Changes - j0ke.net Open Build Service

Changes of Revision 28

[-] [+]	Changed	xtables-addons.spec
@@ -1,6 +1,6 @@ Name: xtables-addons -Version: 1.38 +Version: 1.39 Release: 1 Group: Productivity/Networking/Security Summary: IP Packet Filter Administration Extensions @@ -61,6 +61,9 @@ %{_libdir}/xtables-addons/xt_geoip_dl %changelog +* Sat Oct 08 2011 Carsten Schoene <cs@linux-administrator.com> - 1.39-1 +- update to release 1.39 + * Sat Aug 20 2011 Carsten Schoene <cs@linux-administrator.com> - 1.38-1 - update to release 1.38
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4 ^
-(directory)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/.gitignore ^
@@ -1 +0,0 @@ -/ipset
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/Kbuild ^
@@ -1,7 +0,0 @@ -# -- Makefile -- - -obj-m += ipt_set.o ipt_SET.o -obj-m += ip_set.o ip_set_ipmap.o ip_set_portmap.o ip_set_macipmap.o -obj-m += ip_set_iphash.o ip_set_nethash.o ip_set_ipporthash.o -obj-m += ip_set_ipportiphash.o ip_set_ipportnethash.o -obj-m += ip_set_iptree.o ip_set_iptreemap.o ip_set_setlist.o
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/Makefile.am ^
@@ -1,13 +0,0 @@ -# -- Makefile -- - -AM_CPPFLAGS = ${regular_CPPFLAGS} -DIPSET_LIB_DIR=\"${xtlibdir}\" \ - -DIP_NF_SET_HASHSIZE=1024 -AM_CFLAGS = ${regular_CFLAGS} - -include ../../Makefile.extra - -sbin_PROGRAMS = ipset -ipset_LDADD = -ldl -ipset_LDFLAGS = -rdynamic - -man_MANS = ipset.8
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/Makefile.in ^
@@ -1,662 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -- Makefile -- - -# -- Makefile -- -# AUTOMAKE - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(srcdir)/../../Makefile.extra $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in -sbin_PROGRAMS = ipset$(EXEEXT) -subdir = extensions/ipset-4 -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" -PROGRAMS = $(sbin_PROGRAMS) -ipset_SOURCES = ipset.c -ipset_OBJECTS = ipset.$(OBJEXT) -ipset_DEPENDENCIES = -AM_V_lt = $(am__v_lt_$(V)) -am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY)) -am__v_lt_0 = --silent -ipset_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(ipset_LDFLAGS) $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_$(V)) -am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY)) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_$(V)) -am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY)) -am__v_at_0 = @ -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_$(V)) -am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY)) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_$(V)) -am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY)) -am__v_GEN_0 = @echo " GEN " $@; -SOURCES = ipset.c -DIST_SOURCES = ipset.c -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" \| sed 's\|.\|.\|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/) f=`echo "$$p" \| sed "s\|^$$srcdirstrip/\|\|"`;; \ - ) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p \| sed -e 's\|^./\|\|'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" \| sed 's/[].[^$$\\\|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done \| sed -e "s\|$$srcdirstrip/\|\|" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done \| \ - sed "s\| $$srcdirstrip/\| \|;"' / .\//!s/ ./ ./; s,$ .$/[^/]$$,\1,' \| \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' \| \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -man8dir = $(mandir)/man8 -NROFF = nroff -MANS = $(man_MANS) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -kbuilddir = @kbuilddir@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libmnl_CFLAGS = @libmnl_CFLAGS@ -libmnl_LIBS = @libmnl_LIBS@ -libxtables_CFLAGS = @libxtables_CFLAGS@ -libxtables_LIBS = @libxtables_LIBS@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -regular_CFLAGS = @regular_CFLAGS@ -regular_CPPFLAGS = @regular_CPPFLAGS@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xtlibdir = @xtlibdir@ -AM_CPPFLAGS = ${regular_CPPFLAGS} -DIPSET_LIB_DIR=\"${xtlibdir}\" \ - -DIP_NF_SET_HASHSIZE=1024 - -AM_CFLAGS = ${regular_CFLAGS} -XA_SRCDIR = ${srcdir} -XA_TOPSRCDIR = ${top_srcdir} -XA_ABSTOPSRCDIR = ${abs_top_srcdir} -_mcall = -f ${top_builddir}/Makefile.iptrules -ipset_LDADD = -ldl -ipset_LDFLAGS = -rdynamic -man_MANS = ipset.8 -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/../../Makefile.extra $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - $$dep) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign extensions/ipset-4/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign extensions/ipset-4/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - config.status) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - ) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) - test -z "$(sbindir)" \|\| $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" \|\| list=; \ - for p in $$list; do echo "$$p $$p"; done \| \ - sed 's/$(EXEEXT)$$//' \| \ - while read p p1; do if test -f $$p \|\| test -f $$p1; \ - then echo "$$p"; echo "$$p"; else :; fi; \ - done \| \ - sed -e 'p;s,./,,;n;h' -e 's\|.\|.\|' \ - -e 'p;x;s,./,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' \| \ - sed 'N;N;N;s,\n, ,g' \| \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' \| \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" \|\| { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" \|\| exit $$?; \ - } \ - ; done - -uninstall-sbinPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" \|\| list=; \ - files=`for p in $$list; do echo "$$p"; done \| \ - sed -e 'h;s,^./,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' `; \ - test -n "$$list" \|\| exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files - -clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; test -n "$$list" \|\| exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list \|\| exit $$?; \ - test -n "$(EXEEXT)" \|\| exit 0; \ - list=`for p in $$list; do echo "$$p"; done \| sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list -ipset$(EXEEXT): $(ipset_OBJECTS) $(ipset_DEPENDENCIES) - @rm -f ipset$(EXEEXT) - $(AM_V_CCLD)$(ipset_LINK) $(ipset_OBJECTS) $(ipset_LDADD) $(LIBS) - -mostlyclean-compile: - -rm -f .$(OBJEXT) - -distclean-compile: - -rm -f .tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipset.Po@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ \| sed 's\|[^/]$$\|$(DEPDIR)/&\|;s\|\.o$$\|\|'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ \| sed 's\|[^/]$$\|$(DEPDIR)/&\|;s\|\.obj$$\|\|'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ \| sed 's\|[^/]$$\|$(DEPDIR)/&\|;s\|\.lo$$\|\|'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f .lo - -clean-libtool: - -rm -rf .libs _libs -install-man8: $(man_MANS) - @$(NORMAL_INSTALL) - test -z "$(man8dir)" \|\| $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list=''; test -n "$(man8dir)" \|\| exit 0; \ - { for i in $$list; do echo "$$i"; done; \ - l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done \| \ - sed -n '/\.8[a-z]$$/p'; \ - } \| while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done \| \ - sed -e 'n;s,./,,;p;h;s,.\.,,;s,^[^8][0-9a-z]$$,8,;x' \ - -e 's,\.[0-9a-z]$$,,;$(transform);G;s,\n,.,' \| \ - sed 'N;N;s,\n, ,g' \| { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" \|\| exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done \| $(am__base_list) \| \ - while read files; do \ - test -z "$$files" \|\| { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" \|\| exit $$?; }; \ - done; } - -uninstall-man8: - @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man8dir)" \|\| exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done \| \ - sed -n '/\.8[a-z]$$/p'; \ - } \| sed -e 's,./,,;h;s,.\.,,;s,^[^8][0-9a-z]$$,8,;x' \ - -e 's,\.[0-9a-z]$$,,;$(transform);G;s,\n,.,'`; \ - test -z "$$files" \|\| { \ - echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done \| \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done \| \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$$$unique"; then :; else \ - test -n "$$unique" \|\| unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done \| \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - \|\| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @list='$(MANS)'; if test -n "$$list"; then \ - list=`for p in $$list; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ - if test -n "$$list" && \ - grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ - grep -l 'ab help2man is required to generate this page' $$list \| sed 's/^/ /' >&2; \ - echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ - exit 1; \ - else :; fi; \ - else :; fi - @srcdirstrip=`echo "$(srcdir)" \| sed 's/[].[^$$\\]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" \| sed 's/[].[^$$\\]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done \| \ - sed -e "s\|^$$srcdirstrip/\|\|;t" \ - -e "s\|^$$topsrcdirstrip/\|$(top_builddir)/\|;t"`; \ - case $$dist_files in \ - /) $(MKDIR_P) `echo "$$dist_files" \| \ - sed '/\//!d;s\|^\|$(distdir)/\|;s,/[^/]$$,,' \| \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file \|\| test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" \| sed -e 's,/[^/]$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" \|\| exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" \|\| exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - \|\| cp -p $$d/$$file "$(distdir)/$$file" \ - \|\| exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(PROGRAMS) $(MANS) all-local -installdirs: - for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \ - test -z "$$dir" \|\| $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' \|\| \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" \|\| rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" \|\| test -z "$(CONFIG_CLEAN_VPATH_FILES)" \|\| rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-local clean-sbinPROGRAMS \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-man - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: install-exec-local install-sbinPROGRAMS - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: install-man8 - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-man uninstall-sbinPROGRAMS - -uninstall-man: uninstall-man8 - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am all-local check check-am clean \ - clean-generic clean-libtool clean-local clean-sbinPROGRAMS \ - ctags distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-local install-html \ - install-html-am install-info install-info-am install-man \ - install-man8 install-pdf install-pdf-am install-ps \ - install-ps-am install-sbinPROGRAMS install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-man uninstall-man8 \ - uninstall-sbinPROGRAMS - - -export AM_CPPFLAGS -export AM_CFLAGS -export XA_SRCDIR -export XA_TOPSRCDIR -export XA_ABSTOPSRCDIR - -all-local: user-all-local - -install-exec-local: user-install-local - -clean-local: user-clean-local - -user-all-local: - ${MAKE} ${_mcall} all; - -# Have no user-install-data-local ATM -user-install-local: user-install-exec-local - -user-install-exec-local: - ${MAKE} ${_mcall} install; - -user-clean-local: - ${MAKE} ${_mcall} clean; - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT:
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/Mbuild ^
@@ -1,7 +0,0 @@ -# -- Makefile -- - -obj-m += $(addprefix lib,$(patsubst %.c,%.so,$(notdir \ - $(wildcard ${XA_SRCDIR}/ipset_*.c)))) - -libipset_%.oo: ${XA_SRCDIR}/ipset_%.c - ${AM_V_CC}${CC} ${AM_DEPFLAGS} ${AM_CPPFLAGS} ${AM_CFLAGS} -DPIC -fPIC ${CPPFLAGS} ${CFLAGS} -o $@ -c $<;
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/VERSION.txt ^
@@ -1 +0,0 @@ -4.5
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set.c ^
@@ -1,1531 +0,0 @@ -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module for IP set management / - -#include <linux/version.h> -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) -#include <linux/config.h> -#endif -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/kmod.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include <linux/random.h> -#include "ip_set_jhash.h" -#include <linux/errno.h> -#include <linux/capability.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27) -#include <asm/semaphore.h> -#else -#include <linux/semaphore.h> -#endif -#include <linux/spinlock.h> - -#define ASSERT_READ_LOCK(x) -#define ASSERT_WRITE_LOCK(x) -#include <linux/netfilter.h> -#include "ip_set.h" - -static struct list_head set_type_list; / all registered sets / -static struct ip_set ip_set_list; / all individual sets / -static DEFINE_RWLOCK(ip_set_lock); / protects the lists and the hash / -static struct semaphore ip_set_app_mutex; / serializes user access / -static ip_set_id_t ip_set_max = CONFIG_IP_NF_SET_MAX; -static int protocol_version = IP_SET_PROTOCOL_VERSION; - -#define STREQ(a,b) (strncmp(a,b,IP_SET_MAXNAMELEN) == 0) -#define DONT_ALIGN (protocol_version == IP_SET_PROTOCOL_UNALIGNED) -#define ALIGNED(len) IPSET_VALIGN(len, DONT_ALIGN) - -/ - * Sets are identified either by the index in ip_set_list or by id. - * The id never changes. The index may change by swapping and used - * by external references (set/SET netfilter modules, etc.) - * - * Userspace requests are serialized by ip_set_mutex and sets can - * be deleted only from userspace. Therefore ip_set_list locking - * must obey the following rules: - * - * - kernel requests: read and write locking mandatory - * - user requests: read locking optional, write locking mandatory - / - -static inline void -__ip_set_get(ip_set_id_t index) -{ - atomic_inc(&ip_set_list[index]->ref); -} - -static inline void -__ip_set_put(ip_set_id_t index) -{ - atomic_dec(&ip_set_list[index]->ref); -} - -/ Add, del and test set entries from kernel / - -int -ip_set_testip_kernel(ip_set_id_t index, - const struct sk_buff skb, - const u_int32_t flags) -{ - struct ip_set set; - int res; - - read_lock_bh(&ip_set_lock); - set = ip_set_list[index]; - IP_SET_ASSERT(set); - DP("set %s, index %u", set->name, index); - - read_lock_bh(&set->lock); - res = set->type->testip_kernel(set, skb, flags); - read_unlock_bh(&set->lock); - - read_unlock_bh(&ip_set_lock); - - return (res < 0 ? 0 : res); -} - -int -ip_set_addip_kernel(ip_set_id_t index, - const struct sk_buff skb, - const u_int32_t flags) -{ - struct ip_set set; - int res; - - retry: - read_lock_bh(&ip_set_lock); - set = ip_set_list[index]; - IP_SET_ASSERT(set); - DP("set %s, index %u", set->name, index); - - write_lock_bh(&set->lock); - res = set->type->addip_kernel(set, skb, flags); - write_unlock_bh(&set->lock); - - read_unlock_bh(&ip_set_lock); - / Retry function called without holding any lock / - if (res == -EAGAIN - && set->type->retry - && (res = set->type->retry(set)) == 0) - goto retry; - - return res; -} - -int -ip_set_delip_kernel(ip_set_id_t index, - const struct sk_buff skb, - const u_int32_t flags) -{ - struct ip_set set; - int res; - - read_lock_bh(&ip_set_lock); - set = ip_set_list[index]; - IP_SET_ASSERT(set); - DP("set %s, index %u", set->name, index); - - write_lock_bh(&set->lock); - res = set->type->delip_kernel(set, skb, flags); - write_unlock_bh(&set->lock); - - read_unlock_bh(&ip_set_lock); - - return res; -} - -/* Register and deregister settype / - -static inline struct ip_set_type -find_set_type(const char name) -{ - struct ip_set_type set_type; - - list_for_each_entry(set_type, &set_type_list, list) - if (STREQ(set_type->typename, name)) - return set_type; - return NULL; -} - -int -ip_set_register_set_type(struct ip_set_type set_type) -{ - int ret = 0; - - if (set_type->protocol_version != IP_SET_PROTOCOL_VERSION) { - ip_set_printk("'%s' uses wrong protocol version %u (want %u)", - set_type->typename, - set_type->protocol_version, - IP_SET_PROTOCOL_VERSION); - return -EINVAL; - } - - write_lock_bh(&ip_set_lock); - if (find_set_type(set_type->typename)) { - / Duplicate! / - ip_set_printk("'%s' already registered!", - set_type->typename); - ret = -EINVAL; - goto unlock; - } - if (!try_module_get(THIS_MODULE)) { - ret = -EFAULT; - goto unlock; - } - list_add(&set_type->list, &set_type_list); - DP("'%s' registered.", set_type->typename); - unlock: - write_unlock_bh(&ip_set_lock); - return ret; -} - -void -ip_set_unregister_set_type(struct ip_set_type set_type) -{ - write_lock_bh(&ip_set_lock); - if (!find_set_type(set_type->typename)) { - ip_set_printk("'%s' not registered?", - set_type->typename); - goto unlock; - } - list_del(&set_type->list); - module_put(THIS_MODULE); - DP("'%s' unregistered.", set_type->typename); - unlock: - write_unlock_bh(&ip_set_lock); - -} - -ip_set_id_t -__ip_set_get_byname(const char name, struct ip_set set) -{ - ip_set_id_t i, index = IP_SET_INVALID_ID; - - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL - && STREQ(ip_set_list[i]->name, name)) { - __ip_set_get(i); - index = i; - set = ip_set_list[i]; - break; - } - } - return index; -} - -void -__ip_set_put_byindex(ip_set_id_t index) -{ - if (ip_set_list[index]) - __ip_set_put(index); -} - -/* - * Userspace routines - / - -/ - * Find set by name, reference it once. The reference makes sure the - * thing pointed to, does not go away under our feet. Drop the reference - * later, using ip_set_put(). - / -ip_set_id_t -ip_set_get_byname(const char name) -{ - ip_set_id_t i, index = IP_SET_INVALID_ID; - - down(&ip_set_app_mutex); - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL - && STREQ(ip_set_list[i]->name, name)) { - __ip_set_get(i); - index = i; - break; - } - } - up(&ip_set_app_mutex); - return index; -} - -/* - * Find set by index, reference it once. The reference makes sure the - * thing pointed to, does not go away under our feet. Drop the reference - * later, using ip_set_put(). - / -ip_set_id_t -ip_set_get_byindex(ip_set_id_t index) -{ - down(&ip_set_app_mutex); - - if (index >= ip_set_max) - return IP_SET_INVALID_ID; - - if (ip_set_list[index]) - __ip_set_get(index); - else - index = IP_SET_INVALID_ID; - - up(&ip_set_app_mutex); - return index; -} - -/ - * Find the set id belonging to the index. - * We are protected by the mutex, so we do not need to use - * ip_set_lock. There is no need to reference the sets either. - / -ip_set_id_t -ip_set_id(ip_set_id_t index) -{ - if (index >= ip_set_max \|\| !ip_set_list[index]) - return IP_SET_INVALID_ID; - - return ip_set_list[index]->id; -} - -/ - * If the given set pointer points to a valid set, decrement - * reference count by 1. The caller shall not assume the index - * to be valid, after calling this function. - / -void -ip_set_put_byindex(ip_set_id_t index) -{ - down(&ip_set_app_mutex); - if (ip_set_list[index]) - __ip_set_put(index); - up(&ip_set_app_mutex); -} - -/ Find a set by name or index / -static ip_set_id_t -ip_set_find_byname(const char name) -{ - ip_set_id_t i, index = IP_SET_INVALID_ID; - - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL - && STREQ(ip_set_list[i]->name, name)) { - index = i; - break; - } - } - return index; -} - -static ip_set_id_t -ip_set_find_byindex(ip_set_id_t index) -{ - if (index >= ip_set_max \|\| ip_set_list[index] == NULL) - index = IP_SET_INVALID_ID; - - return index; -} - -/* - * Add, del and test - / - -static int -ip_set_addip(struct ip_set set, const void data, u_int32_t size) -{ - int res; - - IP_SET_ASSERT(set); - do { - write_lock_bh(&set->lock); - res = set->type->addip(set, data, size); - write_unlock_bh(&set->lock); - } while (res == -EAGAIN - && set->type->retry - && (res = set->type->retry(set)) == 0); - - return res; -} - -static int -ip_set_delip(struct ip_set set, const void data, u_int32_t size) -{ - int res; - - IP_SET_ASSERT(set); - - write_lock_bh(&set->lock); - res = set->type->delip(set, data, size); - write_unlock_bh(&set->lock); - - return res; -} - -static int -ip_set_testip(struct ip_set set, const void data, u_int32_t size) -{ - int res; - - IP_SET_ASSERT(set); - - read_lock_bh(&set->lock); - res = set->type->testip(set, data, size); - read_unlock_bh(&set->lock); - - return (res > 0 ? -EEXIST : res); -} - -static struct ip_set_type -find_set_type_rlock(const char typename) -{ - struct ip_set_type type; - - read_lock_bh(&ip_set_lock); - type = find_set_type(typename); - if (type == NULL) - read_unlock_bh(&ip_set_lock); - - return type; -} - -static int -find_free_id(const char name, - ip_set_id_t index, - ip_set_id_t id) -{ - ip_set_id_t i; - - id = IP_SET_INVALID_ID; - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] == NULL) { - if (id == IP_SET_INVALID_ID) - id = index = i; - } else if (STREQ(name, ip_set_list[i]->name)) - / Name clash / - return -EEXIST; - } - if (id == IP_SET_INVALID_ID) - /* No free slot remained / - return -ERANGE; - / Check that index is usable as id (swapping) / - check: - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL - && ip_set_list[i]->id == id) { - id = i; - goto check; - } - } - return 0; -} - -/ - * Create a set - / -static int -ip_set_create(const char name, - const char typename, - ip_set_id_t restore, - const void data, - u_int32_t size) -{ - struct ip_set set; - ip_set_id_t index = 0, id; - int res = 0; - - DP("setname: %s, typename: %s, id: %u", name, typename, restore); - - / - * First, and without any locks, allocate and initialize - * a normal base set structure. - / - set = kmalloc(sizeof(struct ip_set), GFP_KERNEL); - if (!set) - return -ENOMEM; - rwlock_init(&set->lock); - strncpy(set->name, name, IP_SET_MAXNAMELEN); - atomic_set(&set->ref, 0); - - / - * Next, take the &ip_set_lock, check that we know the type, - * and take a reference on the type, to make sure it - * stays available while constructing our new set. - * - * After referencing the type, we drop the &ip_set_lock, - * and let the new set construction run without locks. - / - set->type = find_set_type_rlock(typename); - if (set->type == NULL) { - / Try loading the module / - char modulename[IP_SET_MAXNAMELEN + strlen("ip_set_") + 1]; - strcpy(modulename, "ip_set_"); - strcat(modulename, typename); - DP("try to load %s", modulename); - request_module(modulename); - set->type = find_set_type_rlock(typename); - } - if (set->type == NULL) { - ip_set_printk("no set type '%s', set '%s' not created", - typename, name); - res = -ENOENT; - goto out; - } - if (!try_module_get(set->type->me)) { - read_unlock_bh(&ip_set_lock); - res = -EFAULT; - goto out; - } - read_unlock_bh(&ip_set_lock); - - / Check request size / - if (size != set->type->header_size) { - ip_set_printk("data length wrong (want %lu, have %lu)", - (long unsigned)set->type->header_size, - (long unsigned)size); - goto put_out; - } - - / - * Without holding any locks, create private part. - / - res = set->type->create(set, data, size); - if (res != 0) - goto put_out; - - / BTW, res==0 here. / - - / - * Here, we have a valid, constructed set. &ip_set_lock again, - * find free id/index and check that it is not already in - * ip_set_list. - / - write_lock_bh(&ip_set_lock); - if ((res = find_free_id(set->name, &index, &id)) != 0) { - DP("no free id!"); - goto cleanup; - } - - / Make sure restore gets the same index / - if (restore != IP_SET_INVALID_ID && index != restore) { - DP("Can't restore, sets are screwed up"); - res = -ERANGE; - goto cleanup; - } - - / - * Finally! Add our shiny new set to the list, and be done. - / - DP("create: '%s' created with index %u, id %u!", set->name, index, id); - set->id = id; - ip_set_list[index] = set; - write_unlock_bh(&ip_set_lock); - return res; - - cleanup: - write_unlock_bh(&ip_set_lock); - set->type->destroy(set); - put_out: - module_put(set->type->me); - out: - kfree(set); - return res; -} - -/ - * Destroy a given existing set - / -static void -ip_set_destroy_set(ip_set_id_t index) -{ - struct ip_set set = ip_set_list[index]; - - IP_SET_ASSERT(set); - DP("set: %s", set->name); - write_lock_bh(&ip_set_lock); - ip_set_list[index] = NULL; - write_unlock_bh(&ip_set_lock); - - /* Must call it without holding any lock / - set->type->destroy(set); - module_put(set->type->me); - kfree(set); -} - -/ - * Destroy a set - or all sets - * Sets must not be referenced/used. - / -static int -ip_set_destroy(ip_set_id_t index) -{ - ip_set_id_t i; - - / ref modification always protected by the mutex / - if (index != IP_SET_INVALID_ID) { - if (atomic_read(&ip_set_list[index]->ref)) - return -EBUSY; - ip_set_destroy_set(index); - } else { - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL - && (atomic_read(&ip_set_list[i]->ref))) - return -EBUSY; - } - - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL) - ip_set_destroy_set(i); - } - } - return 0; -} - -static void -ip_set_flush_set(struct ip_set set) -{ - DP("set: %s %u", set->name, set->id); - - write_lock_bh(&set->lock); - set->type->flush(set); - write_unlock_bh(&set->lock); -} - -/* - * Flush data in a set - or in all sets - / -static int -ip_set_flush(ip_set_id_t index) -{ - if (index != IP_SET_INVALID_ID) { - IP_SET_ASSERT(ip_set_list[index]); - ip_set_flush_set(ip_set_list[index]); - } else { - ip_set_id_t i; - - for (i = 0; i < ip_set_max; i++) - if (ip_set_list[i] != NULL) - ip_set_flush_set(ip_set_list[i]); - } - - return 0; -} - -/ Rename a set / -static int -ip_set_rename(ip_set_id_t index, const char name) -{ - struct ip_set set = ip_set_list[index]; - ip_set_id_t i; - int res = 0; - - DP("set: %s to %s", set->name, name); - write_lock_bh(&ip_set_lock); - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL - && STREQ(ip_set_list[i]->name, name)) { - res = -EEXIST; - goto unlock; - } - } - strncpy(set->name, name, IP_SET_MAXNAMELEN); - unlock: - write_unlock_bh(&ip_set_lock); - return res; -} - -/ - * Swap two sets so that name/index points to the other. - * References are also swapped. - / -static int -ip_set_swap(ip_set_id_t from_index, ip_set_id_t to_index) -{ - struct ip_set from = ip_set_list[from_index]; - struct ip_set to = ip_set_list[to_index]; - char from_name[IP_SET_MAXNAMELEN]; - u_int32_t from_ref; - - DP("set: %s to %s", from->name, to->name); - / Features must not change. - * Not an artifical restriction anymore, as we must prevent - * possible loops created by swapping in setlist type of sets. / - if (from->type->features != to->type->features) - return -ENOEXEC; - - / No magic here: ref munging protected by the mutex / - write_lock_bh(&ip_set_lock); - strncpy(from_name, from->name, IP_SET_MAXNAMELEN); - from_ref = atomic_read(&from->ref); - - strncpy(from->name, to->name, IP_SET_MAXNAMELEN); - atomic_set(&from->ref, atomic_read(&to->ref)); - strncpy(to->name, from_name, IP_SET_MAXNAMELEN); - atomic_set(&to->ref, from_ref); - - ip_set_list[from_index] = to; - ip_set_list[to_index] = from; - - write_unlock_bh(&ip_set_lock); - return 0; -} - -/ - * List set data - / - -static int -ip_set_list_set(ip_set_id_t index, void data, int used, int len) -{ - struct ip_set set = ip_set_list[index]; - struct ip_set_list set_list; - - / Pointer to our header / - set_list = data + used; - - DP("set: %s, used: %d len %u %p %p", set->name, used, len, data, data + used); - - /* Get and ensure header size / - if (used + ALIGNED(sizeof(struct ip_set_list)) > len) - goto not_enough_mem; - used += ALIGNED(sizeof(struct ip_set_list)); - - read_lock_bh(&set->lock); - / Get and ensure set specific header size / - set_list->header_size = ALIGNED(set->type->header_size); - if (used + set_list->header_size > len) - goto unlock_set; - - /* Fill in the header / - set_list->index = index; - set_list->binding = IP_SET_INVALID_ID; - set_list->ref = atomic_read(&set->ref); - - / Fill in set spefific header data / - set->type->list_header(set, data + used); - used += set_list->header_size; - - / Get and ensure set specific members size / - set_list->members_size = set->type->list_members_size(set, DONT_ALIGN); - if (used + set_list->members_size > len) - goto unlock_set; - - /* Fill in set spefific members data / - set->type->list_members(set, data + used, DONT_ALIGN); - used += set_list->members_size; - read_unlock_bh(&set->lock); - - / Bindings / - set_list->bindings_size = 0; - - return 0; - - unlock_set: - read_unlock_bh(&set->lock); - not_enough_mem: - DP("not enough mem, try again"); - return -EAGAIN; -} - -/ - * Save sets - / -static inline int -ip_set_save_marker(void data, int used, int len) -{ - struct ip_set_save set_save; - - DP("used %u, len %u", used, len); - / Get and ensure header size / - if (used + ALIGNED(sizeof(struct ip_set_save)) > len) - return -ENOMEM; - - /* Marker: just for backward compatibility / - set_save = data + used; - set_save->index = IP_SET_INVALID_ID; - set_save->header_size = 0; - set_save->members_size = 0; - used += ALIGNED(sizeof(struct ip_set_save)); - - return 0; -} - -static int -ip_set_save_set(ip_set_id_t index, void data, int used, int len) -{ - struct ip_set set; - struct ip_set_save set_save; - - / Pointer to our header / - set_save = data + used; - - /* Get and ensure header size / - if (used + ALIGNED(sizeof(struct ip_set_save)) > len) - goto not_enough_mem; - used += ALIGNED(sizeof(struct ip_set_save)); - - set = ip_set_list[index]; - DP("set: %s, used: %d(%d) %p %p", set->name, used, len, - data, data + used); - - read_lock_bh(&set->lock); - / Get and ensure set specific header size / - set_save->header_size = ALIGNED(set->type->header_size); - if (used + set_save->header_size > len) - goto unlock_set; - - /* Fill in the header / - set_save->index = index; - set_save->binding = IP_SET_INVALID_ID; - - / Fill in set spefific header data / - set->type->list_header(set, data + used); - used += set_save->header_size; - - DP("set header filled: %s, used: %d(%lu) %p %p", set->name, used, - (unsigned long)set_save->header_size, data, data + used); - / Get and ensure set specific members size / - set_save->members_size = set->type->list_members_size(set, DONT_ALIGN); - if (used + set_save->members_size > len) - goto unlock_set; - - /* Fill in set spefific members data / - set->type->list_members(set, data + used, DONT_ALIGN); - used += set_save->members_size; - read_unlock_bh(&set->lock); - DP("set members filled: %s, used: %d(%lu) %p %p", set->name, used, - (unsigned long)set_save->members_size, data, data + used); - return 0; - - unlock_set: - read_unlock_bh(&set->lock); - not_enough_mem: - DP("not enough mem, try again"); - return -EAGAIN; -} - -/ - * Restore sets - / -static int -ip_set_restore(void data, int len) -{ - int res = 0; - int line = 0, used = 0, members_size; - struct ip_set set; - struct ip_set_restore set_restore; - ip_set_id_t index; - - /* Loop to restore sets / - while (1) { - line++; - - DP("%d %zu %d", used, ALIGNED(sizeof(struct ip_set_restore)), len); - / Get and ensure header size / - if (used + ALIGNED(sizeof(struct ip_set_restore)) > len) - return line; - set_restore = data + used; - used += ALIGNED(sizeof(struct ip_set_restore)); - - / Ensure data size / - if (used - + set_restore->header_size - + set_restore->members_size > len) - return line; - - / Check marker / - if (set_restore->index == IP_SET_INVALID_ID) { - line--; - goto finish; - } - - / Try to create the set / - DP("restore %s %s", set_restore->name, set_restore->typename); - res = ip_set_create(set_restore->name, - set_restore->typename, - set_restore->index, - data + used, - set_restore->header_size); - - if (res != 0) - return line; - used += ALIGNED(set_restore->header_size); - - index = ip_set_find_byindex(set_restore->index); - DP("index %u, restore_index %u", index, set_restore->index); - if (index != set_restore->index) - return line; - / Try to restore members data / - set = ip_set_list[index]; - members_size = 0; - DP("members_size %lu reqsize %lu", - (unsigned long)set_restore->members_size, - (unsigned long)set->type->reqsize); - while (members_size + ALIGNED(set->type->reqsize) <= - set_restore->members_size) { - line++; - DP("members: %d, line %d", members_size, line); - res = ip_set_addip(set, - data + used + members_size, - set->type->reqsize); - if (!(res == 0 \|\| res == -EEXIST)) - return line; - members_size += ALIGNED(set->type->reqsize); - } - - DP("members_size %lu %d", - (unsigned long)set_restore->members_size, members_size); - if (members_size != set_restore->members_size) - return line++; - used += set_restore->members_size; - } - - finish: - if (used != len) - return line; - - return 0; -} - -static int -ip_set_sockfn_set(struct sock sk, int optval, void user, unsigned int len) -{ - void data; - int res = 0; /* Assume OK / - size_t offset; - unsigned op; - struct ip_set_req_adt req_adt; - ip_set_id_t index = IP_SET_INVALID_ID; - int (adtfn)(struct ip_set set, - const void data, u_int32_t size); - struct fn_table { - int (fn)(struct ip_set set, - const void data, u_int32_t size); - } adtfn_table[] = - { { ip_set_addip }, { ip_set_delip }, { ip_set_testip}, - }; - - DP("optval=%d, user=%p, len=%d", optval, user, len); - if (!capable(CAP_NET_ADMIN)) - return -EPERM; - if (optval != SO_IP_SET) - return -EBADF; - if (len <= sizeof(unsigned)) { - ip_set_printk("short userdata (want >%zu, got %u)", - sizeof(unsigned), len); - return -EINVAL; - } - data = vmalloc(len); - if (!data) { - DP("out of mem for %u bytes", len); - return -ENOMEM; - } - if (copy_from_user(data, user, len) != 0) { - res = -EFAULT; - goto cleanup; - } - if (down_interruptible(&ip_set_app_mutex)) { - res = -EINTR; - goto cleanup; - } - - op = (unsigned )data; - DP("op=%x", op); - - if (op < IP_SET_OP_VERSION) { - /* Check the version at the beginning of operations / - struct ip_set_req_version req_version = data; - if (!(req_version->version == IP_SET_PROTOCOL_UNALIGNED - \|\| req_version->version == IP_SET_PROTOCOL_VERSION)) { - res = -EPROTO; - goto done; - } - protocol_version = req_version->version; - } - - switch (op) { - case IP_SET_OP_CREATE:{ - struct ip_set_req_create req_create = data; - offset = ALIGNED(sizeof(struct ip_set_req_create)); - - if (len < offset) { - ip_set_printk("short CREATE data (want >=%zu, got %u)", - offset, len); - res = -EINVAL; - goto done; - } - req_create->name[IP_SET_MAXNAMELEN - 1] = '\0'; - req_create->typename[IP_SET_MAXNAMELEN - 1] = '\0'; - res = ip_set_create(req_create->name, - req_create->typename, - IP_SET_INVALID_ID, - data + offset, - len - offset); - goto done; - } - case IP_SET_OP_DESTROY:{ - struct ip_set_req_std req_destroy = data; - - if (len != sizeof(struct ip_set_req_std)) { - ip_set_printk("invalid DESTROY data (want %zu, got %u)", - sizeof(struct ip_set_req_std), len); - res = -EINVAL; - goto done; - } - if (STREQ(req_destroy->name, IPSET_TOKEN_ALL)) { - / Destroy all sets / - index = IP_SET_INVALID_ID; - } else { - req_destroy->name[IP_SET_MAXNAMELEN - 1] = '\0'; - index = ip_set_find_byname(req_destroy->name); - - if (index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - } - - res = ip_set_destroy(index); - goto done; - } - case IP_SET_OP_FLUSH:{ - struct ip_set_req_std req_flush = data; - - if (len != sizeof(struct ip_set_req_std)) { - ip_set_printk("invalid FLUSH data (want %zu, got %u)", - sizeof(struct ip_set_req_std), len); - res = -EINVAL; - goto done; - } - if (STREQ(req_flush->name, IPSET_TOKEN_ALL)) { - /* Flush all sets / - index = IP_SET_INVALID_ID; - } else { - req_flush->name[IP_SET_MAXNAMELEN - 1] = '\0'; - index = ip_set_find_byname(req_flush->name); - - if (index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - } - res = ip_set_flush(index); - goto done; - } - case IP_SET_OP_RENAME:{ - struct ip_set_req_create req_rename = data; - - if (len != sizeof(struct ip_set_req_create)) { - ip_set_printk("invalid RENAME data (want %zu, got %u)", - sizeof(struct ip_set_req_create), len); - res = -EINVAL; - goto done; - } - - req_rename->name[IP_SET_MAXNAMELEN - 1] = '\0'; - req_rename->typename[IP_SET_MAXNAMELEN - 1] = '\0'; - - index = ip_set_find_byname(req_rename->name); - if (index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - res = ip_set_rename(index, req_rename->typename); - goto done; - } - case IP_SET_OP_SWAP:{ - struct ip_set_req_create req_swap = data; - ip_set_id_t to_index; - - if (len != sizeof(struct ip_set_req_create)) { - ip_set_printk("invalid SWAP data (want %zu, got %u)", - sizeof(struct ip_set_req_create), len); - res = -EINVAL; - goto done; - } - - req_swap->name[IP_SET_MAXNAMELEN - 1] = '\0'; - req_swap->typename[IP_SET_MAXNAMELEN - 1] = '\0'; - - index = ip_set_find_byname(req_swap->name); - if (index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - to_index = ip_set_find_byname(req_swap->typename); - if (to_index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - res = ip_set_swap(index, to_index); - goto done; - } - default: - break; / Set identified by id / - } - - / There we may have add/del/test/bind/unbind/test_bind operations / - if (op < IP_SET_OP_ADD_IP \|\| op > IP_SET_OP_TEST_IP) { - res = -EBADMSG; - goto done; - } - adtfn = adtfn_table[op - IP_SET_OP_ADD_IP].fn; - - if (len < ALIGNED(sizeof(struct ip_set_req_adt))) { - ip_set_printk("short data in adt request (want >=%zu, got %u)", - ALIGNED(sizeof(struct ip_set_req_adt)), len); - res = -EINVAL; - goto done; - } - req_adt = data; - - index = ip_set_find_byindex(req_adt->index); - if (index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - do { - struct ip_set set = ip_set_list[index]; - size_t offset = ALIGNED(sizeof(struct ip_set_req_adt)); - - IP_SET_ASSERT(set); - - if (len - offset != set->type->reqsize) { - ip_set_printk("data length wrong (want %lu, have %zu)", - (long unsigned)set->type->reqsize, - len - offset); - res = -EINVAL; - goto done; - } - res = adtfn(set, data + offset, len - offset); - } while (0); - - done: - up(&ip_set_app_mutex); - cleanup: - vfree(data); - if (res > 0) - res = 0; - DP("final result %d", res); - return res; -} - -static int -ip_set_sockfn_get(struct sock sk, int optval, void user, int len) -{ - int res = 0; - unsigned op; - ip_set_id_t index = IP_SET_INVALID_ID; - void data; - int copylen = len; - - DP("optval=%d, user=%p, len=%d", optval, user, len); - if (!capable(CAP_NET_ADMIN)) - return -EPERM; - if (optval != SO_IP_SET) - return -EBADF; - if (len < sizeof(unsigned)) { - ip_set_printk("short userdata (want >=%zu, got %d)", - sizeof(unsigned), len); - return -EINVAL; - } - data = vmalloc(len); - if (!data) { - DP("out of mem for %d bytes", len); - return -ENOMEM; - } - if (copy_from_user(data, user, len) != 0) { - res = -EFAULT; - goto cleanup; - } - if (down_interruptible(&ip_set_app_mutex)) { - res = -EINTR; - goto cleanup; - } - - op = (unsigned ) data; - DP("op=%x", op); - - if (op < IP_SET_OP_VERSION) { - /* Check the version at the beginning of operations / - struct ip_set_req_version req_version = data; - if (!(req_version->version == IP_SET_PROTOCOL_UNALIGNED - \|\| req_version->version == IP_SET_PROTOCOL_VERSION)) { - res = -EPROTO; - goto done; - } - protocol_version = req_version->version; - } - - switch (op) { - case IP_SET_OP_VERSION: { - struct ip_set_req_version req_version = data; - - if (len != sizeof(struct ip_set_req_version)) { - ip_set_printk("invalid VERSION (want %zu, got %d)", - sizeof(struct ip_set_req_version), - len); - res = -EINVAL; - goto done; - } - - req_version->version = IP_SET_PROTOCOL_VERSION; - res = copy_to_user(user, req_version, - sizeof(struct ip_set_req_version)); - goto done; - } - case IP_SET_OP_GET_BYNAME: { - struct ip_set_req_get_set req_get = data; - - if (len != sizeof(struct ip_set_req_get_set)) { - ip_set_printk("invalid GET_BYNAME (want %zu, got %d)", - sizeof(struct ip_set_req_get_set), len); - res = -EINVAL; - goto done; - } - req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; - index = ip_set_find_byname(req_get->set.name); - req_get->set.index = index; - goto copy; - } - case IP_SET_OP_GET_BYINDEX: { - struct ip_set_req_get_set req_get = data; - - if (len != sizeof(struct ip_set_req_get_set)) { - ip_set_printk("invalid GET_BYINDEX (want %zu, got %d)", - sizeof(struct ip_set_req_get_set), len); - res = -EINVAL; - goto done; - } - req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; - index = ip_set_find_byindex(req_get->set.index); - strncpy(req_get->set.name, - index == IP_SET_INVALID_ID ? "" - : ip_set_list[index]->name, IP_SET_MAXNAMELEN); - goto copy; - } - case IP_SET_OP_ADT_GET: { - struct ip_set_req_adt_get req_get = data; - - if (len != sizeof(struct ip_set_req_adt_get)) { - ip_set_printk("invalid ADT_GET (want %zu, got %d)", - sizeof(struct ip_set_req_adt_get), len); - res = -EINVAL; - goto done; - } - req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; - index = ip_set_find_byname(req_get->set.name); - if (index != IP_SET_INVALID_ID) { - req_get->set.index = index; - strncpy(req_get->typename, - ip_set_list[index]->type->typename, - IP_SET_MAXNAMELEN - 1); - } else { - res = -ENOENT; - goto done; - } - goto copy; - } - case IP_SET_OP_MAX_SETS: { - struct ip_set_req_max_sets req_max_sets = data; - ip_set_id_t i; - - if (len != sizeof(struct ip_set_req_max_sets)) { - ip_set_printk("invalid MAX_SETS (want %zu, got %d)", - sizeof(struct ip_set_req_max_sets), len); - res = -EINVAL; - goto done; - } - - if (STREQ(req_max_sets->set.name, IPSET_TOKEN_ALL)) { - req_max_sets->set.index = IP_SET_INVALID_ID; - } else { - req_max_sets->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; - req_max_sets->set.index = - ip_set_find_byname(req_max_sets->set.name); - if (req_max_sets->set.index == IP_SET_INVALID_ID) { - res = -ENOENT; - goto done; - } - } - req_max_sets->max_sets = ip_set_max; - req_max_sets->sets = 0; - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] != NULL) - req_max_sets->sets++; - } - goto copy; - } - case IP_SET_OP_LIST_SIZE: - case IP_SET_OP_SAVE_SIZE: { - struct ip_set_req_setnames req_setnames = data; - struct ip_set_name_list name_list; - struct ip_set set; - ip_set_id_t i; - int used; - - if (len < ALIGNED(sizeof(struct ip_set_req_setnames))) { - ip_set_printk("short LIST_SIZE (want >=%zu, got %d)", - ALIGNED(sizeof(struct ip_set_req_setnames)), - len); - res = -EINVAL; - goto done; - } - - req_setnames->size = 0; - used = ALIGNED(sizeof(struct ip_set_req_setnames)); - for (i = 0; i < ip_set_max; i++) { - if (ip_set_list[i] == NULL) - continue; - name_list = data + used; - used += ALIGNED(sizeof(struct ip_set_name_list)); - if (used > copylen) { - res = -EAGAIN; - goto done; - } - set = ip_set_list[i]; - / Fill in index, name, etc. / - name_list->index = i; - name_list->id = set->id; - strncpy(name_list->name, - set->name, - IP_SET_MAXNAMELEN - 1); - strncpy(name_list->typename, - set->type->typename, - IP_SET_MAXNAMELEN - 1); - DP("filled %s of type %s, index %u\n", - name_list->name, name_list->typename, - name_list->index); - if (!(req_setnames->index == IP_SET_INVALID_ID - \|\| req_setnames->index == i)) - continue; - / Update size / - req_setnames->size += - (op == IP_SET_OP_LIST_SIZE ? - ALIGNED(sizeof(struct ip_set_list)) : - ALIGNED(sizeof(struct ip_set_save))) - + ALIGNED(set->type->header_size) - + set->type->list_members_size(set, DONT_ALIGN); - } - if (copylen != used) { - res = -EAGAIN; - goto done; - } - goto copy; - } - case IP_SET_OP_LIST: { - struct ip_set_req_list req_list = data; - ip_set_id_t i; - int used; - - if (len < sizeof(struct ip_set_req_list)) { - ip_set_printk("short LIST (want >=%zu, got %d)", - sizeof(struct ip_set_req_list), len); - res = -EINVAL; - goto done; - } - index = req_list->index; - if (index != IP_SET_INVALID_ID - && ip_set_find_byindex(index) != index) { - res = -ENOENT; - goto done; - } - used = 0; - if (index == IP_SET_INVALID_ID) { - / List all sets / - for (i = 0; i < ip_set_max && res == 0; i++) { - if (ip_set_list[i] != NULL) - res = ip_set_list_set(i, data, &used, len); - } - } else { - /* List an individual set / - res = ip_set_list_set(index, data, &used, len); - } - if (res != 0) - goto done; - else if (copylen != used) { - res = -EAGAIN; - goto done; - } - goto copy; - } - case IP_SET_OP_SAVE: { - struct ip_set_req_list req_save = data; - ip_set_id_t i; - int used; - - if (len < sizeof(struct ip_set_req_list)) { - ip_set_printk("short SAVE (want >=%zu, got %d)", - sizeof(struct ip_set_req_list), len); - res = -EINVAL; - goto done; - } - index = req_save->index; - if (index != IP_SET_INVALID_ID - && ip_set_find_byindex(index) != index) { - res = -ENOENT; - goto done; - } - -#define SETLIST(set) (strcmp(set->type->typename, "setlist") == 0) - - used = 0; - if (index == IP_SET_INVALID_ID) { - / Save all sets: ugly setlist type dependency / - int setlist = 0; - setlists: - for (i = 0; i < ip_set_max && res == 0; i++) { - if (ip_set_list[i] != NULL - && !(setlist ^ SETLIST(ip_set_list[i]))) - res = ip_set_save_set(i, data, &used, len); - } - if (!setlist) { - setlist = 1; - goto setlists; - } - } else { - /* Save an individual set / - res = ip_set_save_set(index, data, &used, len); - } - if (res == 0) - res = ip_set_save_marker(data, &used, len); - - if (res != 0) - goto done; - else if (copylen != used) { - res = -EAGAIN; - goto done; - } - goto copy; - } - case IP_SET_OP_RESTORE: { - struct ip_set_req_setnames req_restore = data; - size_t offset = ALIGNED(sizeof(struct ip_set_req_setnames)); - int line; - - if (len < offset \|\| len != req_restore->size) { - ip_set_printk("invalid RESTORE (want =%lu, got %d)", - (long unsigned)req_restore->size, len); - res = -EINVAL; - goto done; - } - line = ip_set_restore(data + offset, req_restore->size - offset); - DP("ip_set_restore: %d", line); - if (line != 0) { - res = -EAGAIN; - req_restore->size = line; - copylen = sizeof(struct ip_set_req_setnames); - goto copy; - } - goto done; - } - default: - res = -EBADMSG; - goto done; - } / end of switch(op) / - - copy: - DP("set %s, copylen %d", index != IP_SET_INVALID_ID - && ip_set_list[index] - ? ip_set_list[index]->name - : ":all:", copylen); - res = copy_to_user(user, data, copylen); - - done: - up(&ip_set_app_mutex); - cleanup: - vfree(data); - if (res > 0) - res = 0; - DP("final result %d", res); - return res; -} - -static struct nf_sockopt_ops so_set = { - .pf = PF_INET, - .set_optmin = SO_IP_SET, - .set_optmax = SO_IP_SET + 1, - .set = &ip_set_sockfn_set, - .get_optmin = SO_IP_SET, - .get_optmax = SO_IP_SET + 1, - .get = &ip_set_sockfn_get, -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) - .use = 0, -#else - .owner = THIS_MODULE, -#endif -}; - -static int max_sets; - -module_param(max_sets, int, 0600); -MODULE_PARM_DESC(max_sets, "maximal number of sets"); -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("module implementing core IP set support"); - -static int __init -ip_set_init(void) -{ - int res; - - / For the -rt branch, DECLARE_MUTEX/init_MUTEX avoided / - sema_init(&ip_set_app_mutex, 1); - - if (max_sets) - ip_set_max = max_sets; - if (ip_set_max >= IP_SET_INVALID_ID) - ip_set_max = IP_SET_INVALID_ID - 1; - - ip_set_list = vmalloc(sizeof(struct ip_set ) * ip_set_max); - if (!ip_set_list) { - printk(KERN_ERR "Unable to create ip_set_list\n"); - return -ENOMEM; - } - memset(ip_set_list, 0, sizeof(struct ip_set ) ip_set_max); - - INIT_LIST_HEAD(&set_type_list); - - res = nf_register_sockopt(&so_set); - if (res != 0) { - ip_set_printk("SO_SET registry failed: %d", res); - vfree(ip_set_list); - return res; - } - - printk("ip_set version %u loaded\n", IP_SET_PROTOCOL_VERSION); - return 0; -} - -static void __exit -ip_set_fini(void) -{ - /* There can't be any existing set or binding */ - nf_unregister_sockopt(&so_set); - vfree(ip_set_list); - DP("these are the famous last words"); -} - -EXPORT_SYMBOL(ip_set_register_set_type); -EXPORT_SYMBOL(ip_set_unregister_set_type); - -EXPORT_SYMBOL(ip_set_get_byname); -EXPORT_SYMBOL(ip_set_get_byindex); -EXPORT_SYMBOL(ip_set_put_byindex); -EXPORT_SYMBOL(ip_set_id); -EXPORT_SYMBOL(__ip_set_get_byname); -EXPORT_SYMBOL(__ip_set_put_byindex); - -EXPORT_SYMBOL(ip_set_addip_kernel); -EXPORT_SYMBOL(ip_set_delip_kernel); -EXPORT_SYMBOL(ip_set_testip_kernel); - -module_init(ip_set_init); -module_exit(ip_set_fini);
