Changes:
- Remove unsupported ipset 4.x from the Xtables-addons distribution
- ipset: move ipset_errcode from src to library to avoid undefined reference
+- update to ipset 6.9.1
v1.38 (2011-08-20)
ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o
-EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256
+EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256 -DIPSET_EXTERNAL_MODULE=1
* published by the Free Software Foundation.
*/
+#include <linux/types.h>
+
/* The protocol version */
#define IPSET_PROTOCOL 0x60
IPSET_CADT_MAX,
};
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+
+#define IPSET_INVALID_ID 65535
+
+enum ip_set_dim {
+ IPSET_DIM_ZERO = 0,
+ IPSET_DIM_ONE,
+ IPSET_DIM_TWO,
+ IPSET_DIM_THREE,
+ /* Max dimension in elements.
+ * If changed, new revision of iptables match/target is required.
+ */
+ IPSET_DIM_MAX = 6,
+};
+
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+ IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+ IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+ IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+ IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+};
+
#endif /* __IP_SET_H */
--- /dev/null
+#ifndef LIBIPSET_NFPROTO_H
+#define LIBIPSET_NFPROTO_H
+
+/*
+ * The constants to select, same as in linux/netfilter.h.
+ * Like nf_inet_addr.h, this is just here so that we need not to rely on
+ * the presence of a recent-enough netfilter.h.
+ */
+enum {
+ NFPROTO_UNSPEC = 0,
+ NFPROTO_IPV4 = 2,
+ NFPROTO_ARP = 3,
+ NFPROTO_BRIDGE = 7,
+ NFPROTO_IPV6 = 10,
+ NFPROTO_DECNET = 12,
+ NFPROTO_NUMPROTO,
+};
+
+#endif /* LIBIPSET_NFPROTO_H */
#include <libipset/parse.h> /* ipset_parsefn */
#include <libipset/print.h> /* ipset_printfn */
#include <libipset/linux_ip_set.h> /* IPSET_MAXNAMELEN */
-
-#define AF_INET46 255
+#include <libipset/nfproto.h> /* for NFPROTO_ */
/* Family rules:
- * - AF_UNSPEC: type is family-neutral
- * - AF_INET: type supports IPv4 only
- * - AF_INET6: type supports IPv6 only
- * - AF_INET46: type supports both IPv4 and IPv6
+ * - NFPROTO_UNSPEC: type is family-neutral
+ * - NFPROTO_IPV4: type supports IPv4 only
+ * - NFPROTO_IPV6: type supports IPv6 only
+ * Special (userspace) ipset-only extra value:
+ * - NFPROTO_IPSET_IPV46: type supports both IPv4 and IPv6
*/
-
-/* Set dimensions */
enum {
- IPSET_DIM_ONE, /* foo */
- IPSET_DIM_TWO, /* foo,bar */
- IPSET_DIM_THREE, /* foo,bar,fie */
- IPSET_DIM_MAX,
+ NFPROTO_IPSET_IPV46 = 255,
};
+/* The maximal type dimension userspace supports */
+#define IPSET_DIM_UMAX 3
+
/* Parser options */
enum {
IPSET_NO_ARG = -1,
uint8_t dimension; /* elem dimension */
int8_t kernel_check; /* kernel check */
bool last_elem_optional; /* last element optional */
- struct ipset_elem elem[IPSET_DIM_MAX]; /* parse elem */
+ struct ipset_elem elem[IPSET_DIM_UMAX]; /* parse elem */
ipset_parsefn compat_parse_elem; /* compatibility parser */
const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args besides elem */
uint64_t mandatory[IPSET_CADT_MAX]; /* create/ADT mandatory flags */
* published by the Free Software Foundation.
*/
+#include <linux/types.h>
#include <linux/netlink.h>
/* The protocol version */
IPSET_CADT_MAX,
};
-#ifdef __KERNEL__
-#include <linux/ip.h>
-#include <linux/ipv6.h>
-#include <linux/netlink.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter/x_tables.h>
-#include <linux/vmalloc.h>
-#include <net/netlink.h>
-
/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
* and IPSET_INVALID_ID if you want to increase the max number of sets.
