diff options
49 files changed, 773 insertions, 675 deletions
diff --git a/include/libipset/data.h b/include/libipset/data.h index 7c7b5e1..3ba6f0a 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_DATA_H @@ -68,7 +68,7 @@ enum ipset_opt { #define IPSET_FLAGS_ALL (~0LL) #define IPSET_CREATE_FLAGS \ - ( IPSET_FLAG(IPSET_OPT_FAMILY) \ + (IPSET_FLAG(IPSET_OPT_FAMILY) \ | IPSET_FLAG(IPSET_OPT_TYPENAME)\ | IPSET_FLAG(IPSET_OPT_TYPE) \ | IPSET_FLAG(IPSET_OPT_IP) \ @@ -86,7 +86,7 @@ enum ipset_opt { | IPSET_FLAG(IPSET_OPT_SIZE)) #define IPSET_ADT_FLAGS \ - ( IPSET_FLAG(IPSET_OPT_IP) \ + (IPSET_FLAG(IPSET_OPT_IP) \ | IPSET_FLAG(IPSET_OPT_IP_TO) \ | IPSET_FLAG(IPSET_OPT_CIDR) \ | IPSET_FLAG(IPSET_OPT_PORT) \ @@ -114,8 +114,8 @@ extern bool ipset_data_ignored(struct ipset_data *data, enum ipset_opt opt); extern int ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value); -extern const void * ipset_data_get(const struct ipset_data *data, - enum ipset_opt opt); +extern const void *ipset_data_get(const struct ipset_data *data, + enum ipset_opt opt); static inline bool ipset_data_test(const struct ipset_data *data, enum ipset_opt opt) @@ -124,13 +124,13 @@ ipset_data_test(const struct ipset_data *data, enum ipset_opt opt) } /* Shortcuts */ -extern const char * ipset_data_setname(const struct ipset_data *data); +extern const char *ipset_data_setname(const struct ipset_data *data); extern uint8_t ipset_data_family(const struct ipset_data *data); extern uint8_t ipset_data_cidr(const struct ipset_data *data); extern uint64_t ipset_data_flags(const struct ipset_data *data); extern void ipset_data_reset(struct ipset_data *data); -extern struct ipset_data * ipset_data_init(void); +extern struct ipset_data *ipset_data_init(void); extern void ipset_data_fini(struct ipset_data *data); extern size_t ipset_data_sizeof(enum ipset_opt opt, uint8_t family); diff --git a/include/libipset/debug.h b/include/libipset/debug.h index b0f4dfd..b9d5479 100644 --- a/include/libipset/debug.h +++ b/include/libipset/debug.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_DEBUG_H @@ -12,7 +12,7 @@ #include <sys/socket.h> #include <linux/netlink.h> #define D(fmt, args...) \ - fprintf(stderr, "%s: %s: " fmt "\n", __FILE__, __FUNCTION__ , ## args) + fprintf(stderr, "%s: %s: " fmt "\n", __FILE__, __func__ , ## args) #define IF_D(test, fmt, args...) \ if (test) \ D(fmt , ## args) diff --git a/include/libipset/errcode.h b/include/libipset/errcode.h index ed56eb5..1593d89 100644 --- a/include/libipset/errcode.h +++ b/include/libipset/errcode.h @@ -1,7 +1,7 @@ /* Copyright 2007-2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_ERRCODE_H @@ -13,9 +13,9 @@ struct ipset_session; /* Kernel error code to message table */ struct ipset_errcode_table { - int errcode; /* error code returned by the kernel */ - enum ipset_cmd cmd; /* issued command */ - const char *message; /* error message the code translated to */ + int errcode; /* error code returned by the kernel */ + enum ipset_cmd cmd; /* issued command */ + const char *message; /* error message the code translated to */ }; extern int ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd, diff --git a/include/libipset/icmp.h b/include/libipset/icmp.h index 89604cd..e27fd4a 100644 --- a/include/libipset/icmp.h +++ b/include/libipset/icmp.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_ICMP_H @@ -9,8 +9,8 @@ #include <stdint.h> /* uintxx_t */ -extern const char * id_to_icmp(uint8_t id); -extern const char * icmp_to_name(uint8_t type, uint8_t code); +extern const char *id_to_icmp(uint8_t id); +extern const char *icmp_to_name(uint8_t type, uint8_t code); extern int name_to_icmp(const char *str, uint16_t *typecode); #endif /* LIBIPSET_ICMP_H */ diff --git a/include/libipset/icmpv6.h b/include/libipset/icmpv6.h index b23c822..8295445 100644 --- a/include/libipset/icmpv6.h +++ b/include/libipset/icmpv6.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_ICMPV6_H @@ -9,8 +9,8 @@ #include <stdint.h> /* uintxx_t */ -extern const char * id_to_icmpv6(uint8_t id); -extern const char * icmpv6_to_name(uint8_t type, uint8_t code); +extern const char *id_to_icmpv6(uint8_t id); +extern const char *icmpv6_to_name(uint8_t type, uint8_t code); extern int name_to_icmpv6(const char *str, uint16_t *typecode); #endif /* LIBIPSET_ICMPV6_H */ diff --git a/include/libipset/mnl.h b/include/libipset/mnl.h index c2b6d4c..0516ec7 100644 --- a/include/libipset/mnl.h +++ b/include/libipset/mnl.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_MNL_H diff --git a/include/libipset/nf_inet_addr.h b/include/libipset/nf_inet_addr.h index 0e0701e..6c94e15 100644 --- a/include/libipset/nf_inet_addr.h +++ b/include/libipset/nf_inet_addr.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_NF_INET_ADDR_H diff --git a/include/libipset/parse.h b/include/libipset/parse.h index 08f1089..9f64a70 100644 --- a/include/libipset/parse.h +++ b/include/libipset/parse.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_PARSE_H @@ -23,7 +23,7 @@ typedef int (*ipset_parsefn)(struct ipset_session *s, enum ipset_opt opt, const char *str); extern int ipset_parse_ether(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_port(struct ipset_session *session, enum ipset_opt opt, const char *str, const char *proto); @@ -35,23 +35,23 @@ extern int ipset_parse_tcp_port(struct ipset_session *session, extern int ipset_parse_single_tcp_port(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_proto(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_icmp(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_icmpv6(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_proto_port(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_family(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_ip(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_single_ip(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_net(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_range(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_netrange(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_iprange(struct ipset_session *session, @@ -63,31 +63,31 @@ extern int ipset_parse_ip4_single6(struct ipset_session *session, extern int ipset_parse_ip4_net6(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_name(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_before(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_after(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_setname(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_uint32(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_uint8(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_netmask(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_flag(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_typename(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_iface(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_output(struct ipset_session *session, - int opt, const char *str); + int opt, const char *str); extern int ipset_parse_ignored(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_elem(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_call_parser(struct ipset_session *session, const struct ipset_arg *arg, const char *str); diff --git a/include/libipset/pfxlen.h b/include/libipset/pfxlen.h index ba94dd9..58b4b4f 100644 --- a/include/libipset/pfxlen.h +++ b/include/libipset/pfxlen.h @@ -12,7 +12,7 @@ {.ip6 = { \ __constant_htonl(a), __constant_htonl(b), \ __constant_htonl(c), __constant_htonl(d), \ - }} + } } /* * This table works for both IPv4 and IPv6; diff --git a/include/libipset/print.h b/include/libipset/print.h index a3f5b95..1d537bd 100644 --- a/include/libipset/print.h +++ b/include/libipset/print.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_PRINT_H diff --git a/include/libipset/session.h b/include/libipset/session.h index 9301ccd..467bb2f 100644 --- a/include/libipset/session.h +++ b/include/libipset/session.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_SESSION_H @@ -21,10 +21,14 @@ struct ipset_session; struct ipset_data; struct ipset_handle; -extern struct ipset_data * ipset_session_data(const struct ipset_session *session); -extern struct ipset_handle * ipset_session_handle(const struct ipset_session *session); -extern const struct ipset_type * ipset_saved_type(const struct ipset_session *session); -extern void ipset_session_lineno(struct ipset_session *session, uint32_t lineno); +extern struct ipset_data * + ipset_session_data(const struct ipset_session *session); +extern struct ipset_handle * + ipset_session_handle(const struct ipset_session *session); +extern const struct ipset_type * + ipset_saved_type(const struct ipset_session *session); +extern void ipset_session_lineno(struct ipset_session *session, + uint32_t lineno); enum ipset_err_type { IPSET_ERROR, @@ -47,8 +51,8 @@ extern int ipset_session_report(struct ipset_session *session, }) extern void ipset_session_report_reset(struct ipset_session *session); -extern const char * ipset_session_error(const struct ipset_session *session); -extern const char * ipset_session_warning(const struct ipset_session *session); +extern const char *ipset_session_error(const struct ipset_session *session); +extern const char *ipset_session_warning(const struct ipset_session *session); #define ipset_session_data_set(session, opt, value) \ ipset_data_set(ipset_session_data(session), opt, value) @@ -93,7 +97,7 @@ extern int ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, typedef int (*ipset_outfn)(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); -extern struct ipset_session * ipset_session_init(ipset_outfn outfn); +extern struct ipset_session *ipset_session_init(ipset_outfn outfn); extern int ipset_session_fini(struct ipset_session *session); extern void ipset_debug_msg(const char *dir, void *buffer, int len); diff --git a/include/libipset/transport.h b/include/libipset/transport.h index b22e073..a9209cd 100644 --- a/include/libipset/transport.h +++ b/include/libipset/transport.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_TRANSPORT_H @@ -12,7 +12,7 @@ #include <libmnl/libmnl.h> /* mnl_cb_t */ -#include <libipset/linux_ip_set.h> /* enum ipset_cmd */ +#include <libipset/linux_ip_set.h> /* enum ipset_cmd */ struct ipset_handle; diff --git a/include/libipset/types.h b/include/libipset/types.h index d8973db..d3a0b4c 100644 --- a/include/libipset/types.h +++ b/include/libipset/types.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_TYPES_H @@ -97,13 +97,14 @@ extern int ipset_cache_swap(const char *from, const char *to); extern int ipset_cache_init(void); extern void ipset_cache_fini(void); -extern const struct ipset_type * ipset_type_get(struct ipset_session *session, - enum ipset_cmd cmd); -extern const struct ipset_type * ipset_type_check(struct ipset_session *session); +extern const struct ipset_type * + ipset_type_get(struct ipset_session *session, enum ipset_cmd cmd); +extern const struct ipset_type * + ipset_type_check(struct ipset_session *session); extern int ipset_type_add(struct ipset_type *type); -extern const struct ipset_type * ipset_types(void); -extern const char * ipset_typename_resolve(const char *str); +extern const struct ipset_type *ipset_types(void); +extern const char *ipset_typename_resolve(const char *str); extern bool ipset_match_typename(const char *str, const struct ipset_type *t); diff --git a/include/libipset/ui.h b/include/libipset/ui.h index b05b737..4c9a163 100644 --- a/include/libipset/ui.h +++ b/include/libipset/ui.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_UI_H diff --git a/include/libipset/utils.h b/include/libipset/utils.h index 2c88a83..df5b59e 100644 --- a/include/libipset/utils.h +++ b/include/libipset/utils.h @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #ifndef LIBIPSET_UTILS_H @@ -11,10 +11,10 @@ #include <netinet/in.h> /* struct in[6]_addr */ /* String equality tests */ -#define STREQ(a,b) (strcmp(a,b) == 0) -#define STRNEQ(a,b,n) (strncmp(a,b,n) == 0) -#define STRCASEQ(a,b) (strcasecmp(a,b) == 0) -#define STRNCASEQ(a,b,n) (strncasecmp(a,b,n) == 0) +#define STREQ(a, b) (strcmp(a, b) == 0) +#define STRNEQ(a, b, n) (strncmp(a, b, n) == 0) +#define STRCASEQ(a, b) (strcasecmp(a, b) == 0) +#define STRNCASEQ(a, b, n) (strncasecmp(a, b, n) == 0) /* Stringify tokens */ #define _STR(c) #c diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index e409173..3540c6e 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -331,7 +331,7 @@ struct ip_set { /* register and unregister set references */ extern ip_set_id_t ip_set_get_byname(const char *name, struct ip_set **set); extern void ip_set_put_byindex(ip_set_id_t index); -extern const char * ip_set_name_byindex(ip_set_id_t index); +extern const char *ip_set_name_byindex(ip_set_id_t index); extern ip_set_id_t ip_set_nfnl_get(const char *name); extern ip_set_id_t ip_set_nfnl_get_byindex(ip_set_id_t index); extern void ip_set_nfnl_put(ip_set_id_t index); @@ -349,7 +349,7 @@ extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb, const struct ip_set_adt_opt *opt); /* Utility functions */ -extern void * ip_set_alloc(size_t size); +extern void *ip_set_alloc(size_t size); extern void ip_set_free(void *members); extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr); extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr); @@ -359,7 +359,7 @@ ip_set_get_hostipaddr4(struct nlattr *nla, u32 *ipaddr) { __be32 ip; int ret = ip_set_get_ipaddr4(nla, &ip); - + if (ret) return ret; *ipaddr = ntohl(ip); diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h index 8a0999a..c5b06aa 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h @@ -43,7 +43,7 @@ struct htable { struct hbucket bucket[0]; /* hashtable buckets */ }; -#define hbucket(h, i) &((h)->bucket[i]) +#define hbucket(h, i) (&((h)->bucket[i])) /* Book-keeping of the prefixes added to the set */ struct ip_set_hash_nets { diff --git a/kernel/include/linux/netfilter/ipset/ip_set_timeout.h b/kernel/include/linux/netfilter/ipset/ip_set_timeout.h index bae086a..4792320 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_timeout.