setlist type of set as an ordered union of
-the set elements.
-.P
-Please note: by the ipset command you can add, delete and
-.B test
-the setnames in a setlist type of set, and not the presence of
-a set's member (such as an IP address).
-.SH GENERAL RESTRICTIONS
-Setnames starting with colon (:) cannot be defined. Zero valued set
-entries cannot be used with hash type of sets.
-.SH COMMENTS
-If you want to store same size subnets from a given network
-(say /24 blocks from a /8 network), use the ipmap set type.
-If you want to store random same size networks (say random /24 blocks),
-use the iphash set type. If you have got random size of netblocks,
-use nethash.
-.P
-Old separator tokens (':' and '%") are still accepted.
-.P
-Binding support is removed.
-.SH DIAGNOSTICS
-Various error messages are printed to standard error. The exit code
-is 0 for correct functioning. Errors which appear to be caused by
-invalid or abused command line parameters cause an exit code of 2, and
-other errors cause an exit code of 1.
-.SH BUGS
-Bugs? No, just funny features. :-)
-OK, just kidding...
-.SH SEE ALSO
-.BR iptables (8),
-.SH AUTHORS
-Jozsef Kadlecsik wrote ipset, which is based on ippool by
-Joakim Axelsson, Patrick Schaaf and Martin Josefsson.
-.P
-Sven Wegener wrote the iptreemap type.
-.SH LAST REMARK
-.BR "I stand on the shoulders of giants."
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset.c
^
|
@@ -1,2056 +0,0 @@
-/* Copyright 2000-2002 Joakim Axelsson (gozem@linux.nu)
- * Patrick Schaaf (bof@bof.de)
- * Copyright 2003-2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <stdio.h> /* *printf, perror, sscanf, fdopen */
-#include <string.h> /* mem*, str* */
-#include <errno.h> /* errno, perror */
-#include <time.h> /* time, ctime */
-#include <netdb.h> /* gethostby*, getnetby*, getservby* */
-#include <stdlib.h> /* exit, malloc, free, strtol, getenv, mkstemp */
-#include <unistd.h> /* read, close, fork, exec*, unlink */
-#include <sys/types.h> /* open, wait, socket, *sockopt, umask */
-#include <sys/stat.h> /* open, umask */
-#include <sys/wait.h> /* wait */
-#include <sys/socket.h> /* socket, *sockopt, gethostby*, inet_* */
-#include <netinet/in.h> /* inet_* */
-#include <fcntl.h> /* open */
-#include <arpa/inet.h> /* htonl, inet_* */
-#include <stdarg.h> /* va_* */
-#include <dlfcn.h> /* dlopen */
-
-#include "ipset.h"
-
-#ifndef PROC_SYS_MODPROBE
-#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
-#endif
-
-#define IPSET_VERSION "4.5"
-
-char program_name[] = "ipset";
-char program_version[] = IPSET_VERSION;
-static int protocol_version = 0;
-
-#define STREQ(a,b) (strncmp(a,b,IP_SET_MAXNAMELEN) == 0)
-#define DONT_ALIGN (protocol_version == IP_SET_PROTOCOL_UNALIGNED)
-#define ALIGNED(len) IPSET_VALIGN(len, DONT_ALIGN)
-
-/* The list of loaded set types */
-static struct settype *all_settypes = NULL;
-
-/* Array of sets */
-struct set **set_list = NULL;
-ip_set_id_t max_sets = 0;
-
-/* Suppress output to stdout and stderr? */
-static int option_quiet = 0;
-
-/* Data for restore mode */
-static int restore = 0;
-void *restore_data = NULL;
-struct ip_set_restore *restore_set = NULL;
-size_t restore_offset = 0;
-socklen_t restore_size;
-unsigned restore_line = 0;
-unsigned warn_once = 0;
-
-#define TEMPFILE_PATTERN "/ipsetXXXXXX"
-
-#ifdef IPSET_DEBUG
-int option_debug = 0;
-#endif
-
-#define OPTION_OFFSET 256
-static unsigned int global_option_offset = 0;
-
-/* Most of these command parsing functions are borrowed from iptables.c */
-
-static const char cmdflags[] = { ' ', /* CMD_NONE */
- 'N', 'X', 'F', 'E', 'W', 'L', 'S', 'R',
- 'A', 'D', 'T', 'H', 'V',
-};
-
-/* Options */
-#define OPT_NONE 0x0000U
-#define OPT_NUMERIC 0x0001U /* -n */
-#define OPT_SORTED 0x0002U /* -s */
-#define OPT_QUIET 0x0004U /* -q */
-#define OPT_DEBUG 0x0008U /* -z */
-#define OPT_RESOLVE 0x0020U /* -r */
-#define NUMBER_OF_OPT 5
-static const char optflags[] =
- { 'n', 's', 'q', 'z', 'r' };
-
-static struct option opts_long[] = {
- /* set operations */
- {"create", 1, 0, 'N'},
- {"destroy", 2, 0, 'X'},
- {"flush", 2, 0, 'F'},
- {"rename", 1, 0, 'E'},
- {"swap", 1, 0, 'W'},
- {"list", 2, 0, 'L'},
-
- {"save", 2, 0, 'S'},
- {"restore", 0, 0, 'R'},
-
- /* ip in set operations */
- {"add", 1, 0, 'A'},
- {"del", 1, 0, 'D'},
- {"test", 1, 0, 'T'},
-
- /* free options */
- {"numeric", 0, 0, 'n'},
- {"sorted", 0, 0, 's'},
- {"quiet", 0, 0, 'q'},
- {"resolve", 0, 0, 'r'},
-
-#ifdef IPSET_DEBUG
- /* debug (if compiled with it) */
- {"debug", 0, 0, 'z'},
-#endif
-
- /* version and help */
- {"version", 0, 0, 'V'},
- {"help", 2, 0, 'H'},
-
- /* end */
- {NULL},
-};
-
-static char opts_short[] =
- "-N:X::F::E:W:L::S::RA:D:T:nrsqzvVh::H::";
-
-/* Table of legal combinations of commands and options. If any of the
- * given commands make an option legal, that option is legal.
- * Key:
- * + compulsory
- * x illegal
- * optional
- */
-
-static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = {
- /* -n -s -q -z -r */
- /*CREATE*/ {'x', 'x', ' ', ' ', 'x'},
- /*DESTROY*/ {'x', 'x', ' ', ' ', 'x'},
- /*FLUSH*/ {'x', 'x', ' ', ' ', 'x'},
- /*RENAME*/ {'x', 'x', ' ', ' ', 'x'},
- /*SWAP*/ {'x', 'x', ' ', ' ', 'x'},
- /*LIST*/ {' ', ' ', 'x', ' ', ' '},
- /*SAVE*/ {'x', 'x', ' ', ' ', 'x'},
- /*RESTORE*/ {'x', 'x', ' ', ' ', 'x'},
- /*ADD*/ {'x', 'x', ' ', ' ', 'x'},
- /*DEL*/ {'x', 'x', ' ', ' ', 'x'},
- /*TEST*/ {'x', 'x', ' ', ' ', 'x'},
- /*HELP*/ {'x', 'x', 'x', ' ', 'x'},
- /*VERSION*/ {'x', 'x', 'x', ' ', 'x'},
-};
-
-/* Main parser function */
-int parse_commandline(int argc, char *argv[]);
-
-static void exit_tryhelp(int status)
-{
- fprintf(stderr,
- "Try `%s -H' or '%s --help' for more information.\n",
- program_name, program_name);
- exit(status);
-}
-
-void exit_error(int status, const char *msg, ...)
-{
- if (!option_quiet) {
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s: ", program_name, program_version);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (restore_line)
- fprintf(stderr, "Restore failed at line %u:\n", restore_line);
- if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps %s or your kernel needs to be upgraded.\n",
- program_name);
- }
-
- exit(status);
-}
-
-static void ipset_printf(const char *msg, ...)
-{
- if (!option_quiet) {
- va_list args;
-
- va_start(args, msg);
- vfprintf(stdout, msg, args);
- va_end(args);
- fprintf(stdout, "\n");
- }
-}
-
-static void generic_opt_check(int command, unsigned int options)
-{
- int i, j, legal = 0;
-
- /* Check that commands are valid with options. Complicated by the
- * fact that if an option is legal with *any* command given, it is
- * legal overall (ie. -z and -l).
- */
- for (i = 0; i < NUMBER_OF_OPT; i++) {
- legal = 0; /* -1 => illegal, 1 => legal, 0 => undecided. */
-
- for (j = 1; j <= NUMBER_OF_CMD; j++) {
- if (command != j)
- continue;
-
- if (!(options & (1 << i))) {
- if (commands_v_options[j-1][i] == '+')
- exit_error(PARAMETER_PROBLEM,
- "You need to supply the `-%c' "
- "option for this command\n",
- optflags[i]);
- } else {
- if (commands_v_options[j-1][i] != 'x')
- legal = 1;
- else if (legal == 0)
- legal = -1;
- }
- }
- if (legal == -1)
- exit_error(PARAMETER_PROBLEM,
- "Illegal option `-%c' with this command\n",
- optflags[i]);
- }
-}
-
-static char opt2char(unsigned int option)
-{
- const char *ptr;
- for (ptr = optflags; option > 1; option >>= 1, ptr++);
-
- return *ptr;
-}
-
-static char cmd2char(int cmd)
-{
- if (cmd <= CMD_NONE || cmd > NUMBER_OF_CMD)
- return ' ';
-
- return cmdflags[cmd];
-}
-
-/* From iptables.c ... */
-static char *get_modprobe(void)
-{
- int procfile;
- char *ret;
-
-#define PROCFILE_BUFSIZ 1024
- procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
- if (procfile < 0)
- return NULL;
-
- ret = (char *) malloc(PROCFILE_BUFSIZ);
- if (ret) {
- memset(ret, 0, PROCFILE_BUFSIZ);
- switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
- case -1: goto fail;
- case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */
- default: ; /* nothing */
- }
- if (ret[strlen(ret)-1]=='\n')
- ret[strlen(ret)-1]=0;
- close(procfile);
- return ret;
- }
- fail:
- free(ret);
- close(procfile);
- return NULL;
-}
-
-static int ipset_insmod(const char *modname, const char *modprobe)
-{
- char *buf = NULL;
- char *argv[3];
- struct stat junk;
- int status;
-
- if (!stat(modprobe, &junk)) {
- /* Try to read out of the kernel */
- buf = get_modprobe();
- if (!buf)
- return -1;
- modprobe = buf;
- }
-
- switch (fork()) {
- case 0:
- argv[0] = (char *) modprobe;
- argv[1] = (char *) modname;
- argv[2] = NULL;
- execv(argv[0], argv);
-
- /* Should not reach */
- exit(1);
- case -1:
- return -1;
-
- default: /* parent */
- wait(&status);
- }
-
- free(buf);
-
- if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
- return 0;
- return -1;
-}
-
-static int kernel_getsocket(void)
-{
- int sockfd = -1;
-
- sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
- if (sockfd < 0)
- exit_error(OTHER_PROBLEM,
- "You need to be root to perform this command.");
-
- return sockfd;
-}
-
-static void kernel_error(unsigned cmd, int err)
-{
- unsigned int i;
- struct translate_error {
- int err;
- unsigned cmd;
- const char *message;
- } table[] =
- { /* Generic error codes */
- { EPERM, 0, "Missing capability" },
- { EBADF, 0, "Invalid socket option" },
- { EINVAL, 0, "Size mismatch for expected socket data" },
- { ENOMEM, 0, "Not enough memory" },
- { EFAULT, 0, "Failed to copy data" },
- { EPROTO, 0, "ipset kernel/userspace version mismatch" },
- { EBADMSG, 0, "Unknown command" },
- /* Per command error codes */
- /* Reserved ones for add/del/test to handle internally:
- * EEXIST
- */
- { ENOENT, CMD_CREATE, "Unknown set type" },
- { ENOENT, 0, "Unknown set" },
- { EAGAIN, 0, "Sets are busy, try again later" },
- { ERANGE, CMD_CREATE, "No free slot remained to add a new set" },
- { ERANGE, 0, "IP/port/element is outside of the set or set is full" },
- { ENOEXEC, CMD_CREATE, "Invalid parameters to create a set" },
- { ENOEXEC, CMD_SWAP, "Sets with different types cannot be swapped" },
- { EEXIST, CMD_CREATE, "Set already exists" },
- { EEXIST, CMD_RENAME, "Set with new name already exists" },
- { EEXIST, 0, "Set specified as element does not exist" },
- { EBUSY, 0, "Set is in use, operation not permitted" },
- };
- for (i = 0; i < sizeof(table)/sizeof(struct translate_error); i++) {
- if ((table[i].cmd == cmd || table[i].cmd == 0)
- && table[i].err == err)
- exit_error(err == EPROTO ? VERSION_PROBLEM
- : OTHER_PROBLEM,
- table[i].message);
- }
- exit_error(OTHER_PROBLEM, "Error from kernel: %s", strerror(err));
-}
-
-static inline int wrapped_getsockopt(void *data, socklen_t *size)
-{
- int res;
- int sockfd = kernel_getsocket();
-
- /* Send! */
- res = getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
- if (res != 0
- && errno == ENOPROTOOPT
- && ipset_insmod("ip_set", "/sbin/modprobe") == 0)
- res = getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
- DP("res=%d errno=%d", res, errno);
-
- return res;
-}
-
-static inline int wrapped_setsockopt(void *data, socklen_t size)
-{
- int res;
- int sockfd = kernel_getsocket();
-
- /* Send! */
- res = setsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
- if (res != 0
- && errno == ENOPROTOOPT
- && ipset_insmod("ip_set", "/sbin/modprobe") == 0)
- res = setsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
- DP("res=%d errno=%d", res, errno);
-
- return res;
-}
-
-static void kernel_getfrom(unsigned cmd, void *data, socklen_t * size)
-{
- int res = wrapped_getsockopt(data, size);
-
- if (res != 0)
- kernel_error(cmd, errno);
-}
-
-static int kernel_sendto_handleerrno(unsigned cmd,
- void *data, socklen_t size)
-{
- int res = wrapped_setsockopt(data, size);
-
- if (res != 0) {
- if (errno == EEXIST)
- return -1;
- else
- kernel_error(cmd, errno);
- }
-
- return 0; /* all ok */
-}
-
-static void kernel_sendto(unsigned cmd, void *data, size_t size)
-{
- int res = wrapped_setsockopt(data, size);
-
- if (res != 0)
- kernel_error(cmd, errno);
-}
-
-static int kernel_getfrom_handleerrno(unsigned cmd, void *data, socklen_t *size)
-{
- int res = wrapped_getsockopt(data, size);
-
- if (res != 0) {
- if (errno == EAGAIN)
- return -1;
- else
- kernel_error(cmd, errno);
- }
-
- return 0; /* all ok */
-}
-
-static void check_protocolversion(void)
-{
- struct ip_set_req_version req_version;
- socklen_t size = sizeof(struct ip_set_req_version);
- int res;
-
- if (protocol_version)
- return;
-
- req_version.op = IP_SET_OP_VERSION;
- res = wrapped_getsockopt(&req_version, &size);
-
- if (res != 0)
- exit_error(OTHER_PROBLEM,
- "Couldn't verify kernel module version!");
-
- if (!(req_version.version == IP_SET_PROTOCOL_VERSION
- || req_version.version == IP_SET_PROTOCOL_UNALIGNED))
- exit_error(OTHER_PROBLEM,
- "Kernel ip_set module is of protocol version %u."
- "I'm of protocol version %u.\n"
- "Please upgrade your kernel and/or ipset(8) utillity.",
- req_version.version, IP_SET_PROTOCOL_VERSION);
- protocol_version = req_version.version;
-}
-
-static void set_command(int *cmd, int newcmd)
-{
- if (*cmd != CMD_NONE)
- exit_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
- cmd2char(*cmd), cmd2char(newcmd));
- *cmd = newcmd;
-}
-
-static void add_option(unsigned int *options, unsigned int option)
-{
- if (*options & option)
- exit_error(PARAMETER_PROBLEM,
- "multiple -%c flags not allowed",
- opt2char(option));
- *options |= option;
-}
-
-void *ipset_malloc(size_t size)
-{
- void *p;
-
- if (size == 0)
- return NULL;
-
- if ((p = malloc(size)) == NULL) {
- perror("ipset: not enough memory");
- exit(1);
- }
- return p;
-}
-
-char *ipset_strdup(const char *s)
-{
- char *p;
-
- if ((p = strdup(s)) == NULL) {
- perror("ipset: not enough memory");
- exit(1);
- }
- return p;
-}
-
-void ipset_free(void *data)
-{
- if (data == NULL)
- return;
-
- free(data);
-}
-
-static struct option *merge_options(struct option *oldopts,
- const struct option *newopts,
- int *option_offset)
-{
- unsigned int num_old, num_new, i;
- struct option *merge;
-
- for (num_old = 0; oldopts[num_old].name; num_old++);
- for (num_new = 0; newopts[num_new].name; num_new++);
-
- global_option_offset += OPTION_OFFSET;
- *option_offset = global_option_offset;
-
- merge = ipset_malloc(sizeof(struct option) * (num_new + num_old + 1));
- memcpy(merge, oldopts, num_old * sizeof(struct option));
- for (i = 0; i < num_new; i++) {
- merge[num_old + i] = newopts[i];
- merge[num_old + i].val += *option_offset;
- }
- memset(merge + num_old + num_new, 0, sizeof(struct option));
-
- return merge;
-}
-
-static char *ip_tohost(const struct in_addr *addr)
-{
- struct hostent *host;
-
- if ((host = gethostbyaddr((char *) addr,
- sizeof(struct in_addr),
- AF_INET)) != NULL) {
- DP("%s", host->h_name);
- return (char *) host->h_name;
- }
-
- return (char *) NULL;
-}
-
-static char *ip_tonetwork(const struct in_addr *addr)
-{
- struct netent *net;
-
- if ((net = getnetbyaddr(ntohl(addr->s_addr),
- AF_INET)) != NULL) {
- DP("%s", net->n_name);
- return (char *) net->n_name;
- }
-
- return (char *) NULL;
-}
-
-/* Return a string representation of an IP address.
- * Please notice that a pointer to static char* area is returned.
- */
-char *ip_tostring(ip_set_ip_t ip, unsigned options)
-{
- struct in_addr addr;
- addr.s_addr = htonl(ip);
-
- if (!(options & OPT_NUMERIC)) {
- char *name;
- if ((name = ip_tohost(&addr)) != NULL ||
- (name = ip_tonetwork(&addr)) != NULL)
- return name;
- }
-
- return inet_ntoa(addr);
-}
-
-char *ip_tostring_numeric(ip_set_ip_t ip)
-{
- return ip_tostring(ip, OPT_NUMERIC);
-}
-
-/* Fills the 'ip' with the parsed ip or host in host byte order */
-void parse_ip(const char *str, ip_set_ip_t * ip)
-{
- struct hostent *host;
- struct in_addr addr;
-
- DP("%s", str);
-
- if (inet_aton(str, &addr) != 0) {
- *ip = ntohl(addr.s_addr); /* We want host byte order */
- return;
- }
-
- host = gethostbyname(str);
- if (host != NULL) {
- if (host->h_addrtype != AF_INET ||
- host->h_length != sizeof(struct in_addr))
- exit_error(PARAMETER_PROBLEM,
- "host/network `%s' not an internet name",
- str);
- if (host->h_addr_list[1] != 0)
- exit_error(PARAMETER_PROBLEM,
- "host/network `%s' resolves to serveral ip-addresses. "
- "Please specify one.", str);
-
- memcpy(&addr, host->h_addr_list[0], sizeof(struct in_addr));
- *ip = ntohl(addr.s_addr);
- return;
- }
-
- exit_error(PARAMETER_PROBLEM, "host/network `%s' not found", str);
-}
-
-/* Fills 'mask' with the parsed mask in host byte order */
-void parse_mask(const char *str, ip_set_ip_t * mask)
-{
- struct in_addr addr;
- int bits;
-
- DP("%s", str);
-
- if (str == NULL) {
- /* no mask at all defaults to 32 bits */
- *mask = 0xFFFFFFFF;
- return;
- }
- if (strchr(str, '.') && inet_aton(str, &addr) != 0) {
- *mask = ntohl(addr.s_addr); /* We want host byte order */
- return;
- }
- if (sscanf(str, "%d", &bits) != 1 || bits < 0 || bits > 32)
- exit_error(PARAMETER_PROBLEM,
- "invalid mask `%s' specified", str);
-
- DP("bits: %d", bits);
-
- *mask = bits != 0 ? 0xFFFFFFFF << (32 - bits) : 0L;
-}
-
-/* Combines parse_ip and parse_mask */
-void
-parse_ipandmask(const char *str, ip_set_ip_t * ip, ip_set_ip_t * mask)
-{
- char buf[256];
- char *p;
-
- strncpy(buf, str, sizeof(buf) - 1);
- buf[255] = '\0';
-
- if ((p = strrchr(buf, '/')) != NULL) {
- *p = '\0';
- parse_mask(p + 1, mask);
- } else
- parse_mask(NULL, mask);
-
- /* if a null mask is given, the name is ignored, like in "any/0" */
- if (*mask == 0U)
- *ip = 0U;
- else
- parse_ip(buf, ip);
-
- DP("%s ip: %08X (%s) mask: %08X",
- str, *ip, ip_tostring_numeric(*ip), *mask);
-
- /* Apply the netmask */
- *ip &= *mask;
-
- DP("%s ip: %08X (%s) mask: %08X",
- str, *ip, ip_tostring_numeric(*ip), *mask);
-}
-
-/* Return a string representation of a port
- * Please notice that a pointer to static char* area is returned
- * and we assume TCP protocol.
- */
-char *port_tostring(ip_set_ip_t port, unsigned options)
-{
- struct servent *service;
- static char name[] = "65535";
-
- if (!(options & OPT_NUMERIC)) {
- if ((service = getservbyport(htons(port), "tcp")))
- return service->s_name;
- }
- sprintf(name, "%u", port);
- return name;
-}
-
-int
-string_to_number(const char *str, unsigned int min, unsigned int max,
- ip_set_ip_t *port)
-{
- unsigned long number;
- char *end;
-
- /* Handle hex, octal, etc. */
- errno = 0;
- number = strtoul(str, &end, 0);
- if (*end == '\0' && end != str) {
- /* we parsed a number, let's see if we want this */
- if (errno != ERANGE && min <= number && number <= max) {
- *port = number;
- return 0;
- }
- }
- return -1;
-}
-
-static int
-string_to_port(const char *str, ip_set_ip_t *port)
-{
- struct servent *service;
-
- if ((service = getservbyname(str, "tcp")) != NULL) {
- *port = ntohs((uint16_t) service->s_port);
- return 0;
- }
- return -1;
-}
-
-/* Fills the 'ip' with the parsed port in host byte order */
-void parse_port(const char *str, ip_set_ip_t *port)
-{
- if ((string_to_number(str, 0, 65535, port) != 0)
- && (string_to_port(str, port) != 0))
- exit_error(PARAMETER_PROBLEM,
- "Invalid TCP port `%s' specified", str);
-}
-
-/*
- * Settype functions
- */
-static struct settype *settype_find(const char *typename)
-{
- struct settype *runner = all_settypes;
-
- DP("%s", typename);
-
- while (runner != NULL) {
- if (STREQ(runner->typename, typename))
- return runner;
-
- runner = runner->next;
- }
-
- return NULL; /* not found */
-}
-
-static struct settype *settype_load(const char *typename)
-{
- char path[sizeof(IPSET_LIB_DIR) + sizeof(IPSET_LIB_NAME) +
- strlen(typename)];
- struct settype *settype;
-
- /* do some search in list */
- settype = settype_find(typename);
- if (settype != NULL)
- return settype; /* found */
-
- /* Else we have to load it */
- sprintf(path, IPSET_LIB_DIR IPSET_LIB_NAME, typename);
-
- if (dlopen(path, RTLD_NOW)) {
- /* Found library. */
-
- settype = settype_find(typename);
-
- if (settype != NULL)
- return settype;
- }
-
- /* Can't load the settype */
- exit_error(PARAMETER_PROBLEM,
- "Couldn't load settype `%s':%s\n",
- typename, dlerror());
-
- return NULL; /* Never executed, but keep compilers happy */
-}
-
-static char *check_set_name(char *setname)
-{
- if (strlen(setname) > IP_SET_MAXNAMELEN - 1)
- exit_error(PARAMETER_PROBLEM,
- "Setname '%s' too long, max %d characters.",
- setname, IP_SET_MAXNAMELEN - 1);
-
- return setname;
-}
-
-static struct settype *check_set_typename(const char *typename)
-{
- if (strlen(typename) > IP_SET_MAXNAMELEN - 1)
- exit_error(PARAMETER_PROBLEM,
- "Typename '%s' too long, max %d characters.",
- typename, IP_SET_MAXNAMELEN - 1);
-
- return settype_load(typename);
-}
-
-#define MAX(a,b) ((a) > (b) ? (a) : (b))
-
-/* Register a new set type */
-void settype_register(struct settype *settype)
-{
- struct settype *chk;
- size_t size;
-
- DP("%s", settype->typename);
-
- /* Check if this typename already exists */
- chk = settype_find(settype->typename);
-
- if (chk != NULL)
- exit_error(OTHER_PROBLEM,
- "Set type '%s' already registered!\n",
- settype->typename);
-
- /* Check version */
- if (settype->protocol_version != IP_SET_PROTOCOL_VERSION)
- exit_error(OTHER_PROBLEM,
- "Set type %s is of wrong protocol version %u!"