*/
-typedef u16 ip_set_id_t;
+typedef __u16 ip_set_id_t;
#define IPSET_INVALID_ID 65535
IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
};
+#ifdef __KERNEL__
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/netlink.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/vmalloc.h>
+#include <net/netlink.h>
+
/* Set features */
enum ip_set_feature {
IPSET_TYPE_IP_FLAG = 0,
u8 features;
/* Set type dimension */
u8 dimension;
- /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */
+ /*
+ * Supported family: may be NFPROTO_UNSPEC for both
+ * NFPROTO_IPV4/NFPROTO_IPV6.
+ */
u8 family;
/* Type revisions */
u8 revision_min, revision_max;
return 4 * ((((b - a + 8) / 8) + 3) / 4);
}
+#endif /* __KERNEL__ */
+
/* Interface to iptables/ip6tables */
#define SO_IP_SET 83
unsigned version;
};
-#endif /* __KERNEL__ */
-
#endif /*_IP_SET_H */
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_INET;
+ set->family = NFPROTO_IPV4;
return true;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_ip_create,
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_INET;
+ set->family = NFPROTO_IPV4;
return true;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_MAC,
.dimension = IPSET_DIM_TWO,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_ipmac_create,
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_UNSPEC;
+ set->family = NFPROTO_UNSPEC;
return true;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_PORT,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_port_create,
#include <linux/spinlock.h>
#include <linux/netlink.h>
#include <linux/rculist.h>
+#ifdef IPSET_EXTERNAL_MODULE
#include <linux/version.h>
+#endif
#include <net/netlink.h>
#include <linux/netfilter.h>
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) &&
- (type->family == family || type->family == AF_UNSPEC) &&
+ (type->family == family || type->family == NFPROTO_UNSPEC) &&
revision >= type->revision_min &&
revision <= type->revision_max)
return type;
}
/* Unlock, try to load a set type module and lock again */
-static int
-try_to_load_type(const char *name)
+static bool
+load_settype(const char *name)
{
genl_unlock();
pr_debug("try to load ip_set_%s\n", name);
if (request_module("ip_set_%s", name) < 0) {
pr_warning("Can't find ip_set type %s\n", name);
genl_lock();
- return -IPSET_ERR_FIND_TYPE;
+ return false;
}
genl_lock();
- return -EAGAIN;
+ return true;
}
/* Find a set type and reference it */
+#define find_set_type_get(name, family, revision, found) \
+ __find_set_type_get(name, family, revision, found, false)
+
static int
-find_set_type_get(const char *name, u8 family, u8 revision,
- struct ip_set_type **found)
+__find_set_type_get(const char *name, u8 family, u8 revision,
+ struct ip_set_type **found, bool retry)
{
struct ip_set_type *type;
- unsigned int retry = 0;
int err;
-retry:
+ if (retry && !load_settype(name))
+ return -IPSET_ERR_FIND_TYPE;
+
rcu_read_lock();
*found = find_set_type(name, family, revision);
if (*found) {
err = !try_module_get((*found)->me) ? -EFAULT : 0;
goto unlock;
}
- /* Make sure the type is loaded but we don't support the revision */
+ /* Make sure the type is already loaded
+ * but we don't support the revision */
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name)) {
err = -IPSET_ERR_FIND_TYPE;
}
rcu_read_unlock();
- err = try_to_load_type(name);
- if (err == -EAGAIN && retry++ == 0)
- goto retry;
- return err;
+ return retry ? -IPSET_ERR_FIND_TYPE :
+ __find_set_type_get(name, family, revision, found, true);
unlock:
rcu_read_unlock();
* If we succeeded, the supported minimal and maximum revisions are
* filled out.