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_timeout.h @@ -78,7 +78,7 @@ ip_set_timeout_set(u32 timeout) static inline u32 ip_set_timeout_get(unsigned long timeout) { - return timeout == IPSET_ELEM_PERMANENT ? 0 : + return timeout == IPSET_ELEM_PERMANENT ? 0 : jiffies_to_msecs(timeout - jiffies)/1000; } diff --git a/kernel/include/linux/netfilter/ipset/pfxlen.h b/kernel/include/linux/netfilter/ipset/pfxlen.h index d55a6cc..199fd11 100644 --- a/kernel/include/linux/netfilter/ipset/pfxlen.h +++ b/kernel/include/linux/netfilter/ipset/pfxlen.h @@ -2,7 +2,7 @@ #define _PFXLEN_H #include <asm/byteorder.h> -#include <linux/netfilter.h> +#include <linux/netfilter.h> #include <net/tcp.h> /* Prefixlen maps, by Jan Engelhardt */ diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 51ab664..56096f5 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c @@ -635,7 +635,8 @@ static struct ip_set_type bitmap_ipmac_type = { }, .adt_policy = { [IPSET_ATTR_IP] = { .type = NLA_NESTED }, - [IPSET_ATTR_ETHER] = { .type = NLA_BINARY, .len = ETH_ALEN }, + [IPSET_ATTR_ETHER] = { .type = NLA_BINARY, + .len = ETH_ALEN }, [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, [IPSET_ATTR_LINENO] = { .type = NLA_U32 }, }, diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 297d03b..cb4abbb 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -688,8 +688,8 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb, if (attr[IPSET_ATTR_DATA] && nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA], set->type->create_policy)) { - ret = -IPSET_ERR_PROTOCOL; - goto put_out; + ret = -IPSET_ERR_PROTOCOL; + goto put_out; } ret = set->type->create(set, tb, flags); diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c index 050163f..2d4b1f4 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_net.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c @@ -187,7 +187,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], return -IPSET_ERR_TIMEOUT; timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); } - + if (adt == IPSET_TEST || !tb[IPSET_ATTR_IP_TO]) { data.ip = htonl(ip & ip_set_hostmask(data.cidr)); ret = adtfn(set, &data, timeout, flags); @@ -205,7 +205,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[], return -IPSET_ERR_HASH_RANGE; } if (retried) - ip = h->next.ip; + ip = h->next.ip; while (!after(ip, ip_to)) { data.ip = htonl(ip); last = ip_set_range_to_cidr(ip, ip_to, &data.cidr); diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c index 51e5df1..3d6c53b 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c @@ -100,7 +100,7 @@ iface_test(struct rb_root *root, const char **iface) while (n) { const char *d = iface_data(n); int res = ifname_compare(*iface, d); - + if (res < 0) n = n->rb_left; else if (res > 0) @@ -118,7 +118,7 @@ iface_add(struct rb_root *root, const char **iface) { struct rb_node **n = &(root->rb_node), *p = NULL; struct iface_node *d; - + while (*n) { char *ifname = iface_data(*n); int res = ifname_compare(*iface, ifname); @@ -296,10 +296,10 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb, if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { #ifdef CONFIG_BRIDGE_NETFILTER const struct nf_bridge_info *nf_bridge = skb->nf_bridge; - + if (!nf_bridge) return -EINVAL; - data.iface = SRCDIR ? PHYSDEV(physindev): PHYSDEV(physoutdev); + data.iface = SRCDIR ? PHYSDEV(physindev) : PHYSDEV(physoutdev); data.physdev = 1; #else data.iface = NULL; @@ -350,7 +350,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], if (tb[IPSET_ATTR_CIDR]) { data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); if (!data.cidr) - return -IPSET_ERR_INVALID_CIDR; + return -IPSET_ERR_INVALID_CIDR; } if (tb[IPSET_ATTR_TIMEOUT]) { @@ -359,7 +359,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); } - strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE])); + strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE])); data.iface = iface; ret = iface_test(&h->rbtree, &data.iface); if (adt == IPSET_ADD) { @@ -372,8 +372,8 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[], return ret; if (tb[IPSET_ATTR_CADT_FLAGS]) { - u32 flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); - if (flags & IPSET_FLAG_PHYSDEV) + u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); + if (cadt_flags & IPSET_FLAG_PHYSDEV) data.physdev = 1; } @@ -559,10 +559,10 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb, if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { #ifdef CONFIG_BRIDGE_NETFILTER const struct nf_bridge_info *nf_bridge = skb->nf_bridge; - + if (!nf_bridge) return -EINVAL; - data.iface = SRCDIR ? PHYSDEV(physindev): PHYSDEV(physoutdev); + data.iface = SRCDIR ? PHYSDEV(physindev) : PHYSDEV(physoutdev); data.physdev = 1; #else data.iface = NULL; @@ -623,7 +623,7 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[], timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); } - strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE])); + strcpy(iface, nla_data(tb[IPSET_ATTR_IFACE])); data.iface = iface; ret = iface_test(&h->rbtree, &data.iface); if (adt == IPSET_ADD) { @@ -636,8 +636,8 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[], return ret; if (tb[IPSET_ATTR_CADT_FLAGS]) { - u32 flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); - if (flags & IPSET_FLAG_PHYSDEV) + u32 cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]); + if (cadt_flags & IPSET_FLAG_PHYSDEV) data.physdev = 1; } diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c index d7710a9..fe203d1 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c @@ -199,7 +199,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], if (tb[IPSET_ATTR_CIDR]) { data.cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); if (!data.cidr) - return -IPSET_ERR_INVALID_CIDR; + return -IPSET_ERR_INVALID_CIDR; } if (tb[IPSET_ATTR_PORT]) diff --git a/kernel/net/netfilter/ipset/pfxlen.c b/kernel/net/netfilter/ipset/pfxlen.c index b57a856..bd13d66 100644 --- a/kernel/net/netfilter/ipset/pfxlen.c +++ b/kernel/net/netfilter/ipset/pfxlen.c @@ -148,7 +148,7 @@ const union nf_inet_addr ip_set_netmask_map[] = { EXPORT_SYMBOL_GPL(ip_set_netmask_map); #undef E -#define E(a, b, c, d) \ +#define E(a, b, c, d) \ {.ip6 = { (__force __be32) a, (__force __be32) b, \ (__force __be32) c, (__force __be32) d, \ } } diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c index 453847f..19461c4 100644 --- a/kernel/net/netfilter/xt_set.c +++ b/kernel/net/netfilter/xt_set.c @@ -37,7 +37,7 @@ match_set(ip_set_id_t index, const struct sk_buff *skb, return inv; } -#define ADT_OPT(n, f, d, fs, cfs, t) \ +#define ADT_OPT(n, f, d, fs, cfs, t) \ const struct ip_set_adt_opt n = { \ .family = f, \ .dim = d, \ @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -18,7 +18,7 @@ #include <libipset/utils.h> /* inXcpy */ #include <libipset/data.h> /* prototypes */ -/* Internal data structure to hold +/* Internal data structure to hold * a) input data entered by the user or * b) data received from kernel * @@ -174,7 +174,7 @@ ipset_data_ignored(struct ipset_data *data, enum ipset_opt opt) { bool ignored; assert(data); - + ignored = data->ignored & IPSET_FLAG(opt); data->ignored |= IPSET_FLAG(opt); @@ -329,7 +329,7 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) default: return -1; }; - + ipset_data_flags_set(data, IPSET_FLAG(opt)); return 0; } @@ -348,7 +348,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) { assert(data); assert(opt != IPSET_OPT_NONE); - + if (!(opt == IPSET_OPT_TYPENAME || ipset_data_test(data, opt))) return NULL; @@ -533,8 +533,8 @@ uint8_t ipset_data_cidr(const struct ipset_data *data) { assert(data); - return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : + return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : + data->family == AF_INET ? 32 : data->family == AF_INET6 ? 128 : 0; } diff --git a/lib/debug.c b/lib/debug.c index 5b97e6e..931b0c1 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -1,12 +1,12 @@ /* Copyright 2011 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <arpa/inet.h> /* inet_ntop */ -#include <libmnl/libmnl.h> /* libmnl backend */ +#include <libmnl/libmnl.h> /* libmnl backend */ struct ipset_attrname { const char *name; @@ -74,23 +74,24 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, uint32_t v; int i; - fprintf(stderr,"\t\t%s attributes:\n", policy == create_attrs ? "CREATE" : "ADT"); + fprintf(stderr, "\t\t%s attributes:\n", + policy == create_attrs ? "CREATE" : "ADT"); for (i = IPSET_ATTR_UNSPEC + 1; i <= max; i++) { if (!nla[i]) continue; switch (policy[i].type) { case MNL_TYPE_U8: - v = * (uint8_t *) mnl_attr_get_payload(nla[i]); + v = *(uint8_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", attr2name[i].name, v); break; case MNL_TYPE_U16: - v = * (uint16_t *) mnl_attr_get_payload(nla[i]); + v = *(uint16_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", attr2name[i].name, ntohs(v)); break; case MNL_TYPE_U32: - v = * (uint32_t *) mnl_attr_get_payload(nla[i]); + v = *(uint32_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", attr2name[i].name, ntohl(v)); break; @@ -104,18 +105,23 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, char addr[INET6_ADDRSTRLEN]; void *d; - if (mnl_attr_parse_nested(nla[i], ipaddr_attr_cb, ipattr) < 0) { - fprintf(stderr, "\t\tIPADDR: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(nla[i], ipaddr_attr_cb, + ipattr) < 0) { + fprintf(stderr, + "\t\tIPADDR: cannot validate " + "and parse attributes\n"); continue; } if (ipattr[IPSET_ATTR_IPADDR_IPV4]) { - d = mnl_attr_get_payload(ipattr[IPSET_ATTR_IPADDR_IPV4]); + d = mnl_attr_get_payload( + ipattr[IPSET_ATTR_IPADDR_IPV4]); inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { - d = mnl_attr_get_payload(ipattr[IPSET_ATTR_IPADDR_IPV6]); + d = mnl_attr_get_payload( + ipattr[IPSET_ATTR_IPADDR_IPV6]); inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", @@ -138,23 +144,23 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) uint32_t v; int i; - fprintf(stderr,"\tCommand attributes:\n"); + fprintf(stderr, "\tCommand attributes:\n"); for (i = IPSET_ATTR_UNSPEC + 1; i <= IPSET_ATTR_CMD_MAX; i++) { if (!nla[i]) continue; switch (cmd_attrs[i].type) { case MNL_TYPE_U8: - v = * (uint8_t *) mnl_attr_get_payload(nla[i]); + v = *(uint8_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t%s: %u\n", cmdattr2name[i].name, v); break; case MNL_TYPE_U16: - v = * (uint16_t *) mnl_attr_get_payload(nla[i]); + v = *(uint16_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t%s: %u\n", cmdattr2name[i].name, ntohs(v)); break; case MNL_TYPE_U32: - v = * (uint32_t *) mnl_attr_get_payload(nla[i]); + v = *(uint32_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t%s: %u\n", cmdattr2name[i].name, ntohl(v)); break; @@ -169,8 +175,11 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) case IPSET_CMD_ADD: case IPSET_CMD_DEL: case IPSET_CMD_TEST: - if (mnl_attr_parse_nested(nla[i], adt_attr_cb, adt) < 0) { - fprintf(stderr, "\tADT: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(nla[i], + adt_attr_cb, adt) < 0) { + fprintf(stderr, + "\tADT: cannot validate " + "and parse attributes\n"); continue; } debug_cadt_attrs(IPSET_ATTR_ADT_MAX, @@ -179,8 +188,12 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) adt); break; default: - if (mnl_attr_parse_nested(nla[i], create_attr_cb, cattr) < 0) { - fprintf(stderr, "\tCREATE: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(nla[i], + create_attr_cb, + cattr) < 0) { + fprintf(stderr, + "\tCREATE: cannot validate " + "and parse attributes\n"); continue; } debug_cadt_attrs(IPSET_ATTR_CREATE_MAX, @@ -192,15 +205,18 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) struct nlattr *tb; mnl_attr_for_each_nested(tb, nla[i]) { memset(adt, 0, sizeof(adt)); - if (mnl_attr_parse_nested(tb, adt_attr_cb, adt) < 0) { - fprintf(stderr, "\tADT: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(tb, + adt_attr_cb, adt) < 0) { + fprintf(stderr, + "\tADT: cannot validate " + "and parse attributes\n"); continue; } debug_cadt_attrs(IPSET_ATTR_ADT_MAX, adt_attrs, adtattr2name, adt); - } + } } break; default: @@ -227,8 +243,9 @@ ipset_debug_msg(const char *dir, void *buffer, int len) "\tlen %d\n" "\tseq %u\n", dir, - nlh->nlmsg_type == NLMSG_NOOP ? "NOOP" : - nlh->nlmsg_type == NLMSG_DONE ? "DONE" : "OVERRUN", + nlh->nlmsg_type == NLMSG_NOOP ? "NOOP" : + nlh->nlmsg_type == NLMSG_DONE ? "DONE" : + "OVERRUN", len, nlh->nlmsg_seq); goto next_msg; case NLMSG_ERROR: { @@ -257,8 +274,10 @@ ipset_debug_msg(const char *dir, void *buffer, int len) if (cmd <= IPSET_CMD_NONE || cmd >= IPSET_CMD_MAX) goto next_msg; memset(nla, 0, sizeof(nla)); - if (mnl_attr_parse(nlh, nfmsglen, cmd_attr_cb, nla) < MNL_CB_STOP) { - fprintf(stderr, "\tcannot validate and parse attributes\n"); + if (mnl_attr_parse(nlh, nfmsglen, + cmd_attr_cb, nla) < MNL_CB_STOP) { + fprintf(stderr, "\tcannot validate " + "and parse attributes\n"); goto next_msg; } debug_cmd_attrs(cmd, nla); @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/utils.h> /* STRNEQ */ @@ -49,19 +49,20 @@ static const struct icmp_names icmp_typecodes[] = { { "address-mask-reply", 18, 0 }, }; -const char * id_to_icmp(uint8_t id) +const char *id_to_icmp(uint8_t id) { return id < ARRAY_SIZE(icmp_typecodes) ? icmp_typecodes[id].name : NULL; } -const char * icmp_to_name(uint8_t type, uint8_t code) +const char *icmp_to_name(uint8_t type, uint8_t code) { unsigned int i; - + for (i = 0; i < ARRAY_SIZE(icmp_typecodes); i++) - if (icmp_typecodes[i].type == type && icmp_typecodes[i].code == code) + if (icmp_typecodes[i].type == type && + icmp_typecodes[i].code == code) return icmp_typecodes[i].name; - + return NULL; } @@ -71,9 +72,10 @@ int name_to_icmp(const char *str, uint16_t *typecode) for (i = 0; i < ARRAY_SIZE(icmp_typecodes); i++) if (STRNCASEQ(icmp_typecodes[i].name, str, strlen(str))) { - *typecode = (icmp_typecodes[i].type << 8) | icmp_typecodes[i].code; + *typecode = (icmp_typecodes[i].type << 8) | + icmp_typecodes[i].code; return 0; } - + return -1; } diff --git a/lib/icmpv6.c b/lib/icmpv6.c index 5ba93ca..82234da 100644 --- a/lib/icmpv6.c +++ b/lib/icmpv6.