+2.4.4
+ - Premature checking prevents to add valid elements to hash
+ types, fixed (bug reported by JC Janos).
+ - Local variable shadows another variable, fixed (reported
+ by Jan Engelhardt).
+ - More compiler warning options added and warnings fixed.
+
2.4.3
- Include file <limits.h> was missing from userspace set type
modules, reported by Krzysztof Oledzki and Sven Wegener.
V=0
endif
-IPSET_VERSION:=2.4.3
+IPSET_VERSION:=2.4.4
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
RELEASE_DIR:=/tmp
COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Ikernel/include -I. # -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
+WARN_FLAGS:=-Wall \
+ -Wextra \
+ -Waggregate-return \
+ -Wbad-function-cast \
+ -Wcast-align \
+ -Wformat=2 \
+ -Wfloat-equal \
+ -Winit-self \
+ -Winline \
+ -Wmissing-declarations \
+ -Wmissing-prototypes \
+ -Wnested-externs \
+ -Wold-style-definition \
+ -Wpacked \
+ -Wredundant-decls \
+ -Wshadow \
+ -Wsign-compare \
+ -Wstrict-prototypes \
+ -Wswitch-default \
+ -Wswitch-enum \
+ -Wundef \
+ -Wwrite-strings \
+ -Werror
+
+CFLAGS:=$(COPT_FLAGS) $(WARN_FLAGS) -Ikernel/include -I. # -g -DIPSET_DEBUG #-pg
SH_CFLAGS:=$(CFLAGS) -fPIC
SETTYPES:=ipmap portmap macipmap
SETTYPES+=iptree iptreemap
$(CC) $(SH_CFLAGS) -o $@ -c $<
libipset_%.so: ipset_%.o
- $(LD) -shared -o $@ $<
+ $(CC) -shared -o $@ $<
$(DESTDIR)$(LIBDIR)/ipset/libipset_%.so: libipset_%.so
@[ -d $(DESTDIR)$(LIBDIR)/ipset ] || mkdir -p $(DESTDIR)$(LIBDIR)/ipset
{"help", 2, 0, 'H'},
/* end */
- {NULL},
+ {0, 0, 0, 0},
};
static char opts_short[] =
exit(status);
}
-void exit_error(enum exittype status, const char *msg, ...)
+void exit_error(int status, const char *msg, ...)
{
- va_list args;
-
if (!option_quiet) {
+ va_list args;
+
va_start(args, msg);
fprintf(stderr, "%s v%s: ", program_name, program_version);
vfprintf(stderr, msg, args);
exit(status);
}
-static void ipset_printf(char *msg, ...)
+static void ipset_printf(const char *msg, ...)
{
- va_list args;
-
if (!option_quiet) {
+ va_list args;
+
va_start(args, msg);
vfprintf(stdout, msg, args);
va_end(args);
}
}
-static void generic_opt_check(int command, int options)
+static void generic_opt_check(int command, unsigned int options)
{
int i, j, legal = 0;
}
}
-static char opt2char(int option)
+static char opt2char(unsigned int option)
{
const char *ptr;
for (ptr = optflags; option > 1; option >>= 1, ptr++);
return *ptr;
}
-static char cmd2char(int option)
+static char cmd2char(int cmd)
{
- if (option <= CMD_NONE || option > NUMBER_OF_CMD)
+ if (cmd <= CMD_NONE || cmd > NUMBER_OF_CMD)
return ' ';
- return cmdflags[option];
+ return cmdflags[cmd];
}
/* From iptables.c ... */
switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
case -1: goto fail;
case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */
+ default: ; /* nothing */
}
if (ret[strlen(ret)-1]=='\n')
ret[strlen(ret)-1]=0;
switch (fork()) {
case 0:
- argv[0] = (char *)modprobe;
- argv[1] = (char *)modname;
+ argv[0] = (char *) modprobe;
+ argv[1] = (char *) modname;
argv[2] = NULL;
execv(argv[0], argv);
struct translate_error {
int err;
unsigned cmd;
- char *message;
+ const char *message;
} table[] =
{ /* Generic error codes */
{ EPERM, 0, "Missing capability" },
kernel_error(cmd, errno);
}
-static int kernel_sendto_handleerrno(unsigned cmd, unsigned op,
+static int kernel_sendto_handleerrno(unsigned cmd,
void *data, socklen_t size)
{
int res = wrapped_setsockopt(data, size);
req_version.version, IP_SET_PROTOCOL_VERSION);
}
-static void set_command(unsigned *cmd, const int newcmd)
+static void set_command(int *cmd, int newcmd)
{
if (*cmd != CMD_NONE)
exit_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
static struct option *merge_options(struct option *oldopts,
const struct option *newopts,
- unsigned int *option_offset)
+ int *option_offset)
{
unsigned int num_old, num_new, i;
struct option *merge;
{
struct netent *net;
- if ((net = getnetbyaddr((long) ntohl(addr->s_addr),