- " I'm of version %u.\n", settype->typename,
- settype->protocol_version,
- IP_SET_PROTOCOL_VERSION);
-
- /* Initialize internal data */
- settype->header = ipset_malloc(settype->header_size);
- size = MAX(settype->create_size, settype->adt_size);
- settype->data = ipset_malloc(size);
-
- /* Insert first */
- settype->next = all_settypes;
- all_settypes = settype;
-
- DP("%s registered", settype->typename);
-}
-
-/* Find set functions */
-struct set *set_find_byid(ip_set_id_t id)
-{
- struct set *set = NULL;
- ip_set_id_t i;
-
- for (i = 0; i < max_sets; i++)
- if (set_list[i] && set_list[i]->id == id) {
- set = set_list[i];
- break;
- }
-
- if (set == NULL)
- exit_error(PARAMETER_PROBLEM,
- "Set identified by id %u is not found", id);
- return set;
-}
-
-struct set *set_find_byname(const char *name)
-{
- struct set *set = NULL;
- ip_set_id_t i;
-
- for (i = 0; i < max_sets; i++)
- if (set_list[i] != NULL && STREQ(set_list[i]->name, name)) {
- set = set_list[i];
- break;
- }
- if (set == NULL)
- exit_error(PARAMETER_PROBLEM,
- "Set %s is not found", name);
- return set;
-}
-
-static ip_set_id_t set_find_free_index(const char *name)
-{
- ip_set_id_t i, idx = IP_SET_INVALID_ID;
-
- for (i = 0; i < max_sets; i++) {
- if (idx == IP_SET_INVALID_ID
- && set_list[i] == NULL)
- idx = i;
- if (set_list[i] != NULL && STREQ(set_list[i]->name, name))
- exit_error(PARAMETER_PROBLEM,
- "Set %s is already defined, cannot be restored",
- name);
- }
-
- if (idx == IP_SET_INVALID_ID)
- exit_error(PARAMETER_PROBLEM,
- "Set %s cannot be restored, "
- "max number of set %u reached",
- name, max_sets);
-
- return idx;
-}
-
-/*
- * Send create set order to kernel
- */
-static void set_create(const char *name, struct settype *settype)
-{
- struct ip_set_req_create req_create;
- size_t size;
- void *data;
-
- DP("%s %s", name, settype->typename);
-
- req_create.op = IP_SET_OP_CREATE;
- req_create.version = protocol_version;
- strcpy(req_create.name, name);
- strcpy(req_create.typename, settype->typename);
-
- /* Final checks */
- settype->create_final(settype->data, settype->flags);
-
- /* Alloc memory for the data to send */
- size = sizeof(struct ip_set_req_create) + settype->create_size;
- data = ipset_malloc(size);
-
- /* Add up ip_set_req_create and the settype data */
- memcpy(data, &req_create, sizeof(struct ip_set_req_create));
- memcpy(data + sizeof(struct ip_set_req_create),
- settype->data, settype->create_size);
-
- kernel_sendto(CMD_CREATE, data, size);
- free(data);
-}
-
-static void set_restore_create(const char *name, struct settype *settype)
-{
- struct set *set;
-
- DP("%s %s %zu %zu %u %u", name, settype->typename,
- restore_offset, sizeof(struct ip_set_restore),
- settype->create_size, restore_size);
-
- /* Sanity checking */
- if (restore_offset
- + ALIGNED(sizeof(struct ip_set_restore))
- + ALIGNED(settype->create_size) > restore_size)
- exit_error(PARAMETER_PROBLEM,
- "Giving up, restore file is screwed up!");
-
- /* Final checks */
- settype->create_final(settype->data, settype->flags);
-
- /* Fill out restore_data */
- restore_set = (struct ip_set_restore *)
- (restore_data + restore_offset);
- strcpy(restore_set->name, name);
- strcpy(restore_set->typename, settype->typename);
- restore_set->index = set_find_free_index(name);
- restore_set->header_size = settype->create_size;
- restore_set->members_size = 0;
-
- DP("name %s, restore index %u", restore_set->name, restore_set->index);
- /* Add settype data */
-
- restore_offset += ALIGNED(sizeof(struct ip_set_restore));
- memcpy(restore_data + restore_offset, settype->data, settype->create_size);
-
- restore_offset += ALIGNED(settype->create_size);
- DP("restore_offset: %zu", restore_offset);
-
- /* Add set to set_list */
- set = ipset_malloc(sizeof(struct set));
- strcpy(set->name, name);
- set->settype = settype;
- set->index = restore_set->index;
- set_list[restore_set->index] = set;
-}
-
-/*
- * Send destroy/flush order to kernel for one or all sets
- */
-static void set_destroy(const char *name, unsigned op, unsigned cmd)
-{
- struct ip_set_req_std req;
-
- DP("%s %s", cmd == CMD_DESTROY ? "destroy" : "flush", name);
-
- req.op = op;
- req.version = protocol_version;
- strcpy(req.name, name);
-
- kernel_sendto(cmd, &req, sizeof(struct ip_set_req_std));
-}
-
-/*
- * Send rename/swap order to kernel
- */
-static void set_rename(const char *name, const char *newname,
- unsigned op, unsigned cmd)
-{
- struct ip_set_req_create req;
-
- DP("%s %s %s", cmd == CMD_RENAME ? "rename" : "swap",
- name, newname);
-
- req.op = op;
- req.version = protocol_version;
- strcpy(req.name, name);
- strcpy(req.typename, newname);
-
- kernel_sendto(cmd, &req,
- sizeof(struct ip_set_req_create));
-}
-
-/*
- * Send MAX_SETS, LIST_SIZE and/or SAVE_SIZE orders to kernel
- */
-static size_t load_set_list(const char name[IP_SET_MAXNAMELEN],
- ip_set_id_t *idx,
- unsigned op, unsigned cmd)
-{
- void *data = NULL;
- struct ip_set_req_max_sets req_max_sets;
- struct ip_set_name_list *name_list;
- struct set *set;
- ip_set_id_t i;
- socklen_t size, req_size;
- int repeated = 0, res = 0;
-
- DP("%s %s", cmd == CMD_MAX_SETS ? "MAX_SETS"
- : cmd == CMD_LIST_SIZE ? "LIST_SIZE"
- : "SAVE_SIZE",
- name);
-
-tryagain:
- if (set_list) {
- for (i = 0; i < max_sets; i++)
- if (set_list[i])
- free(set_list[i]);
- free(set_list);
- set_list = NULL;
- }
- /* Get max_sets */
- req_max_sets.op = IP_SET_OP_MAX_SETS;
- req_max_sets.version = protocol_version;
- strcpy(req_max_sets.set.name, name);
- size = sizeof(req_max_sets);
- kernel_getfrom(CMD_MAX_SETS, &req_max_sets, &size);
-
- DP("got MAX_SETS: sets %d, max_sets %d",
- req_max_sets.sets, req_max_sets.max_sets);
-
- max_sets = req_max_sets.max_sets;
- set_list = ipset_malloc(max_sets * sizeof(struct set *));
- memset(set_list, 0, max_sets * sizeof(struct set *));
- *idx = req_max_sets.set.index;
-
- if (req_max_sets.sets == 0)
- /* No sets in kernel */
- return 0;
-
- /* Get setnames */
- size = req_size = ALIGNED(sizeof(struct ip_set_req_setnames))
- + req_max_sets.sets * ALIGNED(sizeof(struct ip_set_name_list));
- data = ipset_malloc(size);
- ((struct ip_set_req_setnames *) data)->op = op;
- ((struct ip_set_req_setnames *) data)->index = *idx;
-
- res = kernel_getfrom_handleerrno(cmd, data, &size);
-
- if (res != 0 || size != req_size) {
- free(data);
- if (repeated++ < LIST_TRIES)
- goto tryagain;
- exit_error(OTHER_PROBLEM,
- "Tried to get sets from kernel %d times"
- " and failed. Please try again when the load on"
- " the sets has gone down.", LIST_TRIES);
- }
-
- /* Load in setnames */
- size = ALIGNED(sizeof(struct ip_set_req_setnames));
- while (size + ALIGNED(sizeof(struct ip_set_name_list)) <= req_size) {
- name_list = (struct ip_set_name_list *)
- (data + size);
- set = ipset_malloc(sizeof(struct set));
- strcpy(set->name, name_list->name);
- set->index = name_list->index;
- set->id = name_list->id;
- set->settype = settype_load(name_list->typename);
- set_list[name_list->index] = set;
- DP("loaded %s, type %s, index %u",
- set->name, set->settype->typename, set->index);
- size += ALIGNED(sizeof(struct ip_set_name_list));
- }
- /* Size to get set members */
- size = ((struct ip_set_req_setnames *)data)->size;
- free(data);
-
- return size;
-}
-
-/*
- * Save operation
- */
-static size_t save_set(void *data, size_t offset, size_t len)
-{
- struct ip_set_save *set_save =
- (struct ip_set_save *) (data + offset);
- struct set *set;
- struct settype *settype;
- size_t used;
-
- DP("offset %zu (%zu/%u/%u), len %zu", offset,
- sizeof(struct ip_set_save),
- set_save->header_size, set_save->members_size,
- len);
- if (offset + ALIGNED(sizeof(struct ip_set_save)) > len
- || offset + ALIGNED(sizeof(struct ip_set_save))
- + set_save->header_size + set_save->members_size > len)
- exit_error(OTHER_PROBLEM,
- "Save operation failed, try again later.");
-
- DP("index: %u", set_save->index);
- if (set_save->index == IP_SET_INVALID_ID) {
- /* Marker */
- return ALIGNED(sizeof(struct ip_set_save));
- }
- set = set_list[set_save->index];
- if (!set)
- exit_error(OTHER_PROBLEM,
- "Save set failed, try again later.");
- settype = set->settype;
-
- /* Init set header */
- used = ALIGNED(sizeof(struct ip_set_save));
- settype->initheader(set, data + offset + used);
-
- /* Print create set */
- settype->saveheader(set, OPT_NUMERIC);
-
- /* Print add IPs */
- used += set_save->header_size;
- settype->saveips(set, data + offset + used,
- set_save->members_size, OPT_NUMERIC,
- DONT_ALIGN);
-
- return (used + set_save->members_size);
-}
-
-static int try_save_sets(const char name[IP_SET_MAXNAMELEN])
-{
- void *data = NULL;
- socklen_t size, req_size = 0;
- ip_set_id_t idx;
- int res = 0;
- time_t now = time(NULL);
-
- /* Load set_list from kernel */
- size = load_set_list(name, &idx,
- IP_SET_OP_SAVE_SIZE, CMD_SAVE);
-
- if (size) {
- /* Get sets and print them */
- /* Take into account marker */
- req_size = (size += ALIGNED(sizeof(struct ip_set_save)));
- data = ipset_malloc(size);
- ((struct ip_set_req_list *) data)->op = IP_SET_OP_SAVE;
- ((struct ip_set_req_list *) data)->index = idx;
- res = kernel_getfrom_handleerrno(CMD_SAVE, data, &size);
-
- if (res != 0 || size != req_size) {
- DP("Try again: res: %i, size %u, req_size: %u",
- res, size, req_size);
- free(data);
- return -EAGAIN;
- }
- }
-
- printf("# Generated by ipset %s on %s", IPSET_VERSION, ctime(&now));
- size = 0;
- while (size < req_size) {
- DP("size: %u, req_size: %u", size, req_size);
- size += save_set(data, size, req_size);
- }
- printf("COMMIT\n");
- now = time(NULL);
- printf("# Completed on %s", ctime(&now));
- ipset_free(data);
- return res;
-}
-
-/*
- * Performs a save to stdout
- */
-static void set_save(const char name[IP_SET_MAXNAMELEN])
-{
- int i;
-
- DP("%s", name);
- for (i = 0; i < LIST_TRIES; i++)
- if (try_save_sets(name) == 0)
- return;
-
- if (errno == EAGAIN)
- exit_error(OTHER_PROBLEM,
- "Tried to save sets from kernel %d times"
- " and failed. Please try again when the load on"
- " the sets has gone down.", LIST_TRIES);
- else
- kernel_error(CMD_SAVE, errno);
-}
-
-/*
- * Restore operation
- */
-
-/* global new argv and argc */
-static char *newargv[255];
-static int newargc = 0;
-
-/* Build faked argv from parsed line */
-static void build_argv(unsigned line, char *buffer) {
- char *ptr;
- int i;
-
- /* Reset */
- for (i = 1; i < newargc; i++)
- free(newargv[i]);
- newargc = 1;
-
- ptr = strtok(buffer, " \t\n");
- newargv[newargc++] = ipset_strdup(ptr);
- while ((ptr = strtok(NULL, " \t\n")) != NULL) {
- if ((newargc + 1) < (int)(sizeof(newargv)/sizeof(char *)))
- newargv[newargc++] = ipset_strdup(ptr);
- else
- exit_error(PARAMETER_PROBLEM,
- "Line %d is too long to restore\n", line);
- }
-}
-
-static FILE *create_tempfile(void)
-{
- char buffer[1024], __tmpdir[] = "/tmp";
- char *tmpdir = NULL;
- char *filename;
- int fd;
- FILE *file;
-
- if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP")))
- tmpdir = __tmpdir;
- filename = ipset_malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1);
- strcpy(filename, tmpdir);
- strcat(filename, TEMPFILE_PATTERN);
-
- (void) umask(077); /* Create with restrictive permissions */
- fd = mkstemp(filename);
- if (fd == -1)
- exit_error(OTHER_PROBLEM, "Could not create temporary file.");
- if (!(file = fdopen(fd, "r+")))
- exit_error(OTHER_PROBLEM, "Could not open temporary file.");
- if (unlink(filename) == -1)
- exit_error(OTHER_PROBLEM, "Could not unlink temporary file.");
- free(filename);
-
- while (fgets(buffer, sizeof(buffer), stdin)) {
- fputs(buffer, file);
- }
- fseek(file, 0L, SEEK_SET);
-
- return file;
-}
-
-/*
- * Performs a restore from a file
- */
-static void set_restore(char *argv0)
-{
- char buffer[1024];
- char *ptr, *name = NULL;
- char cmd = ' ';
- int first_pass, i;
- struct settype *settype = NULL;
- struct ip_set_req_setnames *header;
- ip_set_id_t idx;
- FILE *in;
- int res;
-
- /* Create and store stdin in temporary file */
- in = create_tempfile();
-
- /* Load existing sets from kernel */
- load_set_list(IPSET_TOKEN_ALL, &idx,
- IP_SET_OP_LIST_SIZE, CMD_RESTORE);
-
- restore_line = 0;
- restore_size = ALIGNED(sizeof(struct ip_set_req_setnames)); /* header */
- DP("restore_size: %u", restore_size);
- /* First pass: calculate required amount of data */
- while (fgets(buffer, sizeof(buffer), in)) {
- restore_line++;
-
- if (buffer[0] == '\n')
- continue;
- else if (buffer[0] == '#')
- continue;
- else if (strcmp(buffer, "COMMIT\n") == 0) {
- /* Enable restore mode */
- restore = 1;
- break;
- }
-
- /* -N, -A or -B */
- ptr = strtok(buffer, " \t\n");
- DP("ptr: %s", ptr);
- if (ptr == NULL
- || ptr[0] != '-'
- || !(ptr[1] == 'N'
- || ptr[1] == 'A'
- || ptr[1] == 'B')
- || ptr[2] != '\0') {
- exit_error(PARAMETER_PROBLEM,
- "Line %u does not start as a valid restore command\n",
- restore_line);
- }
- cmd = ptr[1];
- /* setname */
- ptr = strtok(NULL, " \t\n");
- DP("setname: %s", ptr);
- if (ptr == NULL)
- exit_error(PARAMETER_PROBLEM,
- "Missing set name in line %u\n",
- restore_line);
- DP("cmd %c", cmd);
- switch (cmd) {
- case 'N': {
- name = check_set_name(ptr);
- /* settype */
- ptr = strtok(NULL, " \t\n");
- if (ptr == NULL)
- exit_error(PARAMETER_PROBLEM,
- "Missing settype in line %u\n",
- restore_line);
- settype = check_set_typename(ptr);
- restore_size += ALIGNED(sizeof(struct ip_set_restore))
- + ALIGNED(settype->create_size);
- DP("restore_size (N): %u", restore_size);
- break;
- }
- case 'A': {
- if (name == NULL
- || strncmp(name, ptr, sizeof(name)) != 0)
- exit_error(PARAMETER_PROBLEM,
- "Add IP to set %s in line %u without "
- "preceding corresponding create set line\n",
- ptr, restore_line);
- restore_size += ALIGNED(settype->adt_size);
- DP("restore_size (A): %u", restore_size);
- break;
- }
- default: {
- exit_error(PARAMETER_PROBLEM,
- "Unrecognized restore command in line %u\n",
- restore_line);
- }
- } /* end of switch */
- }
- /* Sanity checking */
- if (!restore)
- exit_error(PARAMETER_PROBLEM,
- "Missing COMMIT line\n");
- restore_size += ALIGNED(sizeof(struct ip_set_restore)); /* marker */
- DP("restore_size: %u", restore_size);
- restore_data = ipset_malloc(restore_size);
- header = (struct ip_set_req_setnames *) restore_data;
- header->op = IP_SET_OP_RESTORE;
- header->size = restore_size;
- restore_offset = ALIGNED(sizeof(struct ip_set_req_setnames));
-
- /* Rewind to scan the file again */
- fseek(in, 0L, SEEK_SET);
- first_pass = restore_line;
- restore_line = 0;
-
- /* Initialize newargv/newargc */
- newargv[newargc++] = ipset_strdup(argv0);
-
- /* Second pass: build up restore request */
- while (fgets(buffer, sizeof(buffer), in)) {
- restore_line++;
-
- if (buffer[0] == '\n')
- continue;
- else if (buffer[0] == '#')
- continue;
- else if (strcmp(buffer, "COMMIT\n") == 0)
- goto do_restore;
- DP("restoring: %s", buffer);
- /* Build faked argv, argc */
- build_argv(restore_line, buffer);
- for (i = 0; i < newargc; i++)
- DP("argv[%u]: %s", i, newargv[i]);
-
- /* Parse line */
- parse_commandline(newargc, newargv);
- }
- exit_error(PARAMETER_PROBLEM,
- "Broken restore file\n");
- do_restore:
- if (restore_size == (restore_offset + ALIGNED(sizeof(struct ip_set_restore)))) {
- /* No bindings */
- struct ip_set_restore *marker =
- (struct ip_set_restore *) (restore_data + restore_offset);
-
- marker->index = IP_SET_INVALID_ID;
- marker->header_size = marker->members_size = 0;
- restore_offset += ALIGNED(sizeof(struct ip_set_restore));
- DP("restore marker, restore_offset: %zu", restore_offset);
- }
- if (restore_size != restore_offset)
- exit_error(PARAMETER_PROBLEM,
- "Giving up, restore file is screwed up!");
- res = kernel_getfrom_handleerrno(CMD_RESTORE, restore_data, &restore_size);
-
- if (res != 0) {
- if (restore_size != sizeof(struct ip_set_req_setnames))
- exit_error(PARAMETER_PROBLEM,
- "Communication with kernel failed (%u %u)!",
- restore_size, sizeof(struct ip_set_req_setnames));
- /* Check errors */
- header = (struct ip_set_req_setnames *) restore_data;
- if (header->size != 0)
- exit_error(PARAMETER_PROBLEM,
- "Committing restoring failed at line %u!",
- header->size);
- }
-}
-
-/*
- * Send ADT_GET order to kernel for a set
- */
-static struct set *set_adt_get(const char *name)
-{
- struct ip_set_req_adt_get req_adt_get;
- struct set *set;
- socklen_t size;
-
- DP("%s", name);
-
- check_protocolversion();
-
- req_adt_get.op = IP_SET_OP_ADT_GET;
- req_adt_get.version = protocol_version;
- strcpy(req_adt_get.set.name, name);
- size = sizeof(struct ip_set_req_adt_get);
-
- kernel_getfrom(CMD_ADT_GET, (void *) &req_adt_get, &size);
-
- set = ipset_malloc(sizeof(struct set));
- strcpy(set->name, name);
- set->index = req_adt_get.set.index;
- set->settype = settype_load(req_adt_get.typename);
-
- return set;
-}
-
-/*
- * Send add/del/test order to kernel for a set
- */
-static int set_adtip(struct set *set, const char *adt,
- unsigned op, unsigned cmd)
-{
- struct ip_set_req_adt *req_adt;
- size_t size;
- void *data;
- int res = 0;
-
- DP("%s -> %s", set->name, adt);
-
- /* Alloc memory for the data to send */
- size = ALIGNED(sizeof(struct ip_set_req_adt)) + set->settype->adt_size ;
- DP("alloc size %zu", size);
- data = ipset_malloc(size);
-
- /* Fill out the request */
- req_adt = (struct ip_set_req_adt *) data;
- req_adt->op = op;
- req_adt->index = set->index;
- memcpy(data + ALIGNED(sizeof(struct ip_set_req_adt)),
- set->settype->data, set->settype->adt_size);
-
- if (kernel_sendto_handleerrno(cmd, data, size) == -1)
- switch (op) {
- case IP_SET_OP_ADD_IP:
- exit_error(OTHER_PROBLEM, "%s is already in set %s.",
- adt, set->name);
- break;
- case IP_SET_OP_DEL_IP:
- exit_error(OTHER_PROBLEM, "%s is not in set %s.",
- adt, set->name);
- break;
- case IP_SET_OP_TEST_IP:
- ipset_printf("%s is in set %s.", adt, set->name);
- res = 0;
- break;
- default:
- break;
- }
- else
- switch (op) {
- case IP_SET_OP_TEST_IP:
- ipset_printf("%s is NOT in set %s.", adt, set->name);
- res = 1;
- break;
- default:
- break;
- }
- free(data);
-
- return res;
-}
-
-static void set_restore_add(struct set *set, const char *adt UNUSED)
-{
- DP("%s %s", set->name, adt);
- /* Sanity checking */
- if (restore_offset + ALIGNED(set->settype->adt_size) > restore_size)
- exit_error(PARAMETER_PROBLEM,
- "Giving up, restore file is screwed up!");
-
- memcpy(restore_data + restore_offset,
- set->settype->data, set->settype->adt_size);
- restore_set->members_size += ALIGNED(set->settype->adt_size);
- restore_offset += ALIGNED(set->settype->adt_size);
-
- DP("restore_offset: %zu", restore_offset);
-}
-
-/*
- * Print operation
- */
-
-/* Help function to set_list() */
-static size_t print_set(void *data, unsigned options)
-{
- struct ip_set_list *setlist = data;
- struct set *set = set_list[setlist->index];
- struct settype *settype = set->settype;
- size_t offset;
-
- /* Pretty print the set */
- DP("header size: %u, members size: %u",
- setlist->header_size, setlist->members_size);
- printf("Name: %s\n", set->name);
- printf("Type: %s\n", settype->typename);
- printf("References: %d\n", setlist->ref);
-
- /* Init header */
- offset = ALIGNED(sizeof(struct ip_set_list));
- settype->initheader(set, data + offset);
-
- /* Pretty print the type header */
- printf("Header:");
- settype->printheader(set, options);
-
- /* Pretty print all IPs */
- printf("Members:\n");
- offset += setlist->header_size;
- DP("Aligned: %u, offset: %zu, members_size %u\n", !DONT_ALIGN, offset,
- setlist->members_size);
- if (options & OPT_SORTED)
- settype->printips_sorted(set, data + offset,
- setlist->members_size, options,
- DONT_ALIGN);
- else
- settype->printips(set, data + offset,
- setlist->members_size, options,
- DONT_ALIGN);
-
- printf("\n"); /* One newline between sets */
-
- return (offset + setlist->members_size);
-}
-
-static int try_list_sets(const char name[IP_SET_MAXNAMELEN],
- unsigned options)
-{
- void *data = NULL;
- ip_set_id_t idx;
- socklen_t size, req_size;
- int res = 0;
-
- /* Default is numeric listing */
- if (!(options & (OPT_RESOLVE|OPT_NUMERIC)))
- options |= OPT_NUMERIC;
-
- DP("%s", name);
- /* Load set_list from kernel */
- size = req_size = load_set_list(name, &idx,
- IP_SET_OP_LIST_SIZE, CMD_LIST);
-
- if (size) {
- /* Get sets and print them */
- data = ipset_malloc(size);
- ((struct ip_set_req_list *) data)->op = IP_SET_OP_LIST;
- ((struct ip_set_req_list *) data)->index = idx;
- res = kernel_getfrom_handleerrno(CMD_LIST, data, &size);
- DP("get_lists getsockopt() res=%d errno=%d", res, errno);
-
- if (res != 0 || size != req_size) {
- free(data);
- return -EAGAIN;
- }
- size = 0;
- }
- while (size != req_size)
- size += print_set(data + size, options);
-
- ipset_free(data);
- return res;
-}
-
-/* Print a set or all sets
- * All sets: name = NULL
- */
-static void list_sets(const char name[IP_SET_MAXNAMELEN], unsigned options)
-{
- int i;
-
- DP("%s", name);
- for (i = 0; i < LIST_TRIES; i++)
- if (try_list_sets(name, options) == 0)
- return;
-
- if (errno == EAGAIN)
- exit_error(OTHER_PROBLEM,
- "Tried to list sets from kernel %d times"
- " and failed. Please try again when the load on"
- " the sets has gone down.", LIST_TRIES);
- else
- kernel_error(CMD_LIST, errno);
-}
-
-/* Prints help
- * If settype is non null help for that type is printed as well
- */
-static void set_help(const struct settype *settype)
-{
- printf("%s v%s\n\n"
- "Usage: %s -N new-set settype [options]\n"
- " %s -[XFLSH] [set] [options]\n"
- " %s -[EW] from-set to-set\n"
- " %s -[ADT] set IP\n"
- " %s -R\n"
- " %s -v\n"
- " %s -h (print this help information)\n\n",
- program_name, program_version,
- program_name, program_name, program_name,
- program_name, program_name, program_name,
- program_name);
-
- printf("Commands:\n"
- "Either long or short options are allowed.\n"
- " --create -N setname settype <options>\n"
- " Create a new set\n"
- " --destroy -X [setname]\n"
- " Destroy a set or all sets\n"
- " --flush -F [setname]\n"
- " Flush a set or all sets\n"
- " --rename -E from-set to-set\n"
- " Rename from-set to to-set\n"
- " --swap -W from-set to-set\n"
- " Swap the content of two existing sets\n"
- " --list -L [setname] [options]\n"
- " List the IPs in a set or all sets\n"
- " --save -S [setname]\n"
- " Save the set or all sets to stdout\n"
- " --restore -R [option]\n"
- " Restores a saved state\n"
- " --add -A setname IP\n"
- " Add an IP to a set\n"
- " --del -D setname IP\n"
- " Deletes an IP from a set\n"
- " --test -T setname IP \n"
- " Tests if an IP exists in a set.\n"
- " --help -H [settype]\n"