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/utils.h> /* STRNEQ */ @@ -36,19 +36,21 @@ static const struct icmpv6_names icmpv6_typecodes[] = { { "redirect", 137, 0 }, }; -const char * id_to_icmpv6(uint8_t id) +const char *id_to_icmpv6(uint8_t id) { - return id < ARRAY_SIZE(icmpv6_typecodes) ? icmpv6_typecodes[id].name : NULL; + return id < ARRAY_SIZE(icmpv6_typecodes) ? + icmpv6_typecodes[id].name : NULL; } -const char * icmpv6_to_name(uint8_t type, uint8_t code) +const char *icmpv6_to_name(uint8_t type, uint8_t code) { unsigned int i; - + for (i = 0; i < ARRAY_SIZE(icmpv6_typecodes); i++) - if (icmpv6_typecodes[i].type == type && icmpv6_typecodes[i].code == code) + if (icmpv6_typecodes[i].type == type && + icmpv6_typecodes[i].code == code) return icmpv6_typecodes[i].name; - + return NULL; } @@ -58,9 +60,10 @@ int name_to_icmpv6(const char *str, uint16_t *typecode) for (i = 0; i < ARRAY_SIZE(icmpv6_typecodes); i++) if (STRNCASEQ(icmpv6_typecodes[i].name, str, strlen(str))) { - *typecode = (icmpv6_typecodes[i].type << 8) | icmpv6_typecodes[i].code; + *typecode = (icmpv6_typecodes[i].type << 8) | + icmpv6_typecodes[i].code; return 0; } - + return -1; } @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -32,13 +32,16 @@ struct ipset_handle { /* Netlink flags of the commands */ static const uint16_t cmdflags[] = { - [IPSET_CMD_CREATE-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_CREATE|NLM_F_EXCL, + [IPSET_CMD_CREATE-1] = NLM_F_REQUEST|NLM_F_ACK| + NLM_F_CREATE|NLM_F_EXCL, [IPSET_CMD_DESTROY-1] = NLM_F_REQUEST|NLM_F_ACK, [IPSET_CMD_FLUSH-1] = NLM_F_REQUEST|NLM_F_ACK, [IPSET_CMD_RENAME-1] = NLM_F_REQUEST|NLM_F_ACK, [IPSET_CMD_SWAP-1] = NLM_F_REQUEST|NLM_F_ACK, - [IPSET_CMD_LIST-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, - [IPSET_CMD_SAVE-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, + [IPSET_CMD_LIST-1] = NLM_F_REQUEST|NLM_F_ACK| + NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, + [IPSET_CMD_SAVE-1] = NLM_F_REQUEST|NLM_F_ACK| + NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, [IPSET_CMD_ADD-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL, [IPSET_CMD_DEL-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL, [IPSET_CMD_TEST-1] = NLM_F_REQUEST|NLM_F_ACK, @@ -74,7 +77,7 @@ ipset_mnl_fill_hdr(struct ipset_handle *handle, enum ipset_cmd cmd, nlh->nlmsg_type = cmd | (NFNL_SUBSYS_IPSET << 8); nlh->nlmsg_flags = cmdflags[cmd - 1]; if (envflags & IPSET_ENV_EXIST) - nlh->nlmsg_flags &= ~NLM_F_EXCL; + nlh->nlmsg_flags &= ~NLM_F_EXCL; nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); nfg->nfgen_family = AF_INET; @@ -119,28 +122,28 @@ ipset_mnl_query(struct ipset_handle *handle, void *buffer, size_t len) static struct ipset_handle * ipset_mnl_init(mnl_cb_t *cb_ctl, void *data) -{ +{ struct ipset_handle *handle; - + assert(cb_ctl); assert(data); handle = calloc(1, sizeof(*handle)); if (!handle) return NULL; - + handle->h = mnl_socket_open(NETLINK_NETFILTER); if (!handle->h) goto free_handle; - + if (mnl_socket_bind(handle->h, 0, MNL_SOCKET_AUTOPID) < 0) goto close_nl; - + handle->portid = mnl_socket_get_portid(handle->h); handle->cb_ctl = cb_ctl; handle->data = data; handle->seq = time(NULL); - + return handle; close_nl: @@ -148,7 +151,7 @@ close_nl: free_handle: free(handle); - return NULL; + return NULL; } static int diff --git a/lib/parse.c b/lib/parse.c index 3d2a12b..2bb0601 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -44,21 +44,23 @@ static char * ipset_strchr(const char *str, const char *sep) { char *match; - + assert(str); assert(sep); - - for (; *sep != '\0'; sep++) - if ((match = strchr(str, sep[0])) != NULL - && str[0] != sep[0] - && str[strlen(str)-1] != sep[0]) + + for (; *sep != '\0'; sep++) { + match = strchr(str, sep[0]); + if (match != NULL && + str[0] != sep[0] && + str[strlen(str)-1] != sep[0]) return match; - + } + return NULL; } -/* - * Parser functions, shamelessly taken from iptables.c, ip6tables.c +/* + * Parser functions, shamelessly taken from iptables.c, ip6tables.c * and parser.c from libnetfilter_conntrack. */ @@ -67,7 +69,7 @@ ipset_strchr(const char *str, const char *sep) */ static int string_to_number_ll(struct ipset_session *session, - const char *str, + const char *str, unsigned long long min, unsigned long long max, unsigned long long *ret) @@ -114,7 +116,7 @@ string_to_cidr(struct ipset_session *session, const char *str, uint8_t min, uint8_t max, uint8_t *ret) { int err = string_to_u8(session, str, ret); - + if (!err && (*ret < min || *ret > max)) return syntax_err("'%s' is out of range %u-%u", str, min, max); @@ -165,7 +167,7 @@ ipset_parse_ether(struct ipset_session *session, { unsigned int i = 0; unsigned char ether[ETH_ALEN]; - + assert(session); assert(opt == IPSET_OPT_ETHER); assert(str); @@ -179,9 +181,9 @@ ipset_parse_ether(struct ipset_session *session, number = strtol(str + i * 3, &end, 16); - if (end == str + i * 3 + 2 - && (*end == ':' || *end == '\0') - && number >= 0 && number <= 255) + if (end == str + i * 3 + 2 && + (*end == ':' || *end == '\0') && + number >= 0 && number <= 255) ether[i] = number; else goto error; @@ -199,13 +201,13 @@ static int parse_portname(struct ipset_session *session, const char *str, uint16_t *port, const char *proto) { - struct servent *service; + struct servent *service = getservbyname(str, proto); - if ((service = getservbyname(str, proto)) != NULL) { + if (service != NULL) { *port = ntohs((uint16_t) service->s_port); return 0; } - + return syntax_err("cannot parse '%s' as a %s port", str, proto); } @@ -233,8 +235,8 @@ ipset_parse_port(struct ipset_session *session, assert(opt == IPSET_OPT_PORT || opt == IPSET_OPT_PORT_TO); assert(str); - if ((err = string_to_u16(session, str, &port)) == 0 - || (err = parse_portname(session, str, &port, proto)) == 0) + if ((err = string_to_u16(session, str, &port)) == 0 || + (err = parse_portname(session, str, &port, proto)) == 0) err = ipset_session_data_set(session, opt, &port); if (!err) @@ -352,7 +354,7 @@ ipset_parse_proto(struct ipset_session *session, assert(session); assert(opt == IPSET_OPT_PROTO); assert(str); - + protoent = getprotobyname(strcasecmp(str, "icmpv6") == 0 ? "ipv6-icmp" : str); if (protoent == NULL) @@ -361,7 +363,7 @@ ipset_parse_proto(struct ipset_session *session, proto = protoent->p_proto; if (!proto) return syntax_err("Unsupported protocol '%s'", str); - + return ipset_session_data_set(session, opt, &proto); } @@ -375,7 +377,7 @@ parse_icmp_typecode(struct ipset_session *session, uint8_t type, code; char *a, *saved, *tmp; int err; - + saved = tmp = strdup(str); if (tmp == NULL) return ipset_err(session, @@ -385,13 +387,14 @@ parse_icmp_typecode(struct ipset_session *session, if (a == NULL) { free(saved); return ipset_err(session, - "Cannot parse %s as an %s type/code.", str, family); + "Cannot parse %s as an %s type/code.", + str, family); } *a++ = '\0'; - if ((err = string_to_u8(session, a, &type)) != 0 - || (err = string_to_u8(session, tmp, &code)) != 0) - goto error; - + if ((err = string_to_u8(session, a, &type)) != 0 || + (err = string_to_u8(session, tmp, &code)) != 0) + goto error; + typecode = (type << 8) | code; err = ipset_session_data_set(session, opt, &typecode); @@ -497,7 +500,7 @@ ipset_parse_proto_port(struct ipset_session *session, err = ipset_parse_proto(session, IPSET_OPT_PROTO, tmp); if (err) goto error; - + p = *(const uint8_t *) ipset_data_get(data, IPSET_OPT_PROTO); switch (p) { case IPPROTO_TCP: @@ -509,28 +512,31 @@ ipset_parse_proto_port(struct ipset_session *session, goto parse_port; case IPPROTO_ICMP: if (family != AF_INET) { - syntax_err("Protocol ICMP can be used with family INET only"); + syntax_err("Protocol ICMP can be used " + "with family INET only"); goto error; } err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: if (family != AF_INET6) { - syntax_err("Protocol ICMPv6 can be used with family INET6 only"); + syntax_err("Protocol ICMPv6 can be used " + "with family INET6 only"); goto error; } err = ipset_parse_icmpv6(session, opt, a); break; default: if (!STREQ(a, "0")) { - syntax_err("Protocol %s can be used with pseudo port value 0 only."); + syntax_err("Protocol %s can be used " + "with pseudo port value 0 only."); goto error; } ipset_data_flags_set(data, IPSET_FLAG(opt)); } goto error; } else { - proto = "TCP"; + proto = "TCP"; err = ipset_data_set(data, IPSET_OPT_PROTO, &p); if (err) goto error; @@ -560,7 +566,7 @@ ipset_parse_family(struct ipset_session *session, { struct ipset_data *data; uint8_t family; - + assert(session); assert(opt == IPSET_OPT_FAMILY); assert(str); @@ -578,7 +584,7 @@ ipset_parse_family(struct ipset_session *session, family = AF_UNSPEC; else return syntax_err("unknown INET family %s", str); - + return ipset_data_set(data, opt, &family); } @@ -586,27 +592,27 @@ ipset_parse_family(struct ipset_session *session, * Parse IPv4/IPv6 addresses, networks and ranges. * We resolve hostnames but just the first IP address is used. */ - + static struct addrinfo * call_getaddrinfo(struct ipset_session *session, const char *str, uint8_t family) { struct addrinfo hints; - struct addrinfo *res; + struct addrinfo *res; int err; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; - hints.ai_family = family; - hints.ai_socktype = SOCK_RAW; - hints.ai_protocol = 0; - hints.ai_next = NULL; - - if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { - syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", - gai_strerror(err)); - return NULL; + hints.ai_family = family; + hints.ai_socktype = SOCK_RAW; + hints.ai_protocol = 0; + hints.ai_next = NULL; + + if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { + syntax_err("cannot resolve '%s' to an %s address: %s", + str, family == AF_INET6 ? "IPv6" : "IPv4", + gai_strerror(err)); + return NULL; } else return res; } @@ -618,10 +624,10 @@ get_addrinfo(struct ipset_session *session, struct addrinfo **info, uint8_t family) { - struct addrinfo *i; + struct addrinfo *i; size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); - int found, err = 0; + int found, err = 0; if ((*info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", @@ -634,13 +640,21 @@ get_addrinfo(struct ipset_session *session, continue; if (found == 0) { if (family == AF_INET) { - /* Workaround: direct cast increases required alignment on Sparc */ - const struct sockaddr_in *saddr = (void *)i->ai_addr; - err = ipset_session_data_set(session, opt, &saddr->sin_addr); + /* Workaround: direct cast increases + * required alignment on Sparc + */ + const struct sockaddr_in *saddr = + (void *)i->ai_addr; + err = ipset_session_data_set(session, + opt, &saddr->sin_addr); } else { - /* Workaround: direct cast increases required alignment on Sparc */ - const struct sockaddr_in6 *saddr = (void *)i->ai_addr; - err = ipset_session_data_set(session, opt, &saddr->sin6_addr); + /* Workaround: direct cast increases + * required alignment on Sparc + */ + const struct sockaddr_in6 *saddr = + (void *)i->ai_addr; + err = ipset_session_data_set(session, + opt, &saddr->sin6_addr); } } else if (found == 1) { ipset_warn(session, @@ -663,12 +677,12 @@ parse_ipaddr(struct ipset_session *session, enum ipset_opt opt, const char *str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; - int aerr = EINVAL, err = 0, range = 0; - char *saved = strdup(str); - char *a, *tmp = saved; - struct addrinfo *info; - enum ipset_opt copt, opt2; + uint8_t m = family == AF_INET ? 