+ if ((net = getnetbyaddr(ntohl(addr->s_addr),
AF_INET)) != NULL) {
DP("%s", net->n_name);
return (char *) net->n_name;
return inet_ntoa(addr);
}
-char *binding_ip_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+char *binding_ip_tostring(struct set *set UNUSED,
+ ip_set_ip_t ip, unsigned options)
{
return ip_tostring(ip, options);
}
void parse_mask(const char *str, ip_set_ip_t * mask)
{
struct in_addr addr;
- unsigned int bits;
+ int bits;
DP("%s", str);
string_to_number(const char *str, unsigned int min, unsigned int max,
ip_set_ip_t *port)
{
- long number;
+ unsigned long number;
char *end;
/* Handle hex, octal, etc. */
errno = 0;
- number = strtol(str, &end, 0);
+ number = strtoul(str, &end, 0);
if (*end == '\0' && end != str) {
/* we parsed a number, let's see if we want this */
if (errno != ERANGE && min <= number && number <= max) {
static int
string_to_port(const char *str, ip_set_ip_t *port)
{
- struct servent *service;
-
+ struct servent *service = getservbyname(str, "tcp");
+
if ((service = getservbyname(str, "tcp")) != NULL) {
- *port = ntohs((unsigned short) service->s_port);
+ *port = ntohs((uint16_t) service->s_port);
return 0;
}
-
- return -1;
+ return - 1;
}
/* Fills the 'ip' with the parsed port in host byte order */
static int newargc = 0;
/* Build faked argv from parsed line */
-static void build_argv(int line, char *buffer) {
+static void build_argv(unsigned line, char *buffer) {
char *ptr;
int i;
ptr = strtok(buffer, " \t\n");
newargv[newargc++] = ipset_strdup(ptr);
while ((ptr = strtok(NULL, " \t\n")) != NULL) {
- if ((newargc + 1) < sizeof(newargv)/sizeof(char *))
+ if ((newargc + 1) < (int)(sizeof(newargv)/sizeof(char *)))
newargv[newargc++] = ipset_strdup(ptr);
else
exit_error(PARAMETER_PROBLEM,
static FILE *create_tempfile(void)
{
- char buffer[1024];
+ char buffer[1024], __tmpdir[] = "/tmp";
char *tmpdir = NULL;
char *filename;
int fd;
FILE *file;
if (!(tmpdir = getenv("TMPDIR")) && !(tmpdir = getenv("TMP")))
- tmpdir = "/tmp";
+ tmpdir = __tmpdir;
filename = ipset_malloc(strlen(tmpdir) + strlen(TEMPFILE_PATTERN) + 1);
strcpy(filename, tmpdir);
strcat(filename, TEMPFILE_PATTERN);
char buffer[1024];
char *ptr, *name = NULL;
char cmd = ' ';
- int restore_line = 0, first_pass, i, bindings = 0;
+ int first_pass, i, bindings = 0;
struct settype *settype = NULL;
struct ip_set_req_setnames *header;
ip_set_id_t idx;
load_set_list(IPSET_TOKEN_ALL, &idx,
IP_SET_OP_LIST_SIZE, CMD_RESTORE);
+ restore_line = 0;
restore_size = sizeof(struct ip_set_req_setnames)/* header */
+ sizeof(struct ip_set_restore); /* marker */
DP("restore_size: %u", restore_size);
memcpy(data + sizeof(struct ip_set_req_adt),
set->settype->data, set->settype->adt_size);
- if (kernel_sendto_handleerrno(cmd, op, data, size) == -1)
+ if (kernel_sendto_handleerrno(cmd, data, size) == -1)
switch (op) {
case IP_SET_OP_ADD_IP:
exit_error(OTHER_PROBLEM, "%s is already in set %s.",
return res;
}
-static void set_restore_add(struct set *set, const char *adt)
+static void set_restore_add(struct set *set, const char *adt UNUSED)
{
DP("%s %s", set->name, adt);
/* Sanity checking */
}
if (op == IP_SET_OP_TEST_BIND_SET) {
- if (kernel_sendto_handleerrno(cmd, op, data, size) == -1) {
+ if (kernel_sendto_handleerrno(cmd, data, size) == -1) {
ipset_printf("%s in set %s is bound to %s.",
adt, set->name, binding);
res = 0;
*/
static void set_help(const struct settype *settype)
{
-#ifdef IPSET_DEBUG
- char debughelp[] =
- " --debug -z Enable debugging\n\n";
-#else
- char debughelp[] = "\n";
-#endif
-
printf("%s v%s\n\n"
"Usage: %s -N new-set settype [options]\n"
" %s -[XFLSH] [set] [options]\n"
" --resolve -r Try to resolve addresses in a -L\n"
" --quiet -q Suppress any output to stdout and stderr.\n"
" --binding -b Specifies the binding for -B\n");
- printf(debughelp);
+#ifdef IPSET_DEBUG
+ printf(" --debug -z Enable debugging\n\n");
+#else
+ printf("\n");
+#endif
if (settype != NULL) {
