diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
commit | 24b35d0b8950407ce85eefef18576d54f1e2c20e (patch) | |
tree | 8ecba4e1c02fb03cfab8ae0f37ab60b7455c137f /lib | |
parent | dd71826fcfcfcc8c36f0508cc183dd222da40452 (diff) |
Exceptions support added to hash:*net* types
The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:
ipset create test hash:net
ipset add test 192.168.0/24
ipset add test 192.168.0/30 nomatch
In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/data.c | 11 | ||||
-rw-r--r-- | lib/ipset_hash_ipportnet.c | 105 | ||||
-rw-r--r-- | lib/ipset_hash_net.c | 67 | ||||
-rw-r--r-- | lib/ipset_hash_netiface.c | 82 | ||||
-rw-r--r-- | lib/ipset_hash_netport.c | 89 | ||||
-rw-r--r-- | lib/parse.c | 4 | ||||
-rw-r--r-- | lib/print.c | 2 | ||||
-rw-r--r-- | lib/session.c | 21 | ||||
-rw-r--r-- | lib/types.c | 9 |
9 files changed, 375 insertions, 15 deletions
@@ -319,11 +319,20 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) case IPSET_OPT_PHYSDEV: cadt_flag_type_attr(data, opt, IPSET_FLAG_PHYSDEV); break; + case IPSET_OPT_NOMATCH: + cadt_flag_type_attr(data, opt, IPSET_FLAG_NOMATCH); + break; case IPSET_OPT_FLAGS: data->flags = *(const uint32_t *)value; break; case IPSET_OPT_CADT_FLAGS: data->cadt_flags = *(const uint32_t *)value; + if (data->cadt_flags & IPSET_FLAG_BEFORE) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_BEFORE)); + if (data->cadt_flags & IPSET_FLAG_PHYSDEV) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_PHYSDEV)); + if (data->cadt_flags & IPSET_FLAG_NOMATCH) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_NOMATCH)); break; default: return -1; @@ -432,6 +441,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) case IPSET_OPT_CADT_FLAGS: case IPSET_OPT_BEFORE: case IPSET_OPT_PHYSDEV: + case IPSET_OPT_NOMATCH: return &data->cadt_flags; default: return NULL; @@ -485,6 +495,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) /* Flags doesn't counted once :-( */ case IPSET_OPT_BEFORE: case IPSET_OPT_PHYSDEV: + case IPSET_OPT_NOMATCH: return sizeof(uint32_t); default: return 0; diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c index c4cf97e..0813b7d 100644 --- a/lib/ipset_hash_ipportnet.c +++ b/lib/ipset_hash_ipportnet.c @@ -252,3 +252,108 @@ struct ipset_type ipset_hash_ipportnet2 = { .usagefn = ipset_port_usage, }; +static const struct ipset_arg hash_ipportnet3_add_args[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_ipportnet3_usage[] = +"create SETNAME hash:ip,port,net\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE]\n" +"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n" +"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n" +"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n" +"where depending on the INET family\n" +" IP are valid IPv4 or IPv6 addresses (or hostnames),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" +" in both IP components are supported for IPv4.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +struct ipset_type ipset_hash_ipportnet3 = { + .name = "hash:ip,port,net", + .alias = { "ipportnethash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .args = { + [IPSET_CREATE] = hash_ipportnet_create_args, + [IPSET_ADD] = hash_ipportnet3_add_args, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + }, + + .usage = hash_ipportnet3_usage, + .usagefn = ipset_port_usage, +}; + diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c index 76269f0..0fd2608 100644 --- a/lib/ipset_hash_net.c +++ b/lib/ipset_hash_net.c @@ -162,3 +162,70 @@ struct ipset_type ipset_hash_net1 = { .usage = hash_net1_usage, }; +static const struct ipset_arg hash_net2_add_args[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_net2_usage[] = +"create SETNAME hash:net\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE]\n" +"add SETNAME IP[/CIDR]|FROM-TO [timeout VALUE] [nomatch]\n" +"del SETNAME IP[/CIDR]|FROM-TO\n" +"test SETNAME IP[/CIDR]\n\n" +"where depending on the INET family\n" +" IP is an IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" IP range is not supported with IPv6.\n"; + +struct ipset_type ipset_hash_net2 = { + .name = "hash:net", + .alias = { "nethash", NULL }, + .revision = 2, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + }, + .args = { + [IPSET_CREATE] = hash_net_create_args, + [IPSET_ADD] = hash_net2_add_args, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR), + }, + + .usage = hash_net2_usage, +}; + diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c index 51d9cad..880ba7d 100644 --- a/lib/ipset_hash_netiface.c +++ b/lib/ipset_hash_netiface.c @@ -118,3 +118,85 @@ struct ipset_type ipset_hash_netiface0 = { .usage = hash_netiface_usage, }; +static const struct ipset_arg hash_netiface1_add_args[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_netiface1_usage[] = +"create SETNAME hash:net,iface\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE]\n" +"add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" +"del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" +"test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements with IPv4 is supported.