32 : 128; + int aerr = EINVAL, err = 0, range = 0; + char *saved = strdup(str); + char *a, *tmp = saved; + struct addrinfo *info; + enum ipset_opt copt, opt2; if (opt == IPSET_OPT_IP) { copt = IPSET_OPT_CIDR; @@ -686,8 +700,8 @@ parse_ipaddr(struct ipset_session *session, /* IP/mask */ *a++ = '\0'; - if ((err = string_to_cidr(session, a, 0, m, &m)) != 0 - || (err = ipset_session_data_set(session, copt, &m)) != 0) + if ((err = string_to_cidr(session, a, 0, m, &m)) != 0 || + (err = ipset_session_data_set(session, copt, &m)) != 0) goto out; } else if ((a = range_separator(tmp)) != NULL) { /* IP-IP */ @@ -695,8 +709,8 @@ parse_ipaddr(struct ipset_session *session, D("range %s", a); range++; } - if ((aerr = get_addrinfo(session, opt, tmp, &info, family)) != 0 - || !range) + if ((aerr = get_addrinfo(session, opt, tmp, &info, family)) != 0 || + !range) goto out; freeaddrinfo(info); aerr = get_addrinfo(session, opt2, a, &info, family); @@ -709,7 +723,7 @@ out: err = -1; free(saved); return err; -} +} enum ipaddr_type { IPADDR_ANY, @@ -722,7 +736,7 @@ static inline bool cidr_hostaddr(const char *str, uint8_t family) { char *a = cidr_separator(str); - + return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); } @@ -740,10 +754,10 @@ parse_ip(struct ipset_session *session, switch (addrtype) { case IPADDR_PLAIN: - if (range_separator(str) - || (cidr_separator(str) && !cidr_hostaddr(str, family))) - return syntax_err("plain IP address must be supplied: %s", - str); + if (range_separator(str) || + (cidr_separator(str) && !cidr_hostaddr(str, family))) + return syntax_err("plain IP address must be supplied: " + "%s", str); break; case IPADDR_NET: if (!cidr_separator(str) || range_separator(str)) @@ -796,7 +810,7 @@ ipset_parse_ip(struct ipset_session *session, * @opt: option kind of the data * @str: string to parse * - * Parse string as an IPv4|IPv6 address or hostname. If family + * Parse string as an IPv4|IPv6 address or hostname. If family * is not set yet in the data blob, INET is assumed. * The value is stored in the data blob of the session. * @@ -807,9 +821,9 @@ ipset_parse_single_ip(struct ipset_session *session, enum ipset_opt opt, const char *str) { assert(session); - assert(opt == IPSET_OPT_IP - || opt == IPSET_OPT_IP_TO - || opt == IPSET_OPT_IP2); + assert(opt == IPSET_OPT_IP || + opt == IPSET_OPT_IP_TO || + opt == IPSET_OPT_IP2); assert(str); return parse_ip(session, opt, str, IPADDR_PLAIN); @@ -821,7 +835,7 @@ ipset_parse_single_ip(struct ipset_session *session, * @opt: option kind of the data * @str: string to parse * - * Parse string as an IPv4|IPv6 address/cidr pattern. If family + * Parse string as an IPv4|IPv6 address/cidr pattern. If family * is not set yet in the data blob, INET is assumed. * The value is stored in the data blob of the session. * @@ -883,8 +897,8 @@ ipset_parse_netrange(struct ipset_session *session, assert(str); if (!(range_separator(str) || cidr_separator(str))) - return syntax_err("IP/cidr or IP-IP range must be specified: %s", - str); + return syntax_err("IP/cidr or IP-IP range must be specified: " + "%s", str); return parse_ip(session, opt, str, IPADDR_ANY); } @@ -910,8 +924,8 @@ ipset_parse_iprange(struct ipset_session *session, assert(str); if (cidr_separator(str)) - return syntax_err("IP address or IP-IP range must be specified: %s", - str); + return syntax_err("IP address or IP-IP range must be " + "specified: %s", str); return parse_ip(session, opt, str, IPADDR_ANY); } @@ -967,15 +981,15 @@ ipset_parse_ip4_single6(struct ipset_session *session, assert(session); assert(opt == IPSET_OPT_IP || opt == IPSET_OPT_IP2); assert(str); - + data = ipset_session_data(session); family = ipset_data_family(data); - + if (family == AF_UNSPEC) { family = AF_INET; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - + return family == AF_INET ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); @@ -1007,15 +1021,15 @@ ipset_parse_ip4_net6(struct ipset_session *session, assert(session); assert(opt == IPSET_OPT_IP || opt == IPSET_OPT_IP2); assert(str); - + data = ipset_session_data(session); family = ipset_data_family(data); - + if (family == AF_UNSPEC) { family = AF_INET; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - + return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); @@ -1050,8 +1064,8 @@ ipset_parse_iptimeout(struct ipset_session *session, if (ipset_data_flags_test(ipset_session_data(session), IPSET_FLAG(IPSET_OPT_TIMEOUT))) return syntax_err("mixed syntax, timeout already specified"); - - tmp = saved = strdup(str); + + tmp = saved = strdup(str); if (saved == NULL) return ipset_err(session, "Cannot allocate memory to duplicate %s.", @@ -1073,12 +1087,12 @@ ipset_parse_iptimeout(struct ipset_session *session, #define check_setname(str, saved) \ do { \ - if (strlen(str) > IPSET_MAXNAMELEN - 1) { \ - if (saved != NULL) \ - free(saved); \ - return syntax_err("setname '%s' is longer than %u characters", \ - str, IPSET_MAXNAMELEN - 1); \ - } \ + if (strlen(str) > IPSET_MAXNAMELEN - 1) { \ + if (saved != NULL) \ + free(saved); \ + return syntax_err("setname '%s' is longer than %u characters",\ + str, IPSET_MAXNAMELEN - 1); \ + } \ } while (0) @@ -1113,7 +1127,7 @@ ipset_parse_name_compat(struct ipset_session *session, if (ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_NAMEREF))) syntax_err("mixed syntax, before|after option already used"); - tmp = saved = strdup(str); + tmp = saved = strdup(str); if (saved == NULL) return ipset_err(session, "Cannot allocate memory to duplicate %s.", @@ -1123,8 +1137,8 @@ ipset_parse_name_compat(struct ipset_session *session, *a++ = '\0'; if ((b = elem_separator(a)) != NULL) *b++ = '\0'; - if (b == NULL - || !(STREQ(a, "before") || STREQ(a, "after"))) { + if (b == NULL || + !(STREQ(a, "before") || STREQ(a, "after"))) { err = ipset_err(session, "you must specify elements " "as setname%s[before|after]%ssetname", sep, sep); @@ -1165,9 +1179,9 @@ ipset_parse_setname(struct ipset_session *session, enum ipset_opt opt, const char *str) { assert(session); - assert(opt == IPSET_SETNAME - || opt == IPSET_OPT_NAME - || opt == IPSET_OPT_SETNAME2); + assert(opt == IPSET_SETNAME || + opt == IPSET_OPT_NAME || + opt == IPSET_OPT_SETNAME2); assert(str); check_setname(str, NULL); @@ -1253,13 +1267,13 @@ ipset_parse_uint32(struct ipset_session *session, { uint32_t value; int err; - + assert(session); assert(str); if ((err = string_to_u32(session, str, &value)) == 0) return ipset_session_data_set(session, opt, &value); - + return err; } @@ -1280,7 +1294,7 @@ ipset_parse_uint8(struct ipset_session *session, { uint8_t value; int err; - + assert(session); assert(str); @@ -1309,7 +1323,7 @@ ipset_parse_netmask(struct ipset_session *session, uint8_t family, cidr; struct ipset_data *data; int err = 0; - + assert(session); assert(opt == IPSET_OPT_NETMASK); assert(str); @@ -1322,7 +1336,7 @@ ipset_parse_netmask(struct ipset_session *session, } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, + family == AF_INET ? 1 : 4, family == AF_INET ? 31 : 124, &cidr); @@ -1351,7 +1365,7 @@ ipset_parse_flag(struct ipset_session *session, enum ipset_opt opt, const char *str UNUSED) { assert(session); - + return ipset_session_data_set(session, opt, NULL); } @@ -1391,7 +1405,7 @@ ipset_parse_typename(struct ipset_session *session, if (type == NULL) return -1; - + return ipset_session_data_set(session, IPSET_OPT_TYPE, type); } @@ -1423,7 +1437,8 @@ ipset_parse_iface(struct ipset_session *session, err = ipset_data_set(data, IPSET_OPT_PHYSDEV, str); } if (strlen(str + offset) > IFNAMSIZ - 1) - return syntax_err("interface name '%s' is longer than %u characters", + return syntax_err("interface name '%s' is longer " + "than %u characters", str + offset, IFNAMSIZ - 1); return ipset_data_set(data, opt, str + offset); @@ -1477,7 +1492,8 @@ ipset_parse_ignored(struct ipset_session *session, if (!ipset_data_ignored(ipset_session_data(session), opt)) ipset_warn(session, - "Option %s is ignored. Please upgrade your syntax.", str); + "Option %s is ignored. " + "Please upgrade your syntax.", str); return 0; } @@ -1508,7 +1524,7 @@ ipset_call_parser(struct ipset_session *session, } #define parse_elem(s, t, d, str) \ -do { \ +do { \ if (!(t)->elem[d].parse) \ goto internal; \ ret = (t)->elem[d].parse(s, (t)->elem[d].opt, str); \ @@ -1566,8 +1582,8 @@ ipset_parse_elem(struct ipset_session *session, } else if (a != NULL) { if (type->compat_parse_elem) { ret = type->compat_parse_elem(session, - type->elem[IPSET_DIM_ONE].opt, - saved); + type->elem[IPSET_DIM_ONE].opt, + saved); goto out; } elem_syntax_err("Elem separator in %s, " diff --git a/lib/print.c b/lib/print.c index bcccd3f..6452ab5 100644 --- a/lib/print.c +++ b/lib/print.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -54,15 +54,15 @@ ipset_print_ether(char *buf, unsigned int len, { const unsigned char *ether; int i, size, offset = 0; - + assert(buf); assert(len > 0); assert(data); assert(opt == IPSET_OPT_ETHER); - + if (len < ETH_ALEN*3) return -1; - + ether = ipset_data_get(data, opt); assert(ether); @@ -72,7 +72,7 @@ ipset_print_ether(char *buf, unsigned int len, size = snprintf(buf + offset, len, ":%02X", ether[i]); SNPRINTF_FAILURE(size, len, offset); } - + return offset; } @@ -139,35 +139,60 @@ ipset_print_type(char *buf, unsigned int len, assert(type); if (len < strlen(type->name) + 1) return -1; - + return snprintf(buf, len, "%s", type->name); } -#define GETNAMEINFO(family, f, n) \ -static inline int \ -__getnameinfo##f(char *buf, unsigned int len, \ - int flags, const union nf_inet_addr *addr) \ -{ \ - struct sockaddr_in##n saddr; \ - int err; \ - \ - memset(&saddr, 0, sizeof(saddr)); \ - in##f##cpy(&saddr.sin##n##_addr, &addr->in##n); \ - saddr.sin##n##_family = family; \ - \ - err = getnameinfo((const struct sockaddr *)&saddr, \ - sizeof(saddr), \ - buf, len, NULL, 0, flags); \ - \ - if (!(flags & NI_NUMERICHOST) && \ - (err == EAI_AGAIN || (err == 0 && strchr(buf, '-') != NULL))) \ - err = getnameinfo((const struct sockaddr *)&saddr, \ - sizeof(saddr), \ - buf, len, NULL, 0, \ - flags | NI_NUMERICHOST); \ - D("getnameinfo err: %i, errno %i", err, errno); \ - return (err == 0 ? (int)strlen(buf) : \ - (err == EAI_OVERFLOW || err == EAI_SYSTEM) ? (int)len : -1);\ +static inline int +__getnameinfo4(char *buf, unsigned int len, + int flags, const union nf_inet_addr *addr) +{ + struct sockaddr_in saddr; + int err; + + memset(&saddr, 0, sizeof(saddr)); + in4cpy(&saddr.sin_addr, &addr->in); + saddr.sin_family = AF_INET; + + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, flags); + + if (!(flags & NI_NUMERICHOST) && + (err == EAI_AGAIN || (err == 0 && strchr(buf, '-') != NULL))) + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, + flags | NI_NUMERICHOST); + D("getnameinfo err: %i, errno %i", err, errno); + return (err == 0 ? (int)strlen(buf) : + (err == EAI_OVERFLOW || err == EAI_SYSTEM) ? (int)len : -1); +} + +static inline int +__getnameinfo6(char *buf, unsigned int len, + int flags, const union nf_inet_addr *addr) +{ + struct sockaddr_in6 saddr; + int err; + + memset(&saddr, 0, sizeof(saddr)); + in6cpy(&saddr.sin6_addr, &addr->in6); + saddr.sin6_family = AF_INET6; + + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, flags); + + if (!(flags & NI_NUMERICHOST) && + (err == EAI_AGAIN || (err == 0 && strchr(buf, '-') != NULL))) + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, + flags | NI_NUMERICHOST); + D("getnameinfo err: %i, errno %i", err, errno); + return (err == 0 ? (int)strlen(buf) : + (err == EAI_OVERFLOW || err == EAI_SYSTEM) ? (int)len : -1); } #define SNPRINTF_IP(mask, f) \ @@ -190,10 +215,8 @@ snprintf_ipv##f(char *buf, unsigned int len, int flags, \ return offset; \ } -GETNAMEINFO(AF_INET, 4, ) SNPRINTF_IP(32, 4) -GETNAMEINFO(AF_INET6, 6, 6) SNPRINTF_IP(128, 6) /** @@ -232,7 +255,7 @@ ipset_print_ip(char *buf, unsigned int len, } else cidr = family == AF_INET6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; - + ip = ipset_data_get(data, opt); assert(ip); if (family == AF_INET) @@ -258,8 +281,8 @@ ipset_print_ip(char *buf, unsigned int len, size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; - - SNPRINTF_FAILURE(size, len, offset); + + SNPRINTF_FAILURE(size, len, offset); return offset; } @@ -288,9 +311,9 @@ ipset_print_ipaddr(char *buf, unsigned int len, assert(buf); assert(len > 0); assert(data); - assert(opt == IPSET_OPT_IP - || opt == IPSET_OPT_IP_TO - || opt == IPSET_OPT_IP2); + assert(opt == IPSET_OPT_IP || + opt == IPSET_OPT_IP_TO || + opt == IPSET_OPT_IP2); family = ipset_data_family(data); cidropt = opt == IPSET_OPT_IP ? IPSET_OPT_CIDR : IPSET_OPT_CIDR2; @@ -333,7 +356,7 @@ ipset_print_number(char *buf, unsigned int len, assert(buf); assert(len > 0); assert(data); - + number = ipset_data_get(data, opt); maxsize = ipset_data_sizeof(opt, AF_INET); D("opt: %u, maxsize %zu", opt, maxsize); @@ -380,7 +403,7 @@ ipset_print_name(char *buf, unsigned int len, name = ipset_data_get(data, opt); assert(name); size = snprintf(buf, len, "%s", name); - SNPRINTF_FAILURE(size, len, offset); + SNPRINTF_FAILURE(size, len, offset); if (ipset_data_test(data, IPSET_OPT_NAMEREF)) { bool before = false; @@ -390,10 +413,10 @@ ipset_print_name(char *buf, unsigned int len, before = (*flags) & IPSET_FLAG_BEFORE; } size = snprintf(buf + offset, len, - " %s %s", before ? "before" : "after", - (const char *) ipset_data_get(data, - IPSET_OPT_NAMEREF)); - SNPRINTF_FAILURE(size, len, offset); + " %s %s", before ? "before" : "after", + (const char *) ipset_data_get(data, + IPSET_OPT_NAMEREF)); + SNPRINTF_FAILURE(size, len, offset); } return offset; @@ -431,13 +454,13 @@ ipset_print_port(char *buf, unsigned int len, port = ipset_data_get(data, IPSET_OPT_PORT); assert(port); size = snprintf(buf, len, "%u", *port); - SNPRINTF_FAILURE(size, len, offset); - + SNPRINTF_FAILURE(size, len, offset); + if (ipset_data_test(data, IPSET_OPT_PORT_TO)) { port = ipset_data_get(data, IPSET_OPT_PORT_TO); size = snprintf(buf + offset, len, - "%s%u", - IPSET_RANGE_SEPARATOR, *port); + "%s%u", + IPSET_RANGE_SEPARATOR, *port); SNPRINTF_FAILURE(size, len, offset); } @@ -479,7 +502,7 @@ ipset_print_iface(char *buf, unsigned int len, name = ipset_data_get(data, opt); assert(name); size = snprintf(buf, len, "%s", name); - SNPRINTF_FAILURE(size, len, offset); + SNPRINTF_FAILURE(size, len, offset); return offset; } @@ -511,12 +534,12 @@ ipset_print_proto(char *buf, unsigned int len, proto = *(const uint8_t *) ipset_data_get(data, IPSET_OPT_PROTO); assert(proto); - + protoent = getprotobynumber(proto); if (protoent) return snprintf(buf, len, "%s", protoent->p_name); - /* Should not happen */ + /* Should not happen */ return snprintf(buf, len, "%u", proto); } @@ -551,7 +574,8 @@ ipset_print_icmp(char *buf, unsigned int len, if (name != NULL) return snprintf(buf, len, "%s", name); else - return snprintf(buf, len, "%u/%u", typecode >> 8, typecode & 0xFF); + return snprintf(buf, len, "%u/%u", + typecode >> 8, typecode & 0xFF); } /** @@ -585,7 +609,8 @@ ipset_print_icmpv6(char *buf, unsigned int len, if (name != NULL) return snprintf(buf, len, "%s", name); else - return snprintf(buf, len, "%u/%u", typecode >> 8, typecode & 0xFF); + return snprintf(buf, len, "%u/%u", + typecode >> 8, typecode & 0xFF); } /** @@ -614,8 +639,8 @@ ipset_print_proto_port(char *buf, unsigned int len, assert(opt == IPSET_OPT_PORT); if (ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_PROTO))) { - uint8_t proto = *(const uint8_t *) ipset_data_get(data, - IPSET_OPT_PROTO); + uint8_t proto = *(const uint8_t *) ipset_data_get(data, + IPSET_OPT_PROTO); size = ipset_print_proto(buf, len, data, IPSET_OPT_PROTO, env); SNPRINTF_FAILURE(size, len, offset); if (len < 2) @@ -641,16 +666,16 @@ ipset_print_proto_port(char *buf, unsigned int len, } size = ipset_print_port(buf + offset, len, data, IPSET_OPT_PORT, env); SNPRINTF_FAILURE(size, len, offset); - + return offset; } #define print_second(data) \ ipset_data_flags_test(data, \ - IPSET_FLAG(IPSET_OPT_PORT)|IPSET_FLAG(IPSET_OPT_ETHER)) + IPSET_FLAG(IPSET_OPT_PORT)|IPSET_FLAG(IPSET_OPT_ETHER)) #define print_third(data) \ -ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_IP2)) +ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_IP2)) /** * ipset_print_elem - print ADT elem according to settype @@ -679,25 +704,25 @@ ipset_print_elem(char *buf, unsigned int len, type = ipset_data_get(data, IPSET_OPT_TYPE); if (!type) return -1; - + size = type->elem[IPSET_DIM_ONE].print(buf, len, data, type->elem[IPSET_DIM_ONE].opt, env); SNPRINTF_FAILURE(size, len, offset); IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt), "print second elem"); - if (type->dimension == IPSET_DIM_ONE - || (type->last_elem_optional - && !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt))) + if (type->dimension == IPSET_DIM_ONE || + (type->last_elem_optional && + !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt))) return offset; - + size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); SNPRINTF_FAILURE(size, len, offset); size = type->elem[IPSET_DIM_TWO].print(buf + offset, len, data, type->elem[IPSET_DIM_TWO].opt, env); SNPRINTF_FAILURE(size, len, offset); - if (type->dimension == IPSET_DIM_TWO - || (type->last_elem_optional - && !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt))) + if (type->dimension == IPSET_DIM_TWO || + (type->last_elem_optional && + !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt))) return offset; size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); @@ -725,7 +750,7 @@ int ipset_print_flag(char *buf UNUSED, unsigned int len UNUSED, const struct ipset_data *data UNUSED, enum ipset_opt opt UNUSED, uint8_t env UNUSED) -{ +{ return 0; } @@ -790,6 +815,6 @@ ipset_print_data(char *buf, unsigned int len, return -1; } SNPRINTF_FAILURE(size, len, offset); - + return offset; } diff --git a/lib/session.c b/lib/session.c index 93d33ff..9e36efd 100644 --- a/lib/session.c +++ b/lib/session.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -198,14 +198,14 @@ ipset_session_output(struct ipset_session *session, * * Returns -1. */ -int __attribute__((format(printf,3,4))) +int __attribute__((format(printf, 3, 4))) ipset_session_report(struct ipset_session *session, - enum ipset_err_type type, + enum ipset_err_type type, const char *fmt, ...) { int len, offset = 0; va_list args; - + assert(session); assert(fmt); @@ -214,13 +214,13 @@ ipset_session_report(struct ipset_session *session, session->lineno); } offset = strlen(session->report); - + va_start(args, fmt); len = vsnprintf(session->report + offset, - IPSET_ERRORBUFLEN - 1 - offset, - fmt, args); + IPSET_ERRORBUFLEN - 1 - offset, + fmt, args); va_end(args); - + if (len >= IPSET_ERRORBUFLEN - 1 - offset) session->report[IPSET_ERRORBUFLEN - 1] = '\0'; if (strlen(session->report) < IPSET_ERRORBUFLEN - 1) @@ -501,7 +501,7 @@ generic_data_attr_cb(const struct nlattr *attr, void *data, { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); - + IF_D(debug, "attr type: %u, len %u", type, attr->nla_len); if (mnl_attr_type_valid(attr, attr_max) < 0) { IF_D(debug, "attr type: %u INVALID", type); @@ -512,9 +512,9 @@ generic_data_attr_cb(const struct nlattr *attr, void *data, mnl_attr_get_payload_len(attr)); return MNL_CB_ERROR; } - if (policy[type].type == MNL_TYPE_NUL_STRING - && mnl_attr_get_payload_len(attr) > IPSET_MAXNAMELEN) - return MNL_CB_ERROR; + if (policy[type].type == MNL_TYPE_NUL_STRING && + mnl_attr_get_payload_len(attr) > IPSET_MAXNAMELEN) + return MNL_CB_ERROR; tb[type] = attr; return MNL_CB_OK; } @@ -598,7 +598,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], switch (attr->type) { case MNL_TYPE_U32: { uint32_t value; - + value = ntohl(*(const uint32_t *)d); d = &value; @@ -606,7 +606,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], } case MNL_TYPE_U16: { uint16_t value; - + value = ntohs(*(const uint16_t *)d); d = &value; @@ -617,15 +617,15 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], } } #ifdef IPSET_DEBUG - if (type == IPSET_ATTR_TYPENAME) + if (type == IPSET_ATTR_TYPENAME) D("nla typename %s", (const char *) d); #endif ret = ipset_data_set(data, attr->opt, d); #ifdef IPSET_DEBUG - if (type == IPSET_ATTR_TYPENAME) + if (type == IPSET_ATTR_TYPENAME) D("nla typename %s", (const char *) ipset_data_get(data, IPSET_OPT_TYPENAME)); -#endif +#endif return ret; } @@ -654,16 +654,16 @@ static inline int call_outfn(struct ipset_session *session) { int ret = session->outfn("%s", session->outbuf); - + session->outbuf[0] = '\0'; - + return ret < 0 ? ret : 0; } /* Handle printing failures */ static jmp_buf printf_failure; -static int __attribute__((format(printf,2,3))) +static int __attribute__((format(printf, 2, 3))) safe_snprintf(struct ipset_session *session, const char *fmt, ...) { va_list args; @@ -676,7 +676,7 @@ retry: ret = vsnprintf(session->outbuf + len, IPSET_OUTBUFLEN - len, fmt, args); va_end(args); - + if (ret < 0) { ipset_err(session, "Internal error at printing to output buffer"); @@ -710,7 +710,7 @@ retry: D("len: %u, retry %u", len, loop); ret = fn(session->outbuf + len, IPSET_OUTBUFLEN - len, session->data, opt, session->envopts); - + if (ret < 0) { ipset_err(session, "Internal error at printing to output buffer"); @@ -732,7 +732,7 @@ retry: } return ret; } - + static int list_adt(struct ipset_session *session, struct nlattr *nla[]) { @@ -742,7 +742,7 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) uint8_t family; int i, found = 0; - D("enter"); + D("enter"); /* Check and load type, family */ if (!ipset_data_test(data, IPSET_OPT_TYPE)) type = ipset_type_get(session, IPSET_CMD_ADD); @@ -773,7 +773,7 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) default: break; } - + safe_dprintf(session, ipset_print_elem, IPSET_OPT_ELEM); for (arg = type->args[IPSET_ADD]; arg != NULL && arg->print; arg++) { @@ -804,7 +804,7 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) break; } } - + if (session->mode == IPSET_LIST_XML) safe_snprintf(session, "</member>\n"); else @@ -863,10 +863,10 @@ list_create(struct ipset_session *session, struct nlattr *nla[]) } for (arg = type->args[IPSET_CREATE]; arg != NULL && arg->opt; arg++) { - if (!arg->print - || !ipset_data_test(data, arg->opt) - || (arg->opt == IPSET_OPT_FAMILY - && family == type->family)) + if (!arg->print || + !ipset_data_test(data, arg->opt) || + (arg->opt == IPSET_OPT_FAMILY && + family == type->family)) continue; switch (session->mode) { case IPSET_LIST_SAVE: @@ -979,15 +979,15 @@ callback_list(struct ipset_session *session, struct nlattr *nla[], if (STREQ(ipset_data_setname(data), session->saved_setname)) { /* Header part already seen */ - if (ipset_data_test(data, IPSET_OPT_TYPE) - && nla[IPSET_ATTR_DATA] != NULL) + if (ipset_data_test(data, IPSET_OPT_TYPE) && + nla[IPSET_ATTR_DATA] != NULL) FAILURE("Broken %s kernel message: " "extra DATA received!", cmd2name[cmd]); } else { if (nla[IPSET_ATTR_DATA] == NULL) FAILURE("Broken %s kernel message: " "missing DATA part!", cmd2name[cmd]); - + /* Close previous set printing */ if (session->saved_setname[0] != '\0') print_set_done(session); @@ -996,13 +996,14 @@ callback_list(struct ipset_session *session, struct nlattr *nla[], if (nla[IPSET_ATTR_DATA] != NULL) { struct nlattr *cattr[IPSET_ATTR_CREATE_MAX+1] = {}; - if (!(nla[IPSET_ATTR_TYPENAME] - && nla[IPSET_ATTR_FAMILY] - && nla[IPSET_ATTR_REVISION])) + if (!(nla[IPSET_ATTR_TYPENAME] && + nla[IPSET_ATTR_FAMILY] && + nla[IPSET_ATTR_REVISION])) FAILURE("Broken %s kernel message: missing %s!", cmd2name[cmd], - !nla[IPSET_ATTR_TYPENAME] ? "typename" : - !nla[IPSET_ATTR_FAMILY] ? "family" : "revision"); + !nla[IPSET_ATTR_TYPENAME] ? "typename" : + !nla[IPSET_ATTR_FAMILY] ? "family" : + "revision"); /* Reset CREATE specific flags */ ipset_data_flags_unset(data, IPSET_CREATE_FLAGS); @@ -1025,7 +1026,7 @@ callback_list(struct ipset_session *session, struct nlattr *nla[], return MNL_CB_ERROR; strcpy(session->saved_setname, ipset_data_setname(data)); } - + if (nla[IPSET_ATTR_ADT] != NULL) { struct nlattr *tb, *adt[IPSET_ATTR_ADT_MAX+1]; @@ -1057,7 +1058,7 @@ static int callback_version(struct ipset_session *session, struct nlattr *nla[]) { uint8_t min, max; - + min = max = mnl_attr_get_u8(nla[IPSET_ATTR_PROTOCOL]); if (nla[IPSET_ATTR_PROTOCOL_MIN]) { @@ -1071,8 +1072,8 @@ callback_version(struct ipset_session *session, struct nlattr *nla[]) "while userspace supports protocol versions %u-%u", min, max, IPSET_PROTOCOL_MIN, IPSET_PROTOCOL_MAX); - if (!(session->envopts & IPSET_ENV_QUIET) - && max != IPSET_PROTOCOL_MAX) + if (!(session->envopts & IPSET_ENV_QUIET) && + max != IPSET_PROTOCOL_MAX) ipset_warn(session, "Kernel support protocol versions %u-%u " "while userspace supports protocol versions %u-%u", @@ -1088,7 +1089,7 @@ callback_header(struct ipset_session *session, struct nlattr *nla[]) { const char *setname; const struct ipset_data *data = session->data; - + if (!nla[IPSET_ATTR_SETNAME]) FAILURE("Broken HEADER kernel message: missing setname!"); @@ -1097,10 +1098,10 @@ callback_header(struct ipset_session *session, struct nlattr *nla[]) FAILURE("Broken HEADER kernel message: sent setname `%s' " "does not match with received one `%s'!", ipset_data_setname(data), setname); - - if (!(nla[IPSET_ATTR_TYPENAME] - && nla[IPSET_ATTR_REVISION] - && nla[IPSET_ATTR_FAMILY])) + + if (!(nla[IPSET_ATTR_TYPENAME] && + nla[IPSET_ATTR_REVISION] && + nla[IPSET_ATTR_FAMILY])) FAILURE("Broken HEADER kernel message: " "missing attribute '%s'!", !nla[IPSET_ATTR_TYPENAME] ? "typename" : @@ -1120,10 +1121,10 @@ callback_type(struct ipset_session *session, struct nlattr *nla[]) { const struct ipset_data *data = session->data; const char *typename, *orig; - - if (!(nla[IPSET_ATTR_TYPENAME] - && nla[IPSET_ATTR_REVISION] - && nla[IPSET_ATTR_FAMILY])) + + if (!