printf("Type '%s' specific:\n", settype->typename);
}
}
-static int find_cmd(const char option)
+static int find_cmd(int option)
{
int i;
for (i = 1; i <= NUMBER_OF_CMD; i++)
- if (cmdflags[i] == option)
+ if (cmdflags[i] == (char) option)
return i;
return CMD_NONE;
}
-static int parse_adt_cmdline(unsigned command,
+static int parse_adt_cmdline(int command,
const char *name,
char *adt,
struct set **set,
int parse_commandline(int argc, char *argv[])
{
int res = 0;
- unsigned command = CMD_NONE;
+ int command = CMD_NONE;
unsigned options = 0;
int c;
case 1: /* non option */
printf("Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ exit_tryhelp(PARAMETER_PROBLEM);
break; /*always good */
default:{
CMD_ADT_GET,
};
-enum exittype {
- OTHER_PROBLEM = 1,
- PARAMETER_PROBLEM,
- VERSION_PROBLEM
-};
+/* Exit codes */
+#define OTHER_PROBLEM 1
+#define PARAMETER_PROBLEM 2
+#define VERSION_PROBLEM 3
/* The view of an ipset in userspace */
struct set {
size_t adt_size;
/* Function which parses command options */
- ip_set_ip_t (*adt_parser) (unsigned cmd, const char *optarg, void *data);
+ ip_set_ip_t (*adt_parser) (int cmd, const char *optarg, void *data);
/*
* Printing
/* Internal data */
void *header;
void *data;
- unsigned int option_offset;
+ int option_offset;
unsigned int flags;
};
/* extern void unregister_settype(set_type_t *set_type); */
-extern void exit_error(enum exittype status, const char *msg, ...);
+extern void exit_error(int status, const char *msg, ...);
extern char *binding_ip_tostring(struct set *set,
ip_set_ip_t ip, unsigned options);
#define ID2MASK(id) (1 << ((id)%BITSPERBYTE))
#define test_bit(id, heap) ((((char *)(heap))[ID2BYTE(id)] & ID2MASK(id)) != 0)
+#define UNUSED __attribute__ ((unused))
+#define CONSTRUCTOR(module) \
+void __attribute__ ((constructor)) module##_init(void); \
+void module##_init(void)
+
#endif /* __IPSET_H */
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_iphash_create *mydata =
(struct ip_set_req_iphash_create *) data;
/* Final check; exit if not ok. */
static void
-create_final(void *data, unsigned int flags)
+create_final(void *data UNUSED, unsigned int flags UNUSED)
{
-#ifdef IPSET_DEBUG
- struct ip_set_req_iphash_create *mydata = data;
-
- DP("hashsize %u probes %u resize %u",
- mydata->hashsize, mydata->probes, mydata->resize);
-#endif
}
/* Create commandline options */
{.name = "probes", .has_arg = required_argument, .val = '2'},
{.name = "resize", .has_arg = required_argument, .val = '3'},
{.name = "netmask", .has_arg = required_argument, .val = '4'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_iphash *mydata = data;
- parse_ip(optarg, &mydata->ip);
+ parse_ip(arg, &mydata->ip);
if (!mydata->ip)
exit_error(PARAMETER_PROBLEM,
- "Zero valued IP address `%s' specified", optarg);
+ "Zero valued IP address `%s' specified", arg);
return mydata->ip;
};
return bits;
maskaddr = 0xFFFFFFFE;
- while (--bits >= 0 && maskaddr != mask)
+ while (--bits > 0 && maskaddr != mask)
maskaddr <<= 1;
return bits;
}
static void
-printheader(struct set *set, unsigned options)
+printheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_iphash *mysetdata = set->settype->header;
}
static void
-printips(struct set *set, void *data, size_t len, unsigned options)
+printips(struct set *set UNUSED, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
static void
-saveheader(struct set *set, unsigned options)
+saveheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_iphash *mysetdata = set->settype->header;
/* Print save for an IP */
static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set UNUSED, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(iphash)
{
settype_register(&settype_iphash);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_ipmap_create *mydata = data;
unsigned int bits;
{.name = "to", .has_arg = required_argument, .val = '2'},
{.name = "network", .has_arg = required_argument, .val = '3'},