*/
+#define find_set_type_minmax(name, family, min, max) \
+ __find_set_type_minmax(name, family, min, max, false)
+
static int
-find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max)
+__find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max,
+ bool retry)
{
struct ip_set_type *type;
bool found = false;
- unsigned int retry = 0;
- int err;
-retry:
+ if (retry && !load_settype(name))
+ return -IPSET_ERR_FIND_TYPE;
+
*min = 255; *max = 0;
rcu_read_lock();
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) &&
- (type->family == family || type->family == AF_UNSPEC)) {
+ (type->family == family || type->family == NFPROTO_UNSPEC)) {
found = true;
if (type->revision_min < *min)
*min = type->revision_min;
if (found)
return 0;
- err = try_to_load_type(name);
- if (err == -EAGAIN && retry++ == 0)
- goto retry;
- return err;
+ return retry ? -IPSET_ERR_FIND_TYPE :
+ __find_set_type_minmax(name, family, min, max, true);
}
-#define family_name(f) ((f) == AF_INET ? "inet" : \
- (f) == AF_INET6 ? "inet6" : "any")
+#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \
+ (f) == NFPROTO_IPV6 ? "inet6" : "any")
/* Register a set type structure. The type is identified by
* the unique triple of name, family and revision.
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
read_lock_bh(&set->lock);
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
write_lock_bh(&set->lock);
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
write_lock_bh(&set->lock);
if (ret || !cb->args[2]) {
pr_debug("release set %s\n", ip_set_list[index]->name);
ip_set_put_byindex(index);
+ cb->args[2] = 0;
}
out:
if (nlh) {
return -IPSET_ERR_PROTOCOL;
genl_unlock();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 1, 0)
- ret = netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done, 0);
-#else
ret = netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0)
ip_set_dump_done);
+#else
+ ip_set_dump_done, 0);
#endif
genl_lock();
return ret;
ip_set_list = kzalloc(sizeof(struct ip_set *) * ip_set_max,
GFP_KERNEL);
- if (!ip_set_list) {
- pr_err("ip_set: Unable to create ip_set_list\n");
+ if (!ip_set_list)
return -ENOMEM;
- }
ret = genl_register_family_with_ops(&ip_set_netlink_subsys,
ip_set_netlink_subsys_cb, ARRAY_SIZE(ip_set_netlink_subsys_cb));
u8 proto;
switch (pf) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = ip_set_get_ip4_port(skb, src, port, &proto);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
ret = ip_set_get_ip6_port(skb, src, port, &proto);
break;
default:
u8 netmask, hbits;
struct ip_set_hash *h;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
- netmask = set->family == AF_INET ? 32 : 128;
+ netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
pr_debug("Create set %s with family %s\n",
- set->name, set->family == AF_INET ? "inet" : "inet6");
+ set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
if (tb[IPSET_ATTR_NETMASK]) {
netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
- if ((set->family == AF_INET && netmask > 32) ||
- (set->family == AF_INET6 && netmask > 128) ||
+ if ((set->family == NFPROTO_IPV4 && netmask > 32) ||
+ (set->family == NFPROTO_IPV6 && netmask > 128) ||
netmask == 0)
return -IPSET_ERR_INVALID_NETMASK;
}
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ip4_tvariant : &hash_ip6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ip4_gc_init(set);
else
hash_ip6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ip4_variant : &hash_ip6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = hash_ip_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipport4_tvariant : &hash_ipport6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipport4_gc_init(set);
else
hash_ipport6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipport4_variant : &hash_ipport6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* SCTP and UDPLITE support added */
.create = hash_ipport_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipportip4_gc_init(set);
else
hash_ipportip6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportip4_variant : &hash_ipportip6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