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set.h ^
@@ -1,569 +0,0 @@ -#ifndef _IP_SET_H -#define _IP_SET_H - -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Martin Josefsson <gandalf@wlug.westbo.se> - * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -#ifndef CONFIG_IP_NF_SET_MAX - / from 2 to 65534 / -# define CONFIG_IP_NF_SET_MAX 256 -#endif -#ifndef CONFIG_IP_NF_SET_HASHSIZE -# define CONFIG_IP_NF_SET_HASHSIZE 1024 -#endif - -#if 0 -#define IP_SET_DEBUG -#endif - -/ - * A sockopt of such quality has hardly ever been seen before on the open - * market! This little beauty, hardly ever used: above 64, so it's - * traditionally used for firewalling, not touched (even once!) by the - * 2.0, 2.2 and 2.4 kernels! - * - * Comes with its own certificate of authenticity, valid anywhere in the - * Free world! - * - * Rusty, 19.4.2000 - / -#define SO_IP_SET 83 - -/ - * Heavily modify by Joakim Axelsson 08.03.2002 - * - Made it more modulebased - * - * Additional heavy modifications by Jozsef Kadlecsik 22.02.2004 - * - bindings added - * - in order to "deal with" backward compatibility, renamed to ipset - / - -/ - * Used so that the kernel module and ipset-binary can match their versions - / -#define IP_SET_PROTOCOL_UNALIGNED 3 -#define IP_SET_PROTOCOL_VERSION 4 - -#define IP_SET_MAXNAMELEN 32 / set names and set typenames / - -/ Lets work with our own typedef for representing an IP address. - * We hope to make the code more portable, possibly to IPv6... - * - * The representation works in HOST byte order, because most set types - * will perform arithmetic operations and compare operations. - * - * For now the type is an uint32_t. - * - * Make sure to ONLY use the functions when translating and parsing - * in order to keep the host byte order and make it more portable: - * parse_ip() - * parse_mask() - * parse_ipandmask() - * ip_tostring() - * (Joakim: where are they???) - / - -typedef uint32_t ip_set_ip_t; - -/ Sets are identified by an id in kernel space. Tweak with ip_set_id_t - * and IP_SET_INVALID_ID if you want to increase the max number of sets. - / -typedef uint16_t ip_set_id_t; - -#define IP_SET_INVALID_ID 65535 - -/ How deep we follow bindings / -#define IP_SET_MAX_BINDINGS 6 - -/ - * Option flags for kernel operations (ipt_set_info) - / -#define IPSET_SRC 0x01 / Source match/add / -#define IPSET_DST 0x02 / Destination match/add / -#define IPSET_MATCH_INV 0x04 / Inverse matching / - -/ - * Set features - / -#define IPSET_TYPE_IP 0x01 / IP address type of set / -#define IPSET_TYPE_PORT 0x02 / Port type of set / -#define IPSET_DATA_SINGLE 0x04 / Single data storage / -#define IPSET_DATA_DOUBLE 0x08 / Double data storage / -#define IPSET_DATA_TRIPLE 0x10 / Triple data storage / -#define IPSET_TYPE_IP1 0x20 / IP address type of set / -#define IPSET_TYPE_SETNAME 0x40 / setname type of set / - -/ Reserved keywords / -#define IPSET_TOKEN_DEFAULT ":default:" -#define IPSET_TOKEN_ALL ":all:" - -/ SO_IP_SET operation constants, and their request struct types. - * - * Operation ids: - * 0-99: commands with version checking - * 100-199: add/del/test/bind/unbind - * 200-299: list, save, restore - / - -/ Single shot operations: - * version, create, destroy, flush, rename and swap - * - * Sets are identified by name. - / - -#define IP_SET_REQ_STD \ - unsigned op; \ - unsigned version; \ - char name[IP_SET_MAXNAMELEN] - -#define IP_SET_OP_CREATE 0x00000001 / Create a new (empty) set / -struct ip_set_req_create { - IP_SET_REQ_STD; - char typename[IP_SET_MAXNAMELEN]; -}; - -#define IP_SET_OP_DESTROY 0x00000002 / Remove a (empty) set / -struct ip_set_req_std { - IP_SET_REQ_STD; -}; - -#define IP_SET_OP_FLUSH 0x00000003 / Remove all IPs in a set / -/ Uses ip_set_req_std / - -#define IP_SET_OP_RENAME 0x00000004 / Rename a set / -/ Uses ip_set_req_create / - -#define IP_SET_OP_SWAP 0x00000005 / Swap two sets / -/ Uses ip_set_req_create / - -union ip_set_name_index { - char name[IP_SET_MAXNAMELEN]; - ip_set_id_t index; -}; - -#define IP_SET_OP_GET_BYNAME 0x00000006 / Get set index by name / -struct ip_set_req_get_set { - unsigned op; - unsigned version; - union ip_set_name_index set; -}; - -#define IP_SET_OP_GET_BYINDEX 0x00000007 / Get set name by index / -/ Uses ip_set_req_get_set / - -#define IP_SET_OP_VERSION 0x00000100 / Ask kernel version / -struct ip_set_req_version { - unsigned op; - unsigned version; -}; - -/ Double shots operations: - * add, del, test, bind and unbind. - * - * First we query the kernel to get the index and type of the target set, - * then issue the command. Validity of IP is checked in kernel in order - * to minimalize sockopt operations. - / - -/ Get minimal set data for add/del/test/bind/unbind IP / -#define IP_SET_OP_ADT_GET 0x00000010 / Get set and type / -struct ip_set_req_adt_get { - unsigned op; - unsigned version; - union ip_set_name_index set; - char typename[IP_SET_MAXNAMELEN]; -}; - -#define IP_SET_REQ_BYINDEX \ - unsigned op; \ - ip_set_id_t index; - -struct ip_set_req_adt { - IP_SET_REQ_BYINDEX; -}; - -#define IP_SET_OP_ADD_IP 0x00000101 / Add an IP to a set / -/ Uses ip_set_req_adt, with type specific addage / - -#define IP_SET_OP_DEL_IP 0x00000102 / Remove an IP from a set / -/ Uses ip_set_req_adt, with type specific addage / - -#define IP_SET_OP_TEST_IP 0x00000103 / Test an IP in a set / -/ Uses ip_set_req_adt, with type specific addage / - -#define IP_SET_OP_BIND_SET 0x00000104 / Bind an IP to a set / -/ Uses ip_set_req_bind, with type specific addage / -struct ip_set_req_bind { - IP_SET_REQ_BYINDEX; - char binding[IP_SET_MAXNAMELEN]; -}; - -#define IP_SET_OP_UNBIND_SET 0x00000105 / Unbind an IP from a set / -/ Uses ip_set_req_bind, with type speficic addage - * index = 0 means unbinding for all sets / - -#define IP_SET_OP_TEST_BIND_SET 0x00000106 / Test binding an IP to a set / -/ Uses ip_set_req_bind, with type specific addage / - -/ Multiple shots operations: list, save, restore. - * - * - check kernel version and query the max number of sets - * - get the basic information on all sets - * and size required for the next step - * - get actual set data: header, data, bindings - / - -/ Get max_sets and the index of a queried set - / -#define IP_SET_OP_MAX_SETS 0x00000020 -struct ip_set_req_max_sets { - unsigned op; - unsigned version; - ip_set_id_t max_sets; / max_sets / - ip_set_id_t sets; / real number of sets / - union ip_set_name_index set; / index of set if name used / -}; - -/ Get the id and name of the sets plus size for next step / -#define IP_SET_OP_LIST_SIZE 0x00000201 -#define IP_SET_OP_SAVE_SIZE 0x00000202 -struct ip_set_req_setnames { - unsigned op; - ip_set_id_t index; / set to list/save / - u_int32_t size; / size to get setdata / - / followed by sets number of struct ip_set_name_list / -}; - -struct ip_set_name_list { - char name[IP_SET_MAXNAMELEN]; - char typename[IP_SET_MAXNAMELEN]; - ip_set_id_t index; - ip_set_id_t id; -}; - -/ The actual list operation / -#define IP_SET_OP_LIST 0x00000203 -struct ip_set_req_list { - IP_SET_REQ_BYINDEX; - / sets number of struct ip_set_list in reply / -}; - -struct ip_set_list { - ip_set_id_t index; - ip_set_id_t binding; - u_int32_t ref; - u_int32_t header_size; / Set header data of header_size / - u_int32_t members_size; / Set members data of members_size / - u_int32_t bindings_size;/ Set bindings data of bindings_size / -}; - -struct ip_set_hash_list { - ip_set_ip_t ip; - ip_set_id_t binding; -}; - -/ The save operation / -#define IP_SET_OP_SAVE 0x00000204 -/ Uses ip_set_req_list, in the reply replaced by - * sets number of struct ip_set_save plus a marker - * ip_set_save followed by ip_set_hash_save structures. - / -struct ip_set_save { - ip_set_id_t index; - ip_set_id_t binding; - u_int32_t header_size; / Set header data of header_size / - u_int32_t members_size; / Set members data of members_size / -}; - -/ At restoring, ip == 0 means default binding for the given set: / -struct ip_set_hash_save { - ip_set_ip_t ip; - ip_set_id_t id; - ip_set_id_t binding; -}; - -/ The restore operation / -#define IP_SET_OP_RESTORE 0x00000205 -/ Uses ip_set_req_setnames followed by ip_set_restore structures - * plus a marker ip_set_restore, followed by ip_set_hash_save - * structures. - / -struct ip_set_restore { - char name[IP_SET_MAXNAMELEN]; - char typename[IP_SET_MAXNAMELEN]; - ip_set_id_t index; - u_int32_t header_size; / Create data of header_size / - u_int32_t members_size; / Set members data of members_size / -}; - -static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) -{ - return 4 ((((b - a + 8) / 8) + 3) / 4); -} - -/* General limit for the elements in a set / -#define MAX_RANGE 0x0000FFFF - -/ Alignment: 'unsigned long' unsupported / -#define IPSET_ALIGNTO 4 -#define IPSET_ALIGN(len) (((len) + IPSET_ALIGNTO - 1) & ~(IPSET_ALIGNTO - 1)) -#define IPSET_VALIGN(len, old) ((old) ? (len) : IPSET_ALIGN(len)) - -#ifdef __KERNEL__ -#include "ip_set_compat.h" -#include "ip_set_malloc.h" - -#define ip_set_printk(format, args...) \ - do { \ - printk("%s: %s: ", __FILE__, __FUNCTION__); \ - printk(format "\n" , ## args); \ - } while (0) - -#if defined(IP_SET_DEBUG) -#define DP(format, args...) \ - do { \ - printk("%s: %s (DBG): ", __FILE__, __FUNCTION__);\ - printk(format "\n" , ## args); \ - } while (0) -#define IP_SET_ASSERT(x) \ - do { \ - if (!(x)) \ - printk("IP_SET_ASSERT: %s:%i(%s)\n", \ - __FILE__, __LINE__, __FUNCTION__); \ - } while (0) -#else -#define DP(format, args...) -#define IP_SET_ASSERT(x) -#endif - -struct ip_set; - -/ - * The ip_set_type definition - one per set type, e.g. "ipmap". - * - * Each individual set has a pointer, set->type, going to one - * of these structures. Function pointers inside the structure implement - * the real behaviour of the sets. - * - * If not mentioned differently, the implementation behind the function - * pointers of a set_type, is expected to return 0 if ok, and a negative - * errno (e.g. -EINVAL) on error. - / -struct ip_set_type { - struct list_head list; / next in list of set types / - - / test for IP in set (kernel: iptables -m set src\|dst) - * return 0 if not in set, 1 if in set. - / - int (testip_kernel) (struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags); - - / test for IP in set (userspace: ipset -T set IP) - * return 0 if not in set, 1 if in set. - / - int (testip) (struct ip_set set, - const void data, u_int32_t size); - - /* - * Size of the data structure passed by when - * adding/deletin/testing an entry. - / - u_int32_t reqsize; - - / Add IP into set (userspace: ipset -A set IP) - * Return -EEXIST if the address is already in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address was not already in the set, 0 is returned. - / - int (addip) (struct ip_set set, - const void data, u_int32_t size); - - /* Add IP into set (kernel: iptables ... -j SET set src\|dst) - * Return -EEXIST if the address is already in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address was not already in the set, 0 is returned. - / - int (addip_kernel) (struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags); - - / remove IP from set (userspace: ipset -D set --entry x) - * Return -EEXIST if the address is NOT in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address really was in the set, 0 is returned. - / - int (delip) (struct ip_set set, - const void data, u_int32_t size); - - /* remove IP from set (kernel: iptables ... -j SET --entry x) - * Return -EEXIST if the address is NOT in the set, - * and -ERANGE if the address lies outside the set bounds. - * If the address really was in the set, 0 is returned. - / - int (delip_kernel) (struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags); - - / new set creation - allocated type specific items - / - int (create) (struct ip_set set, - const void data, u_int32_t size); - - /* retry the operation after successfully tweaking the set - / - int (retry) (struct ip_set set); - - / set destruction - free type specific items - * There is no return value. - * Can be called only when child sets are destroyed. - / - void (destroy) (struct ip_set set); - - / set flushing - reset all bits in the set, or something similar. - * There is no return value. - / - void (flush) (struct ip_set set); - - / Listing: size needed for header - / - u_int32_t header_size; - - / Listing: Get the header - * - * Fill in the information in "data". - * This function is always run after list_header_size() under a - * writelock on the set. Therefor is the length of "data" always - * correct. - / - void (list_header) (const struct ip_set set, - void data); - - /* Listing: Get the size for the set members - / - int (list_members_size) (const struct ip_set set, char dont_align); - - / Listing: Get the set members - * - * Fill in the information in "data". - * This function is always run after list_member_size() under a - * writelock on the set. Therefor is the length of "data" always - * correct. - / - void (list_members) (const struct ip_set set, - void data, char dont_align); - - char typename[IP_SET_MAXNAMELEN]; - unsigned char features; - int protocol_version; - - /* Set this to THIS_MODULE if you are a module, otherwise NULL / - struct module me; -}; - -extern int ip_set_register_set_type(struct ip_set_type set_type); -extern void ip_set_unregister_set_type(struct ip_set_type set_type); - -/* A generic ipset / -struct ip_set { - char name[IP_SET_MAXNAMELEN]; / the name of the set / - rwlock_t lock; / lock for concurrency control / - ip_set_id_t id; / set id for swapping / - atomic_t ref; / in kernel and in hash references / - struct ip_set_type type; /* the set types / - void data; /* pooltype specific data / -}; - -/ register and unregister set references / -extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]); -extern ip_set_id_t ip_set_get_byindex(ip_set_id_t index); -extern void ip_set_put_byindex(ip_set_id_t index); -extern ip_set_id_t ip_set_id(ip_set_id_t index); -extern ip_set_id_t __ip_set_get_byname(const char name[IP_SET_MAXNAMELEN], - struct ip_set set); -extern void __ip_set_put_byindex(ip_set_id_t index); - -/ API for iptables set match, and SET target / -extern int ip_set_addip_kernel(ip_set_id_t id, - const struct sk_buff skb, - const u_int32_t flags); -extern int ip_set_delip_kernel(ip_set_id_t id, - const struct sk_buff skb, - const u_int32_t flags); -extern int ip_set_testip_kernel(ip_set_id_t id, - const struct sk_buff skb, - const u_int32_t flags); - -/ Macros to generate functions / - -#define STRUCT(pre, type) CONCAT2(pre, type) -#define CONCAT2(pre, type) struct pre##type - -#define FNAME(pre, mid, post) CONCAT3(pre, mid, post) -#define CONCAT3(pre, mid, post) pre##mid##post - -#define UADT0(type, adt, args...) \ -static int \ -FNAME(type,_u,adt)(struct ip_set set, const void data, u_int32_t size)\ -{ \ - const STRUCT(ip_set_req_,type) req = data; \ - \ - return FNAME(type,_,adt)(set , ## args); \ -} - -#define UADT(type, adt, args...) \ - UADT0(type, adt, req->ip , ## args) - -#define KADT(type, adt, getfn, args...) \ -static int \ -FNAME(type,_k,adt)(struct ip_set set, \ - const struct sk_buff skb, \ - const u_int32_t flags) \ -{ \ - ip_set_ip_t ip = getfn(skb, flags); \ - \ - KADT_CONDITION \ - return FNAME(type,_,adt)(set, ip , ##args); \ -} - -#define REGISTER_MODULE(type) \ -static int __init ip_set_##type##_init(void) \ -{ \ - init_max_page_size(); \ - return ip_set_register_set_type(&ip_set_##type); \ -} \ - \ -static void __exit ip_set_##type##_fini(void) \ -{ \ - / FIXME: possible race with ip_set_create() / \ - ip_set_unregister_set_type(&ip_set_##type); \ -} \ - \ -module_init(ip_set_##type##_init); \ -module_exit(ip_set_##type##_fini); - -/ Common functions / - -static inline ip_set_ip_t -ipaddr(const struct sk_buff skb, const u_int32_t flags) -{ - return ntohl(flags[0] & IPSET_SRC ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -} - -#define jhash_ip(map, i, ip) jhash_1word(ip, (map->initval + i)) - -#define pack_ip_port(map, ip, port) \ - (port + ((ip - ((map)->first_ip)) << 16)) - -#endif /* __KERNEL__ / - -#define UNUSED __attribute__ ((unused)) - -#endif /_IP_SET_H*/
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_bitmaps.h ^
@@ -1,120 +0,0 @@ -#ifndef __IP_SET_BITMAPS_H -#define __IP_SET_BITMAPS_H - -/* Macros to generate functions / - -#ifdef __KERNEL__ -#define BITMAP_CREATE(type) \ -static int \ -type##_create(struct ip_set set, const void data, u_int32_t size) \ -{ \ - int newbytes; \ - const struct ip_set_req_##type##_create req = data; \ - struct ip_set_##type map; \ - \ - if (req->from > req->to) { \ - DP("bad range"); \ - return -ENOEXEC; \ - } \ - \ - map = kmalloc(sizeof(struct ip_set_##type), GFP_KERNEL); \ - if (!map) { \ - DP("out of memory for %zu bytes", \ - sizeof(struct ip_set_##type)); \ - return -ENOMEM; \ - } \ - map->first_ip = req->from; \ - map->last_ip = req->to; \ - \ - newbytes = __##type##_create(req, map); \ - if (newbytes < 0) { \ - kfree(map); \ - return newbytes; \ - } \ - \ - map->size = newbytes; \ - map->members = ip_set_malloc(newbytes); \ - if (!map->members) { \ - DP("out of memory for %i bytes", newbytes); \ - kfree(map); \ - return -ENOMEM; \ - } \ - memset(map->members, 0, newbytes); \ - \ - set->data = map; \ - return 0; \ -} - -#define BITMAP_DESTROY(type) \ -static void \ -type##_destroy(struct ip_set set) \ -{ \ - struct ip_set_##type map = set->data; \ - \ - ip_set_free(map->members, map->size); \ - kfree(map); \ - \ - set->data = NULL; \ -} - -#define BITMAP_FLUSH(type) \ -static void \ -type##_flush(struct ip_set set) \ -{ \ - struct ip_set_##type map = set->data; \ - memset(map->members, 0, map->size); \ -} - -#define BITMAP_LIST_HEADER(type) \ -static void \ -type##_list_header(const struct ip_set set, void data) \ -{ \ - const struct ip_set_##type map = set->data; \ - struct ip_set_req_##type##_create header = data; \ - \ - header->from = map->first_ip; \ - header->to = map->last_ip; \ - __##type##_list_header(map, header); \ -} - -#define BITMAP_LIST_MEMBERS_SIZE(type, dtype, sizeid, testfn) \ -static int \ -type##_list_members_size(const struct ip_set set, char dont_align) \ -{ \ - const struct ip_set_##type map = set->data; \ - ip_set_ip_t i, elements = 0; \ - \ - if (dont_align) \ - return map->size; \ - \ - for (i = 0; i < sizeid; i++) \ - if (testfn) \ - elements++; \ - \ - return elements IPSET_ALIGN(sizeof(dtype)); \ -} - -#define IP_SET_TYPE(type, __features) \ -struct ip_set_type ip_set_##type = { \ - .typename = #type, \ - .features = __features, \ - .protocol_version = IP_SET_PROTOCOL_VERSION, \ - .create = &type##_create, \ - .destroy = &type##_destroy, \ - .flush = &type##_flush, \ - .reqsize = sizeof(struct ip_set_req_##type), \ - .addip = &type##_uadd, \ - .addip_kernel = &type##_kadd, \ - .delip = &type##_udel, \ - .delip_kernel = &type##_kdel, \ - .testip = &type##_utest, \ - .testip_kernel = &type##_ktest, \ - .header_size = sizeof(struct ip_set_req_##type##_create),\ - .list_header = &type##_list_header, \ - .list_members_size = &type##_list_members_size, \ - .list_members = &type##_list_members, \ - .me = THIS_MODULE, \ -}; -#endif /* __KERNEL / - -#endif / __IP_SET_BITMAPS_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_compat.h ^
@@ -1,92 +0,0 @@ -#ifndef _IP_SET_COMPAT_H -#define _IP_SET_COMPAT_H - -#ifdef __KERNEL__ -#include <linux/version.h> - -/* Arrgh / -#ifdef MODULE -#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo) -#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo) -#else -#define __MOD_INC(foo) 1 -#define __MOD_DEC(foo) -#endif - -/ Backward compatibility / -#ifndef __nocast -#define __nocast -#endif -#ifndef __bitwise__ -#define __bitwise__ -#endif - -/ Compatibility glue code / -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#include <linux/interrupt.h> -#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED -#define try_module_get(x) __MOD_INC(x) -#define module_put(x) __MOD_DEC(x) -#define __clear_bit(nr, addr) clear_bit(nr, addr) -#define __set_bit(nr, addr) set_bit(nr, addr) -#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr) -#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr) - -typedef unsigned __bitwise__ gfp_t; - -static inline void kzalloc(size_t size, gfp_t flags) -{ - void data = kmalloc(size, flags); - - if (data) - memset(data, 0, size); - - return data; -} -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) -#define __KMEM_CACHE_T__ kmem_cache_t -#else -#define __KMEM_CACHE_T__ struct kmem_cache -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) -#define ip_hdr(skb) ((skb)->nh.iph) -#define skb_mac_header(skb) ((skb)->mac.raw) -#define eth_hdr(skb) ((struct ethhdr )skb_mac_header(skb)) -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) -#include <linux/netfilter.h> -#define KMEM_CACHE_CREATE(name, size) \ - kmem_cache_create(name, size, 0, 0, NULL, NULL) -#else -#define KMEM_CACHE_CREATE(name, size) \ - kmem_cache_create(name, size, 0, 0, NULL) -#endif - -#ifndef NIPQUAD -#define NIPQUAD(addr) \ - ((unsigned char )&addr)[0], \ - ((unsigned char )&addr)[1], \ - ((unsigned char )&addr)[2], \ - ((unsigned char )&addr)[3] -#endif - -#ifndef HIPQUAD -#if defined(__LITTLE_ENDIAN) -#define HIPQUAD(addr) \ - ((unsigned char )&addr)[3], \ - ((unsigned char )&addr)[2], \ - ((unsigned char )&addr)[1], \ - ((unsigned char )&addr)[0] -#elif defined(__BIG_ENDIAN) -#define HIPQUAD NIPQUAD -#else -#error "Please fix asm/byteorder.h" -#endif /* __LITTLE_ENDIAN / -#endif - -#endif / __KERNEL__ / -#endif / _IP_SET_COMPAT_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_getport.h ^
@@ -1,48 +0,0 @@ -#ifndef _IP_SET_GETPORT_H -#define _IP_SET_GETPORT_H - -#ifdef __KERNEL__ - -#define INVALID_PORT (MAX_RANGE + 1) - -/* We must handle non-linear skbs / -static inline ip_set_ip_t -get_port(const struct sk_buff skb, const u_int32_t flags) -{ - struct iphdr iph = ip_hdr(skb); - u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; - switch (iph->protocol) { - case IPPROTO_TCP: { - struct tcphdr tcph; - - /* See comments at tcp_match in ip_tables.c / - if (offset) - return INVALID_PORT; - - if (skb_copy_bits(skb, ip_hdr(skb)->ihl4, &tcph, sizeof(tcph)) < 0) - /* No choice either / - return INVALID_PORT; - - return ntohs(flags[0] & IPSET_SRC ? - tcph.source : tcph.dest); - } - case IPPROTO_UDP: { - struct udphdr udph; - - if (offset) - return INVALID_PORT; - - if (skb_copy_bits(skb, ip_hdr(skb)->ihl4, &udph, sizeof(udph)) < 0) - /* No choice either / - return INVALID_PORT; - - return ntohs(flags[0] & IPSET_SRC ? - udph.source : udph.dest); - } - default: - return INVALID_PORT; - } -} -#endif / __KERNEL__ / - -#endif /_IP_SET_GETPORT_H*/
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_hashes.h ^
@@ -1,314 +0,0 @@ -#ifndef __IP_SET_HASHES_H -#define __IP_SET_HASHES_H - -#define initval_t uint32_t - -/* Macros to generate functions / - -#ifdef __KERNEL__ -#define HASH_RETRY0(type, dtype, cond) \ -static int \ -type##_retry(struct ip_set set) \ -{ \ - struct ip_set_##type map = set->data, tmp; \ - dtype elem; \ - void members; \ - u_int32_t i, hashsize = map->hashsize; \ - int res; \ - \ - if (map->resize == 0) \ - return -ERANGE; \ - \ - again: \ - res = 0; \ - \ - /* Calculate new hash size / \ - hashsize += (hashsize map->resize)/100; \ - if (hashsize == map->hashsize) \ - hashsize++; \ - \ - ip_set_printk("rehashing of set %s triggered: " \ - "hashsize grows from %lu to %lu", \ - set->name, \ - (long unsigned)map->hashsize, \ - (long unsigned)hashsize); \ - \ - tmp = kmalloc(sizeof(struct ip_set_##type) \ - + map->probes * sizeof(initval_t), GFP_ATOMIC); \ - if (!tmp) { \ - DP("out of memory for %zu bytes", \ - sizeof(struct ip_set_##type) \ - + map->probes * sizeof(initval_t)); \ - return -ENOMEM; \ - } \ - tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\ - if (!tmp->members) { \ - DP("out of memory for %zu bytes", hashsize * sizeof(dtype));\ - kfree(tmp); \ - return -ENOMEM; \ - } \ - tmp->hashsize = hashsize; \ - tmp->elements = 0; \ - tmp->probes = map->probes; \ - tmp->resize = map->resize; \ - memcpy(tmp->initval, map->initval, map->probes * sizeof(initval_t));\ - __##type##_retry(tmp, map); \ - \ - write_lock_bh(&set->lock); \ - map = set->data; /* Play safe / \ - for (i = 0; i < map->hashsize && res == 0; i++) { \ - elem = HARRAY_ELEM(map->members, dtype , i); \ - if (cond) \ - res = __##type##_add(tmp, elem); \ - } \ - if (res) { \ - /* Failure, try again / \ - write_unlock_bh(&set->lock); \ - harray_free(tmp->members); \ - kfree(tmp); \ - goto again; \ - } \ - \ - / Success at resizing! / \ - members = map->members; \ - \ - map->hashsize = tmp->hashsize; \ - map->members = tmp->members; \ - write_unlock_bh(&set->lock); \ - \ - harray_free(members); \ - kfree(tmp); \ - \ - return 0; \ -} - -#define HASH_RETRY(type, dtype) \ - HASH_RETRY0(type, dtype, elem) - -#define HASH_RETRY2(type, dtype) \ - HASH_RETRY0(type, dtype, elem->ip \|\| elem->ip1) - -#define HASH_CREATE(type, dtype) \ -static int \ -type##_create(struct ip_set set, const void data, u_int32_t size) \ -{ \ - const struct ip_set_req_##type##_create req = data; \ - struct ip_set_##type map; \ - uint16_t i; \ - \ - if (req->hashsize < 1) { \ - ip_set_printk("hashsize too small"); \ - return -ENOEXEC; \ - } \ - \ - if (req->probes < 1) { \ - ip_set_printk("probes too small"); \ - return -ENOEXEC; \ - } \ - \ - map = kmalloc(sizeof(struct ip_set_##type) \ - + req->probes * sizeof(initval_t), GFP_KERNEL); \ - if (!map) { \ - DP("out of memory for %zu bytes", \ - sizeof(struct ip_set_##type) \ - + req->probes * sizeof(initval_t)); \ - return -ENOMEM; \ - } \ - for (i = 0; i < req->probes; i++) \ - get_random_bytes(((initval_t ) map->initval)+i, 4); \ - map->elements = 0; \ - map->hashsize = req->hashsize; \ - map->probes = req->probes; \ - map->resize = req->resize; \ - if (__##type##_create(req, map)) { \ - kfree(map); \ - return -ENOEXEC; \ - } \ - map->members = harray_malloc(map->hashsize, sizeof(dtype), GFP_KERNEL);\ - if (!map->members) { \ - DP("out of memory for %zu bytes", map->hashsize sizeof(dtype));\ - kfree(map); \ - return -ENOMEM; \ - } \ - \ - set->data = map; \ - return 0; \ -} - -#define HASH_DESTROY(type) \ -static void \ -type##_destroy(struct ip_set set) \ -{ \ - struct ip_set_##type map = set->data; \ - \ - harray_free(map->members); \ - kfree(map); \ - \ - set->data = NULL; \ -} - -#define HASH_FLUSH(type, dtype) \ -static void \ -type##_flush(struct ip_set set) \ -{ \ - struct ip_set_##type map = set->data; \ - harray_flush(map->members, map->hashsize, sizeof(dtype)); \ - map->elements = 0; \ -} - -#define HASH_FLUSH_CIDR(type, dtype) \ -static void \ -type##_flush(struct ip_set set) \ -{ \ - struct ip_set_##type map = set->data; \ - harray_flush(map->members, map->hashsize, sizeof(dtype)); \ - memset(map->cidr, 0, sizeof(map->cidr)); \ - memset(map->nets, 0, sizeof(map->nets)); \ - map->elements = 0; \ -} - -#define HASH_LIST_HEADER(type) \ -static void \ -type##_list_header(const struct ip_set set, void data) \ -{ \ - const struct ip_set_##type map = set->data; \ - struct ip_set_req_##type##_create header = data; \ - \ - header->hashsize = map->hashsize; \ - header->probes = map->probes; \ - header->resize = map->resize; \ - __##type##_list_header(map, header); \ -} - -#define HASH_LIST_MEMBERS_SIZE(type, dtype) \ -static int \ -type##_list_members_size(const struct ip_set set, char dont_align) \ -{ \ - const struct ip_set_##type map = set->data; \ - \ - return (map->elements * IPSET_VALIGN(sizeof(dtype), dont_align));\ -} - -#define HASH_LIST_MEMBERS(type, dtype) \ -static void \ -type##_list_members(const struct ip_set set, void data, char dont_align)\ -{ \ - const struct ip_set_##type map = set->data; \ - dtype elem, d; \ - uint32_t i, n = 0; \ - \ - for (i = 0; i < map->hashsize; i++) { \ - elem = HARRAY_ELEM(map->members, dtype , i); \ - if (elem) { \ - d = data + n IPSET_VALIGN(sizeof(dtype), dont_align);\ - d = elem; \ - n++; \ - } \ - } \ -} - -#define HASH_LIST_MEMBERS_MEMCPY(type, dtype, nonzero) \ -static void \ -type##_list_members(const struct ip_set set, void data, char dont_align)\ -{ \ - const struct ip_set_##type map = set->data; \ - dtype elem; \ - uint32_t i, n = 0; \ - \ - for (i = 0; i < map->hashsize; i++) { \ - elem = HARRAY_ELEM(map->members, dtype , i); \ - if (nonzero) { \ - memcpy(data + n IPSET_VALIGN(sizeof(dtype), dont_align),\ - elem, sizeof(dtype)); \ - n++; \ - } \ - } \ -} - -#define IP_SET_RTYPE(type, __features) \ -struct ip_set_type ip_set_##type = { \ - .typename = #type, \ - .features = __features, \ - .protocol_version = IP_SET_PROTOCOL_VERSION, \ - .create = &type##_create, \ - .retry = &type##_retry, \ - .destroy = &type##_destroy, \ - .flush = &type##_flush, \ - .reqsize = sizeof(struct ip_set_req_##type), \ - .addip = &type##_uadd, \ - .addip_kernel = &type##_kadd, \ - .delip = &type##_udel, \ - .delip_kernel = &type##_kdel, \ - .testip = &type##_utest, \ - .testip_kernel = &type##_ktest, \ - .header_size = sizeof(struct ip_set_req_##type##_create),\ - .list_header = &type##_list_header, \ - .list_members_size = &type##_list_members_size, \ - .list_members = &type##_list_members, \ - .me = THIS_MODULE, \ -}; - -/* Helper functions / -static inline void -add_cidr_size(uint8_t cidr, uint8_t size) -{ - uint8_t next; - int i; - - for (i = 0; i < 30 && cidr[i]; i++) { - if (cidr[i] < size) { - next = cidr[i]; - cidr[i] = size; - size = next; - } - } - if (i < 30) - cidr[i] = size; -} - -static inline void -del_cidr_size(uint8_t cidr, uint8_t size) -{ - int i; - - for (i = 0; i < 29 && cidr[i]; i++) { - if (cidr[i] == size) - cidr[i] = size = cidr[i+1]; - } - cidr[29] = 0; -} -#else -#include <arpa/inet.h> -#endif / __KERNEL / - -#ifndef UINT16_MAX -#define UINT16_MAX 65535 -#endif - -static unsigned char shifts[] = {255, 253, 249, 241, 225, 193, 129, 1}; - -static inline ip_set_ip_t -pack_ip_cidr(ip_set_ip_t ip, unsigned char cidr) -{ - ip_set_ip_t addr, paddr = &addr; - unsigned char n, t, a; - - addr = htonl(ip & (0xFFFFFFFF << (32 - (cidr)))); -#ifdef __KERNEL__ - DP("ip:%u.%u.%u.%u/%u", NIPQUAD(addr), cidr); -#endif - n = cidr / 8; - t = cidr % 8; - a = &((unsigned char )paddr)[n]; - a = a /(1 << (8 - t)) + shifts[t]; -#ifdef __KERNEL__ - DP("n: %u, t: %u, a: %u", n, t, a); - DP("ip:%u.%u.%u.%u/%u, %u.%u.%u.%u", - HIPQUAD(ip), cidr, NIPQUAD(addr)); -#endif - - return ntohl(addr); -} - - -#endif / __IP_SET_HASHES_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iphash.c ^
@@ -1,164 +0,0 @@ -/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an ip hash set / - -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include "ip_set_jhash.h" -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/random.h> - -#include <net/ip.h> - -#include "ip_set_iphash.h" - -static int limit = MAX_RANGE; - -static inline __u32 -iphash_id(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iphash map = set->data; - __u32 id; - u_int16_t i; - ip_set_ip_t elem; - - - ip &= map->netmask; - DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip)); - for (i = 0; i < map->probes; i++) { - id = jhash_ip(map, i, ip) % map->hashsize; - DP("hash key: %u", id); - elem = HARRAY_ELEM(map->members, ip_set_ip_t , id); - if (elem == ip) - return id; - /* No shortcut - there can be deleted entries. / - } - return UINT_MAX; -} - -static inline int -iphash_test(struct ip_set set, ip_set_ip_t ip) -{ - return (ip && iphash_id(set, ip) != UINT_MAX); -} - -#define KADT_CONDITION - -UADT(iphash, test) -KADT(iphash, test, ipaddr) - -static inline int -__iphash_add(struct ip_set_iphash map, ip_set_ip_t ip) -{ - __u32 probe; - u_int16_t i; - ip_set_ip_t elem, slot = NULL; - - for (i = 0; i < map->probes; i++) { - probe = jhash_ip(map, i, ip) % map->hashsize; - elem = HARRAY_ELEM(map->members, ip_set_ip_t , probe); - if (elem == ip) - return -EEXIST; - if (!(slot \|\| elem)) - slot = elem; - / There can be deleted entries, must check all slots / - } - if (slot) { - slot = ip; - map->elements++; - return 0; - } - / Trigger rehashing / - return -EAGAIN; -} - -static inline int -iphash_add(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iphash map = set->data; - - if (!ip \|\| map->elements >= limit) - return -ERANGE; - - ip &= map->netmask; - return __iphash_add(map, &ip); -} - -UADT(iphash, add) -KADT(iphash, add, ipaddr) - -static inline void -__iphash_retry(struct ip_set_iphash tmp, struct ip_set_iphash map) -{ - tmp->netmask = map->netmask; -} - -HASH_RETRY(iphash, ip_set_ip_t) - -static inline int -iphash_del(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iphash map = set->data; - ip_set_ip_t id, elem; - - if (!ip) - return -ERANGE; - - id = iphash_id(set, ip); - if (id == UINT_MAX) - return -EEXIST; - - elem = HARRAY_ELEM(map->members, ip_set_ip_t , id); - elem = 0; - map->elements--; - - return 0; -} - -UADT(iphash, del) -KADT(iphash, del, ipaddr) - -static inline int -__iphash_create(const struct ip_set_req_iphash_create req, - struct ip_set_iphash map) -{ - map->netmask = req->netmask; - - return 0; -} - -HASH_CREATE(iphash, ip_set_ip_t) -HASH_DESTROY(iphash) - -HASH_FLUSH(iphash, ip_set_ip_t) - -static inline void -__iphash_list_header(const struct ip_set_iphash map, - struct ip_set_req_iphash_create header) -{ - header->netmask = map->netmask; -} - -HASH_LIST_HEADER(iphash) -HASH_LIST_MEMBERS_SIZE(iphash, ip_set_ip_t) -HASH_LIST_MEMBERS(iphash, ip_set_ip_t) - -IP_SET_RTYPE(iphash, IPSET_TYPE_IP \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("iphash type of IP sets"); -module_param(limit, int, 0600); -MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); - -REGISTER_MODULE(iphash)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iphash.h ^
@@ -1,30 +0,0 @@ -#ifndef __IP_SET_IPHASH_H -#define __IP_SET_IPHASH_H - -#include "ip_set.h" -#include "ip_set_hashes.h" - -#define SETTYPE_NAME "iphash" - -struct ip_set_iphash { - ip_set_ip_t members; / the iphash proper / - uint32_t elements; / number of elements / - uint32_t hashsize; / hash size / - uint16_t probes; / max number of probes / - uint16_t resize; / resize factor in percent / - ip_set_ip_t netmask; / netmask / - initval_t initval[0]; / initvals for jhash_1word / -}; - -struct ip_set_req_iphash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t netmask; -}; - -struct ip_set_req_iphash { - ip_set_ip_t ip; -}; - -#endif / __IP_SET_IPHASH_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipmap.c ^
@@ -1,158 +0,0 @@ -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an IP set type: the single bitmap type / - -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> - -#include "ip_set_ipmap.h" - -static inline ip_set_ip_t -ip_to_id(const struct ip_set_ipmap map, ip_set_ip_t ip) -{ - return ((ip & map->netmask) - map->first_ip)/map->hosts; -} - -static inline int -ipmap_test(const struct ip_set set, ip_set_ip_t ip) -{ - const struct ip_set_ipmap map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip)); - return !!test_bit(ip_to_id(map, ip), map->members); -} - -#define KADT_CONDITION - -UADT(ipmap, test) -KADT(ipmap, test, ipaddr) - -static inline int -ipmap_add(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_ipmap map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip)); - if (test_and_set_bit(ip_to_id(map, ip), map->members)) - return -EEXIST; - - return 0; -} - -UADT(ipmap, add) -KADT(ipmap, add, ipaddr) - -static inline int -ipmap_del(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_ipmap map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip)); - if (!test_and_clear_bit(ip_to_id(map, ip), map->members)) - return -EEXIST; - - return 0; -} - -UADT(ipmap, del) -KADT(ipmap, del, ipaddr) - -static inline int -__ipmap_create(const struct ip_set_req_ipmap_create req, - struct ip_set_ipmap map) -{ - map->netmask = req->netmask; - - if (req->netmask == 0xFFFFFFFF) { - map->hosts = 1; - map->sizeid = map->last_ip - map->first_ip + 1; - } else { - unsigned int mask_bits, netmask_bits; - ip_set_ip_t mask; - - map->first_ip &= map->netmask; /* Should we better bark? / - - mask = range_to_mask(map->first_ip, map->last_ip, &mask_bits); - netmask_bits = mask_to_bits(map->netmask); - - if ((!mask && (map->first_ip \|\| map->last_ip != 0xFFFFFFFF)) - \|\| netmask_bits <= mask_bits) - return -ENOEXEC; - - DP("mask_bits %u, netmask_bits %u", - mask_bits, netmask_bits); - map->hosts = 2 << (32 - netmask_bits - 1); - map->sizeid = 2 << (netmask_bits - mask_bits - 1); - } - if (map->sizeid > MAX_RANGE + 1) { - ip_set_printk("range too big, %d elements (max %d)", - map->sizeid, MAX_RANGE+1); - return -ENOEXEC; - } - DP("hosts %u, sizeid %u", map->hosts, map->sizeid); - return bitmap_bytes(0, map->sizeid - 1); -} - -BITMAP_CREATE(ipmap) -BITMAP_DESTROY(ipmap) -BITMAP_FLUSH(ipmap) - -static inline void -__ipmap_list_header(const struct ip_set_ipmap map, - struct ip_set_req_ipmap_create header) -{ - header->netmask = map->netmask; -} - -BITMAP_LIST_HEADER(ipmap) -BITMAP_LIST_MEMBERS_SIZE(ipmap, ip_set_ip_t, map->sizeid, - test_bit(i, map->members)) - -static void -ipmap_list_members(const struct ip_set set, void data, char dont_align) -{ - const struct ip_set_ipmap map = set->data; - uint32_t i, n = 0; - ip_set_ip_t d; - - if (dont_align) { - memcpy(data, map->members, map->size); - return; - } - - for (i = 0; i < map->sizeid; i++) - if (test_bit(i, map->members)) { - d = data + n IPSET_ALIGN(sizeof(ip_set_ip_t)); - d = map->first_ip + i map->hosts; - n++; - } -} - -IP_SET_TYPE(ipmap, IPSET_TYPE_IP \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("ipmap type of IP sets"); - -REGISTER_MODULE(ipmap)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipmap.h ^
@@ -1,57 +0,0 @@ -#ifndef __IP_SET_IPMAP_H -#define __IP_SET_IPMAP_H - -#include "ip_set.h" -#include "ip_set_bitmaps.h" - -#define SETTYPE_NAME "ipmap" - -struct ip_set_ipmap { - void members; / the ipmap proper / - ip_set_ip_t first_ip; / host byte order, included in range / - ip_set_ip_t last_ip; / host byte order, included in range / - ip_set_ip_t netmask; / subnet netmask / - ip_set_ip_t sizeid; / size of set in IPs / - ip_set_ip_t hosts; / number of hosts in a subnet / - u_int32_t size; / size of the ipmap proper / -}; - -struct ip_set_req_ipmap_create { - ip_set_ip_t from; - ip_set_ip_t to; - ip_set_ip_t netmask; -}; - -struct ip_set_req_ipmap { - ip_set_ip_t ip; -}; - -static inline unsigned int -mask_to_bits(ip_set_ip_t mask) -{ - unsigned int bits = 32; - ip_set_ip_t maskaddr; - - if (mask == 0xFFFFFFFF) - return bits; - - maskaddr = 0xFFFFFFFE; - while (--bits > 0 && maskaddr != mask) - maskaddr <<= 1; - - return bits; -} - -static inline ip_set_ip_t -range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int bits) -{ - ip_set_ip_t mask = 0xFFFFFFFE; - - bits = 32; - while (--(bits) > 0 && mask && (to & mask) != from) - mask <<= 1; - - return mask; -} - -#endif /* __IP_SET_IPMAP_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipporthash.c ^