{.name = "netmask", .has_arg = required_argument, .val = '4'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_ipmap *mydata = data;
- DP("ipmap: %p %p", optarg, data);
+ DP("ipmap: %p %p", arg, data);
- parse_ip(optarg, &mydata->ip);
+ parse_ip(arg, &mydata->ip);
DP("%s", ip_tostring_numeric(mydata->ip));
return 1;
}
static void
-printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+printips_sorted(struct set *set, void *data,
+ size_t len UNUSED, unsigned options)
{
struct ip_set_ipmap *mysetdata = set->settype->header;
ip_set_ip_t id;
}
static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data, size_t len UNUSED, unsigned options)
{
struct ip_set_ipmap *mysetdata = set->settype->header;
ip_set_ip_t id;
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(ipmap)
{
settype_register(&settype_ipmap);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_ipporthash_create *mydata = data;
ip_set_ip_t value;
{.name = "from", .has_arg = required_argument, .val = '4'},
{.name = "to", .has_arg = required_argument, .val = '5'},
{.name = "network", .has_arg = required_argument, .val = '6'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_ipporthash *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
- DP("ipporthash: %p %p", optarg, data);
+ DP("ipporthash: %p %p", arg, data);
if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
fprintf(stderr, "Warning: please use ',' separator token between ip,port.\n"
else
exit_error(PARAMETER_PROBLEM,
"IP address and port must be specified: ip,port");
+
+ if (!(mydata->ip || mydata->port))
+ exit_error(PARAMETER_PROBLEM,
+ "Zero valued IP address and port `%s' specified", arg);
ipset_free(saved);
return 1;
};
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(ipporthash)
{
settype_register(&settype_ipporthash);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_ipportiphash_create *mydata = data;
ip_set_ip_t value;
{.name = "from", .has_arg = required_argument, .val = '4'},
{.name = "to", .has_arg = required_argument, .val = '5'},
{.name = "network", .has_arg = required_argument, .val = '6'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_ipportiphash *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
- DP("ipportiphash: %p %p", optarg, data);
+ DP("ipportiphash: %p %p", arg, data);
if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
fprintf(stderr, "Warning: please use ',' separator token between ip,port,ip.\n"
else
exit_error(PARAMETER_PROBLEM,
"IP address, port and IP address must be specified: ip,port,ip");
+ if (!(mydata->ip || mydata->port || mydata->ip1))
+ exit_error(PARAMETER_PROBLEM,
+ "Zero valued IP address, port and IP address `%s' specified", arg);
ipset_free(saved);
return 1;
};
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(ipportiphash)
{
settype_register(&settype_ipportiphash);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_ipportnethash_create *mydata = data;
ip_set_ip_t value;
{.name = "from", .has_arg = required_argument, .val = '4'},
{.name = "to", .has_arg = required_argument, .val = '5'},
{.name = "network", .has_arg = required_argument, .val = '6'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd, const char *arg, void *data)
{
struct ip_set_req_ipportnethash *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
ip_set_ip_t cidr;
- DP("ipportnethash: %p %p", optarg, data);
+ DP("ipportnethash: %p %p", arg, data);
if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
fprintf(stderr, "Warning: please use ',' separator token between ip,port,net.\n"
cidr = 32;
else
exit_error(PARAMETER_PROBLEM,
- "Missing /cidr from `%s'", optarg);
+ "Missing /cidr from `%s'", arg);
else
if (string_to_number(tmp, 1, 31, &cidr))
exit_error(PARAMETER_PROBLEM,
- "Out of range cidr `%s' specified", optarg);
+ "Out of range cidr `%s' specified", arg);
mydata->cidr = cidr;
static char buf[20];
static char *
-unpack_ip_tostring(ip_set_ip_t ip, unsigned options)
+unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED)