.dimension = IPSET_DIM_THREE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* SCTP and UDPLITE support added */
.create = hash_ipportip_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportnet4_tvariant
: &hash_ipportnet6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipportnet4_gc_init(set);
else
hash_ipportnet6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportnet4_variant : &hash_ipportnet6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
.dimension = IPSET_DIM_THREE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
/* 1 SCTP and UDPLITE support added */
.revision_max = 2, /* Range as input support for IPv4 added */
struct ip_set_hash *h;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_net4_tvariant : &hash_net6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_net4_gc_init(set);
else
hash_net6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_net4_variant : &hash_net6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* Range as input support for IPv4 added */
.create = hash_net_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netiface4_tvariant : &hash_netiface6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_netiface4_gc_init(set);
else
hash_netiface6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netiface4_variant : &hash_netiface6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_IFACE,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.create = hash_netiface_create,
.create_policy = {
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netport4_tvariant : &hash_netport6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_netport4_gc_init(set);
else
hash_netport6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netport4_variant : &hash_netport6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
/* 1 SCTP and UDPLITE support added */
.revision_max = 2, /* Range as input support for IPv4 added */
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_NAME | IPSET_DUMP_LAST,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = list_set_create,
#include <arpa/inet.h> /* ntoh* */
#include <net/ethernet.h> /* ETH_ALEN */
#include <net/if.h> /* IFNAMSIZ */
-#include <sys/socket.h> /* AF_ */
#include <stdlib.h> /* malloc, free */
#include <string.h> /* memset */
static void
copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value)
{
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
in4cpy(&ip->in, value);
else
in6cpy(&ip->in6, value);
break;
/* CADT options */
case IPSET_OPT_IP:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->ip, value);
break;
case IPSET_OPT_IP_TO:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->ip_to, value);
break;
ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN);
break;
case IPSET_OPT_IP2:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->adt.ip2, value);
break;
case IPSET_OPT_IP2_TO:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->adt.ip2_to, value);
break;
case IPSET_OPT_IP_TO:
case IPSET_OPT_IP2:
case IPSET_OPT_IP2_TO:
- return family == AF_INET ? sizeof(uint32_t)
+ return family == NFPROTO_IPV4 ? sizeof(uint32_t)
: sizeof(struct in6_addr);
case IPSET_OPT_PORT:
case IPSET_OPT_PORT_TO:
* @data: data blob
*
* Return the INET family supported by the set from the data blob.
- * If the family is not set yet, AF_UNSPEC is returned.
+ * If the family is not set yet, NFPROTO_UNSPEC is returned.
*/
uint8_t
ipset_data_family(const struct ipset_data *data)
{
assert(data);
return ipset_data_test(data, IPSET_OPT_FAMILY)
- ? data->family : AF_UNSPEC;
+ ? data->family : NFPROTO_UNSPEC;
}
/**
{
assert(data);
return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr :
- data->family == AF_INET ? 32 :
- data->family == AF_INET6 ? 128 : 0;
+ data->family == NFPROTO_IPV4 ? 32 :
+ data->family == NFPROTO_IPV6 ? 128 : 0;
}
/**
d = mnl_attr_get_payload(
ipattr[IPSET_ATTR_IPADDR_IPV4]);
- inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN);
+ inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN);
fprintf(stderr, "\t\t%s: %s\n",
attr2name[i].name, addr);
} else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) {
d = mnl_attr_get_payload(
ipattr[IPSET_ATTR_IPADDR_IPV6]);
- inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN);
+ inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN);
fprintf(stderr, "\t\t%s: %s\n",
attr2name[i].name, addr);
}
tmp = a;
goto parse_port;
case IPPROTO_ICMP:
- if (family != AF_INET) {
+ if (family != NFPROTO_IPV4) {
syntax_err("Protocol ICMP can be used "
"with family INET only");
goto error;
err = ipset_parse_icmp(session, opt, a);
break;
case IPPROTO_ICMPV6:
- if (family != AF_INET6) {
+ if (family != NFPROTO_IPV6) {
syntax_err("Protocol ICMPv6 can be used "
"with family INET6 only");
goto error;
"multiple times");
if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4"))
- family = AF_INET;
+ family = NFPROTO_IPV4;
else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6"))
- family = AF_INET6;
+ family = NFPROTO_IPV6;
else if (STREQ(str, "any") || STREQ(str, "unspec"))
- family = AF_UNSPEC;
+ family = NFPROTO_UNSPEC;
else
return syntax_err("unknown INET family %s", str);
if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) {
syntax_err("cannot resolve '%s' to an %s address: %s",
- str, family == AF_INET6 ? "IPv6" : "IPv4",
+ str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4",
gai_strerror(err));
return NULL;
} else
uint8_t family)
{
struct addrinfo *i;
- size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in)
+ size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in)
: sizeof(struct sockaddr_in6);
int found, err = 0;
if ((*info = call_getaddrinfo(session, str, family)) == NULL) {
syntax_err("cannot parse %s: resolving to %s address failed",
- str, family == AF_INET ? "IPv4" : "IPv6");
+ str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
return EINVAL;
}
if (i->ai_family != family || i->ai_addrlen != addrlen)
continue;
if (found == 0) {
- if (family == AF_INET) {
+ if (family == NFPROTO_IPV4) {
/* Workaround: direct cast increases
* required alignment on Sparc
*/
if (found == 0)
return syntax_err("cannot parse %s: "
"%s address could not be resolved",
- str, family == AF_INET ? "IPv4" : "IPv6");
+ str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
return err;
}
enum ipset_opt opt, const char *str,
uint8_t family)
{
- uint8_t m = family == AF_INET ? 32 : 128;
+ uint8_t m = family == NFPROTO_IPV4 ? 32 : 128;
int aerr = EINVAL, err = 0, range = 0;
char *saved = strdup(str);
char *a, *tmp = saved;
{
char *a = cidr_separator(str);
- return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128");
+ return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128");
}
static int
struct ipset_data *data = ipset_session_data(session);
uint8_t family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
- return family == AF_INET ? ipset_parse_ip(session, opt, str)
+ return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str)
: ipset_parse_single_ip(session, opt, str);
}
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
- return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY)
+ return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY)
: ipset_parse_ipnet(session, opt, str);
}
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
err = string_to_cidr(session, str,
- family == AF_INET ? 1 : 4,
- family == AF_INET ? 31 : 124,
+ family == NFPROTO_IPV4 ? 1 : 4,
+ family == NFPROTO_IPV4 ? 31 : 124,
&cidr);
if (err)
return syntax_err("netmask is out of the inclusive range "
"of %u-%u",
- family == AF_INET ? 1 : 4,
- family == AF_INET ? 31 : 124);
+ family == NFPROTO_IPV4 ? 1 : 4,
+ family == NFPROTO_IPV4 ? 31 : 124);
return ipset_data_set(data, opt, &cidr);
}
#define parse_elem(s, t, d, str) \
do { \
- if (!(t)->elem[d].parse) \
+ if (!(t)->elem[d - 1].parse) \
goto internal; \
- ret = (t)->elem[d].parse(s, (t)->elem[d].opt, str); \
+ ret = (t)->elem[d - 1].parse(s, (t)->elem[d - 1].opt, str); \
if (ret) \
goto out; \
} while (0)
} else if (a != NULL) {
if (type->compat_parse_elem) {
ret = type->compat_parse_elem(session,
- type->elem[IPSET_DIM_ONE].opt,
+ type->elem[IPSET_DIM_ONE - 1].opt,
saved);
goto out;
}
memset(&saddr, 0, sizeof(saddr));
in4cpy(&saddr.sin_addr, &addr->in);
- saddr.sin_family = AF_INET;
+ saddr.sin_family = NFPROTO_IPV4;
err = getnameinfo((const struct sockaddr *)&saddr,
sizeof(saddr),