@@ -1,197 +0,0 @@ -/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an ip+port hash set / - -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/ip.h> -#include <linux/tcp.h> -#include <linux/udp.h> -#include <linux/skbuff.h> -#include "ip_set_jhash.h" -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/random.h> - -#include <net/ip.h> - -#include "ip_set_ipporthash.h" -#include "ip_set_getport.h" - -static int limit = MAX_RANGE; - -static inline __u32 -ipporthash_id(struct ip_set set, ip_set_ip_t ip, ip_set_ip_t port) -{ - struct ip_set_ipporthash map = set->data; - __u32 id; - u_int16_t i; - ip_set_ip_t elem; - - ip = pack_ip_port(map, ip, port); - - if (!ip) - return UINT_MAX; - - for (i = 0; i < map->probes; i++) { - id = jhash_ip(map, i, ip) % map->hashsize; - DP("hash key: %u", id); - elem = HARRAY_ELEM(map->members, ip_set_ip_t , id); - if (elem == ip) - return id; - /* No shortcut - there can be deleted entries. / - } - return UINT_MAX; -} - -static inline int -ipporthash_test(struct ip_set set, ip_set_ip_t ip, ip_set_ip_t port) -{ - struct ip_set_ipporthash map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - return (ipporthash_id(set, ip, port) != UINT_MAX); -} - -#define KADT_CONDITION \ - ip_set_ip_t port; \ - \ - if (flags[1] == 0) \ - return 0; \ - \ - port = get_port(skb, ++flags); \ - \ - if (port == INVALID_PORT) \ - return 0; - -UADT(ipporthash, test, req->port) -KADT(ipporthash, test, ipaddr, port) - -static inline int -__ipporthash_add(struct ip_set_ipporthash map, ip_set_ip_t ip) -{ - __u32 probe; - u_int16_t i; - ip_set_ip_t elem, slot = NULL; - - for (i = 0; i < map->probes; i++) { - probe = jhash_ip(map, i, ip) % map->hashsize; - elem = HARRAY_ELEM(map->members, ip_set_ip_t , probe); - if (elem == ip) - return -EEXIST; - if (!(slot \|\| elem)) - slot = elem; - /* There can be deleted entries, must check all slots / - } - if (slot) { - slot = ip; - map->elements++; - return 0; - } - / Trigger rehashing / - return -EAGAIN; -} - -static inline int -ipporthash_add(struct ip_set set, ip_set_ip_t ip, ip_set_ip_t port) -{ - struct ip_set_ipporthash map = set->data; - if (map->elements > limit) - return -ERANGE; - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - ip = pack_ip_port(map, ip, port); - - if (!ip) - return -ERANGE; - - return __ipporthash_add(map, &ip); -} - -UADT(ipporthash, add, req->port) -KADT(ipporthash, add, ipaddr, port) - -static inline void -__ipporthash_retry(struct ip_set_ipporthash tmp, - struct ip_set_ipporthash map) -{ - tmp->first_ip = map->first_ip; - tmp->last_ip = map->last_ip; -} - -HASH_RETRY(ipporthash, ip_set_ip_t) - -static inline int -ipporthash_del(struct ip_set set, ip_set_ip_t ip, ip_set_ip_t port) -{ - struct ip_set_ipporthash map = set->data; - ip_set_ip_t id; - ip_set_ip_t elem; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - id = ipporthash_id(set, ip, port); - - if (id == UINT_MAX) - return -EEXIST; - - elem = HARRAY_ELEM(map->members, ip_set_ip_t , id); - elem = 0; - map->elements--; - - return 0; -} - -UADT(ipporthash, del, req->port) -KADT(ipporthash, del, ipaddr, port) - -static inline int -__ipporthash_create(const struct ip_set_req_ipporthash_create req, - struct ip_set_ipporthash map) -{ - if (req->to - req->from > MAX_RANGE) { - ip_set_printk("range too big, %d elements (max %d)", - req->to - req->from + 1, MAX_RANGE+1); - return -ENOEXEC; - } - map->first_ip = req->from; - map->last_ip = req->to; - return 0; -} - -HASH_CREATE(ipporthash, ip_set_ip_t) -HASH_DESTROY(ipporthash) -HASH_FLUSH(ipporthash, ip_set_ip_t) - -static inline void -__ipporthash_list_header(const struct ip_set_ipporthash map, - struct ip_set_req_ipporthash_create header) -{ - header->from = map->first_ip; - header->to = map->last_ip; -} - -HASH_LIST_HEADER(ipporthash) -HASH_LIST_MEMBERS_SIZE(ipporthash, ip_set_ip_t) -HASH_LIST_MEMBERS(ipporthash, ip_set_ip_t) - -IP_SET_RTYPE(ipporthash, IPSET_TYPE_IP \| IPSET_TYPE_PORT \| IPSET_DATA_DOUBLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("ipporthash type of IP sets"); -module_param(limit, int, 0600); -MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); - -REGISTER_MODULE(ipporthash)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipporthash.h ^
@@ -1,33 +0,0 @@ -#ifndef __IP_SET_IPPORTHASH_H -#define __IP_SET_IPPORTHASH_H - -#include "ip_set.h" -#include "ip_set_hashes.h" - -#define SETTYPE_NAME "ipporthash" - -struct ip_set_ipporthash { - ip_set_ip_t members; / the ipporthash proper / - uint32_t elements; / number of elements / - uint32_t hashsize; / hash size / - uint16_t probes; / max number of probes / - uint16_t resize; / resize factor in percent / - ip_set_ip_t first_ip; / host byte order, included in range / - ip_set_ip_t last_ip; / host byte order, included in range / - initval_t initval[0]; / initvals for jhash_1word / -}; - -struct ip_set_req_ipporthash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_ipporthash { - ip_set_ip_t ip; - ip_set_ip_t port; -}; - -#endif / __IP_SET_IPPORTHASH_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportiphash.c ^
@@ -1,215 +0,0 @@ -/* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an ip+port+ip hash set / - -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/ip.h> -#include <linux/tcp.h> -#include <linux/udp.h> -#include <linux/skbuff.h> -#include "ip_set_jhash.h" -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/random.h> - -#include <net/ip.h> - -#include "ip_set_ipportiphash.h" -#include "ip_set_getport.h" - -static int limit = MAX_RANGE; - -#define jhash_ip2(map, i, ipport, ip1) \ - jhash_2words(ipport, ip1, (map->initval + i)) - -static inline __u32 -ipportiphash_id(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1) -{ - struct ip_set_ipportiphash map = set->data; - __u32 id; - u_int16_t i; - struct ipportip elem; - - ip = pack_ip_port(map, ip, port); - if (!(ip \|\| ip1)) - return UINT_MAX; - - for (i = 0; i < map->probes; i++) { - id = jhash_ip2(map, i, ip, ip1) % map->hashsize; - DP("hash key: %u", id); - elem = HARRAY_ELEM(map->members, struct ipportip , id); - if (elem->ip == ip && elem->ip1 == ip1) - return id; - /* No shortcut - there can be deleted entries. / - } - return UINT_MAX; -} - -static inline int -ipportiphash_test(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1) -{ - struct ip_set_ipportiphash map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - return (ipportiphash_id(set, ip, port, ip1) != UINT_MAX); -} - -#define KADT_CONDITION \ - ip_set_ip_t port, ip1; \ - \ - if (flags[2] == 0) \ - return 0; \ - \ - port = get_port(skb, ++flags); \ - ip1 = ipaddr(skb, ++flags); \ - \ - if (port == INVALID_PORT) \ - return 0; - -UADT(ipportiphash, test, req->port, req->ip1) -KADT(ipportiphash, test, ipaddr, port, ip1) - -static inline int -__ipportip_add(struct ip_set_ipportiphash map, - ip_set_ip_t ip, ip_set_ip_t ip1) -{ - __u32 probe; - u_int16_t i; - struct ipportip elem, slot = NULL; - - for (i = 0; i < map->probes; i++) { - probe = jhash_ip2(map, i, ip, ip1) % map->hashsize; - elem = HARRAY_ELEM(map->members, struct ipportip , probe); - if (elem->ip == ip && elem->ip1 == ip1) - return -EEXIST; - if (!(slot \|\| elem->ip \|\| elem->ip1)) - slot = elem; - / There can be deleted entries, must check all slots / - } - if (slot) { - slot->ip = ip; - slot->ip1 = ip1; - map->elements++; - return 0; - } - / Trigger rehashing / - return -EAGAIN; -} - -static inline int -__ipportiphash_add(struct ip_set_ipportiphash map, - struct ipportip elem) -{ - return __ipportip_add(map, elem->ip, elem->ip1); -} - -static inline int -ipportiphash_add(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1) -{ - struct ip_set_ipportiphash map = set->data; - - if (map->elements > limit) - return -ERANGE; - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - ip = pack_ip_port(map, ip, port); - if (!(ip \|\| ip1)) - return -ERANGE; - - return __ipportip_add(map, ip, ip1); -} - -UADT(ipportiphash, add, req->port, req->ip1) -KADT(ipportiphash, add, ipaddr, port, ip1) - -static inline void -__ipportiphash_retry(struct ip_set_ipportiphash tmp, - struct ip_set_ipportiphash map) -{ - tmp->first_ip = map->first_ip; - tmp->last_ip = map->last_ip; -} - -HASH_RETRY2(ipportiphash, struct ipportip) - -static inline int -ipportiphash_del(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1) -{ - struct ip_set_ipportiphash map = set->data; - ip_set_ip_t id; - struct ipportip elem; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - id = ipportiphash_id(set, ip, port, ip1); - - if (id == UINT_MAX) - return -EEXIST; - - elem = HARRAY_ELEM(map->members, struct ipportip , id); - elem->ip = elem->ip1 = 0; - map->elements--; - - return 0; -} - -UADT(ipportiphash, del, req->port, req->ip1) -KADT(ipportiphash, del, ipaddr, port, ip1) - -static inline int -__ipportiphash_create(const struct ip_set_req_ipportiphash_create req, - struct ip_set_ipportiphash map) -{ - if (req->to - req->from > MAX_RANGE) { - ip_set_printk("range too big, %d elements (max %d)", - req->to - req->from + 1, MAX_RANGE+1); - return -ENOEXEC; - } - map->first_ip = req->from; - map->last_ip = req->to; - return 0; -} - -HASH_CREATE(ipportiphash, struct ipportip) -HASH_DESTROY(ipportiphash) -HASH_FLUSH(ipportiphash, struct ipportip) - -static inline void -__ipportiphash_list_header(const struct ip_set_ipportiphash map, - struct ip_set_req_ipportiphash_create *header) -{ - header->from = map->first_ip; - header->to = map->last_ip; -} - -HASH_LIST_HEADER(ipportiphash) -HASH_LIST_MEMBERS_SIZE(ipportiphash, struct ipportip) -HASH_LIST_MEMBERS_MEMCPY(ipportiphash, struct ipportip, - (elem->ip \|\| elem->ip1)) - -IP_SET_RTYPE(ipportiphash, IPSET_TYPE_IP \| IPSET_TYPE_PORT - \| IPSET_TYPE_IP1 \| IPSET_DATA_TRIPLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("ipportiphash type of IP sets"); -module_param(limit, int, 0600); -MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); - -REGISTER_MODULE(ipportiphash)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportiphash.h ^
@@ -1,39 +0,0 @@ -#ifndef __IP_SET_IPPORTIPHASH_H -#define __IP_SET_IPPORTIPHASH_H - -#include "ip_set.h" -#include "ip_set_hashes.h" - -#define SETTYPE_NAME "ipportiphash" - -struct ipportip { - ip_set_ip_t ip; - ip_set_ip_t ip1; -}; - -struct ip_set_ipportiphash { - struct ipportip members; / the ipportip proper / - uint32_t elements; / number of elements / - uint32_t hashsize; / hash size / - uint16_t probes; / max number of probes / - uint16_t resize; / resize factor in percent / - ip_set_ip_t first_ip; / host byte order, included in range / - ip_set_ip_t last_ip; / host byte order, included in range / - initval_t initval[0]; / initvals for jhash_1word / -}; - -struct ip_set_req_ipportiphash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_ipportiphash { - ip_set_ip_t ip; - ip_set_ip_t port; - ip_set_ip_t ip1; -}; - -#endif / __IP_SET_IPPORTIPHASH_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportnethash.c ^
@@ -1,298 +0,0 @@ -/* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an ip+port+net hash set / - -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/ip.h> -#include <linux/tcp.h> -#include <linux/udp.h> -#include <linux/skbuff.h> -#include "ip_set_jhash.h" -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/random.h> - -#include <net/ip.h> - -#include "ip_set_ipportnethash.h" -#include "ip_set_getport.h" - -static int limit = MAX_RANGE; - -#define jhash_ip2(map, i, ipport, ip1) \ - jhash_2words(ipport, ip1, (map->initval + i)) - -static inline __u32 -ipportnethash_id_cidr(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, - ip_set_ip_t ip1, uint8_t cidr) -{ - struct ip_set_ipportnethash map = set->data; - __u32 id; - u_int16_t i; - struct ipportip elem; - - ip = pack_ip_port(map, ip, port); - ip1 = pack_ip_cidr(ip1, cidr); - if (!(ip \|\| ip1)) - return UINT_MAX; - - for (i = 0; i < map->probes; i++) { - id = jhash_ip2(map, i, ip, ip1) % map->hashsize; - DP("hash key: %u", id); - elem = HARRAY_ELEM(map->members, struct ipportip , id); - if (elem->ip == ip && elem->ip1 == ip1) - return id; - /* No shortcut - there can be deleted entries. / - } - return UINT_MAX; -} - -static inline __u32 -ipportnethash_id(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1) -{ - struct ip_set_ipportnethash map = set->data; - __u32 id = UINT_MAX; - int i; - - for (i = 0; i < 30 && map->cidr[i]; i++) { - id = ipportnethash_id_cidr(set, ip, port, ip1, map->cidr[i]); - if (id != UINT_MAX) - break; - } - return id; -} - -static inline int -ipportnethash_test_cidr(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, - ip_set_ip_t ip1, uint8_t cidr) -{ - struct ip_set_ipportnethash map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - return (ipportnethash_id_cidr(set, ip, port, ip1, cidr) != UINT_MAX); -} - -static inline int -ipportnethash_test(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, ip_set_ip_t ip1) -{ - struct ip_set_ipportnethash map = set->data; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - - return (ipportnethash_id(set, ip, port, ip1) != UINT_MAX); -} - -static int -ipportnethash_utest(struct ip_set set, const void data, u_int32_t size) -{ - const struct ip_set_req_ipportnethash req = data; - - if (req->cidr <= 0 \|\| req->cidr > 32) - return -EINVAL; - return (req->cidr == 32 - ? ipportnethash_test(set, req->ip, req->port, req->ip1) - : ipportnethash_test_cidr(set, req->ip, req->port, - req->ip1, req->cidr)); -} - -#define KADT_CONDITION \ - ip_set_ip_t port, ip1; \ - \ - if (flags[2] == 0) \ - return 0; \ - \ - port = get_port(skb, ++flags); \ - ip1 = ipaddr(skb, ++flags); \ - \ - if (port == INVALID_PORT) \ - return 0; - -KADT(ipportnethash, test, ipaddr, port, ip1) - -static inline int -__ipportnet_add(struct ip_set_ipportnethash map, - ip_set_ip_t ip, ip_set_ip_t ip1) -{ - __u32 probe; - u_int16_t i; - struct ipportip elem, slot = NULL; - - for (i = 0; i < map->probes; i++) { - probe = jhash_ip2(map, i, ip, ip1) % map->hashsize; - elem = HARRAY_ELEM(map->members, struct ipportip , probe); - if (elem->ip == ip && elem->ip1 == ip1) - return -EEXIST; - if (!(slot \|\| elem->ip \|\| elem->ip1)) - slot = elem; - /* There can be deleted entries, must check all slots / - } - if (slot) { - slot->ip = ip; - slot->ip1 = ip1; - map->elements++; - return 0; - } - / Trigger rehashing / - return -EAGAIN; -} - -static inline int -__ipportnethash_add(struct ip_set_ipportnethash map, - struct ipportip elem) -{ - return __ipportnet_add(map, elem->ip, elem->ip1); -} - -static inline int -ipportnethash_add(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, - ip_set_ip_t ip1, uint8_t cidr) -{ - struct ip_set_ipportnethash map = set->data; - struct ipportip; - int ret; - - if (map->elements > limit) - return -ERANGE; - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - if (cidr <= 0 \|\| cidr >= 32) - return -EINVAL; - if (map->nets[cidr-1] == UINT16_MAX) - return -ERANGE; - - ip = pack_ip_port(map, ip, port); - ip1 = pack_ip_cidr(ip1, cidr); - if (!(ip \|\| ip1)) - return -ERANGE; - - ret =__ipportnet_add(map, ip, ip1); - if (ret == 0) { - if (!map->nets[cidr-1]++) - add_cidr_size(map->cidr, cidr); - } - return ret; -} - -#undef KADT_CONDITION -#define KADT_CONDITION \ - struct ip_set_ipportnethash map = set->data; \ - uint8_t cidr = map->cidr[0] ? map->cidr[0] : 31; \ - ip_set_ip_t port, ip1; \ - \ - if (flags[2] == 0) \ - return 0; \ - \ - port = get_port(skb, flags++); \ - ip1 = ipaddr(skb, flags++); \ - \ - if (port == INVALID_PORT) \ - return 0; - -UADT(ipportnethash, add, req->port, req->ip1, req->cidr) -KADT(ipportnethash, add, ipaddr, port, ip1, cidr) - -static inline void -__ipportnethash_retry(struct ip_set_ipportnethash tmp, - struct ip_set_ipportnethash map) -{ - tmp->first_ip = map->first_ip; - tmp->last_ip = map->last_ip; - memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr)); - memcpy(tmp->nets, map->nets, sizeof(tmp->nets)); -} - -HASH_RETRY2(ipportnethash, struct ipportip) - -static inline int -ipportnethash_del(struct ip_set set, - ip_set_ip_t ip, ip_set_ip_t port, - ip_set_ip_t ip1, uint8_t cidr) -{ - struct ip_set_ipportnethash map = set->data; - ip_set_ip_t id; - struct ipportip elem; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - if (!ip) - return -ERANGE; - if (cidr <= 0 \|\| cidr >= 32) - return -EINVAL; - - id = ipportnethash_id_cidr(set, ip, port, ip1, cidr); - - if (id == UINT_MAX) - return -EEXIST; - - elem = HARRAY_ELEM(map->members, struct ipportip , id); - elem->ip = elem->ip1 = 0; - map->elements--; - if (!map->nets[cidr-1]--) - del_cidr_size(map->cidr, cidr); - - return 0; -} - -UADT(ipportnethash, del, req->port, req->ip1, req->cidr) -KADT(ipportnethash, del, ipaddr, port, ip1, cidr) - -static inline int -__ipportnethash_create(const struct ip_set_req_ipportnethash_create req, - struct ip_set_ipportnethash map) -{ - if (req->to - req->from > MAX_RANGE) { - ip_set_printk("range too big, %d elements (max %d)", - req->to - req->from + 1, MAX_RANGE+1); - return -ENOEXEC; - } - map->first_ip = req->from; - map->last_ip = req->to; - memset(map->cidr, 0, sizeof(map->cidr)); - memset(map->nets, 0, sizeof(map->nets)); - return 0; -} - -HASH_CREATE(ipportnethash, struct ipportip) -HASH_DESTROY(ipportnethash) -HASH_FLUSH_CIDR(ipportnethash, struct ipportip); - -static inline void -__ipportnethash_list_header(const struct ip_set_ipportnethash map, - struct ip_set_req_ipportnethash_create header) -{ - header->from = map->first_ip; - header->to = map->last_ip; -} - -HASH_LIST_HEADER(ipportnethash) - -HASH_LIST_MEMBERS_SIZE(ipportnethash, struct ipportip) -HASH_LIST_MEMBERS_MEMCPY(ipportnethash, struct ipportip, - (elem->ip \|\| elem->ip1)) - -IP_SET_RTYPE(ipportnethash, IPSET_TYPE_IP \| IPSET_TYPE_PORT - \| IPSET_TYPE_IP1 \| IPSET_DATA_TRIPLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("ipportnethash type of IP sets"); -module_param(limit, int, 0600); -MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); - -REGISTER_MODULE(ipportnethash)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_ipportnethash.h ^
@@ -1,42 +0,0 @@ -#ifndef __IP_SET_IPPORTNETHASH_H -#define __IP_SET_IPPORTNETHASH_H - -#include "ip_set.h" -#include "ip_set_hashes.h" - -#define SETTYPE_NAME "ipportnethash" - -struct ipportip { - ip_set_ip_t ip; - ip_set_ip_t ip1; -}; - -struct ip_set_ipportnethash { - struct ipportip members; / the ipportip proper / - uint32_t elements; / number of elements / - uint32_t hashsize; / hash size / - uint16_t probes; / max number of probes / - uint16_t resize; / resize factor in percent / - ip_set_ip_t first_ip; / host byte order, included in range / - ip_set_ip_t last_ip; / host byte order, included in range / - uint8_t cidr[30]; / CIDR sizes / - uint16_t nets[30]; / nr of nets by CIDR sizes / - initval_t initval[0]; / initvals for jhash_1word / -}; - -struct ip_set_req_ipportnethash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_ipportnethash { - ip_set_ip_t ip; - ip_set_ip_t port; - ip_set_ip_t ip1; - uint8_t cidr; -}; - -#endif / __IP_SET_IPPORTNETHASH_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptree.c ^
@@ -1,464 +0,0 @@ -/* Copyright (C) 2005-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an IP set type: the iptree type / - -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/ip.h> -#include <linux/jiffies.h> -#include <linux/skbuff.h> -#include <linux/slab.h> -#include <linux/delay.h> -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/timer.h> - -#include "ip_set.h" -#include "ip_set_bitmaps.h" -#include "ip_set_iptree.h" - -static int limit = MAX_RANGE; - -/ Garbage collection interval in seconds: / -#define IPTREE_GC_TIME 560 -/* Sleep so many milliseconds before trying again - * to delete the gc timer at destroying/flushing a set / -#define IPTREE_DESTROY_SLEEP 100 - -static __KMEM_CACHE_T__ branch_cachep; -static __KMEM_CACHE_T__ leaf_cachep; - - -#if defined(__LITTLE_ENDIAN) -#define ABCD(a,b,c,d,addrp) do { \ - a = ((unsigned char )addrp)[3]; \ - b = ((unsigned char )addrp)[2]; \ - c = ((unsigned char )addrp)[1]; \ - d = ((unsigned char )addrp)[0]; \ -} while (0) -#elif defined(__BIG_ENDIAN) -#define ABCD(a,b,c,d,addrp) do { \ - a = ((unsigned char )addrp)[0]; \ - b = ((unsigned char )addrp)[1]; \ - c = ((unsigned char )addrp)[2]; \ - d = ((unsigned char )addrp)[3]; \ -} while (0) -#else -#error "Please fix asm/byteorder.h" -#endif / __LITTLE_ENDIAN / - -#define TESTIP_WALK(map, elem, branch) do { \ - if ((map)->tree[elem]) { \ - branch = (map)->tree[elem]; \ - } else \ - return 0; \ -} while (0) - -static inline int -iptree_test(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iptree map = set->data; - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned char a,b,c,d; - - if (!ip) - return -ERANGE; - - ABCD(a, b, c, d, &ip); - DP("%u %u %u %u timeout %u", a, b, c, d, map->timeout); - TESTIP_WALK(map, a, btree); - TESTIP_WALK(btree, b, ctree); - TESTIP_WALK(ctree, c, dtree); - DP("%lu %lu", dtree->expires[d], jiffies); - return dtree->expires[d] - && (!map->timeout - \|\| time_after(dtree->expires[d], jiffies)); -} - -#define KADT_CONDITION - -UADT(iptree, test) -KADT(iptree, test, ipaddr) - -#define ADDIP_WALK(map, elem, branch, type, cachep) do { \ - if ((map)->tree[elem]) { \ - DP("found %u", elem); \ - branch = (map)->tree[elem]; \ - } else { \ - branch = (type ) \ - kmem_cache_alloc(cachep, GFP_ATOMIC); \ - if (branch == NULL) \ - return -ENOMEM; \ - memset(branch, 0, sizeof(branch)); \ - (map)->tree[elem] = branch; \ - DP("alloc %u", elem); \ - } \ -} while (0) - -static inline int -iptree_add(struct ip_set set, ip_set_ip_t ip, unsigned int timeout) -{ - struct ip_set_iptree map = set->data; - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned char a,b,c,d; - int ret = 0; - - if (!ip \|\| map->elements >= limit) - / We could call the garbage collector - * but it's probably overkill / - return -ERANGE; - - ABCD(a, b, c, d, &ip); - DP("%u %u %u %u timeout %u", a, b, c, d, timeout); - ADDIP_WALK(map, a, btree, struct ip_set_iptreeb, branch_cachep); - ADDIP_WALK(btree, b, ctree, struct ip_set_iptreec, branch_cachep); - ADDIP_WALK(ctree, c, dtree, struct ip_set_iptreed, leaf_cachep); - if (dtree->expires[d] - && (!map->timeout \|\| time_after(dtree->expires[d], jiffies))) - ret = -EEXIST; - if (map->timeout && timeout == 0) - timeout = map->timeout; - dtree->expires[d] = map->timeout ? (timeout HZ + jiffies) : 1; - /* Lottery: I won! / - if (dtree->expires[d] == 0) - dtree->expires[d] = 1; - DP("%u %lu", d, dtree->expires[d]); - if (ret == 0) - map->elements++; - return ret; -} - -UADT(iptree, add, req->timeout) -KADT(iptree, add, ipaddr, 0) - -#define DELIP_WALK(map, elem, branch) do { \ - if ((map)->tree[elem]) { \ - branch = (map)->tree[elem]; \ - } else \ - return -EEXIST; \ -} while (0) - -static inline int -iptree_del(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iptree map = set->data; - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned char a,b,c,d; - - if (!ip) - return -ERANGE; - - ABCD(a, b, c, d, &ip); - DELIP_WALK(map, a, btree); - DELIP_WALK(btree, b, ctree); - DELIP_WALK(ctree, c, dtree); - - if (dtree->expires[d]) { - dtree->expires[d] = 0; - map->elements--; - return 0; - } - return -EEXIST; -} - -UADT(iptree, del) -KADT(iptree, del, ipaddr) - -#define LOOP_WALK_BEGIN(map, i, branch) \ - for (i = 0; i < 256; i++) { \ - if (!(map)->tree[i]) \ - continue; \ - branch = (map)->tree[i] - -#define LOOP_WALK_END } - -static void -ip_tree_gc(unsigned long ul_set) -{ - struct ip_set set = (struct ip_set ) ul_set; - struct ip_set_iptree map = set->data; - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned int a,b,c,d; - unsigned char i,j,k; - - i = j = k = 0; - DP("gc: %s", set->name); - write_lock_bh(&set->lock); - LOOP_WALK_BEGIN(map, a, btree); - LOOP_WALK_BEGIN(btree, b, ctree); - LOOP_WALK_BEGIN(ctree, c, dtree); - for (d = 0; d < 256; d++) { - if (dtree->expires[d]) { - DP("gc: %u %u %u %u: expires %lu jiffies %lu", - a, b, c, d, - dtree->expires[d], jiffies); - if (map->timeout - && time_before(dtree->expires[d], jiffies)) { - dtree->expires[d] = 0; - map->elements--; - } else - k = 1; - } - } - if (k == 0) { - DP("gc: %s: leaf %u %u %u empty", - set->name, a, b, c); - kmem_cache_free(leaf_cachep, dtree); - ctree->tree[c] = NULL; - } else { - DP("gc: %s: leaf %u %u %u not empty", - set->name, a, b, c); - j = 1; - k = 0; - } - LOOP_WALK_END; - if (j == 0) { - DP("gc: %s: branch %u %u empty", - set->name, a, b); - kmem_cache_free(branch_cachep, ctree); - btree->tree[b] = NULL; - } else { - DP("gc: %s: branch %u %u not empty", - set->name, a, b); - i = 1; - j = k = 0; - } - LOOP_WALK_END; - if (i == 0) { - DP("gc: %s: branch %u empty", - set->name, a); - kmem_cache_free(branch_cachep, btree); - map->tree[a] = NULL; - } else { - DP("gc: %s: branch %u not empty", - set->name, a); - i = j = k = 0; - } - LOOP_WALK_END; - write_unlock_bh(&set->lock); - - map->gc.expires = jiffies + map->gc_interval * HZ; - add_timer(&map->gc); -} - -static inline void -init_gc_timer(struct ip_set set) -{ - struct ip_set_iptree map = set->data; - - /* Even if there is no timeout for the entries, - * we still have to call gc because delete - * do not clean up empty branches / - map->gc_interval = IPTREE_GC_TIME; - init_timer(&map->gc); - map->gc.data = (unsigned long) set; - map->gc.function = ip_tree_gc; - map->gc.expires = jiffies + map->gc_interval HZ; - add_timer(&map->gc); -} - -static int -iptree_create(struct ip_set set, const void data, u_int32_t size) -{ - const struct ip_set_req_iptree_create req = data; - struct ip_set_iptree map; - - if (size != sizeof(struct ip_set_req_iptree_create)) { - ip_set_printk("data length wrong (want %zu, have %lu)", - sizeof(struct ip_set_req_iptree_create), - (unsigned long)size); - return -EINVAL; - } - - map = kmalloc(sizeof(struct ip_set_iptree), GFP_KERNEL); - if (!map) { - DP("out of memory for %zu bytes", - sizeof(struct ip_set_iptree)); - return -ENOMEM; - } - memset(map, 0, sizeof(map)); - map->timeout = req->timeout; - map->elements = 0; - set->data = map; - - init_gc_timer(set); - - return 0; -} - -static inline void -__flush(struct ip_set_iptree map) -{ - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned int a,b,c; - - LOOP_WALK_BEGIN(map, a, btree); - LOOP_WALK_BEGIN(btree, b, ctree); - LOOP_WALK_BEGIN(ctree, c, dtree); - kmem_cache_free(leaf_cachep, dtree); - LOOP_WALK_END; - kmem_cache_free(branch_cachep, ctree); - LOOP_WALK_END; - kmem_cache_free(branch_cachep, btree); - LOOP_WALK_END; - map->elements = 0; -} - -static void -iptree_destroy(struct ip_set set) -{ - struct ip_set_iptree map = set->data; - - / gc might be running / - while (!del_timer(&map->gc)) - msleep(IPTREE_DESTROY_SLEEP); - __flush(map); - kfree(map); - set->data = NULL; -} - -static void -iptree_flush(struct ip_set set) -{ - struct ip_set_iptree map = set->data; - unsigned int timeout = map->timeout; - - / gc might be running / - while (!del_timer(&map->gc)) - msleep(IPTREE_DESTROY_SLEEP); - __flush(map); - memset(map, 0, sizeof(map)); - map->timeout = timeout; - - init_gc_timer(set); -} - -static void -iptree_list_header(const struct ip_set set, void data) -{ - const struct ip_set_iptree map = set->data; - struct ip_set_req_iptree_create header = data; - - header->timeout = map->timeout; -} - -static int -iptree_list_members_size(const struct ip_set set, char dont_align) -{ - const struct ip_set_iptree map = set->data; - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned int a,b,c,d; - unsigned int count = 0; - - LOOP_WALK_BEGIN(map, a, btree); - LOOP_WALK_BEGIN(btree, b, ctree); - LOOP_WALK_BEGIN(ctree, c, dtree); - for (d = 0; d < 256; d++) { - if (dtree->expires[d] - && (!map->timeout \|\| time_after(dtree->expires[d], jiffies))) - count++; - } - LOOP_WALK_END; - LOOP_WALK_END; - LOOP_WALK_END; - - DP("members %u", count); - return (count IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align)); -} - -static void -iptree_list_members(const struct ip_set set, void data, char dont_align) -{ - const struct ip_set_iptree map = set->data; - struct ip_set_iptreeb btree; - struct ip_set_iptreec ctree; - struct ip_set_iptreed dtree; - unsigned int a,b,c,d; - size_t offset = 0, datasize; - struct ip_set_req_iptree entry; - - datasize = IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); - LOOP_WALK_BEGIN(map, a, btree); - LOOP_WALK_BEGIN(btree, b, ctree); - LOOP_WALK_BEGIN(ctree, c, dtree); - for (d = 0; d < 256; d++) { - if (dtree->expires[d] - && (!map->timeout \|\| time_after(dtree->expires[d], jiffies))) { - entry = data + offset; - entry->ip = ((a << 24) \| (b << 16) \| (c << 8) \| d); - entry->timeout = !map->timeout ? 0 - : (dtree->expires[d] - jiffies)/HZ; - offset += datasize; - } - } - LOOP_WALK_END; - LOOP_WALK_END; - LOOP_WALK_END; -} - -IP_SET_TYPE(iptree, IPSET_TYPE_IP \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("iptree type of IP sets"); -module_param(limit, int, 0600); -MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); - -static int __init ip_set_iptree_init(void) -{ - int ret; - - branch_cachep = KMEM_CACHE_CREATE("ip_set_iptreeb", - sizeof(struct ip_set_iptreeb)); - if (!branch_cachep) { - printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n"); - ret = -ENOMEM; - goto out; - } - leaf_cachep = KMEM_CACHE_CREATE("ip_set_iptreed", - sizeof(struct ip_set_iptreed)); - if (!leaf_cachep) { - printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n"); - ret = -ENOMEM; - goto free_branch; - } - ret = ip_set_register_set_type(&ip_set_iptree); - if (ret == 0) - goto out; - - kmem_cache_destroy(leaf_cachep); - free_branch: - kmem_cache_destroy(branch_cachep); - out: - return ret; -} - -static void __exit ip_set_iptree_fini(void) -{ - / FIXME: possible race with ip_set_create() */ - ip_set_unregister_set_type(&ip_set_iptree); - kmem_cache_destroy(leaf_cachep); - kmem_cache_destroy(branch_cachep); -} - -module_init(ip_set_iptree_init); -module_exit(ip_set_iptree_fini);
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptree.h ^
@@ -1,39 +0,0 @@ -#ifndef __IP_SET_IPTREE_H -#define __IP_SET_IPTREE_H - -#include "ip_set.h" - -#define SETTYPE_NAME "iptree" - -struct ip_set_iptreed { - unsigned long expires[256]; /* x.x.x.ADDR / -}; - -struct ip_set_iptreec { - struct ip_set_iptreed tree[256]; /* x.x.ADDR.* / -}; - -struct ip_set_iptreeb { - struct ip_set_iptreec tree[256]; /* x.ADDR.. / -}; - -struct ip_set_iptree { - unsigned int timeout; - unsigned int gc_interval; -#ifdef __KERNEL__ - uint32_t elements; / number of elements / - struct timer_list gc; - struct ip_set_iptreeb tree[256]; /* ADDR...* / -#endif -}; - -struct ip_set_req_iptree_create { - unsigned int timeout; -}; - -struct ip_set_req_iptree { - ip_set_ip_t ip; - unsigned int timeout; -}; - -#endif / __IP_SET_IPTREE_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptreemap.c ^
@@ -1,699 +0,0 @@ -/* Copyright (C) 2007 Sven Wegener <sven.wegener@stealer.net> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 as published by - * the Free Software Foundation. - / - -/ This modules implements the iptreemap ipset type. It uses bitmaps to - * represent every single IPv4 address as a bit. The bitmaps are managed in a - * tree structure, where the first three octets of an address are used as an - * index to find the bitmap and the last octet is used as the bit number. - / - -#include <linux/kernel.h> -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/jiffies.h> -#include <linux/skbuff.h> -#include <linux/slab.h> -#include <linux/delay.h> -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/timer.h> - -#include "ip_set.h" -#include "ip_set_bitmaps.h" -#include "ip_set_iptreemap.h" - -#define IPTREEMAP_DEFAULT_GC_TIME (5 60) -#define IPTREEMAP_DESTROY_SLEEP (100) - -static __KMEM_CACHE_T__ cachep_b; -static __KMEM_CACHE_T__ cachep_c; -static __KMEM_CACHE_T__ cachep_d; - -static struct ip_set_iptreemap_d fullbitmap_d; -static struct ip_set_iptreemap_c fullbitmap_c; -static struct ip_set_iptreemap_b fullbitmap_b; - -#if defined(__LITTLE_ENDIAN) -#define ABCD(a, b, c, d, addr) \ - do { \ - a = ((unsigned char )addr)[3]; \ - b = ((unsigned char )addr)[2]; \ - c = ((unsigned char )addr)[1]; \ - d = ((unsigned char )addr)[0]; \ - } while (0) -#elif defined(__BIG_ENDIAN) -#define ABCD(a,b,c,d,addrp) do { \ - a = ((unsigned char )addrp)[0]; \ - b = ((unsigned char )addrp)[1]; \ - c = ((unsigned char )addrp)[2]; \ - d = ((unsigned char )addrp)[3]; \ -} while (0) -#else -#error "Please fix asm/byteorder.h" -#endif /* __LITTLE_ENDIAN / - -#define TESTIP_WALK(map, elem, branch, full) \ - do { \ - branch = (map)->tree[elem]; \ - if (!branch) \ - return 0; \ - else if (branch == full) \ - return 1; \ - } while (0) - -#define ADDIP_WALK(map, elem, branch, type, cachep, full) \ - do { \ - branch = (map)->tree[elem]; \ - if (!branch) { \ - branch = (type ) kmem_cache_alloc(cachep, GFP_ATOMIC); \ - if (!branch) \ - return -ENOMEM; \ - memset(branch, 0, sizeof(branch)); \ - (map)->tree[elem] = branch; \ - } else if (branch == full) { \ - return -EEXIST; \ - } \ - } while (0) - -#define ADDIP_RANGE_LOOP(map, a, a1, a2, hint, branch, full, cachep, free) \ - for (a = a1; a <= a2; a++) { \ - branch = (map)->tree[a]; \ - if (branch != full) { \ - if ((a > a1 && a < a2) \|\| (hint)) { \ - if (branch) \ - free(branch); \ - (map)->tree[a] = full; \ - continue; \ - } else if (!branch) { \ - branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \ - if (!branch) \ - return -ENOMEM; \ - memset(branch, 0, sizeof(branch)); \ - (map)->tree[a] = branch; \ - } - -#define ADDIP_RANGE_LOOP_END() \ - } \ - } - -#define DELIP_WALK(map, elem, branch, cachep, full) \ - do { \ - branch = (map)->tree[elem]; \ - if (!branch) { \ - return -EEXIST; \ - } else if (branch == full) { \ - branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \ - if (!branch) \ - return -ENOMEM; \ - memcpy(branch, full, sizeof(full)); \ - (map)->tree[elem] = branch; \ - } \ - } while (0) - -#define DELIP_RANGE_LOOP(map, a, a1, a2, hint, branch, full, cachep, free) \ - for (a = a1; a <= a2; a++) { \ - branch = (map)->tree[a]; \ - if (branch) { \ - if ((a > a1 && a < a2) \|\| (hint)) { \ - if (branch != full) \ - free(branch); \ - (map)->tree[a] = NULL; \ - continue; \ - } else if (branch == full) { \ - branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \ - if (!branch) \ - return -ENOMEM; \ - memcpy(branch, full, sizeof(branch)); \ - (map)->tree[a] = branch; \ - } - -#define DELIP_RANGE_LOOP_END() \ - } \ - } - -#define LOOP_WALK_BEGIN(map, i, branch) \ - for (i = 0; i < 256; i++) { \ - branch = (map)->tree[i]; \ - if (likely(!branch)) \ - continue; - -#define LOOP_WALK_END() \ - } - -#define LOOP_WALK_BEGIN_GC(map, i, branch, full, cachep, count) \ - count = -256; \ - for (i = 0; i < 256; i++) { \ - branch = (map)->tree[i]; \ - if (likely(!branch)) \ - continue; \ - count++; \ - if (branch == full) { \ - count++; \ - continue; \ - } - -#define LOOP_WALK_END_GC(map, i, branch, full, cachep, count) \ - if (-256 == count) { \ - kmem_cache_free(cachep, branch); \ - (map)->tree[i] = NULL; \ - } else if (256 == count) { \ - kmem_cache_free(cachep, branch); \ - (map)->tree[i] = full; \ - } \ - } - -#define LOOP_WALK_BEGIN_COUNT(map, i, branch, inrange, count) \ - for (i = 0; i < 256; i++) { \ - if (!(map)->tree[i]) { \ - if (inrange) { \ - count++; \ - inrange = 0; \ - } \ - continue; \ - } \ - branch = (map)->tree[i]; - -#define LOOP_WALK_END_COUNT() \ - } - -#define GETVALUE1(a, a1, b1, r) \ - (a == a1 ? b1 : r) - -#define GETVALUE2(a, b, a1, b1, c1, r) \ - (a == a1 && b == b1 ? c1 : r) - -#define GETVALUE3(a, b, c, a1, b1, c1, d1, r) \ - (a == a1 && b == b1 && c == c1 ? d1 : r) - -#define CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2) \ - ( \ - GETVALUE1(a, a1, b1, 0) == 0 \ - && GETVALUE1(a, a2, b2, 255) == 255 \ - && c1 == 0 \ - && c2 == 255 \ - && d1 == 0 \ - && d2 == 255 \ - ) - -#define CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2) \ - ( \ - GETVALUE2(a, b, a1, b1, c1, 0) == 0 \ - && GETVALUE2(a, b, a2, b2, c2, 255) == 255 \ - && d1 == 0 \ - && d2 == 255 \ - ) - -#define CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2) \ - ( \ - GETVALUE3(a, b, c, a1, b1, c1, d1, 0) == 0 \ - && GETVALUE3(a, b, c, a2, b2, c2, d2, 255) == 255 \ - ) - - -static inline void -free_d(struct ip_set_iptreemap_d map) -{ - kmem_cache_free(cachep_d, map); -} - -static inline void -free_c(struct ip_set_iptreemap_c map) -{ - struct ip_set_iptreemap_d dtree; - unsigned int i; - - LOOP_WALK_BEGIN(map, i, dtree) { - if (dtree != fullbitmap_d) - free_d(dtree); - } LOOP_WALK_END(); - - kmem_cache_free(cachep_c, map); -} - -static inline void -free_b(struct ip_set_iptreemap_b map) -{ - struct ip_set_iptreemap_c ctree; - unsigned int i; - - LOOP_WALK_BEGIN(map, i, ctree) { - if (ctree != fullbitmap_c) - free_c(ctree); - } LOOP_WALK_END(); - - kmem_cache_free(cachep_b, map); -} - -static inline int -iptreemap_test(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned char a, b, c, d; - - ABCD(a, b, c, d, &ip); - - TESTIP_WALK(map, a, btree, fullbitmap_b); - TESTIP_WALK(btree, b, ctree, fullbitmap_c); - TESTIP_WALK(ctree, c, dtree, fullbitmap_d); - - return !!test_bit(d, (void ) dtree->bitmap); -} - -#define KADT_CONDITION - -UADT(iptreemap, test) -KADT(iptreemap, test, ipaddr) - -static inline int -__addip_single(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iptreemap map = (struct ip_set_iptreemap ) set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned char a, b, c, d; - - ABCD(a, b, c, d, &ip); - - ADDIP_WALK(map, a, btree, struct ip_set_iptreemap_b, cachep_b, fullbitmap_b); - ADDIP_WALK(btree, b, ctree, struct ip_set_iptreemap_c, cachep_c, fullbitmap_c); - ADDIP_WALK(ctree, c, dtree, struct ip_set_iptreemap_d, cachep_d, fullbitmap_d); - - if (__test_and_set_bit(d, (void ) dtree->bitmap)) - return -EEXIST; - - __set_bit(b, (void ) btree->dirty); - - return 0; -} - -static inline int -iptreemap_add(struct ip_set set, ip_set_ip_t start, ip_set_ip_t end) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned int a, b, c, d; - unsigned char a1, b1, c1, d1; - unsigned char a2, b2, c2, d2; - - if (start == end) - return __addip_single(set, start); - - ABCD(a1, b1, c1, d1, &start); - ABCD(a2, b2, c2, d2, &end); - - /* This is sooo ugly... / - ADDIP_RANGE_LOOP(map, a, a1, a2, CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2), btree, fullbitmap_b, cachep_b, free_b) { - ADDIP_RANGE_LOOP(btree, b, GETVALUE1(a, a1, b1, 0), GETVALUE1(a, a2, b2, 255), CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2), ctree, fullbitmap_c, cachep_c, free_c) { - ADDIP_RANGE_LOOP(ctree, c, GETVALUE2(a, b, a1, b1, c1, 0), GETVALUE2(a, b, a2, b2, c2, 255), CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2), dtree, fullbitmap_d, cachep_d, free_d) { - for (d = GETVALUE3(a, b, c, a1, b1, c1, d1, 0); d <= GETVALUE3(a, b, c, a2, b2, c2, d2, 255); d++) - __set_bit(d, (void ) dtree->bitmap); - __set_bit(b, (void ) btree->dirty); - } ADDIP_RANGE_LOOP_END(); - } ADDIP_RANGE_LOOP_END(); - } ADDIP_RANGE_LOOP_END(); - - return 0; -} - -UADT0(iptreemap, add, min(req->ip, req->end), max(req->ip, req->end)) -KADT(iptreemap, add, ipaddr, ip) - -static inline int -__delip_single(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned char a,b,c,d; - - ABCD(a, b, c, d, &ip); - - DELIP_WALK(map, a, btree, cachep_b, fullbitmap_b); - DELIP_WALK(btree, b, ctree, cachep_c, fullbitmap_c); - DELIP_WALK(ctree, c, dtree, cachep_d, fullbitmap_d); - - if (!__test_and_clear_bit(d, (void ) dtree->bitmap)) - return -EEXIST; - - __set_bit(b, (void ) btree->dirty); - - return 0; -} - -static inline int -iptreemap_del(struct ip_set set, ip_set_ip_t start, ip_set_ip_t end) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned int a, b, c, d; - unsigned char a1, b1, c1, d1; - unsigned char a2, b2, c2, d2; - - if (start == end) - return __delip_single(set, start); - - ABCD(a1, b1, c1, d1, &start); - ABCD(a2, b2, c2, d2, &end); - - / This is sooo ugly... / - DELIP_RANGE_LOOP(map, a, a1, a2, CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2), btree, fullbitmap_b, cachep_b, free_b) { - DELIP_RANGE_LOOP(btree, b, GETVALUE1(a, a1, b1, 0), GETVALUE1(a, a2, b2, 255), CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2), ctree, fullbitmap_c, cachep_c, free_c) { - DELIP_RANGE_LOOP(ctree, c, GETVALUE2(a, b, a1, b1, c1, 0), GETVALUE2(a, b, a2, b2, c2, 255), CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2), dtree, fullbitmap_d, cachep_d, free_d) { - for (d = GETVALUE3(a, b, c, a1, b1, c1, d1, 0); d <= GETVALUE3(a, b, c, a2, b2, c2, d2, 255); d++) - __clear_bit(d, (void ) dtree->bitmap); - __set_bit(b, (void ) btree->dirty); - } DELIP_RANGE_LOOP_END(); - } DELIP_RANGE_LOOP_END(); - } DELIP_RANGE_LOOP_END(); - - return 0; -} - -UADT0(iptreemap, del, min(req->ip, req->end), max(req->ip, req->end)) -KADT(iptreemap, del, ipaddr, ip) - -/ Check the status of the bitmap - * -1 == all bits cleared - * 1 == all bits set - * 0 == anything else - / -static inline int -bitmap_status(struct ip_set_iptreemap_d dtree) -{ - unsigned char first = dtree->bitmap[0]; - int a; - - for (a = 1; a < 32; a++) - if (dtree->bitmap[a] != first) - return 0; - - return (first == 0 ? -1 : (first == 255 ? 1 : 0)); -} - -static void -gc(unsigned long addr) -{ - struct ip_set set = (struct ip_set ) addr; - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned int a, b, c; - int i, j, k; - - write_lock_bh(&set->lock); - - LOOP_WALK_BEGIN_GC(map, a, btree, fullbitmap_b, cachep_b, i) { - LOOP_WALK_BEGIN_GC(btree, b, ctree, fullbitmap_c, cachep_c, j) { - if (!__test_and_clear_bit(b, (void ) btree->dirty)) - continue; - LOOP_WALK_BEGIN_GC(ctree, c, dtree, fullbitmap_d, cachep_d, k) { - switch (bitmap_status(dtree)) { - case -1: - kmem_cache_free(cachep_d, dtree); - ctree->tree[c] = NULL; - k--; - break; - case 1: - kmem_cache_free(cachep_d, dtree); - ctree->tree[c] = fullbitmap_d; - k++; - break; - } - } LOOP_WALK_END(); - } LOOP_WALK_END_GC(btree, b, ctree, fullbitmap_c, cachep_c, k); - } LOOP_WALK_END_GC(map, a, btree, fullbitmap_b, cachep_b, j); - - write_unlock_bh(&set->lock); - - map->gc.expires = jiffies + map->gc_interval HZ; - add_timer(&map->gc); -} - -static inline void -init_gc_timer(struct ip_set set) -{ - struct ip_set_iptreemap map = set->data; - - init_timer(&map->gc); - map->gc.data = (unsigned long) set; - map->gc.function = gc; - map->gc.expires = jiffies + map->gc_interval * HZ; - add_timer(&map->gc); -} - -static int -iptreemap_create(struct ip_set set, const void data, u_int32_t size) -{ - const struct ip_set_req_iptreemap_create req = data; - struct ip_set_iptreemap map; - - map = kzalloc(sizeof(map), GFP_KERNEL); - if (!map) - return -ENOMEM; - - map->gc_interval = req->gc_interval ? req->gc_interval : IPTREEMAP_DEFAULT_GC_TIME; - set->data = map; - - init_gc_timer(set); - - return 0; -} - -static inline void -__flush(struct ip_set_iptreemap map) -{ - struct ip_set_iptreemap_b btree; - unsigned int a; - - LOOP_WALK_BEGIN(map, a, btree); - if (btree != fullbitmap_b) - free_b(btree); - LOOP_WALK_END(); -} - -static void -iptreemap_destroy(struct ip_set set) -{ - struct ip_set_iptreemap map = set->data; - - while (!del_timer(&map->gc)) - msleep(IPTREEMAP_DESTROY_SLEEP); - - __flush(map); - kfree(map); - - set->data = NULL; -} - -static void -iptreemap_flush(struct ip_set set) -{ - struct ip_set_iptreemap map = set->data; - unsigned int gc_interval = map->gc_interval; - - while (!del_timer(&map->gc)) - msleep(IPTREEMAP_DESTROY_SLEEP); - - __flush(map); - - memset(map, 0, sizeof(map)); - map->gc_interval = gc_interval; - - init_gc_timer(set); -} - -static void -iptreemap_list_header(const struct ip_set set, void data) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_req_iptreemap_create header = data; - - header->gc_interval = map->gc_interval; -} - -static int -iptreemap_list_members_size(const struct ip_set set, char dont_align) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned int a, b, c, d, inrange = 0, count = 0; - - LOOP_WALK_BEGIN_COUNT(map, a, btree, inrange, count) { - LOOP_WALK_BEGIN_COUNT(btree, b, ctree, inrange, count) { - LOOP_WALK_BEGIN_COUNT(ctree, c, dtree, inrange, count) { - for (d = 0; d < 256; d++) { - if (test_bit(d, (void ) dtree->bitmap)) { - inrange = 1; - } else if (inrange) { - count++; - inrange = 0; - } - } - } LOOP_WALK_END_COUNT(); - } LOOP_WALK_END_COUNT(); - } LOOP_WALK_END_COUNT(); - - if (inrange) - count++; - - return (count * IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align)); -} - -static inline void -add_member(void data, size_t offset, ip_set_ip_t start, ip_set_ip_t end) -{ - struct ip_set_req_iptreemap entry = data + offset; - - entry->ip = start; - entry->end = end; -} - -static void -iptreemap_list_members(const struct ip_set set, void data, char dont_align) -{ - struct ip_set_iptreemap map = set->data; - struct ip_set_iptreemap_b btree; - struct ip_set_iptreemap_c ctree; - struct ip_set_iptreemap_d dtree; - unsigned int a, b, c, d, inrange = 0; - size_t offset = 0, datasize; - ip_set_ip_t start = 0, end = 0, ip; - - datasize = IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align); - LOOP_WALK_BEGIN(map, a, btree) { - LOOP_WALK_BEGIN(btree, b, ctree) { - LOOP_WALK_BEGIN(ctree, c, dtree) { - for (d = 0; d < 256; d++) { - if (test_bit(d, (void ) dtree->bitmap)) { - ip = ((a << 24) \| (b << 16) \| (c << 8) \| d); - if (!inrange) { - inrange = 1; - start = ip; - } else if (end < ip - 1) { - add_member(data, offset, start, end); - offset += datasize; - start = ip; - } - end = ip; - } else if (inrange) { - add_member(data, offset, start, end); - offset += datasize; - inrange = 0; - } - } - } LOOP_WALK_END(); - } LOOP_WALK_END(); - } LOOP_WALK_END(); - - if (inrange) - add_member(data, offset, start, end); -} - -IP_SET_TYPE(iptreemap, IPSET_TYPE_IP \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Sven Wegener <sven.wegener@stealer.net>"); -MODULE_DESCRIPTION("iptreemap type of IP sets"); - -static int __init ip_set_iptreemap_init(void) -{ - int ret = -ENOMEM; - int a; - - cachep_b = KMEM_CACHE_CREATE("ip_set_iptreemap_b", - sizeof(struct ip_set_iptreemap_b)); - if (!cachep_b) { - ip_set_printk("Unable to create ip_set_iptreemap_b slab cache"); - goto out; - } - - cachep_c = KMEM_CACHE_CREATE("ip_set_iptreemap_c", - sizeof(struct ip_set_iptreemap_c)); - if (!cachep_c) { - ip_set_printk("Unable to create ip_set_iptreemap_c slab cache"); - goto outb; - } - - cachep_d = KMEM_CACHE_CREATE("ip_set_iptreemap_d", - sizeof(struct ip_set_iptreemap_d)); - if (!cachep_d) { - ip_set_printk("Unable to create ip_set_iptreemap_d slab cache"); - goto outc; - } - - fullbitmap_d = kmem_cache_alloc(cachep_d, GFP_KERNEL); - if (!fullbitmap_d) - goto outd; - - fullbitmap_c = kmem_cache_alloc(cachep_c, GFP_KERNEL); - if (!fullbitmap_c) - goto outbitmapd; - - fullbitmap_b = kmem_cache_alloc(cachep_b, GFP_KERNEL); - if (!fullbitmap_b) - goto outbitmapc; - - ret = ip_set_register_set_type(&ip_set_iptreemap); - if (0 > ret) - goto outbitmapb; - - / Now init our global bitmaps */ - memset(fullbitmap_d->bitmap, 0xff, sizeof(fullbitmap_d->bitmap)); - - for (a = 0; a < 256; a++) - fullbitmap_c->tree[a] = fullbitmap_d; - - for (a = 0; a < 256; a++) - fullbitmap_b->tree[a] = fullbitmap_c; - memset(fullbitmap_b->dirty, 0, sizeof(fullbitmap_b->dirty)); - - return 0; - -outbitmapb: - kmem_cache_free(cachep_b, fullbitmap_b); -outbitmapc: - kmem_cache_free(cachep_c, fullbitmap_c); -outbitmapd: - kmem_cache_free(cachep_d, fullbitmap_d); -outd: - kmem_cache_destroy(cachep_d); -outc: - kmem_cache_destroy(cachep_c); -outb: - kmem_cache_destroy(cachep_b); -out: - - return ret; -} - -static void __exit ip_set_iptreemap_fini(void) -{ - ip_set_unregister_set_type(&ip_set_iptreemap); - kmem_cache_free(cachep_d, fullbitmap_d); - kmem_cache_free(cachep_c, fullbitmap_c); - kmem_cache_free(cachep_b, fullbitmap_b); - kmem_cache_destroy(cachep_d); - kmem_cache_destroy(cachep_c); - kmem_cache_destroy(cachep_b); -} - -module_init(ip_set_iptreemap_init); -module_exit(ip_set_iptreemap_fini);
