diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org> | 2004-12-01 09:07:34 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org> | 2004-12-01 09:07:34 +0000 |
commit | def84eeeae05416e161f884e62f7b195e0079b5c (patch) | |
tree | b7026994d2b3c9f26fb3b6ae207d45820fcd5f73 /libipt_set.h | |
parent | 2355fa04a57fad51f9b16c911463f7feb7f2273c (diff) |
ipset 2.0 committed
Diffstat (limited to 'libipt_set.h')
-rw-r--r-- | libipt_set.h | 103 |
1 files changed, 8 insertions, 95 deletions
diff --git a/libipt_set.h b/libipt_set.h index 8180f7c..0d5ab5d 100644 --- a/libipt_set.h +++ b/libipt_set.h @@ -16,117 +16,30 @@ static int get_set_getsockopt(void *data, size_t * size) return getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size); } -static void get_set_byname(const char *setname, struct ipt_set_info *info) -{ - struct ip_set_req_get req; - int size = sizeof(struct ip_set_req_get); - int res; - - req.op = IP_SET_OP_GETSET_BYNAME; - strncpy(req.name, setname, IP_SET_MAXNAMELEN); - req.name[IP_SET_MAXNAMELEN - 1] = '\0'; - res = get_set_getsockopt(&req, &size); - if (res != 0) - exit_error(OTHER_PROBLEM, - "Problem when communicating with ipset. errno=%d.\n", - errno); - if (size != sizeof(struct ip_set_req_get)) - exit_error(OTHER_PROBLEM, - "Incorrect return size from kernel during ipset lookup, " - "(want %d, got %d)\n", - sizeof(struct ip_set_req_get), size); - if (req.id < 0) - exit_error(PARAMETER_PROBLEM, - "Set %s doesn't exist.\n", setname); - - info->id = req.id; -} - -static void get_set_byid(char * setname, unsigned id) -{ - struct ip_set_req_get req; - int size = sizeof(struct ip_set_req_get); - int res; - - req.op = IP_SET_OP_GETSET_BYID; - req.id = id; - res = get_set_getsockopt(&req, &size); - if (res != 0) - exit_error(OTHER_PROBLEM, - "Problem when communicating with ipset. errno=%d.\n", - errno); - if (size != sizeof(struct ip_set_req_get)) - exit_error(OTHER_PROBLEM, - "Incorrect return size from kernel during ipset lookup, " - "(want %d, got %d)\n", - sizeof(struct ip_set_req_get), size); - if (req.id < 0) - exit_error(PARAMETER_PROBLEM, - "Set id %i in kernel doesn't exist.\n", id); - - strncpy(setname, req.name, IP_SET_MAXNAMELEN); -} - static void -parse_pool(const char *optarg, struct ipt_set_info *info) +parse_bindings(const char *optarg, struct ipt_set_info *info) { char *saved = strdup(optarg); char *ptr, *tmp = saved; - - ptr = strsep(&tmp, ":"); - get_set_byname(ptr, info); + int i = 0; - while (info->set_level < IP_SET_SETIP_LEVELS && tmp) { + while (i < IP_SET_MAX_BINDINGS && tmp != NULL) { ptr = strsep(&tmp, ","); if (strncmp(ptr, "src", 3) == 0) - info->flags[info->set_level++] |= IPSET_SRC; + info->flags[i++] |= IPSET_SRC; else if (strncmp(ptr, "dst", 3) == 0) - info->flags[info->set_level++] |= IPSET_DST; + info->flags[i++] |= IPSET_DST; else exit_error(PARAMETER_PROBLEM, "You must spefify (the comma separated list of) 'src' or 'dst'."); } - if (tmp || info->set_level >= IP_SET_SETIP_LEVELS) + if (tmp) exit_error(PARAMETER_PROBLEM, - "Defined childset level is deeper that %i.", - IP_SET_SETIP_LEVELS); + "Can't follow bindings deeper than %i.", + IP_SET_MAX_BINDINGS - 1); free(saved); } -static int -parse_ipflags(const char *optarg, struct ipt_set_info *info) -{ - char *saved = strdup(optarg); - char *ptr, *tmp = saved; - int overwrite = 0; - - info->ip_level = info->set_level; - - while (info->ip_level < IP_SET_LEVELS && tmp) { - if (*tmp == '+') { - info->flags[info->ip_level] |= IPSET_ADD_OVERWRITE; - tmp++; - overwrite++; - } - ptr = strsep(&tmp, ","); - if (strncmp(ptr, "src", 3) == 0) - info->flags[info->ip_level++] |= IPSET_SRC; - else if (strncmp(ptr, "dst", 3) == 0) - info->flags[info->ip_level++] |= IPSET_DST; - else - exit_error(PARAMETER_PROBLEM, - "You must spefify (the comma separated list of) 'src' or 'dst'."); - } - - if (tmp || info->ip_level >= IP_SET_LEVELS) - exit_error(PARAMETER_PROBLEM, - "Defined level is deeper that %i.", - IP_SET_LEVELS); - - free(saved); - return overwrite; -} - #endif /*_LIBIPT_SET_H*/ |