memset(&saddr, 0, sizeof(saddr));
in6cpy(&saddr.sin6_addr, &addr->in6);
- saddr.sin6_family = AF_INET6;
+ saddr.sin6_family = NFPROTO_IPV6;
err = getnameinfo((const struct sockaddr *)&saddr,
sizeof(saddr),
cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
D("CIDR: %u", cidr);
} else
- cidr = family == AF_INET6 ? 128 : 32;
+ cidr = family == NFPROTO_IPV6 ? 128 : 32;
flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
ip = ipset_data_get(data, opt);
assert(ip);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
size = snprintf_ipv4(buf, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
size = snprintf_ipv6(buf, len, flags, ip, cidr);
else
return -1;
SNPRINTF_FAILURE(size, len, offset);
ip = ipset_data_get(data, IPSET_OPT_IP_TO);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
size = snprintf_ipv4(buf + offset, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
size = snprintf_ipv6(buf + offset, len, flags, ip, cidr);
else
return -1;
if (ipset_data_test(data, cidropt))
cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
else
- cidr = family == AF_INET6 ? 128 : 32;
+ cidr = family == NFPROTO_IPV6 ? 128 : 32;
flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
ip = ipset_data_get(data, opt);
assert(ip);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
return snprintf_ipv4(buf, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
return snprintf_ipv6(buf, len, flags, ip, cidr);
return -1;
if (!type)
return -1;
- size = type->elem[IPSET_DIM_ONE].print(buf, len, data,
- type->elem[IPSET_DIM_ONE].opt, env);
+ size = type->elem[IPSET_DIM_ONE - 1].print(buf, len, data,
+ type->elem[IPSET_DIM_ONE - 1].opt, env);
SNPRINTF_FAILURE(size, len, offset);
- IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt),
+ IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt),
"print second elem");
if (type->dimension == IPSET_DIM_ONE ||
(type->last_elem_optional &&
- !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt)))
+ !ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt)))
return offset;
size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR);
SNPRINTF_FAILURE(size, len, offset);
- size = type->elem[IPSET_DIM_TWO].print(buf + offset, len, data,
- type->elem[IPSET_DIM_TWO].opt, env);
+ size = type->elem[IPSET_DIM_TWO - 1].print(buf + offset, len, data,
+ type->elem[IPSET_DIM_TWO - 1].opt, env);
SNPRINTF_FAILURE(size, len, offset);
if (type->dimension == IPSET_DIM_TWO ||
(type->last_elem_optional &&
- !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt)))
+ !ipset_data_test(data, type->elem[IPSET_DIM_THREE - 1].opt)))
return offset;
size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR);
SNPRINTF_FAILURE(size, len, offset);
- size = type->elem[IPSET_DIM_THREE].print(buf + offset, len, data,
- type->elem[IPSET_DIM_THREE].opt, env);
+ size = type->elem[IPSET_DIM_THREE - 1].print(buf + offset, len, data,
+ type->elem[IPSET_DIM_THREE - 1].opt, env);
SNPRINTF_FAILURE(size, len, offset);
return offset;
/* Validate by hand */
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
atype = IPSET_ATTR_IPADDR_IPV4;
if (!ipattr[atype])
FAILURE("Broken kernel message: IPv4 address "
"cannot validate IPv4 "
"address attribute!");
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
atype = IPSET_ATTR_IPADDR_IPV6;
if (!ipattr[atype])
FAILURE("Broken kernel message: IPv6 address "
}
#define FAMILY_TO_STR(f) \
- ((f) == AF_INET ? "inet" : \
- (f) == AF_INET6 ? "inet6" : "any")
+ ((f) == NFPROTO_IPV4 ? "inet" : \
+ (f) == NFPROTO_IPV6 ? "inet6" : "any")
static int
list_create(struct ipset_session *session, struct nlattr *nla[])
return attr->len;
*flags = NLA_F_NET_BYTEORDER;
- return family == AF_INET ? sizeof(uint32_t)
+ return family == NFPROTO_IPV4 ? sizeof(uint32_t)
: sizeof(struct in6_addr);
case MNL_TYPE_U32:
*flags = NLA_F_NET_BYTEORDER;
if (attr->type == MNL_TYPE_NESTED) {
/* IP addresses */
struct nlattr *nested;
- int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4
+ int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4
: IPSET_ATTR_IPADDR_IPV6;
alen = attr_len(attr, family, &flags);
MNL_ATTR_HDRLEN, alen))
return 1;
nested = mnl_attr_nest_start(nlh, type);