(nla[IPSET_ATTR_TYPENAME] && + nla[IPSET_ATTR_REVISION] && + nla[IPSET_ATTR_FAMILY])) FAILURE("Broken TYPE kernel message: " "missing attribute '%s'!", !nla[IPSET_ATTR_TYPENAME] ? "typename" : @@ -1136,7 +1137,7 @@ callback_type(struct ipset_session *session, struct nlattr *nla[]) FAILURE("Broken TYPE kernel message: sent typename `%s' " "does not match with received one `%s'!", orig, typename); - + ATTR2DATA(session, nla, IPSET_ATTR_TYPENAME, cmd_attrs); ATTR2DATA(session, nla, IPSET_ATTR_REVISION, cmd_attrs); ATTR2DATA(session, nla, IPSET_ATTR_FAMILY, cmd_attrs); @@ -1160,7 +1161,7 @@ mnl_attr_parse_dbg(const struct nlmsghdr *nlh, int offset, int ret = MNL_CB_OK; struct nlattr *attr = mnl_nlmsg_get_payload_offset(nlh, offset); int len = nlh->nlmsg_len - MNL_NLMSG_HDRLEN - MNL_ALIGN(offset); - + while (mnl_attr_ok(attr, len)) { D("attr: type %u, attrlen %u, len %u", mnl_attr_get_type(attr), attr->nla_len, len); @@ -1179,7 +1180,7 @@ callback_data(const struct nlmsghdr *nlh, void *data) struct nlattr *nla[IPSET_ATTR_CMD_MAX+1] = {}; uint8_t proto, cmd; int ret = MNL_CB_OK, nfmsglen = MNL_ALIGN(sizeof(struct nfgenmsg)); - + D("called, nlmsg_len %u", nlh->nlmsg_len); cmd = ipset_get_nlmsg_type(nlh); if (cmd == IPSET_CMD_LIST && session->cmd == IPSET_CMD_SAVE) @@ -1199,8 +1200,8 @@ callback_data(const struct nlmsghdr *nlh, void *data) if (!nla[IPSET_ATTR_PROTOCOL]) FAILURE("Sad, sad day: kernel message %s " - "does not carry the protocol version.", - cmd2name[cmd]); + "does not carry the protocol version.", + cmd2name[cmd]); proto = mnl_attr_get_u8(nla[IPSET_ATTR_PROTOCOL]); @@ -1245,8 +1246,8 @@ callback_done(const struct nlmsghdr *nlh UNUSED, void *data) D(" called"); if (session->cmd == IPSET_CMD_LIST || session->cmd == IPSET_CMD_SAVE) - return print_set_done(session); - + return print_set_done(session); + FAILURE("Invalid message received in non LIST or SAVE state."); } @@ -1258,10 +1259,10 @@ decode_errmsg(struct ipset_session *session, const struct nlmsghdr *nlh) struct nlattr *nla[IPSET_ATTR_CMD_MAX+1] = {}; enum ipset_cmd cmd; int nfmsglen = MNL_ALIGN(sizeof(struct nfgenmsg)); - - if (nlh->nlmsg_len < (uint32_t) MNL_ALIGN(sizeof(struct nlmsgerr)) - || nlh->nlmsg_len < MNL_ALIGN(sizeof(struct nlmsgerr)) - + msg->nlmsg_len) + + if (nlh->nlmsg_len < (uint32_t) MNL_ALIGN(sizeof(struct nlmsgerr)) || + nlh->nlmsg_len < MNL_ALIGN(sizeof(struct nlmsgerr)) + + msg->nlmsg_len) FAILURE("Broken error report message received."); cmd = ipset_get_nlmsg_type(msg); @@ -1281,15 +1282,15 @@ decode_errmsg(struct ipset_session *session, const struct nlmsghdr *nlh) FAILURE("Broken %s error report message: " "missing protocol attribute", cmd2name[cmd]); - + if (nla[IPSET_ATTR_LINENO]) { session->lineno = mnl_attr_get_u32(nla[IPSET_ATTR_LINENO]); if (nla[IPSET_ATTR_LINENO]->nla_type & NLA_F_NET_BYTEORDER) session->lineno = ntohl(session->lineno); } - + return ipset_errcode(session, cmd, -err->error); -} +} static int callback_error(const struct nlmsghdr *nlh, void *cbdata) @@ -1322,16 +1323,20 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) break; case IPSET_CMD_RENAME: ipset_cache_rename(ipset_data_setname(data), - ipset_data_get(data, IPSET_OPT_SETNAME2)); + ipset_data_get(data, + IPSET_OPT_SETNAME2)); break; case IPSET_CMD_SWAP: ipset_cache_swap(ipset_data_setname(data), - ipset_data_get(data, IPSET_OPT_SETNAME2)); + ipset_data_get(data, + IPSET_OPT_SETNAME2)); break; case IPSET_CMD_TEST: if (!(session->envopts & IPSET_ENV_QUIET)) { - ipset_print_elem(session->report, IPSET_ERRORBUFLEN, - session->data, IPSET_OPT_NONE, 0); + ipset_print_elem(session->report, + IPSET_ERRORBUFLEN, + session->data, + IPSET_OPT_NONE, 0); ipset_warn(session, " is in set %s.", ipset_data_setname(data)); } @@ -1345,7 +1350,8 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) print_set_done(session); break; default: - FAILURE("ACK message received to command %s[%u], which is not expected", + FAILURE("ACK message received to command %s[%u], " + "which is not expected", session->cmd < IPSET_MSG_MAX ? cmd2name[session->cmd] : "unknown", session->cmd); @@ -1355,10 +1361,10 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) D("nlmsgerr error: %u", -err->error); /* Error messages */ - + /* Special case for IPSET_CMD_TEST */ - if (session->cmd == IPSET_CMD_TEST - && err->error == -IPSET_ERR_EXIST) { + if (session->cmd == IPSET_CMD_TEST && + err->error == -IPSET_ERR_EXIST) { if (!(session->envopts & IPSET_ENV_QUIET)) { ipset_print_elem(session->report, IPSET_ERRORBUFLEN, session->data, IPSET_OPT_NONE, 0); @@ -1369,7 +1375,7 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) } decode_errmsg(session, nlh); - + return ret; } @@ -1423,7 +1429,8 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags) } #define BUFFER_FULL(bufsize, nlmsg_len, nestlen, attrlen) \ -(nlmsg_len + nestlen + MNL_ATTR_HDRLEN + MNL_ALIGN(alen) + MNL_ALIGN(sizeof(struct nlmsgerr)) > bufsize) +(nlmsg_len + nestlen + MNL_ATTR_HDRLEN + MNL_ALIGN(alen) + \ + MNL_ALIGN(sizeof(struct nlmsgerr)) > bufsize) static int rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, @@ -1443,14 +1450,15 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); - if (BUFFER_FULL(session->bufsize, nlh->nlmsg_len, MNL_ATTR_HDRLEN, alen)) + if (BUFFER_FULL(session->bufsize, nlh->nlmsg_len, + MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); D("family: %s", family == AF_INET ? "INET" : family == AF_INET6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype | flags, alen, d); mnl_attr_nest_end(nlh, nested); - + return 0; } @@ -1464,20 +1472,20 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, break; case MNL_TYPE_U32: { uint32_t value = htonl(*(const uint32_t *)d); - + d = &value; break; } case MNL_TYPE_U16: { uint16_t value = htons(*(const uint16_t *)d); - + d = &value; break; } default: break; } - + mnl_attr_put(nlh, type | flags, alen, d); return 0; @@ -1504,7 +1512,7 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh, data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ - ipset_data_test(data, attrs[type].opt) ? \ + ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ @@ -1525,7 +1533,7 @@ addattr_adt(struct ipset_session *session, struct nlmsghdr *nlh, struct ipset_data *data, uint8_t family) { int i; - + for (i = IPSET_ATTR_UNSPEC + 1; i <= IPSET_ATTR_ADT_MAX; i++) if (ADDATTR_IF(session, nlh, data, i, family, adt_attrs)) return 1; @@ -1545,7 +1553,7 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) /* Initialize header */ session->transport->fill_hdr(session->handle, cmd, buffer, len, 0); - + ADDATTR_PROTOCOL(nlh); switch (cmd) { @@ -1563,9 +1571,11 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) return ipset_err(session, "Invalid internal TYPE command: " "missing settype"); - ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, AF_INET, cmd_attrs); + ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, + AF_INET, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) - ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, AF_INET, cmd_attrs); + ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, + AF_INET, cmd_attrs); else /* bitmap:port and list:set types */ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); @@ -1586,10 +1596,10 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) static inline bool may_aggregate_ad(struct ipset_session *session, enum ipset_cmd cmd) { - return session->lineno != 0 - && (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL) - && cmd == session->cmd - && STREQ(ipset_data_setname(session->data), session->saved_setname); + return session->lineno != 0 && + (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL) && + cmd == session->cmd && + STREQ(ipset_data_setname(session->data), session->saved_setname); } static int @@ -1622,12 +1632,13 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_OPT_TYPE)) return ipset_err(session, "Invalid create command: missing settype"); - + type = ipset_data_get(data, IPSET_OPT_TYPE); /* Core attributes: * setname, typename, revision, family, flags (optional) */ ADDATTR_SETNAME(session, nlh, data); - ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, AF_INET, cmd_attrs); + ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, + AF_INET, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", @@ -1655,7 +1666,7 @@ build_msg(struct ipset_session *session, bool aggregate) break; case IPSET_CMD_LIST: { uint32_t flags = 0; - + if (session->envopts & IPSET_ENV_LIST_SETNAME) flags |= IPSET_FLAG_LIST_SETNAME; if (session->envopts & IPSET_ENV_LIST_HEADER) @@ -1674,13 +1685,16 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_SETNAME)) return ipset_err(session, "Invalid %s command: missing from-setname", - session->cmd == IPSET_CMD_SWAP ? "swap" : "rename"); + session->cmd == IPSET_CMD_SWAP ? "swap" : + "rename"); if (!ipset_data_test(data, IPSET_OPT_SETNAME2)) return ipset_err(session, "Invalid %s command: missing to-setname", - session->cmd == IPSET_CMD_SWAP ? "swap" : "rename"); + session->cmd == IPSET_CMD_SWAP ? "swap" : + "rename"); ADDATTR_SETNAME(session, nlh, data); - ADDATTR_RAW(session, nlh, ipset_data_get(data, IPSET_OPT_SETNAME2), + ADDATTR_RAW(session, nlh, + ipset_data_get(data, IPSET_OPT_SETNAME2), IPSET_ATTR_SETNAME2, cmd_attrs); break; case IPSET_CMD_ADD: @@ -1692,12 +1706,14 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_SETNAME)) return ipset_err(session, "Invalid %s command: missing setname", - session->cmd == IPSET_CMD_ADD ? "add" : "del"); + session->cmd == IPSET_CMD_ADD ? "add" : + "del"); if (!ipset_data_test(data, IPSET_OPT_TYPE)) return ipset_err(session, "Invalid %s command: missing settype", - session->cmd == IPSET_CMD_ADD ? "add" : "del"); + session->cmd == IPSET_CMD_ADD ? "add" : + "del"); /* Core options: setname */ ADDATTR_SETNAME(session, nlh, data); @@ -1715,11 +1731,12 @@ build_msg(struct ipset_session *session, bool aggregate) D("open_nested failed"); return 1; } - if (addattr_adt(session, nlh, data, ipset_data_family(data)) - || ADDATTR_RAW(session, nlh, &session->lineno, - IPSET_ATTR_LINENO, cmd_attrs)) { + if (addattr_adt(session, nlh, data, ipset_data_family(data)) || + ADDATTR_RAW(session, nlh, &session->lineno, + IPSET_ATTR_LINENO, cmd_attrs)) { /* Cancel last, unfinished nested attribute */ - mnl_attr_nest_cancel(nlh, session->nested[session->nestid-1]); + mnl_attr_nest_cancel(nlh, + session->nested[session->nestid-1]); session->nested[--session->nestid] = NULL; return 1; } @@ -1731,7 +1748,7 @@ build_msg(struct ipset_session *session, bool aggregate) /* Return codes are not aggregated, so tests cannot be either */ /* Setname, type not checked/added yet */ - + if (!ipset_data_test(data, IPSET_SETNAME)) return ipset_err(session, "Invalid test command: missing setname"); @@ -1739,7 +1756,7 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_OPT_TYPE)) return ipset_err(session, "Invalid test command: missing settype"); - + type = ipset_data_get(data, IPSET_OPT_TYPE); D("family: %u, type family %u", ipset_data_family(data), type->family); @@ -1773,7 +1790,8 @@ ipset_commit(struct ipset_session *session) assert(session); nlh = session->buffer; - D("send buffer: len %u, cmd %s", nlh->nlmsg_len, cmd2name[session->cmd]); + D("send buffer: len %u, cmd %s", + nlh->nlmsg_len, cmd2name[session->cmd]); if (nlh->nlmsg_len == 0) /* Nothing to do */ return 0; @@ -1802,7 +1820,7 @@ ipset_commit(struct ipset_session *session) return -1; else return ipset_err(session, - "Internal protocol error"); + "Internal protocol error"); } return 0; } @@ -1814,7 +1832,7 @@ static mnl_cb_t cb_ctl[] = { [NLMSG_OVERRUN] = callback_noop, [NLMSG_MIN_TYPE] = callback_data, }; - + static inline struct ipset_handle * init_transport(struct ipset_session *session) { @@ -1843,7 +1861,7 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) struct ipset_data *data; bool aggregate = false; int ret = -1; - + assert(session); if (cmd <= IPSET_CMD_NONE || cmd >= IPSET_MSG_MAX) @@ -1863,9 +1881,9 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) } /* Private commands */ - if (cmd == IPSET_CMD_TYPE || cmd == IPSET_CMD_HEADER) + if (cmd == IPSET_CMD_TYPE || cmd == IPSET_CMD_HEADER) return build_send_private_msg(session, cmd); - + /* Check aggregatable commands */ aggregate = may_aggregate_ad(session, cmd); if (!aggregate) { @@ -1878,7 +1896,7 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) /* Real command: update lineno too */ session->cmd = cmd; session->lineno = lineno; - + /* Set default output mode */ if (cmd == IPSET_CMD_LIST) { if (session->mode == IPSET_LIST_NONE) @@ -1906,8 +1924,8 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) /* We have to save the type for error handling */ session->saved_type = ipset_data_get(data, IPSET_OPT_TYPE); - if (session->lineno != 0 - && (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL)) { + if (session->lineno != 0 && + (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL)) { /* Save setname for the next possible aggregated restore line */ strcpy(session->saved_setname, ipset_data_setname(data)); ipset_data_reset(data); @@ -1916,7 +1934,7 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) goto cleanup; } - D("call commit"); + D("call commit"); ret = ipset_commit(session); cleanup: @@ -1948,10 +1966,10 @@ ipset_session_init(ipset_outfn outfn) /* The single transport method yet */ session->transport = &ipset_mnl_transport; - + /* Output function */ session->outfn = outfn; - + /* Initialize data structures */ session->data = ipset_data_init(); if (session->data == NULL) @@ -1961,8 +1979,8 @@ ipset_session_init(ipset_outfn outfn) return session; free_session: - free(session); - return NULL; + free(session); + return NULL; } /** diff --git a/lib/types.c b/lib/types.c index c440993..7c16a30 100644 --- a/lib/types.c +++ b/lib/types.