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_iptreemap.h ^
@@ -1,40 +0,0 @@ -#ifndef __IP_SET_IPTREEMAP_H -#define __IP_SET_IPTREEMAP_H - -#include "ip_set.h" - -#define SETTYPE_NAME "iptreemap" - -#ifdef __KERNEL__ -struct ip_set_iptreemap_d { - unsigned char bitmap[32]; /* x.x.x.y / -}; - -struct ip_set_iptreemap_c { - struct ip_set_iptreemap_d tree[256]; /* x.x.y.x / -}; - -struct ip_set_iptreemap_b { - struct ip_set_iptreemap_c tree[256]; /* x.y.x.x / - unsigned char dirty[32]; -}; -#endif - -struct ip_set_iptreemap { - unsigned int gc_interval; -#ifdef __KERNEL__ - struct timer_list gc; - struct ip_set_iptreemap_b tree[256]; /* y.x.x.x / -#endif -}; - -struct ip_set_req_iptreemap_create { - unsigned int gc_interval; -}; - -struct ip_set_req_iptreemap { - ip_set_ip_t ip; - ip_set_ip_t end; -}; - -#endif / __IP_SET_IPTREEMAP_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_jhash.h ^
@@ -1,157 +0,0 @@ -#ifndef _LINUX_JHASH_H -#define _LINUX_JHASH_H - -/* jhash.h: Jenkins hash support. - * - * Copyright (C) 2006. Bob Jenkins (bob_jenkins@burtleburtle.net) - * - * http://burtleburtle.net/bob/hash/ - * - * These are the credits from Bob's sources: - * - * lookup3.c, by Bob Jenkins, May 2006, Public Domain. - * - * These are functions for producing 32-bit hashes for hash table lookup. - * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() - * are externally useful functions. Routines to test the hash are included - * if SELF_TEST is defined. You can use this free for any purpose. It's in - * the public domain. It has no warranty. - * - * Copyright (C) 2009 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * I've modified Bob's hash to be useful in the Linux kernel, and - * any bugs present are my fault. Jozsef - / - -#define __rot(x,k) (((x)<<(k)) \| ((x)>>(32-(k)))) - -/ __jhash_mix - mix 3 32-bit values reversibly. / -#define __jhash_mix(a,b,c) \ -{ \ - a -= c; a ^= __rot(c, 4); c += b; \ - b -= a; b ^= __rot(a, 6); a += c; \ - c -= b; c ^= __rot(b, 8); b += a; \ - a -= c; a ^= __rot(c,16); c += b; \ - b -= a; b ^= __rot(a,19); a += c; \ - c -= b; c ^= __rot(b, 4); b += a; \ -} - -/ __jhash_final - final mixing of 3 32-bit values (a,b,c) into c / -#define __jhash_final(a,b,c) \ -{ \ - c ^= b; c -= __rot(b,14); \ - a ^= c; a -= __rot(c,11); \ - b ^= a; b -= __rot(a,25); \ - c ^= b; c -= __rot(b,16); \ - a ^= c; a -= __rot(c,4); \ - b ^= a; b -= __rot(a,14); \ - c ^= b; c -= __rot(b,24); \ -} - -/ The golden ration: an arbitrary value / -#define JHASH_GOLDEN_RATIO 0xdeadbeef - -/ The most generic version, hashes an arbitrary sequence - * of bytes. No alignment or length assumptions are made about - * the input key. The result depends on endianness. - / -static inline u32 jhash(const void key, u32 length, u32 initval) -{ - u32 a,b,c; - const u8 k = key; - - / Set up the internal state / - a = b = c = JHASH_GOLDEN_RATIO + length + initval; - - / all but the last block: affect some 32 bits of (a,b,c) / - while (length > 12) { - a += (k[0] + ((u32)k[1]<<8) + ((u32)k[2]<<16) + ((u32)k[3]<<24)); - b += (k[4] + ((u32)k[5]<<8) + ((u32)k[6]<<16) + ((u32)k[7]<<24)); - c += (k[8] + ((u32)k[9]<<8) + ((u32)k[10]<<16) + ((u32)k[11]<<24)); - __jhash_mix(a, b, c); - length -= 12; - k += 12; - } - - / last block: affect all 32 bits of (c) / - / all the case statements fall through / - switch (length) { - case 12: c += (u32)k[11]<<24; - case 11: c += (u32)k[10]<<16; - case 10: c += (u32)k[9]<<8; - case 9 : c += k[8]; - case 8 : b += (u32)k[7]<<24; - case 7 : b += (u32)k[6]<<16; - case 6 : b += (u32)k[5]<<8; - case 5 : b += k[4]; - case 4 : a += (u32)k[3]<<24; - case 3 : a += (u32)k[2]<<16; - case 2 : a += (u32)k[1]<<8; - case 1 : a += k[0]; - __jhash_final(a, b, c); - case 0 : - break; - } - - return c; -} - -/ A special optimized version that handles 1 or more of u32s. - * The length parameter here is the number of u32s in the key. - / -static inline u32 jhash2(const u32 k, u32 length, u32 initval) -{ - u32 a, b, c; - - /* Set up the internal state / - a = b = c = JHASH_GOLDEN_RATIO + (length<<2) + initval; - - / handle most of the key / - while (length > 3) { - a += k[0]; - b += k[1]; - c += k[2]; - __jhash_mix(a, b, c); - length -= 3; - k += 3; - } - - / handle the last 3 u32's / - / all the case statements fall through / - switch (length) { - case 3: c += k[2]; - case 2: b += k[1]; - case 1: a += k[0]; - __jhash_final(a, b, c); - case 0: / case 0: nothing left to add / - break; - } - - return c; -} - -/ A special ultra-optimized versions that knows they are hashing exactly - * 3, 2 or 1 word(s). - / -static inline u32 jhash_3words(u32 a, u32 b, u32 c, u32 initval) -{ - a += JHASH_GOLDEN_RATIO + initval; - b += JHASH_GOLDEN_RATIO + initval; - c += JHASH_GOLDEN_RATIO + initval; - - __jhash_final(a, b, c); - - return c; -} - -static inline u32 jhash_2words(u32 a, u32 b, u32 initval) -{ - return jhash_3words(0, a, b, initval); -} - -static inline u32 jhash_1word(u32 a, u32 initval) -{ - return jhash_3words(0, 0, a, initval); -} - -#endif / _LINUX_JHASH_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_macipmap.c ^
@@ -1,179 +0,0 @@ -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Martin Josefsson <gandalf@wlug.westbo.se> - * Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an IP set type: the macipmap type / - -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/if_ether.h> - -#include "ip_set_macipmap.h" - -static int -macipmap_utest(struct ip_set set, const void data, u_int32_t size) -{ - const struct ip_set_macipmap map = set->data; - const struct ip_set_macip table = map->members; - const struct ip_set_req_macipmap req = data; - - if (req->ip < map->first_ip \|\| req->ip > map->last_ip) - return -ERANGE; - - DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(req->ip)); - if (table[req->ip - map->first_ip].match) { - return (memcmp(req->ethernet, - &table[req->ip - map->first_ip].ethernet, - ETH_ALEN) == 0); - } else { - return (map->flags & IPSET_MACIP_MATCHUNSET ? 1 : 0); - } -} - -static int -macipmap_ktest(struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags) -{ - const struct ip_set_macipmap map = set->data; - const struct ip_set_macip table = map->members; - ip_set_ip_t ip; - - ip = ipaddr(skb, flags); - - if (ip < map->first_ip \|\| ip > map->last_ip) - return 0; - - DP("set: %s, ip:%u.%u.%u.%u", set->name, HIPQUAD(ip)); - if (table[ip - map->first_ip].match) { - / Is mac pointer valid? - * If so, compare... / - return (skb_mac_header(skb) >= skb->head - && (skb_mac_header(skb) + ETH_HLEN) <= skb->data - && (memcmp(eth_hdr(skb)->h_source, - &table[ip - map->first_ip].ethernet, - ETH_ALEN) == 0)); - } else { - return (map->flags & IPSET_MACIP_MATCHUNSET ? 1 : 0); - } -} - -/ returns 0 on success / -static inline int -macipmap_add(struct ip_set set, - ip_set_ip_t ip, const unsigned char ethernet) -{ - struct ip_set_macipmap map = set->data; - struct ip_set_macip table = map->members; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - if (table[ip - map->first_ip].match) - return -EEXIST; - - DP("set: %s, ip: %u.%u.%u.%u", set->name, HIPQUAD(ip)); - memcpy(&table[ip - map->first_ip].ethernet, ethernet, ETH_ALEN); - table[ip - map->first_ip].match = IPSET_MACIP_ISSET; - return 0; -} - -#define KADT_CONDITION \ - if (!(skb_mac_header(skb) >= skb->head \ - && (skb_mac_header(skb) + ETH_HLEN) <= skb->data))\ - return -EINVAL; - -UADT(macipmap, add, req->ethernet) -KADT(macipmap, add, ipaddr, eth_hdr(skb)->h_source) - -static inline int -macipmap_del(struct ip_set set, ip_set_ip_t ip) -{ - struct ip_set_macipmap map = set->data; - struct ip_set_macip table = map->members; - - if (ip < map->first_ip \|\| ip > map->last_ip) - return -ERANGE; - if (!table[ip - map->first_ip].match) - return -EEXIST; - - table[ip - map->first_ip].match = 0; - DP("set: %s, ip: %u.%u.%u.%u", set->name, HIPQUAD(ip)); - return 0; -} - -#undef KADT_CONDITION -#define KADT_CONDITION - -UADT(macipmap, del) -KADT(macipmap, del, ipaddr) - -static inline int -__macipmap_create(const struct ip_set_req_macipmap_create req, - struct ip_set_macipmap map) -{ - if (req->to - req->from > MAX_RANGE) { - ip_set_printk("range too big, %d elements (max %d)", - req->to - req->from + 1, MAX_RANGE+1); - return -ENOEXEC; - } - map->flags = req->flags; - return (req->to - req->from + 1) * sizeof(struct ip_set_macip); -} - -BITMAP_CREATE(macipmap) -BITMAP_DESTROY(macipmap) -BITMAP_FLUSH(macipmap) - -static inline void -__macipmap_list_header(const struct ip_set_macipmap map, - struct ip_set_req_macipmap_create header) -{ - header->flags = map->flags; -} - -BITMAP_LIST_HEADER(macipmap) -BITMAP_LIST_MEMBERS_SIZE(macipmap, struct ip_set_req_macipmap, - (map->last_ip - map->first_ip + 1), - ((const struct ip_set_macip )map->members)[i].match) - - -static void -macipmap_list_members(const struct ip_set set, void data, char dont_align) -{ - const struct ip_set_macipmap map = set->data; - const struct ip_set_macip table = map->members; - uint32_t i, n = 0; - struct ip_set_req_macipmap d; - - if (dont_align) { - memcpy(data, map->members, map->size); - return; - } - - for (i = 0; i < map->last_ip - map->first_ip + 1; i++) - if (table[i].match) { - d = data + n * IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - d->ip = map->first_ip + i; - memcpy(d->ethernet, &table[i].ethernet, ETH_ALEN); - n++; - } -} - -IP_SET_TYPE(macipmap, IPSET_TYPE_IP \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("macipmap type of IP sets"); - -REGISTER_MODULE(macipmap)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_macipmap.h ^
@@ -1,39 +0,0 @@ -#ifndef __IP_SET_MACIPMAP_H -#define __IP_SET_MACIPMAP_H - -#include "ip_set.h" -#include "ip_set_bitmaps.h" - -#define SETTYPE_NAME "macipmap" - -/* general flags / -#define IPSET_MACIP_MATCHUNSET 1 - -/ per ip flags / -#define IPSET_MACIP_ISSET 1 - -struct ip_set_macipmap { - void members; /* the macipmap proper / - ip_set_ip_t first_ip; / host byte order, included in range / - ip_set_ip_t last_ip; / host byte order, included in range / - u_int32_t flags; - u_int32_t size; / size of the ipmap proper / -}; - -struct ip_set_req_macipmap_create { - ip_set_ip_t from; - ip_set_ip_t to; - u_int32_t flags; -}; - -struct ip_set_req_macipmap { - ip_set_ip_t ip; - unsigned char ethernet[ETH_ALEN]; -}; - -struct ip_set_macip { - unsigned short match; - unsigned char ethernet[ETH_ALEN]; -}; - -#endif / __IP_SET_MACIPMAP_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_malloc.h ^
@@ -1,153 +0,0 @@ -#ifndef _IP_SET_MALLOC_H -#define _IP_SET_MALLOC_H - -#ifdef __KERNEL__ -#include <linux/vmalloc.h> - -static size_t max_malloc_size = 0, max_page_size = 0; -static size_t default_max_malloc_size = 131072; /* Guaranteed: slab.c / - -static inline int init_max_page_size(void) -{ -/ Compatibility glues to support 2.4.36 / -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#define __GFP_NOWARN 0 - - / Guaranteed: slab.c / - max_malloc_size = max_page_size = default_max_malloc_size; -#else - size_t page_size = 0; - -#define CACHE(x) if (max_page_size == 0 \|\| x < max_page_size) \ - page_size = x; -#include <linux/kmalloc_sizes.h> -#undef CACHE - if (page_size) { - if (max_malloc_size == 0) - max_malloc_size = page_size; - - max_page_size = page_size; - - return 1; - } -#endif - return 0; -} - -struct harray { - size_t max_elements; - void arrays[0]; -}; - -static inline void * -__harray_malloc(size_t hashsize, size_t typesize, gfp_t flags) -{ - struct harray harray; - size_t max_elements, size, i, j; - - BUG_ON(max_page_size == 0); - - if (typesize > max_page_size) - return NULL; - - max_elements = max_page_size/typesize; - size = hashsize/max_elements; - if (hashsize % max_elements) - size++; - - / Last pointer signals end of arrays / - harray = kmalloc(sizeof(struct harray) + (size + 1) sizeof(void ), - flags); - - if (!harray) - return NULL; - - for (i = 0; i < size - 1; i++) { - harray->arrays[i] = kmalloc(max_elements typesize, flags); - if (!harray->arrays[i]) - goto undo; - memset(harray->arrays[i], 0, max_elements * typesize); - } - harray->arrays[i] = kmalloc((hashsize - i * max_elements) * typesize, - flags); - if (!harray->arrays[i]) - goto undo; - memset(harray->arrays[i], 0, (hashsize - i * max_elements) * typesize); - - harray->max_elements = max_elements; - harray->arrays[size] = NULL; - - return (void )harray; - - undo: - for (j = 0; j < i; j++) { - kfree(harray->arrays[j]); - } - kfree(harray); - return NULL; -} - -static inline void -harray_malloc(size_t hashsize, size_t typesize, gfp_t flags) -{ - void harray; - - do { - harray = __harray_malloc(hashsize, typesize, flags\|__GFP_NOWARN); - } while (harray == NULL && init_max_page_size()); - - return harray; -} - -static inline void harray_free(void h) -{ - struct harray harray = (struct harray ) h; - size_t i; - - for (i = 0; harray->arrays[i] != NULL; i++) - kfree(harray->arrays[i]); - kfree(harray); -} - -static inline void harray_flush(void h, size_t hashsize, size_t typesize) -{ - struct harray harray = (struct harray ) h; - size_t i; - - for (i = 0; harray->arrays[i+1] != NULL; i++) - memset(harray->arrays[i], 0, harray->max_elements typesize); - memset(harray->arrays[i], 0, - (hashsize - i * harray->max_elements) * typesize); -} - -#define HARRAY_ELEM(h, type, which) \ -({ \ - struct harray __h = (struct harray )(h); \ - ((type)((__h)->arrays[(which)/(__h)->max_elements]) \ - + (which)%(__h)->max_elements); \ -}) - -/* General memory allocation and deallocation / -static inline void ip_set_malloc(size_t bytes) -{ - BUG_ON(max_malloc_size == 0); - - if (bytes > default_max_malloc_size) - return vmalloc(bytes); - else - return kmalloc(bytes, GFP_KERNEL \| __GFP_NOWARN); -} - -static inline void ip_set_free(void * data, size_t bytes) -{ - BUG_ON(max_malloc_size == 0); - - if (bytes > default_max_malloc_size) - vfree(data); - else - kfree(data); -} - -#endif /* __KERNEL__ / - -#endif /_IP_SET_MALLOC_H*/
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_nethash.c ^
@@ -1,218 +0,0 @@ -/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing a cidr nethash set / - -#include <linux/module.h> -#include <linux/moduleparam.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include "ip_set_jhash.h" -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> -#include <linux/random.h> - -#include <net/ip.h> - -#include "ip_set_nethash.h" - -static int limit = MAX_RANGE; - -static inline __u32 -nethash_id_cidr(const struct ip_set_nethash map, - ip_set_ip_t ip, - uint8_t cidr) -{ - __u32 id; - u_int16_t i; - ip_set_ip_t elem; - - ip = pack_ip_cidr(ip, cidr); - if (!ip) - return MAX_RANGE; - - for (i = 0; i < map->probes; i++) { - id = jhash_ip(map, i, ip) % map->hashsize; - DP("hash key: %u", id); - elem = HARRAY_ELEM(map->members, ip_set_ip_t , id); - if (elem == ip) - return id; - / No shortcut - there can be deleted entries. / - } - return UINT_MAX; -} - -static inline __u32 -nethash_id(struct ip_set set, ip_set_ip_t ip) -{ - const struct ip_set_nethash map = set->data; - __u32 id = UINT_MAX; - int i; - - for (i = 0; i < 30 && map->cidr[i]; i++) { - id = nethash_id_cidr(map, ip, map->cidr[i]); - if (id != UINT_MAX) - break; - } - return id; -} - -static inline int -nethash_test_cidr(struct ip_set set, ip_set_ip_t ip, uint8_t cidr) -{ - const struct ip_set_nethash map = set->data; - - return (nethash_id_cidr(map, ip, cidr) != UINT_MAX); -} - -static inline int -nethash_test(struct ip_set set, ip_set_ip_t ip) -{ - return (nethash_id(set, ip) != UINT_MAX); -} - -static int -nethash_utest(struct ip_set set, const void data, u_int32_t size) -{ - const struct ip_set_req_nethash req = data; - - if (req->cidr <= 0 \|\| req->cidr > 32) - return -EINVAL; - return (req->cidr == 32 ? nethash_test(set, req->ip) - : nethash_test_cidr(set, req->ip, req->cidr)); -} - -#define KADT_CONDITION - -KADT(nethash, test, ipaddr) - -static inline int -__nethash_add(struct ip_set_nethash map, ip_set_ip_t ip) -{ - __u32 probe; - u_int16_t i; - ip_set_ip_t elem, slot = NULL; - - for (i = 0; i < map->probes; i++) { - probe = jhash_ip(map, i, ip) % map->hashsize; - elem = HARRAY_ELEM(map->members, ip_set_ip_t , probe); - if (elem == ip) - return -EEXIST; - if (!(slot \|\| elem)) - slot = elem; - /* There can be deleted entries, must check all slots / - } - if (slot) { - slot = ip; - map->elements++; - return 0; - } - / Trigger rehashing / - return -EAGAIN; -} - -static inline int -nethash_add(struct ip_set set, ip_set_ip_t ip, uint8_t cidr) -{ - struct ip_set_nethash map = set->data; - int ret; - - if (map->elements >= limit \|\| map->nets[cidr-1] == UINT16_MAX) - return -ERANGE; - if (cidr <= 0 \|\| cidr >= 32) - return -EINVAL; - - ip = pack_ip_cidr(ip, cidr); - if (!ip) - return -ERANGE; - - ret = __nethash_add(map, &ip); - if (ret == 0) { - if (!map->nets[cidr-1]++) - add_cidr_size(map->cidr, cidr); - } - - return ret; -} - -#undef KADT_CONDITION -#define KADT_CONDITION \ - struct ip_set_nethash map = set->data; \ - uint8_t cidr = map->cidr[0] ? map->cidr[0] : 31; - -UADT(nethash, add, req->cidr) -KADT(nethash, add, ipaddr, cidr) - -static inline void -__nethash_retry(struct ip_set_nethash tmp, struct ip_set_nethash map) -{ - memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr)); - memcpy(tmp->nets, map->nets, sizeof(tmp->nets)); -} - -HASH_RETRY(nethash, ip_set_ip_t) - -static inline int -nethash_del(struct ip_set set, ip_set_ip_t ip, uint8_t cidr) -{ - struct ip_set_nethash map = set->data; - ip_set_ip_t id, elem; - - if (cidr <= 0 \|\| cidr >= 32) - return -EINVAL; - - id = nethash_id_cidr(map, ip, cidr); - if (id == UINT_MAX) - return -EEXIST; - - elem = HARRAY_ELEM(map->members, ip_set_ip_t , id); - elem = 0; - map->elements--; - if (!map->nets[cidr-1]--) - del_cidr_size(map->cidr, cidr); - return 0; -} - -UADT(nethash, del, req->cidr) -KADT(nethash, del, ipaddr, cidr) - -static inline int -__nethash_create(const struct ip_set_req_nethash_create req, - struct ip_set_nethash map) -{ - memset(map->cidr, 0, sizeof(map->cidr)); - memset(map->nets, 0, sizeof(map->nets)); - - return 0; -} - -HASH_CREATE(nethash, ip_set_ip_t) -HASH_DESTROY(nethash) - -HASH_FLUSH_CIDR(nethash, ip_set_ip_t) - -static inline void -__nethash_list_header(const struct ip_set_nethash map, - struct ip_set_req_nethash_create *header) -{ -} - -HASH_LIST_HEADER(nethash) -HASH_LIST_MEMBERS_SIZE(nethash, ip_set_ip_t) -HASH_LIST_MEMBERS(nethash, ip_set_ip_t) - -IP_SET_RTYPE(nethash, IPSET_TYPE_IP \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("nethash type of IP sets"); -module_param(limit, int, 0600); -MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); - -REGISTER_MODULE(nethash)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_nethash.h ^
@@ -1,31 +0,0 @@ -#ifndef __IP_SET_NETHASH_H -#define __IP_SET_NETHASH_H - -#include "ip_set.h" -#include "ip_set_hashes.h" - -#define SETTYPE_NAME "nethash" - -struct ip_set_nethash { - ip_set_ip_t members; / the nethash proper / - uint32_t elements; / number of elements / - uint32_t hashsize; / hash size / - uint16_t probes; / max number of probes / - uint16_t resize; / resize factor in percent / - uint8_t cidr[30]; / CIDR sizes / - uint16_t nets[30]; / nr of nets by CIDR sizes / - initval_t initval[0]; / initvals for jhash_1word / -}; - -struct ip_set_req_nethash_create { - uint32_t hashsize; - uint16_t probes; - uint16_t resize; -}; - -struct ip_set_req_nethash { - ip_set_ip_t ip; - uint8_t cidr; -}; - -#endif / __IP_SET_NETHASH_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_portmap.c ^
@@ -1,130 +0,0 @@ -/* Copyright (C) 2003-2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing a port set type as a bitmap / - -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/tcp.h> -#include <linux/udp.h> -#include <linux/skbuff.h> -#include <linux/errno.h> -#include <asm/uaccess.h> -#include <asm/bitops.h> -#include <linux/spinlock.h> - -#include <net/ip.h> - -#include "ip_set_portmap.h" -#include "ip_set_getport.h" - -static inline int -portmap_test(const struct ip_set set, ip_set_ip_t port) -{ - const struct ip_set_portmap map = set->data; - - if (port < map->first_ip \|\| port > map->last_ip) - return -ERANGE; - - DP("set: %s, port: %u", set->name, port); - return !!test_bit(port - map->first_ip, map->members); -} - -#define KADT_CONDITION \ - if (ip == INVALID_PORT) \ - return 0; - -UADT(portmap, test) -KADT(portmap, test, get_port) - -static inline int -portmap_add(struct ip_set set, ip_set_ip_t port) -{ - struct ip_set_portmap map = set->data; - - if (port < map->first_ip \|\| port > map->last_ip) - return -ERANGE; - if (test_and_set_bit(port - map->first_ip, map->members)) - return -EEXIST; - - DP("set: %s, port %u", set->name, port); - return 0; -} - -UADT(portmap, add) -KADT(portmap, add, get_port) - -static inline int -portmap_del(struct ip_set set, ip_set_ip_t port) -{ - struct ip_set_portmap map = set->data; - - if (port < map->first_ip \|\| port > map->last_ip) - return -ERANGE; - if (!test_and_clear_bit(port - map->first_ip, map->members)) - return -EEXIST; - - DP("set: %s, port %u", set->name, port); - return 0; -} - -UADT(portmap, del) -KADT(portmap, del, get_port) - -static inline int -__portmap_create(const struct ip_set_req_portmap_create req, - struct ip_set_portmap map) -{ - if (req->to - req->from > MAX_RANGE) { - ip_set_printk("range too big, %d elements (max %d)", - req->to - req->from + 1, MAX_RANGE+1); - return -ENOEXEC; - } - return bitmap_bytes(req->from, req->to); -} - -BITMAP_CREATE(portmap) -BITMAP_DESTROY(portmap) -BITMAP_FLUSH(portmap) - -static inline void -__portmap_list_header(const struct ip_set_portmap map, - struct ip_set_req_portmap_create header) -{ -} - -BITMAP_LIST_HEADER(portmap) -BITMAP_LIST_MEMBERS_SIZE(portmap, ip_set_ip_t, (map->last_ip - map->first_ip + 1), - test_bit(i, map->members)) - -static void -portmap_list_members(const struct ip_set set, void data, char dont_align) -{ - const struct ip_set_portmap map = set->data; - uint32_t i, n = 0; - ip_set_ip_t d; - - if (dont_align) { - memcpy(data, map->members, map->size); - return; - } - - for (i = 0; i < map->last_ip - map->first_ip + 1; i++) - if (test_bit(i, map->members)) { - d = data + n IPSET_ALIGN(sizeof(ip_set_ip_t)); - *d = map->first_ip + i; - n++; - } -} - -IP_SET_TYPE(portmap, IPSET_TYPE_PORT \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("portmap type of IP sets"); - -REGISTER_MODULE(portmap)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_portmap.h ^
@@ -1,25 +0,0 @@ -#ifndef __IP_SET_PORTMAP_H -#define __IP_SET_PORTMAP_H - -#include "ip_set.h" -#include "ip_set_bitmaps.h" - -#define SETTYPE_NAME "portmap" - -struct ip_set_portmap { - void members; / the portmap proper / - ip_set_ip_t first_ip; / host byte order, included in range / - ip_set_ip_t last_ip; / host byte order, included in range / - u_int32_t size; / size of the ipmap proper / -}; - -struct ip_set_req_portmap_create { - ip_set_ip_t from; - ip_set_ip_t to; -}; - -struct ip_set_req_portmap { - ip_set_ip_t ip; -}; - -#endif / __IP_SET_PORTMAP_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_setlist.c ^
@@ -1,324 +0,0 @@ -/* Copyright (C) 2008 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module implementing an IP set type: the setlist type / - -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include <linux/errno.h> - -#include "ip_set.h" -#include "ip_set_bitmaps.h" -#include "ip_set_setlist.h" - -/ - * before ==> index, ref - * after ==> ref, index - / - -static inline int -next_index_eq(const struct ip_set_setlist map, int i, ip_set_id_t index) -{ - return i < map->size && map->index[i] == index; -} - -static int -setlist_utest(struct ip_set set, const void data, u_int32_t size) -{ - const struct ip_set_setlist map = set->data; - const struct ip_set_req_setlist req = data; - ip_set_id_t index, ref = IP_SET_INVALID_ID; - int i, res = 0; - struct ip_set s; - - if (req->before && req->ref[0] == '\0') - return 0; - - index = __ip_set_get_byname(req->name, &s); - if (index == IP_SET_INVALID_ID) - return 0; - if (req->ref[0] != '\0') { - ref = __ip_set_get_byname(req->ref, &s); - if (ref == IP_SET_INVALID_ID) - goto finish; - } - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID; i++) { - if (req->before && map->index[i] == index) { - res = next_index_eq(map, i + 1, ref); - break; - } else if (!req->before) { - if ((ref == IP_SET_INVALID_ID - && map->index[i] == index) - \|\| (map->index[i] == ref - && next_index_eq(map, i + 1, index))) { - res = 1; - break; - } - } - } - if (ref != IP_SET_INVALID_ID) - __ip_set_put_byindex(ref); -finish: - __ip_set_put_byindex(index); - return res; -} - -static int -setlist_ktest(struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags) -{ - struct ip_set_setlist map = set->data; - int i, res = 0; - - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID - && res == 0; i++) - res = ip_set_testip_kernel(map->index[i], skb, flags); - return res; -} - -static inline int -insert_setlist(struct ip_set_setlist map, int i, ip_set_id_t index) -{ - ip_set_id_t tmp; - int j; - - DP("i: %u, last %u\n", i, map->index[map->size - 1]); - if (i >= map->size \|\| map->index[map->size - 1] != IP_SET_INVALID_ID) - return -ERANGE; - - for (j = i; j < map->size - && index != IP_SET_INVALID_ID; j++) { - tmp = map->index[j]; - map->index[j] = index; - index = tmp; - } - return 0; -} - -static int -setlist_uadd(struct ip_set set, const void data, u_int32_t size) -{ - struct ip_set_setlist map = set->data; - const struct ip_set_req_setlist req = data; - ip_set_id_t index, ref = IP_SET_INVALID_ID; - int i, res = -ERANGE; - struct ip_set s; - - if (req->before && req->ref[0] == '\0') - return -EINVAL; - - index = __ip_set_get_byname(req->name, &s); - if (index == IP_SET_INVALID_ID) - return -EEXIST; - / "Loop detection" / - if (strcmp(s->type->typename, "setlist") == 0) - goto finish; - - if (req->ref[0] != '\0') { - ref = __ip_set_get_byname(req->ref, &s); - if (ref == IP_SET_INVALID_ID) { - res = -EEXIST; - goto finish; - } - } - for (i = 0; i < map->size; i++) { - if (map->index[i] != ref) - continue; - if (req->before) - res = insert_setlist(map, i, index); - else - res = insert_setlist(map, - ref == IP_SET_INVALID_ID ? i : i + 1, - index); - break; - } - if (ref != IP_SET_INVALID_ID) - __ip_set_put_byindex(ref); - / In case of success, we keep the reference to the set / -finish: - if (res != 0) - __ip_set_put_byindex(index); - return res; -} - -static int -setlist_kadd(struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags) -{ - struct ip_set_setlist map = set->data; - int i, res = -EINVAL; - - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID - && res != 0; i++) - res = ip_set_addip_kernel(map->index[i], skb, flags); - return res; -} - -static inline int -unshift_setlist(struct ip_set_setlist map, int i) -{ - int j; - - for (j = i; j < map->size - 1; j++) - map->index[j] = map->index[j+1]; - map->index[map->size-1] = IP_SET_INVALID_ID; - return 0; -} - -static int -setlist_udel(struct ip_set set, const void data, u_int32_t size) -{ - struct ip_set_setlist map = set->data; - const struct ip_set_req_setlist req = data; - ip_set_id_t index, ref = IP_SET_INVALID_ID; - int i, res = -EEXIST; - struct ip_set s; - - if (req->before && req->ref[0] == '\0') - return -EINVAL; - - index = __ip_set_get_byname(req->name, &s); - if (index == IP_SET_INVALID_ID) - return -EEXIST; - if (req->ref[0] != '\0') { - ref = __ip_set_get_byname(req->ref, &s); - if (ref == IP_SET_INVALID_ID) - goto finish; - } - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID; i++) { - if (req->before) { - if (map->index[i] == index - && next_index_eq(map, i + 1, ref)) { - res = unshift_setlist(map, i); - break; - } - } else if (ref == IP_SET_INVALID_ID) { - if (map->index[i] == index) { - res = unshift_setlist(map, i); - break; - } - } else if (map->index[i] == ref - && next_index_eq(map, i + 1, index)) { - res = unshift_setlist(map, i + 1); - break; - } - } - if (ref != IP_SET_INVALID_ID) - __ip_set_put_byindex(ref); -finish: - __ip_set_put_byindex(index); - / In case of success, release the reference to the set / - if (res == 0) - __ip_set_put_byindex(index); - return res; -} - -static int -setlist_kdel(struct ip_set set, - const struct sk_buff skb, - const u_int32_t flags) -{ - struct ip_set_setlist map = set->data; - int i, res = -EINVAL; - - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID - && res != 0; i++) - res = ip_set_delip_kernel(map->index[i], skb, flags); - return res; -} - -static int -setlist_create(struct ip_set set, const void data, u_int32_t size) -{ - struct ip_set_setlist map; - const struct ip_set_req_setlist_create req = data; - int i; - - map = kmalloc(sizeof(struct ip_set_setlist) + - req->size sizeof(ip_set_id_t), GFP_KERNEL); - if (!map) - return -ENOMEM; - map->size = req->size; - for (i = 0; i < map->size; i++) - map->index[i] = IP_SET_INVALID_ID; - - set->data = map; - return 0; -} - -static void -setlist_destroy(struct ip_set set) -{ - struct ip_set_setlist map = set->data; - int i; - - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID; i++) - __ip_set_put_byindex(map->index[i]); - - kfree(map); - set->data = NULL; -} - -static void -setlist_flush(struct ip_set set) -{ - struct ip_set_setlist map = set->data; - int i; - - for (i = 0; i < map->size - && map->index[i] != IP_SET_INVALID_ID; i++) { - __ip_set_put_byindex(map->index[i]); - map->index[i] = IP_SET_INVALID_ID; - } -} - -static void -setlist_list_header(const struct ip_set set, void data) -{ - const struct ip_set_setlist map = set->data; - struct ip_set_req_setlist_create header = data; - - header->size = map->size; -} - -static int -setlist_list_members_size(const struct ip_set set, char dont_align) -{ - const struct ip_set_setlist map = set->data; - - return map->size * IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); -} - -static void -setlist_list_members(const struct ip_set set, void data, char dont_align) -{ - struct ip_set_setlist map = set->data; - ip_set_id_t d; - int i; - - for (i = 0; i < map->size; i++) { - d = data + i * IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); - *d = ip_set_id(map->index[i]); - } -} - -IP_SET_TYPE(setlist, IPSET_TYPE_SETNAME \| IPSET_DATA_SINGLE) - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("setlist type of IP sets"); - -REGISTER_MODULE(setlist)
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ip_set_setlist.h ^
@@ -1,26 +0,0 @@ -#ifndef __IP_SET_SETLIST_H -#define __IP_SET_SETLIST_H - -#include "ip_set.h" - -#define SETTYPE_NAME "setlist" - -#define IP_SET_SETLIST_ADD_AFTER 0 -#define IP_SET_SETLIST_ADD_BEFORE 1 - -struct ip_set_setlist { - uint8_t size; - ip_set_id_t index[0]; -}; - -struct ip_set_req_setlist_create { - uint8_t size; -}; - -struct ip_set_req_setlist { - char name[IP_SET_MAXNAMELEN]; - char ref[IP_SET_MAXNAMELEN]; - uint8_t before; -}; - -#endif /* __IP_SET_SETLIST_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset.8 ^
@@ -1,541 +0,0 @@ -.TH IPSET 8 "Feb 05, 2004" "" "" -.\" -.\" Man page written by Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> -.\" -.\" This program is free software; you can redistribute it and/or modify -.\" it under the terms of the GNU General Public License as published by -.\" the Free Software Foundation; either version 2 of the License, or -.\" (at your option) any later version. -.\" -.\" This program is distributed in the hope that it will be useful, -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.\" GNU General Public License for more details. -.\" -.\" You should have received a copy of the GNU General Public License -.\" along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" -.SH NAME -ipset \(em administration tool for IP sets -.SH SYNOPSIS -.PP -\fBipset \-N\fP \fIset\fP \fItype-specification\fP [\fIoptions\fP...] -.PP -\fBipset\fP {\fB\-F\fP\|\fB\-H\fP\|\fB\-L\fP\|\fB\-S\fP\|\fB\-X\fP} [\fIset\fP] -[\fIoptions\fP...] -.PP -\fBipset\fP {\fB\-E\fP\|\fB\-W\fP} \fIfrom-set\fP \fIto-set\fP -.PP -\fBipset\fP {\fB\-A\fP\|\fB\-D\fP\|\fB\-T\fP} \fIset\fP \fIentry\fP -.PP -\fBipset \-R\fP -.PP -\fBipset\fP {\fB-V\fP\|\fB\-v\fP} -.SH DESCRIPTION -.B ipset -is used to set up, maintain and inspect so called IP sets in the Linux -kernel. Depending on the type, an IP set may store IP addresses, (TCP/UDP) -port numbers or additional informations besides IP addresses: the word IP -means a general term here. See the set type definitions below. -.P -Iptables matches and targets referring to sets creates references, which -protects the given sets in the kernel. A set cannot be removed (destroyed) -while there is a single reference pointing to it. -.SH OPTIONS -The options that are recognized by -.B ipset -can be divided into several different groups. -.SS COMMANDS -These options specify the specific action to perform. Only one of them -can be specified on the command line unless otherwise specified -below. For all the long versions of the command and option names, you -need to use only enough letters to ensure that -.B ipset -can differentiate it from all other options. -.TP -\fB\-N\fP, \fB\-\-create\fP \fIsetname\fP \fItype\fP \fItype-specific-options\fP -Create a set identified with setname and specified type. -Type-specific options must be supplied. -.TP -\fB\-X\fP, \fB\-\-destroy\fP [\fIsetname\fP] -Destroy the specified set or all the sets if none is given. - -If the set has got references, nothing is done. -.TP -\fB\-F\fP, \fB\-\-flush\fP [\fIsetname\fP] -Delete all entries from the specified set or flush -all sets if none is given. -.TP -\fB\-E\fP, \fB\-\-rename\fP \fIfrom-setname\fP \fIto-setname\fP -Rename a set. Set identified by to-setname must not exist. -.TP -\fB\-W\fP, \fB\-\-swap\fP \fIfrom-setname\fP \fIto-setname\fP -Swap the content of two sets, or in another words, -exchange the name of two sets. The referred sets must exist and -identical type of sets can be swapped only. -.TP -\fB\-L\fP, \fB\-\-list\fP [\fIsetname\fP] -List the entries for the specified set, or for -all sets if none is given. The -\fB\-r\fP/\fB\-\-resolve\fP -option can be used to force name lookups (which may be slow). When the -\fB\-s\fP/\fB\-\-sorted\fP -option is given, the entries are listed sorted (if the given set -type supports the operation). -.TP -\fB\-S\fP, \fB\-\-save\fP [\fIsetname\fP] -Save the given set, or all sets if none is given -to stdout in a format that \fB\-\-restore\fP can read. -.TP -\fB\-R\fP, \fB\-\-restore\fP -Restore a saved session generated by \fB\-\-save\fP. The saved session -can be fed from stdin. - -When generating a session file please note that the supported commands -(create set and add element) must appear in a strict order: first create -the set, then add all elements. Then create the next set, add all its elements -and so on. Also, it is a restore operation, so the sets being restored must -not exist. -.TP -\fB\-A\fP, \fB\-\-add\fP \fIsetname\fP \fIentry\fP -Add an entry to a set. -.TP -\fB\-D\fP, \fB\-\-del\fP \fIsetname\fP \fIentry\fP -Delete an entry from a set. -.TP -\fB-T\fP, \fB\-\-test\fP \fIsetname\fP \fIentry\fP -Test wether an entry is in a set or not. Exit status number is zero -if the tested entry is in the set and nonzero if it is missing from -the set. -.TP -\fB\-H\fP, \fB\-\-help\fP [\fIsettype\fP] -Print help and settype specific help if settype specified. -.TP -\fB\-V\fP, \fB\-v\fP, \fB\-\-version\fP -Print program version and protocol version. -.P -.SS "OTHER OPTIONS" -The following additional options can be specified: -.TP -\fB\-r\fP, \fB\-\-resolve\fP -When listing sets, enforce name lookup. The -program will try to display the IP entries resolved to -host names or services (whenever applicable), which can trigger -.B -slow -DNS -lookups. -.TP -\fB\-s\fP, \fB\-\-sorted\fP -Sorted output. When listing sets, entries are listed sorted. -.TP -\fB\-n\fP, \fB\-\-numeric\fP -Numeric output. When listing sets, IP addresses and -port numbers will be printed in numeric format. This is the default. -.TP -\fB\-q\fP, \fB\-\-quiet\fP -Suppress any output to stdout and stderr. ipset will still return -possible errors. -.SH SET TYPES -ipset supports the following set types: -.SS ipmap -The ipmap set type uses a memory range, where each bit represents -one IP address. An ipmap set can store up to 65536 (B-class network) -IP addresses. The ipmap set type is very fast and memory cheap, great -for use when one want to match certain IPs in a range. If the optional -\fB\-\-netmask\fP -parameter is specified with a CIDR netmask value between 1-31 then -network addresses are stored in the given set: i.e an -IP address will be in the set if the network address, which is resulted -by masking the address with the specified netmask, can be found in the set. -.P -Options to use when creating an ipmap set: -.TP -\fB\-\-from\fP \fIfrom-addr\fP -.TP -\fB\-\-to\fP \fIto-addr\fP -Create an ipmap set from the specified address range. -.TP -\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP -Create an ipmap set from the specified network. -.TP -\fB\-\-netmask\fP \fIprefixlen\fP -When the optional -\fB\-\-netmask\fP -parameter specified, network addresses will be -stored in the set instead of IP addresses, and the \fIfrom-addr\fP parameter -must be a network address. The \fIprefixlen\fP value must be between 1-31. -.PP -Example: -.IP -ipset \-N test ipmap \-\-network 192.168.0.0/16 -.SS macipmap -The macipmap set type uses a memory range, where each 8 bytes -represents one IP and a MAC addresses. A macipmap set type can store -up to 65536 (B-class network) IP addresses with MAC. -When adding an entry to a macipmap set, you must specify the entry as -"\fIaddress\fP\fB,\fP\fImac\fP". -When deleting or testing macipmap entries, the -"\fB,\fP\fImac\fP" -part is not mandatory. -.P -Options to use when creating an macipmap set: -.TP -\fB\-\-from\fP \fIfrom-addr\fP -.TP -\fB\-\-to\fP \fIto-addr\fP -Create a macipmap set from the specified address range. -.TP -\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP -Create a macipmap set from the specified network. -.TP -\fB\-\-matchunset\fP -When the optional -\fB\-\-matchunset\fP -parameter specified, IP addresses which could be stored -in the set but not set yet, will always match. -.P -Please note, the -"set" -and -"SET" -netfilter kernel modules -.B -always -use the source MAC address from the packet to match, add or delete -entries from a macipmap type of set. -.SS portmap -The portmap set type uses a memory range, where each bit represents -one port. A portmap set type can store up to 65536 ports. -The portmap set type is very fast and memory cheap. -.P -Options to use when creating an portmap set: -.TP -\fB\-\-from\fP \fIfrom-port\fP -.TP -\fB\-\-to\fP \fIto-port\fP -Create a portmap set from the specified port range. -.SS iphash -The iphash set type uses a hash to store IP addresses. -In order to avoid clashes in the hash double-hashing, and as a last -resort, dynamic growing of the hash performed. The iphash set type is -great to store random addresses. If the optional -\fB\-\-netmask\fP -parameter is specified with a CIDR prefix length value between 1-31 then -network addresses are stored in the given set: i.e an -IP address will be in the set if the network address, which is resulted -by masking the address with the specified netmask, can be found in the set. -.P -Options to use when creating an iphash set: -.TP -\fB\-\-hashsize\fP \fIhashsize\fP -The initial hash size (default 1024) -.TP -\fB\-\-probes\fP \fIprobes\fP -How many times try to resolve clashing at adding an IP to the hash -by double-hashing (default 8). -.TP -\fB\-\-resize\fP \fIpercent\fP -Increase the hash size by this many percent (default 50) when adding -an IP to the hash could not be performed after -\fIprobes\fP -number of double-hashing. -.TP -\fB\-\-netmask\fP \fIprefixlen\fP -When the optional -\fB\-\-netmask\fP -parameter specified, network addresses will be -stored in the set instead of IP addresses. The \fIprefixlen\fP value must -be between 1-31. -.P -The iphash type of sets can store up to 65536 entries. If a set is full, -no new entries can be added to it. -.P -Sets created by zero valued resize parameter won't be resized at all. -The lookup time in an iphash type of set grows approximately linearly with -the value of the -\fIprobes\fP -parameter. In general higher -\fIprobes\fP -value results better utilized hash while smaller value -produces larger, sparser hash. -.PP -Example: -.IP -ipset \-N test iphash \-\-probes 2 -.SS nethash -The nethash set type uses a hash to store different size of -network addresses. The -.I -entry -used in the ipset commands must be in the form -"\fIaddress\fP\fB/\fP\fIprefixlen\fP" -where prefixlen must be in the inclusive range of 1-31. -In order to avoid clashes in the hash -double-hashing, and as a last resort, dynamic growing of the hash performed. -.P -Options to use when creating an nethash set: -.TP -\fB\-\-hashsize\fP \fIhashsize\fP -The initial hash size (default 1024) -.TP -\fB\-\-probes\fP \fIprobes\fP -How many times try to resolve