{
int i, j = 3;
unsigned char a, b;
((unsigned char *)&ip)[3],
b);
- DP("%s %s", ip_tostring(ntohl(ip), options), buf);
+ DP("%s %s", ip_tostring(ntohl(ip), 0), buf);
return buf;
}
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(ipportnethash)
{
settype_register(&settype_ipportnethash);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_iptree_create *mydata = data;
/* Final check; exit if not ok. */
static void
-create_final(void *data, unsigned int flags)
+create_final(void *data UNUSED, unsigned int flags UNUSED)
{
}
/* Create commandline options */
static const struct option create_opts[] = {
{.name = "timeout", .has_arg = required_argument, .val = '1'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_iptree *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
- DP("iptree: %p %p", optarg, data);
+ DP("iptree: %p %p", arg, data);
if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1)
fprintf(stderr, "Warning: please use ',' separator token between ip,timeout.\n"
}
static void
-printheader(struct set *set, unsigned options)
+printheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_iptree *mysetdata = set->settype->header;
}
static void
-saveheader(struct set *set, unsigned options)
+saveheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_iptree *mysetdata = set->settype->header;
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(iptree)
{
settype_register(&settype_iptree);
}
static int
-create_parse(int c, char *argv[], void *data, unsigned int *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned int *flags)
{
struct ip_set_req_iptreemap_create *mydata = data;
}
static void
-create_final(void *data, unsigned int flags)
+create_final(void *data UNUSED, unsigned int flags UNUSED)
{
}
static const struct option create_opts[] = {
{.name = "gc", .has_arg = required_argument, .val = 'g'},
- {NULL},
+ {0, 0, 0, 0},
};
static ip_set_ip_t
-adt_parser(unsigned int cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_iptreemap *mydata = data;
ip_set_ip_t mask;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
if (strchr(tmp, '/')) {
}
static void
-printheader(struct set *set, unsigned int options)
+printheader(struct set *set, unsigned int options UNUSED)
{
struct ip_set_iptreemap *mysetdata = set->settype->header;
}
static void
-printips_sorted(struct set *set, void *data, size_t len, unsigned int options)
+printips_sorted(struct set *set UNUSED, void *data,
+ size_t len, unsigned int options)
{
struct ip_set_req_iptreemap *req;
size_t offset = 0;
}
static void
-saveheader(struct set *set, unsigned int options)
+saveheader(struct set *set, unsigned int options UNUSED)
{
struct ip_set_iptreemap *mysetdata = set->settype->header;
}
static void
-saveips(struct set *set, void *data, size_t len, unsigned int options)
+saveips(struct set *set UNUSED, void *data,
+ size_t len, unsigned int options)
{
struct ip_set_req_iptreemap *req;
size_t offset = 0;
.usage = &usage,
};
-void
-_init(void)
+CONSTRUCTOR(iptreemap)
{
settype_register(&settype_iptreemap);
}
/* Initialize the create. */
static void
-create_init(void *data)
+create_init(void *data UNUSED)
{
DP("create INIT");
/* Nothing */
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_macipmap_create *mydata = data;
{.name = "to", .has_arg = required_argument, .val = '2'},
{.name = "network", .has_arg = required_argument, .val = '3'},
{.name = "matchunset", .has_arg = no_argument, .val = '4'},
- {NULL},
+ {0, 0, 0, 0},
};
static void
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_macipmap *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
- DP("macipmap: %p %p", optarg, data);
+ DP("macipmap: %p %p", arg, data);
ptr = strsep(&tmp, ",");
if (!tmp) {
memset(mydata->ethernet, 0, ETH_ALEN);
free(saved);
+
return 1;
}
}
static void
-printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+printips_sorted(struct set *set, void *data,
+ size_t len UNUSED, unsigned options)