- " Prints this help, and settype specific help\n"
- " --version -V\n"
- " Prints version information\n\n"
- "Options:\n"
- " --sorted -s Numeric sort of the IPs in -L\n"
- " --numeric -n Numeric output of addresses in a -L (default)\n"
- " --resolve -r Try to resolve addresses in a -L\n"
- " --quiet -q Suppress any output to stdout and stderr.\n");
-#ifdef IPSET_DEBUG
- printf(" --debug -z Enable debugging\n\n");
-#else
- printf("\n");
-#endif
-
- if (settype != NULL) {
- printf("Type '%s' specific:\n", settype->typename);
- settype->usage();
- }
-}
-
-static int find_cmd(int option)
-{
- int i;
-
- for (i = 1; i <= NUMBER_OF_CMD; i++)
- if (cmdflags[i] == option)
- return i;
-
- return CMD_NONE;
-}
-
-static int parse_adt_cmdline(int command,
- const char *name,
- char *adt,
- struct set **set,
- struct settype **settype)
-{
- int res = 0;
-
- *set = restore ? set_find_byname(name) : set_adt_get(name);
-
- /* Reset space for adt data */
- *settype = (*set)->settype;
- memset((*settype)->data, 0, (*settype)->adt_size);
-
- res = (*settype)->adt_parser(command, adt, (*settype)->data);
-
- return res;
-}
-
-/* Main worker function */
-int parse_commandline(int argc, char *argv[])
-{
- int res = 0;
- int command = CMD_NONE;
- unsigned options = 0;
- int c;
-
- char *name = NULL; /* All except -H, -R */
- char *newname = NULL; /* -E, -W */
- char *adt = NULL; /* -A, -D, -T */
- struct set *set = NULL; /* -A, -D, -T */
- struct settype *settype = NULL; /* -N, -H */
- char all_sets[] = IPSET_TOKEN_ALL;
-
- struct option *opts = opts_long;
-
- /* Suppress error messages: we may add new options if we
- demand-load a protocol. */
- opterr = 0;
- /* Reset optind to 0 for restore */
- optind = 0;
-
- while ((c = getopt_long(argc, argv, opts_short, opts, NULL)) != -1) {
-
- DP("commandline parsed: opt %c (%s)", c, argv[optind]);
-
- switch (c) {
- /*
- * Command selection
- */
- case 'h':
- case 'H':{ /* Help: -H [typename [options]] */
- check_protocolversion();
- set_command(&command, CMD_HELP);
-
- if (optarg)
- settype = check_set_typename(optarg);
- else if (optind < argc
- && argv[optind][0] != '-')
- settype = check_set_typename(argv[optind++]);
-
- break;
- }
-
- case 'V':
- case 'v': { /* Version */
- printf("%s v%s, protocol version %u.\n",
- program_name, program_version,
- IP_SET_PROTOCOL_VERSION);
- check_protocolversion();
- printf("Kernel module protocol version %u.\n",
- protocol_version);
- exit(0);
- }
-
- case 'N':{ /* Create: -N name typename options */
- set_command(&command, CMD_CREATE);
-
- name = check_set_name(optarg);
-
- /* Protect reserved names */
- if (name[0] == ':')
- exit_error(PARAMETER_PROBLEM,
- "setname might not start with colon",
- cmd2char(CMD_CREATE));
-
- if (optind < argc
- && argv[optind][0] != '-')
- settype = check_set_typename(argv[optind++]);
- else
- exit_error(PARAMETER_PROBLEM,
- "-%c requires setname and settype",
- cmd2char(CMD_CREATE));
-
- DP("merge options");
- /* Merge the create options */
- opts = merge_options(opts,
- settype->create_opts,
- &settype->option_offset);
-
- /* Reset space for create data */
- memset(settype->data, 0, settype->create_size);
-
- /* Zero the flags */
- settype->flags = 0;
-
- DP("call create_init");
- /* Call the settype create_init */
- settype->create_init(settype->data);
-
- break;
- }
-
- case 'X': /* Destroy */
- case 'F': /* Flush */
- case 'L': /* List */
- case 'S':{ /* Save */
- set_command(&command, find_cmd(c));
-
- if (optarg)
- name = check_set_name(optarg);
- else if (optind < argc
- && argv[optind][0] != '-')
- name = check_set_name(argv[optind++]);
- else
- name = all_sets;
-
- break;
- }
-
- case 'R':{ /* Restore */
- set_command(&command, find_cmd(c));
-
- break;
- }
-
- case 'E': /* Rename */
- case 'W':{ /* Swap */
- set_command(&command, find_cmd(c));
- name = check_set_name(optarg);
-
- if (optind < argc
- && argv[optind][0] != '-')
- newname = check_set_name(argv[optind++]);
- else
- exit_error(PARAMETER_PROBLEM,
- "-%c requires a setname "
- "and the new name for that set",
- cmd2char(CMD_RENAME));
-
- break;
- }
-
- case 'A': /* Add IP */
- case 'D': /* Del IP */
- case 'T':{ /* Test IP */
- set_command(&command, find_cmd(c));
-
- name = check_set_name(optarg);
-
- /* IP */
- if (optind < argc
- && argv[optind][0] != '-')
- adt = argv[optind++];
- else
- exit_error(PARAMETER_PROBLEM,
- "-%c requires setname and IP",
- c);
-
- res = parse_adt_cmdline(command, name, adt,
- &set, &settype);
-
- if (!res)
- exit_error(PARAMETER_PROBLEM,
- "Unknown arg `%s'",
- argv[optind - 1]);
-
- res = 0;
- break;
- }
-
- /* options */
-
- case 'n':
- add_option(&options, OPT_NUMERIC);
- break;
-
- case 'r':
- if (!(options & OPT_NUMERIC))
- add_option(&options, OPT_RESOLVE);
- break;
-
- case 's':
- add_option(&options, OPT_SORTED);
- break;
-
- case 'q':
- add_option(&options, OPT_QUIET);
- option_quiet = 1;
- break;
-
-#ifdef IPSET_DEBUG
- case 'z': /* debug */
- add_option(&options, OPT_DEBUG);
- option_debug = 1;
- break;
-#endif
-
- case 1: /* non option */
- printf("Bad argument `%s'\n", optarg);
- exit_tryhelp(PARAMETER_PROBLEM);
- break; /*always good */
-
- default:{
- DP("default");
-
- switch (command) {
- case CMD_CREATE:
- res = settype->create_parse(
- c - settype->option_offset,
- argv,
- settype->data,
- &settype->flags);
- break;
-
- default:
- res = 0; /* failed */
- } /* switch (command) */
-
-
- if (!res)
- exit_error(PARAMETER_PROBLEM,
- "Unknown arg `%s'",
- argv[optind - 1]);
-
- res = 0;
- }
-
- DP("next arg");
- } /* switch */
-
- } /* while( getopt_long() ) */
-
-
- if (optind < argc)
- exit_error(PARAMETER_PROBLEM,
- "unknown arguments found on commandline");
- if (command == CMD_NONE)
- exit_error(PARAMETER_PROBLEM, "no command specified");
-
- /* Check options */
- generic_opt_check(command, options);
-
- DP("cmd: %c", cmd2char(command));
-
- check_protocolversion();
-
- switch (command) {
- case CMD_CREATE:
- DP("CMD_CREATE");
- if (restore)
- set_restore_create(name, settype);
- else
- set_create(name, settype);
- break;
-
- case CMD_DESTROY:
- set_destroy(name, IP_SET_OP_DESTROY, CMD_DESTROY);
- break;
-
- case CMD_FLUSH:
- set_destroy(name, IP_SET_OP_FLUSH, CMD_FLUSH);
- break;
-
- case CMD_RENAME:
- set_rename(name, newname, IP_SET_OP_RENAME, CMD_RENAME);
- break;
-
- case CMD_SWAP:
- set_rename(name, newname, IP_SET_OP_SWAP, CMD_SWAP);
- break;
-
- case CMD_LIST:
- list_sets(name, options);
- break;
-
- case CMD_SAVE:
- set_save(name);
- break;
-
- case CMD_RESTORE:
- set_restore(argv[0]);
- break;
-
- case CMD_ADD:
- if (restore)
- set_restore_add(set, adt);
- else
- set_adtip(set, adt, IP_SET_OP_ADD_IP, CMD_ADD);
- break;
-
- case CMD_DEL:
- set_adtip(set, adt, IP_SET_OP_DEL_IP, CMD_DEL);
- break;
-
- case CMD_TEST:
- res = set_adtip(set, adt, IP_SET_OP_TEST_IP, CMD_TEST);
- break;
-
- case CMD_HELP:
- set_help(settype);
- break;
-
- default:
- /* Will never happen */
- break; /* Keep the compiler happy */
-
- } /* switch( command ) */
-
- return res;
-}
-
-
-int main(int argc, char *argv[])
-{
- return parse_commandline(argc, argv);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset.h
^
|
@@ -1,200 +0,0 @@
-#ifndef __IPSET_H
-#define __IPSET_H
-
-/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu)
- * Patrick Schaaf (bof@bof.de)
- * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <getopt.h> /* struct option */
-#include <stdint.h>
-#include <sys/types.h>
-
-#include "ip_set.h"
-
-#define IPSET_LIB_NAME "/libipset_%s.so"
-#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
-
-#define LIST_TRIES 5
-
-#ifdef IPSET_DEBUG
-extern int option_debug;
-#define DP(format, args...) if (option_debug) \
- do { \
- fprintf(stderr, "%s: %s (DBG): ", __FILE__, __FUNCTION__);\
- fprintf(stderr, format "\n" , ## args); \
- } while (0)
-#else
-#define DP(format, args...)
-#endif
-
-/* Commands */
-enum set_commands {
- CMD_NONE,
- CMD_CREATE, /* -N */
- CMD_DESTROY, /* -X */
- CMD_FLUSH, /* -F */
- CMD_RENAME, /* -E */
- CMD_SWAP, /* -W */
- CMD_LIST, /* -L */
- CMD_SAVE, /* -S */
- CMD_RESTORE, /* -R */
- CMD_ADD, /* -A */
- CMD_DEL, /* -D */
- CMD_TEST, /* -T */
- CMD_HELP, /* -H */
- CMD_VERSION, /* -V */
- NUMBER_OF_CMD = CMD_VERSION,
- /* Internal commands */
- CMD_MAX_SETS,
- CMD_LIST_SIZE,
- CMD_SAVE_SIZE,
- CMD_ADT_GET,
-};
-
-enum exittype {
- OTHER_PROBLEM = 1,
- PARAMETER_PROBLEM,
- VERSION_PROBLEM
-};
-
-/* The view of an ipset in userspace */
-struct set {
- char name[IP_SET_MAXNAMELEN]; /* Name of the set */
- ip_set_id_t id; /* Unique set id */
- ip_set_id_t index; /* Array index */
- unsigned ref; /* References in kernel */
- struct settype *settype; /* Pointer to set type functions */
-};
-
-struct settype {
- struct settype *next;
-
- char typename[IP_SET_MAXNAMELEN];
-
- int protocol_version;
-
- /*
- * Create set
- */
-
- /* Size of create data. Will be sent to kernel */
- u_int32_t create_size;
-
- /* Initialize the create. */
- void (*create_init) (void *data);
-
- /* Function which parses command options; returns true if it ate an option */
- int (*create_parse) (int c, char *argv[], void *data,
- unsigned *flags);
-
- /* Final check; exit if not ok. */
- void (*create_final) (void *data, unsigned int flags);
-
- /* Pointer to list of extra command-line options for create */
- const struct option *create_opts;
-
- /*
- * Add/del/test IP
- */
-
- /* Size of data. Will be sent to kernel */
- u_int32_t adt_size;
-
- /* Function which parses command options */
- ip_set_ip_t (*adt_parser) (int cmd, const char *optarg, void *data);
-
- /*
- * Printing
- */
-
- /* Size of header. */
- u_int32_t header_size;
-
- /* Initialize the type-header */
- void (*initheader) (struct set *set, const void *data);
-
- /* Pretty print the type-header */
- void (*printheader) (struct set *set, unsigned options);
-
- /* Pretty print all IPs */
- void (*printips) (struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align);
-
- /* Pretty print all IPs sorted */
- void (*printips_sorted) (struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align);
-
- /* Print save arguments for creating the set */
- void (*saveheader) (struct set *set, unsigned options);
-
- /* Print save for all IPs */
- void (*saveips) (struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align);
-
- /* Print usage */
- void (*usage) (void);
-
- /* Internal data */
- void *header;
- void *data;
- int option_offset;
- unsigned int flags;
-};
-
-extern void settype_register(struct settype *settype);
-
-/* extern void unregister_settype(set_type_t *set_type); */
-
-extern void exit_error(int status, const char *msg, ...);
-
-extern char *binding_ip_tostring(struct set *set,
- ip_set_ip_t ip, unsigned options);
-extern char *ip_tostring(ip_set_ip_t ip, unsigned options);
-extern char *ip_tostring_numeric(ip_set_ip_t ip);
-extern void parse_ip(const char *str, ip_set_ip_t * ip);
-extern void parse_mask(const char *str, ip_set_ip_t * mask);
-extern void parse_ipandmask(const char *str, ip_set_ip_t * ip,
- ip_set_ip_t * mask);
-extern char *port_tostring(ip_set_ip_t port, unsigned options);
-extern void parse_port(const char *str, ip_set_ip_t * port);
-extern int string_to_number(const char *str, unsigned int min, unsigned int max,
- ip_set_ip_t *port);
-
-extern void *ipset_malloc(size_t size);
-extern char *ipset_strdup(const char *);
-extern void ipset_free(void *data);
-
-extern struct set *set_find_byname(const char *name);
-extern struct set *set_find_byid(ip_set_id_t id);
-
-extern unsigned warn_once;
-
-#define BITS_PER_LONG (8*sizeof(ip_set_ip_t))
-#define BIT_WORD(nr) ((nr) / BITS_PER_LONG)
-
-static inline int test_bit(int nr, const ip_set_ip_t *addr)
-{
- return 1 & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
-}
-
-#define UNUSED __attribute__ ((unused))
-#define CONSTRUCTOR(module) \
-void __attribute__ ((constructor)) module##_init(void); \
-void module##_init(void)
-
-#endif /* __IPSET_H */
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_iphash.c
^
|
@@ -1,279 +0,0 @@
-/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem* */
-
-#include "ipset.h"
-
-#include "ip_set_iphash.h"
-
-#define BUFLEN 30;
-
-#define OPT_CREATE_HASHSIZE 0x01U
-#define OPT_CREATE_PROBES 0x02U
-#define OPT_CREATE_RESIZE 0x04U
-#define OPT_CREATE_NETMASK 0x08U
-
-/* Initialize the create. */
-static void
-iphash_create_init(void *data)
-{
- struct ip_set_req_iphash_create *mydata = data;
-
- DP("create INIT");
-
- /* Default create parameters */
- mydata->hashsize = IP_NF_SET_HASHSIZE;
- mydata->probes = 8;
- mydata->resize = 50;
-
- mydata->netmask = 0xFFFFFFFF;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-iphash_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
-{
- struct ip_set_req_iphash_create *mydata =
- (struct ip_set_req_iphash_create *) data;
- unsigned int bits;
- ip_set_ip_t value;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
-
- if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize))
- exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg);
-
- *flags |= OPT_CREATE_HASHSIZE;
-
- DP("--hashsize %u", mydata->hashsize);
-
- break;
-
- case '2':
-
- if (string_to_number(optarg, 1, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg);
-
- mydata->probes = value;
- *flags |= OPT_CREATE_PROBES;
-
- DP("--probes %u", mydata->probes);
-
- break;
-
- case '3':
-
- if (string_to_number(optarg, 0, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg);
-
- mydata->resize = value;
- *flags |= OPT_CREATE_RESIZE;
-
- DP("--resize %u", mydata->resize);
-
- break;
-
- case '4':
-
- if (string_to_number(optarg, 0, 32, &bits))
- exit_error(PARAMETER_PROBLEM,
- "Invalid netmask `%s' specified", optarg);
-
- if (bits != 0)
- mydata->netmask = 0xFFFFFFFF << (32 - bits);
-
- *flags |= OPT_CREATE_NETMASK;
-
- DP("--netmask %x", mydata->netmask);
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-iphash_create_final(void *data UNUSED, unsigned int flags UNUSED)
-{
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "hashsize", .has_arg = required_argument, .val = '1'},
- {.name = "probes", .has_arg = required_argument, .val = '2'},
- {.name = "resize", .has_arg = required_argument, .val = '3'},
- {.name = "netmask", .has_arg = required_argument, .val = '4'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-iphash_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_iphash *mydata = data;
-
- parse_ip(arg, &mydata->ip);
- if (!mydata->ip)
- exit_error(PARAMETER_PROBLEM,
- "Zero valued IP address `%s' specified", arg);
-
- return mydata->ip;
-};
-
-/*
- * Print and save
- */
-
-static void
-iphash_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_iphash_create *header = data;
- struct ip_set_iphash *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_iphash));
- map->hashsize = header->hashsize;
- map->probes = header->probes;
- map->resize = header->resize;
- map->netmask = header->netmask;
-}
-
-static unsigned int
-mask_to_bits(ip_set_ip_t mask)
-{
- unsigned int bits = 32;
- ip_set_ip_t maskaddr;
-
- if (mask == 0xFFFFFFFF)
- return bits;
-
- maskaddr = 0xFFFFFFFE;
- while (--bits > 0 && maskaddr != mask)
- maskaddr <<= 1;
-
- return bits;
-}
-
-static void
-iphash_printheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_iphash *mysetdata = set->settype->header;
-
- printf(" hashsize: %u", mysetdata->hashsize);
- printf(" probes: %u", mysetdata->probes);
- printf(" resize: %u", mysetdata->resize);
- if (mysetdata->netmask == 0xFFFFFFFF)
- printf("\n");
- else
- printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask));
-}
-
-static void
-iphash_printips(struct set *set UNUSED, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- size_t offset = 0;
- ip_set_ip_t *ip;
-
- while (offset < len) {
- ip = data + offset;
- printf("%s\n", ip_tostring(*ip, options));
- offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align);
- }
-}
-
-static void
-iphash_saveheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_iphash *mysetdata = set->settype->header;
-
- printf("-N %s %s --hashsize %u --probes %u --resize %u",
- set->name, set->settype->typename,
- mysetdata->hashsize, mysetdata->probes, mysetdata->resize);
- if (mysetdata->netmask == 0xFFFFFFFF)
- printf("\n");
- else
- printf(" --netmask %d\n", mask_to_bits(mysetdata->netmask));
-}
-
-/* Print save for an IP */
-static void
-iphash_saveips(struct set *set UNUSED, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- size_t offset = 0;
- ip_set_ip_t *ip;
-
- while (offset < len) {
- ip = data + offset;
- printf("-A %s %s\n", set->name, ip_tostring(*ip, options));
- offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align);
- }
-}
-
-static void
-iphash_usage(void)
-{
- printf
- ("-N set iphash [--hashsize hashsize] [--probes probes ]\n"
- " [--resize resize] [--netmask CIDR-netmask]\n"
- "-A set IP\n"
- "-D set IP\n"
- "-T set IP\n");
-}
-
-static struct settype settype_iphash = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_iphash_create),
- .create_init = iphash_create_init,
- .create_parse = iphash_create_parse,
- .create_final = iphash_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_iphash),
- .adt_parser = iphash_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_iphash),
- .initheader = iphash_initheader,
- .printheader = iphash_printheader,
- .printips = iphash_printips,
- .printips_sorted = iphash_printips,
- .saveheader = iphash_saveheader,
- .saveips = iphash_saveips,
-
- .usage = iphash_usage,
-};
-
-CONSTRUCTOR(iphash)
-{
- settype_register(&settype_iphash);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipmap.c
^
|
@@ -1,376 +0,0 @@
-/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu)
- * Patrick Schaaf (bof@bof.de)
- * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem* */
-
-#include "ipset.h"
-
-#include "ip_set_ipmap.h"
-
-#define BUFLEN 30;
-
-#define OPT_CREATE_FROM 0x01U
-#define OPT_CREATE_TO 0x02U
-#define OPT_CREATE_NETWORK 0x04U
-#define OPT_CREATE_NETMASK 0x08U
-
-#define OPT_ADDDEL_IP 0x01U
-
-/* Initialize the create. */
-static void
-ipmap_create_init(void *data)
-{
- struct ip_set_req_ipmap_create *mydata = data;
-
- DP("create INIT");
- mydata->netmask = 0xFFFFFFFF;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-ipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
-{
- struct ip_set_req_ipmap_create *mydata = data;
- unsigned int bits;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
- parse_ip(optarg, &mydata->from);
-
- *flags |= OPT_CREATE_FROM;
-
- DP("--from %x (%s)", mydata->from,
- ip_tostring_numeric(mydata->from));
-
- break;
-
- case '2':
- parse_ip(optarg, &mydata->to);
-
- *flags |= OPT_CREATE_TO;
-
- DP("--to %x (%s)", mydata->to,
- ip_tostring_numeric(mydata->to));
-
- break;
-
- case '3':
- parse_ipandmask(optarg, &mydata->from, &mydata->to);
-
- /* Make to the last of from + mask */
- if (mydata->to)
- mydata->to = mydata->from | ~(mydata->to);
- else {
- mydata->from = 0x00000000;
- mydata->to = 0xFFFFFFFF;
- }
- *flags |= OPT_CREATE_NETWORK;
-
- DP("--network from %x (%s)",
- mydata->from, ip_tostring_numeric(mydata->from));
- DP("--network to %x (%s)",
- mydata->to, ip_tostring_numeric(mydata->to));
-
- break;
-
- case '4':
- if (string_to_number(optarg, 0, 32, &bits))
- exit_error(PARAMETER_PROBLEM,
- "Invalid netmask `%s' specified", optarg);
-
- if (bits != 0)
- mydata->netmask = 0xFFFFFFFF << (32 - bits);
-
- *flags |= OPT_CREATE_NETMASK;
-
- DP("--netmask %x", mydata->netmask);
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-ipmap_create_final(void *data, unsigned int flags)
-{
- struct ip_set_req_ipmap_create *mydata = data;
- ip_set_ip_t range;
-
- if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to, or --network\n");
-
- if (flags & OPT_CREATE_NETWORK) {
- /* --network */
- if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Can't specify --from or --to with --network\n");
- } else {
- /* --from --to */
- if ((flags & OPT_CREATE_FROM) == 0
- || (flags & OPT_CREATE_TO) == 0)
- exit_error(PARAMETER_PROBLEM,
- "Need to specify both --from and --to\n");
- }
-
- DP("from : %x to: %x diff: %x",
- mydata->from, mydata->to,
- mydata->to - mydata->from);
-
- if (mydata->from > mydata->to)
- exit_error(PARAMETER_PROBLEM,
- "From can't be lower than to.\n");
-
- if (flags & OPT_CREATE_NETMASK) {
- unsigned int mask_bits, netmask_bits;
- ip_set_ip_t mask;
-
- if ((mydata->from & mydata->netmask) != mydata->from)
- exit_error(PARAMETER_PROBLEM,
- "%s is not a network address according to netmask %d\n",
- ip_tostring_numeric(mydata->from),
- mask_to_bits(mydata->netmask));
-
- mask = range_to_mask(mydata->from, mydata->to, &mask_bits);
- if (!mask
- && (mydata->from || mydata->to != 0xFFFFFFFF)) {
- exit_error(PARAMETER_PROBLEM,
- "You have to define a full network with --from"
- " and --to if you specify the --network option\n");
- }
- netmask_bits = mask_to_bits(mydata->netmask);
- if (netmask_bits <= mask_bits) {
- exit_error(PARAMETER_PROBLEM,
- "%d netmask specifies larger or equal netblock than the network itself\n");
- }
- range = (1<<(netmask_bits - mask_bits)) - 1;
- } else {
- range = mydata->to - mydata->from;
- }
- if (range > MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
- "Range too large. Max is %d IPs in range\n",
- MAX_RANGE+1);
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "from", .has_arg = required_argument, .val = '1'},
- {.name = "to", .has_arg = required_argument, .val = '2'},
- {.name = "network", .has_arg = required_argument, .val = '3'},
- {.name = "netmask", .has_arg = required_argument, .val = '4'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-ipmap_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_ipmap *mydata = data;
-
- DP("ipmap: %p %p", arg, data);
-
- parse_ip(arg, &mydata->ip);
- DP("%s", ip_tostring_numeric(mydata->ip));
-
- return 1;
-}
-
-/*
- * Print and save
- */
-
-static void
-ipmap_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_ipmap_create *header = data;
- struct ip_set_ipmap *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_ipmap));
- map->first_ip = header->from;
- map->last_ip = header->to;
- map->netmask = header->netmask;
-
- if (map->netmask == 0xFFFFFFFF) {
- map->hosts = 1;
- map->sizeid = map->last_ip - map->first_ip + 1;
- } else {
- unsigned int mask_bits, netmask_bits;
- ip_set_ip_t mask;
-
- mask = range_to_mask(header->from, header->to, &mask_bits);
- netmask_bits = mask_to_bits(header->netmask);
-
- DP("bits: %d %d", mask_bits, netmask_bits);
- map->hosts = 2 << (32 - netmask_bits - 1);