clashing at adding an IP to the hash -by double-hashing (default 4). -.TP -\fB\-\-resize\fP \fIpercent\fP -Increase the hash size by this many percent (default 50) when adding -an IP to the hash could not be performed after -.P -The nethash type of sets can store up to 65536 entries. If a set is full, -no new entries can be added to it. -.P -An IP address will be in a nethash type of set if it belongs to any of the -netblocks added to the set. The matching always start from the smallest -size of netblock (most specific netmask) to the largest ones (least -specific netmasks). When adding/deleting IP addresses -to a nethash set by the -"SET" -netfilter kernel module, it will be added/deleted by the smallest -netblock size which can be found in the set, or by /31 if the set is empty. -.P -The lookup time in a nethash type of set grows approximately linearly -with the times of the -\fIprobes\fP -parameter and the number of different mask parameters in the hash. -Otherwise the same speed and memory efficiency comments applies here -as at the iphash type. -.SS ipporthash -The ipporthash set type uses a hash to store IP address and port pairs. -In order to avoid clashes in the hash double-hashing, and as a last -resort, dynamic growing of the hash performed. An ipporthash set can -store up to 65536 (B-class network) IP addresses with all possible port -values. When adding, deleting and testing values in an ipporthash type of -set, the entries must be specified as -"\fIaddress\fP\fB,\fP\fIport\fP". -.P -The ipporthash types of sets evaluates two src/dst parameters of the -"set" -match and -"SET" -target. -.P -Options to use when creating an ipporthash set: -.TP -\fB\-\-from\fP \fIfrom-addr\fP -.TP -\fB\-\-to\fP \fIto-addr\fP -Create an ipporthash set from the specified address range. -.TP -\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP -Create an ipporthash set from the specified network. -.TP -\fB\-\-hashsize\fP \fIhashsize\fP -The initial hash size (default 1024) -.TP -\fB\-\-probes\fP \fIprobes\fP -How many times try to resolve clashing at adding an IP to the hash -by double-hashing (default 8). -.TP -\fB\-\-resize\fP \fIpercent\fP -Increase the hash size by this many percent (default 50) when adding -an IP to the hash could not be performed after -\fIprobes\fP -number of double-hashing. -.P -The same resizing, speed and memory efficiency comments applies here -as at the iphash type. -.SS ipportiphash -The ipportiphash set type uses a hash to store IP address,port and IP -address triples. The first IP address must come form a maximum /16 -sized network or range while the port number and the second IP address -parameters are arbitrary. When adding, deleting and testing values in an -ipportiphash type of set, the entries must be specified as -"\fIaddress\fP\fB,\fP\fIport\fP\fB,\fP\fIaddress\fP". -.P -The ipportiphash types of sets evaluates three src/dst parameters of the -"set" -match and -"SET" -target. -.P -Options to use when creating an ipportiphash set: -.TP -\fB\-\-from\fP \fIfrom-addr\fP -.TP -\fB\-\-to\fP \fIto-addr\fP -Create an ipportiphash set from the specified address range. -.TP -\fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP -Create an ipportiphash set from the specified network. -.TP -\fB\-\-hashsize\fP \fIhashsize\fP -The initial hash size (default 1024) -.TP -\fB\-\-probes\fP \fIprobes\fP -How many times try to resolve clashing at adding an IP to the hash -by double-hashing (default 8). -.TP -\fB\-\-resize\fP \fIpercent\fP -Increase the hash size by this many percent (default 50) when adding -an IP to the hash could not be performed after -\fIprobes\fP -number of double-hashing. -.P -The same resizing, speed and memory efficiency comments applies here -as at the iphash type. -.SS ipportnethash -The ipportnethash set type uses a hash to store IP address, port, and -network address triples. The IP address must come form a maximum /16 -sized network or range while the port number and the network address -parameters are arbitrary, but the size of the network address must be -between /1-/31. When adding, deleting -and testing values in an ipportnethash type of set, the entries must be -specified as -"\fIaddress\fP\fB,\fP\fIport\fP\fB,\fP\fIaddress\fP\fB/\fP\fIprefixlen\fP". -.P -The ipportnethash types of sets evaluates three src/dst parameters of the -"set" -match and -"SET" -target. -.P -Options to use when creating an ipportnethash set: -.TP -\fB\-\-from\fP \fIfrom-address\fP -.TP -\fB\-\-to\fP \fIto-address\fP -Create an ipporthash set from the specified range. -.TP -\fB\-\-network\fP \fIaddress\fP\fB/\fP\fImask\fP -Create an ipporthash set from the specified network. -.TP -\fB\-\-hashsize\fP \fIhashsize\fP -The initial hash size (default 1024) -.TP -\fB\-\-probes\fP \fIprobes\fP -How many times try to resolve clashing at adding an IP to the hash -by double-hashing (default 8). -.TP -\fB\-\-resize\fP \fIpercent\fP -Increase the hash size by this many percent (default 50) when adding -an IP to the hash could not be performed after -\fIprobes\fP -number of double-hashing. -.P -The same resizing, speed and memory efficiency comments applies here -as at the iphash type. -.SS iptree -The iptree set type uses a tree to store IP addresses, optionally -with timeout values. -.P -Options to use when creating an iptree set: -.TP -\fB\-\-timeout\fP \fIvalue\fP -The timeout value for the entries in seconds (default 0) -.P -If a set was created with a nonzero valued -\fB\-\-timeout\fP -parameter then one may add IP addresses to the set with a specific -timeout value using the syntax -"\fIaddress\fP\fB,\fP\fItimeout-value\fP". -Similarly to the hash types, the iptree type of sets can store up to 65536 -entries. -.SS iptreemap -The iptreemap set type uses a tree to store IP addresses or networks, -where the last octet of an IP address are stored in a bitmap. -As input entry, you can add IP addresses, CIDR blocks or network ranges -to the set. Network ranges can be specified in the format -"\fIaddress1\fP\fB-\fP\fIaddress2\fP". -.P -Options to use when creating an iptreemap set: -.TP -\fB\-\-gc\fP \fIvalue\fP -How often the garbage collection should be called, in seconds (default 300) -.SS setlist -The setlist type uses a simple list in which you can store sets. By the -ipset -command you can add, delete and test sets in a setlist type of set. -You can specify the sets as -"\fIsetname\fP[\fB,\fP{\fBafter\fP\|\fBbefore\fP},\fIsetname\fP]". -By default new sets are added after (appended to) the existing -elements. Setlist type of sets cannot be added to a setlist type of set. -.P -Options to use when creating a setlist type of set: -.TP -\fB\-\-size\fP \fIsize\fP -Create a setlist type of set with the given size (default 8). -.PP -By the -"set" -match or -"SET" -target of -\fBiptables\fP(8) -you can test, add or delete entries in the sets. The match -will try to find a matching IP address/port in the sets and -the target will try to add the IP address/port to the first set -to which it can be added. The number of src,dst options of -the match and target are important: sets which eats more src,dst -parameters than specified are skipped, while sets with equal -or less parameters are checked, elements added. For example -if -.I -a -and -.I -b -are setlist type of sets then in the command -.IP -iptables \-m set \-\-match\-set a src,dst \-j SET \-\-add-set b src,dst -.PP -the match and target will skip any set in -.I a -and -.I b -which stores -data triples, but will check all sets with single or double -data storage in -.I a -set and add src to the first single or src,dst to the first double -data storage set in -\fIb\fP. -You can imagine a setlist type of set as an ordered union of -the set elements. -.P -Please note: by the ipset command you can add, delete and -.B test -the setnames in a setlist type of set, and not the presence of -a set's member (such as an IP address). -.SH GENERAL RESTRICTIONS -Setnames starting with colon (:) cannot be defined. Zero valued set -entries cannot be used with hash type of sets. -.SH COMMENTS -If you want to store same size subnets from a given network -(say /24 blocks from a /8 network), use the ipmap set type. -If you want to store random same size networks (say random /24 blocks), -use the iphash set type. If you have got random size of netblocks, -use nethash. -.P -Old separator tokens (':' and '%") are still accepted. -.P -Binding support is removed. -.SH DIAGNOSTICS -Various error messages are printed to standard error. The exit code -is 0 for correct functioning. Errors which appear to be caused by -invalid or abused command line parameters cause an exit code of 2, and -other errors cause an exit code of 1. -.SH BUGS -Bugs? No, just funny features. :-) -OK, just kidding... -.SH SEE ALSO -.BR iptables (8), -.SH AUTHORS -Jozsef Kadlecsik wrote ipset, which is based on ippool by -Joakim Axelsson, Patrick Schaaf and Martin Josefsson. -.P -Sven Wegener wrote the iptreemap type. -.SH LAST REMARK -.BR "I stand on the shoulders of giants."
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset.c ^
@@ -1,2056 +0,0 @@ -/* Copyright 2000-2002 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Copyright 2003-2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -#include <stdio.h> / printf, perror, sscanf, fdopen / -#include <string.h> /* mem, str / -#include <errno.h> / errno, perror / -#include <time.h> / time, ctime / -#include <netdb.h> / gethostby, getnetby, getservby* / -#include <stdlib.h> / exit, malloc, free, strtol, getenv, mkstemp / -#include <unistd.h> / read, close, fork, exec, unlink / -#include <sys/types.h> /* open, wait, socket, sockopt, umask / -#include <sys/stat.h> /* open, umask / -#include <sys/wait.h> / wait / -#include <sys/socket.h> / socket, sockopt, gethostby, inet_* / -#include <netinet/in.h> / inet_* / -#include <fcntl.h> / open / -#include <arpa/inet.h> / htonl, inet_* / -#include <stdarg.h> / va_* / -#include <dlfcn.h> / dlopen / - -#include "ipset.h" - -#ifndef PROC_SYS_MODPROBE -#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" -#endif - -#define IPSET_VERSION "4.5" - -char program_name[] = "ipset"; -char program_version[] = IPSET_VERSION; -static int protocol_version = 0; - -#define STREQ(a,b) (strncmp(a,b,IP_SET_MAXNAMELEN) == 0) -#define DONT_ALIGN (protocol_version == IP_SET_PROTOCOL_UNALIGNED) -#define ALIGNED(len) IPSET_VALIGN(len, DONT_ALIGN) - -/ The list of loaded set types / -static struct settype all_settypes = NULL; - -/* Array of sets / -struct set set_list = NULL; -ip_set_id_t max_sets = 0; - -/ Suppress output to stdout and stderr? / -static int option_quiet = 0; - -/ Data for restore mode / -static int restore = 0; -void restore_data = NULL; -struct ip_set_restore restore_set = NULL; -size_t restore_offset = 0; -socklen_t restore_size; -unsigned restore_line = 0; -unsigned warn_once = 0; - -#define TEMPFILE_PATTERN "/ipsetXXXXXX" - -#ifdef IPSET_DEBUG -int option_debug = 0; -#endif - -#define OPTION_OFFSET 256 -static unsigned int global_option_offset = 0; - -/ Most of these command parsing functions are borrowed from iptables.c / - -static const char cmdflags[] = { ' ', / CMD_NONE / - 'N', 'X', 'F', 'E', 'W', 'L', 'S', 'R', - 'A', 'D', 'T', 'H', 'V', -}; - -/ Options / -#define OPT_NONE 0x0000U -#define OPT_NUMERIC 0x0001U / -n / -#define OPT_SORTED 0x0002U / -s / -#define OPT_QUIET 0x0004U / -q / -#define OPT_DEBUG 0x0008U / -z / -#define OPT_RESOLVE 0x0020U / -r / -#define NUMBER_OF_OPT 5 -static const char optflags[] = - { 'n', 's', 'q', 'z', 'r' }; - -static struct option opts_long[] = { - / set operations / - {"create", 1, 0, 'N'}, - {"destroy", 2, 0, 'X'}, - {"flush", 2, 0, 'F'}, - {"rename", 1, 0, 'E'}, - {"swap", 1, 0, 'W'}, - {"list", 2, 0, 'L'}, - - {"save", 2, 0, 'S'}, - {"restore", 0, 0, 'R'}, - - / ip in set operations / - {"add", 1, 0, 'A'}, - {"del", 1, 0, 'D'}, - {"test", 1, 0, 'T'}, - - / free options / - {"numeric", 0, 0, 'n'}, - {"sorted", 0, 0, 's'}, - {"quiet", 0, 0, 'q'}, - {"resolve", 0, 0, 'r'}, - -#ifdef IPSET_DEBUG - / debug (if compiled with it) / - {"debug", 0, 0, 'z'}, -#endif - - / version and help / - {"version", 0, 0, 'V'}, - {"help", 2, 0, 'H'}, - - / end / - {NULL}, -}; - -static char opts_short[] = - "-N:X::F::E:W:L::S::RA:D:T:nrsqzvVh::H::"; - -/ Table of legal combinations of commands and options. If any of the - * given commands make an option legal, that option is legal. - * Key: - * + compulsory - * x illegal - * optional - / - -static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = { - / -n -s -q -z -r / - /CREATE/ {'x', 'x', ' ', ' ', 'x'}, - /DESTROY/ {'x', 'x', ' ', ' ', 'x'}, - /FLUSH/ {'x', 'x', ' ', ' ', 'x'}, - /RENAME/ {'x', 'x', ' ', ' ', 'x'}, - /SWAP/ {'x', 'x', ' ', ' ', 'x'}, - /LIST/ {' ', ' ', 'x', ' ', ' '}, - /SAVE/ {'x', 'x', ' ', ' ', 'x'}, - /RESTORE/ {'x', 'x', ' ', ' ', 'x'}, - /ADD/ {'x', 'x', ' ', ' ', 'x'}, - /DEL/ {'x', 'x', ' ', ' ', 'x'}, - /TEST/ {'x', 'x', ' ', ' ', 'x'}, - /HELP/ {'x', 'x', 'x', ' ', 'x'}, - /VERSION/ {'x', 'x', 'x', ' ', 'x'}, -}; - -/ Main parser function / -int parse_commandline(int argc, char argv[]); - -static void exit_tryhelp(int status) -{ - fprintf(stderr, - "Try `%s -H' or '%s --help' for more information.\n", - program_name, program_name); - exit(status); -} - -void exit_error(int status, const char msg, ...) -{ - if (!option_quiet) { - va_list args; - - va_start(args, msg); - fprintf(stderr, "%s v%s: ", program_name, program_version); - vfprintf(stderr, msg, args); - va_end(args); - fprintf(stderr, "\n"); - if (restore_line) - fprintf(stderr, "Restore failed at line %u:\n", restore_line); - if (status == PARAMETER_PROBLEM) - exit_tryhelp(status); - if (status == VERSION_PROBLEM) - fprintf(stderr, - "Perhaps %s or your kernel needs to be upgraded.\n", - program_name); - } - - exit(status); -} - -static void ipset_printf(const char msg, ...) -{ - if (!option_quiet) { - va_list args; - - va_start(args, msg); - vfprintf(stdout, msg, args); - va_end(args); - fprintf(stdout, "\n"); - } -} - -static void generic_opt_check(int command, unsigned int options) -{ - int i, j, legal = 0; - - /* Check that commands are valid with options. Complicated by the - * fact that if an option is legal with any command given, it is - * legal overall (ie. -z and -l). - / - for (i = 0; i < NUMBER_OF_OPT; i++) { - legal = 0; / -1 => illegal, 1 => legal, 0 => undecided. / - - for (j = 1; j <= NUMBER_OF_CMD; j++) { - if (command != j) - continue; - - if (!(options & (1 << i))) { - if (commands_v_options[j-1][i] == '+') - exit_error(PARAMETER_PROBLEM, - "You need to supply the `-%c' " - "option for this command\n", - optflags[i]); - } else { - if (commands_v_options[j-1][i] != 'x') - legal = 1; - else if (legal == 0) - legal = -1; - } - } - if (legal == -1) - exit_error(PARAMETER_PROBLEM, - "Illegal option `-%c' with this command\n", - optflags[i]); - } -} - -static char opt2char(unsigned int option) -{ - const char ptr; - for (ptr = optflags; option > 1; option >>= 1, ptr++); - - return ptr; -} - -static char cmd2char(int cmd) -{ - if (cmd <= CMD_NONE \|\| cmd > NUMBER_OF_CMD) - return ' '; - - return cmdflags[cmd]; -} - -/ From iptables.c ... / -static char get_modprobe(void) -{ - int procfile; - char ret; - -#define PROCFILE_BUFSIZ 1024 - procfile = open(PROC_SYS_MODPROBE, O_RDONLY); - if (procfile < 0) - return NULL; - - ret = (char ) malloc(PROCFILE_BUFSIZ); - if (ret) { - memset(ret, 0, PROCFILE_BUFSIZ); - switch (read(procfile, ret, PROCFILE_BUFSIZ)) { - case -1: goto fail; - case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd / - default: ; / nothing / - } - if (ret[strlen(ret)-1]=='\n') - ret[strlen(ret)-1]=0; - close(procfile); - return ret; - } - fail: - free(ret); - close(procfile); - return NULL; -} - -static int ipset_insmod(const char modname, const char modprobe) -{ - char buf = NULL; - char argv[3]; - struct stat junk; - int status; - - if (!stat(modprobe, &junk)) { - / Try to read out of the kernel / - buf = get_modprobe(); - if (!buf) - return -1; - modprobe = buf; - } - - switch (fork()) { - case 0: - argv[0] = (char ) modprobe; - argv[1] = (char ) modname; - argv[2] = NULL; - execv(argv[0], argv); - - / Should not reach / - exit(1); - case -1: - return -1; - - default: / parent / - wait(&status); - } - - free(buf); - - if (WIFEXITED(status) && WEXITSTATUS(status) == 0) - return 0; - return -1; -} - -static int kernel_getsocket(void) -{ - int sockfd = -1; - - sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); - if (sockfd < 0) - exit_error(OTHER_PROBLEM, - "You need to be root to perform this command."); - - return sockfd; -} - -static void kernel_error(unsigned cmd, int err) -{ - unsigned int i; - struct translate_error { - int err; - unsigned cmd; - const char message; - } table[] = - { /* Generic error codes / - { EPERM, 0, "Missing capability" }, - { EBADF, 0, "Invalid socket option" }, - { EINVAL, 0, "Size mismatch for expected socket data" }, - { ENOMEM, 0, "Not enough memory" }, - { EFAULT, 0, "Failed to copy data" }, - { EPROTO, 0, "ipset kernel/userspace version mismatch" }, - { EBADMSG, 0, "Unknown command" }, - / Per command error codes / - / Reserved ones for add/del/test to handle internally: - * EEXIST - / - { ENOENT, CMD_CREATE, "Unknown set type" }, - { ENOENT, 0, "Unknown set" }, - { EAGAIN, 0, "Sets are busy, try again later" }, - { ERANGE, CMD_CREATE, "No free slot remained to add a new set" }, - { ERANGE, 0, "IP/port/element is outside of the set or set is full" }, - { ENOEXEC, CMD_CREATE, "Invalid parameters to create a set" }, - { ENOEXEC, CMD_SWAP, "Sets with different types cannot be swapped" }, - { EEXIST, CMD_CREATE, "Set already exists" }, - { EEXIST, CMD_RENAME, "Set with new name already exists" }, - { EEXIST, 0, "Set specified as element does not exist" }, - { EBUSY, 0, "Set is in use, operation not permitted" }, - }; - for (i = 0; i < sizeof(table)/sizeof(struct translate_error); i++) { - if ((table[i].cmd == cmd \|\| table[i].cmd == 0) - && table[i].err == err) - exit_error(err == EPROTO ? VERSION_PROBLEM - : OTHER_PROBLEM, - table[i].message); - } - exit_error(OTHER_PROBLEM, "Error from kernel: %s", strerror(err)); -} - -static inline int wrapped_getsockopt(void data, socklen_t size) -{ - int res; - int sockfd = kernel_getsocket(); - - / Send! / - res = getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size); - if (res != 0 - && errno == ENOPROTOOPT - && ipset_insmod("ip_set", "/sbin/modprobe") == 0) - res = getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size); - DP("res=%d errno=%d", res, errno); - - return res; -} - -static inline int wrapped_setsockopt(void data, socklen_t size) -{ - int res; - int sockfd = kernel_getsocket(); - - /* Send! / - res = setsockopt(sockfd, SOL_IP, SO_IP_SET, data, size); - if (res != 0 - && errno == ENOPROTOOPT - && ipset_insmod("ip_set", "/sbin/modprobe") == 0) - res = setsockopt(sockfd, SOL_IP, SO_IP_SET, data, size); - DP("res=%d errno=%d", res, errno); - - return res; -} - -static void kernel_getfrom(unsigned cmd, void data, socklen_t * size) -{ - int res = wrapped_getsockopt(data, size); - - if (res != 0) - kernel_error(cmd, errno); -} - -static int kernel_sendto_handleerrno(unsigned cmd, - void data, socklen_t size) -{ - int res = wrapped_setsockopt(data, size); - - if (res != 0) { - if (errno == EEXIST) - return -1; - else - kernel_error(cmd, errno); - } - - return 0; / all ok / -} - -static void kernel_sendto(unsigned cmd, void data, size_t size) -{ - int res = wrapped_setsockopt(data, size); - - if (res != 0) - kernel_error(cmd, errno); -} - -static int kernel_getfrom_handleerrno(unsigned cmd, void data, socklen_t size) -{ - int res = wrapped_getsockopt(data, size); - - if (res != 0) { - if (errno == EAGAIN) - return -1; - else - kernel_error(cmd, errno); - } - - return 0; /* all ok / -} - -static void check_protocolversion(void) -{ - struct ip_set_req_version req_version; - socklen_t size = sizeof(struct ip_set_req_version); - int res; - - if (protocol_version) - return; - - req_version.op = IP_SET_OP_VERSION; - res = wrapped_getsockopt(&req_version, &size); - - if (res != 0) - exit_error(OTHER_PROBLEM, - "Couldn't verify kernel module version!"); - - if (!(req_version.version == IP_SET_PROTOCOL_VERSION - \|\| req_version.version == IP_SET_PROTOCOL_UNALIGNED)) - exit_error(OTHER_PROBLEM, - "Kernel ip_set module is of protocol version %u." - "I'm of protocol version %u.\n" - "Please upgrade your kernel and/or ipset(8) utillity.", - req_version.version, IP_SET_PROTOCOL_VERSION); - protocol_version = req_version.version; -} - -static void set_command(int cmd, int newcmd) -{ - if (cmd != CMD_NONE) - exit_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n", - cmd2char(cmd), cmd2char(newcmd)); - cmd = newcmd; -} - -static void add_option(unsigned int options, unsigned int option) -{ - if (options & option) - exit_error(PARAMETER_PROBLEM, - "multiple -%c flags not allowed", - opt2char(option)); - options \|= option; -} - -void ipset_malloc(size_t size) -{ - void p; - - if (size == 0) - return NULL; - - if ((p = malloc(size)) == NULL) { - perror("ipset: not enough memory"); - exit(1); - } - return p; -} - -char ipset_strdup(const char s) -{ - char p; - - if ((p = strdup(s)) == NULL) { - perror("ipset: not enough memory"); - exit(1); - } - return p; -} - -void ipset_free(void data) -{ - if (data == NULL) - return; - - free(data); -} - -static struct option merge_options(struct option oldopts, - const struct option newopts, - int option_offset) -{ - unsigned int num_old, num_new, i; - struct option merge; - - for (num_old = 0; oldopts[num_old].name; num_old++); - for (num_new = 0; newopts[num_new].name; num_new++); - - global_option_offset += OPTION_OFFSET; - option_offset = global_option_offset; - - merge = ipset_malloc(sizeof(struct option) * (num_new + num_old + 1)); - memcpy(merge, oldopts, num_old * sizeof(struct option)); - for (i = 0; i < num_new; i++) { - merge[num_old + i] = newopts[i]; - merge[num_old + i].val += option_offset; - } - memset(merge + num_old + num_new, 0, sizeof(struct option)); - - return merge; -} - -static char ip_tohost(const struct in_addr addr) -{ - struct hostent host; - - if ((host = gethostbyaddr((char ) addr, - sizeof(struct in_addr), - AF_INET)) != NULL) { - DP("%s", host->h_name); - return (char ) host->h_name; - } - - return (char ) NULL; -} - -static char ip_tonetwork(const struct in_addr addr) -{ - struct netent net; - - if ((net = getnetbyaddr(ntohl(addr->s_addr), - AF_INET)) != NULL) { - DP("%s", net->n_name); - return (char ) net->n_name; - } - - return (char ) NULL; -} - -/* Return a string representation of an IP address. - * Please notice that a pointer to static char* area is returned. - / -char ip_tostring(ip_set_ip_t ip, unsigned options) -{ - struct in_addr addr; - addr.s_addr = htonl(ip); - - if (!(options & OPT_NUMERIC)) { - char name; - if ((name = ip_tohost(&addr)) != NULL \|\| - (name = ip_tonetwork(&addr)) != NULL) - return name; - } - - return inet_ntoa(addr); -} - -char ip_tostring_numeric(ip_set_ip_t ip) -{ - return ip_tostring(ip, OPT_NUMERIC); -} - -/* Fills the 'ip' with the parsed ip or host in host byte order / -void parse_ip(const char str, ip_set_ip_t * ip) -{ - struct hostent host; - struct in_addr addr; - - DP("%s", str); - - if (inet_aton(str, &addr) != 0) { - ip = ntohl(addr.s_addr); /* We want host byte order / - return; - } - - host = gethostbyname(str); - if (host != NULL) { - if (host->h_addrtype != AF_INET \|\| - host->h_length != sizeof(struct in_addr)) - exit_error(PARAMETER_PROBLEM, - "host/network `%s' not an internet name", - str); - if (host->h_addr_list[1] != 0) - exit_error(PARAMETER_PROBLEM, - "host/network `%s' resolves to serveral ip-addresses. " - "Please specify one.", str); - - memcpy(&addr, host->h_addr_list[0], sizeof(struct in_addr)); - ip = ntohl(addr.s_addr); - return; - } - - exit_error(PARAMETER_PROBLEM, "host/network `%s' not found", str); -} - -/* Fills 'mask' with the parsed mask in host byte order / -void parse_mask(const char str, ip_set_ip_t * mask) -{ - struct in_addr addr; - int bits; - - DP("%s", str); - - if (str == NULL) { - /* no mask at all defaults to 32 bits / - mask = 0xFFFFFFFF; - return; - } - if (strchr(str, '.') && inet_aton(str, &addr) != 0) { - mask = ntohl(addr.s_addr); / We want host byte order / - return; - } - if (sscanf(str, "%d", &bits) != 1 \|\| bits < 0 \|\| bits > 32) - exit_error(PARAMETER_PROBLEM, - "invalid mask `%s' specified", str); - - DP("bits: %d", bits); - - mask = bits != 0 ? 0xFFFFFFFF << (32 - bits) : 0L; -} - -/* Combines parse_ip and parse_mask / -void -parse_ipandmask(const char str, ip_set_ip_t * ip, ip_set_ip_t * mask) -{ - char buf[256]; - char p; - - strncpy(buf, str, sizeof(buf) - 1); - buf[255] = '\0'; - - if ((p = strrchr(buf, '/')) != NULL) { - p = '\0'; - parse_mask(p + 1, mask); - } else - parse_mask(NULL, mask); - - /* if a null mask is given, the name is ignored, like in "any/0" / - if (mask == 0U) - ip = 0U; - else - parse_ip(buf, ip); - - DP("%s ip: %08X (%s) mask: %08X", - str, ip, ip_tostring_numeric(ip), mask); - - /* Apply the netmask / - ip &= mask; - - DP("%s ip: %08X (%s) mask: %08X", - str, ip, ip_tostring_numeric(ip), mask); -} - -/* Return a string representation of a port - * Please notice that a pointer to static char* area is returned - * and we assume TCP protocol. - / -char port_tostring(ip_set_ip_t port, unsigned options) -{ - struct servent service; - static char name[] = "65535"; - - if (!(options & OPT_NUMERIC)) { - if ((service = getservbyport(htons(port), "tcp"))) - return service->s_name; - } - sprintf(name, "%u", port); - return name; -} - -int -string_to_number(const char str, unsigned int min, unsigned int max, - ip_set_ip_t port) -{ - unsigned long number; - char end; - - /* Handle hex, octal, etc. / - errno = 0; - number = strtoul(str, &end, 0); - if (end == '\0' && end != str) { - /* we parsed a number, let's see if we want this / - if (errno != ERANGE && min <= number && number <= max) { - port = number; - return 0; - } - } - return -1; -} - -static int -string_to_port(const char str, ip_set_ip_t port) -{ - struct servent service; - - if ((service = getservbyname(str, "tcp")) != NULL) { - port = ntohs((uint16_t) service->s_port); - return 0; - } - return -1; -} - -/* Fills the 'ip' with the parsed port in host byte order / -void parse_port(const char str, ip_set_ip_t port) -{ - if ((string_to_number(str, 0, 65535, port) != 0) - && (string_to_port(str, port) != 0)) - exit_error(PARAMETER_PROBLEM, - "Invalid TCP port `%s' specified", str); -} - -/ - * Settype functions - / -static struct settype settype_find(const char typename) -{ - struct settype runner = all_settypes; - - DP("%s", typename); - - while (runner != NULL) { - if (STREQ(runner->typename, typename)) - return runner; - - runner = runner->next; - } - - return NULL; /* not found / -} - -static struct settype settype_load(const char typename) -{ - char path[sizeof(IPSET_LIB_DIR) + sizeof(IPSET_LIB_NAME) + - strlen(typename)]; - struct settype settype; - - /* do some search in list / - settype = settype_find(typename); - if (settype != NULL) - return settype; / found / - - / Else we have to load it / - sprintf(path, IPSET_LIB_DIR IPSET_LIB_NAME, typename); - - if (dlopen(path, RTLD_NOW)) { - / Found library. / - - settype = settype_find(typename); - - if (settype != NULL) - return settype; - } - - / Can't load the settype / - exit_error(PARAMETER_PROBLEM, - "Couldn't load settype `%s':%s\n", - typename, dlerror()); - - return NULL; / Never executed, but keep compilers happy / -} - -static char check_set_name(char setname) -{ - if (strlen(setname) > IP_SET_MAXNAMELEN - 1) - exit_error(PARAMETER_PROBLEM, - "Setname '%s' too long, max %d characters.", - setname, IP_SET_MAXNAMELEN - 1); - - return setname; -} - -static struct settype check_set_typename(const char typename) -{ - if (strlen(typename) > IP_SET_MAXNAMELEN - 1) - exit_error(PARAMETER_PROBLEM, - "Typename '%s' too long, max %d characters.", - typename, IP_SET_MAXNAMELEN - 1); - - return settype_load(typename); -} - -#define MAX(a,b) ((a) > (b) ? (a) : (b)) - -/ Register a new set type / -void settype_register(struct settype settype) -{ - struct settype chk; - size_t size; - - DP("%s", settype->typename); - - / Check if this typename already exists / - chk = settype_find(settype->typename); - - if (chk != NULL) - exit_error(OTHER_PROBLEM, - "Set type '%s' already registered!\n", - settype->typename); - - / Check version / - if (settype->protocol_version != IP_SET_PROTOCOL_VERSION) - exit_error(OTHER_PROBLEM, - "Set type %s is of wrong protocol version %u!" - " I'm of version %u.\n", settype->typename, - settype->protocol_version, - IP_SET_PROTOCOL_VERSION); - - / Initialize internal data / - settype->header = ipset_malloc(settype->header_size); - size = MAX(settype->create_size, settype->adt_size); - settype->data = ipset_malloc(size); - - / Insert first / - settype->next = all_settypes; - all_settypes = settype; - - DP("%s registered", settype->typename); -} - -/ Find set functions / -struct set set_find_byid(ip_set_id_t id) -{ - struct set set = NULL; - ip_set_id_t i; - - for (i = 0; i < max_sets; i++) - if (set_list[i] && set_list[i]->id == id) { - set = set_list[i]; - break; - } - - if (set == NULL) - exit_error(PARAMETER_PROBLEM, - "Set identified by id %u is not found", id); - return set; -} - -struct set set_find_byname(const char name) -{ - struct set set = NULL; - ip_set_id_t i; - - for (i = 0; i < max_sets; i++) - if (set_list[i] != NULL && STREQ(set_list[i]->name, name)) { - set = set_list[i]; - break; - } - if (set == NULL) - exit_error(PARAMETER_PROBLEM, - "Set %s is not found", name); - return set; -} - -static ip_set_id_t set_find_free_index(const char name) -{ - ip_set_id_t i, idx = IP_SET_INVALID_ID; - - for (i = 0; i < max_sets; i++) { - if (idx == IP_SET_INVALID_ID - && set_list[i] == NULL) - idx = i; - if (set_list[i] != NULL && STREQ(set_list[i]->name, name)) - exit_error(PARAMETER_PROBLEM, - "Set %s is already defined, cannot be restored", - name); - } - - if (idx == IP_SET_INVALID_ID) - exit_error(PARAMETER_PROBLEM, - "Set %s cannot be restored, " - "max number of set %u reached", - name, max_sets); - - return idx; -} - -/ - * Send create set order to kernel - / -static void set_create(const char name, struct settype settype) -{ - struct ip_set_req_create req_create; - size_t size; - void data; - - DP("%s %s", name, settype->typename); - - req_create.op = IP_SET_OP_CREATE; - req_create.version = protocol_version; - strcpy(req_create.name, name); - strcpy(req_create.typename, settype->typename); - - /* Final checks / - settype->create_final(settype->data, settype->flags); - - / Alloc memory for the data to send / - size = sizeof(struct ip_set_req_create) + settype->create_size; - data = ipset_malloc(size); - - / Add up ip_set_req_create and the settype data / - memcpy(data, &req_create, sizeof(struct ip_set_req_create)); - memcpy(data + sizeof(struct ip_set_req_create), - settype->data, settype->create_size); - - kernel_sendto(CMD_CREATE, data, size); - free(data); -} - -static void set_restore_create(const char name, struct settype settype) -{ - struct set set; - - DP("%s %s %zu %zu %u %u", name, settype->typename, - restore_offset, sizeof(struct ip_set_restore), - settype->create_size, restore_size); - - /* Sanity checking / - if (restore_offset - + ALIGNED(sizeof(struct ip_set_restore)) - + ALIGNED(settype->create_size) > restore_size) - exit_error(PARAMETER_PROBLEM, - "Giving up, restore file is screwed up!"); - - / Final checks / - settype->create_final(settype->data, settype->flags); - - / Fill out restore_data / - restore_set = (struct ip_set_restore ) - (restore_data + restore_offset); - strcpy(restore_set->name, name); - strcpy(restore_set->typename, settype->typename); - restore_set->index = set_find_free_index(name); - restore_set->header_size = settype->create_size; - restore_set->members_size = 0; - - DP("name %s, restore index %u", restore_set->name, restore_set->index); - /* Add settype data / - - restore_offset += ALIGNED(sizeof(struct ip_set_restore)); - memcpy(restore_data + restore_offset, settype->data, settype->create_size); - - restore_offset += ALIGNED(settype->create_size); - DP("restore_offset: %zu", restore_offset); - - / Add set to set_list / - set = ipset_malloc(sizeof(struct set)); - strcpy(set->name, name); - set->settype = settype; - set->index = restore_set->index; - set_list[restore_set->index] = set; -} - -/ - * Send destroy/flush order to kernel for one or all sets - / -static void set_destroy(const char name, unsigned op, unsigned cmd) -{ - struct ip_set_req_std req; - - DP("%s %s", cmd == CMD_DESTROY ? "destroy" : "flush", name); - - req.op = op; - req.version = protocol_version; - strcpy(req.name, name); - - kernel_sendto(cmd, &req, sizeof(struct ip_set_req_std)); -} - -/* - * Send rename/swap order to kernel - / -static void set_rename(const char name, const char newname, - unsigned op, unsigned cmd) -{ - struct ip_set_req_create req; - - DP("%s %s %s", cmd == CMD_RENAME ? "rename" : "swap", - name, newname); - - req.op = op; - req.version = protocol_version; - strcpy(req.name, name); - strcpy(req.typename, newname); - - kernel_sendto(cmd, &req, - sizeof(struct ip_set_req_create)); -} - -/ - * Send MAX_SETS, LIST_SIZE and/or SAVE_SIZE orders to kernel - / -static size_t load_set_list(const char name[IP_SET_MAXNAMELEN], - ip_set_id_t idx, - unsigned op, unsigned cmd) -{ - void data = NULL; - struct ip_set_req_max_sets req_max_sets; - struct ip_set_name_list name_list; - struct set set; - ip_set_id_t i; - socklen_t size, req_size; - int repeated = 0, res = 0; - - DP("%s %s", cmd == CMD_MAX_SETS ? "MAX_SETS" - : cmd == CMD_LIST_SIZE ? "LIST_SIZE" - : "SAVE_SIZE", - name); - -tryagain: - if (set_list) { - for (i = 0; i < max_sets; i++) - if (set_list[i]) - free(set_list[i]); - free(set_list); - set_list = NULL; - } - / Get max_sets / - req_max_sets.op = IP_SET_OP_MAX_SETS; - req_max_sets.version = protocol_version; - strcpy(req_max_sets.set.name, name); - size = sizeof(req_max_sets); - kernel_getfrom(CMD_MAX_SETS, &req_max_sets, &size); - - DP("got MAX_SETS: sets %d, max_sets %d", - req_max_sets.sets, req_max_sets.max_sets); - - max_sets = req_max_sets.max_sets; - set_list = ipset_malloc(max_sets sizeof(struct set )); - memset(set_list, 0, max_sets sizeof(struct set )); - idx = req_max_sets.set.index; - - if (req_max_sets.sets == 0) - /* No sets in kernel / - return 0; - - / Get setnames / - size = req_size = ALIGNED(sizeof(struct ip_set_req_setnames)) - + req_max_sets.sets ALIGNED(sizeof(struct ip_set_name_list)); - data = ipset_malloc(size); - ((struct ip_set_req_setnames ) data)->op = op; - ((struct ip_set_req_setnames ) data)->index = idx; - - res = kernel_getfrom_handleerrno(cmd, data, &size); - - if (res != 0 \|\| size != req_size) { - free(data); - if (repeated++ < LIST_TRIES) - goto tryagain; - exit_error(OTHER_PROBLEM, - "Tried to get sets from kernel %d times" - " and failed. Please try again when the load on" - " the sets has gone down.", LIST_TRIES); - } - - / Load in setnames / - size = ALIGNED(sizeof(struct ip_set_req_setnames)); - while (size + ALIGNED(sizeof(struct ip_set_name_list)) <= req_size) { - name_list = (struct ip_set_name_list ) - (data + size); - set = ipset_malloc(sizeof(struct set)); - strcpy(set->name, name_list->name); - set->index = name_list->index; - set->id = name_list->id; - set->settype = settype_load(name_list->typename); - set_list[name_list->index] = set; - DP("loaded %s, type %s, index %u", - set->name, set->settype->typename, set->index); - size += ALIGNED(sizeof(struct ip_set_name_list)); - } - /* Size to get set members / - size = ((struct ip_set_req_setnames )data)->size; - free(data); - - return size; -} - -/* - * Save operation - / -static size_t save_set(void data, size_t offset, size_t len) -{ - struct ip_set_save set_save = - (struct ip_set_save ) (data + offset); - struct set set; - struct settype settype; - size_t used; - - DP("offset %zu (%zu/%u/%u), len %zu", offset, - sizeof(struct ip_set_save), - set_save->header_size, set_save->members_size, - len); - if (offset + ALIGNED(sizeof(struct ip_set_save)) > len - \|\| offset + ALIGNED(sizeof(struct ip_set_save)) - + set_save->header_size + set_save->members_size > len) - exit_error(OTHER_PROBLEM, - "Save operation failed, try again later."); - - DP("index: %u", set_save->index); - if (set_save->index == IP_SET_INVALID_ID) { - /* Marker / - return ALIGNED(sizeof(struct ip_set_save)); - } - set = set_list[set_save->index]; - if (!set) - exit_error(OTHER_PROBLEM, - "Save set failed, try again later."); - settype = set->settype; - - / Init set header / - used = ALIGNED(sizeof(struct ip_set_save)); - settype->initheader(set, data + offset + used); - - / Print create set / - settype->saveheader(set, OPT_NUMERIC); - - / Print add IPs / - used += set_save->header_size; - settype->saveips(set, data + offset + used, - set_save->members_size, OPT_NUMERIC, - DONT_ALIGN); - - return (used + set_save->members_size); -} - -static int try_save_sets(const char name[IP_SET_MAXNAMELEN]) -{ - void data = NULL; - socklen_t size, req_size = 0; - ip_set_id_t idx; - int res = 0; - time_t now = time(NULL); - - /* Load set_list from kernel / - size = load_set_list(name, &idx, - IP_SET_OP_SAVE_SIZE, CMD_SAVE); - - if (size) { - / Get sets and print them / - / Take into account marker / - req_size = (size += ALIGNED(sizeof(struct ip_set_save))); - data = ipset_malloc(size); - ((struct ip_set_req_list ) data)->op = IP_SET_OP_SAVE; - ((struct ip_set_req_list ) data)->index = idx; - res = kernel_getfrom_handleerrno(CMD_SAVE, data, &size); - - if (res != 0 \|\| size != req_size) { - DP("Try again: res: %i, size %u, req_size: %u", - res, size, req_size); - free(data); - return -EAGAIN; - } - } - - printf("# Generated by ipset %s on %s", IPSET_VERSION, ctime(&now)); - size = 0; - while (size < req_size) { - DP("size: %u, req_size: %u", size, req_size); - size += save_set(data, size, req_size); - } - printf("COMMIT\n"); - now = time(NULL); - printf("# Completed on %s", ctime(&now)); - ipset_free(data); - return res; -} - -/ - * Performs a save to stdout - / -static void set_save(const char name[IP_SET_MAXNAMELEN]) -{ - int i; - - DP("%s", name); - for (i = 0; i < LIST_TRIES; i++) - if (try_save_sets(name) == 0) - return; - - if (errno == EAGAIN) - exit_error(OTHER_PROBLEM, - "Tried to save sets from kernel %d times" - " and failed. Please try again when the load on" - " the sets has gone down.", LIST_TRIES); - else - kernel_error(CMD_SAVE, errno); -} - -/ - * Restore operation - / - -/ global new argv and argc / -static char newargv[255]; -static int newargc = 0; - -/* Build faked argv from parsed line / -static void build_argv(unsigned line, char buffer) { - char ptr; - int i; - - / Reset / - for (i = 1; i < newargc; i++) - free(newargv[i]); - newargc = 1; - - ptr = strtok(buffer, " \t\n"); - newargv[newargc++] = ipset_strdup(ptr); - while ((ptr = strtok(NULL, " \t\n")) != NULL) { - if ((newargc + 1) < (int)(sizeof(newargv)/sizeof(char ))) - newargv[newargc++] = ipset_strdup(ptr); - else - exit_error(PARAMETER_PROBLEM, - "Line %d is too long to restore\n", line); - } -} - -static FILE create_tempfile(void) -{ - char buffer[1024], __tmpdir[] = "/tmp"; - char tmpdir = NULL; - char filename; - int fd; - FILE file; - - if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP"))) - tmpdir = __tmpdir; - filename = ipset_malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1); - strcpy(filename, tmpdir); - strcat(filename, TEMPFILE_PATTERN); - - (void) umask(077); /* Create with restrictive permissions / - fd = mkstemp(filename); - if (fd == -1) - exit_error(OTHER_PROBLEM, "Could not create temporary file."); - if (!(file = fdopen(fd, "r+"))) - exit_error(OTHER_PROBLEM, "Could not open temporary file."); - if (unlink(filename) == -1) - exit_error(OTHER_PROBLEM, "Could not unlink temporary file."); - free(filename); - - while (fgets(buffer, sizeof(buffer), stdin)) { - fputs(buffer, file); - } - fseek(file, 0L, SEEK_SET); - - return file; -} - -/ - * Performs a restore from a file - / -static void set_restore(char argv0) -{ - char buffer[1024]; - char ptr, name = NULL; - char cmd = ' '; - int first_pass, i; - struct settype settype = NULL; - struct ip_set_req_setnames header; - ip_set_id_t idx; - FILE in; - int res; - - / Create and store stdin in temporary file / - in = create_tempfile(); - - / Load existing sets from kernel / - load_set_list(IPSET_TOKEN_ALL, &idx, - IP_SET_OP_LIST_SIZE, CMD_RESTORE); - - restore_line = 0; - restore_size = ALIGNED(sizeof(struct ip_set_req_setnames)); / header / - DP("restore_size: %u", restore_size); - / First pass: calculate required amount of data / - while (fgets(buffer, sizeof(buffer), in)) { - restore_line++; - - if (buffer[0] == '\n') - continue; - else if (buffer[0] == '#') - continue; - else if (strcmp(buffer, "COMMIT\n") == 0) { - / Enable restore mode / - restore = 1; - break; - } - - / -N, -A or -B / - ptr = strtok(buffer, " \t\n"); - DP("ptr: %s", ptr); - if (ptr == NULL - \|\| ptr[0] != '-' - \|\| !