- D("family: %s", family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC");
+ D("family: %s", family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC");
mnl_attr_put(nlh, atype | flags, alen, d);
mnl_attr_nest_end(nlh, nested);
data2attr(session, nlh, data, type, family, attrs)
#define ADDATTR_SETNAME(session, nlh, data) \
- data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs)
+ data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs)
#define ADDATTR_IF(session, nlh, data, type, family, attrs) \
ipset_data_test(data, attrs[type].opt) ? \
data2attr(session, nlh, data, type, family, attrs) : 0
#define ADDATTR_RAW(session, nlh, data, type, attrs) \
- rawdata2attr(session, nlh, data, type, AF_INET, attrs)
+ rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs)
static void
addattr_create(struct ipset_session *session,
"Invalid internal TYPE command: "
"missing settype");
ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
if (ipset_data_test(data, IPSET_OPT_FAMILY))
ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
else
/* bitmap:port and list:set types */
- mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
break;
default:
return ipset_err(session, "Internal error: "
* setname, typename, revision, family, flags (optional) */
ADDATTR_SETNAME(session, nlh, data);
ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
ADDATTR_RAW(session, nlh, &type->revision,
IPSET_ATTR_REVISION, cmd_attrs);
D("family: %u, type family %u",
ipset_data_family(data), type->family);
if (ipset_data_test(data, IPSET_OPT_FAMILY))
ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
else
/* bitmap:port and list:set types */
- mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
/* Type-specific create attributes */
D("call open_nested");
ADDATTR_SETNAME(session, nlh, data);
if (flags && session->mode != IPSET_LIST_SAVE) {
ipset_data_set(data, IPSET_OPT_FLAGS, &flags);
- ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET,
+ ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4,
cmd_attrs);
}
break;
}
#define MATCH_FAMILY(type, f) \
- (f == AF_UNSPEC || type->family == f || type->family == AF_INET46)
+ (f == NFPROTO_UNSPEC || type->family == f || \
+ type->family == NFPROTO_IPSET_IPV46)
bool
ipset_match_typename(const char *name, const struct ipset_type *type)
typename);
/* Family is unspecified yet: set from matching set type */
- if (family == AF_UNSPEC && match->family != AF_UNSPEC) {
- family = match->family == AF_INET46 ? AF_INET : match->family;
+ if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) {
+ family = match->family == NFPROTO_IPSET_IPV46 ?
+ NFPROTO_IPV4 : match->family;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
"with maximal revision %u.\n"
"You need to upgrade your ipset program.",
typename,
- family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC",
+ family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
kmin, tmax);
else
return ipset_errptr(session,
"with minimal revision %u.\n"
"You need to upgrade your kernel.",
typename,
- family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC",
+ family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
kmax, tmin);
}
}
#define set_family_and_type(data, match, family) do { \
- if (family == AF_UNSPEC && match->family != AF_UNSPEC) \
- family = match->family == AF_INET46 ? AF_INET : match->family;\
+ if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \
+ family = match->family == NFPROTO_IPSET_IPV46 ? \
+ NFPROTO_IPV4 : match->family;\
ipset_data_set(data, IPSET_OPT_FAMILY, &family); \
ipset_data_set(data, IPSET_OPT_TYPE, match); \
} while (0)
const struct ipset_type *match;
const char *setname, *typename;
const uint8_t *revision;
- uint8_t family = AF_UNSPEC;
+ uint8_t family = NFPROTO_UNSPEC;
int ret;
data = ipset_session_data(session);
"ipset library does not support the "
"settype with that family and revision.",
setname, typename,
- family == AF_INET ? "inet" :
- family == AF_INET6 ? "inet6" : "unspec",
+ family == NFPROTO_IPV4 ? "inet" :
+ family == NFPROTO_IPV6 ? "inet6" : "unspec",
*revision);
set_family_and_type(data, match, family);
const struct ipset_type *t, *match = NULL;