- map->sizeid = 2 << (netmask_bits - mask_bits - 1);
- }
-
- DP("%d %d", map->hosts, map->sizeid );
-}
-
-static void
-ipmap_printheader(struct set *set, unsigned options)
-{
- struct ip_set_ipmap *mysetdata = set->settype->header;
-
- printf(" from: %s", ip_tostring(mysetdata->first_ip, options));
- printf(" to: %s", ip_tostring(mysetdata->last_ip, options));
- if (mysetdata->netmask == 0xFFFFFFFF)
- printf("\n");
- else
- printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask));
-}
-
-static inline void
-__ipmap_printips_sorted(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options)
-{
- struct ip_set_ipmap *mysetdata = set->settype->header;
- ip_set_ip_t id;
-
- for (id = 0; id < mysetdata->sizeid; id++)
- if (test_bit(id, data))
- printf("%s\n",
- ip_tostring(mysetdata->first_ip
- + id * mysetdata->hosts,
- options));
-}
-
-static void
-ipmap_printips_sorted(struct set *set, void *data,
- u_int32_t len, unsigned options,
- char dont_align)
-{
- ip_set_ip_t *ip;
- size_t offset = 0;
-
- if (dont_align)
- return __ipmap_printips_sorted(set, data, len, options);
-
- while (offset < len) {
- DP("offset: %zu, len %u\n", offset, len);
- ip = data + offset;
- printf("%s\n", ip_tostring(*ip, options));
- offset += IPSET_ALIGN(sizeof(ip_set_ip_t));
- }
-}
-
-static void
-ipmap_saveheader(struct set *set, unsigned options)
-{
- struct ip_set_ipmap *mysetdata = set->settype->header;
-
- printf("-N %s %s --from %s",
- set->name, set->settype->typename,
- ip_tostring(mysetdata->first_ip, options));
- printf(" --to %s",
- ip_tostring(mysetdata->last_ip, options));
- if (mysetdata->netmask == 0xFFFFFFFF)
- printf("\n");
- else
- printf(" --netmask %d\n",
- mask_to_bits(mysetdata->netmask));
-}
-
-static inline void
-__ipmap_saveips(struct set *set, void *data, u_int32_t len UNUSED,
- unsigned options)
-{
- struct ip_set_ipmap *mysetdata = set->settype->header;
- ip_set_ip_t id;
-
- DP("%s", set->name);
- for (id = 0; id < mysetdata->sizeid; id++)
- if (test_bit(id, data))
- printf("-A %s %s\n",
- set->name,
- ip_tostring(mysetdata->first_ip
- + id * mysetdata->hosts,
- options));
-}
-
-static void
-ipmap_saveips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- ip_set_ip_t *ip;
- size_t offset = 0;
-
- if (dont_align)
- return __ipmap_saveips(set, data, len, options);
-
- while (offset < len) {
- ip = data + offset;
- printf("-A %s %s\n", set->name, ip_tostring(*ip, options));
- offset += IPSET_ALIGN(sizeof(ip_set_ip_t));
- }
-}
-
-static void
-ipmap_usage(void)
-{
- printf
- ("-N set ipmap --from IP --to IP [--netmask CIDR-netmask]\n"
- "-N set ipmap --network IP/mask [--netmask CIDR-netmask]\n"
- "-A set IP\n"
- "-D set IP\n"
- "-T set IP\n");
-}
-
-static struct settype settype_ipmap = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_ipmap_create),
- .create_init = ipmap_create_init,
- .create_parse = ipmap_create_parse,
- .create_final = ipmap_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_ipmap),
- .adt_parser = ipmap_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_ipmap),
- .initheader = ipmap_initheader,
- .printheader = ipmap_printheader,
- .printips = ipmap_printips_sorted,
- .printips_sorted = ipmap_printips_sorted,
- .saveheader = ipmap_saveheader,
- .saveips = ipmap_saveips,
-
- .usage = ipmap_usage,
-};
-
-CONSTRUCTOR(ipmap)
-{
- settype_register(&settype_ipmap);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipporthash.c
^
|
@@ -1,350 +0,0 @@
-/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem*, str* */
-
-#include "ipset.h"
-
-#include "ip_set_ipporthash.h"
-
-#define OPT_CREATE_HASHSIZE 0x01U
-#define OPT_CREATE_PROBES 0x02U
-#define OPT_CREATE_RESIZE 0x04U
-#define OPT_CREATE_NETWORK 0x08U
-#define OPT_CREATE_FROM 0x10U
-#define OPT_CREATE_TO 0x20U
-
-/* Initialize the create. */
-static void
-ipporthash_create_init(void *data)
-{
- struct ip_set_req_ipporthash_create *mydata = data;
-
- DP("create INIT");
-
- /* Default create parameters */
- mydata->hashsize = IP_NF_SET_HASHSIZE;
- mydata->probes = 8;
- mydata->resize = 50;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-ipporthash_create_parse(int c, char *argv[] UNUSED, void *data,
- unsigned *flags)
-{
- struct ip_set_req_ipporthash_create *mydata = data;
- ip_set_ip_t value;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
-
- if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize))
- exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg);
-
- *flags |= OPT_CREATE_HASHSIZE;
-
- DP("--hashsize %u", mydata->hashsize);
-
- break;
-
- case '2':
-
- if (string_to_number(optarg, 1, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg);
-
- mydata->probes = value;
- *flags |= OPT_CREATE_PROBES;
-
- DP("--probes %u", mydata->probes);
-
- break;
-
- case '3':
-
- if (string_to_number(optarg, 0, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg);
-
- mydata->resize = value;
- *flags |= OPT_CREATE_RESIZE;
-
- DP("--resize %u", mydata->resize);
-
- break;
-
- case '4':
- parse_ip(optarg, &mydata->from);
-
- *flags |= OPT_CREATE_FROM;
-
- DP("--from %x (%s)", mydata->from,
- ip_tostring_numeric(mydata->from));
-
- break;
-
- case '5':
- parse_ip(optarg, &mydata->to);
-
- *flags |= OPT_CREATE_TO;
-
- DP("--to %x (%s)", mydata->to,
- ip_tostring_numeric(mydata->to));
-
- break;
-
- case '6':
- parse_ipandmask(optarg, &mydata->from, &mydata->to);
-
- /* Make to the last of from + mask */
- if (mydata->to)
- mydata->to = mydata->from | ~(mydata->to);
- else {
- mydata->from = 0x00000000;
- mydata->to = 0xFFFFFFFF;
- }
- *flags |= OPT_CREATE_NETWORK;
-
- DP("--network from %x (%s)",
- mydata->from, ip_tostring_numeric(mydata->from));
- DP("--network to %x (%s)",
- mydata->to, ip_tostring_numeric(mydata->to));
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-ipporthash_create_final(void *data, unsigned int flags)
-{
- struct ip_set_req_ipporthash_create *mydata = data;
-
-#ifdef IPSET_DEBUG
- DP("hashsize %u probes %u resize %u",
- mydata->hashsize, mydata->probes, mydata->resize);
-#endif
-
- if (flags & OPT_CREATE_NETWORK) {
- /* --network */
- if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Can't specify --from or --to with --network\n");
- } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) {
- /* --from --to */
- if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Need to specify both --from and --to\n");
- } else {
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to, or --network\n");
-
- }
-
- DP("from : %x to: %x diff: %x",
- mydata->from, mydata->to,
- mydata->to - mydata->from);
-
- if (mydata->from > mydata->to)
- exit_error(PARAMETER_PROBLEM,
- "From can't be higher than to.\n");
-
- if (mydata->to - mydata->from > MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
- "Range too large. Max is %d IPs in range\n",
- MAX_RANGE+1);
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "hashsize", .has_arg = required_argument, .val = '1'},
- {.name = "probes", .has_arg = required_argument, .val = '2'},
- {.name = "resize", .has_arg = required_argument, .val = '3'},
- {.name = "from", .has_arg = required_argument, .val = '4'},
- {.name = "to", .has_arg = required_argument, .val = '5'},
- {.name = "network", .has_arg = required_argument, .val = '6'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-ipporthash_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_ipporthash *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
-
- DP("ipporthash: %p %p", arg, data);
-
- if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
- fprintf(stderr, "Warning: please use ',' separator token between ip,port.\n"
- "Next release won't support old separator tokens.\n");
-
- ptr = strsep(&tmp, ":%,");
- parse_ip(ptr, &mydata->ip);
-
- if (tmp)
- parse_port(tmp, &mydata->port);
- else
- exit_error(PARAMETER_PROBLEM,
- "IP address and port must be specified: ip,port");
-
- if (!(mydata->ip || mydata->port))
- exit_error(PARAMETER_PROBLEM,
- "Zero valued IP address and port `%s' specified", arg);
- ipset_free(saved);
- return 1;
-};
-
-/*
- * Print and save
- */
-
-static void
-ipporthash_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_ipporthash_create *header = data;
- struct ip_set_ipporthash *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_ipporthash));
- map->hashsize = header->hashsize;
- map->probes = header->probes;
- map->resize = header->resize;
- map->first_ip = header->from;
- map->last_ip = header->to;
-}
-
-static void
-ipporthash_printheader(struct set *set, unsigned options)
-{
- struct ip_set_ipporthash *mysetdata = set->settype->header;
-
- printf(" from: %s", ip_tostring(mysetdata->first_ip, options));
- printf(" to: %s", ip_tostring(mysetdata->last_ip, options));
- printf(" hashsize: %u", mysetdata->hashsize);
- printf(" probes: %u", mysetdata->probes);
- printf(" resize: %u\n", mysetdata->resize);
-}
-
-static void
-ipporthash_printips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_ipporthash *mysetdata = set->settype->header;
- size_t offset = 0;
- ip_set_ip_t *ipptr, ip;
- uint16_t port;
-
- while (offset < len) {
- ipptr = data + offset;
- ip = (*ipptr>>16) + mysetdata->first_ip;
- port = (uint16_t) *ipptr;
- printf("%s,%s\n",
- ip_tostring(ip, options),
- port_tostring(port, options));
- offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align);
- }
-}
-
-static void
-ipporthash_saveheader(struct set *set, unsigned options)
-{
- struct ip_set_ipporthash *mysetdata = set->settype->header;
-
- printf("-N %s %s --from %s",
- set->name, set->settype->typename,
- ip_tostring(mysetdata->first_ip, options));
- printf(" --to %s",
- ip_tostring(mysetdata->last_ip, options));
- printf(" --hashsize %u --probes %u --resize %u\n",
- mysetdata->hashsize, mysetdata->probes, mysetdata->resize);
-}
-
-/* Print save for an IP */
-static void
-ipporthash_saveips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_ipporthash *mysetdata = set->settype->header;
- size_t offset = 0;
- ip_set_ip_t *ipptr, ip;
- uint16_t port;
-
- while (offset < len) {
- ipptr = data + offset;
- ip = (*ipptr>>16) + mysetdata->first_ip;
- port = (uint16_t) *ipptr;
- printf("-A %s %s,%s\n", set->name,
- ip_tostring(ip, options),
- port_tostring(port, options));
- offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align);
- }
-}
-
-static void
-ipporthash_usage(void)
-{
- printf
- ("-N set ipporthash --from IP --to IP\n"
- " [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-N set ipporthash --network IP/mask\n"
- " [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-A set IP,port\n"
- "-D set IP,port\n"
- "-T set IP,port\n");
-}
-
-static struct settype settype_ipporthash = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_ipporthash_create),
- .create_init = ipporthash_create_init,
- .create_parse = ipporthash_create_parse,
- .create_final = ipporthash_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_ipporthash),
- .adt_parser = ipporthash_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_ipporthash),
- .initheader = ipporthash_initheader,
- .printheader = ipporthash_printheader,
- .printips = ipporthash_printips,
- .printips_sorted = ipporthash_printips,
- .saveheader = ipporthash_saveheader,
- .saveips = ipporthash_saveips,
-
- .usage = ipporthash_usage,
-};
-
-CONSTRUCTOR(ipporthash)
-{
- settype_register(&settype_ipporthash);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipportiphash.c
^
|
@@ -1,361 +0,0 @@
-/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem*, str* */
-
-#include "ipset.h"
-
-#include "ip_set_ipportiphash.h"
-
-#define OPT_CREATE_HASHSIZE 0x01U
-#define OPT_CREATE_PROBES 0x02U
-#define OPT_CREATE_RESIZE 0x04U
-#define OPT_CREATE_NETWORK 0x08U
-#define OPT_CREATE_FROM 0x10U
-#define OPT_CREATE_TO 0x20U
-
-/* Initialize the create. */
-static void
-ipportiphash_create_init(void *data)
-{
- struct ip_set_req_ipportiphash_create *mydata = data;
-
- DP("create INIT");
-
- /* Default create parameters */
- mydata->hashsize = IP_NF_SET_HASHSIZE;
- mydata->probes = 8;
- mydata->resize = 50;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-ipportiphash_create_parse(int c, char *argv[] UNUSED, void *data,
- unsigned *flags)
-{
- struct ip_set_req_ipportiphash_create *mydata = data;
- ip_set_ip_t value;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
-
- if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize))
- exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg);
-
- *flags |= OPT_CREATE_HASHSIZE;
-
- DP("--hashsize %u", mydata->hashsize);
-
- break;
-
- case '2':
-
- if (string_to_number(optarg, 1, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg);
-
- mydata->probes = value;
- *flags |= OPT_CREATE_PROBES;
-
- DP("--probes %u", mydata->probes);
-
- break;
-
- case '3':
-
- if (string_to_number(optarg, 0, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg);
-
- mydata->resize = value;
- *flags |= OPT_CREATE_RESIZE;
-
- DP("--resize %u", mydata->resize);
-
- break;
-
- case '4':
- parse_ip(optarg, &mydata->from);
-
- *flags |= OPT_CREATE_FROM;
-
- DP("--from %x (%s)", mydata->from,
- ip_tostring_numeric(mydata->from));
-
- break;
-
- case '5':
- parse_ip(optarg, &mydata->to);
-
- *flags |= OPT_CREATE_TO;
-
- DP("--to %x (%s)", mydata->to,
- ip_tostring_numeric(mydata->to));
-
- break;
-
- case '6':
- parse_ipandmask(optarg, &mydata->from, &mydata->to);
-
- /* Make to the last of from + mask */
- if (mydata->to)
- mydata->to = mydata->from | ~(mydata->to);
- else {
- mydata->from = 0x00000000;
- mydata->to = 0xFFFFFFFF;
- }
- *flags |= OPT_CREATE_NETWORK;
-
- DP("--network from %x (%s)",
- mydata->from, ip_tostring_numeric(mydata->from));
- DP("--network to %x (%s)",
- mydata->to, ip_tostring_numeric(mydata->to));
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-ipportiphash_create_final(void *data, unsigned int flags)
-{
- struct ip_set_req_ipportiphash_create *mydata = data;
-
-#ifdef IPSET_DEBUG
- DP("hashsize %u probes %u resize %u",
- mydata->hashsize, mydata->probes, mydata->resize);
-#endif
-
- if (flags & OPT_CREATE_NETWORK) {
- /* --network */
- if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Can't specify --from or --to with --network\n");
- } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) {
- /* --from --to */
- if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Need to specify both --from and --to\n");
- } else {
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to, or --network\n");
-
- }
-
- DP("from : %x to: %x diff: %x",
- mydata->from, mydata->to,
- mydata->to - mydata->from);
-
- if (mydata->from > mydata->to)
- exit_error(PARAMETER_PROBLEM,
- "From can't be higher than to.\n");
-
- if (mydata->to - mydata->from > MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
- "Range too large. Max is %d IPs in range\n",
- MAX_RANGE+1);
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "hashsize", .has_arg = required_argument, .val = '1'},
- {.name = "probes", .has_arg = required_argument, .val = '2'},
- {.name = "resize", .has_arg = required_argument, .val = '3'},
- {.name = "from", .has_arg = required_argument, .val = '4'},
- {.name = "to", .has_arg = required_argument, .val = '5'},
- {.name = "network", .has_arg = required_argument, .val = '6'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-ipportiphash_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_ipportiphash *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
-
- DP("ipportiphash: %p %p", arg, data);
-
- if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
- fprintf(stderr, "Warning: please use ',' separator token between ip,port,ip.\n"
- "Next release won't support old separator tokens.\n");
-
- ptr = strsep(&tmp, ":%,");
- parse_ip(ptr, &mydata->ip);
-
- if (!tmp)
- exit_error(PARAMETER_PROBLEM,
- "IP address, port and IP address must be specified: ip,port,ip");
-
- ptr = strsep(&tmp, ":%,");
- parse_port(ptr, &mydata->port);
- if (tmp)
- parse_ip(tmp, &mydata->ip1);
- else
- exit_error(PARAMETER_PROBLEM,
- "IP address, port and IP address must be specified: ip,port,ip");
- if (!(mydata->ip || mydata->port || mydata->ip1))
- exit_error(PARAMETER_PROBLEM,
- "Zero valued IP address, port and IP address `%s' specified", arg);
- ipset_free(saved);
- return 1;
-};
-
-/*
- * Print and save
- */
-
-static void
-ipportiphash_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_ipportiphash_create *header = data;
- struct ip_set_ipportiphash *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_ipportiphash));
- map->hashsize = header->hashsize;
- map->probes = header->probes;
- map->resize = header->resize;
- map->first_ip = header->from;
- map->last_ip = header->to;
-}
-
-static void
-ipportiphash_printheader(struct set *set, unsigned options)
-{
- struct ip_set_ipportiphash *mysetdata = set->settype->header;
-
- printf(" from: %s", ip_tostring(mysetdata->first_ip, options));
- printf(" to: %s", ip_tostring(mysetdata->last_ip, options));
- printf(" hashsize: %u", mysetdata->hashsize);
- printf(" probes: %u", mysetdata->probes);
- printf(" resize: %u\n", mysetdata->resize);
-}
-
-static void
-ipportiphash_printips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_ipportiphash *mysetdata = set->settype->header;
- size_t offset = 0;
- struct ipportip *ipptr;
- ip_set_ip_t ip;
- uint16_t port;
-
- while (offset < len) {
- ipptr = data + offset;
- ip = (ipptr->ip>>16) + mysetdata->first_ip;
- port = (uint16_t) ipptr->ip;
- printf("%s,%s,",
- ip_tostring(ip, options),
- port_tostring(port, options));
- printf("%s\n",
- ip_tostring(ipptr->ip1, options));
- offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align);
- }
-}
-
-static void
-ipportiphash_saveheader(struct set *set, unsigned options)
-{
- struct ip_set_ipportiphash *mysetdata = set->settype->header;
-
- printf("-N %s %s --from %s",
- set->name, set->settype->typename,
- ip_tostring(mysetdata->first_ip, options));
- printf(" --to %s",
- ip_tostring(mysetdata->last_ip, options));
- printf(" --hashsize %u --probes %u --resize %u\n",
- mysetdata->hashsize, mysetdata->probes, mysetdata->resize);
-}
-
-/* Print save for an IP */
-static void
-ipportiphash_saveips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_ipportiphash *mysetdata = set->settype->header;
- size_t offset = 0;
- struct ipportip *ipptr;
- ip_set_ip_t ip;
- uint16_t port;
-
- while (offset < len) {
- ipptr = data + offset;
- ip = (ipptr->ip>>16) + mysetdata->first_ip;
- port = (uint16_t) ipptr->ip;
- printf("-A %s %s,%s,", set->name,
- ip_tostring(ip, options),
- port_tostring(port, options));
- printf("%s\n",
- ip_tostring(ipptr->ip1, options));
- offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align);
- }
-}
-
-static void
-ipportiphash_usage(void)
-{
- printf
- ("-N set ipportiphash --from IP --to IP\n"
- " [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-N set ipportiphash --network IP/mask\n"
- " [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-A set IP,port,IP\n"
- "-D set IP,port,IP\n"
- "-T set IP,port,IP\n");
-}
-
-static struct settype settype_ipportiphash = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_ipportiphash_create),
- .create_init = ipportiphash_create_init,
- .create_parse = ipportiphash_create_parse,
- .create_final = ipportiphash_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_ipportiphash),
- .adt_parser = ipportiphash_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_ipportiphash),
- .initheader = ipportiphash_initheader,
- .printheader = ipportiphash_printheader,
- .printips = ipportiphash_printips,
- .printips_sorted = ipportiphash_printips,
- .saveheader = ipportiphash_saveheader,
- .saveips = ipportiphash_saveips,
-
- .usage = ipportiphash_usage,
-};
-
-CONSTRUCTOR(ipportiphash)
-{
- settype_register(&settype_ipportiphash);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipportnethash.c
^
|
@@ -1,426 +0,0 @@
-/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem*, str* */
-
-#include "ipset.h"
-
-#include "ip_set_ipportnethash.h"
-
-#define OPT_CREATE_HASHSIZE 0x01U
-#define OPT_CREATE_PROBES 0x02U
-#define OPT_CREATE_RESIZE 0x04U
-#define OPT_CREATE_NETWORK 0x08U
-#define OPT_CREATE_FROM 0x10U
-#define OPT_CREATE_TO 0x20U
-
-/* Initialize the create. */
-static void
-ipportnethash_create_init(void *data)
-{
- struct ip_set_req_ipportnethash_create *mydata = data;
-
- DP("create INIT");
-
- /* Default create parameters */
- mydata->hashsize = IP_NF_SET_HASHSIZE;
- mydata->probes = 8;
- mydata->resize = 50;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-ipportnethash_create_parse(int c, char *argv[] UNUSED, void *data,
- unsigned *flags)
-{
- struct ip_set_req_ipportnethash_create *mydata = data;
- ip_set_ip_t value;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
-
- if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize))
- exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg);
-
- *flags |= OPT_CREATE_HASHSIZE;
-
- DP("--hashsize %u", mydata->hashsize);
-
- break;
-
- case '2':
-
- if (string_to_number(optarg, 1, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg);
-
- mydata->probes = value;
- *flags |= OPT_CREATE_PROBES;
-
- DP("--probes %u", mydata->probes);
-
- break;
-
- case '3':
-
- if (string_to_number(optarg, 0, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg);
-
- mydata->resize = value;
- *flags |= OPT_CREATE_RESIZE;
-
- DP("--resize %u", mydata->resize);
-
- break;
-
- case '4':
- parse_ip(optarg, &mydata->from);
-
- *flags |= OPT_CREATE_FROM;
-
- DP("--from %x (%s)", mydata->from,
- ip_tostring_numeric(mydata->from));
-
- break;
-
- case '5':
- parse_ip(optarg, &mydata->to);
-
- *flags |= OPT_CREATE_TO;
-
- DP("--to %x (%s)", mydata->to,
- ip_tostring_numeric(mydata->to));
-
- break;
-
- case '6':
- parse_ipandmask(optarg, &mydata->from, &mydata->to);
-
- /* Make to the last of from + mask */
- if (mydata->to)
- mydata->to = mydata->from | ~(mydata->to);
- else {
- mydata->from = 0x00000000;
- mydata->to = 0xFFFFFFFF;
- }
- *flags |= OPT_CREATE_NETWORK;
-
- DP("--network from %x (%s)",
- mydata->from, ip_tostring_numeric(mydata->from));
- DP("--network to %x (%s)",
- mydata->to, ip_tostring_numeric(mydata->to));
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-ipportnethash_create_final(void *data, unsigned int flags)
-{
- struct ip_set_req_ipportnethash_create *mydata = data;
-
-#ifdef IPSET_DEBUG
- DP("hashsize %u probes %u resize %u",
- mydata->hashsize, mydata->probes, mydata->resize);
-#endif
-
- if (flags & OPT_CREATE_NETWORK) {
- /* --network */
- if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Can't specify --from or --to with --network\n");
- } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) {
- /* --from --to */
- if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Need to specify both --from and --to\n");
- } else {
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to, or --network\n");
-
- }
-
- DP("from : %x to: %x diff: %x",
- mydata->from, mydata->to,
- mydata->to - mydata->from);
-
- if (mydata->from > mydata->to)
- exit_error(PARAMETER_PROBLEM,
- "From can't be higher than to.\n");
-
- if (mydata->to - mydata->from > MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
- "Range too large. Max is %d IPs in range\n",
- MAX_RANGE+1);
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "hashsize", .has_arg = required_argument, .val = '1'},
- {.name = "probes", .has_arg = required_argument, .val = '2'},
- {.name = "resize", .has_arg = required_argument, .val = '3'},
- {.name = "from", .has_arg = required_argument, .val = '4'},
- {.name = "to", .has_arg = required_argument, .val = '5'},
- {.name = "network", .has_arg = required_argument, .val = '6'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-ipportnethash_adt_parser(int cmd, const char *arg, void *data)
-{
- struct ip_set_req_ipportnethash *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
- ip_set_ip_t cidr;
-
- DP("ipportnethash: %p %p", arg, data);
-
- if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
- fprintf(stderr, "Warning: please use ',' separator token between ip,port,net.\n"
- "Next release won't support old separator tokens.\n");
-
- ptr = strsep(&tmp, ":%,");
- parse_ip(ptr, &mydata->ip);
- if (!tmp)
- exit_error(PARAMETER_PROBLEM,
- "IP address, port and network address must be specified: ip,port,net");
-
- ptr = strsep(&tmp, ":%,");
- parse_port(ptr, &mydata->port);
- if (!tmp)
- exit_error(PARAMETER_PROBLEM,
- "IP address, port and network address must be specified: ip,port,net");
-
- ptr = strsep(&tmp, "/");
- if (tmp == NULL)
- if (cmd == CMD_TEST)
- cidr = 32;
- else
- exit_error(PARAMETER_PROBLEM,
- "Missing /cidr from `%s'", arg);
- else
- if (string_to_number(tmp, 1, 31, &cidr))
- exit_error(PARAMETER_PROBLEM,
- "Out of range cidr `%s' specified", arg);
-
- mydata->cidr = cidr;
-
- parse_ip(ptr, &mydata->ip1);
- ipset_free(saved);
- return 1;
-};
-
-/*
- * Print and save
- */
-
-static void
-ipportnethash_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_ipportnethash_create *header = data;
- struct ip_set_ipportnethash *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_ipportnethash));
- map->hashsize = header->hashsize;
- map->probes = header->probes;
- map->resize = header->resize;
- map->first_ip = header->from;
- map->last_ip = header->to;
-}
-
-static void
-ipportnethash_printheader(struct set *set, unsigned options)
-{
- struct ip_set_ipportnethash *mysetdata = set->settype->header;
-
- printf(" from: %s", ip_tostring(mysetdata->first_ip, options));
- printf(" to: %s", ip_tostring(mysetdata->last_ip, options));
- printf(" hashsize: %u", mysetdata->hashsize);
- printf(" probes: %u", mysetdata->probes);
- printf(" resize: %u\n", mysetdata->resize);
-}
-
-static char buf[20];
-
-static char *
-unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED)
-{
- int i, j = 3;
- unsigned char a, b;
-
- ip = htonl(ip);
- for (i = 3; i >= 0; i--)
- if (((unsigned char *)&ip)[i] != 0) {
- j = i;
- break;
- }
-
- a = ((unsigned char *)&ip)[j];
- if (a <= 128) {
- a = (a - 1) * 2;
- b = 7;
- } else if (a <= 192) {
- a = (a - 129) * 4;
- b = 6;
- } else if (a <= 224) {
- a = (a - 193) * 8;
- b = 5;
- } else if (a <= 240) {
- a = (a - 225) * 16;
- b = 4;
- } else if (a <= 248) {
- a = (a - 241) * 32;
- b = 3;
- } else if (a <= 252) {
- a = (a - 249) * 64;
- b = 2;
- } else if (a <= 254) {
- a = (a - 253) * 128;
- b = 1;
- } else {
- a = b = 0;
- }
- ((unsigned char *)&ip)[j] = a;
- b += j * 8;
-
- sprintf(buf, "%u.%u.%u.%u/%u",
- ((unsigned char *)&ip)[0],
- ((unsigned char *)&ip)[1],
- ((unsigned char *)&ip)[2],
- ((unsigned char *)&ip)[3],
- b);
-
- DP("%s %s", ip_tostring(ntohl(ip), 0), buf);
- return buf;
-}
-
-static void
-ipportnethash_printips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_ipportnethash *mysetdata = set->settype->header;
- size_t offset = 0;
- struct ipportip *ipptr;
- ip_set_ip_t ip;
- uint16_t port;
-
- while (offset < len) {
- ipptr = data + offset;
- ip = (ipptr->ip>>16) + mysetdata->first_ip;
- port = (uint16_t) ipptr->ip;
- printf("%s,%s,",
- ip_tostring(ip, options),
- port_tostring(port, options));
- printf("%s\n",
- unpack_ip_tostring(ipptr->ip1, options));
- offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align);
- }
-}
-
-static void
-ipportnethash_saveheader(struct set *set, unsigned options)
-{
- struct ip_set_ipportnethash *mysetdata = set->settype->header;
-
- printf("-N %s %s --from %s",
- set->name, set->settype->typename,
- ip_tostring(mysetdata->first_ip, options));
- printf(" --to %s",
- ip_tostring(mysetdata->last_ip, options));
- printf(" --hashsize %u --probes %u --resize %u\n",
- mysetdata->hashsize, mysetdata->probes, mysetdata->resize);
-}
-
-/* Print save for an IP */
-static void
-ipportnethash_saveips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_ipportnethash *mysetdata = set->settype->header;
- size_t offset = 0;
- struct ipportip *ipptr;
- ip_set_ip_t ip;
- uint16_t port;
-
- while (offset < len) {
- ipptr = data + offset;
- ip = (ipptr->ip>>16) + mysetdata->first_ip;
- port = (uint16_t) ipptr->ip;
- printf("-A %s %s,%s,", set->name,
- ip_tostring(ip, options),
- port_tostring(port, options));
- printf("%s\n",
- unpack_ip_tostring(ipptr->ip, options));
- offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align);
- }
-}
-
-static void
-ipportnethash_usage(void)
-{
- printf
- ("-N set ipportnethash --from IP --to IP\n"
- " [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-N set ipportnethash --network IP/mask\n"
- " [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
- "-A set IP,port,IP/net\n"
- "-D set IP,port,IP/net\n"
- "-T set IP,port,IP[/net]\n");
-}
-
-static struct settype settype_ipportnethash = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_ipportnethash_create),
- .create_init = ipportnethash_create_init,
- .create_parse = ipportnethash_create_parse,
- .create_final = ipportnethash_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_ipportnethash),
- .adt_parser = ipportnethash_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_ipportnethash),
- .initheader = ipportnethash_initheader,
- .printheader = ipportnethash_printheader,
- .printips = ipportnethash_printips,
- .printips_sorted = ipportnethash_printips,
- .saveheader = ipportnethash_saveheader,
- .saveips = ipportnethash_saveips,
-
- .usage = ipportnethash_usage,
-};
-
-CONSTRUCTOR(ipportnethash)
-{
- settype_register(&settype_ipportnethash);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_iptree.c
^
|
@@ -1,224 +0,0 @@
-/* Copyright 2005 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem* */
-
-#include "ipset.h"
-
-#include "ip_set_iptree.h"
-
-#define BUFLEN 30;
-
-#define OPT_CREATE_TIMEOUT 0x01U
-
-/* Initialize the create. */
-static void
-iptree_create_init(void *data)
-{
- struct ip_set_req_iptree_create *mydata = data;
-
- DP("create INIT");
- mydata->timeout = 0;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-iptree_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
-{
- struct ip_set_req_iptree_create *mydata = data;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
- string_to_number(optarg, 0, UINT_MAX, &mydata->timeout);
-
- *flags |= OPT_CREATE_TIMEOUT;
-
- DP("--timeout %u", mydata->timeout);
-
- break;
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-iptree_create_final(void *data UNUSED, unsigned int flags UNUSED)
-{
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "timeout", .has_arg = required_argument, .val = '1'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-iptree_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_iptree *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
-
- DP("iptree: %p %p", arg, data);
-
- if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
- fprintf(stderr, "Warning: please use ',' separator token between ip,timeout.\n"
- "Next release won't support old separator tokens.\n");
-
- ptr = strsep(&tmp, ":%,");
- parse_ip(ptr, &mydata->ip);
-
- if (tmp)
- string_to_number(tmp, 0, UINT_MAX, &mydata->timeout);
- else
- mydata->timeout = 0;
-
- ipset_free(saved);
- return 1;
-}
-
-/*
- * Print and save
- */
-
-static void
-iptree_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_iptree_create *header = data;
- struct ip_set_iptree *map = set->settype->header;
-
- map->timeout = header->timeout;
-}
-
-static void
-iptree_printheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_iptree *mysetdata = set->settype->header;
-
- if (mysetdata->timeout)
- printf(" timeout: %u", mysetdata->timeout);
- printf("\n");
-}
-
-static void
-iptree_printips_sorted(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_iptree *mysetdata = set->settype->header;
- struct ip_set_req_iptree *req;
- size_t offset = 0;
-
- while (len >= offset + sizeof(struct ip_set_req_iptree)) {
- req = (struct ip_set_req_iptree *)(data + offset);
- if (mysetdata->timeout)
- printf("%s,%u\n", ip_tostring(req->ip, options),
- req->timeout);
- else
- printf("%s\n", ip_tostring(req->ip, options));
- offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align);
- }
-}
-
-static void
-iptree_saveheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_iptree *mysetdata = set->settype->header;
-
- if (mysetdata->timeout)
- printf("-N %s %s --timeout %u\n",
- set->name, set->settype->typename,
- mysetdata->timeout);
- else
- printf("-N %s %s\n",
- set->name, set->settype->typename);
-}
-
-static void
-iptree_saveips(struct set *set, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- struct ip_set_iptree *mysetdata = set->settype->header;
- struct ip_set_req_iptree *req;
- size_t offset = 0;
-
- DP("%s", set->name);
-
- while (len >= offset + sizeof(struct ip_set_req_iptree)) {
- req = (struct ip_set_req_iptree *)(data + offset);
- if (mysetdata->timeout)
- printf("-A %s %s,%u\n",
- set->name,
- ip_tostring(req->ip, options),
- req->timeout);
- else
- printf("-A %s %s\n",
- set->name,
- ip_tostring(req->ip, options));
- offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align);
- }
-}
-
-static void
-iptree_usage(void)
-{
- printf
- ("-N set iptree [--timeout value]\n"
- "-A set IP[,timeout]\n"
- "-D set IP\n"
- "-T set IP\n");
-}
-
-static struct settype settype_iptree = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_iptree_create),
- .create_init = iptree_create_init,
- .create_parse = iptree_create_parse,
- .create_final = iptree_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_iptree),
- .adt_parser = iptree_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_iptree),
- .initheader = iptree_initheader,
- .printheader = iptree_printheader,
- .printips = iptree_printips_sorted, /* We only have sorted version */
- .printips_sorted = iptree_printips_sorted,
- .saveheader = iptree_saveheader,
- .saveips = iptree_saveips,
-
- .usage = iptree_usage,
-};
-
-CONSTRUCTOR(iptree)
-{
- settype_register(&settype_iptree);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_iptreemap.c
^
|
@@ -1,208 +0,0 @@
-/* Copyright 2007 Sven Wegener <sven.wegener@stealer.net>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem* */
-
-#include "ipset.h"
-
-#include "ip_set_iptreemap.h"
-
-#define OPT_CREATE_GC 0x1
-
-static void
-iptreemap_create_init(void *data)
-{
- struct ip_set_req_iptreemap_create *mydata = data;
-
- mydata->gc_interval = 0;
-}
-
-static int
-iptreemap_create_parse(int c, char *argv[] UNUSED, void *data,
- unsigned int *flags)
-{
- struct ip_set_req_iptreemap_create *mydata = data;
-
- switch (c) {
- case 'g':
- string_to_number(optarg, 0, UINT_MAX, &mydata->gc_interval);
-
- *flags |= OPT_CREATE_GC;
- break;
- default:
- return 0;
- break;
- }
-
- return 1;
-}
-
-static void
-iptreemap_create_final(void *data UNUSED, unsigned int flags UNUSED)
-{
-}
-
-static const struct option create_opts[] = {
- {.name = "gc", .has_arg = required_argument, .val = 'g'},
- {NULL},
-};
-
-static ip_set_ip_t
-iptreemap_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_iptreemap *mydata = data;
- ip_set_ip_t mask;
-
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
-
- if (strchr(tmp, '/')) {
- parse_ipandmask(tmp, &mydata->ip, &mask);
- mydata->end = mydata->ip | ~mask;
- } else {
- if ((ptr = strchr(tmp, ':')) != NULL && ++warn_once == 1)
- fprintf(stderr, "Warning: please use '-' separator token between IP range.\n"
- "Next release won't support old separator token.\n");
- ptr = strsep(&tmp, "-:");
- parse_ip(ptr, &mydata->ip);
-
- if (tmp) {
- parse_ip(tmp, &mydata->end);
- } else {
- mydata->end = mydata->ip;
- }
- }
-
- ipset_free(saved);
-
- return 1;
-}
-
-static void
-iptreemap_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_iptreemap_create *header = data;
- struct ip_set_iptreemap *map = set->settype->header;
-
- map->gc_interval = header->gc_interval;
-}
-
-static void
-iptreemap_printheader(struct set *set, unsigned int options UNUSED)
-{
- struct ip_set_iptreemap *mysetdata = set->settype->header;
-
- if (mysetdata->gc_interval)
- printf(" gc: %u", mysetdata->gc_interval);
-
- printf("\n");
-}
-
-static void
-iptreemap_printips_sorted(struct set *set UNUSED, void *data,
- u_int32_t len, unsigned int options, char dont_align)
-{
- struct ip_set_req_iptreemap *req;
- size_t offset = 0;
-
- while (len >= offset + sizeof(struct ip_set_req_iptreemap)) {
- req = data + offset;
-
- printf("%s", ip_tostring(req->ip, options));
- if (req->ip != req->end)
- printf("-%s", ip_tostring(req->end, options));
- printf("\n");
-
- offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align);
- }
-}
-
-static void
-iptreemap_saveheader(struct set *set, unsigned int options UNUSED)
-{
- struct ip_set_iptreemap *mysetdata = set->settype->header;
-
- printf("-N %s %s", set->name, set->settype->typename);
-
- if (mysetdata->gc_interval)
- printf(" --gc %u", mysetdata->gc_interval);
-
- printf("\n");
-}
-
-static void
-iptreemap_saveips(struct set *set UNUSED, void *data,
- u_int32_t len, unsigned int options, char dont_align)
-{
- struct ip_set_req_iptreemap *req;
- size_t offset = 0;
-
- while (len >= offset + sizeof(struct ip_set_req_iptreemap)) {
- req = data + offset;
-
- printf("-A %s %s", set->name, ip_tostring(req->ip, options));
-
- if (req->ip != req->end)
- printf("-%s", ip_tostring(req->end, options));
-
- printf("\n");
-
- offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align);
- }
-}
-
-static void
-iptreemap_usage(void)
-{
- printf(
- "-N set iptreemap --gc interval\n"
- "-A set IP\n"
- "-D set IP\n"
- "-T set IP\n"
- );
-}
-
-static struct settype settype_iptreemap = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- .create_size = sizeof(struct ip_set_req_iptreemap_create),
- .create_init = iptreemap_create_init,
- .create_parse = iptreemap_create_parse,
- .create_final = iptreemap_create_final,
- .create_opts = create_opts,
-
- .adt_size = sizeof(struct ip_set_req_iptreemap),
- .adt_parser = iptreemap_adt_parser,
-
- .header_size = sizeof(struct ip_set_iptreemap),
- .initheader = iptreemap_initheader,
- .printheader = iptreemap_printheader,
- .printips = iptreemap_printips_sorted,
- .printips_sorted = iptreemap_printips_sorted,
- .saveheader = iptreemap_saveheader,
- .saveips = iptreemap_saveips,
-
- .usage = iptreemap_usage,
-};
-
-CONSTRUCTOR(iptreemap)
-{
- settype_register(&settype_iptreemap);
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_macipmap.c
^
|
@@ -1,382 +0,0 @@
-/* Copyright 2000, 2001, 2002 Joakim Axelsson (gozem@linux.nu)
- * Patrick Schaaf (bof@bof.de)
- * Martin Josefsson (gandalf@wlug.westbo.se)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-
-#include <stdio.h> /* *printf */
-#include <stdlib.h> /* mem* */
-#include <string.h> /* str* */
-#include <net/ethernet.h> /* ETH_ALEN */
-
-#include "ipset.h"
-
-#include "ip_set_macipmap.h"
-
-#define BUFLEN 30;
-
-#define OPT_CREATE_FROM 0x01U
-#define OPT_CREATE_TO 0x02U
-#define OPT_CREATE_NETWORK 0x04U
-#define OPT_CREATE_MATCHUNSET 0x08U
-
-#define OPT_ADDDEL_IP 0x01U
-#define OPT_ADDDEL_MAC 0x02U
-
-/* Initialize the create. */
-static void
-macipmap_create_init(void *data UNUSED)
-{
- DP("create INIT");
- /* Nothing */
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-macipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
-{
- struct ip_set_req_macipmap_create *mydata = data;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
- parse_ip(optarg, &mydata->from);
-
- *flags |= OPT_CREATE_FROM;
-
- DP("--from %x (%s)", mydata->from,
- ip_tostring_numeric(mydata->from));
-
- break;
-
- case '2':
- parse_ip(optarg, &mydata->to);
-
- *flags |= OPT_CREATE_TO;
-
- DP("--to %x (%s)", mydata->to,
- ip_tostring_numeric(mydata->to));
-
- break;
-
- case '3':
- parse_ipandmask(optarg, &mydata->from, &mydata->to);
-
- /* Make to the last of from + mask */
- mydata->to = mydata->from | (~mydata->to);
-
- *flags |= OPT_CREATE_NETWORK;
-
- DP("--network from %x (%s)",
- mydata->from, ip_tostring_numeric(mydata->from));
- DP("--network to %x (%s)",
- mydata->to, ip_tostring_numeric(mydata->to));
-
- break;
-
- case '4':
- mydata->flags |= IPSET_MACIP_MATCHUNSET;
-
- *flags |= OPT_CREATE_MATCHUNSET;
-
- DP("--matchunset");
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-macipmap_create_final(void *data, unsigned int flags)
-{
- struct ip_set_req_macipmap_create *mydata = data;
-
- if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to, or --network\n");
-
- if (flags & OPT_CREATE_NETWORK) {
- /* --network */
- if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
- exit_error(PARAMETER_PROBLEM,
- "Can't specify --from or --to with --network\n");
- } else {
- /* --from --to */
- if ((flags & OPT_CREATE_FROM) == 0
- || (flags & OPT_CREATE_TO) == 0)
- exit_error(PARAMETER_PROBLEM,
- "Need to specify both --from and --to\n");
- }
-
-
- DP("from : %x to: %x diff: %d match unset: %d", mydata->from,
- mydata->to, mydata->to - mydata->from,
- flags & OPT_CREATE_MATCHUNSET);
-
- if (mydata->from > mydata->to)
- exit_error(PARAMETER_PROBLEM,
- "From can't be lower than to.\n");
-
- if (mydata->to - mydata->from > MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
- "Range too large. Max is %d IPs in range\n",
- MAX_RANGE+1);
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "from", .has_arg = required_argument, .val = '1'},
- {.name = "to", .has_arg = required_argument, .val = '2'},
- {.name = "network", .has_arg = required_argument, .val = '3'},
- {.name = "matchunset", .has_arg = no_argument, .val = '4'},
- {NULL},
-};
-
-static void
-parse_mac(const char *mac, unsigned char *ethernet)
-{
- unsigned int i = 0;
-
- if (strlen(mac) != ETH_ALEN * 3 - 1)
- exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
-
- for (i = 0; i < ETH_ALEN; i++) {
- long number;
- char *end;
-
- number = strtol(mac + i * 3, &end, 16);
-
- if (end == mac + i * 3 + 2 && number >= 0 && number <= 255)
- ethernet[i] = number;
- else
- exit_error(PARAMETER_PROBLEM,
- "Bad mac address `%s'", mac);
- }
-}
-
-/* Add, del, test parser */
-static ip_set_ip_t
-macipmap_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_macipmap *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
-
- DP("macipmap: %p %p", arg, data);
-
- ptr = strsep(&tmp, ",");
- if (!tmp) {
- tmp = saved;
- ptr = strsep(&tmp, ":%");
- if (tmp && ++warn_once == 1)
- fprintf(stderr, "Warning: please use ',' separator token between ip,mac.\n"
- "Next release won't support old separator tokens.\n");
- }
- parse_ip(ptr, &mydata->ip);
-
- if (tmp)
- parse_mac(tmp, mydata->ethernet);
- else
- memset(mydata->ethernet, 0, ETH_ALEN);
-
- free(saved);
-
- return 1;
-}
-
-/*
- * Print and save
- */
-
-static void
-macipmap_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_macipmap_create *header = data;
- struct ip_set_macipmap *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_macipmap));
- map->first_ip = header->from;
- map->last_ip = header->to;
- map->flags = header->flags;
-}
-
-static void
-macipmap_printheader(struct set *set, unsigned options)
-{
- struct ip_set_macipmap *mysetdata = set->settype->header;
-
- printf(" from: %s", ip_tostring(mysetdata->first_ip, options));
- printf(" to: %s", ip_tostring(mysetdata->last_ip, options));
-
- if (mysetdata->flags & IPSET_MACIP_MATCHUNSET)
- printf(" matchunset");
- printf("\n");
-}
-
-static void
-print_mac(unsigned char macaddress[ETH_ALEN])
-{
- unsigned int i;
-
- printf("%02X", macaddress[0]);
- for (i = 1; i < ETH_ALEN; i++)
- printf(":%02X", macaddress[i]);
-}
-
-static inline void
-__macipmap_printips_sorted(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options)
-{
- struct ip_set_macipmap *mysetdata = set->settype->header;
- struct ip_set_macip *table = data;
- u_int32_t addr = mysetdata->first_ip;
-
- while (addr <= mysetdata->last_ip) {
- if (table[addr - mysetdata->first_ip].match) {
- printf("%s,", ip_tostring(addr, options));
- print_mac(table[addr - mysetdata->first_ip].
- ethernet);
- printf("\n");
- }
- addr++;
- }
-}
-
-static void
-macipmap_printips_sorted(struct set *set, void *data,
- u_int32_t len, unsigned options,
- char dont_align)
-{
- struct ip_set_req_macipmap *d;
- size_t offset = 0;
-
- if (dont_align)
- return __macipmap_printips_sorted(set, data, len, options);
-
- while (offset < len) {
- d = data + offset;
- printf("%s,", ip_tostring(d->ip, options));
- print_mac(d->ethernet);
- printf("\n");
- offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap));
- }
-}
-
-static void
-macipmap_saveheader(struct set *set, unsigned options)
-{
- struct ip_set_macipmap *mysetdata = set->settype->header;
-
- printf("-N %s %s --from %s",
- set->name, set->settype->typename,
- ip_tostring(mysetdata->first_ip, options));
- printf(" --to %s", ip_tostring(mysetdata->last_ip, options));
-
- if (mysetdata->flags & IPSET_MACIP_MATCHUNSET)
- printf(" --matchunset");
- printf("\n");
-}
-
-static inline void
-__macipmap_saveips(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options)
-{
- struct ip_set_macipmap *mysetdata = set->settype->header;
- struct ip_set_macip *table = data;
- u_int32_t addr = mysetdata->first_ip;
-
- while (addr <= mysetdata->last_ip) {
- if (table[addr - mysetdata->first_ip].match) {
- printf("-A %s %s,",
- set->name, ip_tostring(addr, options));
- print_mac(table[addr - mysetdata->first_ip].