(ptr[1] == 'N' - \|\| ptr[1] == 'A' - \|\| ptr[1] == 'B') - \|\| ptr[2] != '\0') { - exit_error(PARAMETER_PROBLEM, - "Line %u does not start as a valid restore command\n", - restore_line); - } - cmd = ptr[1]; - / setname / - ptr = strtok(NULL, " \t\n"); - DP("setname: %s", ptr); - if (ptr == NULL) - exit_error(PARAMETER_PROBLEM, - "Missing set name in line %u\n", - restore_line); - DP("cmd %c", cmd); - switch (cmd) { - case 'N': { - name = check_set_name(ptr); - / settype / - ptr = strtok(NULL, " \t\n"); - if (ptr == NULL) - exit_error(PARAMETER_PROBLEM, - "Missing settype in line %u\n", - restore_line); - settype = check_set_typename(ptr); - restore_size += ALIGNED(sizeof(struct ip_set_restore)) - + ALIGNED(settype->create_size); - DP("restore_size (N): %u", restore_size); - break; - } - case 'A': { - if (name == NULL - \|\| strncmp(name, ptr, sizeof(name)) != 0) - exit_error(PARAMETER_PROBLEM, - "Add IP to set %s in line %u without " - "preceding corresponding create set line\n", - ptr, restore_line); - restore_size += ALIGNED(settype->adt_size); - DP("restore_size (A): %u", restore_size); - break; - } - default: { - exit_error(PARAMETER_PROBLEM, - "Unrecognized restore command in line %u\n", - restore_line); - } - } / end of switch / - } - / Sanity checking / - if (!restore) - exit_error(PARAMETER_PROBLEM, - "Missing COMMIT line\n"); - restore_size += ALIGNED(sizeof(struct ip_set_restore)); / marker / - DP("restore_size: %u", restore_size); - restore_data = ipset_malloc(restore_size); - header = (struct ip_set_req_setnames ) restore_data; - header->op = IP_SET_OP_RESTORE; - header->size = restore_size; - restore_offset = ALIGNED(sizeof(struct ip_set_req_setnames)); - - /* Rewind to scan the file again / - fseek(in, 0L, SEEK_SET); - first_pass = restore_line; - restore_line = 0; - - / Initialize newargv/newargc / - newargv[newargc++] = ipset_strdup(argv0); - - / Second pass: build up restore request / - while (fgets(buffer, sizeof(buffer), in)) { - restore_line++; - - if (buffer[0] == '\n') - continue; - else if (buffer[0] == '#') - continue; - else if (strcmp(buffer, "COMMIT\n") == 0) - goto do_restore; - DP("restoring: %s", buffer); - / Build faked argv, argc / - build_argv(restore_line, buffer); - for (i = 0; i < newargc; i++) - DP("argv[%u]: %s", i, newargv[i]); - - / Parse line / - parse_commandline(newargc, newargv); - } - exit_error(PARAMETER_PROBLEM, - "Broken restore file\n"); - do_restore: - if (restore_size == (restore_offset + ALIGNED(sizeof(struct ip_set_restore)))) { - / No bindings / - struct ip_set_restore marker = - (struct ip_set_restore ) (restore_data + restore_offset); - - marker->index = IP_SET_INVALID_ID; - marker->header_size = marker->members_size = 0; - restore_offset += ALIGNED(sizeof(struct ip_set_restore)); - DP("restore marker, restore_offset: %zu", restore_offset); - } - if (restore_size != restore_offset) - exit_error(PARAMETER_PROBLEM, - "Giving up, restore file is screwed up!"); - res = kernel_getfrom_handleerrno(CMD_RESTORE, restore_data, &restore_size); - - if (res != 0) { - if (restore_size != sizeof(struct ip_set_req_setnames)) - exit_error(PARAMETER_PROBLEM, - "Communication with kernel failed (%u %u)!", - restore_size, sizeof(struct ip_set_req_setnames)); - / Check errors / - header = (struct ip_set_req_setnames ) restore_data; - if (header->size != 0) - exit_error(PARAMETER_PROBLEM, - "Committing restoring failed at line %u!", - header->size); - } -} - -/* - * Send ADT_GET order to kernel for a set - / -static struct set set_adt_get(const char name) -{ - struct ip_set_req_adt_get req_adt_get; - struct set set; - socklen_t size; - - DP("%s", name); - - check_protocolversion(); - - req_adt_get.op = IP_SET_OP_ADT_GET; - req_adt_get.version = protocol_version; - strcpy(req_adt_get.set.name, name); - size = sizeof(struct ip_set_req_adt_get); - - kernel_getfrom(CMD_ADT_GET, (void ) &req_adt_get, &size); - - set = ipset_malloc(sizeof(struct set)); - strcpy(set->name, name); - set->index = req_adt_get.set.index; - set->settype = settype_load(req_adt_get.typename); - - return set; -} - -/ - * Send add/del/test order to kernel for a set - / -static int set_adtip(struct set set, const char adt, - unsigned op, unsigned cmd) -{ - struct ip_set_req_adt req_adt; - size_t size; - void data; - int res = 0; - - DP("%s -> %s", set->name, adt); - - / Alloc memory for the data to send / - size = ALIGNED(sizeof(struct ip_set_req_adt)) + set->settype->adt_size ; - DP("alloc size %zu", size); - data = ipset_malloc(size); - - / Fill out the request / - req_adt = (struct ip_set_req_adt ) data; - req_adt->op = op; - req_adt->index = set->index; - memcpy(data + ALIGNED(sizeof(struct ip_set_req_adt)), - set->settype->data, set->settype->adt_size); - - if (kernel_sendto_handleerrno(cmd, data, size) == -1) - switch (op) { - case IP_SET_OP_ADD_IP: - exit_error(OTHER_PROBLEM, "%s is already in set %s.", - adt, set->name); - break; - case IP_SET_OP_DEL_IP: - exit_error(OTHER_PROBLEM, "%s is not in set %s.", - adt, set->name); - break; - case IP_SET_OP_TEST_IP: - ipset_printf("%s is in set %s.", adt, set->name); - res = 0; - break; - default: - break; - } - else - switch (op) { - case IP_SET_OP_TEST_IP: - ipset_printf("%s is NOT in set %s.", adt, set->name); - res = 1; - break; - default: - break; - } - free(data); - - return res; -} - -static void set_restore_add(struct set set, const char adt UNUSED) -{ - DP("%s %s", set->name, adt); - /* Sanity checking / - if (restore_offset + ALIGNED(set->settype->adt_size) > restore_size) - exit_error(PARAMETER_PROBLEM, - "Giving up, restore file is screwed up!"); - - memcpy(restore_data + restore_offset, - set->settype->data, set->settype->adt_size); - restore_set->members_size += ALIGNED(set->settype->adt_size); - restore_offset += ALIGNED(set->settype->adt_size); - - DP("restore_offset: %zu", restore_offset); -} - -/ - * Print operation - / - -/ Help function to set_list() / -static size_t print_set(void data, unsigned options) -{ - struct ip_set_list setlist = data; - struct set set = set_list[setlist->index]; - struct settype settype = set->settype; - size_t offset; - - / Pretty print the set / - DP("header size: %u, members size: %u", - setlist->header_size, setlist->members_size); - printf("Name: %s\n", set->name); - printf("Type: %s\n", settype->typename); - printf("References: %d\n", setlist->ref); - - / Init header / - offset = ALIGNED(sizeof(struct ip_set_list)); - settype->initheader(set, data + offset); - - / Pretty print the type header / - printf("Header:"); - settype->printheader(set, options); - - / Pretty print all IPs / - printf("Members:\n"); - offset += setlist->header_size; - DP("Aligned: %u, offset: %zu, members_size %u\n", !DONT_ALIGN, offset, - setlist->members_size); - if (options & OPT_SORTED) - settype->printips_sorted(set, data + offset, - setlist->members_size, options, - DONT_ALIGN); - else - settype->printips(set, data + offset, - setlist->members_size, options, - DONT_ALIGN); - - printf("\n"); / One newline between sets / - - return (offset + setlist->members_size); -} - -static int try_list_sets(const char name[IP_SET_MAXNAMELEN], - unsigned options) -{ - void data = NULL; - ip_set_id_t idx; - socklen_t size, req_size; - int res = 0; - - /* Default is numeric listing / - if (!(options & (OPT_RESOLVE\|OPT_NUMERIC))) - options \|= OPT_NUMERIC; - - DP("%s", name); - / Load set_list from kernel / - size = req_size = load_set_list(name, &idx, - IP_SET_OP_LIST_SIZE, CMD_LIST); - - if (size) { - / Get sets and print them / - data = ipset_malloc(size); - ((struct ip_set_req_list ) data)->op = IP_SET_OP_LIST; - ((struct ip_set_req_list ) data)->index = idx; - res = kernel_getfrom_handleerrno(CMD_LIST, data, &size); - DP("get_lists getsockopt() res=%d errno=%d", res, errno); - - if (res != 0 \|\| size != req_size) { - free(data); - return -EAGAIN; - } - size = 0; - } - while (size != req_size) - size += print_set(data + size, options); - - ipset_free(data); - return res; -} - -/ Print a set or all sets - * All sets: name = NULL - / -static void list_sets(const char name[IP_SET_MAXNAMELEN], unsigned options) -{ - int i; - - DP("%s", name); - for (i = 0; i < LIST_TRIES; i++) - if (try_list_sets(name, options) == 0) - return; - - if (errno == EAGAIN) - exit_error(OTHER_PROBLEM, - "Tried to list sets from kernel %d times" - " and failed. Please try again when the load on" - " the sets has gone down.", LIST_TRIES); - else - kernel_error(CMD_LIST, errno); -} - -/ Prints help - * If settype is non null help for that type is printed as well - / -static void set_help(const struct settype settype) -{ - printf("%s v%s\n\n" - "Usage: %s -N new-set settype [options]\n" - " %s -[XFLSH] [set] [options]\n" - " %s -[EW] from-set to-set\n" - " %s -[ADT] set IP\n" - " %s -R\n" - " %s -v\n" - " %s -h (print this help information)\n\n", - program_name, program_version, - program_name, program_name, program_name, - program_name, program_name, program_name, - program_name); - - printf("Commands:\n" - "Either long or short options are allowed.\n" - " --create -N setname settype <options>\n" - " Create a new set\n" - " --destroy -X [setname]\n" - " Destroy a set or all sets\n" - " --flush -F [setname]\n" - " Flush a set or all sets\n" - " --rename -E from-set to-set\n" - " Rename from-set to to-set\n" - " --swap -W from-set to-set\n" - " Swap the content of two existing sets\n" - " --list -L [setname] [options]\n" - " List the IPs in a set or all sets\n" - " --save -S [setname]\n" - " Save the set or all sets to stdout\n" - " --restore -R [option]\n" - " Restores a saved state\n" - " --add -A setname IP\n" - " Add an IP to a set\n" - " --del -D setname IP\n" - " Deletes an IP from a set\n" - " --test -T setname IP \n" - " Tests if an IP exists in a set.\n" - " --help -H [settype]\n" - " Prints this help, and settype specific help\n" - " --version -V\n" - " Prints version information\n\n" - "Options:\n" - " --sorted -s Numeric sort of the IPs in -L\n" - " --numeric -n Numeric output of addresses in a -L (default)\n" - " --resolve -r Try to resolve addresses in a -L\n" - " --quiet -q Suppress any output to stdout and stderr.\n"); -#ifdef IPSET_DEBUG - printf(" --debug -z Enable debugging\n\n"); -#else - printf("\n"); -#endif - - if (settype != NULL) { - printf("Type '%s' specific:\n", settype->typename); - settype->usage(); - } -} - -static int find_cmd(int option) -{ - int i; - - for (i = 1; i <= NUMBER_OF_CMD; i++) - if (cmdflags[i] == option) - return i; - - return CMD_NONE; -} - -static int parse_adt_cmdline(int command, - const char name, - char adt, - struct set set, - struct settype settype) -{ - int res = 0; - - set = restore ? set_find_byname(name) : set_adt_get(name); - - / Reset space for adt data / - settype = (set)->settype; - memset((settype)->data, 0, (settype)->adt_size); - - res = (settype)->adt_parser(command, adt, (settype)->data); - - return res; -} - -/ Main worker function / -int parse_commandline(int argc, char argv[]) -{ - int res = 0; - int command = CMD_NONE; - unsigned options = 0; - int c; - - char name = NULL; / All except -H, -R / - char newname = NULL; /* -E, -W / - char adt = NULL; /* -A, -D, -T / - struct set set = NULL; /* -A, -D, -T / - struct settype settype = NULL; /* -N, -H / - char all_sets[] = IPSET_TOKEN_ALL; - - struct option opts = opts_long; - - /* Suppress error messages: we may add new options if we - demand-load a protocol. / - opterr = 0; - / Reset optind to 0 for restore / - optind = 0; - - while ((c = getopt_long(argc, argv, opts_short, opts, NULL)) != -1) { - - DP("commandline parsed: opt %c (%s)", c, argv[optind]); - - switch (c) { - / - * Command selection - / - case 'h': - case 'H':{ / Help: -H [typename [options]] / - check_protocolversion(); - set_command(&command, CMD_HELP); - - if (optarg) - settype = check_set_typename(optarg); - else if (optind < argc - && argv[optind][0] != '-') - settype = check_set_typename(argv[optind++]); - - break; - } - - case 'V': - case 'v': { / Version / - printf("%s v%s, protocol version %u.\n", - program_name, program_version, - IP_SET_PROTOCOL_VERSION); - check_protocolversion(); - printf("Kernel module protocol version %u.\n", - protocol_version); - exit(0); - } - - case 'N':{ / Create: -N name typename options / - set_command(&command, CMD_CREATE); - - name = check_set_name(optarg); - - / Protect reserved names / - if (name[0] == ':') - exit_error(PARAMETER_PROBLEM, - "setname might not start with colon", - cmd2char(CMD_CREATE)); - - if (optind < argc - && argv[optind][0] != '-') - settype = check_set_typename(argv[optind++]); - else - exit_error(PARAMETER_PROBLEM, - "-%c requires setname and settype", - cmd2char(CMD_CREATE)); - - DP("merge options"); - / Merge the create options / - opts = merge_options(opts, - settype->create_opts, - &settype->option_offset); - - / Reset space for create data / - memset(settype->data, 0, settype->create_size); - - / Zero the flags / - settype->flags = 0; - - DP("call create_init"); - / Call the settype create_init / - settype->create_init(settype->data); - - break; - } - - case 'X': / Destroy / - case 'F': / Flush / - case 'L': / List / - case 'S':{ / Save / - set_command(&command, find_cmd(c)); - - if (optarg) - name = check_set_name(optarg); - else if (optind < argc - && argv[optind][0] != '-') - name = check_set_name(argv[optind++]); - else - name = all_sets; - - break; - } - - case 'R':{ / Restore / - set_command(&command, find_cmd(c)); - - break; - } - - case 'E': / Rename / - case 'W':{ / Swap / - set_command(&command, find_cmd(c)); - name = check_set_name(optarg); - - if (optind < argc - && argv[optind][0] != '-') - newname = check_set_name(argv[optind++]); - else - exit_error(PARAMETER_PROBLEM, - "-%c requires a setname " - "and the new name for that set", - cmd2char(CMD_RENAME)); - - break; - } - - case 'A': / Add IP / - case 'D': / Del IP / - case 'T':{ / Test IP / - set_command(&command, find_cmd(c)); - - name = check_set_name(optarg); - - / IP / - if (optind < argc - && argv[optind][0] != '-') - adt = argv[optind++]; - else - exit_error(PARAMETER_PROBLEM, - "-%c requires setname and IP", - c); - - res = parse_adt_cmdline(command, name, adt, - &set, &settype); - - if (!res) - exit_error(PARAMETER_PROBLEM, - "Unknown arg `%s'", - argv[optind - 1]); - - res = 0; - break; - } - - / options / - - case 'n': - add_option(&options, OPT_NUMERIC); - break; - - case 'r': - if (!(options & OPT_NUMERIC)) - add_option(&options, OPT_RESOLVE); - break; - - case 's': - add_option(&options, OPT_SORTED); - break; - - case 'q': - add_option(&options, OPT_QUIET); - option_quiet = 1; - break; - -#ifdef IPSET_DEBUG - case 'z': / debug / - add_option(&options, OPT_DEBUG); - option_debug = 1; - break; -#endif - - case 1: / non option / - printf("Bad argument `%s'\n", optarg); - exit_tryhelp(PARAMETER_PROBLEM); - break; /always good / - - default:{ - DP("default"); - - switch (command) { - case CMD_CREATE: - res = settype->create_parse( - c - settype->option_offset, - argv, - settype->data, - &settype->flags); - break; - - default: - res = 0; / failed / - } / switch (command) / - - - if (!res) - exit_error(PARAMETER_PROBLEM, - "Unknown arg `%s'", - argv[optind - 1]); - - res = 0; - } - - DP("next arg"); - } / switch / - - } / while( getopt_long() ) / - - - if (optind < argc) - exit_error(PARAMETER_PROBLEM, - "unknown arguments found on commandline"); - if (command == CMD_NONE) - exit_error(PARAMETER_PROBLEM, "no command specified"); - - / Check options / - generic_opt_check(command, options); - - DP("cmd: %c", cmd2char(command)); - - check_protocolversion(); - - switch (command) { - case CMD_CREATE: - DP("CMD_CREATE"); - if (restore) - set_restore_create(name, settype); - else - set_create(name, settype); - break; - - case CMD_DESTROY: - set_destroy(name, IP_SET_OP_DESTROY, CMD_DESTROY); - break; - - case CMD_FLUSH: - set_destroy(name, IP_SET_OP_FLUSH, CMD_FLUSH); - break; - - case CMD_RENAME: - set_rename(name, newname, IP_SET_OP_RENAME, CMD_RENAME); - break; - - case CMD_SWAP: - set_rename(name, newname, IP_SET_OP_SWAP, CMD_SWAP); - break; - - case CMD_LIST: - list_sets(name, options); - break; - - case CMD_SAVE: - set_save(name); - break; - - case CMD_RESTORE: - set_restore(argv[0]); - break; - - case CMD_ADD: - if (restore) - set_restore_add(set, adt); - else - set_adtip(set, adt, IP_SET_OP_ADD_IP, CMD_ADD); - break; - - case CMD_DEL: - set_adtip(set, adt, IP_SET_OP_DEL_IP, CMD_DEL); - break; - - case CMD_TEST: - res = set_adtip(set, adt, IP_SET_OP_TEST_IP, CMD_TEST); - break; - - case CMD_HELP: - set_help(settype); - break; - - default: - / Will never happen / - break; / Keep the compiler happy / - - } / switch( command ) / - - return res; -} - - -int main(int argc, char argv[]) -{ - return parse_commandline(argc, argv); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset.h ^
@@ -1,200 +0,0 @@ -#ifndef __IPSET_H -#define __IPSET_H - -/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <getopt.h> / struct option / -#include <stdint.h> -#include <sys/types.h> - -#include "ip_set.h" - -#define IPSET_LIB_NAME "/libipset_%s.so" -#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" - -#define LIST_TRIES 5 - -#ifdef IPSET_DEBUG -extern int option_debug; -#define DP(format, args...) if (option_debug) \ - do { \ - fprintf(stderr, "%s: %s (DBG): ", __FILE__, __FUNCTION__);\ - fprintf(stderr, format "\n" , ## args); \ - } while (0) -#else -#define DP(format, args...) -#endif - -/ Commands / -enum set_commands { - CMD_NONE, - CMD_CREATE, / -N / - CMD_DESTROY, / -X / - CMD_FLUSH, / -F / - CMD_RENAME, / -E / - CMD_SWAP, / -W / - CMD_LIST, / -L / - CMD_SAVE, / -S / - CMD_RESTORE, / -R / - CMD_ADD, / -A / - CMD_DEL, / -D / - CMD_TEST, / -T / - CMD_HELP, / -H / - CMD_VERSION, / -V / - NUMBER_OF_CMD = CMD_VERSION, - / Internal commands / - CMD_MAX_SETS, - CMD_LIST_SIZE, - CMD_SAVE_SIZE, - CMD_ADT_GET, -}; - -enum exittype { - OTHER_PROBLEM = 1, - PARAMETER_PROBLEM, - VERSION_PROBLEM -}; - -/ The view of an ipset in userspace / -struct set { - char name[IP_SET_MAXNAMELEN]; / Name of the set / - ip_set_id_t id; / Unique set id / - ip_set_id_t index; / Array index / - unsigned ref; / References in kernel / - struct settype settype; /* Pointer to set type functions / -}; - -struct settype { - struct settype next; - - char typename[IP_SET_MAXNAMELEN]; - - int protocol_version; - - /* - * Create set - / - - / Size of create data. Will be sent to kernel / - u_int32_t create_size; - - / Initialize the create. / - void (create_init) (void data); - - / Function which parses command options; returns true if it ate an option / - int (create_parse) (int c, char argv[], void data, - unsigned flags); - - / Final check; exit if not ok. / - void (create_final) (void data, unsigned int flags); - - / Pointer to list of extra command-line options for create / - const struct option create_opts; - - /* - * Add/del/test IP - / - - / Size of data. Will be sent to kernel / - u_int32_t adt_size; - - / Function which parses command options / - ip_set_ip_t (adt_parser) (int cmd, const char optarg, void data); - - /* - * Printing - / - - / Size of header. / - u_int32_t header_size; - - / Initialize the type-header / - void (initheader) (struct set set, const void data); - - /* Pretty print the type-header / - void (printheader) (struct set set, unsigned options); - - / Pretty print all IPs / - void (printips) (struct set set, void data, u_int32_t len, - unsigned options, char dont_align); - - /* Pretty print all IPs sorted / - void (printips_sorted) (struct set set, void data, u_int32_t len, - unsigned options, char dont_align); - - /* Print save arguments for creating the set / - void (saveheader) (struct set set, unsigned options); - - / Print save for all IPs / - void (saveips) (struct set set, void data, u_int32_t len, - unsigned options, char dont_align); - - /* Print usage / - void (usage) (void); - - /* Internal data / - void header; - void data; - int option_offset; - unsigned int flags; -}; - -extern void settype_register(struct settype settype); - -/* extern void unregister_settype(set_type_t set_type); / - -extern void exit_error(int status, const char msg, ...); - -extern char binding_ip_tostring(struct set set, - ip_set_ip_t ip, unsigned options); -extern char ip_tostring(ip_set_ip_t ip, unsigned options); -extern char ip_tostring_numeric(ip_set_ip_t ip); -extern void parse_ip(const char str, ip_set_ip_t * ip); -extern void parse_mask(const char str, ip_set_ip_t mask); -extern void parse_ipandmask(const char str, ip_set_ip_t ip, - ip_set_ip_t * mask); -extern char port_tostring(ip_set_ip_t port, unsigned options); -extern void parse_port(const char str, ip_set_ip_t * port); -extern int string_to_number(const char str, unsigned int min, unsigned int max, - ip_set_ip_t port); - -extern void ipset_malloc(size_t size); -extern char ipset_strdup(const char ); -extern void ipset_free(void data); - -extern struct set set_find_byname(const char name); -extern struct set set_find_byid(ip_set_id_t id); - -extern unsigned warn_once; - -#define BITS_PER_LONG (8sizeof(ip_set_ip_t)) -#define BIT_WORD(nr) ((nr) / BITS_PER_LONG) - -static inline int test_bit(int nr, const ip_set_ip_t addr) -{ - return 1 & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1))); -} - -#define UNUSED __attribute__ ((unused)) -#define CONSTRUCTOR(module) \ -void __attribute__ ((constructor)) module##_init(void); \ -void module##_init(void) - -#endif / __IPSET_H */
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_iphash.c ^
@@ -1,279 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem* / - -#include "ipset.h" - -#include "ip_set_iphash.h" - -#define BUFLEN 30; - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETMASK 0x08U - -/ Initialize the create. / -static void -iphash_create_init(void data) -{ - struct ip_set_req_iphash_create mydata = data; - - DP("create INIT"); - - / Default create parameters / - mydata->hashsize = IP_NF_SET_HASHSIZE; - mydata->probes = 8; - mydata->resize = 50; - - mydata->netmask = 0xFFFFFFFF; -} - -/ Function which parses command options; returns true if it ate an option / -static int -iphash_create_parse(int c, char argv[] UNUSED, void data, unsigned flags) -{ - struct ip_set_req_iphash_create mydata = - (struct ip_set_req_iphash_create ) data; - unsigned int bits; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - flags \|= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - flags \|= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - flags \|= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - - if (string_to_number(optarg, 0, 32, &bits)) - exit_error(PARAMETER_PROBLEM, - "Invalid netmask `%s' specified", optarg); - - if (bits != 0) - mydata->netmask = 0xFFFFFFFF << (32 - bits); - - flags \|= OPT_CREATE_NETMASK; - - DP("--netmask %x", mydata->netmask); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. / -static void -iphash_create_final(void data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options / -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "netmask", .has_arg = required_argument, .val = '4'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -iphash_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_iphash mydata = data; - - parse_ip(arg, &mydata->ip); - if (!mydata->ip) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address `%s' specified", arg); - - return mydata->ip; -}; - -/* - * Print and save - / - -static void -iphash_initheader(struct set set, const void data) -{ - const struct ip_set_req_iphash_create header = data; - struct ip_set_iphash map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_iphash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->netmask = header->netmask; -} - -static unsigned int -mask_to_bits(ip_set_ip_t mask) -{ - unsigned int bits = 32; - ip_set_ip_t maskaddr; - - if (mask == 0xFFFFFFFF) - return bits; - - maskaddr = 0xFFFFFFFE; - while (--bits > 0 && maskaddr != mask) - maskaddr <<= 1; - - return bits; -} - -static void -iphash_printheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_iphash mysetdata = set->settype->header; - - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u", mysetdata->resize); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); -} - -static void -iphash_printips(struct set set UNUSED, void data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t ip; - - while (offset < len) { - ip = data + offset; - printf("%s\n", ip_tostring(ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -iphash_saveheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_iphash mysetdata = set->settype->header; - - printf("-N %s %s --hashsize %u --probes %u --resize %u", - set->name, set->settype->typename, - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" --netmask %d\n", mask_to_bits(mysetdata->netmask)); -} - -/ Print save for an IP / -static void -iphash_saveips(struct set set UNUSED, void data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t ip; - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, ip_tostring(ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -iphash_usage(void) -{ - printf - ("-N set iphash [--hashsize hashsize] [--probes probes ]\n" - " [--resize resize] [--netmask CIDR-netmask]\n" - "-A set IP\n" - "-D set IP\n" - "-T set IP\n"); -} - -static struct settype settype_iphash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_iphash_create), - .create_init = iphash_create_init, - .create_parse = iphash_create_parse, - .create_final = iphash_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_iphash), - .adt_parser = iphash_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_iphash), - .initheader = iphash_initheader, - .printheader = iphash_printheader, - .printips = iphash_printips, - .printips_sorted = iphash_printips, - .saveheader = iphash_saveheader, - .saveips = iphash_saveips, - - .usage = iphash_usage, -}; - -CONSTRUCTOR(iphash) -{ - settype_register(&settype_iphash); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipmap.c ^
@@ -1,376 +0,0 @@ -/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <stdio.h> / printf / -#include <string.h> /* mem* / - -#include "ipset.h" - -#include "ip_set_ipmap.h" - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U -#define OPT_CREATE_NETWORK 0x04U -#define OPT_CREATE_NETMASK 0x08U - -#define OPT_ADDDEL_IP 0x01U - -/ Initialize the create. / -static void -ipmap_create_init(void data) -{ - struct ip_set_req_ipmap_create mydata = data; - - DP("create INIT"); - mydata->netmask = 0xFFFFFFFF; -} - -/ Function which parses command options; returns true if it ate an option / -static int -ipmap_create_parse(int c, char argv[] UNUSED, void data, unsigned flags) -{ - struct ip_set_req_ipmap_create mydata = data; - unsigned int bits; - - DP("create_parse"); - - switch (c) { - case '1': - parse_ip(optarg, &mydata->from); - - flags \|= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '2': - parse_ip(optarg, &mydata->to); - - flags \|= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '3': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - / Make to the last of from + mask / - if (mydata->to) - mydata->to = mydata->from \| ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - flags \|= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - case '4': - if (string_to_number(optarg, 0, 32, &bits)) - exit_error(PARAMETER_PROBLEM, - "Invalid netmask `%s' specified", optarg); - - if (bits != 0) - mydata->netmask = 0xFFFFFFFF << (32 - bits); - - flags \|= OPT_CREATE_NETMASK; - - DP("--netmask %x", mydata->netmask); - - break; - - default: - return 0; - } - - return 1; -} - -/ Final check; exit if not ok. / -static void -ipmap_create_final(void data, unsigned int flags) -{ - struct ip_set_req_ipmap_create mydata = data; - ip_set_ip_t range; - - if (flags == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - if (flags & OPT_CREATE_NETWORK) { - / --network / - if ((flags & OPT_CREATE_FROM) \|\| (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else { - / --from --to / - if ((flags & OPT_CREATE_FROM) == 0 - \|\| (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (flags & OPT_CREATE_NETMASK) { - unsigned int mask_bits, netmask_bits; - ip_set_ip_t mask; - - if ((mydata->from & mydata->netmask) != mydata->from) - exit_error(PARAMETER_PROBLEM, - "%s is not a network address according to netmask %d\n", - ip_tostring_numeric(mydata->from), - mask_to_bits(mydata->netmask)); - - mask = range_to_mask(mydata->from, mydata->to, &mask_bits); - if (!mask - && (mydata->from \|\| mydata->to != 0xFFFFFFFF)) { - exit_error(PARAMETER_PROBLEM, - "You have to define a full network with --from" - " and --to if you specify the --network option\n"); - } - netmask_bits = mask_to_bits(mydata->netmask); - if (netmask_bits <= mask_bits) { - exit_error(PARAMETER_PROBLEM, - "%d netmask specifies larger or equal netblock than the network itself\n"); - } - range = (1<<(netmask_bits - mask_bits)) - 1; - } else { - range = mydata->to - mydata->from; - } - if (range > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/ Create commandline options / -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {.name = "network", .has_arg = required_argument, .val = '3'}, - {.name = "netmask", .has_arg = required_argument, .val = '4'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -ipmap_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_ipmap mydata = data; - - DP("ipmap: %p %p", arg, data); - - parse_ip(arg, &mydata->ip); - DP("%s", ip_tostring_numeric(mydata->ip)); - - return 1; -} - -/* - * Print and save - / - -static void -ipmap_initheader(struct set set, const void data) -{ - const struct ip_set_req_ipmap_create header = data; - struct ip_set_ipmap map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipmap)); - map->first_ip = header->from; - map->last_ip = header->to; - map->netmask = header->netmask; - - if (map->netmask == 0xFFFFFFFF) { - map->hosts = 1; - map->sizeid = map->last_ip - map->first_ip + 1; - } else { - unsigned int mask_bits, netmask_bits; - ip_set_ip_t mask; - - mask = range_to_mask(header->from, header->to, &mask_bits); - netmask_bits = mask_to_bits(header->netmask); - - DP("bits: %d %d", mask_bits, netmask_bits); - map->hosts = 2 << (32 - netmask_bits - 1); - map->sizeid = 2 << (netmask_bits - mask_bits - 1); - } - - DP("%d %d", map->hosts, map->sizeid ); -} - -static void -ipmap_printheader(struct set set, unsigned options) -{ - struct ip_set_ipmap mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); -} - -static inline void -__ipmap_printips_sorted(struct set set, void data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_ipmap mysetdata = set->settype->header; - ip_set_ip_t id; - - for (id = 0; id < mysetdata->sizeid; id++) - if (test_bit(id, data)) - printf("%s\n", - ip_tostring(mysetdata->first_ip - + id * mysetdata->hosts, - options)); -} - -static void -ipmap_printips_sorted(struct set set, void data, - u_int32_t len, unsigned options, - char dont_align) -{ - ip_set_ip_t ip; - size_t offset = 0; - - if (dont_align) - return __ipmap_printips_sorted(set, data, len, options); - - while (offset < len) { - DP("offset: %zu, len %u\n", offset, len); - ip = data + offset; - printf("%s\n", ip_tostring(ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -ipmap_saveheader(struct set set, unsigned options) -{ - struct ip_set_ipmap mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" --netmask %d\n", - mask_to_bits(mysetdata->netmask)); -} - -static inline void -__ipmap_saveips(struct set set, void data, u_int32_t len UNUSED, - unsigned options) -{ - struct ip_set_ipmap mysetdata = set->settype->header; - ip_set_ip_t id; - - DP("%s", set->name); - for (id = 0; id < mysetdata->sizeid; id++) - if (test_bit(id, data)) - printf("-A %s %s\n", - set->name, - ip_tostring(mysetdata->first_ip - + id mysetdata->hosts, - options)); -} - -static void -ipmap_saveips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - ip_set_ip_t ip; - size_t offset = 0; - - if (dont_align) - return __ipmap_saveips(set, data, len, options); - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, ip_tostring(ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -ipmap_usage(void) -{ - printf - ("-N set ipmap --from IP --to IP [--netmask CIDR-netmask]\n" - "-N set ipmap --network IP/mask [--netmask CIDR-netmask]\n" - "-A set IP\n" - "-D set IP\n" - "-T set IP\n"); -} - -static struct settype settype_ipmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create / - .create_size = sizeof(struct ip_set_req_ipmap_create), - .create_init = ipmap_create_init, - .create_parse = ipmap_create_parse, - .create_final = ipmap_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_ipmap), - .adt_parser = ipmap_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_ipmap), - .initheader = ipmap_initheader, - .printheader = ipmap_printheader, - .printips = ipmap_printips_sorted, - .printips_sorted = ipmap_printips_sorted, - .saveheader = ipmap_saveheader, - .saveips = ipmap_saveips, - - .usage = ipmap_usage, -}; - -CONSTRUCTOR(ipmap) -{ - settype_register(&settype_ipmap); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipporthash.c ^
@@ -1,350 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem, str / - -#include "ipset.h" - -#include "ip_set_ipporthash.h" - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/ Initialize the create. / -static void -ipporthash_create_init(void data) -{ - struct ip_set_req_ipporthash_create mydata = data; - - DP("create INIT"); - - / Default create parameters / - mydata->hashsize = IP_NF_SET_HASHSIZE; - mydata->probes = 8; - mydata->resize = 50; -} - -/ Function which parses command options; returns true if it ate an option / -static int -ipporthash_create_parse(int c, char argv[] UNUSED, void data, - unsigned flags) -{ - struct ip_set_req_ipporthash_create mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - flags \|= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - flags \|= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - flags \|= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - flags \|= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - flags \|= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask / - if (mydata->to) - mydata->to = mydata->from \| ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - flags \|= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. / -static void -ipporthash_create_final(void data, unsigned int flags) -{ - struct ip_set_req_ipporthash_create mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - / --network / - if ((flags & OPT_CREATE_FROM) \|\| (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM \| OPT_CREATE_TO)) { - / --from --to / - if (!(flags & OPT_CREATE_FROM) \|\| !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/ Create commandline options / -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -ipporthash_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_ipporthash mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - - DP("ipporthash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) \|\| (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - - if (tmp) - parse_port(tmp, &mydata->port); - else - exit_error(PARAMETER_PROBLEM, - "IP address and port must be specified: ip,port"); - - if (!(mydata->ip \|\| mydata->port)) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address and port `%s' specified", arg); - ipset_free(saved); - return 1; -}; - -/ - * Print and save - / - -static void -ipporthash_initheader(struct set set, const void data) -{ - const struct ip_set_req_ipporthash_create header = data; - struct ip_set_ipporthash map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipporthash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipporthash_printheader(struct set set, unsigned options) -{ - struct ip_set_ipporthash mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static void -ipporthash_printips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipporthash mysetdata = set->settype->header; - size_t offset = 0; - ip_set_ip_t ipptr, ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr; - printf("%s,%s\n", - ip_tostring(ip, options), - port_tostring(port, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -ipporthash_saveheader(struct set set, unsigned options) -{ - struct ip_set_ipporthash mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/ Print save for an IP / -static void -ipporthash_saveips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipporthash mysetdata = set->settype->header; - size_t offset = 0; - ip_set_ip_t ipptr, ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr; - printf("-A %s %s,%s\n", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -ipporthash_usage(void) -{ - printf - ("-N set ipporthash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipporthash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port\n" - "-D set IP,port\n" - "-T set IP,port\n"); -} - -static struct settype settype_ipporthash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_ipporthash_create), - .create_init = ipporthash_create_init, - .create_parse = ipporthash_create_parse, - .create_final = ipporthash_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_ipporthash), - .adt_parser = ipporthash_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_ipporthash), - .initheader = ipporthash_initheader, - .printheader = ipporthash_printheader, - .printips = ipporthash_printips, - .printips_sorted = ipporthash_printips, - .saveheader = ipporthash_saveheader, - .saveips = ipporthash_saveips, - - .usage = ipporthash_usage, -}; - -CONSTRUCTOR(ipporthash) -{ - settype_register(&settype_ipporthash); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipportiphash.c ^
@@ -1,361 +0,0 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem, str / - -#include "ipset.h" - -#include "ip_set_ipportiphash.h" - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/ Initialize the create. / -static void -ipportiphash_create_init(void data) -{ - struct ip_set_req_ipportiphash_create mydata = data; - - DP("create INIT"); - - / Default create parameters / - mydata->hashsize = IP_NF_SET_HASHSIZE; - mydata->probes = 8; - mydata->resize = 50; -} - -/ Function which parses command options; returns true if it ate an option / -static int -ipportiphash_create_parse(int c, char argv[] UNUSED, void data, - unsigned flags) -{ - struct ip_set_req_ipportiphash_create mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - flags \|= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - flags \|= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - flags \|= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - flags \|= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - flags \|= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask / - if (mydata->to) - mydata->to = mydata->from \| ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - flags \|= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. / -static void -ipportiphash_create_final(void data, unsigned int flags) -{ - struct ip_set_req_ipportiphash_create mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - / --network / - if ((flags & OPT_CREATE_FROM) \|\| (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM \| OPT_CREATE_TO)) { - / --from --to / - if (!(flags & OPT_CREATE_FROM) \|\| !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/ Create commandline options / -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -ipportiphash_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_ipportiphash mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - - DP("ipportiphash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) \|\| (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port,ip.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and IP address must be specified: ip,port,ip"); - - ptr = strsep(&tmp, ":%,"); - parse_port(ptr, &mydata->port); - if (tmp) - parse_ip(tmp, &mydata->ip1); - else - exit_error(PARAMETER_PROBLEM, - "IP address, port and IP address must be specified: ip,port,ip"); - if (!(mydata->ip \|\| mydata->port \|\| mydata->ip1)) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address, port and IP address `%s' specified", arg); - ipset_free(saved); - return 1; -}; - -/ - * Print and save - / - -static void -ipportiphash_initheader(struct set set, const void data) -{ - const struct ip_set_req_ipportiphash_create header = data; - struct ip_set_ipportiphash map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipportiphash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipportiphash_printheader(struct set set, unsigned options) -{ - struct ip_set_ipportiphash mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static void -ipportiphash_printips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportiphash mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportiphash_saveheader(struct set set, unsigned options) -{ - struct ip_set_ipportiphash mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/ Print save for an IP / -static void -ipportiphash_saveips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportiphash mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportiphash_usage(void) -{ - printf - ("-N set ipportiphash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipportiphash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port,IP\n" - "-D set IP,port,IP\n" - "-T set IP,port,IP\n"); -} - -static struct settype settype_ipportiphash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_ipportiphash_create), - .create_init = ipportiphash_create_init, - .create_parse = ipportiphash_create_parse, - .create_final = ipportiphash_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_ipportiphash), - .adt_parser = ipportiphash_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_ipportiphash), - .initheader = ipportiphash_initheader, - .printheader = ipportiphash_printheader, - .printips = ipportiphash_printips, - .printips_sorted = ipportiphash_printips, - .saveheader = ipportiphash_saveheader, - .saveips = ipportiphash_saveips, - - .usage = ipportiphash_usage, -}; - -CONSTRUCTOR(ipportiphash) -{ - settype_register(&settype_ipportiphash); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_ipportnethash.c ^
@@ -1,426 +0,0 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem, str / - -#include "ipset.h" - -#include "ip_set_ipportnethash.h" - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/ Initialize the create. / -static void -ipportnethash_create_init(void data) -{ - struct ip_set_req_ipportnethash_create mydata = data; - - DP("create INIT"); - - / Default create parameters / - mydata->hashsize = IP_NF_SET_HASHSIZE; - mydata->probes = 8; - mydata->resize = 50; -} - -/ Function which parses command options; returns true if it ate an option / -static int -ipportnethash_create_parse(int c, char argv[] UNUSED, void data, - unsigned flags) -{ - struct ip_set_req_ipportnethash_create mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - flags \|= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - flags \|= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - flags \|= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - flags \|= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - flags \|= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask / - if (mydata->to) - mydata->to = mydata->from \| ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - flags \|= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. / -static void -ipportnethash_create_final(void data, unsigned int flags) -{ - struct ip_set_req_ipportnethash_create mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - / --network / - if ((flags & OPT_CREATE_FROM) \|\| (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM \| OPT_CREATE_TO)) { - / --from --to / - if (!(flags & OPT_CREATE_FROM) \|\| !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/ Create commandline options / -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -ipportnethash_adt_parser(int cmd, const char arg, void data) -{ - struct ip_set_req_ipportnethash mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - ip_set_ip_t cidr; - - DP("ipportnethash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) \|\| (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port,net.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and network address must be specified: ip,port,net"); - - ptr = strsep(&tmp, ":%,"); - parse_port(ptr, &mydata->port); - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and network address must be specified: ip,port,net"); - - ptr = strsep(&tmp, "/"); - if (tmp == NULL) - if (cmd == CMD_TEST) - cidr = 32; - else - exit_error(PARAMETER_PROBLEM, - "Missing /cidr from `%s'", arg); - else - if (string_to_number(tmp, 1, 31, &cidr)) - exit_error(PARAMETER_PROBLEM, - "Out of range cidr `%s' specified", arg); - - mydata->cidr = cidr; - - parse_ip(ptr, &mydata->ip1); - ipset_free(saved); - return 1; -}; - -/ - * Print and save - / - -static void -ipportnethash_initheader(struct set set, const void data) -{ - const struct ip_set_req_ipportnethash_create header = data; - struct ip_set_ipportnethash map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipportnethash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipportnethash_printheader(struct set set, unsigned options) -{ - struct ip_set_ipportnethash mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static char buf[20]; - -static char -unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) -{ - int i, j = 3; - unsigned char a, b; - - ip = htonl(ip); - for (i = 3; i >= 0; i--) - if (((unsigned char )&ip)[i] != 0) { - j = i; - break; - } - - a = ((unsigned char )&ip)[j]; - if (a <= 128) { - a = (a - 1) * 2; - b = 7; - } else if (a <= 192) { - a = (a - 129) * 4; - b = 6; - } else if (a <= 224) { - a = (a - 193) * 8; - b = 5; - } else if (a <= 240) { - a = (a - 225) * 16; - b = 4; - } else if (a <= 248) { - a = (a - 241) * 32; - b = 3; - } else if (a <= 252) { - a = (a - 249) * 64; - b = 2; - } else if (a <= 254) { - a = (a - 253) * 128; - b = 1; - } else { - a = b = 0; - } - ((unsigned char )&ip)[j] = a; - b += j 8; - - sprintf(buf, "%u.%u.%u.%u/%u", - ((unsigned char )&ip)[0], - ((unsigned char )&ip)[1], - ((unsigned char )&ip)[2], - ((unsigned char )&ip)[3], - b); - - DP("%s %s", ip_tostring(ntohl(ip), 0), buf); - return buf; -} - -static void -ipportnethash_printips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportnethash mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportnethash_saveheader(struct set set, unsigned options) -{ - struct ip_set_ipportnethash mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP / -static void -ipportnethash_saveips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportnethash mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportnethash_usage(void) -{ - printf - ("-N set ipportnethash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipportnethash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port,IP/net\n" - "-D set IP,port,IP/net\n" - "-T set IP,port,IP[/net]\n"); -} - -static struct settype settype_ipportnethash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_ipportnethash_create), - .create_init = ipportnethash_create_init, - .create_parse = ipportnethash_create_parse, - .create_final = ipportnethash_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_ipportnethash), - .adt_parser = ipportnethash_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_ipportnethash), - .initheader = ipportnethash_initheader, - .printheader = ipportnethash_printheader, - .printips = ipportnethash_printips, - .printips_sorted = ipportnethash_printips, - .saveheader = ipportnethash_saveheader, - .saveips = ipportnethash_saveips, - - .usage = ipportnethash_usage, -}; - -CONSTRUCTOR(ipportnethash) -{ - settype_register(&settype_ipportnethash); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_iptree.c ^