{
struct ip_set_macipmap *mysetdata = set->settype->header;
struct ip_set_macip *table = data;
}
static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data,
+ size_t len UNUSED, unsigned options)
{
struct ip_set_macipmap *mysetdata = set->settype->header;
struct ip_set_macip *table = data;
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(macipmap)
{
settype_register(&settype_macipmap);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_nethash_create *mydata = data;
ip_set_ip_t value;
/* Final check; exit if not ok. */
static void
-create_final(void *data, unsigned int flags)
+create_final(void *data UNUSED, unsigned int flags UNUSED)
{
-#ifdef IPSET_DEBUG
- struct ip_set_req_nethash_create *mydata = data;
-
- DP("hashsize %u probes %u resize %u",
- mydata->hashsize, mydata->probes, mydata->resize);
-#endif
}
/* Create commandline options */
{.name = "hashsize", .has_arg = required_argument, .val = '1'},
{.name = "probes", .has_arg = required_argument, .val = '2'},
{.name = "resize", .has_arg = required_argument, .val = '3'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd, const char *arg, void *data)
{
struct ip_set_req_nethash *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
ip_set_ip_t cidr;
cidr = 32;
else
exit_error(PARAMETER_PROBLEM,
- "Missing cidr from `%s'", optarg);
+ "Missing cidr from `%s'", arg);
} else
if (string_to_number(tmp, 1, 31, &cidr))
exit_error(PARAMETER_PROBLEM,
- "Out of range cidr `%s' specified", optarg);
+ "Out of range cidr `%s' specified", arg);
mydata->cidr = cidr;
parse_ip(ptr, &mydata->ip);
+#if 0
if (!mydata->ip)
exit_error(PARAMETER_PROBLEM,
"Zero valued IP address `%s' specified", ptr);
+#endif
ipset_free(saved);
- return mydata->ip;
+ return 1;
};
/*
}
static void
-printheader(struct set *set, unsigned options)
+printheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_nethash *mysetdata = set->settype->header;
static char buf[20];
static char *
-unpack_ip_tostring(ip_set_ip_t ip, unsigned options)
+unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED)
{
int i, j = 3;
unsigned char a, b;
((unsigned char *)&ip)[3],
b);
- DP("%s %s", ip_tostring(ntohl(ip), options), buf);
+ DP("%s %s", ip_tostring(ntohl(ip), 0), buf);
return buf;
}
static void
-printips(struct set *set, void *data, size_t len, unsigned options)
+printips(struct set *set UNUSED, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
static void
-saveheader(struct set *set, unsigned options)
+saveheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_nethash *mysetdata = set->settype->header;
/* Print save for an IP */
static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set UNUSED, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
static char *
-net_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+net_tostring(struct set *set UNUSED, ip_set_ip_t ip, unsigned options)
{
return unpack_ip_tostring(ip, options);
}
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(nethash)
{
settype_register(&settype_nethash);
/* Initialize the create. */
static void
-create_init(void *data)
+create_init(void *data UNUSED)
{
DP("create INIT");
/* Nothing */
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags)
{
struct ip_set_req_portmap_create *mydata = data;
static const struct option create_opts[] = {
{.name = "from", .has_arg = required_argument, .val = '1'},
{.name = "to", .has_arg = required_argument, .val = '2'},
- {NULL},
+ {0, 0, 0, 0},
};
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_portmap *mydata = data;
- parse_port(optarg, &mydata->ip);
+ parse_port(arg, &mydata->ip);
DP("%s", port_tostring(mydata->ip, 0));
return 1;
}
static void
-printports_sorted(struct set *set, void *data, size_t len, unsigned options)
+printports_sorted(struct set *set, void *data,
+ size_t len UNUSED, unsigned options)
{
struct ip_set_portmap *mysetdata = set->settype->header;
u_int32_t addr = mysetdata->first_ip;
}
static char *
