diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2010-04-22 16:50:57 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2010-04-22 16:50:57 +0200 |
commit | 1e6e8bd9a62aa7cd72e13db9355badc96df18ee8 (patch) | |
tree | 19042a6421635611d01370cf1d811462bcd648f4 /src/ipset_bitmap_ipmac.c | |
parent | f713cb1e105740c29c0a0906f4eb0ba375f64491 (diff) |
Third stage to ipset-5
Refresh existing files in src/ with the new content.
Diffstat (limited to 'src/ipset_bitmap_ipmac.c')
-rw-r--r-- | src/ipset_bitmap_ipmac.c | 471 |
1 files changed, 93 insertions, 378 deletions
diff --git a/src/ipset_bitmap_ipmac.c b/src/ipset_bitmap_ipmac.c index fb97cae..4985fc4 100644 --- a/src/ipset_bitmap_ipmac.c +++ b/src/ipset_bitmap_ipmac.c @@ -1,382 +1,97 @@ -/* Copyright 2000, 2001, 2002 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Martin Josefsson (gandalf@wlug.westbo.se) +/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. */ - - -#include <stdio.h> /* *printf */ -#include <stdlib.h> /* mem* */ -#include <string.h> /* str* */ -#include <net/ethernet.h> /* ETH_ALEN */ - -#include "ipset.h" - -#include <linux/netfilter_ipv4/ip_set_macipmap.h> - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U -#define OPT_CREATE_NETWORK 0x04U -#define OPT_CREATE_MATCHUNSET 0x08U - -#define OPT_ADDDEL_IP 0x01U -#define OPT_ADDDEL_MAC 0x02U - -/* Initialize the create. */ -static void -macipmap_create_init(void *data UNUSED) -{ - DP("create INIT"); - /* Nothing */ -} - -/* Function which parses command options; returns true if it ate an option */ -static int -macipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_macipmap_create *mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '2': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '3': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - mydata->to = mydata->from | (~mydata->to); - - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - case '4': - mydata->flags |= IPSET_MACIP_MATCHUNSET; - - *flags |= OPT_CREATE_MATCHUNSET; - - DP("--matchunset"); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -macipmap_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_macipmap_create *mydata = data; - - if (flags == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else { - /* --from --to */ - if ((flags & OPT_CREATE_FROM) == 0 - || (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - - DP("from : %x to: %x diff: %d match unset: %d", mydata->from, - mydata->to, mydata->to - mydata->from, - flags & OPT_CREATE_MATCHUNSET); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {.name = "network", .has_arg = required_argument, .val = '3'}, - {.name = "matchunset", .has_arg = no_argument, .val = '4'}, - {NULL}, +#include <libipset/data.h> /* IPSET_OPT_* */ +#include <libipset/parse.h> /* parser functions */ +#include <libipset/print.h> /* printing functions */ +#include <libipset/types.h> /* prototypes */ + +/* Parse commandline arguments */ +static const struct ipset_arg bitmap_ipmac_create_args[] = { + { .name = { "range", "--range", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_netrange, .print = ipset_print_ip, + }, + { .name = { "timeout", "--timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + /* Backward compatibility */ + { .name = { "--from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_single_ip, + }, + { .name = { "--to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_single_ip, + }, + { .name = { "--network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_net, + }, + { }, +}; + +static const struct ipset_arg bitmap_ipmac_add_args[] = { + { .name = { "timeout", "--timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { }, +}; + +static const char bitmap_ipmac_usage[] = +"create SETNAME bitmap:ip,mac range IP/CIDR|FROM-TO\n" +" [matchunset] [timeout VALUE]\n" +"add SETNAME IP[,MAC] [timeout VALUE]\n" +"del SETNAME IP[,MAC]\n" +"test SETNAME IP[,MAC]\n"; + +struct ipset_type ipset_bitmap_ipmac0 = { + .name = "bitmap:ip,mac", + .alias = "macipmap", + .revision = 0, + .family = AF_INET, + .dimension = IPSET_DIM_TWO, + .last_elem_optional = true, + .elem = { + [IPSET_DIM_ONE] = { + .parse = ipset_parse_single_ip, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO] = { + .parse = ipset_parse_ether, + .print = ipset_print_ether, + .opt = IPSET_OPT_ETHER + }, + }, + .args = { + [IPSET_CREATE] = bitmap_ipmac_create_args, + [IPSET_ADD] = bitmap_ipmac_add_args, + }, + .mandatory = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + }, + + .usage = bitmap_ipmac_usage, }; - -static void -parse_mac(const char *mac, unsigned char *ethernet) -{ - unsigned int i = 0; - - if (strlen(mac) != ETH_ALEN * 3 - 1) - exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac); - - for (i = 0; i < ETH_ALEN; i++) { - long number; - char *end; - - number = strtol(mac + i * 3, &end, 16); - - if (end == mac + i * 3 + 2 && number >= 0 && number <= 255) - ethernet[i] = number; - else - exit_error(PARAMETER_PROBLEM, - "Bad mac address `%s'", mac); - } -} - -/* Add, del, test parser */ -static ip_set_ip_t -macipmap_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_macipmap *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - - DP("macipmap: %p %p", arg, data); - - ptr = strsep(&tmp, ","); - if (!tmp) { - tmp = saved; - ptr = strsep(&tmp, ":%"); - if (tmp && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,mac.\n" - "Next release won't support old separator tokens.\n"); - } - parse_ip(ptr, &mydata->ip); - - if (tmp) - parse_mac(tmp, mydata->ethernet); - else - memset(mydata->ethernet, 0, ETH_ALEN); - - free(saved); - - return 1; -} - -/* - * Print and save - */ - -static void -macipmap_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_macipmap_create *header = data; - struct ip_set_macipmap *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_macipmap)); - map->first_ip = header->from; - map->last_ip = header->to; - map->flags = header->flags; -} - -static void -macipmap_printheader(struct set *set, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - - if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) - printf(" matchunset"); - printf("\n"); -} - -static void -print_mac(unsigned char macaddress[ETH_ALEN]) -{ - unsigned int i; - - printf("%02X", macaddress[0]); - for (i = 1; i < ETH_ALEN; i++) - printf(":%02X", macaddress[i]); -} - -static inline void -__macipmap_printips_sorted(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - struct ip_set_macip *table = data; - u_int32_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - if (table[addr - mysetdata->first_ip].match) { - printf("%s,", ip_tostring(addr, options)); - print_mac(table[addr - mysetdata->first_ip]. - ethernet); - printf("\n"); - } - addr++; - } -} - -static void -macipmap_printips_sorted(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - struct ip_set_req_macipmap *d; - size_t offset = 0; - - if (dont_align) - return __macipmap_printips_sorted(set, data, len, options); - - while (offset < len) { - d = data + offset; - printf("%s,", ip_tostring(d->ip, options)); - print_mac(d->ethernet); - printf("\n"); - offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - } -} - -static void -macipmap_saveheader(struct set *set, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", ip_tostring(mysetdata->last_ip, options)); - - if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) - printf(" --matchunset"); - printf("\n"); -} - -static inline void -__macipmap_saveips(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - struct ip_set_macip *table = data; - u_int32_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - if (table[addr - mysetdata->first_ip].match) { - printf("-A %s %s,", - set->name, ip_tostring(addr, options)); - print_mac(table[addr - mysetdata->first_ip]. - ethernet); - printf("\n"); - } - addr++; - } -} - -static void -macipmap_saveips(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - struct ip_set_req_macipmap *d; - size_t offset = 0; - - if (dont_align) - return __macipmap_saveips(set, data, len, options); - - while (offset < len) { - d = data + offset; - printf("-A %s %s,", set->name, ip_tostring(d->ip, options)); - print_mac(d->ethernet); - printf("\n"); - offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - } -} - -static void -macipmap_usage(void) -{ - printf - ("-N set macipmap --from IP --to IP [--matchunset]\n" - "-N set macipmap --network IP/mask [--matchunset]\n" - "-A set IP[,MAC]\n" - "-D set IP[,MAC]\n" - "-T set IP[,MAC]\n"); -} - -static struct settype settype_macipmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_macipmap_create), - .create_init = macipmap_create_init, - .create_parse = macipmap_create_parse, - .create_final = macipmap_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_macipmap), - .adt_parser = macipmap_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_macipmap), - .initheader = macipmap_initheader, - .printheader = macipmap_printheader, - .printips = macipmap_printips_sorted, - .printips_sorted = macipmap_printips_sorted, - .saveheader = macipmap_saveheader, - .saveips = macipmap_saveips, - - .usage = macipmap_usage, -}; - -CONSTRUCTOR(macipmap) -{ - settype_register(&settype_macipmap); - -} |