@@ -1,224 +0,0 @@ -/* Copyright 2005 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem* / - -#include "ipset.h" - -#include "ip_set_iptree.h" - -#define BUFLEN 30; - -#define OPT_CREATE_TIMEOUT 0x01U - -/ Initialize the create. / -static void -iptree_create_init(void data) -{ - struct ip_set_req_iptree_create mydata = data; - - DP("create INIT"); - mydata->timeout = 0; -} - -/ Function which parses command options; returns true if it ate an option / -static int -iptree_create_parse(int c, char argv[] UNUSED, void data, unsigned flags) -{ - struct ip_set_req_iptree_create mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - string_to_number(optarg, 0, UINT_MAX, &mydata->timeout); - - flags \|= OPT_CREATE_TIMEOUT; - - DP("--timeout %u", mydata->timeout); - - break; - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. / -static void -iptree_create_final(void data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options / -static const struct option create_opts[] = { - {.name = "timeout", .has_arg = required_argument, .val = '1'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -iptree_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_iptree mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - - DP("iptree: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) \|\| (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,timeout.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - - if (tmp) - string_to_number(tmp, 0, UINT_MAX, &mydata->timeout); - else - mydata->timeout = 0; - - ipset_free(saved); - return 1; -} - -/ - * Print and save - / - -static void -iptree_initheader(struct set set, const void data) -{ - const struct ip_set_req_iptree_create header = data; - struct ip_set_iptree map = set->settype->header; - - map->timeout = header->timeout; -} - -static void -iptree_printheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_iptree mysetdata = set->settype->header; - - if (mysetdata->timeout) - printf(" timeout: %u", mysetdata->timeout); - printf("\n"); -} - -static void -iptree_printips_sorted(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_iptree mysetdata = set->settype->header; - struct ip_set_req_iptree req; - size_t offset = 0; - - while (len >= offset + sizeof(struct ip_set_req_iptree)) { - req = (struct ip_set_req_iptree )(data + offset); - if (mysetdata->timeout) - printf("%s,%u\n", ip_tostring(req->ip, options), - req->timeout); - else - printf("%s\n", ip_tostring(req->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); - } -} - -static void -iptree_saveheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_iptree mysetdata = set->settype->header; - - if (mysetdata->timeout) - printf("-N %s %s --timeout %u\n", - set->name, set->settype->typename, - mysetdata->timeout); - else - printf("-N %s %s\n", - set->name, set->settype->typename); -} - -static void -iptree_saveips(struct set set, void data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_iptree mysetdata = set->settype->header; - struct ip_set_req_iptree req; - size_t offset = 0; - - DP("%s", set->name); - - while (len >= offset + sizeof(struct ip_set_req_iptree)) { - req = (struct ip_set_req_iptree )(data + offset); - if (mysetdata->timeout) - printf("-A %s %s,%u\n", - set->name, - ip_tostring(req->ip, options), - req->timeout); - else - printf("-A %s %s\n", - set->name, - ip_tostring(req->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); - } -} - -static void -iptree_usage(void) -{ - printf - ("-N set iptree [--timeout value]\n" - "-A set IP[,timeout]\n" - "-D set IP\n" - "-T set IP\n"); -} - -static struct settype settype_iptree = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_iptree_create), - .create_init = iptree_create_init, - .create_parse = iptree_create_parse, - .create_final = iptree_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_iptree), - .adt_parser = iptree_adt_parser, - - / Printing / - .header_size = sizeof(struct ip_set_iptree), - .initheader = iptree_initheader, - .printheader = iptree_printheader, - .printips = iptree_printips_sorted, / We only have sorted version */ - .printips_sorted = iptree_printips_sorted, - .saveheader = iptree_saveheader, - .saveips = iptree_saveips, - - .usage = iptree_usage, -}; - -CONSTRUCTOR(iptree) -{ - settype_register(&settype_iptree); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_iptreemap.c ^
@@ -1,208 +0,0 @@ -/* Copyright 2007 Sven Wegener <sven.wegener@stealer.net> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem* / - -#include "ipset.h" - -#include "ip_set_iptreemap.h" - -#define OPT_CREATE_GC 0x1 - -static void -iptreemap_create_init(void data) -{ - struct ip_set_req_iptreemap_create mydata = data; - - mydata->gc_interval = 0; -} - -static int -iptreemap_create_parse(int c, char argv[] UNUSED, void data, - unsigned int flags) -{ - struct ip_set_req_iptreemap_create mydata = data; - - switch (c) { - case 'g': - string_to_number(optarg, 0, UINT_MAX, &mydata->gc_interval); - - flags \|= OPT_CREATE_GC; - break; - default: - return 0; - break; - } - - return 1; -} - -static void -iptreemap_create_final(void data UNUSED, unsigned int flags UNUSED) -{ -} - -static const struct option create_opts[] = { - {.name = "gc", .has_arg = required_argument, .val = 'g'}, - {NULL}, -}; - -static ip_set_ip_t -iptreemap_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_iptreemap mydata = data; - ip_set_ip_t mask; - - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - - if (strchr(tmp, '/')) { - parse_ipandmask(tmp, &mydata->ip, &mask); - mydata->end = mydata->ip \| ~mask; - } else { - if ((ptr = strchr(tmp, ':')) != NULL && ++warn_once == 1) - fprintf(stderr, "Warning: please use '-' separator token between IP range.\n" - "Next release won't support old separator token.\n"); - ptr = strsep(&tmp, "-:"); - parse_ip(ptr, &mydata->ip); - - if (tmp) { - parse_ip(tmp, &mydata->end); - } else { - mydata->end = mydata->ip; - } - } - - ipset_free(saved); - - return 1; -} - -static void -iptreemap_initheader(struct set set, const void data) -{ - const struct ip_set_req_iptreemap_create header = data; - struct ip_set_iptreemap map = set->settype->header; - - map->gc_interval = header->gc_interval; -} - -static void -iptreemap_printheader(struct set set, unsigned int options UNUSED) -{ - struct ip_set_iptreemap mysetdata = set->settype->header; - - if (mysetdata->gc_interval) - printf(" gc: %u", mysetdata->gc_interval); - - printf("\n"); -} - -static void -iptreemap_printips_sorted(struct set set UNUSED, void data, - u_int32_t len, unsigned int options, char dont_align) -{ - struct ip_set_req_iptreemap req; - size_t offset = 0; - - while (len >= offset + sizeof(struct ip_set_req_iptreemap)) { - req = data + offset; - - printf("%s", ip_tostring(req->ip, options)); - if (req->ip != req->end) - printf("-%s", ip_tostring(req->end, options)); - printf("\n"); - - offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align); - } -} - -static void -iptreemap_saveheader(struct set set, unsigned int options UNUSED) -{ - struct ip_set_iptreemap mysetdata = set->settype->header; - - printf("-N %s %s", set->name, set->settype->typename); - - if (mysetdata->gc_interval) - printf(" --gc %u", mysetdata->gc_interval); - - printf("\n"); -} - -static void -iptreemap_saveips(struct set set UNUSED, void data, - u_int32_t len, unsigned int options, char dont_align) -{ - struct ip_set_req_iptreemap *req; - size_t offset = 0; - - while (len >= offset + sizeof(struct ip_set_req_iptreemap)) { - req = data + offset; - - printf("-A %s %s", set->name, ip_tostring(req->ip, options)); - - if (req->ip != req->end) - printf("-%s", ip_tostring(req->end, options)); - - printf("\n"); - - offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptreemap), dont_align); - } -} - -static void -iptreemap_usage(void) -{ - printf( - "-N set iptreemap --gc interval\n" - "-A set IP\n" - "-D set IP\n" - "-T set IP\n" - ); -} - -static struct settype settype_iptreemap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - .create_size = sizeof(struct ip_set_req_iptreemap_create), - .create_init = iptreemap_create_init, - .create_parse = iptreemap_create_parse, - .create_final = iptreemap_create_final, - .create_opts = create_opts, - - .adt_size = sizeof(struct ip_set_req_iptreemap), - .adt_parser = iptreemap_adt_parser, - - .header_size = sizeof(struct ip_set_iptreemap), - .initheader = iptreemap_initheader, - .printheader = iptreemap_printheader, - .printips = iptreemap_printips_sorted, - .printips_sorted = iptreemap_printips_sorted, - .saveheader = iptreemap_saveheader, - .saveips = iptreemap_saveips, - - .usage = iptreemap_usage, -}; - -CONSTRUCTOR(iptreemap) -{ - settype_register(&settype_iptreemap); -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_macipmap.c ^
@@ -1,382 +0,0 @@ -/* Copyright 2000, 2001, 2002 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Martin Josefsson (gandalf@wlug.westbo.se) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - - -#include <stdio.h> / printf / -#include <stdlib.h> /* mem* / -#include <string.h> / str* / -#include <net/ethernet.h> / ETH_ALEN / - -#include "ipset.h" - -#include "ip_set_macipmap.h" - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U -#define OPT_CREATE_NETWORK 0x04U -#define OPT_CREATE_MATCHUNSET 0x08U - -#define OPT_ADDDEL_IP 0x01U -#define OPT_ADDDEL_MAC 0x02U - -/ Initialize the create. / -static void -macipmap_create_init(void data UNUSED) -{ - DP("create INIT"); - /* Nothing / -} - -/ Function which parses command options; returns true if it ate an option / -static int -macipmap_create_parse(int c, char argv[] UNUSED, void data, unsigned flags) -{ - struct ip_set_req_macipmap_create mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - parse_ip(optarg, &mydata->from); - - flags \|= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '2': - parse_ip(optarg, &mydata->to); - - flags \|= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '3': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - / Make to the last of from + mask / - mydata->to = mydata->from \| (~mydata->to); - - flags \|= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - case '4': - mydata->flags \|= IPSET_MACIP_MATCHUNSET; - - flags \|= OPT_CREATE_MATCHUNSET; - - DP("--matchunset"); - - break; - - default: - return 0; - } - - return 1; -} - -/ Final check; exit if not ok. / -static void -macipmap_create_final(void data, unsigned int flags) -{ - struct ip_set_req_macipmap_create mydata = data; - - if (flags == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - if (flags & OPT_CREATE_NETWORK) { - / --network / - if ((flags & OPT_CREATE_FROM) \|\| (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else { - / --from --to / - if ((flags & OPT_CREATE_FROM) == 0 - \|\| (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - - DP("from : %x to: %x diff: %d match unset: %d", mydata->from, - mydata->to, mydata->to - mydata->from, - flags & OPT_CREATE_MATCHUNSET); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/ Create commandline options / -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {.name = "network", .has_arg = required_argument, .val = '3'}, - {.name = "matchunset", .has_arg = no_argument, .val = '4'}, - {NULL}, -}; - -static void -parse_mac(const char mac, unsigned char ethernet) -{ - unsigned int i = 0; - - if (strlen(mac) != ETH_ALEN 3 - 1) - exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac); - - for (i = 0; i < ETH_ALEN; i++) { - long number; - char end; - - number = strtol(mac + i 3, &end, 16); - - if (end == mac + i * 3 + 2 && number >= 0 && number <= 255) - ethernet[i] = number; - else - exit_error(PARAMETER_PROBLEM, - "Bad mac address `%s'", mac); - } -} - -/* Add, del, test parser / -static ip_set_ip_t -macipmap_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_macipmap mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - - DP("macipmap: %p %p", arg, data); - - ptr = strsep(&tmp, ","); - if (!tmp) { - tmp = saved; - ptr = strsep(&tmp, ":%"); - if (tmp && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,mac.\n" - "Next release won't support old separator tokens.\n"); - } - parse_ip(ptr, &mydata->ip); - - if (tmp) - parse_mac(tmp, mydata->ethernet); - else - memset(mydata->ethernet, 0, ETH_ALEN); - - free(saved); - - return 1; -} - -/ - * Print and save - / - -static void -macipmap_initheader(struct set set, const void data) -{ - const struct ip_set_req_macipmap_create header = data; - struct ip_set_macipmap map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_macipmap)); - map->first_ip = header->from; - map->last_ip = header->to; - map->flags = header->flags; -} - -static void -macipmap_printheader(struct set set, unsigned options) -{ - struct ip_set_macipmap mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - - if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) - printf(" matchunset"); - printf("\n"); -} - -static void -print_mac(unsigned char macaddress[ETH_ALEN]) -{ - unsigned int i; - - printf("%02X", macaddress[0]); - for (i = 1; i < ETH_ALEN; i++) - printf(":%02X", macaddress[i]); -} - -static inline void -__macipmap_printips_sorted(struct set set, void data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_macipmap mysetdata = set->settype->header; - struct ip_set_macip table = data; - u_int32_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - if (table[addr - mysetdata->first_ip].match) { - printf("%s,", ip_tostring(addr, options)); - print_mac(table[addr - mysetdata->first_ip]. - ethernet); - printf("\n"); - } - addr++; - } -} - -static void -macipmap_printips_sorted(struct set set, void data, - u_int32_t len, unsigned options, - char dont_align) -{ - struct ip_set_req_macipmap d; - size_t offset = 0; - - if (dont_align) - return __macipmap_printips_sorted(set, data, len, options); - - while (offset < len) { - d = data + offset; - printf("%s,", ip_tostring(d->ip, options)); - print_mac(d->ethernet); - printf("\n"); - offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - } -} - -static void -macipmap_saveheader(struct set set, unsigned options) -{ - struct ip_set_macipmap mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", ip_tostring(mysetdata->last_ip, options)); - - if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) - printf(" --matchunset"); - printf("\n"); -} - -static inline void -__macipmap_saveips(struct set set, void data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_macipmap mysetdata = set->settype->header; - struct ip_set_macip table = data; - u_int32_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - if (table[addr - mysetdata->first_ip].match) { - printf("-A %s %s,", - set->name, ip_tostring(addr, options)); - print_mac(table[addr - mysetdata->first_ip]. - ethernet); - printf("\n"); - } - addr++; - } -} - -static void -macipmap_saveips(struct set set, void data, - u_int32_t len, unsigned options, - char dont_align) -{ - struct ip_set_req_macipmap d; - size_t offset = 0; - - if (dont_align) - return __macipmap_saveips(set, data, len, options); - - while (offset < len) { - d = data + offset; - printf("-A %s %s,", set->name, ip_tostring(d->ip, options)); - print_mac(d->ethernet); - printf("\n"); - offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - } -} - -static void -macipmap_usage(void) -{ - printf - ("-N set macipmap --from IP --to IP [--matchunset]\n" - "-N set macipmap --network IP/mask [--matchunset]\n" - "-A set IP[,MAC]\n" - "-D set IP[,MAC]\n" - "-T set IP[,MAC]\n"); -} - -static struct settype settype_macipmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_macipmap_create), - .create_init = macipmap_create_init, - .create_parse = macipmap_create_parse, - .create_final = macipmap_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_macipmap), - .adt_parser = macipmap_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_macipmap), - .initheader = macipmap_initheader, - .printheader = macipmap_printheader, - .printips = macipmap_printips_sorted, - .printips_sorted = macipmap_printips_sorted, - .saveheader = macipmap_saveheader, - .saveips = macipmap_saveips, - - .usage = macipmap_usage, -}; - -CONSTRUCTOR(macipmap) -{ - settype_register(&settype_macipmap); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_nethash.c ^
@@ -1,308 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <limits.h> / UINT_MAX / -#include <stdio.h> / printf / -#include <string.h> /* mem, str / - -#include "ipset.h" - -#include "ip_set_nethash.h" - -#define BUFLEN 30; - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U - -/ Initialize the create. / -static void -nethash_create_init(void data) -{ - struct ip_set_req_nethash_create mydata = data; - - DP("create INIT"); - - / Default create parameters / - mydata->hashsize = IP_NF_SET_HASHSIZE; - mydata->probes = 4; - mydata->resize = 50; -} - -/ Function which parses command options; returns true if it ate an option / -static int -nethash_create_parse(int c, char argv[] UNUSED, void data, unsigned flags) -{ - struct ip_set_req_nethash_create mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - flags \|= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - flags \|= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - flags \|= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. / -static void -nethash_create_final(void data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options / -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -nethash_adt_parser(int cmd, const char arg, void data) -{ - struct ip_set_req_nethash mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - ip_set_ip_t cidr; - - ptr = strsep(&tmp, "/"); - - if (tmp == NULL) { - if (cmd == CMD_TEST) - cidr = 32; - else - exit_error(PARAMETER_PROBLEM, - "Missing cidr from `%s'", arg); - } else - if (string_to_number(tmp, 1, 31, &cidr)) - exit_error(PARAMETER_PROBLEM, - "Out of range cidr `%s' specified", arg); - - mydata->cidr = cidr; - parse_ip(ptr, &mydata->ip); -#if 0 - if (!mydata->ip) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address `%s' specified", ptr); -#endif - ipset_free(saved); - - return 1; -}; - -/ - * Print and save - / - -static void -nethash_initheader(struct set set, const void data) -{ - const struct ip_set_req_nethash_create header = data; - struct ip_set_nethash map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_nethash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; -} - -static void -nethash_printheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_nethash mysetdata = set->settype->header; - - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static char buf[20]; - -static char -unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) -{ - int i, j = 3; - unsigned char a, b; - - ip = htonl(ip); - for (i = 3; i >= 0; i--) - if (((unsigned char )&ip)[i] != 0) { - j = i; - break; - } - - a = ((unsigned char )&ip)[j]; - if (a <= 128) { - a = (a - 1) * 2; - b = 7; - } else if (a <= 192) { - a = (a - 129) * 4; - b = 6; - } else if (a <= 224) { - a = (a - 193) * 8; - b = 5; - } else if (a <= 240) { - a = (a - 225) * 16; - b = 4; - } else if (a <= 248) { - a = (a - 241) * 32; - b = 3; - } else if (a <= 252) { - a = (a - 249) * 64; - b = 2; - } else if (a <= 254) { - a = (a - 253) * 128; - b = 1; - } else { - a = b = 0; - } - ((unsigned char )&ip)[j] = a; - b += j 8; - - sprintf(buf, "%u.%u.%u.%u/%u", - ((unsigned char )&ip)[0], - ((unsigned char )&ip)[1], - ((unsigned char )&ip)[2], - ((unsigned char )&ip)[3], - b); - - DP("%s %s", ip_tostring(ntohl(ip), 0), buf); - return buf; -} - -static void -nethash_printips(struct set set UNUSED, void data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t ip; - - while (offset < len) { - ip = data + offset; - printf("%s\n", unpack_ip_tostring(ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -nethash_saveheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_nethash mysetdata = set->settype->header; - - printf("-N %s %s --hashsize %u --probes %u --resize %u\n", - set->name, set->settype->typename, - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP / -static void -nethash_saveips(struct set set UNUSED, void data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t ip; - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, - unpack_ip_tostring(ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -nethash_usage(void) -{ - printf - ("-N set nethash [--hashsize hashsize] [--probes probes ]\n" - " [--resize resize]\n" - "-A set IP/cidr\n" - "-D set IP/cidr\n" - "-T set IP/cidr\n"); -} - -static struct settype settype_nethash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_nethash_create), - .create_init = nethash_create_init, - .create_parse = nethash_create_parse, - .create_final = nethash_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_nethash), - .adt_parser = nethash_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_nethash), - .initheader = nethash_initheader, - .printheader = nethash_printheader, - .printips = nethash_printips, - .printips_sorted = nethash_printips, - .saveheader = nethash_saveheader, - .saveips = nethash_saveips, - - .usage = nethash_usage, -}; - -CONSTRUCTOR(nethash) -{ - settype_register(&settype_nethash); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_portmap.c ^
@@ -1,272 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - - -#include <stdio.h> / printf / -#include <string.h> /* mem* / - -#include "ipset.h" - -#include "ip_set_portmap.h" - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U - -#define OPT_ADDDEL_PORT 0x01U - -/ Initialize the create. / -static void -portmap_create_init(void data UNUSED) -{ - DP("create INIT"); - /* Nothing / -} - -/ Function which parses command options; returns true if it ate an option / -static int -portmap_create_parse(int c, char argv[] UNUSED, void data, unsigned flags) -{ - struct ip_set_req_portmap_create mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - parse_port(optarg, &mydata->from); - - flags \|= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - port_tostring(mydata->from, 0)); - - break; - - case '2': - parse_port(optarg, &mydata->to); - - flags \|= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - port_tostring(mydata->to, 0)); - - break; - - default: - return 0; - } - - return 1; -} - -/ Final check; exit if not ok. / -static void -portmap_create_final(void data, unsigned int flags) -{ - struct ip_set_req_portmap_create mydata = data; - - if (flags == 0) { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to\n"); - } else { - / --from --to / - if ((flags & OPT_CREATE_FROM) == 0 - \|\| (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - DP("from : %x to: %x diff: %d", mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d ports in range\n", - MAX_RANGE+1); -} - -/ Create commandline options / -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {NULL}, -}; - -/ Add, del, test parser / -static ip_set_ip_t -portmap_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_portmap mydata = data; - - parse_port(arg, &mydata->ip); - DP("%s", port_tostring(mydata->ip, 0)); - - return 1; -} - -/* - * Print and save - / - -static void -portmap_initheader(struct set set, const void data) -{ - const struct ip_set_req_portmap_create header = data; - struct ip_set_portmap map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_portmap)); - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -portmap_printheader(struct set set, unsigned options) -{ - struct ip_set_portmap mysetdata = set->settype->header; - - printf(" from: %s", port_tostring(mysetdata->first_ip, options)); - printf(" to: %s\n", port_tostring(mysetdata->last_ip, options)); -} - -static inline void -__portmap_printips_sorted(struct set set, void data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_portmap mysetdata = set->settype->header; - ip_set_ip_t addr = mysetdata->first_ip; - - DP("%u -- %u", mysetdata->first_ip, mysetdata->last_ip); - while (addr <= mysetdata->last_ip) { - if (test_bit(addr - mysetdata->first_ip, data)) - printf("%s\n", port_tostring(addr, options)); - addr++; - } -} - -static void -portmap_printips_sorted(struct set set, void data, - u_int32_t len, unsigned options, - char dont_align) -{ - ip_set_ip_t ip; - size_t offset = 0; - - if (dont_align) - return __portmap_printips_sorted(set, data, len, options); - - while (offset < len) { - ip = data + offset; - printf("%s\n", port_tostring(ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -portmap_saveheader(struct set set, unsigned options) -{ - struct ip_set_portmap mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, - set->settype->typename, - port_tostring(mysetdata->first_ip, options)); - printf(" --to %s\n", - port_tostring(mysetdata->last_ip, options)); -} - -static inline void -__portmap_saveips(struct set set, void data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_portmap mysetdata = set->settype->header; - ip_set_ip_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - DP("addr: %lu, last_ip %lu", (long unsigned)addr, (long unsigned)mysetdata->last_ip); - if (test_bit(addr - mysetdata->first_ip, data)) - printf("-A %s %s\n", - set->name, - port_tostring(addr, options)); - addr++; - } -} - -static void -portmap_saveips(struct set set, void data, - u_int32_t len, unsigned options, - char dont_align) -{ - ip_set_ip_t ip; - size_t offset = 0; - - if (dont_align) - return __portmap_saveips(set, data, len, options); - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, port_tostring(ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -portmap_usage(void) -{ - printf - ("-N set portmap --from PORT --to PORT\n" - "-A set PORT\n" - "-D set PORT\n" - "-T set PORT\n"); -} - -static struct settype settype_portmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - / Create / - .create_size = sizeof(struct ip_set_req_portmap_create), - .create_init = portmap_create_init, - .create_parse = portmap_create_parse, - .create_final = portmap_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_portmap), - .adt_parser = portmap_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_portmap), - .initheader = portmap_initheader, - .printheader = portmap_printheader, - .printips = portmap_printips_sorted, - .printips_sorted = portmap_printips_sorted, - .saveheader = portmap_saveheader, - .saveips = portmap_saveips, - - .usage = portmap_usage, -}; - -CONSTRUCTOR(portmap) -{ - settype_register(&settype_portmap); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipset_setlist.c ^
@@ -1,229 +0,0 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - / - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include "ip_set_setlist.h" -#include "ipset.h" - -/ Initialize the create. / -static void -setlist_create_init(void data) -{ - struct ip_set_req_setlist_create mydata = data; - - mydata->size = 8; -} - -/ Function which parses command options; returns true if it ate an option / -static int -setlist_create_parse(int c, char argv[] UNUSED, void data, - unsigned flags UNUSED) -{ - struct ip_set_req_setlist_create mydata = data; - unsigned int size; - - switch (c) { - case '1': - if (string_to_number(optarg, 1, 255, &size)) - exit_error(PARAMETER_PROBLEM, - "Invalid size '%s specified: must be " - "between 1-255", optarg); - mydata->size = size; - break; - default: - return 0; - } - return 1; -} - -/ Final check; exit if not ok. / -static void -setlist_create_final(void data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options / -static const struct option create_opts[] = { - {.name = "size", .has_arg = required_argument, .val = '1'}, - {NULL}, -}; - -static void -check_setname(const char name) -{ - if (strlen(name) > IP_SET_MAXNAMELEN - 1) - exit_error(PARAMETER_PROBLEM, - "Setname %s is longer than %d characters.", - name, IP_SET_MAXNAMELEN - 1); -} - -/* Add, del, test parser / -static ip_set_ip_t -setlist_adt_parser(int cmd UNUSED, const char arg, void data) -{ - struct ip_set_req_setlist mydata = data; - char saved = ipset_strdup(arg); - char ptr, tmp = saved; - - DP("setlist: %p %p", arg, data); - - ptr = strsep(&tmp, ","); - check_setname(ptr); - strcpy(mydata->name, ptr); - - if (!tmp) { - mydata->before = 0; - mydata->ref[0] = '\0'; - return 1; - } - - ptr = strsep(&tmp, ","); - - if (tmp == NULL \|\| !(strcmp(ptr, "before") == 0 \|\| strcmp(ptr, "after") == 0)) - exit_error(PARAMETER_PROBLEM, - "Syntax error, you must specify elements as setname,[before\|after],setname"); - - check_setname(tmp); - strcpy(mydata->ref, tmp); - mydata->before = !strcmp(ptr, "before"); - - free(saved); - - return 1; -} - -/ - * Print and save - / - -static void -setlist_initheader(struct set set, const void data) -{ - const struct ip_set_req_setlist_create header = data; - struct ip_set_setlist map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_setlist)); - map->size = header->size; -} - -static void -setlist_printheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_setlist mysetdata = set->settype->header; - - printf(" size: %u\n", mysetdata->size); -} - -static void -setlist_printips_sorted(struct set set, void data, - u_int32_t len UNUSED, unsigned options UNUSED, - char dont_align) -{ - struct ip_set_setlist mysetdata = set->settype->header; - int i, asize; - ip_set_id_t id; - struct set elem; - - asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); - for (i = 0; i < mysetdata->size; i++ ) { - DP("Try %u", i); - id = (ip_set_id_t )(data + i asize); - DP("Try %u, check", i); - if (id == IP_SET_INVALID_ID) - return; - elem = set_find_byid(id); - printf("%s\n", elem->name); - } -} - -static void -setlist_saveheader(struct set set, unsigned options UNUSED) -{ - struct ip_set_setlist mysetdata = set->settype->header; - - printf("-N %s %s --size %u\n", - set->name, set->settype->typename, - mysetdata->size); -} - -static void -setlist_saveips(struct set set, void data, - u_int32_t len UNUSED, unsigned options UNUSED, char dont_align) -{ - struct ip_set_setlist mysetdata = set->settype->header; - int i, asize; - ip_set_id_t id; - struct set elem; - - asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); - for (i = 0; i < mysetdata->size; i++ ) { - id = (ip_set_id_t )(data + i * asize); - if (id == IP_SET_INVALID_ID) - return; - elem = set_find_byid(id); - printf("-A %s %s\n", set->name, elem->name); - } -} - -static void -setlist_usage(void) -{ - printf - ("-N set setlist --size size\n" - "-A set setname[,before\|after,setname]\n" - "-D set setname\n" - "-T set setname\n"); -} - -static struct settype settype_setlist = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create / - .create_size = sizeof(struct ip_set_req_setlist_create), - .create_init = setlist_create_init, - .create_parse = setlist_create_parse, - .create_final = setlist_create_final, - .create_opts = create_opts, - - / Add/del/test / - .adt_size = sizeof(struct ip_set_req_setlist), - .adt_parser = setlist_adt_parser, - - / Printing */ - .header_size = sizeof(struct ip_set_setlist), - .initheader = setlist_initheader, - .printheader = setlist_printheader, - .printips = setlist_printips_sorted, - .printips_sorted = setlist_printips_sorted, - .saveheader = setlist_saveheader, - .saveips = setlist_saveips, - - .usage = setlist_usage, -}; - -CONSTRUCTOR(setlist) -{ - settype_register(&settype_setlist); - -}
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipt_SET.c ^
@@ -1,138 +0,0 @@ -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Martin Josefsson <gandalf@wlug.westbo.se> - * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ ipt_SET.c - netfilter target to manipulate IP sets / - -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include <linux/version.h> - -#include <linux/netfilter_ipv4.h> -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) -#include <linux/netfilter_ipv4/ip_tables.h> -#define xt_register_target ipt_register_target -#define xt_unregister_target ipt_unregister_target -#define xt_target ipt_target -#define XT_CONTINUE IPT_CONTINUE -#else -#include <linux/netfilter/x_tables.h> -#endif -#include "ipt_set.h" -#include "../compat_xtables.h" - -static unsigned int -target(struct sk_buff pskb, const struct xt_action_param par) -{ - const struct ipt_set_info_target info = par->targinfo; - - if (info->add_set.index != IP_SET_INVALID_ID) - ip_set_addip_kernel(info->add_set.index, - pskb, - info->add_set.flags); - if (info->del_set.index != IP_SET_INVALID_ID) - ip_set_delip_kernel(info->del_set.index, - pskb, - info->del_set.flags); - - return XT_CONTINUE; -} - -static int -checkentry(const struct xt_tgchk_param par) -{ - struct ipt_set_info_target info = par->targinfo; - ip_set_id_t index; - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) - if (targinfosize != IPT_ALIGN(sizeof(info))) { - DP("bad target info size %u", targinfosize); - return -EINVAL; - } -#endif - - if (info->add_set.index != IP_SET_INVALID_ID) { - index = ip_set_get_byindex(info->add_set.index); - if (index == IP_SET_INVALID_ID) { - ip_set_printk("cannot find add_set index %u as target", - info->add_set.index); - return -EINVAL; - } - } - - if (info->del_set.index != IP_SET_INVALID_ID) { - index = ip_set_get_byindex(info->del_set.index); - if (index == IP_SET_INVALID_ID) { - ip_set_printk("cannot find del_set index %u as target", - info->del_set.index); - return -EINVAL; - } - } - if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0 - \|\| info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) { - ip_set_printk("That's nasty!"); - return -EINVAL; - } - - return 0; -} - -static void destroy(const struct xt_tgdtor_param par) -{ - struct ipt_set_info_target info = par->targinfo; - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) - if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) { - ip_set_printk("invalid targetsize %d", targetsize); - return; - } -#endif - if (info->add_set.index != IP_SET_INVALID_ID) - ip_set_put_byindex(info->add_set.index); - if (info->del_set.index != IP_SET_INVALID_ID) - ip_set_put_byindex(info->del_set.index); -} - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) -static struct xt_target SET_target = { - .name = "SET", - .target = target, - .checkentry = checkentry, - .destroy = destroy, - .me = THIS_MODULE -}; -#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */ -static struct xt_target SET_target = { - .name = "SET", - .family = AF_INET, - .target = target, - .targetsize = sizeof(struct ipt_set_info_target), - .checkentry = checkentry, - .destroy = destroy, - .me = THIS_MODULE -}; -#endif - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("iptables IP set target module"); - -static int __init ipt_SET_init(void) -{ - return xt_register_target(&SET_target); -} - -static void __exit ipt_SET_fini(void) -{ - xt_unregister_target(&SET_target); -} - -module_init(ipt_SET_init); -module_exit(ipt_SET_fini);
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipt_set.c ^
@@ -1,126 +0,0 @@ -/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> - * Patrick Schaaf <bof@bof.de> - * Martin Josefsson <gandalf@wlug.westbo.se> - * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - / - -/ Kernel module to match an IP set. / - -#include <linux/module.h> -#include <linux/ip.h> -#include <linux/skbuff.h> -#include <linux/version.h> - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) -#include <linux/netfilter_ipv4/ip_tables.h> -#define xt_register_match ipt_register_match -#define xt_unregister_match ipt_unregister_match -#define xt_match ipt_match -#else -#include <linux/netfilter/x_tables.h> -#endif -#include "ip_set.h" -#include "ipt_set.h" -#include "../compat_xtables.h" - -static inline int -match_set(const struct ipt_set_info info, - const struct sk_buff skb, - int inv) -{ - if (ip_set_testip_kernel(info->index, skb, info->flags)) - inv = !inv; - return inv; -} - -static bool -match(const struct sk_buff skb, struct xt_action_param par) -{ - const struct ipt_set_info_match info = par->matchinfo; - - return match_set(&info->match_set, - skb, - info->match_set.flags[0] & IPSET_MATCH_INV); -} - -static int -checkentry(const struct xt_mtchk_param par) -{ - struct ipt_set_info_match info = par->matchinfo; - ip_set_id_t index; - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) - if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { - ip_set_printk("invalid matchsize %d", matchsize); - return -EINVAL; - } -#endif - - index = ip_set_get_byindex(info->match_set.index); - - if (index == IP_SET_INVALID_ID) { - ip_set_printk("Cannot find set indentified by id %u to match", - info->match_set.index); - return -ENOENT; - } - if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) { - ip_set_printk("That's nasty!"); - return -EINVAL; - } - - return 0; -} - -static void destroy(const struct xt_mtdtor_param par) -{ - struct ipt_set_info_match info = par->matchinfo; - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) - if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { - ip_set_printk("invalid matchsize %d", matchsize); - return; - } -#endif - ip_set_put_byindex(info->match_set.index); -} - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) -static struct xt_match set_match = { - .name = "set", - .match = &match, - .checkentry = &checkentry, - .destroy = &destroy, - .me = THIS_MODULE -}; -#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */ -static struct xt_match set_match = { - .name = "set", - .family = AF_INET, - .match = &match, - .matchsize = sizeof(struct ipt_set_info_match), - .checkentry = &checkentry, - .destroy = &destroy, - .me = THIS_MODULE -}; -#endif - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); -MODULE_DESCRIPTION("iptables IP set match module"); - -static int __init ipt_ipset_init(void) -{ - return xt_register_match(&set_match); -} - -static void __exit ipt_ipset_fini(void) -{ - xt_unregister_match(&set_match); -} - -module_init(ipt_ipset_init); -module_exit(ipt_ipset_fini);
[-] [+]	Deleted	xtables-addons-1.38.tar.bz2/extensions/ipset-4/ipt_set.h ^
@@ -1,21 +0,0 @@ -#ifndef _IPT_SET_H -#define _IPT_SET_H - -#include "ip_set.h" - -struct ipt_set_info { - ip_set_id_t index; - u_int32_t flags[IP_SET_MAX_BINDINGS + 1]; -}; - -/* match info / -struct ipt_set_info_match { - struct ipt_set_info match_set; -}; - -struct ipt_set_info_target { - struct ipt_set_info add_set; - struct ipt_set_info del_set; -}; - -#endif /_IPT_SET_H*/
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for xtables-addons 1.38. +# Generated by GNU Autoconf 2.68 for xtables-addons 1.39. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -706,8 +706,8 @@ # Identity of this package. PACKAGE_NAME='xtables-addons' PACKAGE_TARNAME='xtables-addons' -PACKAGE_VERSION='1.38' -PACKAGE_STRING='xtables-addons 1.38' +PACKAGE_VERSION='1.39' +PACKAGE_STRING='xtables-addons 1.39' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1441,7 +1441,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xtables-addons 1.38 to adapt to many kinds of systems. +\`configure' configures xtables-addons 1.39 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1511,7 +1511,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of xtables-addons 1.38:";; + short \| recursive ) echo "Configuration of xtables-addons 1.39:";; esac cat <<\_ACEOF @@ -1628,7 +1628,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xtables-addons configure 1.38 +xtables-addons configure 1.39 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1993,7 +1993,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xtables-addons $as_me 1.38, which was +It was created by xtables-addons $as_me 1.39, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2811,7 +2811,7 @@ # Define the identity of the package. PACKAGE='xtables-addons' - VERSION='1.38' + VERSION='1.39' cat >>confdefs.h <<_ACEOF @@ -10944,7 +10944,7 @@ -ac_config_files="$ac_config_files Makefile Makefile.iptrules Makefile.mans geoip/Makefile extensions/Makefile extensions/ACCOUNT/Makefile extensions/ipset-4/Makefile extensions/ipset-6/Makefile extensions/pknock/Makefile" +ac_config_files="$ac_config_files Makefile Makefile.iptrules Makefile.mans geoip/Makefile extensions/Makefile extensions/ACCOUNT/Makefile extensions/ipset-6/Makefile extensions/pknock/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -11480,7 +11480,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xtables-addons $as_me 1.38, which was +This file was extended by xtables-addons $as_me 1.39, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -11546,7 +11546,7 @@ cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xtables-addons config.status 1.38 +xtables-addons config.status 1.39 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -11939,7 +11939,6 @@ "geoip/Makefile") CONFIG_FILES="$CONFIG_FILES geoip/Makefile" ;; "extensions/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/Makefile" ;; "extensions/ACCOUNT/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/ACCOUNT/Makefile" ;; - "extensions/ipset-4/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/ipset-4/Makefile" ;; "extensions/ipset-6/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/ipset-6/Makefile" ;; "extensions/pknock/Makefile") CONFIG_FILES="$CONFIG_FILES extensions/pknock/Makefile" ;;
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/configure.ac ^
@@ -1,4 +1,4 @@ -AC_INIT([xtables-addons], [1.38]) +AC_INIT([xtables-addons], [1.39]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) AC_PROG_INSTALL @@ -78,6 +78,6 @@ AC_SUBST([xtlibdir]) AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans geoip/Makefile extensions/Makefile extensions/ACCOUNT/Makefile - extensions/ipset-4/Makefile extensions/ipset-6/Makefile + extensions/ipset-6/Makefile extensions/pknock/Makefile]) AC_OUTPUT
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/doc/changelog.txt ^
@@ -3,6 +3,18 @@ ==== +v1.39 (2011-09-21) +================== +Fixes: +- libxt_ACCOUNT: fix compilation after missing libxtables_CFLAGS +- build: fix compilation after missing libxtables_CFLAGS in submodules +- build: add missing linux/version.h includes where needed +Changes: +- Remove unsupported ipset 4.x from the Xtables-addons distribution +- ipset: move ipset_errcode from src to library to avoid undefined reference +- update to ipset 6.9.1 + + v1.38 (2011-08-20) ================== - xt_CHECKSUM: abort build when the feature is already provided by mainline
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ACCOUNT/Makefile.am ^
@@ -1,7 +1,7 @@ # -- Makefile -- AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions -AM_CFLAGS = ${regular_CFLAGS} +AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS} include ../../Makefile.extra
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ACCOUNT/Makefile.in ^
@@ -247,7 +247,7 @@ top_srcdir = @top_srcdir@ xtlibdir = @xtlibdir@ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions -AM_CFLAGS = ${regular_CFLAGS} +AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS} XA_SRCDIR = ${srcdir} XA_TOPSRCDIR = ${top_srcdir} XA_ABSTOPSRCDIR = ${abs_top_srcdir}