-binding_port_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+binding_port_tostring(struct set *set UNUSED,
+ ip_set_ip_t ip, unsigned options)
{
return port_tostring(ip, options);
}
}
static void
-saveports(struct set *set, void *data, size_t len, unsigned options)
+saveports(struct set *set, void *data,
+ size_t len UNUSED, unsigned options)
{
struct ip_set_portmap *mysetdata = set->settype->header;
u_int32_t addr = mysetdata->first_ip;
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(portmap)
{
settype_register(&settype_portmap);
/* Function which parses command options; returns true if it ate an option */
static int
-create_parse(int c, char *argv[], void *data, unsigned *flags)
+create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags UNUSED)
{
struct ip_set_req_setlist_create *mydata = data;
unsigned int size;
/* Final check; exit if not ok. */
static void
-create_final(void *data, unsigned int flags)
+create_final(void *data UNUSED, unsigned int flags UNUSED)
{
}
/* Create commandline options */
static const struct option create_opts[] = {
{.name = "size", .has_arg = required_argument, .val = '1'},
- {NULL},
+ {0, 0, 0, 0},
};
static void check_setname(const char *name)
/* Add, del, test parser */
static ip_set_ip_t
-adt_parser(unsigned cmd, const char *optarg, void *data)
+adt_parser(int cmd UNUSED, const char *arg, void *data)
{
struct ip_set_req_setlist *mydata = data;
- char *saved = ipset_strdup(optarg);
+ char *saved = ipset_strdup(arg);
char *ptr, *tmp = saved;
- DP("setlist: %p %p", optarg, data);
+ DP("setlist: %p %p", arg, data);
ptr = strsep(&tmp, ",");
check_setname(ptr);
}
static void
-printheader(struct set *set, unsigned options)
+printheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_setlist *mysetdata = set->settype->header;
}
static void
-printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+printips_sorted(struct set *set, void *data,
+ size_t len UNUSED, unsigned options UNUSED)
{
struct ip_set_setlist *mysetdata = set->settype->header;
int i;
}
static void
-saveheader(struct set *set, unsigned options)
+saveheader(struct set *set, unsigned options UNUSED)
{
struct ip_set_setlist *mysetdata = set->settype->header;
}
static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data,
+ size_t len UNUSED, unsigned options UNUSED)
{
struct ip_set_setlist *mysetdata = set->settype->header;
int i;
.usage = &usage,
};
-void _init(void)
+CONSTRUCTOR(setlist)
{
settype_register(&settype_setlist);
+2.4.4
+ - Premature checking prevents to add valid elements to hash
+ types, fixed (bug reported by JC Janos).
+
2.4.2
- When flushing a nethash/ipportnethash type of set, it can
lead to a kernel crash due to a wrong type declaration,
return bits;
maskaddr = 0xFFFFFFFE;
- while (--bits >= 0 && maskaddr != mask)
+ while (--bits > 0 && maskaddr != mask)
maskaddr <<= 1;
return bits;
ip_set_ip_t mask = 0xFFFFFFFE;
*bits = 32;
- while (--(*bits) >= 0 && mask && (to & mask) != from)
+ while (--(*bits) > 0 && mask && (to & mask) != from)
mask <<= 1;
return mask;
DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
ip1 = pack_ip_cidr(ip1, cidr);
+ if (!(*hash_ip || ip1))
+ return UINT_MAX;
for (i = 0; i < map->probes; i++) {
id = jhash_ip2(map, i, *hash_ip, ip1) % map->hashsize;
ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip_set_ip_t *hash_ip)
{
- const struct ip_set_ipportnethash *map = set->data;
const struct ip_set_req_ipportnethash *req = data;
if (req->cidr <= 0 || req->cidr > 32)
return -EINVAL;
- if (!(pack_ip_port(map, req->ip, req->port)))
- return -ERANGE;
return (req->cidr == 32
? ipportnethash_test(set, hash_ip, req->ip, req->port,
req->ip1)
#define KADT_CONDITION \
ip_set_ip_t port, ip1; \
- struct ip_set_ipportnethash *map = set->data; \
\
if (flags[index+2] == 0) \
return 0; \
ip1 = ipaddr(skb, flags[index+2]); \
\
if (port == INVALID_PORT) \
- return 0; \
- if (!(pack_ip_port(map, ip, port))) \
return 0;