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -28,8 +28,8 @@ struct ipset { struct ipset *next; }; -static struct ipset_type *typelist = NULL; /* registered set types */ -static struct ipset *setlist = NULL; /* cached sets */ +static struct ipset_type *typelist; /* registered set types */ +static struct ipset *setlist; /* cached sets */ /** * ipset_cache_add - add a set to the cache @@ -57,7 +57,7 @@ ipset_cache_add(const char *name, const struct ipset_type *type, ipset_strlcpy(n->name, name, IPSET_MAXNAMELEN); n->type = type; n->family = family; - n->next = NULL; + n->next = NULL; if (setlist == NULL) { setlist = n; @@ -109,7 +109,7 @@ ipset_cache_del(const char *name) } if (match == NULL) return -EEXIST; - + free(match); return 0; } @@ -168,7 +168,7 @@ ipset_cache_swap(const char *from, const char *to) ipset_strlcpy(b->name, from, IPSET_MAXNAMELEN); return 0; } - + return -EEXIST; } @@ -178,7 +178,7 @@ ipset_cache_swap(const char *from, const char *to) bool ipset_match_typename(const char *name, const struct ipset_type *type) { - const char * const * alias = type->alias; + const char * const *alias = type->alias; if (STREQ(name, type->name)) return true; @@ -189,7 +189,7 @@ ipset_match_typename(const char *name, const struct ipset_type *type) alias++; } return false; -} +} static inline const struct ipset_type * create_type_get(struct ipset_session *session) @@ -215,17 +215,17 @@ create_type_get(struct ipset_session *session) if (ipset_match_typename(typename, t) && MATCH_FAMILY(t, family)) { if (match == NULL) { - match = t; - tmin = tmax = t->revision; + match = t; + tmin = tmax = t->revision; } else if (t->family == match->family) tmin = t->revision; - } + } } if (!match) return ipset_errptr(session, "Syntax error: unknown settype %s", typename); - + /* Family is unspecified yet: set from matching set type */ if (family == AF_UNSPEC && match->family != AF_UNSPEC) { family = match->family == AF_INET46 ? AF_INET : match->family; @@ -240,9 +240,11 @@ create_type_get(struct ipset_session *session) if (ret != 0) return NULL; - kmin = kmax = *(const uint8_t *)ipset_data_get(data, IPSET_OPT_REVISION); + kmin = kmax = *(const uint8_t *)ipset_data_get(data, + IPSET_OPT_REVISION); if (ipset_data_test(data, IPSET_OPT_REVISION_MIN)) - kmin = *(const uint8_t *)ipset_data_get(data, IPSET_OPT_REVISION_MIN); + kmin = *(const uint8_t *)ipset_data_get(data, + IPSET_OPT_REVISION_MIN); if (MAX(tmin, kmin) > MIN(tmax, kmax)) { if (kmin > tmax) @@ -266,7 +268,7 @@ create_type_get(struct ipset_session *session) family == AF_INET6 ? "INET6" : "UNSPEC", kmax, tmin); } - + /* Disable unsupported revisions */ for (match = NULL, t = typelist; t != NULL; t = t->next) { /* Skip revisions which are unsupported by the kernel */ @@ -274,16 +276,16 @@ create_type_get(struct ipset_session *session) continue; if (ipset_match_typename(typename, t) && MATCH_FAMILY(t, family)) { - if (t->revision < kmin || t->revision > kmax) - t->kernel_check = IPSET_KERNEL_MISMATCH; + if (t->revision < kmin || t->revision > kmax) + t->kernel_check = IPSET_KERNEL_MISMATCH; else if (match == NULL) - match = t; - } + match = t; + } } match->kernel_check = IPSET_KERNEL_OK; found: ipset_data_set(data, IPSET_OPT_TYPE, match); - + return match; } @@ -327,7 +329,7 @@ adt_type_get(struct ipset_session *session) return NULL; typename = ipset_data_get(data, IPSET_OPT_TYPENAME); - revision = ipset_data_get(data, IPSET_OPT_REVISION); + revision = ipset_data_get(data, IPSET_OPT_REVISION); family = ipset_data_family(data); /* Check registered types */ @@ -542,7 +544,7 @@ void ipset_cache_fini(void) { struct ipset *set; - + while (setlist) { set = setlist; setlist = setlist->next; diff --git a/src/errcode.c b/src/errcode.c index 9d5f226..1ce5c00 100644 --- a/src/errcode.c +++ b/src/errcode.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -70,7 +70,7 @@ static const struct ipset_errcode_table core_errcode_table[] = { "An IPv4 address is expected, but not received" }, { IPSET_ERR_IPADDR_IPV6, 0, "An IPv6 address is expected, but not received" }, - + /* ADD specific error codes */ { IPSET_ERR_EXIST, IPSET_CMD_ADD, "Element cannot be added to the set: it's already added" }, @@ -157,10 +157,10 @@ ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd, int errcode) { const struct ipset_errcode_table *table = core_errcode_table; int i, generic; - + if (errcode >= IPSET_ERR_TYPE_SPECIFIC) { const struct ipset_type *type; - + type = ipset_saved_type(session); if (type) { if (MATCH_TYPENAME(type->name, "bitmap:")) @@ -174,11 +174,11 @@ ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd, int errcode) retry: for (i = 0, generic = -1; table[i].errcode; i++) { - if (table[i].errcode == errcode - && (table[i].cmd == cmd || table[i].cmd == 0)) { - if (table[i].cmd == 0) { - generic = i; - continue; + if (table[i].errcode == errcode && + (table[i].cmd == cmd || table[i].cmd == 0)) { + if (table[i].cmd == 0) { + generic = i; + continue; } return ipset_err(session, table[i].message); } diff --git a/src/ipset.c b/src/ipset.c index 032564c..358befe 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -2,8 +2,8 @@ * Patrick Schaaf (bof@bof.de) * Copyright 2003-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <ctype.h> /* isspace */ @@ -26,12 +26,12 @@ static char program_name[] = PACKAGE; static char program_version[] = PACKAGE_VERSION; -static struct ipset_session *session = NULL; -static uint32_t restore_line = 0; -static bool interactive = false; +static struct ipset_session *session; +static uint32_t restore_line; +static bool interactive; static char cmdline[1024]; static char *newargv[255]; -static int newargc = 0; +static int newargc; /* The known set types: (typename, revision, family) is unique */ extern struct ipset_type ipset_bitmap_ip0; @@ -57,12 +57,12 @@ enum exittype { SESSION_PROBLEM, }; -static int __attribute__((format(printf,2,3))) +static int __attribute__((format(printf, 2, 3))) exit_error(int status, const char *msg, ...) { - bool quiet = !interactive - && session - && ipset_envopt_test(session, IPSET_ENV_QUIET); + bool quiet = !interactive && + session && + ipset_envopt_test(session, IPSET_ENV_QUIET); if (status && msg && !quiet) { va_list args; @@ -98,8 +98,8 @@ exit_error(int status, const char *msg, ...) static int handle_error(void) { - if (ipset_session_warning(session) - && !ipset_envopt_test(session, IPSET_ENV_QUIET)) + if (ipset_session_warning(session) && + !ipset_envopt_test(session, IPSET_ENV_QUIET)) fprintf(stderr, "Warning: %s\n", ipset_session_warning(session)); if (ipset_session_error(session)) @@ -111,7 +111,7 @@ handle_error(void) exit(OTHER_PROBLEM); } - ipset_session_report_reset(session); + ipset_session_report_reset(session); return -1; } @@ -120,16 +120,15 @@ help(void) { const struct ipset_commands *c; const struct ipset_envopts *opt = ipset_envopts; - + printf("%s v%s\n\n" "Usage: %s [options] COMMAND\n\nCommands:\n", program_name, program_version, program_name); - for (c = ipset_commands; c->cmd; c++) { + for (c = ipset_commands; c->cmd; c++) printf("%s %s\n", c->name[0], c->help); - } printf("\nOptions:\n"); - + while (opt->flag) { if (opt->help) printf("%s %s\n", opt->name[0], opt->help); @@ -144,7 +143,7 @@ build_argv(char *buffer) char *ptr; int i; - /* Reset */ + /* Reset */ for (i = 1; i < newargc; i++) newargv[i] = NULL; newargc = 1; @@ -173,7 +172,7 @@ restore(char *argv0) { int ret = 0; char *c; - + /* Initialize newargv/newargc */ newargc = 0; newargv[newargc++] = argv0; @@ -193,7 +192,7 @@ restore(char *argv0) } /* Build faked argv, argc */ build_argv(c); - + /* Execute line */ ret = parse_commandline(newargc, newargv); if (ret < 0) @@ -213,7 +212,7 @@ call_parser(int *argc, char *argv[], const struct ipset_arg *args) int ret = 0; const struct ipset_arg *arg; const char *optstr; - + /* Currently CREATE and ADT may have got additional arguments */ if (!args && *argc > 1) goto err_unknown; @@ -237,7 +236,8 @@ call_parser(int *argc, char *argv[], const struct ipset_arg *args) /* Fall through */ case IPSET_OPTIONAL_ARG: if (*argc >= 2) { - ret = ipset_call_parser(session, arg, argv[1]); + ret = ipset_call_parser(session, + arg, argv[1]); if (ret < 0) return ret; ipset_shift_argv(argc, argv, 1); @@ -263,7 +263,7 @@ err_unknown: static enum ipset_adt cmd2cmd(int cmd) { - switch(cmd) { + switch (cmd) { case IPSET_CMD_ADD: return IPSET_ADD; case IPSET_CMD_DEL: @@ -343,15 +343,15 @@ check_allowed(const struct ipset_type *type, enum ipset_cmd command) ? IPSET_CREATE_FLAGS : IPSET_ADT_FLAGS; const struct ipset_arg *arg = type->args[cmd]; enum ipset_opt i; - + /* Range can be expressed by ip/cidr or from-to */ if (allowed & IPSET_FLAG(IPSET_OPT_IP_TO)) allowed |= IPSET_FLAG(IPSET_OPT_CIDR); for (i = IPSET_OPT_IP; i < IPSET_OPT_FLAGS; i++) { - if (!(cmdflags & IPSET_FLAG(i)) - || (allowed & IPSET_FLAG(i)) - || !(flags & IPSET_FLAG(i))) + if (!(cmdflags & IPSET_FLAG(i)) || + (allowed & IPSET_FLAG(i)) || + !(flags & IPSET_FLAG(i))) continue; /* Not allowed element-expressions */ switch (i) { @@ -359,19 +359,22 @@ check_allowed(const struct ipset_type *type, enum ipset_cmd command) exit_error(OTHER_PROBLEM, "IP/CIDR range is not allowed in command %s " "with set type %s and family %s", - cmd2name(command), type->name, session_family()); + cmd2name(command), type->name, + session_family()); return; case IPSET_OPT_IP_TO: exit_error(OTHER_PROBLEM, "FROM-TO IP range is not allowed in command %s " "with set type %s and family %s", - cmd2name(command), type->name, session_family()); + cmd2name(command), type->name, + session_family()); return; case IPSET_OPT_PORT_TO: exit_error(OTHER_PROBLEM, "FROM-TO port range is not allowed in command %s " "with set type %s and family %s", - cmd2name(command), type->name, session_family()); + cmd2name(command), type->name, + session_family()); return; default: break; @@ -391,7 +394,8 @@ check_allowed(const struct ipset_type *type, enum ipset_cmd command) "%s parameter is not allowed in command %s " "with set type %s and family %s", arg->name[0], - cmd2name(command), type->name, session_family()); + cmd2name(command), type->name, + session_family()); return; } exit_error(OTHER_PROBLEM, @@ -406,7 +410,7 @@ static const struct ipset_type * type_find(const char *name) { const struct ipset_type *t = ipset_types(); - + while (t) { if (ipset_match_typename(name, t)) return t; @@ -477,10 +481,10 @@ parse_commandline(int argc, char *argv[]) if (!ipset_match_cmd(argv[1], command->name)) continue; - if (restore_line != 0 - && (command->cmd == IPSET_CMD_RESTORE - || command->cmd == IPSET_CMD_VERSION - || command->cmd == IPSET_CMD_HELP)) + if (restore_line != 0 && + (command->cmd == IPSET_CMD_RESTORE || + command->cmd == IPSET_CMD_VERSION || + command->cmd == IPSET_CMD_HELP)) return exit_error(PARAMETER_PROBLEM, "Command `%s' is invalid " "in restore mode.", @@ -565,9 +569,9 @@ parse_commandline(int argc, char *argv[]) case IPSET_CMD_HELP: help(); - if (interactive - || !ipset_envopt_test(session, IPSET_ENV_QUIET)) { - if (arg0) { + if (interactive || + !ipset_envopt_test(session, IPSET_ENV_QUIET)) { + if (arg0) { /* Type-specific help, without kernel checking */ type = type_find(arg0); if (!type) @@ -597,7 +601,7 @@ parse_commandline(int argc, char *argv[]) printf(" %s\n", type->name); type = type->next; } - } + } } if (interactive) return 0; @@ -607,7 +611,7 @@ parse_commandline(int argc, char *argv[]) default: break; } - + /* Forth: parse command args and issue the command */ switch (cmd) { case IPSET_CMD_CREATE: @@ -630,11 +634,11 @@ parse_commandline(int argc, char *argv[]) return handle_error(); else if (ret) return ret; - + /* Check mandatory, then allowed options */ check_mandatory(type, cmd); check_allowed(type, cmd); - + break; case IPSET_CMD_DESTROY: case IPSET_CMD_FLUSH: @@ -678,22 +682,22 @@ parse_commandline(int argc, char *argv[]) type = ipset_type_get(session, cmd); if (type == NULL) return handle_error(); - + ret = ipset_parse_elem(session, type->last_elem_optional, arg1); if (ret < 0) return handle_error(); - + /* Parse additional ADT options */ ret = call_parser(&argc, argv, type->args[cmd2cmd(cmd)]); if (ret < 0) return handle_error(); else if (ret) return ret; - + /* Check mandatory, then allowed options */ check_mandatory(type, cmd); check_allowed(type, cmd); - + break; default: break; @@ -744,8 +748,8 @@ main(int argc, char *argv[]) "Cannot initialize ipset session, aborting."); ret = parse_commandline(argc, argv); - + ipset_session_fini(session); - + return ret; } diff --git a/src/ipset_bitmap_ip.c b/src/ipset_bitmap_ip.c index 4194875..e73bc7c 100644 --- a/src/ipset_bitmap_ip.c +++ b/src/ipset_bitmap_ip.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -37,7 +37,7 @@ static const struct ipset_arg bitmap_ip_create_args[] = { .parse = ipset_parse_net, }, { }, -}; +}; static const struct ipset_arg bitmap_ip_add_args[] = { { .name = { "timeout", NULL }, @@ -45,7 +45,7 @@ static const struct ipset_arg bitmap_ip_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char bitmap_ip_usage[] = "create SETNAME bitmap:ip range IP/CIDR|FROM-TO\n" @@ -62,8 +62,8 @@ struct ipset_type ipset_bitmap_ip0 = { .revision = 0, .family = AF_INET, .dimension = IPSET_DIM_ONE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP diff --git a/src/ipset_bitmap_ipmac.c b/src/ipset_bitmap_ipmac.c index 8f2cb72..f47f25d 100644 --- a/src/ipset_bitmap_ipmac.c +++ b/src/ipset_bitmap_ipmac.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -33,7 +33,7 @@ static const struct ipset_arg bitmap_ipmac_create_args[] = { .parse = ipset_parse_net, }, { }, -}; +}; static const struct ipset_arg bitmap_ipmac_add_args[] = { { .name = { "timeout", NULL }, @@ -41,7 +41,7 @@ static const struct ipset_arg bitmap_ipmac_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char bitmap_ipmac_usage[] = "create SETNAME bitmap:ip,mac range IP/CIDR|FROM-TO\n" @@ -60,13 +60,13 @@ struct ipset_type ipset_bitmap_ipmac0 = { .family = AF_INET, .dimension = IPSET_DIM_TWO, .last_elem_optional = true, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_single_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_ether, .print = ipset_print_ether, .opt = IPSET_OPT_ETHER diff --git a/src/ipset_bitmap_port.c b/src/ipset_bitmap_port.c index 82b98a4..c8c6e1f 100644 --- a/src/ipset_bitmap_port.c +++ b/src/ipset_bitmap_port.