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/Kbuild ^
@@ -27,7 +27,6 @@ obj-${build_geoip} += xt_geoip.o obj-${build_iface} += xt_iface.o obj-${build_ipp2p} += xt_ipp2p.o -obj-${build_ipset4} += ipset-4/ obj-${build_ipset6} += ipset-6/ obj-${build_ipv4options} += xt_ipv4options.o obj-${build_length2} += xt_length2.o
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/Mbuild ^
@@ -19,7 +19,6 @@ obj-${build_geoip} += libxt_geoip.so obj-${build_iface} += libxt_iface.so obj-${build_ipp2p} += libxt_ipp2p.so -obj-${build_ipset4} += ipset-4/ obj-${build_ipset6} += ipset-6/ obj-${build_ipv4options} += libxt_ipv4options.so obj-${build_length2} += libxt_length2.so
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/Kbuild ^
@@ -8,4 +8,4 @@ ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o -EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256 +EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256 -DIPSET_EXTERNAL_MODULE=1
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/Makefile.am ^
@@ -8,12 +8,12 @@ lib_LTLIBRARIES = libipset.la libipset_la_SOURCES = libipset/data.c libipset/icmp.c libipset/icmpv6.c \ libipset/mnl.c libipset/parse.c libipset/print.c \ - libipset/session.c libipset/types.c + libipset/session.c libipset/types.c libipset/errcode.c libipset_la_LIBADD = ${libmnl_LIBS} libipset_la_LDFLAGS = -version-info 1:0:0 sbin_PROGRAMS = ipset -ipset_SOURCES = src/ipset.c src/errcode.c src/ui.c src/ipset_bitmap_ip.c \ +ipset_SOURCES = src/ipset.c src/ui.c src/ipset_bitmap_ip.c \ src/ipset_bitmap_ipmac.c src/ipset_bitmap_port.c \ src/ipset_hash_ip.c src/ipset_hash_ipport.c \ src/ipset_hash_ipportip.c src/ipset_hash_ipportnet.c \
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/Makefile.in ^
@@ -84,7 +84,8 @@ am__dirstamp = $(am__leading_dot)dirstamp am_libipset_la_OBJECTS = libipset/data.lo libipset/icmp.lo \ libipset/icmpv6.lo libipset/mnl.lo libipset/parse.lo \ - libipset/print.lo libipset/session.lo libipset/types.lo + libipset/print.lo libipset/session.lo libipset/types.lo \ + libipset/errcode.lo libipset_la_OBJECTS = $(am_libipset_la_OBJECTS) AM_V_lt = $(am__v_lt_$(V)) am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY)) @@ -93,9 +94,8 @@ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libipset_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(sbin_PROGRAMS) -am_ipset_OBJECTS = src/ipset.$(OBJEXT) src/errcode.$(OBJEXT) \ - src/ui.$(OBJEXT) src/ipset_bitmap_ip.$(OBJEXT) \ - src/ipset_bitmap_ipmac.$(OBJEXT) \ +am_ipset_OBJECTS = src/ipset.$(OBJEXT) src/ui.$(OBJEXT) \ + src/ipset_bitmap_ip.$(OBJEXT) src/ipset_bitmap_ipmac.$(OBJEXT) \ src/ipset_bitmap_port.$(OBJEXT) src/ipset_hash_ip.$(OBJEXT) \ src/ipset_hash_ipport.$(OBJEXT) \ src/ipset_hash_ipportip.$(OBJEXT) \ @@ -270,11 +270,11 @@ lib_LTLIBRARIES = libipset.la libipset_la_SOURCES = libipset/data.c libipset/icmp.c libipset/icmpv6.c \ libipset/mnl.c libipset/parse.c libipset/print.c \ - libipset/session.c libipset/types.c + libipset/session.c libipset/types.c libipset/errcode.c libipset_la_LIBADD = ${libmnl_LIBS} libipset_la_LDFLAGS = -version-info 1:0:0 -ipset_SOURCES = src/ipset.c src/errcode.c src/ui.c src/ipset_bitmap_ip.c \ +ipset_SOURCES = src/ipset.c src/ui.c src/ipset_bitmap_ip.c \ src/ipset_bitmap_ipmac.c src/ipset_bitmap_port.c \ src/ipset_hash_ip.c src/ipset_hash_ipport.c \ src/ipset_hash_ipportip.c src/ipset_hash_ipportnet.c \ @@ -371,6 +371,8 @@ libipset/$(DEPDIR)/$(am__dirstamp) libipset/types.lo: libipset/$(am__dirstamp) \ libipset/$(DEPDIR)/$(am__dirstamp) +libipset/errcode.lo: libipset/$(am__dirstamp) \ + libipset/$(DEPDIR)/$(am__dirstamp) libipset.la: $(libipset_la_OBJECTS) $(libipset_la_DEPENDENCIES) $(AM_V_CCLD)$(libipset_la_LINK) -rpath $(libdir) $(libipset_la_OBJECTS) $(libipset_la_LIBADD) $(LIBS) install-sbinPROGRAMS: $(sbin_PROGRAMS) @@ -423,8 +425,6 @@ @$(MKDIR_P) src/$(DEPDIR) @: > src/$(DEPDIR)/$(am__dirstamp) src/ipset.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp) -src/errcode.$(OBJEXT): src/$(am__dirstamp) \ - src/$(DEPDIR)/$(am__dirstamp) src/ui.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp) src/ipset_bitmap_ip.$(OBJEXT): src/$(am__dirstamp) \ src/$(DEPDIR)/$(am__dirstamp) @@ -456,6 +456,8 @@ -rm -f .$(OBJEXT) -rm -f libipset/data.$(OBJEXT) -rm -f libipset/data.lo + -rm -f libipset/errcode.$(OBJEXT) + -rm -f libipset/errcode.lo -rm -f libipset/icmp.$(OBJEXT) -rm -f libipset/icmp.lo -rm -f libipset/icmpv6.$(OBJEXT) @@ -470,7 +472,6 @@ -rm -f libipset/session.lo -rm -f libipset/types.$(OBJEXT) -rm -f libipset/types.lo - -rm -f src/errcode.$(OBJEXT) -rm -f src/ipset.$(OBJEXT) -rm -f src/ipset_bitmap_ip.$(OBJEXT) -rm -f src/ipset_bitmap_ipmac.$(OBJEXT) @@ -489,6 +490,7 @@ -rm -f .tab.c @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/errcode.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/icmp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/icmpv6.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/mnl.Plo@am__quote@ @@ -496,7 +498,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/print.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/session.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@libipset/$(DEPDIR)/types.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/errcode.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/ipset.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/ipset_bitmap_ip.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/ipset_bitmap_ipmac.Po@am__quote@
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/include/libipset/linux_ip_set.h ^
@@ -11,6 +11,8 @@ * published by the Free Software Foundation. / +#include <linux/types.h> + / The protocol version / #define IPSET_PROTOCOL 0x60 @@ -168,4 +170,30 @@ IPSET_CADT_MAX, }; +/ Sets are identified by an index in kernel space. Tweak with ip_set_id_t + * and IPSET_INVALID_ID if you want to increase the max number of sets. + / +typedef __u16 ip_set_id_t; + +#define IPSET_INVALID_ID 65535 + +enum ip_set_dim { + IPSET_DIM_ZERO = 0, + IPSET_DIM_ONE, + IPSET_DIM_TWO, + IPSET_DIM_THREE, + / Max dimension in elements. + * If changed, new revision of iptables match/target is required. + / + IPSET_DIM_MAX = 6, +}; + +/ Option flags for kernel operations / +enum ip_set_kopt { + IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), + IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), + IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), + IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), +}; + #endif / __IP_SET_H */
[-] [+]	Added	xtables-addons-1.39.tar.bz2/extensions/ipset-6/include/libipset/nfproto.h ^
@@ -0,0 +1,19 @@ +#ifndef LIBIPSET_NFPROTO_H +#define LIBIPSET_NFPROTO_H + +/* + * The constants to select, same as in linux/netfilter.h. + * Like nf_inet_addr.h, this is just here so that we need not to rely on + * the presence of a recent-enough netfilter.h. + / +enum { + NFPROTO_UNSPEC = 0, + NFPROTO_IPV4 = 2, + NFPROTO_ARP = 3, + NFPROTO_BRIDGE = 7, + NFPROTO_IPV6 = 10, + NFPROTO_DECNET = 12, + NFPROTO_NUMPROTO, +}; + +#endif / LIBIPSET_NFPROTO_H */
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/include/libipset/types.h ^
@@ -14,24 +14,22 @@ #include <libipset/parse.h> /* ipset_parsefn / #include <libipset/print.h> / ipset_printfn / #include <libipset/linux_ip_set.h> / IPSET_MAXNAMELEN / - -#define AF_INET46 255 +#include <libipset/nfproto.h> / for NFPROTO_ / / Family rules: - * - AF_UNSPEC: type is family-neutral - * - AF_INET: type supports IPv4 only - * - AF_INET6: type supports IPv6 only - * - AF_INET46: type supports both IPv4 and IPv6 + * - NFPROTO_UNSPEC: type is family-neutral + * - NFPROTO_IPV4: type supports IPv4 only + * - NFPROTO_IPV6: type supports IPv6 only + * Special (userspace) ipset-only extra value: + * - NFPROTO_IPSET_IPV46: type supports both IPv4 and IPv6 / - -/ Set dimensions / enum { - IPSET_DIM_ONE, / foo / - IPSET_DIM_TWO, / foo,bar / - IPSET_DIM_THREE, / foo,bar,fie / - IPSET_DIM_MAX, + NFPROTO_IPSET_IPV46 = 255, }; +/ The maximal type dimension userspace supports / +#define IPSET_DIM_UMAX 3 + / Parser options / enum { IPSET_NO_ARG = -1, @@ -76,7 +74,7 @@ uint8_t dimension; / elem dimension / int8_t kernel_check; / kernel check / bool last_elem_optional; / last element optional / - struct ipset_elem elem[IPSET_DIM_MAX]; / parse elem / + struct ipset_elem elem[IPSET_DIM_UMAX]; / parse elem / ipset_parsefn compat_parse_elem; / compatibility parser / const struct ipset_arg args[IPSET_CADT_MAX]; /* create/ADT args besides elem / uint64_t mandatory[IPSET_CADT_MAX]; / create/ADT mandatory flags */
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set.h ^
@@ -11,6 +11,7 @@ * published by the Free Software Foundation. / +#include <linux/types.h> #include <linux/netlink.h> / The protocol version / @@ -170,19 +171,10 @@ IPSET_CADT_MAX, }; -#ifdef __KERNEL__ -#include <linux/ip.h> -#include <linux/ipv6.h> -#include <linux/netlink.h> -#include <linux/netfilter.h> -#include <linux/netfilter/x_tables.h> -#include <linux/vmalloc.h> -#include <net/netlink.h> - / Sets are identified by an index in kernel space. Tweak with ip_set_id_t * and IPSET_INVALID_ID if you want to increase the max number of sets. / -typedef u16 ip_set_id_t; +typedef __u16 ip_set_id_t; #define IPSET_INVALID_ID 65535 @@ -205,6 +197,15 @@ IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), }; +#ifdef __KERNEL__ +#include <linux/ip.h> +#include <linux/ipv6.h> +#include <linux/netlink.h> +#include <linux/netfilter.h> +#include <linux/netfilter/x_tables.h> +#include <linux/vmalloc.h> +#include <net/netlink.h> + / Set features / enum ip_set_feature { IPSET_TYPE_IP_FLAG = 0, @@ -290,7 +291,10 @@ u8 features; / Set type dimension / u8 dimension; - / Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 / + / + * Supported family: may be NFPROTO_UNSPEC for both + * NFPROTO_IPV4/NFPROTO_IPV6. + / u8 family; / Type revisions / u8 revision_min, revision_max; @@ -465,6 +469,8 @@ return 4 ((((b - a + 8) / 8) + 3) / 4); } +#endif /* __KERNEL__ / + / Interface to iptables/ip6tables / #define SO_IP_SET 83 @@ -490,6 +496,4 @@ unsigned version; }; -#endif / __KERNEL__ / - #endif /_IP_SET_H */
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_bitmap_ip.c ^
@@ -442,7 +442,7 @@ map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -550,7 +550,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ip_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_bitmap_ipmac.c ^
@@ -543,7 +543,7 @@ map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -623,7 +623,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP \| IPSET_TYPE_MAC, .dimension = IPSET_DIM_TWO, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ipmac_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_bitmap_port.c ^
@@ -422,7 +422,7 @@ map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_UNSPEC; + set->family = NFPROTO_UNSPEC; return true; } @@ -483,7 +483,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_PORT, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = bitmap_port_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_core.c ^
@@ -17,7 +17,9 @@ #include <linux/spinlock.h> #include <linux/netlink.h> #include <linux/rculist.h> +#ifdef IPSET_EXTERNAL_MODULE #include <linux/version.h> +#endif #include <net/netlink.h> #include <linux/netfilter.h> @@ -75,7 +77,7 @@ list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family \|\| type->family == AF_UNSPEC) && + (type->family == family \|\| type->family == NFPROTO_UNSPEC) && revision >= type->revision_min && revision <= type->revision_max) return type; @@ -83,37 +85,42 @@ } /* Unlock, try to load a set type module and lock again / -static int -try_to_load_type(const char name) +static bool +load_settype(const char name) { genl_unlock(); pr_debug("try to load ip_set_%s\n", name); if (request_module("ip_set_%s", name) < 0) { pr_warning("Can't find ip_set type %s\n", name); genl_lock(); - return -IPSET_ERR_FIND_TYPE; + return false; } genl_lock(); - return -EAGAIN; + return true; } / Find a set type and reference it / +#define find_set_type_get(name, family, revision, found) \ + __find_set_type_get(name, family, revision, found, false) + static int -find_set_type_get(const char name, u8 family, u8 revision, - struct ip_set_type *found) +__find_set_type_get(const char name, u8 family, u8 revision, + struct ip_set_type *found, bool retry) { struct ip_set_type type; - unsigned int retry = 0; int err; -retry: + if (retry && !load_settype(name)) + return -IPSET_ERR_FIND_TYPE; + rcu_read_lock(); found = find_set_type(name, family, revision); if (found) { err = !try_module_get((found)->me) ? -EFAULT : 0; goto unlock; } - / Make sure the type is loaded but we don't support the revision / + / Make sure the type is already loaded + * but we don't support the revision / list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name)) { err = -IPSET_ERR_FIND_TYPE; @@ -121,10 +128,8 @@ } rcu_read_unlock(); - err = try_to_load_type(name); - if (err == -EAGAIN && retry++ == 0) - goto retry; - return err; + return retry ? -IPSET_ERR_FIND_TYPE : + __find_set_type_get(name, family, revision, found, true); unlock: rcu_read_unlock(); @@ -135,20 +140,24 @@ If we succeeded, the supported minimal and maximum revisions are * filled out. / +#define find_set_type_minmax(name, family, min, max) \ + __find_set_type_minmax(name, family, min, max, false) + static int -find_set_type_minmax(const char name, u8 family, u8 min, u8 max) +__find_set_type_minmax(const char name, u8 family, u8 min, u8 max, + bool retry) { struct ip_set_type type; bool found = false; - unsigned int retry = 0; - int err; -retry: + if (retry && !load_settype(name)) + return -IPSET_ERR_FIND_TYPE; + min = 255; max = 0; rcu_read_lock(); list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family \|\| type->family == AF_UNSPEC)) { + (type->family == family \|\| type->family == NFPROTO_UNSPEC)) { found = true; if (type->revision_min < min) min = type->revision_min; @@ -159,14 +168,12 @@ if (found) return 0; - err = try_to_load_type(name); - if (err == -EAGAIN && retry++ == 0) - goto retry; - return err; + return retry ? -IPSET_ERR_FIND_TYPE : + __find_set_type_minmax(name, family, min, max, true); } -#define family_name(f) ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") +#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") /* Register a set type structure. The type is identified by * the unique triple of name, family and revision. @@ -360,7 +367,7 @@ pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension \|\| - !(opt->family == set->family \|\| set->family == AF_UNSPEC)) + !(opt->family == set->family \|\| set->family == NFPROTO_UNSPEC)) return 0; read_lock_bh(&set->lock); @@ -393,7 +400,7 @@ pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension \|\| - !(opt->family == set->family \|\| set->family == AF_UNSPEC)) + !(opt->family == set->family \|\| set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -416,7 +423,7 @@ pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension \|\| - !(opt->family == set->family \|\| set->family == AF_UNSPEC)) + !(opt->family == set->family \|\| set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -1137,6 +1144,7 @@ if (ret \|\| !cb->args[2]) { pr_debug("release set %s\n", ip_set_list[index]->name); ip_set_put_byindex(index); + cb->args[2] = 0; } out: if (nlh) { @@ -1160,12 +1168,12 @@ return -IPSET_ERR_PROTOCOL; genl_unlock(); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 1, 0) - ret = netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done, 0); -#else ret = netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, +#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) ip_set_dump_done); +#else + ip_set_dump_done, 0); #endif genl_lock(); return ret; @@ -1738,10 +1746,8 @@ ip_set_list = kzalloc(sizeof(struct ip_set ) ip_set_max, GFP_KERNEL); - if (!ip_set_list) { - pr_err("ip_set: Unable to create ip_set_list\n"); + if (!ip_set_list) return -ENOMEM; - } ret = genl_register_family_with_ops(&ip_set_netlink_subsys, ip_set_netlink_subsys_cb, ARRAY_SIZE(ip_set_netlink_subsys_cb));
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_getport.c ^
@@ -133,10 +133,10 @@ u8 proto; switch (pf) { - case AF_INET: + case NFPROTO_IPV4: ret = ip_set_get_ip4_port(skb, src, port, &proto); break; - case AF_INET6: + case NFPROTO_IPV6: ret = ip_set_get_ip6_port(skb, src, port, &proto); break; default:
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ip.c ^
@@ -366,11 +366,11 @@ u8 netmask, hbits; struct ip_set_hash *h; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; - netmask = set->family == AF_INET ? 32 : 128; + netmask = set->family == NFPROTO_IPV4 ? 32 : 128; pr_debug("Create set %s with family %s\n", - set->name, set->family == AF_INET ? "inet" : "inet6"); + set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) \|\| @@ -389,8 +389,8 @@ if (tb[IPSET_ATTR_NETMASK]) { netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); - if ((set->family == AF_INET && netmask > 32) \|\| - (set->family == AF_INET6 && netmask > 128) \|\| + if ((set->family == NFPROTO_IPV4 && netmask > 32) \|\| + (set->family == NFPROTO_IPV6 && netmask > 128) \|\| netmask == 0) return -IPSET_ERR_INVALID_NETMASK; } @@ -419,15 +419,15 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_tvariant : &hash_ip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ip4_gc_init(set); else hash_ip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_variant : &hash_ip6_variant; } @@ -443,7 +443,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = hash_ip_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ipport.c ^
@@ -450,7 +450,7 @@ u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| @@ -490,15 +490,15 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_tvariant : &hash_ipport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipport4_gc_init(set); else hash_ipport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_variant : &hash_ipport6_variant; } @@ -514,7 +514,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP \| IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipport_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ipportip.c ^
@@ -468,7 +468,7 @@ u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| @@ -508,15 +508,15 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportip4_gc_init(set); else hash_ipportip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_variant : &hash_ipportip6_variant; } @@ -532,7 +532,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP \| IPSET_TYPE_PORT \| IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipportip_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_ipportnet.c ^
@@ -554,7 +554,7 @@ u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| @@ -573,7 +573,7 @@ h = kzalloc(sizeof(h) + sizeof(struct ip_set_hash_nets) - (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -596,16 +596,16 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_tvariant : &hash_ipportnet6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportnet4_gc_init(set); else hash_ipportnet6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_variant : &hash_ipportnet6_variant; } @@ -621,7 +621,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP \| IPSET_TYPE_PORT \| IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added / .revision_max = 2, / Range as input support for IPv4 added */
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_net.c ^
@@ -406,7 +406,7 @@ struct ip_set_hash h; u8 hbits; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| @@ -425,7 +425,7 @@ h = kzalloc(sizeof(h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -448,15 +448,15 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_tvariant : &hash_net6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_net4_gc_init(set); else hash_net6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_variant : &hash_net6_variant; } @@ -472,7 +472,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* Range as input support for IPv4 added */ .create = hash_net_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_netiface.c ^
@@ -678,7 +678,7 @@ u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| @@ -697,7 +697,7 @@ h = kzalloc(sizeof(h) + sizeof(struct ip_set_hash_nets) - (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -722,15 +722,15 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_tvariant : &hash_netiface6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netiface4_gc_init(set); else hash_netiface6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_variant : &hash_netiface6_variant; } @@ -746,7 +746,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP \| IPSET_TYPE_IFACE, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .create = hash_netiface_create, .create_policy = {
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_hash_netport.c ^
@@ -507,7 +507,7 @@ u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET \|\| set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 \|\| set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) \|\| @@ -526,7 +526,7 @@ h = kzalloc(sizeof(h) + sizeof(struct ip_set_hash_nets) - (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -549,15 +549,15 @@ if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_tvariant : &hash_netport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netport4_gc_init(set); else hash_netport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_variant : &hash_netport6_variant; } @@ -573,7 +573,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP \| IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added / .revision_max = 2, / Range as input support for IPv4 added */
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/ip_set_list_set.c ^
@@ -575,7 +575,7 @@ .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_NAME \| IPSET_DUMP_LAST, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = list_set_create,
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/data.c ^
@@ -8,7 +8,6 @@ #include <arpa/inet.h> /* ntoh* / #include <net/ethernet.h> / ETH_ALEN / #include <net/if.h> / IFNAMSIZ / -#include <sys/socket.h> / AF_ / #include <stdlib.h> / malloc, free / #include <string.h> / memset / @@ -81,7 +80,7 @@ static void copy_addr(uint8_t family, union nf_inet_addr ip, const void value) { - if (family == AF_INET) + if (family == NFPROTO_IPV4) in4cpy(&ip->in, value); else in6cpy(&ip->in6, value); @@ -213,12 +212,12 @@ break; / CADT options / case IPSET_OPT_IP: - if (!(data->family == AF_INET \|\| data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 \|\| data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip, value); break; case IPSET_OPT_IP_TO: - if (!(data->family == AF_INET \|\| data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 \|\| data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip_to, value); break; @@ -288,12 +287,12 @@ ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN); break; case IPSET_OPT_IP2: - if (!(data->family == AF_INET \|\| data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 \|\| data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2, value); break; case IPSET_OPT_IP2_TO: - if (!(data->family == AF_INET \|\| data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 \|\| data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2_to, value); break; @@ -456,7 +455,7 @@ case IPSET_OPT_IP_TO: case IPSET_OPT_IP2: case IPSET_OPT_IP2_TO: - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: @@ -511,14 +510,14 @@ @data: data blob * * Return the INET family supported by the set from the data blob. - * If the family is not set yet, AF_UNSPEC is returned. + * If the family is not set yet, NFPROTO_UNSPEC is returned. / uint8_t ipset_data_family(const struct ipset_data data) { assert(data); return ipset_data_test(data, IPSET_OPT_FAMILY) - ? data->family : AF_UNSPEC; + ? data->family : NFPROTO_UNSPEC; } / @@ -534,8 +533,8 @@ { assert(data); return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : - data->family == AF_INET6 ? 128 : 0; + data->family == NFPROTO_IPV4 ? 32 : + data->family == NFPROTO_IPV6 ? 128 : 0; } /
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/debug.c ^
@@ -116,14 +116,14 @@ d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV4]); - inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV6]); - inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); }
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/errcode.c ^
(renamed to extensions/ipset-6/libipset/errcode.c)
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/errcode.c ^
(renamed to extensions/ipset-6/libipset/errcode.c)
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/parse.c ^
@@ -511,7 +511,7 @@ tmp = a; goto parse_port; case IPPROTO_ICMP: - if (family != AF_INET) { + if (family != NFPROTO_IPV4) { syntax_err("Protocol ICMP can be used " "with family INET only"); goto error; @@ -519,7 +519,7 @@ err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: - if (family != AF_INET6) { + if (family != NFPROTO_IPV6) { syntax_err("Protocol ICMPv6 can be used " "with family INET6 only"); goto error; @@ -577,11 +577,11 @@ "multiple times"); if (STREQ(str, "inet") \|\| STREQ(str, "ipv4") \|\| STREQ(str, "-4")) - family = AF_INET; + family = NFPROTO_IPV4; else if (STREQ(str, "inet6") \|\| STREQ(str, "ipv6") \|\| STREQ(str, "-6")) - family = AF_INET6; + family = NFPROTO_IPV6; else if (STREQ(str, "any") \|\| STREQ(str, "unspec")) - family = AF_UNSPEC; + family = NFPROTO_UNSPEC; else return syntax_err("unknown INET family %s", str); @@ -610,7 +610,7 @@ if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", + str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4", gai_strerror(err)); return NULL; } else @@ -625,13 +625,13 @@ uint8_t family) { struct addrinfo i; - size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) + size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); int found, err = 0; if ((info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return EINVAL; } @@ -639,7 +639,7 @@ if (i->ai_family != family \|\| i->ai_addrlen != addrlen) continue; if (found == 0) { - if (family == AF_INET) { + if (family == NFPROTO_IPV4) { /* Workaround: direct cast increases * required alignment on Sparc / @@ -668,7 +668,7 @@ if (found == 0) return syntax_err("cannot parse %s: " "%s address could not be resolved", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return err; } @@ -677,7 +677,7 @@ enum ipset_opt opt, const char str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; + uint8_t m = family == NFPROTO_IPV4 ? 32 : 128; int aerr = EINVAL, err = 0, range = 0; char saved = strdup(str); char a, tmp = saved; @@ -737,7 +737,7 @@ { char a = cidr_separator(str); - return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); + return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128"); } static int @@ -747,8 +747,8 @@ struct ipset_data *data = ipset_session_data(session); uint8_t family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -985,12 +985,12 @@ data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? ipset_parse_ip(session, opt, str) + return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); } @@ -1025,12 +1025,12 @@ data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) + return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); } @@ -1330,21 +1330,21 @@ data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124, + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124, &cidr); if (err) return syntax_err("netmask is out of the inclusive range " "of %u-%u", - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124); + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124); return ipset_data_set(data, opt, &cidr); } @@ -1525,9 +1525,9 @@ #define parse_elem(s, t, d, str) \ do { \ - if (!(t)->elem[d].parse) \ + if (!(t)->elem[d - 1].parse) \ goto internal; \ - ret = (t)->elem[d].parse(s, (t)->elem[d].opt, str); \ + ret = (t)->elem[d - 1].parse(s, (t)->elem[d - 1].opt, str); \ if (ret) \ goto out; \ } while (0) @@ -1582,7 +1582,7 @@ } else if (a != NULL) { if (type->compat_parse_elem) { ret = type->compat_parse_elem(session, - type->elem[IPSET_DIM_ONE].opt, + type->elem[IPSET_DIM_ONE - 1].opt, saved); goto out; }
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/print.c ^
@@ -152,7 +152,7 @@ memset(&saddr, 0, sizeof(saddr)); in4cpy(&saddr.sin_addr, &addr->in); - saddr.sin_family = AF_INET; + saddr.sin_family = NFPROTO_IPV4; err = getnameinfo((const struct sockaddr )&saddr, sizeof(saddr), @@ -178,7 +178,7 @@ memset(&saddr, 0, sizeof(saddr)); in6cpy(&saddr.sin6_addr, &addr->in6); - saddr.sin6_family = AF_INET6; + saddr.sin6_family = NFPROTO_IPV6; err = getnameinfo((const struct sockaddr )&saddr, sizeof(saddr), @@ -253,14 +253,14 @@ cidr = (const uint8_t ) ipset_data_get(data, cidropt); D("CIDR: %u", cidr); } else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf, len, flags, ip, cidr); else return -1; @@ -275,9 +275,9 @@ SNPRINTF_FAILURE(size, len, offset); ip = ipset_data_get(data, IPSET_OPT_IP_TO); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf + offset, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; @@ -320,14 +320,14 @@ if (ipset_data_test(data, cidropt)) cidr = (const uint8_t ) ipset_data_get(data, cidropt); else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) return snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) return snprintf_ipv6(buf, len, flags, ip, cidr); return -1; @@ -705,30 +705,30 @@ if (!type) return -1; - size = type->elem[IPSET_DIM_ONE].print(buf, len, data, - type->elem[IPSET_DIM_ONE].opt, env); + size = type->elem[IPSET_DIM_ONE - 1].print(buf, len, data, + type->elem[IPSET_DIM_ONE - 1].opt, env); SNPRINTF_FAILURE(size, len, offset); - IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt), + IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt), "print second elem"); if (type->dimension == IPSET_DIM_ONE \|\| (type->last_elem_optional && - !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt))) + !ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt))) return offset; size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); SNPRINTF_FAILURE(size, len, offset); - size = type->elem[IPSET_DIM_TWO].print(buf + offset, len, data, - type->elem[IPSET_DIM_TWO].opt, env); + size = type->elem[IPSET_DIM_TWO - 1].print(buf + offset, len, data, + type->elem[IPSET_DIM_TWO - 1].opt, env); SNPRINTF_FAILURE(size, len, offset); if (type->dimension == IPSET_DIM_TWO \|\| (type->last_elem_optional && - !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt))) + !ipset_data_test(data, type->elem[IPSET_DIM_THREE - 1].opt))) return offset; size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); SNPRINTF_FAILURE(size, len, offset); - size = type->elem[IPSET_DIM_THREE].print(buf + offset, len, data, - type->elem[IPSET_DIM_THREE].opt, env); + size = type->elem[IPSET_DIM_THREE - 1].print(buf + offset, len, data, + type->elem[IPSET_DIM_THREE - 1].opt, env); SNPRINTF_FAILURE(size, len, offset); return offset;
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/session.c ^
@@ -570,7 +570,7 @@ /* Validate by hand / switch (family) { - case AF_INET: + case NFPROTO_IPV4: atype = IPSET_ATTR_IPADDR_IPV4; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv4 address " @@ -580,7 +580,7 @@ "cannot validate IPv4 " "address attribute!"); break; - case AF_INET6: + case NFPROTO_IPV6: atype = IPSET_ATTR_IPADDR_IPV6; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv6 address " @@ -816,8 +816,8 @@ } #define FAMILY_TO_STR(f) \ - ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") + ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") static int list_create(struct ipset_session session, struct nlattr nla[]) @@ -1415,7 +1415,7 @@ return attr->len; flags = NLA_F_NET_BYTEORDER; - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case MNL_TYPE_U32: flags = NLA_F_NET_BYTEORDER; @@ -1448,7 +1448,7 @@ if (attr->type == MNL_TYPE_NESTED) { / IP addresses / struct nlattr nested; - int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4 + int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); @@ -1456,8 +1456,8 @@ MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); - D("family: %s", family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC"); + D("family: %s", family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype \| flags, alen, d); mnl_attr_nest_end(nlh, nested); @@ -1511,14 +1511,14 @@ data2attr(session, nlh, data, type, family, attrs) #define ADDATTR_SETNAME(session, nlh, data) \ - data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) + data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ - rawdata2attr(session, nlh, data, type, AF_INET, attrs) + rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs) static void addattr_create(struct ipset_session session, @@ -1574,13 +1574,13 @@ "Invalid internal TYPE command: " "missing settype"); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else / bitmap:port and list:set types / - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); break; default: return ipset_err(session, "Internal error: " @@ -1640,17 +1640,17 @@ setname, typename, revision, family, flags (optional) / ADDATTR_SETNAME(session, nlh, data); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", ipset_data_family(data), type->family); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else / bitmap:port and list:set types / - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); / Type-specific create attributes */ D("call open_nested"); @@ -1677,7 +1677,7 @@ ADDATTR_SETNAME(session, nlh, data); if (flags && session->mode != IPSET_LIST_SAVE) { ipset_data_set(data, IPSET_OPT_FLAGS, &flags); - ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET, + ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4, cmd_attrs); } break;
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/libipset/types.c ^
@@ -173,7 +173,8 @@ } #define MATCH_FAMILY(type, f) \ - (f == AF_UNSPEC \|\| type->family == f \|\| type->family == AF_INET46) + (f == NFPROTO_UNSPEC \|\| type->family == f \|\| \ + type->family == NFPROTO_IPSET_IPV46) bool ipset_match_typename(const char name, const struct ipset_type type) @@ -227,8 +228,9 @@ typename); /* Family is unspecified yet: set from matching set type / - if (family == AF_UNSPEC && match->family != AF_UNSPEC) { - family = match->family == AF_INET46 ? AF_INET : match->family; + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) { + family = match->family == NFPROTO_IPSET_IPV46 ? + NFPROTO_IPV4 : match->family; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -254,8 +256,8 @@ "with maximal revision %u.\n" "You need to upgrade your ipset program.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmin, tmax); else return ipset_errptr(session, @@ -264,8 +266,8 @@ "with minimal revision %u.\n" "You need to upgrade your kernel.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmax, tmin); } @@ -290,8 +292,9 @@ } #define set_family_and_type(data, match, family) do { \ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) \ - family = match->family == AF_INET46 ? AF_INET : match->family;\ + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \ + family = match->family == NFPROTO_IPSET_IPV46 ? \ + NFPROTO_IPV4 : match->family;\ ipset_data_set(data, IPSET_OPT_FAMILY, &family); \ ipset_data_set(data, IPSET_OPT_TYPE, match); \ } while (0) @@ -306,7 +309,7 @@ const struct ipset_type match; const char setname, typename; const uint8_t revision; - uint8_t family = AF_UNSPEC; + uint8_t family = NFPROTO_UNSPEC; int ret; data = ipset_session_data(session); @@ -352,8 +355,8 @@ "ipset library does not support the " "settype with that family and revision.", setname, typename, - family == AF_INET ? "inet" : - family == AF_INET6 ? "inet6" : "unspec", + family == NFPROTO_IPV4 ? "inet" : + family == NFPROTO_IPV6 ? "inet6" : "unspec", revision); set_family_and_type(data, match, family); @@ -409,7 +412,7 @@ const struct ipset_type t, match = NULL; struct ipset_data data; const char typename; - uint8_t family = AF_UNSPEC, revision; + uint8_t family = NFPROTO_UNSPEC, revision; assert(session); data = ipset_session_data(session);
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset.c ^
@@ -24,7 +24,7 @@ #include <libipset/utils.h> /* STREQ / static char program_name[] = "ipset"; -static char program_version[] = "6.8-genl-xta"; +static char program_version[] = "6.9.1-genl-xta"; static struct ipset_session session; static uint32_t restore_line; @@ -324,9 +324,9 @@ session_family(void) { switch (ipset_data_family(ipset_session_data(session))) { - case AF_INET: + case NFPROTO_IPV4: return "inet"; - case AF_INET6: + case NFPROTO_IPV6: return "inet6"; default: return "unspec"; @@ -581,10 +581,10 @@ type->name, type->usage); if (type->usagefn) type->usagefn(); - if (type->family == AF_UNSPEC) + if (type->family == NFPROTO_UNSPEC) printf("\nType %s is family neutral.\n", type->name); - else if (type->family == AF_INET46) + else if (type->family == NFPROTO_IPSET_IPV46) printf("\nType %s supports INET " "and INET6.\n", type->name); @@ -592,7 +592,7 @@ printf("\nType %s supports family " "%s only.\n", type->name, - type->family == AF_INET + type->family == NFPROTO_IPV4 ? "INET" : "INET6"); } else { printf("\nSupported set types:\n");
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_bitmap_ip.c ^
@@ -60,10 +60,10 @@ .name = "bitmap:ip", .alias = { "ipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_bitmap_ipmac.c ^
@@ -57,16 +57,16 @@ .name = "bitmap:ip,mac", .alias = { "macipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_TWO, .last_elem_optional = true, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_single_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_ether, .print = ipset_print_ether, .opt = IPSET_OPT_ETHER
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_bitmap_port.c ^
@@ -51,10 +51,10 @@ .name = "bitmap:port", .alias = { "portmap", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_tcp_port, .print = ipset_print_port, .opt = IPSET_OPT_PORT
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ip.c ^
@@ -83,10 +83,10 @@ .name = "hash:ip", .alias = { "iphash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ipport.c ^
@@ -89,15 +89,15 @@ .name = "hash:ip,port", .alias = { "ipporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ipportip.c ^
@@ -89,20 +89,20 @@ .name = "hash:ip,port,ip", .alias = { "ipportiphash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE - 1] = { .parse = ipset_parse_single_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP2
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_ipportnet.c ^
@@ -90,20 +90,20 @@ .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE - 1] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 @@ -180,20 +180,20 @@ .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP2
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_net.c ^
@@ -73,10 +73,10 @@ .name = "hash:net", .alias = { "nethash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP @@ -125,10 +125,10 @@ .name = "hash:net", .alias = { "nethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_netiface.c ^
@@ -66,15 +66,15 @@ .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_hash_netport.c ^
@@ -67,15 +67,15 @@ .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT @@ -141,15 +141,15 @@ .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/src/ipset_list_set.c ^
@@ -50,10 +50,10 @@ .name = "list:set", .alias = { "setlist", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_setname, .print = ipset_print_name, .opt = IPSET_OPT_NAME
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/xt_set.c ^
@@ -13,7 +13,6 @@ #include <linux/module.h> #include <linux/skbuff.h> -#include <linux/version.h> #include <linux/netfilter/x_tables.h> #include "xt_set.h"
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/ipset-6/xt_set.h ^
@@ -58,8 +58,8 @@ struct xt_set_info_target_v2 { struct xt_set_info add_set; struct xt_set_info del_set; - u32 flags; - u32 timeout; + __u32 flags; + __u32 timeout; }; #endif /_XT_SET_H/
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/pknock/Makefile.am ^
@@ -1,7 +1,7 @@ # -- Makefile -- AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions -AM_CFLAGS = ${regular_CFLAGS} +AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS} include ../../Makefile.extra
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/pknock/Makefile.in ^
@@ -216,7 +216,7 @@ top_srcdir = @top_srcdir@ xtlibdir = @xtlibdir@ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${abs_top_srcdir}/extensions -AM_CFLAGS = ${regular_CFLAGS} +AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS} XA_SRCDIR = ${srcdir} XA_TOPSRCDIR = ${top_srcdir} XA_ABSTOPSRCDIR = ${abs_top_srcdir}
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_CHAOS.c ^
@@ -13,6 +13,7 @@ #include <linux/module.h> #include <linux/skbuff.h> #include <linux/stat.h> +#include <linux/version.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_tcpudp.h> #include <linux/netfilter_ipv4/ipt_REJECT.h>
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_CHECKSUM.c ^
@@ -11,6 +11,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/module.h> #include <linux/skbuff.h> +#include <linux/version.h> #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) # error ----------------------------------------------------------
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_DELUDE.c ^
@@ -16,6 +16,7 @@ #include <linux/skbuff.h> #include <linux/ip.h> #include <linux/tcp.h> +#include <linux/version.h> #include <linux/netfilter/x_tables.h> #ifdef CONFIG_BRIDGE_NETFILTER # include <linux/netfilter_bridge.h>
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_LOGMARK.c ^
@@ -12,6 +12,7 @@ #include <linux/kernel.h> #include <linux/module.h> #include <linux/skbuff.h> +#include <linux/version.h> #include <linux/netfilter/nf_conntrack_common.h> #include <linux/netfilter/x_tables.h> #include "compat_xtables.h"
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_RAWNAT.c ^
@@ -13,6 +13,7 @@ #include <linux/skbuff.h> #include <linux/tcp.h> #include <linux/udp.h> +#include <linux/version.h> #include <linux/netfilter.h> #include <linux/netfilter/nf_conntrack_common.h> #include <linux/netfilter/x_tables.h>
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_SYSRQ.c ^
@@ -17,6 +17,7 @@ #include <linux/skbuff.h> #include <linux/sysrq.h> #include <linux/udp.h> +#include <linux/version.h> #include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv6/ip6_tables.h> #include <linux/netfilter/x_tables.h>
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_TARPIT.c ^
@@ -41,6 +41,7 @@ #include <linux/ip.h> #include <linux/module.h> #include <linux/skbuff.h> +#include <linux/version.h> #include <linux/netfilter/x_tables.h> #ifdef CONFIG_BRIDGE_NETFILTER # include <linux/netfilter_bridge.h>
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_iface.c ^
@@ -9,6 +9,7 @@ #include <linux/moduleparam.h> #include <linux/netdevice.h> #include <linux/skbuff.h> +#include <linux/version.h> #include <linux/netfilter/x_tables.h> #include "xt_iface.h" #include "compat_xtables.h"
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/extensions/xt_quota2.c ^
@@ -15,6 +15,7 @@ #include <linux/proc_fs.h> #include <linux/skbuff.h> #include <linux/spinlock.h> +#include <linux/version.h> #include <asm/atomic.h> #include <linux/netfilter/x_tables.h>
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/mconfig ^
@@ -20,7 +20,6 @@ build_gradm=m build_iface=m build_ipp2p=m -build_ipset4= build_ipset6=m build_ipv4options=m build_length2=m
[-] [+]	Changed	xtables-addons-1.39.tar.bz2/xtables-addons.8.in ^
@@ -1,4 +1,4 @@ -.TH xtables-addons 8 "v1.38 (2011-08-20)" "" "v1.38 (2011-08-20)" +.TH xtables-addons 8 "v1.39 (2011-09-21)" "" "v1.39 (2011-09-21)" .SH Name Xtables-addons \(em additional extensions for iptables, ip6tables, etc. .SH Targets