struct ipset_data *data;
const char *typename;
- uint8_t family = AF_UNSPEC, revision;
+ uint8_t family = NFPROTO_UNSPEC, revision;
assert(session);
data = ipset_session_data(session);
#include <libipset/utils.h> /* STREQ */
static char program_name[] = "ipset";
-static char program_version[] = "6.8-genl-xta";
+static char program_version[] = "6.9.1-genl-xta";
static struct ipset_session *session;
static uint32_t restore_line;
session_family(void)
{
switch (ipset_data_family(ipset_session_data(session))) {
- case AF_INET:
+ case NFPROTO_IPV4:
return "inet";
- case AF_INET6:
+ case NFPROTO_IPV6:
return "inet6";
default:
return "unspec";
type->name, type->usage);
if (type->usagefn)
type->usagefn();
- if (type->family == AF_UNSPEC)
+ if (type->family == NFPROTO_UNSPEC)
printf("\nType %s is family neutral.\n",
type->name);
- else if (type->family == AF_INET46)
+ else if (type->family == NFPROTO_IPSET_IPV46)
printf("\nType %s supports INET "
"and INET6.\n",
type->name);
printf("\nType %s supports family "
"%s only.\n",
type->name,
- type->family == AF_INET
+ type->family == NFPROTO_IPV4
? "INET" : "INET6");
} else {
printf("\nSupported set types:\n");
.name = "bitmap:ip",
.alias = { "ipmap", NULL },
.revision = 0,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
.name = "bitmap:ip,mac",
.alias = { "macipmap", NULL },
.revision = 0,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.dimension = IPSET_DIM_TWO,
.last_elem_optional = true,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_single_ip,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_ether,
.print = ipset_print_ether,
.opt = IPSET_OPT_ETHER
.name = "bitmap:port",
.alias = { "portmap", NULL },
.revision = 0,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_tcp_port,
.print = ipset_print_port,
.opt = IPSET_OPT_PORT
.name = "hash:ip",
.alias = { "iphash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
.name = "hash:ip,port",
.alias = { "ipporthash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
},
- [IPSET_DIM_THREE] = {
+ [IPSET_DIM_THREE - 1] = {
.parse = ipset_parse_single_ip,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP2
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
},
- [IPSET_DIM_THREE] = {
+ [IPSET_DIM_THREE - 1] = {
.parse = ipset_parse_ipnet,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP2
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
.revision = 2,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_single6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
},
- [IPSET_DIM_THREE] = {
+ [IPSET_DIM_THREE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP2
.name = "hash:net",
.alias = { "nethash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ipnet,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
.name = "hash:net",
.alias = { "nethash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
.name = "hash:net,iface",
.alias = { "netifacehash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_iface,
.print = ipset_print_iface,
.opt = IPSET_OPT_IFACE
.name = "hash:net,port",
.alias = { "netporthash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ipnet,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
.name = "hash:net,port",
.alias = { "netporthash", NULL },
.revision = 2,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_ip4_net6,
.print = ipset_print_ip,
.opt = IPSET_OPT_IP
},
- [IPSET_DIM_TWO] = {
+ [IPSET_DIM_TWO - 1] = {
.parse = ipset_parse_proto_port,
.print = ipset_print_proto_port,
.opt = IPSET_OPT_PORT
.name = "list:set",
.alias = { "setlist", NULL },
.revision = 0,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.dimension = IPSET_DIM_ONE,
.elem = {
- [IPSET_DIM_ONE] = {
+ [IPSET_DIM_ONE - 1] = {
.parse = ipset_parse_setname,
.print = ipset_print_name,
.opt = IPSET_OPT_NAME
#include <linux/module.h>
#include <linux/skbuff.h>
-#include <linux/version.h>
#include <linux/netfilter/x_tables.h>
#include "xt_set.h"
struct xt_set_info_target_v2 {
struct xt_set_info add_set;
struct xt_set_info del_set;
- u32 flags;
- u32 timeout;
+ __u32 flags;
+ __u32 timeout;
};
#endif /*_XT_SET_H*/
projects / thirdparty / xtables-addons.git / commitdiff