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -29,7 +29,7 @@ static const struct ipset_arg bitmap_port_create_args[] = { .parse = ipset_parse_single_tcp_port, }, { }, -}; +}; static const struct ipset_arg bitmap_port_add_args[] = { { .name = { "timeout", NULL }, @@ -37,7 +37,7 @@ static const struct ipset_arg bitmap_port_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char bitmap_port_usage[] = "create SETNAME bitmap:port range FROM-TO\n" @@ -53,8 +53,8 @@ struct ipset_type ipset_bitmap_port0 = { .revision = 0, .family = AF_UNSPEC, .dimension = IPSET_DIM_ONE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_tcp_port, .print = ipset_print_port, .opt = IPSET_OPT_PORT diff --git a/src/ipset_hash_ip.c b/src/ipset_hash_ip.c index 6926644..315804a 100644 --- a/src/ipset_hash_ip.c +++ b/src/ipset_hash_ip.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -63,7 +63,7 @@ static const struct ipset_arg hash_ip_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_ip_usage[] = "create SETNAME hash:ip\n" @@ -85,8 +85,8 @@ struct ipset_type ipset_hash_ip0 = { .revision = 0, .family = AF_INET46, .dimension = IPSET_DIM_ONE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP diff --git a/src/ipset_hash_ipport.c b/src/ipset_hash_ipport.c index 58ea76c..b5bd41b 100644 --- a/src/ipset_hash_ipport.c +++ b/src/ipset_hash_ipport.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -60,7 +60,7 @@ static const struct ipset_arg hash_ipport_create_args[] = { .parse = ipset_parse_ignored, }, { }, -}; +}; static const struct ipset_arg hash_ipport_add_args[] = { { .name = { "timeout", NULL }, @@ -68,7 +68,7 @@ static const struct ipset_arg hash_ipport_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_ipport1_usage[] = "create SETNAME hash:ip,port\n" @@ -91,13 +91,13 @@ struct ipset_type ipset_hash_ipport1 = { .revision = 1, .family = AF_INET46, .dimension = IPSET_DIM_TWO, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT diff --git a/src/ipset_hash_ipportip.c b/src/ipset_hash_ipportip.c index 2f310ea..b27cebf 100644 --- a/src/ipset_hash_ipportip.c +++ b/src/ipset_hash_ipportip.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -60,7 +60,7 @@ static const struct ipset_arg hash_ipportip_create_args[] = { .parse = ipset_parse_ignored, }, { }, -}; +}; static const struct ipset_arg hash_ipportip_add_args[] = { { .name = { "timeout", NULL }, @@ -68,7 +68,7 @@ static const struct ipset_arg hash_ipportip_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_ipportip1_usage[] = "create SETNAME hash:ip,port,ip\n" @@ -91,18 +91,18 @@ struct ipset_type ipset_hash_ipportip1 = { .revision = 1, .family = AF_INET46, .dimension = IPSET_DIM_THREE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE] = { .parse = ipset_parse_single_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 diff --git a/src/ipset_hash_ipportnet.c b/src/ipset_hash_ipportnet.c index c2eece8..ecab191 100644 --- a/src/ipset_hash_ipportnet.c +++ b/src/ipset_hash_ipportnet.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -60,7 +60,7 @@ static const struct ipset_arg hash_ipportnet_create_args[] = { .parse = ipset_parse_ignored, }, { }, -}; +}; static const struct ipset_arg hash_ipportnet_add_args[] = { { .name = { "timeout", NULL }, @@ -68,7 +68,7 @@ static const struct ipset_arg hash_ipportnet_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_ipportnet1_usage[] = "create SETNAME hash:ip,port,net\n" @@ -92,18 +92,18 @@ struct ipset_type ipset_hash_ipportnet1 = { .revision = 1, .family = AF_INET46, .dimension = IPSET_DIM_THREE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 @@ -182,18 +182,18 @@ struct ipset_type ipset_hash_ipportnet2 = { .revision = 2, .family = AF_INET46, .dimension = IPSET_DIM_THREE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 diff --git a/src/ipset_hash_net.c b/src/ipset_hash_net.c index 9c0a6ca..665c398 100644 --- a/src/ipset_hash_net.c +++ b/src/ipset_hash_net.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -47,7 +47,7 @@ static const struct ipset_arg hash_net_create_args[] = { .parse = ipset_parse_ignored, .print = ipset_print_number, }, { }, -}; +}; static const struct ipset_arg hash_net_add_args[] = { { .name = { "timeout", NULL }, @@ -55,7 +55,7 @@ static const struct ipset_arg hash_net_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_net0_usage[] = "create SETNAME hash:net\n" @@ -75,8 +75,8 @@ struct ipset_type ipset_hash_net0 = { .revision = 0, .family = AF_INET46, .dimension = IPSET_DIM_ONE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP @@ -127,8 +127,8 @@ struct ipset_type ipset_hash_net1 = { .revision = 1, .family = AF_INET46, .dimension = IPSET_DIM_ONE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP diff --git a/src/ipset_hash_netiface.c b/src/ipset_hash_netiface.c index bac860b..2fbe27d 100644 --- a/src/ipset_hash_netiface.c +++ b/src/ipset_hash_netiface.c @@ -1,7 +1,7 @@ /* Copyright 2011 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -39,7 +39,7 @@ static const struct ipset_arg hash_netiface_create_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const struct ipset_arg hash_netiface_add_args[] = { { .name = { "timeout", NULL }, @@ -47,7 +47,7 @@ static const struct ipset_arg hash_netiface_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_netiface_usage[] = "create SETNAME hash:net,iface\n" @@ -68,13 +68,13 @@ struct ipset_type ipset_hash_netiface0 = { .revision = 0, .family = AF_INET46, .dimension = IPSET_DIM_TWO, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE diff --git a/src/ipset_hash_netport.c b/src/ipset_hash_netport.c index 7964319..480dd84 100644 --- a/src/ipset_hash_netport.c +++ b/src/ipset_hash_netport.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -39,7 +39,7 @@ static const struct ipset_arg hash_netport_create_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const struct ipset_arg hash_netport_add_args[] = { { .name = { "timeout", NULL }, @@ -47,7 +47,7 @@ static const struct ipset_arg hash_netport_add_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const char hash_netport1_usage[] = "create SETNAME hash:net,port\n" @@ -69,13 +69,13 @@ struct ipset_type ipset_hash_netport1 = { .revision = 1, .family = AF_INET46, .dimension = IPSET_DIM_TWO, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT @@ -143,13 +143,13 @@ struct ipset_type ipset_hash_netport2 = { .revision = 2, .family = AF_INET46, .dimension = IPSET_DIM_TWO, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT diff --git a/src/ipset_list_set.c b/src/ipset_list_set.c index 7e7ddff..f3fa6df 100644 --- a/src/ipset_list_set.c +++ b/src/ipset_list_set.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/data.h> /* IPSET_OPT_* */ @@ -20,7 +20,7 @@ static const struct ipset_arg list_set_create_args[] = { .parse = ipset_parse_uint32, .print = ipset_print_number, }, { }, -}; +}; static const struct ipset_arg list_set_adt_args[] = { { .name = { "timeout", NULL }, @@ -36,7 +36,7 @@ static const struct ipset_arg list_set_adt_args[] = { .parse = ipset_parse_after, }, { }, -}; +}; static const char list_set_usage[] = "create SETNAME list:set\n" @@ -52,8 +52,8 @@ struct ipset_type ipset_list_set0 = { .revision = 0, .family = AF_UNSPEC, .dimension = IPSET_DIM_ONE, - .elem = { - [IPSET_DIM_ONE] = { + .elem = { + [IPSET_DIM_ONE] = { .parse = ipset_parse_setname, .print = ipset_print_name, .opt = IPSET_OPT_NAME @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -35,91 +35,91 @@ const struct ipset_commands ipset_commands[] = { .name = { "add", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" - " Add entry to the named set", + " Add entry to the named set", }, { /* d[el], --del, -D */ .cmd = IPSET_CMD_DEL, .name = { "del", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" - " Delete entry from the named set", + " Delete entry from the named set", }, { /* t[est], --test, -T */ .cmd = IPSET_CMD_TEST, .name = { "test", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" - " Test entry in the named set", + " Test entry in the named set", }, { /* des[troy], --destroy, x, -X */ .cmd = IPSET_CMD_DESTROY, .name = { "destroy", "x" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" - " Destroy a named set or all sets", + " Destroy a named set or all sets", }, { /* l[ist], --list, -L */ .cmd = IPSET_CMD_LIST, .name = { "list", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" - " List the entries of a named set or all sets", + " List the entries of a named set or all sets", }, { /* s[save], --save, -S */ .cmd = IPSET_CMD_SAVE, .name = { "save", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" - " Save the named set or all sets to stdout", + " Save the named set or all sets to stdout", }, { /* r[estore], --restore, -R */ .cmd = IPSET_CMD_RESTORE, .name = { "restore", NULL }, .has_arg = IPSET_NO_ARG, .help = "\n" - " Restore a saved state", + " Restore a saved state", }, { /* f[lush], --flush, -F */ .cmd = IPSET_CMD_FLUSH, .name = { "flush", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" - " Flush a named set or all sets", + " Flush a named set or all sets", }, { /* ren[ame], --rename, e, -E */ .cmd = IPSET_CMD_RENAME, .name = { "rename", "e" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" - " Rename two sets", + " Rename two sets", }, { /* sw[ap], --swap, w, -W */ .cmd = IPSET_CMD_SWAP, .name = { "swap", "w" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" - " Swap the contect of two existing sets", + " Swap the contect of two existing sets", }, { /* h[elp, --help, -H */ .cmd = IPSET_CMD_HELP, .name = { "help", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[TYPENAME]\n" - " Print help, and settype specific help", + " Print help, and settype specific help", }, { /* v[ersion], --version, -V */ .cmd = IPSET_CMD_VERSION, .name = { "version", NULL }, .has_arg = IPSET_NO_ARG, .help = "\n" - " Print version information", + " Print version information", }, { /* q[uit] */ .cmd = IPSET_CMD_QUIT, .name = { "quit", NULL }, .has_arg = IPSET_NO_ARG, .help = "\n" - " Quit interactive mode", + " Quit interactive mode", }, { }, }; @@ -149,8 +149,9 @@ ipset_match_cmd(const char *arg, const char * const name[]) return true; else if (len != 1) return false; - else return tolower(arg[0]) == name[0][0] || - (name[1] != NULL && tolower(arg[0]) == name[1][0]); + else + return tolower(arg[0]) == name[0][0] || + (name[1] != NULL && tolower(arg[0]) == name[1][0]); } const struct ipset_envopts ipset_envopts[] = { @@ -158,47 +159,47 @@ const struct ipset_envopts ipset_envopts[] = { .has_arg = IPSET_MANDATORY_ARG, .flag = IPSET_OPT_MAX, .parse = ipset_parse_output, .help = "plain|save|xml\n" - " Specify output mode for listing sets.\n" - " Default value for \"list\" command is mode \"plain\"\n" - " and for \"save\" command is mode \"save\".", + " Specify output mode for listing sets.\n" + " Default value for \"list\" command is mode \"plain\"\n" + " and for \"save\" command is mode \"save\".", }, { .name = { "-s", "-sorted" }, .parse = ipset_envopt_parse, .has_arg = IPSET_NO_ARG, .flag = IPSET_ENV_SORTED, .help = "\n" - " Print elements sorted (if supported by the set type).", + " Print elements sorted (if supported by the set type).", }, { .name = { "-q", "-quiet" }, .parse = ipset_envopt_parse, .has_arg = IPSET_NO_ARG, .flag = IPSET_ENV_QUIET, .help = "\n" - " Suppress any notice or warning message.", + " Suppress any notice or warning message.", }, { .name = { "-r", "-resolve" }, .parse = ipset_envopt_parse, .has_arg = IPSET_NO_ARG, .flag = IPSET_ENV_RESOLVE, .help = "\n" - " Try to resolve IP addresses in the output (slow!)", + " Try to resolve IP addresses in the output (slow!)", }, { .name = { "-!", "-exist" }, .parse = ipset_envopt_parse, .has_arg = IPSET_NO_ARG, .flag = IPSET_ENV_EXIST, .help = "\n" - " Ignore errors when creating already created sets,\n" - " when adding already existing elements\n" + " Ignore errors when creating already created sets,\n" + " when adding already existing elements\n" " or when deleting non-existing elements.", }, { .name = { "-n", "-name" }, .parse = ipset_envopt_parse, .has_arg = IPSET_NO_ARG, .flag = IPSET_ENV_LIST_SETNAME, .help = "\n" - " When listing, list just setnames from kernel.\n", + " When listing, list just setnames from kernel.\n", }, { .name = { "-t", "-terse" }, .parse = ipset_envopt_parse, .has_arg = IPSET_NO_ARG, .flag = IPSET_ENV_LIST_HEADER, .help = "\n" - " When listing, list setnames and set headers\n" + " When listing, list setnames and set headers\n" " from kernel only.", }, { }, @@ -210,13 +211,13 @@ ipset_match_option(const char *arg, const char * const name[]) { assert(arg); assert(name && name[0]); - + /* Skip two leading dashes */ if (arg[0] == '-' && arg[1] == '-') arg++, arg++; - return STREQ(arg, name[0]) - || (name[1] != NULL && STREQ(arg, name[1])); + return STREQ(arg, name[0]) || + (name[1] != NULL && STREQ(arg, name[1])); } /* Strict envopt matching */ @@ -225,13 +226,13 @@ ipset_match_envopt(const char *arg, const char * const name[]) { assert(arg); assert(name && name[0]); - + /* Skip one leading dash */ if (arg[0] == '-' && arg[1] == '-') arg++; - return STREQ(arg, name[0]) - || (name[1] != NULL && STREQ(arg, name[1])); + return STREQ(arg, name[0]) || + (name[1] != NULL && STREQ(arg, name[1])); } /** @@ -247,19 +248,18 @@ void ipset_shift_argv(int *argc, char *argv[], int from) { int i; - + assert(*argc >= from + 1); - for (i = from + 1; i <= *argc; i++) { + for (i = from + 1; i <= *argc; i++) argv[i-1] = argv[i]; - } (*argc)--; return; } /** * ipset_port_usage - prints the usage for the port parameter - * + * * Print the usage for the port parameter to stdout. */ void |