\n"; + +struct ipset_type ipset_hash_netiface1 = { + .name = "hash:net,iface", + .alias = { "netifacehash", NULL }, + .revision = 1, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_iface, + .print = ipset_print_iface, + .opt = IPSET_OPT_IFACE + }, + }, + .args = { + [IPSET_CREATE] = hash_netiface_create_args, + [IPSET_ADD] = hash_netiface1_add_args, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + }, + + .usage = hash_netiface1_usage, +}; + diff --git a/lib/ipset_hash_netport.c b/lib/ipset_hash_netport.c index af6adf1..b910c81 100644 --- a/lib/ipset_hash_netport.c +++ b/lib/ipset_hash_netport.c @@ -197,3 +197,92 @@ struct ipset_type ipset_hash_netport2 = { .usage = hash_netport2_usage, .usagefn = ipset_port_usage, }; + +static const struct ipset_arg hash_netport3_add_args[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_netport3_usage[] = +"create SETNAME hash:net,port\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE]\n" +"add SETNAME IP[/CIDR]|FROM-TO,PROTO:PORT [timeout VALUE] [nomatch]\n" +"del SETNAME IP[/CIDR]|FROM-TO,PROTO:PORT\n" +"test SETNAME IP[/CIDR],PROTO:PORT\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements with IPv4 is supported.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +struct ipset_type ipset_hash_netport3 = { + .name = "hash:net,port", + .alias = { "netporthash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + }, + .args = { + [IPSET_CREATE] = hash_netport_create_args, + [IPSET_ADD] = hash_netport3_add_args, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO), + }, + + .usage = hash_netport3_usage, + .usagefn = ipset_port_usage, +}; diff --git a/lib/parse.c b/lib/parse.c index eeb253c..0ee34c3 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -1362,11 +1362,11 @@ ipset_parse_netmask(struct ipset_session *session, */ int ipset_parse_flag(struct ipset_session *session, - enum ipset_opt opt, const char *str UNUSED) + enum ipset_opt opt, const char *str) { assert(session); - return ipset_session_data_set(session, opt, NULL); + return ipset_session_data_set(session, opt, str); } /** diff --git a/lib/print.c b/lib/print.c index f04377f..662baae 100644 --- a/lib/print.c +++ b/lib/print.c @@ -501,7 +501,7 @@ ipset_print_iface(char *buf, unsigned int len, } name = ipset_data_get(data, opt); assert(name); - size = snprintf(buf, len, "%s", name); + size = snprintf(buf + offset, len, "%s", name); SNPRINTF_FAILURE(size, len, offset); return offset; } diff --git a/lib/session.c b/lib/session.c index 472b974..2ff463e 100644 --- a/lib/session.c +++ b/lib/session.c @@ -550,6 +550,8 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], struct ipset_data *data = session->data; const struct ipset_attr_policy *attr; const void *d; + uint32_t v32; + uint16_t v16; int ret; attr = &attrs[type]; @@ -560,7 +562,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], struct nlattr *ipattr[IPSET_ATTR_IPADDR_MAX+1] = {}; uint8_t family = ipset_data_family(data); int atype; - D("attr type %u", type); + D("IP attr type %u", type); if (mnl_attr_parse_nested(nla[type], ipaddr_attr_cb, ipattr) < 0) FAILURE("Broken kernel message, cannot validate " @@ -595,21 +597,16 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], } d = mnl_attr_get_payload(ipattr[atype]); } else if (nla[type]->nla_type & NLA_F_NET_BYTEORDER) { + D("netorder attr type %u", type); switch (attr->type) { case MNL_TYPE_U32: { - uint32_t value; - - value = ntohl(*(const uint32_t *)d); - - d = &value; + v32 = ntohl(*(const uint32_t *)d); + d = &v32; break; } case MNL_TYPE_U16: { - uint16_t value; - - value = ntohs(*(const uint16_t *)d); - - d = &value; + v16 = ntohs(*(const uint16_t *)d); + d = &v16; break; } default: @@ -617,6 +614,8 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], } } #ifdef IPSET_DEBUG + else + D("hostorder attr type %u", type); if (type == IPSET_ATTR_TYPENAME) D("nla typename %s", (const char *) d); #endif diff --git a/lib/types.c b/lib/types.c index 0b5826e..2c8e04f 100644 --- a/lib/types.c +++ b/lib/types.c @@ -26,13 +26,17 @@ extern struct ipset_type ipset_bitmap_port0; extern struct ipset_type ipset_hash_ip0; extern struct ipset_type ipset_hash_net0; extern struct ipset_type ipset_hash_net1; +extern struct ipset_type ipset_hash_net2; extern struct ipset_type ipset_hash_netport1; extern struct ipset_type ipset_hash_netport2; +extern struct ipset_type ipset_hash_netport3; extern struct ipset_type ipset_hash_netiface0; +extern struct ipset_type ipset_hash_netiface1; extern struct ipset_type ipset_hash_ipport1; extern struct ipset_type ipset_hash_ipportip1; extern struct ipset_type ipset_hash_ipportnet1; extern struct ipset_type ipset_hash_ipportnet2; +extern struct ipset_type ipset_hash_ipportnet3; extern struct ipset_type ipset_list_set0; /* Userspace cache of sets which exists in the kernel */ @@ -588,13 +592,16 @@ ipset_cache_fini(void) ipset_type_add(&ipset_hash_ip0); ipset_type_add(&ipset_hash_net0); ipset_type_add(&ipset_hash_net1); + ipset_type_add(&ipset_hash_net2); ipset_type_add(&ipset_hash_netport1); ipset_type_add(&ipset_hash_netport2); + ipset_type_add(&ipset_hash_netport3); ipset_type_add(&ipset_hash_netiface0); + ipset_type_add(&ipset_hash_netiface1); ipset_type_add(&ipset_hash_ipport1); ipset_type_add(&ipset_hash_ipportip1); ipset_type_add(&ipset_hash_ipportnet1); ipset_type_add(&ipset_hash_ipportnet2); + ipset_type_add(&ipset_hash_ipportnet3); ipset_type_add(&ipset_list_set0); } -
\ No newline at end of file |