- ethernet);
- printf("\n");
- }
- addr++;
- }
-}
-
-static void
-macipmap_saveips(struct set *set, void *data,
- u_int32_t len, unsigned options,
- char dont_align)
-{
- struct ip_set_req_macipmap *d;
- size_t offset = 0;
-
- if (dont_align)
- return __macipmap_saveips(set, data, len, options);
-
- while (offset < len) {
- d = data + offset;
- printf("-A %s %s,", set->name, ip_tostring(d->ip, options));
- print_mac(d->ethernet);
- printf("\n");
- offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap));
- }
-}
-
-static void
-macipmap_usage(void)
-{
- printf
- ("-N set macipmap --from IP --to IP [--matchunset]\n"
- "-N set macipmap --network IP/mask [--matchunset]\n"
- "-A set IP[,MAC]\n"
- "-D set IP[,MAC]\n"
- "-T set IP[,MAC]\n");
-}
-
-static struct settype settype_macipmap = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_macipmap_create),
- .create_init = macipmap_create_init,
- .create_parse = macipmap_create_parse,
- .create_final = macipmap_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_macipmap),
- .adt_parser = macipmap_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_macipmap),
- .initheader = macipmap_initheader,
- .printheader = macipmap_printheader,
- .printips = macipmap_printips_sorted,
- .printips_sorted = macipmap_printips_sorted,
- .saveheader = macipmap_saveheader,
- .saveips = macipmap_saveips,
-
- .usage = macipmap_usage,
-};
-
-CONSTRUCTOR(macipmap)
-{
- settype_register(&settype_macipmap);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_nethash.c
^
|
@@ -1,308 +0,0 @@
-/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <limits.h> /* UINT_MAX */
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem*, str* */
-
-#include "ipset.h"
-
-#include "ip_set_nethash.h"
-
-#define BUFLEN 30;
-
-#define OPT_CREATE_HASHSIZE 0x01U
-#define OPT_CREATE_PROBES 0x02U
-#define OPT_CREATE_RESIZE 0x04U
-
-/* Initialize the create. */
-static void
-nethash_create_init(void *data)
-{
- struct ip_set_req_nethash_create *mydata = data;
-
- DP("create INIT");
-
- /* Default create parameters */
- mydata->hashsize = IP_NF_SET_HASHSIZE;
- mydata->probes = 4;
- mydata->resize = 50;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-nethash_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
-{
- struct ip_set_req_nethash_create *mydata = data;
- ip_set_ip_t value;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
-
- if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize))
- exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg);
-
- *flags |= OPT_CREATE_HASHSIZE;
-
- DP("--hashsize %u", mydata->hashsize);
-
- break;
-
- case '2':
-
- if (string_to_number(optarg, 1, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg);
-
- mydata->probes = value;
- *flags |= OPT_CREATE_PROBES;
-
- DP("--probes %u", mydata->probes);
-
- break;
-
- case '3':
-
- if (string_to_number(optarg, 0, 65535, &value))
- exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg);
-
- mydata->resize = value;
- *flags |= OPT_CREATE_RESIZE;
-
- DP("--resize %u", mydata->resize);
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-nethash_create_final(void *data UNUSED, unsigned int flags UNUSED)
-{
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "hashsize", .has_arg = required_argument, .val = '1'},
- {.name = "probes", .has_arg = required_argument, .val = '2'},
- {.name = "resize", .has_arg = required_argument, .val = '3'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-nethash_adt_parser(int cmd, const char *arg, void *data)
-{
- struct ip_set_req_nethash *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
- ip_set_ip_t cidr;
-
- ptr = strsep(&tmp, "/");
-
- if (tmp == NULL) {
- if (cmd == CMD_TEST)
- cidr = 32;
- else
- exit_error(PARAMETER_PROBLEM,
- "Missing cidr from `%s'", arg);
- } else
- if (string_to_number(tmp, 1, 31, &cidr))
- exit_error(PARAMETER_PROBLEM,
- "Out of range cidr `%s' specified", arg);
-
- mydata->cidr = cidr;
- parse_ip(ptr, &mydata->ip);
-#if 0
- if (!mydata->ip)
- exit_error(PARAMETER_PROBLEM,
- "Zero valued IP address `%s' specified", ptr);
-#endif
- ipset_free(saved);
-
- return 1;
-};
-
-/*
- * Print and save
- */
-
-static void
-nethash_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_nethash_create *header = data;
- struct ip_set_nethash *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_nethash));
- map->hashsize = header->hashsize;
- map->probes = header->probes;
- map->resize = header->resize;
-}
-
-static void
-nethash_printheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_nethash *mysetdata = set->settype->header;
-
- printf(" hashsize: %u", mysetdata->hashsize);
- printf(" probes: %u", mysetdata->probes);
- printf(" resize: %u\n", mysetdata->resize);
-}
-
-static char buf[20];
-
-static char *
-unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED)
-{
- int i, j = 3;
- unsigned char a, b;
-
- ip = htonl(ip);
- for (i = 3; i >= 0; i--)
- if (((unsigned char *)&ip)[i] != 0) {
- j = i;
- break;
- }
-
- a = ((unsigned char *)&ip)[j];
- if (a <= 128) {
- a = (a - 1) * 2;
- b = 7;
- } else if (a <= 192) {
- a = (a - 129) * 4;
- b = 6;
- } else if (a <= 224) {
- a = (a - 193) * 8;
- b = 5;
- } else if (a <= 240) {
- a = (a - 225) * 16;
- b = 4;
- } else if (a <= 248) {
- a = (a - 241) * 32;
- b = 3;
- } else if (a <= 252) {
- a = (a - 249) * 64;
- b = 2;
- } else if (a <= 254) {
- a = (a - 253) * 128;
- b = 1;
- } else {
- a = b = 0;
- }
- ((unsigned char *)&ip)[j] = a;
- b += j * 8;
-
- sprintf(buf, "%u.%u.%u.%u/%u",
- ((unsigned char *)&ip)[0],
- ((unsigned char *)&ip)[1],
- ((unsigned char *)&ip)[2],
- ((unsigned char *)&ip)[3],
- b);
-
- DP("%s %s", ip_tostring(ntohl(ip), 0), buf);
- return buf;
-}
-
-static void
-nethash_printips(struct set *set UNUSED, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- size_t offset = 0;
- ip_set_ip_t *ip;
-
- while (offset < len) {
- ip = data + offset;
- printf("%s\n", unpack_ip_tostring(*ip, options));
- offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align);
- }
-}
-
-static void
-nethash_saveheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_nethash *mysetdata = set->settype->header;
-
- printf("-N %s %s --hashsize %u --probes %u --resize %u\n",
- set->name, set->settype->typename,
- mysetdata->hashsize, mysetdata->probes, mysetdata->resize);
-}
-
-/* Print save for an IP */
-static void
-nethash_saveips(struct set *set UNUSED, void *data, u_int32_t len,
- unsigned options, char dont_align)
-{
- size_t offset = 0;
- ip_set_ip_t *ip;
-
- while (offset < len) {
- ip = data + offset;
- printf("-A %s %s\n", set->name,
- unpack_ip_tostring(*ip, options));
- offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align);
- }
-}
-
-static void
-nethash_usage(void)
-{
- printf
- ("-N set nethash [--hashsize hashsize] [--probes probes ]\n"
- " [--resize resize]\n"
- "-A set IP/cidr\n"
- "-D set IP/cidr\n"
- "-T set IP/cidr\n");
-}
-
-static struct settype settype_nethash = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_nethash_create),
- .create_init = nethash_create_init,
- .create_parse = nethash_create_parse,
- .create_final = nethash_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_nethash),
- .adt_parser = nethash_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_nethash),
- .initheader = nethash_initheader,
- .printheader = nethash_printheader,
- .printips = nethash_printips,
- .printips_sorted = nethash_printips,
- .saveheader = nethash_saveheader,
- .saveips = nethash_saveips,
-
- .usage = nethash_usage,
-};
-
-CONSTRUCTOR(nethash)
-{
- settype_register(&settype_nethash);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_portmap.c
^
|
@@ -1,272 +0,0 @@
-/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-
-#include <stdio.h> /* *printf */
-#include <string.h> /* mem* */
-
-#include "ipset.h"
-
-#include "ip_set_portmap.h"
-
-#define BUFLEN 30;
-
-#define OPT_CREATE_FROM 0x01U
-#define OPT_CREATE_TO 0x02U
-
-#define OPT_ADDDEL_PORT 0x01U
-
-/* Initialize the create. */
-static void
-portmap_create_init(void *data UNUSED)
-{
- DP("create INIT");
- /* Nothing */
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-portmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
-{
- struct ip_set_req_portmap_create *mydata = data;
-
- DP("create_parse");
-
- switch (c) {
- case '1':
- parse_port(optarg, &mydata->from);
-
- *flags |= OPT_CREATE_FROM;
-
- DP("--from %x (%s)", mydata->from,
- port_tostring(mydata->from, 0));
-
- break;
-
- case '2':
- parse_port(optarg, &mydata->to);
-
- *flags |= OPT_CREATE_TO;
-
- DP("--to %x (%s)", mydata->to,
- port_tostring(mydata->to, 0));
-
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-portmap_create_final(void *data, unsigned int flags)
-{
- struct ip_set_req_portmap_create *mydata = data;
-
- if (flags == 0) {
- exit_error(PARAMETER_PROBLEM,
- "Need to specify --from and --to\n");
- } else {
- /* --from --to */
- if ((flags & OPT_CREATE_FROM) == 0
- || (flags & OPT_CREATE_TO) == 0)
- exit_error(PARAMETER_PROBLEM,
- "Need to specify both --from and --to\n");
- }
-
- DP("from : %x to: %x diff: %d", mydata->from, mydata->to,
- mydata->to - mydata->from);
-
- if (mydata->from > mydata->to)
- exit_error(PARAMETER_PROBLEM,
- "From can't be lower than to.\n");
-
- if (mydata->to - mydata->from > MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
- "Range too large. Max is %d ports in range\n",
- MAX_RANGE+1);
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "from", .has_arg = required_argument, .val = '1'},
- {.name = "to", .has_arg = required_argument, .val = '2'},
- {NULL},
-};
-
-/* Add, del, test parser */
-static ip_set_ip_t
-portmap_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_portmap *mydata = data;
-
- parse_port(arg, &mydata->ip);
- DP("%s", port_tostring(mydata->ip, 0));
-
- return 1;
-}
-
-/*
- * Print and save
- */
-
-static void
-portmap_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_portmap_create *header = data;
- struct ip_set_portmap *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_portmap));
- map->first_ip = header->from;
- map->last_ip = header->to;
-}
-
-static void
-portmap_printheader(struct set *set, unsigned options)
-{
- struct ip_set_portmap *mysetdata = set->settype->header;
-
- printf(" from: %s", port_tostring(mysetdata->first_ip, options));
- printf(" to: %s\n", port_tostring(mysetdata->last_ip, options));
-}
-
-static inline void
-__portmap_printips_sorted(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options)
-{
- struct ip_set_portmap *mysetdata = set->settype->header;
- ip_set_ip_t addr = mysetdata->first_ip;
-
- DP("%u -- %u", mysetdata->first_ip, mysetdata->last_ip);
- while (addr <= mysetdata->last_ip) {
- if (test_bit(addr - mysetdata->first_ip, data))
- printf("%s\n", port_tostring(addr, options));
- addr++;
- }
-}
-
-static void
-portmap_printips_sorted(struct set *set, void *data,
- u_int32_t len, unsigned options,
- char dont_align)
-{
- ip_set_ip_t *ip;
- size_t offset = 0;
-
- if (dont_align)
- return __portmap_printips_sorted(set, data, len, options);
-
- while (offset < len) {
- ip = data + offset;
- printf("%s\n", port_tostring(*ip, options));
- offset += IPSET_ALIGN(sizeof(ip_set_ip_t));
- }
-}
-
-static void
-portmap_saveheader(struct set *set, unsigned options)
-{
- struct ip_set_portmap *mysetdata = set->settype->header;
-
- printf("-N %s %s --from %s",
- set->name,
- set->settype->typename,
- port_tostring(mysetdata->first_ip, options));
- printf(" --to %s\n",
- port_tostring(mysetdata->last_ip, options));
-}
-
-static inline void
-__portmap_saveips(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options)
-{
- struct ip_set_portmap *mysetdata = set->settype->header;
- ip_set_ip_t addr = mysetdata->first_ip;
-
- while (addr <= mysetdata->last_ip) {
- DP("addr: %lu, last_ip %lu", (long unsigned)addr, (long unsigned)mysetdata->last_ip);
- if (test_bit(addr - mysetdata->first_ip, data))
- printf("-A %s %s\n",
- set->name,
- port_tostring(addr, options));
- addr++;
- }
-}
-
-static void
-portmap_saveips(struct set *set, void *data,
- u_int32_t len, unsigned options,
- char dont_align)
-{
- ip_set_ip_t *ip;
- size_t offset = 0;
-
- if (dont_align)
- return __portmap_saveips(set, data, len, options);
-
- while (offset < len) {
- ip = data + offset;
- printf("-A %s %s\n", set->name, port_tostring(*ip, options));
- offset += IPSET_ALIGN(sizeof(ip_set_ip_t));
- }
-}
-
-static void
-portmap_usage(void)
-{
- printf
- ("-N set portmap --from PORT --to PORT\n"
- "-A set PORT\n"
- "-D set PORT\n"
- "-T set PORT\n");
-}
-
-static struct settype settype_portmap = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_portmap_create),
- .create_init = portmap_create_init,
- .create_parse = portmap_create_parse,
- .create_final = portmap_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_portmap),
- .adt_parser = portmap_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_portmap),
- .initheader = portmap_initheader,
- .printheader = portmap_printheader,
- .printips = portmap_printips_sorted,
- .printips_sorted = portmap_printips_sorted,
- .saveheader = portmap_saveheader,
- .saveips = portmap_saveips,
-
- .usage = portmap_usage,
-};
-
-CONSTRUCTOR(portmap)
-{
- settype_register(&settype_portmap);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_setlist.c
^
|
@@ -1,229 +0,0 @@
-/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include "ip_set_setlist.h"
-#include "ipset.h"
-
-/* Initialize the create. */
-static void
-setlist_create_init(void *data)
-{
- struct ip_set_req_setlist_create *mydata = data;
-
- mydata->size = 8;
-}
-
-/* Function which parses command options; returns true if it ate an option */
-static int
-setlist_create_parse(int c, char *argv[] UNUSED, void *data,
- unsigned *flags UNUSED)
-{
- struct ip_set_req_setlist_create *mydata = data;
- unsigned int size;
-
- switch (c) {
- case '1':
- if (string_to_number(optarg, 1, 255, &size))
- exit_error(PARAMETER_PROBLEM,
- "Invalid size '%s specified: must be "
- "between 1-255", optarg);
- mydata->size = size;
- break;
- default:
- return 0;
- }
- return 1;
-}
-
-/* Final check; exit if not ok. */
-static void
-setlist_create_final(void *data UNUSED, unsigned int flags UNUSED)
-{
-}
-
-/* Create commandline options */
-static const struct option create_opts[] = {
- {.name = "size", .has_arg = required_argument, .val = '1'},
- {NULL},
-};
-
-static void
-check_setname(const char *name)
-{
- if (strlen(name) > IP_SET_MAXNAMELEN - 1)
- exit_error(PARAMETER_PROBLEM,
- "Setname %s is longer than %d characters.",
- name, IP_SET_MAXNAMELEN - 1);
-}
-
-/* Add, del, test parser */
-static ip_set_ip_t
-setlist_adt_parser(int cmd UNUSED, const char *arg, void *data)
-{
- struct ip_set_req_setlist *mydata = data;
- char *saved = ipset_strdup(arg);
- char *ptr, *tmp = saved;
-
- DP("setlist: %p %p", arg, data);
-
- ptr = strsep(&tmp, ",");
- check_setname(ptr);
- strcpy(mydata->name, ptr);
-
- if (!tmp) {
- mydata->before = 0;
- mydata->ref[0] = '\0';
- return 1;
- }
-
- ptr = strsep(&tmp, ",");
-
- if (tmp == NULL || !(strcmp(ptr, "before") == 0 || strcmp(ptr, "after") == 0))
- exit_error(PARAMETER_PROBLEM,
- "Syntax error, you must specify elements as setname,[before|after],setname");
-
- check_setname(tmp);
- strcpy(mydata->ref, tmp);
- mydata->before = !strcmp(ptr, "before");
-
- free(saved);
-
- return 1;
-}
-
-/*
- * Print and save
- */
-
-static void
-setlist_initheader(struct set *set, const void *data)
-{
- const struct ip_set_req_setlist_create *header = data;
- struct ip_set_setlist *map = set->settype->header;
-
- memset(map, 0, sizeof(struct ip_set_setlist));
- map->size = header->size;
-}
-
-static void
-setlist_printheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_setlist *mysetdata = set->settype->header;
-
- printf(" size: %u\n", mysetdata->size);
-}
-
-static void
-setlist_printips_sorted(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options UNUSED,
- char dont_align)
-{
- struct ip_set_setlist *mysetdata = set->settype->header;
- int i, asize;
- ip_set_id_t *id;
- struct set *elem;
-
- asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align);
- for (i = 0; i < mysetdata->size; i++ ) {
- DP("Try %u", i);
- id = (ip_set_id_t *)(data + i * asize);
- DP("Try %u, check", i);
- if (*id == IP_SET_INVALID_ID)
- return;
- elem = set_find_byid(*id);
- printf("%s\n", elem->name);
- }
-}
-
-static void
-setlist_saveheader(struct set *set, unsigned options UNUSED)
-{
- struct ip_set_setlist *mysetdata = set->settype->header;
-
- printf("-N %s %s --size %u\n",
- set->name, set->settype->typename,
- mysetdata->size);
-}
-
-static void
-setlist_saveips(struct set *set, void *data,
- u_int32_t len UNUSED, unsigned options UNUSED, char dont_align)
-{
- struct ip_set_setlist *mysetdata = set->settype->header;
- int i, asize;
- ip_set_id_t *id;
- struct set *elem;
-
- asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align);
- for (i = 0; i < mysetdata->size; i++ ) {
- id = (ip_set_id_t *)(data + i * asize);
- if (*id == IP_SET_INVALID_ID)
- return;
- elem = set_find_byid(*id);
- printf("-A %s %s\n", set->name, elem->name);
- }
-}
-
-static void
-setlist_usage(void)
-{
- printf
- ("-N set setlist --size size\n"
- "-A set setname[,before|after,setname]\n"
- "-D set setname\n"
- "-T set setname\n");
-}
-
-static struct settype settype_setlist = {
- .typename = SETTYPE_NAME,
- .protocol_version = IP_SET_PROTOCOL_VERSION,
-
- /* Create */
- .create_size = sizeof(struct ip_set_req_setlist_create),
- .create_init = setlist_create_init,
- .create_parse = setlist_create_parse,
- .create_final = setlist_create_final,
- .create_opts = create_opts,
-
- /* Add/del/test */
- .adt_size = sizeof(struct ip_set_req_setlist),
- .adt_parser = setlist_adt_parser,
-
- /* Printing */
- .header_size = sizeof(struct ip_set_setlist),
- .initheader = setlist_initheader,
- .printheader = setlist_printheader,
- .printips = setlist_printips_sorted,
- .printips_sorted = setlist_printips_sorted,
- .saveheader = setlist_saveheader,
- .saveips = setlist_saveips,
-
- .usage = setlist_usage,
-};
-
-CONSTRUCTOR(setlist)
-{
- settype_register(&settype_setlist);
-
-}
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipt_SET.c
^
|
@@ -1,138 +0,0 @@
-/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
- * Patrick Schaaf <bof@bof.de>
- * Martin Josefsson <gandalf@wlug.westbo.se>
- * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* ipt_SET.c - netfilter target to manipulate IP sets */
-
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include <linux/version.h>
-
-#include <linux/netfilter_ipv4.h>
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
-#include <linux/netfilter_ipv4/ip_tables.h>
-#define xt_register_target ipt_register_target
-#define xt_unregister_target ipt_unregister_target
-#define xt_target ipt_target
-#define XT_CONTINUE IPT_CONTINUE
-#else
-#include <linux/netfilter/x_tables.h>
-#endif
-#include "ipt_set.h"
-#include "../compat_xtables.h"
-
-static unsigned int
-target(struct sk_buff **pskb, const struct xt_action_param *par)
-{
- const struct ipt_set_info_target *info = par->targinfo;
-
- if (info->add_set.index != IP_SET_INVALID_ID)
- ip_set_addip_kernel(info->add_set.index,
- *pskb,
- info->add_set.flags);
- if (info->del_set.index != IP_SET_INVALID_ID)
- ip_set_delip_kernel(info->del_set.index,
- *pskb,
- info->del_set.flags);
-
- return XT_CONTINUE;
-}
-
-static int
-checkentry(const struct xt_tgchk_param *par)
-{
- struct ipt_set_info_target *info = par->targinfo;
- ip_set_id_t index;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
- if (targinfosize != IPT_ALIGN(sizeof(*info))) {
- DP("bad target info size %u", targinfosize);
- return -EINVAL;
- }
-#endif
-
- if (info->add_set.index != IP_SET_INVALID_ID) {
- index = ip_set_get_byindex(info->add_set.index);
- if (index == IP_SET_INVALID_ID) {
- ip_set_printk("cannot find add_set index %u as target",
- info->add_set.index);
- return -EINVAL;
- }
- }
-
- if (info->del_set.index != IP_SET_INVALID_ID) {
- index = ip_set_get_byindex(info->del_set.index);
- if (index == IP_SET_INVALID_ID) {
- ip_set_printk("cannot find del_set index %u as target",
- info->del_set.index);
- return -EINVAL;
- }
- }
- if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0
- || info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) {
- ip_set_printk("That's nasty!");
- return -EINVAL;
- }
-
- return 0;
-}
-
-static void destroy(const struct xt_tgdtor_param *par)
-{
- struct ipt_set_info_target *info = par->targinfo;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
- if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
- ip_set_printk("invalid targetsize %d", targetsize);
- return;
- }
-#endif
- if (info->add_set.index != IP_SET_INVALID_ID)
- ip_set_put_byindex(info->add_set.index);
- if (info->del_set.index != IP_SET_INVALID_ID)
- ip_set_put_byindex(info->del_set.index);
-}
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static struct xt_target SET_target = {
- .name = "SET",
- .target = target,
- .checkentry = checkentry,
- .destroy = destroy,
- .me = THIS_MODULE
-};
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
-static struct xt_target SET_target = {
- .name = "SET",
- .family = AF_INET,
- .target = target,
- .targetsize = sizeof(struct ipt_set_info_target),
- .checkentry = checkentry,
- .destroy = destroy,
- .me = THIS_MODULE
-};
-#endif
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("iptables IP set target module");
-
-static int __init ipt_SET_init(void)
-{
- return xt_register_target(&SET_target);
-}
-
-static void __exit ipt_SET_fini(void)
-{
- xt_unregister_target(&SET_target);
-}
-
-module_init(ipt_SET_init);
-module_exit(ipt_SET_fini);
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipt_set.c
^
|
@@ -1,126 +0,0 @@
-/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
- * Patrick Schaaf <bof@bof.de>
- * Martin Josefsson <gandalf@wlug.westbo.se>
- * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* Kernel module to match an IP set. */
-
-#include <linux/module.h>
-#include <linux/ip.h>
-#include <linux/skbuff.h>
-#include <linux/version.h>
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
-#include <linux/netfilter_ipv4/ip_tables.h>
-#define xt_register_match ipt_register_match
-#define xt_unregister_match ipt_unregister_match
-#define xt_match ipt_match
-#else
-#include <linux/netfilter/x_tables.h>
-#endif
-#include "ip_set.h"
-#include "ipt_set.h"
-#include "../compat_xtables.h"
-
-static inline int
-match_set(const struct ipt_set_info *info,
- const struct sk_buff *skb,
- int inv)
-{
- if (ip_set_testip_kernel(info->index, skb, info->flags))
- inv = !inv;
- return inv;
-}
-
-static bool
-match(const struct sk_buff *skb, struct xt_action_param *par)
-{
- const struct ipt_set_info_match *info = par->matchinfo;
-
- return match_set(&info->match_set,
- skb,
- info->match_set.flags[0] & IPSET_MATCH_INV);
-}
-
-static int
-checkentry(const struct xt_mtchk_param *par)
-{
- struct ipt_set_info_match *info = par->matchinfo;
- ip_set_id_t index;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
- if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
- ip_set_printk("invalid matchsize %d", matchsize);
- return -EINVAL;
- }
-#endif
-
- index = ip_set_get_byindex(info->match_set.index);
-
- if (index == IP_SET_INVALID_ID) {
- ip_set_printk("Cannot find set indentified by id %u to match",
- info->match_set.index);
- return -ENOENT;
- }
- if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) {
- ip_set_printk("That's nasty!");
- return -EINVAL;
- }
-
- return 0;
-}
-
-static void destroy(const struct xt_mtdtor_param *par)
-{
- struct ipt_set_info_match *info = par->matchinfo;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
- if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
- ip_set_printk("invalid matchsize %d", matchsize);
- return;
- }
-#endif
- ip_set_put_byindex(info->match_set.index);
-}
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static struct xt_match set_match = {
- .name = "set",
- .match = &match,
- .checkentry = &checkentry,
- .destroy = &destroy,
- .me = THIS_MODULE
-};
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
-static struct xt_match set_match = {
- .name = "set",
- .family = AF_INET,
- .match = &match,
- .matchsize = sizeof(struct ipt_set_info_match),
- .checkentry = &checkentry,
- .destroy = &destroy,
- .me = THIS_MODULE
-};
-#endif
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
-MODULE_DESCRIPTION("iptables IP set match module");
-
-static int __init ipt_ipset_init(void)
-{
- return xt_register_match(&set_match);
-}
-
-static void __exit ipt_ipset_fini(void)
-{
- xt_unregister_match(&set_match);
-}
-
-module_init(ipt_ipset_init);
-module_exit(ipt_ipset_fini);
|
[-]
[+]
|
Deleted |
xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipt_set.h
^
|
@@ -1,21 +0,0 @@
-#ifndef _IPT_SET_H
-#define _IPT_SET_H
-
-#include "ip_set.h"
-
-struct ipt_set_info {
- ip_set_id_t index;
- u_int32_t flags[IP_SET_MAX_BINDINGS + 1];
-};
-
-/* match info */
-struct ipt_set_info_match {
- struct ipt_set_info match_set;
-};
-
-struct ipt_set_info_target {
- struct ipt_set_info add_set;
- struct ipt_set_info del_set;
-};
-
-#endif /*_IPT_SET_H*/
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/configure
^
|
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for xtables-addons 1.38.