KADT(ipportnethash, test, ipaddr, port, ip1)
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ ip1 = pack_ip_cidr(ip1, cidr);
if (!(*hash_ip || ip1))
return -ERANGE;
- ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr));
+ ret =__ipportnet_add(map, *hash_ip, ip1);
if (ret == 0) {
if (!map->nets[cidr-1]++)
add_cidr_size(map->cidr, cidr);
ip_set_ip_t *elem;
*hash_ip = pack_ip_cidr(ip, cidr);
+ if (!*hash_ip)
+ return MAX_RANGE;
for (i = 0; i < map->probes; i++) {
id = jhash_ip(map, i, *hash_ip) % map->hashsize;
{
const struct ip_set_nethash *map = set->data;
- return (ip && nethash_id_cidr(map, hash_ip, ip, cidr) != UINT_MAX);
+ return (nethash_id_cidr(map, hash_ip, ip, cidr) != UINT_MAX);
}
static inline int
nethash_test(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip)
{
- return (ip && nethash_id(set, hash_ip, ip) != UINT_MAX);
+ return (nethash_id(set, hash_ip, ip) != UINT_MAX);
}
static int
struct ip_set_nethash *map = set->data;
int ret;
- if (!ip || map->elements >= limit)
- return -ERANGE;
+ if (map->elements >= limit || map->nets[cidr-1] == UINT16_MAX)
+ return -ERANGE;
if (cidr <= 0 || cidr >= 32)
return -EINVAL;
- if (map->nets[cidr-1] == UINT16_MAX)
- return -ERANGE;
-
+
*hash_ip = pack_ip_cidr(ip, cidr);
DP("%u.%u.%u.%u/%u, %u.%u.%u.%u", HIPQUAD(ip), cidr, HIPQUAD(*hash_ip));
+ if (!*hash_ip)
+ return -ERANGE;
ret = __nethash_add(map, hash_ip);
if (ret == 0) {
struct ip_set_nethash *map = set->data;
ip_set_ip_t id, *elem;
- if (!ip)
- return -ERANGE;
if (cidr <= 0 || cidr >= 32)
return -EINVAL;
0 ipset -X test
# Network: Create a set
0 ipset -N test iphash --hashsize 128 --netmask 24
+# Range: Add zero valued element
+2 ipset -A test 0.0.0.0
+# Range: Test zero valued element
+2 ipset -T test 0.0.0.0
+# Range: Delete zero valued element
+2 ipset -D test 0.0.0.0
# Network: Add first random network
0 ipset -A test 2.0.0.1
# Network: Add second random network
1 ipset -A test 2.0.0.1,0
# Range: Test zero valued element
1 ipset -T test 2.0.0.1,0
+# Range: Delete zero valued element
+1 ipset -D test 2.0.0.1,0
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5
# Range: Add upper boundary
1 ipset -A test 2.0.0.1,0,0.0.0.0
# Range: Test zero valued element
1 ipset -T test 2.0.0.1,0,0.0.0.0
+# Range: Delete zero valued element
+1 ipset -D test 2.0.0.1,0,0.0.0.0
+# Range: Add almost zero valued element
+0 ipset -A test 2.0.0.1,0,0.0.0.1
+# Range: Test almost zero valued element
+0 ipset -T test 2.0.0.1,0,0.0.0.1
+# Range: Delete almost zero valued element
+0 ipset -D test 2.0.0.1,0,0.0.0.1
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5,1.1.1.1
# Range: Add upper boundary
# Range: Create a set from a valid range
0 ipset -N test ipportnethash --from 2.0.0.1 --to 2.1.0.0
# Range: Add zero valued element
-1 ipset -A test 2.0.0.1,0,0.0.0.0/1
+2 ipset -A test 2.0.0.1,0,0.0.0.0/0
# Range: Test zero valued element
-1 ipset -T test 2.0.0.1,0,0.0.0.0/1
+2 ipset -T test 2.0.0.1,0,0.0.0.0/0
+# Range: Delete zero valued element
+2 ipset -D test 2.0.0.1,0,0.0.0.0/0
+# Range: Add almost zero valued element
+0 ipset -A test 2.0.0.1,0,0.0.0.0/24
+# Range: Test almost zero valued element
+0 ipset -T test 2.0.0.1,0,0.0.0.0/24
+# Range: Delete almost zero valued element
+0 ipset -D test 2.0.0.1,0,0.0.0.0/24
# Range: Add lower boundary
0 ipset -A test 2.0.0.1,5,1.1.1.1/24
# Range: Add upper boundary
2 ipset -A test 0.0.0.0/0
# Range: Test zero valued element
2 ipset -T test 0.0.0.0/0
+# Range: Delete zero valued element
+2 ipset -D test 0.0.0.0/0
+# Range: Try to add /0
+2 ipset -A test 1.1.1.1/0
+# Range: Try to add /32
+2 ipset -A test 1.1.1.1/32
+# Range: Add almost zero valued element
+0 ipset -A test 0.0.0.0/1
+# Range: Test almost zero valued element
+0 ipset -T test 0.0.0.0/1
+# Range: Delete almost zero valued element
+0 ipset -D test 0.0.0.0/1
# Add first random network
0 ipset -A test 2.0.0.1/24
# Add second random network
projects / thirdparty / ipset.git / commitdiff