+# Generated by GNU Autoconf 2.68 for xtables-addons 1.39.
#
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -706,8 +706,8 @@
# Identity of this package.
PACKAGE_NAME='xtables-addons'
PACKAGE_TARNAME='xtables-addons'
-PACKAGE_VERSION='1.38'
-PACKAGE_STRING='xtables-addons 1.38'
+PACKAGE_VERSION='1.39'
+PACKAGE_STRING='xtables-addons 1.39'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1441,7 +1441,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures xtables-addons 1.38 to adapt to many kinds of systems.
+\`configure' configures xtables-addons 1.39 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1511,7 +1511,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of xtables-addons 1.38:";;
+ short | recursive ) echo "Configuration of xtables-addons 1.39:";;
esac
cat <<\_ACEOF
@@ -1628,7 +1628,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-xtables-addons configure 1.38
+xtables-addons configure 1.39
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -1993,7 +1993,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by xtables-addons $as_me 1.38, which was
+It was created by xtables-addons $as_me 1.39, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -2811,7 +2811,7 @@
# Define the identity of the package.
PACKAGE='xtables-addons'
- VERSION='1.38'
+ VERSION='1.39'
cat >>confdefs.h <<_ACEOF
@@ -10944,7 +10944,7 @@
-ac_config_files="$ac_config_files Makefile Makefile.iptrules Makefile.mans geoip/Makefile extensions/Makefile extensions/ACCOUNT/Makefile extensions/ipset-4/Makefile extensions/ipset-6/Makefile extensions/pknock/Makefile"
+ac_config_files="$ac_config_files Makefile Makefile.iptrules Makefile.mans geoip/Makefile extensions/Makefile extensions/ACCOUNT/Makefile extensions/ipset-6/Makefile extensions/pknock/Makefile"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -11480,7 +11480,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by xtables-addons $as_me 1.38, which was
+This file was extended by xtables-addons $as_me 1.39, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -11546,7 +11546,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-xtables-addons config.status 1.38
+xtables-addons config.status 1.39
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@@ -11939,7 +11939,6 @@
"geoip/Makefile") CONFIG_FILES="$CONFIG_FILES geoip/Makefile" ;;
"extensions/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/Makefile" ;;
"extensions/ACCOUNT/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/ACCOUNT/Makefile" ;;
- "extensions/ipset-4/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/ipset-4/Makefile" ;;
"extensions/ipset-6/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/ipset-6/Makefile" ;;
"extensions/pknock/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/pknock/Makefile" ;;
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/configure.ac
^
|
@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [1.38])
+AC_INIT([xtables-addons], [1.39])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_INSTALL
@@ -78,6 +78,6 @@
AC_SUBST([xtlibdir])
AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans geoip/Makefile
extensions/Makefile extensions/ACCOUNT/Makefile
- extensions/ipset-4/Makefile extensions/ipset-6/Makefile
+ extensions/ipset-6/Makefile
extensions/pknock/Makefile])
AC_OUTPUT
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/doc/changelog.txt
^
|
@@ -3,6 +3,18 @@
====
+v1.39 (2011-09-21)
+==================
+Fixes:
+- libxt_ACCOUNT: fix compilation after missing libxtables_CFLAGS
+- build: fix compilation after missing libxtables_CFLAGS in submodules
+- build: add missing linux/version.h includes where needed
+Changes:
+- Remove unsupported ipset 4.x from the Xtables-addons distribution
+- ipset: move ipset_errcode from src to library to avoid undefined reference
+- update to ipset 6.9.1
+
+
v1.38 (2011-08-20)
==================
- xt_CHECKSUM: abort build when the feature is already provided by mainline
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ACCOUNT/Makefile.am
^
|
@@ -1,7 +1,7 @@
# -*- Makefile -*-
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
-AM_CFLAGS = ${regular_CFLAGS}
+AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
include ../../Makefile.extra
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ACCOUNT/Makefile.in
^
|
@@ -247,7 +247,7 @@
top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
-AM_CFLAGS = ${regular_CFLAGS}
+AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
XA_SRCDIR = ${srcdir}
XA_TOPSRCDIR = ${top_srcdir}
XA_ABSTOPSRCDIR = ${abs_top_srcdir}
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/Kbuild
^
|
@@ -27,7 +27,6 @@
obj-${build_geoip} += xt_geoip.o
obj-${build_iface} += xt_iface.o
obj-${build_ipp2p} += xt_ipp2p.o
-obj-${build_ipset4} += ipset-4/
obj-${build_ipset6} += ipset-6/
obj-${build_ipv4options} += xt_ipv4options.o
obj-${build_length2} += xt_length2.o
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/Mbuild
^
|
@@ -19,7 +19,6 @@
obj-${build_geoip} += libxt_geoip.so
obj-${build_iface} += libxt_iface.so
obj-${build_ipp2p} += libxt_ipp2p.so
-obj-${build_ipset4} += ipset-4/
obj-${build_ipset6} += ipset-6/
obj-${build_ipv4options} += libxt_ipv4options.so
obj-${build_length2} += libxt_length2.so
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/Kbuild
^
|
@@ -8,4 +8,4 @@
ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o
-EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256
+EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256 -DIPSET_EXTERNAL_MODULE=1
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/Makefile.am
^
|
@@ -8,12 +8,12 @@
lib_LTLIBRARIES = libipset.la
libipset_la_SOURCES = libipset/data.c libipset/icmp.c libipset/icmpv6.c \
libipset/mnl.c libipset/parse.c libipset/print.c \
- libipset/session.c libipset/types.c
+ libipset/session.c libipset/types.c libipset/errcode.c
libipset_la_LIBADD = ${libmnl_LIBS}
libipset_la_LDFLAGS = -version-info 1:0:0
sbin_PROGRAMS = ipset
-ipset_SOURCES = src/ipset.c src/errcode.c src/ui.c src/ipset_bitmap_ip.c \
+ipset_SOURCES = src/ipset.c src/ui.c src/ipset_bitmap_ip.c \
src/ipset_bitmap_ipmac.c src/ipset_bitmap_port.c \
src/ipset_hash_ip.c src/ipset_hash_ipport.c \
src/ipset_hash_ipportip.c src/ipset_hash_ipportnet.c \
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/Makefile.in
^
|
@@ -84,7 +84,8 @@
am__dirstamp = $(am__leading_dot)dirstamp
am_libipset_la_OBJECTS = libipset/data.lo libipset/icmp.lo \
libipset/icmpv6.lo libipset/mnl.lo libipset/parse.lo \
- libipset/print.lo libipset/session.lo libipset/types.lo
+ libipset/print.lo libipset/session.lo libipset/types.lo \
+ libipset/errcode.lo
libipset_la_OBJECTS = $(am_libipset_la_OBJECTS)
AM_V_lt = $(am__v_lt_$(V))
am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
@@ -93,9 +94,8 @@
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libipset_la_LDFLAGS) $(LDFLAGS) -o $@
PROGRAMS = $(sbin_PROGRAMS)
-am_ipset_OBJECTS = src/ipset.$(OBJEXT) src/errcode.$(OBJEXT) \
- src/ui.$(OBJEXT) src/ipset_bitmap_ip.$(OBJEXT) \
- src/ipset_bitmap_ipmac.$(OBJEXT) \
+am_ipset_OBJECTS = src/ipset.$(OBJEXT) src/ui.$(OBJEXT) \
+ src/ipset_bitmap_ip.$(OBJEXT) src/ipset_bitmap_ipmac.$(OBJEXT) \
src/ipset_bitmap_port.$(OBJEXT) src/ipset_hash_ip.$(OBJEXT) \
src/ipset_hash_ipport.$(OBJEXT) \
src/ipset_hash_ipportip.$(OBJEXT) \
@@ -270,11 +270,11 @@
lib_LTLIBRARIES = libipset.la
libipset_la_SOURCES = libipset/data.c libipset/icmp.c libipset/icmpv6.c \
libipset/mnl.c libipset/parse.c libipset/print.c \
- libipset/session.c libipset/types.c
+ libipset/session.c libipset/types.c libipset/errcode.c
libipset_la_LIBADD = ${libmnl_LIBS}
libipset_la_LDFLAGS = -version-info 1:0:0
-ipset_SOURCES = src/ipset.c src/errcode.c src/ui.c src/ipset_bitmap_ip.c \
+ipset_SOURCES = src/ipset.c src/ui.c src/ipset_bitmap_ip.c \
src/ipset_bitmap_ipmac.c src/ipset_bitmap_port.c \
src/ipset_hash_ip.c src/ipset_hash_ipport.c \
src/ipset_hash_ipportip.c src/ipset_hash_ipportnet.c \
@@ -371,6 +371,8 @@
libipset/$(DEPDIR)/$(am__dirstamp)
libipset/types.lo: libipset/$(am__dirstamp) \
libipset/$(DEPDIR)/$(am__dirstamp)
+libipset/errcode.lo: libipset/$(am__dirstamp) \
+ libipset/$(DEPDIR)/$(am__dirstamp)
libipset.la: $(libipset_la_OBJECTS) $(libipset_la_DEPENDENCIES)
$(AM_V_CCLD)$(libipset_la_LINK) -rpath $(libdir) $(libipset_la_OBJECTS) $(libipset_la_LIBADD) $(LIBS)
install-sbinPROGRAMS: $(sbin_PROGRAMS)
@@ -423,8 +425,6 @@
@$(MKDIR_P) src/$(DEPDIR)
@: > src/$(DEPDIR)/$(am__dirstamp)
src/ipset.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp)
-src/errcode.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
src/ui.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp)
src/ipset_bitmap_ip.$(OBJEXT): src/$(am__dirstamp) \
src/$(DEPDIR)/$(am__dirstamp)
@@ -456,6 +456,8 @@
-rm -f *.$(OBJEXT)
-rm -f libipset/data.$(OBJEXT)
-rm -f libipset/data.lo
+ -rm -f libipset/errcode.$(OBJEXT)
+ -rm -f libipset/errcode.lo
-rm -f libipset/icmp.$(OBJEXT)
-rm -f libipset/icmp.lo
-rm -f libipset/icmpv6.$(OBJEXT)
@@ -470,7 +472,6 @@
-rm -f libipset/session.lo
-rm -f libipset/types.$(OBJEXT)
-rm -f libipset/types.lo
- -rm -f src/errcode.$(OBJEXT)
-rm -f src/ipset.$(OBJEXT)
-rm -f src/ipset_bitmap_ip.$(OBJEXT)
-rm -f src/ipset_bitmap_ipmac.$(OBJEXT)
@@ -489,6 +490,7 @@
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/data.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/errcode.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/icmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/icmpv6.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/mnl.Plo@am__quote@
@@ -496,7 +498,6 @@
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/print.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/session.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/types.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/errcode.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/ipset.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/ipset_bitmap_ip.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/ipset_bitmap_ipmac.Po@am__quote@
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/include/libipset/linux_ip_set.h
^
|
@@ -11,6 +11,8 @@
* published by the Free Software Foundation.
*/
+#include <linux/types.h>
+
/* The protocol version */
#define IPSET_PROTOCOL 0x60
@@ -168,4 +170,30 @@
IPSET_CADT_MAX,
};
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+
+#define IPSET_INVALID_ID 65535
+
+enum ip_set_dim {
+ IPSET_DIM_ZERO = 0,
+ IPSET_DIM_ONE,
+ IPSET_DIM_TWO,
+ IPSET_DIM_THREE,
+ /* Max dimension in elements.
+ * If changed, new revision of iptables match/target is required.
+ */
+ IPSET_DIM_MAX = 6,
+};
+
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+ IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+ IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+ IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+ IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+};
+
#endif /* __IP_SET_H */
|
[-]
[+]
|
Added |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/include/libipset/nfproto.h
^
|
@@ -0,0 +1,19 @@
+#ifndef LIBIPSET_NFPROTO_H
+#define LIBIPSET_NFPROTO_H
+
+/*
+ * The constants to select, same as in linux/netfilter.h.
+ * Like nf_inet_addr.h, this is just here so that we need not to rely on
+ * the presence of a recent-enough netfilter.h.
+ */
+enum {
+ NFPROTO_UNSPEC = 0,
+ NFPROTO_IPV4 = 2,
+ NFPROTO_ARP = 3,
+ NFPROTO_BRIDGE = 7,
+ NFPROTO_IPV6 = 10,
+ NFPROTO_DECNET = 12,
+ NFPROTO_NUMPROTO,
+};
+
+#endif /* LIBIPSET_NFPROTO_H */
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/include/libipset/types.h
^
|
@@ -14,24 +14,22 @@
#include <libipset/parse.h> /* ipset_parsefn */
#include <libipset/print.h> /* ipset_printfn */
#include <libipset/linux_ip_set.h> /* IPSET_MAXNAMELEN */
-
-#define AF_INET46 255
+#include <libipset/nfproto.h> /* for NFPROTO_ */
/* Family rules:
- * - AF_UNSPEC: type is family-neutral
- * - AF_INET: type supports IPv4 only
- * - AF_INET6: type supports IPv6 only
- * - AF_INET46: type supports both IPv4 and IPv6
+ * - NFPROTO_UNSPEC: type is family-neutral
+ * - NFPROTO_IPV4: type supports IPv4 only
+ * - NFPROTO_IPV6: type supports IPv6 only
+ * Special (userspace) ipset-only extra value:
+ * - NFPROTO_IPSET_IPV46: type supports both IPv4 and IPv6
*/
-
-/* Set dimensions */
enum {
- IPSET_DIM_ONE, /* foo */
- IPSET_DIM_TWO, /* foo,bar */
- IPSET_DIM_THREE, /* foo,bar,fie */
- IPSET_DIM_MAX,
+ NFPROTO_IPSET_IPV46 = 255,
};
+/* The maximal type dimension userspace supports */
+#define IPSET_DIM_UMAX 3
+
/* Parser options */
enum {
IPSET_NO_ARG = -1,
@@ -76,7 +74,7 @@
uint8_t dimension; /* elem dimension */
int8_t kernel_check; /* kernel check */
bool last_elem_optional; /* last element optional */
- struct ipset_elem elem[IPSET_DIM_MAX]; /* parse elem */
+ struct ipset_elem elem[IPSET_DIM_UMAX]; /* parse elem */
ipset_parsefn compat_parse_elem; /* compatibility parser */
const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args besides elem */
uint64_t mandatory[IPSET_CADT_MAX]; /* create/ADT mandatory flags */
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set.h
^
|
@@ -11,6 +11,7 @@
* published by the Free Software Foundation.
*/
+#include <linux/types.h>
#include <linux/netlink.h>
/* The protocol version */
@@ -170,19 +171,10 @@
IPSET_CADT_MAX,
};
-#ifdef __KERNEL__
-#include <linux/ip.h>
-#include <linux/ipv6.h>
-#include <linux/netlink.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter/x_tables.h>
-#include <linux/vmalloc.h>
-#include <net/netlink.h>
-
/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
* and IPSET_INVALID_ID if you want to increase the max number of sets.
*/
-typedef u16 ip_set_id_t;
+typedef __u16 ip_set_id_t;
#define IPSET_INVALID_ID 65535
@@ -205,6 +197,15 @@
IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
};
+#ifdef __KERNEL__
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/netlink.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/vmalloc.h>
+#include <net/netlink.h>
+
/* Set features */
enum ip_set_feature {
IPSET_TYPE_IP_FLAG = 0,
@@ -290,7 +291,10 @@
u8 features;
/* Set type dimension */
u8 dimension;
- /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */
+ /*
+ * Supported family: may be NFPROTO_UNSPEC for both
+ * NFPROTO_IPV4/NFPROTO_IPV6.
+ */
u8 family;
/* Type revisions */
u8 revision_min, revision_max;
@@ -465,6 +469,8 @@
return 4 * ((((b - a + 8) / 8) + 3) / 4);
}
+#endif /* __KERNEL__ */
+
/* Interface to iptables/ip6tables */
#define SO_IP_SET 83
@@ -490,6 +496,4 @@
unsigned version;
};
-#endif /* __KERNEL__ */
-
#endif /*_IP_SET_H */
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_bitmap_ip.c
^
|
@@ -442,7 +442,7 @@
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_INET;
+ set->family = NFPROTO_IPV4;
return true;
}
@@ -550,7 +550,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_ip_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_bitmap_ipmac.c
^
|
@@ -543,7 +543,7 @@
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_INET;
+ set->family = NFPROTO_IPV4;
return true;
}
@@ -623,7 +623,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_MAC,
.dimension = IPSET_DIM_TWO,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_ipmac_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_bitmap_port.c
^
|
@@ -422,7 +422,7 @@
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_UNSPEC;
+ set->family = NFPROTO_UNSPEC;
return true;
}
@@ -483,7 +483,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_PORT,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_port_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_core.c
^
|
@@ -17,7 +17,9 @@
#include <linux/spinlock.h>
#include <linux/netlink.h>
#include <linux/rculist.h>
+#ifdef IPSET_EXTERNAL_MODULE
#include <linux/version.h>
+#endif
#include <net/netlink.h>
#include <linux/netfilter.h>
@@ -75,7 +77,7 @@
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) &&
- (type->family == family || type->family == AF_UNSPEC) &&
+ (type->family == family || type->family == NFPROTO_UNSPEC) &&
revision >= type->revision_min &&
revision <= type->revision_max)
return type;
@@ -83,37 +85,42 @@
}
/* Unlock, try to load a set type module and lock again */
-static int
-try_to_load_type(const char *name)
+static bool
+load_settype(const char *name)
{
genl_unlock();
pr_debug("try to load ip_set_%s\n", name);
if (request_module("ip_set_%s", name) < 0) {
pr_warning("Can't find ip_set type %s\n", name);
genl_lock();
- return -IPSET_ERR_FIND_TYPE;
+ return false;
}
genl_lock();
- return -EAGAIN;
+ return true;
}
/* Find a set type and reference it */
+#define find_set_type_get(name, family, revision, found) \
+ __find_set_type_get(name, family, revision, found, false)
+
static int
-find_set_type_get(const char *name, u8 family, u8 revision,
- struct ip_set_type **found)
+__find_set_type_get(const char *name, u8 family, u8 revision,
+ struct ip_set_type **found, bool retry)
{
struct ip_set_type *type;
- unsigned int retry = 0;
int err;
-retry:
+ if (retry && !load_settype(name))
+ return -IPSET_ERR_FIND_TYPE;
+
rcu_read_lock();
*found = find_set_type(name, family, revision);
if (*found) {
err = !try_module_get((*found)->me) ? -EFAULT : 0;
goto unlock;
}
- /* Make sure the type is loaded but we don't support the revision */
+ /* Make sure the type is already loaded
+ * but we don't support the revision */
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name)) {
err = -IPSET_ERR_FIND_TYPE;
@@ -121,10 +128,8 @@
}
rcu_read_unlock();
- err = try_to_load_type(name);
- if (err == -EAGAIN && retry++ == 0)
- goto retry;
- return err;
+ return retry ? -IPSET_ERR_FIND_TYPE :
+ __find_set_type_get(name, family, revision, found, true);
unlock:
rcu_read_unlock();
@@ -135,20 +140,24 @@
* If we succeeded, the supported minimal and maximum revisions are
* filled out.
*/
+#define find_set_type_minmax(name, family, min, max) \
+ __find_set_type_minmax(name, family, min, max, false)
+
static int
-find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max)
+__find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max,
+ bool retry)
{
struct ip_set_type *type;
bool found = false;
- unsigned int retry = 0;
- int err;
-retry:
+ if (retry && !load_settype(name))
+ return -IPSET_ERR_FIND_TYPE;
+
*min = 255; *max = 0;
rcu_read_lock();
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) &&
- (type->family == family || type->family == AF_UNSPEC)) {
+ (type->family == family || type->family == NFPROTO_UNSPEC)) {
found = true;
if (type->revision_min < *min)
*min = type->revision_min;
@@ -159,14 +168,12 @@
if (found)
return 0;
- err = try_to_load_type(name);
- if (err == -EAGAIN && retry++ == 0)
- goto retry;
- return err;
+ return retry ? -IPSET_ERR_FIND_TYPE :
+ __find_set_type_minmax(name, family, min, max, true);
}
-#define family_name(f) ((f) == AF_INET ? "inet" : \
- (f) == AF_INET6 ? "inet6" : "any")
+#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \
+ (f) == NFPROTO_IPV6 ? "inet6" : "any")
/* Register a set type structure. The type is identified by
* the unique triple of name, family and revision.
@@ -360,7 +367,7 @@
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
read_lock_bh(&set->lock);
@@ -393,7 +400,7 @@
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
write_lock_bh(&set->lock);
@@ -416,7 +423,7 @@
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
write_lock_bh(&set->lock);
@@ -1137,6 +1144,7 @@
if (ret || !cb->args[2]) {
pr_debug("release set %s\n", ip_set_list[index]->name);
ip_set_put_byindex(index);
+ cb->args[2] = 0;
}
out:
if (nlh) {
@@ -1160,12 +1168,12 @@
return -IPSET_ERR_PROTOCOL;
genl_unlock();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 1, 0)
- ret = netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done, 0);
-#else
ret = netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0)
ip_set_dump_done);
+#else
+ ip_set_dump_done, 0);
#endif
genl_lock();
return ret;
@@ -1738,10 +1746,8 @@
ip_set_list = kzalloc(sizeof(struct ip_set *) * ip_set_max,
GFP_KERNEL);
- if (!ip_set_list) {
- pr_err("ip_set: Unable to create ip_set_list\n");
+ if (!ip_set_list)
return -ENOMEM;
- }
ret = genl_register_family_with_ops(&ip_set_netlink_subsys,
ip_set_netlink_subsys_cb, ARRAY_SIZE(ip_set_netlink_subsys_cb));
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_getport.c
^
|
@@ -133,10 +133,10 @@
u8 proto;
switch (pf) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = ip_set_get_ip4_port(skb, src, port, &proto);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
ret = ip_set_get_ip6_port(skb, src, port, &proto);
break;
default:
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ip.c
^
|
@@ -366,11 +366,11 @@
u8 netmask, hbits;
struct ip_set_hash *h;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
- netmask = set->family == AF_INET ? 32 : 128;
+ netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
pr_debug("Create set %s with family %s\n",
- set->name, set->family == AF_INET ? "inet" : "inet6");
+ set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
@@ -389,8 +389,8 @@
if (tb[IPSET_ATTR_NETMASK]) {
netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
- if ((set->family == AF_INET && netmask > 32) ||
- (set->family == AF_INET6 && netmask > 128) ||
+ if ((set->family == NFPROTO_IPV4 && netmask > 32) ||
+ (set->family == NFPROTO_IPV6 && netmask > 128) ||
netmask == 0)
return -IPSET_ERR_INVALID_NETMASK;
}
@@ -419,15 +419,15 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ip4_tvariant : &hash_ip6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ip4_gc_init(set);
else
hash_ip6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ip4_variant : &hash_ip6_variant;
}
@@ -443,7 +443,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = hash_ip_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ipport.c
^
|
@@ -450,7 +450,7 @@
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -490,15 +490,15 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipport4_tvariant : &hash_ipport6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipport4_gc_init(set);
else
hash_ipport6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipport4_variant : &hash_ipport6_variant;
}
@@ -514,7 +514,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* SCTP and UDPLITE support added */
.create = hash_ipport_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ipportip.c
^
|
@@ -468,7 +468,7 @@
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -508,15 +508,15 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipportip4_gc_init(set);
else
hash_ipportip6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportip4_variant : &hash_ipportip6_variant;
}
@@ -532,7 +532,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
.dimension = IPSET_DIM_THREE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* SCTP and UDPLITE support added */
.create = hash_ipportip_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ipportnet.c
^
|
@@ -554,7 +554,7 @@
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -573,7 +573,7 @@
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
@@ -596,16 +596,16 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportnet4_tvariant
: &hash_ipportnet6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipportnet4_gc_init(set);
else
hash_ipportnet6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportnet4_variant : &hash_ipportnet6_variant;
}
@@ -621,7 +621,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
.dimension = IPSET_DIM_THREE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
/* 1 SCTP and UDPLITE support added */
.revision_max = 2, /* Range as input support for IPv4 added */
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_net.c
^
|
@@ -406,7 +406,7 @@
struct ip_set_hash *h;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -425,7 +425,7 @@
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
@@ -448,15 +448,15 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_net4_tvariant : &hash_net6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_net4_gc_init(set);
else
hash_net6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_net4_variant : &hash_net6_variant;
}
@@ -472,7 +472,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* Range as input support for IPv4 added */
.create = hash_net_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_netiface.c
^
|
@@ -678,7 +678,7 @@
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -697,7 +697,7 @@
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
@@ -722,15 +722,15 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netiface4_tvariant : &hash_netiface6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_netiface4_gc_init(set);
else
hash_netiface6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netiface4_variant : &hash_netiface6_variant;
}
@@ -746,7 +746,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_IFACE,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.create = hash_netiface_create,
.create_policy = {
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_netport.c
^
|
@@ -507,7 +507,7 @@
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -526,7 +526,7 @@
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
@@ -549,15 +549,15 @@
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netport4_tvariant : &hash_netport6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_netport4_gc_init(set);
else
hash_netport6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netport4_variant : &hash_netport6_variant;
}
@@ -573,7 +573,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
/* 1 SCTP and UDPLITE support added */
.revision_max = 2, /* Range as input support for IPv4 added */
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_list_set.c
^
|
@@ -575,7 +575,7 @@
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_NAME | IPSET_DUMP_LAST,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = list_set_create,
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/data.c
^
|
@@ -8,7 +8,6 @@
#include <arpa/inet.h> /* ntoh* */
#include <net/ethernet.h> /* ETH_ALEN */
#include <net/if.h> /* IFNAMSIZ */
-#include <sys/socket.h> /* AF_ */
#include <stdlib.h> /* malloc, free */
#include <string.h> /* memset */
@@ -81,7 +80,7 @@
static void
copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value)
{
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
in4cpy(&ip->in, value);
else
in6cpy(&ip->in6, value);
@@ -213,12 +212,12 @@
break;
/* CADT options */
case IPSET_OPT_IP:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->ip, value);
break;
case IPSET_OPT_IP_TO:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->ip_to, value);
break;
@@ -288,12 +287,12 @@
ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN);
break;
case IPSET_OPT_IP2:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->adt.ip2, value);
break;
case IPSET_OPT_IP2_TO:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->adt.ip2_to, value);
break;
@@ -456,7 +455,7 @@
case IPSET_OPT_IP_TO:
case IPSET_OPT_IP2:
case IPSET_OPT_IP2_TO:
- return family == AF_INET ? sizeof(uint32_t)
+ return family == NFPROTO_IPV4 ? sizeof(uint32_t)
: sizeof(struct in6_addr);
case IPSET_OPT_PORT:
case IPSET_OPT_PORT_TO:
@@ -511,14 +510,14 @@
* @data: data blob
*
* Return the INET family supported by the set from the data blob.
- * If the family is not set yet, AF_UNSPEC is returned.
+ * If the family is not set yet, NFPROTO_UNSPEC is returned.
*/
uint8_t
ipset_data_family(const struct ipset_data *data)
{
assert(data);
return ipset_data_test(data, IPSET_OPT_FAMILY)
- ? data->family : AF_UNSPEC;
+ ? data->family : NFPROTO_UNSPEC;
}
/**
@@ -534,8 +533,8 @@
{
assert(data);
return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr :
- data->family == AF_INET ? 32 :
- data->family == AF_INET6 ? 128 : 0;
+ data->family == NFPROTO_IPV4 ? 32 :
+ data->family == NFPROTO_IPV6 ? 128 : 0;
}
/**
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/debug.c
^
|
@@ -116,14 +116,14 @@
d = mnl_attr_get_payload(
ipattr[IPSET_ATTR_IPADDR_IPV4]);
- inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN);
+ inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN);
fprintf(stderr, "\t\t%s: %s\n",
attr2name[i].name, addr);
} else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) {
d = mnl_attr_get_payload(
ipattr[IPSET_ATTR_IPADDR_IPV6]);
- inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN);
+ inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN);
fprintf(stderr, "\t\t%s: %s\n",
attr2name[i].name, addr);
}
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/errcode.c
^
|
(renamed to extensions/ipset-6/libipset/errcode.c)
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/errcode.c
^
|
(renamed to extensions/ipset-6/libipset/errcode.c)
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/parse.c
^
|
@@ -511,7 +511,7 @@
tmp = a;
goto parse_port;
case IPPROTO_ICMP:
- if (family != AF_INET) {
+ if (family != NFPROTO_IPV4) {
syntax_err("Protocol ICMP can be used "
"with family INET only");
goto error;
@@ -519,7 +519,7 @@
err = ipset_parse_icmp(session, opt, a);
break;
case IPPROTO_ICMPV6:
- if (family != AF_INET6) {
+ if (family != NFPROTO_IPV6) {
syntax_err("Protocol ICMPv6 can be used "
"with family INET6 only");
goto error;
@@ -577,11 +577,11 @@
"multiple times");
if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4"))
- family = AF_INET;
+ family = NFPROTO_IPV4;
else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6"))
- family = AF_INET6;
+ family = NFPROTO_IPV6;
else if (STREQ(str, "any") || STREQ(str, "unspec"))
- family = AF_UNSPEC;
+ family = NFPROTO_UNSPEC;
else
return syntax_err("unknown INET family %s", str);
@@ -610,7 +610,7 @@
if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) {
syntax_err("cannot resolve '%s' to an %s address: %s",
- str, family == AF_INET6 ? "IPv6" : "IPv4",
+ str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4",
gai_strerror(err));
return NULL;
} else
@@ -625,13 +625,13 @@
uint8_t family)
{
struct addrinfo *i;
- size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in)
+ size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in)
: sizeof(struct sockaddr_in6);
int found, err = 0;
if ((*info = call_getaddrinfo(session, str, family)) == NULL) {
syntax_err("cannot parse %s: resolving to %s address failed",
- str, family == AF_INET ? "IPv4" : "IPv6");
+ str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
return EINVAL;
}
@@ -639,7 +639,7 @@
if (i->ai_family != family || i->ai_addrlen != addrlen)
continue;
if (found == 0) {
- if (family == AF_INET) {
+ if (family == NFPROTO_IPV4) {
/* Workaround: direct cast increases
* required alignment on Sparc
*/
@@ -668,7 +668,7 @@
if (found == 0)
return syntax_err("cannot parse %s: "
"%s address could not be resolved",
- str, family == AF_INET ? "IPv4" : "IPv6");
+ str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
return err;
}
@@ -677,7 +677,7 @@
enum ipset_opt opt, const char *str,
uint8_t family)
{
- uint8_t m = family == AF_INET ? 32 : 128;
+ uint8_t m = family == NFPROTO_IPV4 ? 32 : 128;
int aerr = EINVAL, err = 0, range = 0;
char *saved = strdup(str);
char *a, *tmp = saved;
@@ -737,7 +737,7 @@
{
char *a = cidr_separator(str);
- return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128");
+ return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128");
}
static int
@@ -747,8 +747,8 @@
struct ipset_data *data = ipset_session_data(session);
uint8_t family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
@@ -985,12 +985,12 @@
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
- return family == AF_INET ? ipset_parse_ip(session, opt, str)
+ return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str)
: ipset_parse_single_ip(session, opt, str);
}
@@ -1025,12 +1025,12 @@
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
- return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY)
+ return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY)
: ipset_parse_ipnet(session, opt, str);
}
@@ -1330,21 +1330,21 @@
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
err = string_to_cidr(session, str,
- family == AF_INET ? 1 : 4,
- family == AF_INET ? 31 : 124,
+ family == NFPROTO_IPV4 ? 1 : 4,
+ family == NFPROTO_IPV4 ? 31 : 124,
&cidr);
if (err)
return syntax_err("netmask is out of the inclusive range "
"of %u-%u",
- family == AF_INET ? 1 : 4,
- family == AF_INET ? 31 : 124);
+ family == NFPROTO_IPV4 ? 1 : 4,
+ family == NFPROTO_IPV4 ? 31 : 124);
return ipset_data_set(data, opt, &cidr);
}
@@ -1525,9 +1525,9 @@
#define parse_elem(s, t, d, str) \
do { \
- if (!(t)->elem[d].parse) \
+ if (!(t)->elem[d - 1].parse) \
goto internal; \
- ret = (t)->elem[d].parse(s, (t)->elem[d].opt, str); \
+ ret = (t)->elem[d - 1].parse(s, (t)->elem[d - 1].opt, str); \
if (ret) \
goto out; \
} while (0)
@@ -1582,7 +1582,7 @@
} else if (a != NULL) {
if (type->compat_parse_elem) {
ret = type->compat_parse_elem(session,
- type->elem[IPSET_DIM_ONE].opt,
+ type->elem[IPSET_DIM_ONE - 1].opt,
saved);
goto out;
}
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/print.c
^
|
@@ -152,7 +152,7 @@
memset(&saddr, 0, sizeof(saddr));
in4cpy(&saddr.sin_addr, &addr->in);
- saddr.sin_family = AF_INET;
+ saddr.sin_family = NFPROTO_IPV4;
err = getnameinfo((const struct sockaddr *)&saddr,
sizeof(saddr),
@@ -178,7 +178,7 @@
memset(&saddr, 0, sizeof(saddr));
in6cpy(&saddr.sin6_addr, &addr->in6);
- saddr.sin6_family = AF_INET6;
+ saddr.sin6_family = NFPROTO_IPV6;
err = getnameinfo((const struct sockaddr *)&saddr,
sizeof(saddr),
@@ -253,14 +253,14 @@
cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
D("CIDR: %u", cidr);
} else
- cidr = family == AF_INET6 ? 128 : 32;
+ cidr = family == NFPROTO_IPV6 ? 128 : 32;
flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
ip = ipset_data_get(data, opt);
assert(ip);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
size = snprintf_ipv4(buf, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
size = snprintf_ipv6(buf, len, flags, ip, cidr);
else
return -1;
@@ -275,9 +275,9 @@
SNPRINTF_FAILURE(size, len, offset);
ip = ipset_data_get(data, IPSET_OPT_IP_TO);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
size = snprintf_ipv4(buf + offset, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
size = snprintf_ipv6(buf + offset, len, flags, ip, cidr);
else
return -1;
@@ -320,14 +320,14 @@
if (ipset_data_test(data, cidropt))
cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
else
- cidr = family == AF_INET6 ? 128 : 32;
+ cidr = family == NFPROTO_IPV6 ? 128 : 32;
flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
ip = ipset_data_get(data, opt);
assert(ip);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
return snprintf_ipv4(buf, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
return snprintf_ipv6(buf, len, flags, ip, cidr);
return -1;
@@ -705,30 +705,30 @@
if (!type)
return -1;
- size = type->elem[IPSET_DIM_ONE].print(buf, len, data,
- type->elem[IPSET_DIM_ONE].opt, env);
+ size = type->elem[IPSET_DIM_ONE - 1].print(buf, len, data,
+ type->elem[IPSET_DIM_ONE - 1].opt, env);
SNPRINTF_FAILURE(size, len, offset);
- IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt),
+ IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt),
"print second elem");
if (type->dimension == IPSET_DIM_ONE ||
(type->last_elem_optional &&
- !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt)))
+ !ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt)))
return offset;
size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR);
SNPRINTF_FAILURE(size, len, offset);
- size = type->elem[IPSET_DIM_TWO].print(buf + offset, len, data,
- type->elem[IPSET_DIM_TWO].opt, env);
+ size = type->elem[IPSET_DIM_TWO - 1].print(buf + offset, len, data,
+ type->elem[IPSET_DIM_TWO - 1].opt, env);
SNPRINTF_FAILURE(size, len, offset);
if (type->dimension == IPSET_DIM_TWO ||
(type->last_elem_optional &&
- !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt)))
+ !ipset_data_test(data, type->elem[IPSET_DIM_THREE - 1].opt)))
return offset;
size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR);
SNPRINTF_FAILURE(size, len, offset);
- size = type->elem[IPSET_DIM_THREE].print(buf + offset, len, data,
- type->elem[IPSET_DIM_THREE].opt, env);
+ size = type->elem[IPSET_DIM_THREE - 1].print(buf + offset, len, data,
+ type->elem[IPSET_DIM_THREE - 1].opt, env);
SNPRINTF_FAILURE(size, len, offset);
return offset;
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/session.c
^
|
@@ -570,7 +570,7 @@
/* Validate by hand */
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
atype = IPSET_ATTR_IPADDR_IPV4;
if (!ipattr[atype])
FAILURE("Broken kernel message: IPv4 address "
@@ -580,7 +580,7 @@
"cannot validate IPv4 "
"address attribute!");
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
atype = IPSET_ATTR_IPADDR_IPV6;
if (!ipattr[atype])
FAILURE("Broken kernel message: IPv6 address "
@@ -816,8 +816,8 @@
}
#define FAMILY_TO_STR(f) \
- ((f) == AF_INET ? "inet" : \
- (f) == AF_INET6 ? "inet6" : "any")
+ ((f) == NFPROTO_IPV4 ? "inet" : \
+ (f) == NFPROTO_IPV6 ? "inet6" : "any")
static int
list_create(struct ipset_session *session, struct nlattr *nla[])
@@ -1415,7 +1415,7 @@
return attr->len;
*flags = NLA_F_NET_BYTEORDER;
- return family == AF_INET ? sizeof(uint32_t)
+ return family == NFPROTO_IPV4 ? sizeof(uint32_t)
: sizeof(struct in6_addr);
case MNL_TYPE_U32:
*flags = NLA_F_NET_BYTEORDER;
@@ -1448,7 +1448,7 @@
if (attr->type == MNL_TYPE_NESTED) {
/* IP addresses */
struct nlattr *nested;
- int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4
+ int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4
: IPSET_ATTR_IPADDR_IPV6;
alen = attr_len(attr, family, &flags);
@@ -1456,8 +1456,8 @@
MNL_ATTR_HDRLEN, alen))
return 1;
nested = mnl_attr_nest_start(nlh, type);
- D("family: %s", family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC");
+ D("family: %s", family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC");
mnl_attr_put(nlh, atype | flags, alen, d);
mnl_attr_nest_end(nlh, nested);
@@ -1511,14 +1511,14 @@
data2attr(session, nlh, data, type, family, attrs)
#define ADDATTR_SETNAME(session, nlh, data) \
- data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs)
+ data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs)
#define ADDATTR_IF(session, nlh, data, type, family, attrs) \
ipset_data_test(data, attrs[type].opt) ? \
data2attr(session, nlh, data, type, family, attrs) : 0
#define ADDATTR_RAW(session, nlh, data, type, attrs) \
- rawdata2attr(session, nlh, data, type, AF_INET, attrs)
+ rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs)
static void
addattr_create(struct ipset_session *session,
@@ -1574,13 +1574,13 @@
"Invalid internal TYPE command: "
"missing settype");
ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
if (ipset_data_test(data, IPSET_OPT_FAMILY))
ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
else
/* bitmap:port and list:set types */
- mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
break;
default:
return ipset_err(session, "Internal error: "
@@ -1640,17 +1640,17 @@
* setname, typename, revision, family, flags (optional) */
ADDATTR_SETNAME(session, nlh, data);
ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
ADDATTR_RAW(session, nlh, &type->revision,
IPSET_ATTR_REVISION, cmd_attrs);
D("family: %u, type family %u",
ipset_data_family(data), type->family);
if (ipset_data_test(data, IPSET_OPT_FAMILY))
ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
else
/* bitmap:port and list:set types */
- mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
/* Type-specific create attributes */
D("call open_nested");
@@ -1677,7 +1677,7 @@
ADDATTR_SETNAME(session, nlh, data);
if (flags && session->mode != IPSET_LIST_SAVE) {
ipset_data_set(data, IPSET_OPT_FLAGS, &flags);
- ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET,
+ ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4,
cmd_attrs);
}
break;
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/types.c
^
|
@@ -173,7 +173,8 @@
}
#define MATCH_FAMILY(type, f) \
- (f == AF_UNSPEC || type->family == f || type->family == AF_INET46)
+ (f == NFPROTO_UNSPEC || type->family == f || \
+ type->family == NFPROTO_IPSET_IPV46)
bool
ipset_match_typename(const char *name, const struct ipset_type *type)
@@ -227,8 +228,9 @@
typename);
/* Family is unspecified yet: set from matching set type */
- if (family == AF_UNSPEC && match->family != AF_UNSPEC) {
- family = match->family == AF_INET46 ? AF_INET : match->family;
+ if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) {
+ family = match->family == NFPROTO_IPSET_IPV46 ?
+ NFPROTO_IPV4 : match->family;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
@@ -254,8 +256,8 @@
"with maximal revision %u.\n"
"You need to upgrade your ipset program.",
typename,
- family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC",
+ family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
kmin, tmax);
else
return ipset_errptr(session,
@@ -264,8 +266,8 @@
"with minimal revision %u.\n"
"You need to upgrade your kernel.",
typename,
- family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC",
+ family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
kmax, tmin);
}
@@ -290,8 +292,9 @@
}
#define set_family_and_type(data, match, family) do { \
- if (family == AF_UNSPEC && match->family != AF_UNSPEC) \
- family = match->family == AF_INET46 ? AF_INET : match->family;\
+ if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \
+ family = match->family == NFPROTO_IPSET_IPV46 ? \
+ NFPROTO_IPV4 : match->family;\
ipset_data_set(data, IPSET_OPT_FAMILY, &family); \
ipset_data_set(data, IPSET_OPT_TYPE, match); \
} while (0)
@@ -306,7 +309,7 @@
const struct ipset_type *match;
const char *setname, *typename;
const uint8_t *revision;
- uint8_t family = AF_UNSPEC;
+ uint8_t family = NFPROTO_UNSPEC;
int ret;
data = ipset_session_data(session);
@@ -352,8 +355,8 @@
"ipset library does not support the "
"settype with that family and revision.",
setname, typename,
- family == AF_INET ? "inet" :
- family == AF_INET6 ? "inet6" : "unspec",
+ family == NFPROTO_IPV4 ? "inet" :
+ family == NFPROTO_IPV6 ? "inet6" : "unspec",
*revision);
set_family_and_type(data, match, family);
@@ -409,7 +412,7 @@
const struct ipset_type *t, *match = NULL;
struct ipset_data *data;
const char *typename;
- uint8_t family = AF_UNSPEC, revision;
+ uint8_t family = NFPROTO_UNSPEC, revision;
assert(session);
data = ipset_session_data(session);
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset.c
^
|
@@ -24,7 +24,7 @@
#include <libipset/utils.h> /* STREQ */
static char program_name[] = "ipset";
-static char program_version[] = "6.8-genl-xta";
+static char program_version[] = "6.9.1-genl-xta";
static struct ipset_session *session;
static uint32_t restore_line;
@@ -324,9 +324,9 @@
session_family(void)
{
switch (ipset_data_family(ipset_session_data(session))) {
- case AF_INET:
+ case NFPROTO_IPV4:
return "inet";
- case AF_INET6:
+ case NFPROTO_IPV6:
return "inet6";
default:
return "unspec";
@@ -581,10 +581,10 @@
type->name, type->usage);
if (type->usagefn)
type->usagefn();
- if (type->family == AF_UNSPEC)
+ if (type->family == NFPROTO_UNSPEC)
printf("\nType %s is family neutral.\n",
type->name);
- else if (type->family == AF_INET46)
+ else if (type->family == NFPROTO_IPSET_IPV46)
printf("\nType %s supports INET "
"and INET6.\n",
type->name);
@@ -592,7 +592,7 @@
printf("\nType %s supports family "
"%s only.\n",
type->name,
- type->family == AF_INET
+ type->family == NFPROTO_IPV4
? "INET" : "INET6");
} else {
printf("\nSupported set types:\n");
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_bitmap_ip.c
^
|
@@ -60,10 +60,10 @@
.name = "bitmap:ip",
.alias = { "ipmap", NULL },
.revision = 0,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_bitmap_ipmac.c
^
|
@@ -57,16 +57,16 @@
.name = "bitmap:ip,mac",
.alias = { "macipmap", NULL },
.revision = 0,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.dimension = IPSET_DIM_TWO,
.last_elem_optional = true,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_single_ip,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_ether,
.print = ipset_print_ether,
.opt = IPSET_OPT_ETHER
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_bitmap_port.c
^
|
@@ -51,10 +51,10 @@
.name = "bitmap:port",
.alias = { "portmap", NULL },
.revision = 0,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_tcp_port,
.print = ipset_print_port,
.opt = IPSET_OPT_PORT
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ip.c
^
|
@@ -83,10 +83,10 @@
.name = "hash:ip",
.alias = { "iphash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ipport.c
^
|
@@ -89,15 +89,15 @@
.name = "hash:ip,port",
.alias = { "ipporthash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ipportip.c
^
|
@@ -89,20 +89,20 @@
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
},
- [IPSET_DIM_THREE] = {
+ [IPSET_DIM_THREE - 1] = {
.parse = ipset_parse_single_ip,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP2
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ipportnet.c
^
|
@@ -90,20 +90,20 @@
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
},
- [IPSET_DIM_THREE] = {
+ [IPSET_DIM_THREE - 1] = {
.parse = ipset_parse_ipnet,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP2
@@ -180,20 +180,20 @@
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
.revision = 2,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
},
- [IPSET_DIM_THREE] = {
+ [IPSET_DIM_THREE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP2
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_net.c
^
|
@@ -73,10 +73,10 @@
.name = "hash:net",
.alias = { "nethash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ipnet,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
@@ -125,10 +125,10 @@
.name = "hash:net",
.alias = { "nethash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_netiface.c
^
|
@@ -66,15 +66,15 @@
.name = "hash:net,iface",
.alias = { "netifacehash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_iface,
.print = ipset_print_iface,
.opt = IPSET_OPT_IFACE
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_netport.c
^
|
@@ -67,15 +67,15 @@
.name = "hash:net,port",
.alias = { "netporthash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ipnet,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
@@ -141,15 +141,15 @@
.name = "hash:net,port",
.alias = { "netporthash", NULL },
.revision = 2,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_list_set.c
^
|
@@ -50,10 +50,10 @@
.name = "list:set",
.alias = { "setlist", NULL },
.revision = 0,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_setname,
.print = ipset_print_name,
.opt = IPSET_OPT_NAME
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/xt_set.c
^
|
@@ -13,7 +13,6 @@
#include <linux/module.h>
#include <linux/skbuff.h>
-#include <linux/version.h>
#include <linux/netfilter/x_tables.h>
#include "xt_set.h"
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/ipset-6/xt_set.h
^
|
@@ -58,8 +58,8 @@
struct xt_set_info_target_v2 {
struct xt_set_info add_set;
struct xt_set_info del_set;
- u32 flags;
- u32 timeout;
+ __u32 flags;
+ __u32 timeout;
};
#endif /*_XT_SET_H*/
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/pknock/Makefile.am
^
|
@@ -1,7 +1,7 @@
# -*- Makefile -*-
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
-AM_CFLAGS = ${regular_CFLAGS}
+AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
include ../../Makefile.extra
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/pknock/Makefile.in
^
|
@@ -216,7 +216,7 @@
top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions
-AM_CFLAGS = ${regular_CFLAGS}
+AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
XA_SRCDIR = ${srcdir}
XA_TOPSRCDIR = ${top_srcdir}
XA_ABSTOPSRCDIR = ${abs_top_srcdir}
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_CHAOS.c
^
|
@@ -13,6 +13,7 @@
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stat.h>
+#include <linux/version.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_tcpudp.h>
#include <linux/netfilter_ipv4/ipt_REJECT.h>
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_CHECKSUM.c
^
|
@@ -11,6 +11,7 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
+#include <linux/version.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36)
# error ----------------------------------------------------------
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_DELUDE.c
^
|
@@ -16,6 +16,7 @@
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/tcp.h>
+#include <linux/version.h>
#include <linux/netfilter/x_tables.h>
#ifdef CONFIG_BRIDGE_NETFILTER
# include <linux/netfilter_bridge.h>
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_LOGMARK.c
^
|
@@ -12,6 +12,7 @@
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
+#include <linux/version.h>
#include <linux/netfilter/nf_conntrack_common.h>
#include <linux/netfilter/x_tables.h>
#include "compat_xtables.h"
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_RAWNAT.c
^
|
@@ -13,6 +13,7 @@
#include <linux/skbuff.h>
#include <linux/tcp.h>
#include <linux/udp.h>
+#include <linux/version.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nf_conntrack_common.h>
#include <linux/netfilter/x_tables.h>
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_SYSRQ.c
^
|
@@ -17,6 +17,7 @@
#include <linux/skbuff.h>
#include <linux/sysrq.h>
#include <linux/udp.h>
+#include <linux/version.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter/x_tables.h>
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_TARPIT.c
^
|
@@ -41,6 +41,7 @@
#include <linux/ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
+#include <linux/version.h>
#include <linux/netfilter/x_tables.h>
#ifdef CONFIG_BRIDGE_NETFILTER
# include <linux/netfilter_bridge.h>
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_iface.c
^
|
@@ -9,6 +9,7 @@
#include <linux/moduleparam.h>
#include <linux/netdevice.h>
#include <linux/skbuff.h>
+#include <linux/version.h>
#include <linux/netfilter/x_tables.h>
#include "xt_iface.h"
#include "compat_xtables.h"
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/extensions/xt_quota2.c
^
|
@@ -15,6 +15,7 @@
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
+#include <linux/version.h>
#include <asm/atomic.h>
#include <linux/netfilter/x_tables.h>
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/mconfig
^
|
@@ -20,7 +20,6 @@
build_gradm=m
build_iface=m
build_ipp2p=m
-build_ipset4=
build_ipset6=m
build_ipv4options=m
build_length2=m
|
[-]
[+]
|
Changed |
xtables-addons-1.39.tar.bz2/xtables-addons.8.in
^
|
@@ -1,4 +1,4 @@
-.TH xtables-addons 8 "v1.38 (2011-08-20)" "" "v1.38 (2011-08-20)"
+.TH xtables-addons 8 "v1.39 (2011-09-21)" "" "v1.39 (2011-09-21)"
.SH Name
Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
.SH Targets
|