diff options
Diffstat (limited to 'lib/ipset_hash_ipportnet.c')
-rw-r--r-- | lib/ipset_hash_ipportnet.c | 215 |
1 files changed, 200 insertions, 15 deletions
diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c index c867e90..2c2e014 100644 --- a/lib/ipset_hash_ipportnet.c +++ b/lib/ipset_hash_ipportnet.c @@ -11,7 +11,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_ipportnet_create_args[] = { +static const struct ipset_arg hash_ipportnet_create_args1[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -62,7 +62,7 @@ static const struct ipset_arg hash_ipportnet_create_args[] = { { }, }; -static const struct ipset_arg hash_ipportnet_add_args[] = { +static const struct ipset_arg hash_ipportnet_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -70,7 +70,7 @@ static const struct ipset_arg hash_ipportnet_add_args[] = { { }, }; -static const char hash_ipportnet1_usage[] = +static const char hash_ipportnet_usage1[] = "create SETNAME hash:ip,port,net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -110,8 +110,8 @@ static struct ipset_type ipset_hash_ipportnet1 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportnet_create_args, - [IPSET_ADD] = hash_ipportnet_add_args, + [IPSET_CREATE] = hash_ipportnet_create_args1, + [IPSET_ADD] = hash_ipportnet_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -156,12 +156,12 @@ static struct ipset_type ipset_hash_ipportnet1 = { | IPSET_FLAG(IPSET_OPT_CIDR2), }, - .usage = hash_ipportnet1_usage, + .usage = hash_ipportnet_usage1, .usagefn = ipset_port_usage, .description = "SCTP and UDPLITE support", }; -static const char hash_ipportnet2_usage[] = +static const char hash_ipportnet_usage2[] = "create SETNAME hash:ip,port,net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -201,8 +201,8 @@ static struct ipset_type ipset_hash_ipportnet2 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportnet_create_args, - [IPSET_ADD] = hash_ipportnet_add_args, + [IPSET_CREATE] = hash_ipportnet_create_args1, + [IPSET_ADD] = hash_ipportnet_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -249,12 +249,12 @@ static struct ipset_type ipset_hash_ipportnet2 = { | IPSET_FLAG(IPSET_OPT_CIDR2), }, - .usage = hash_ipportnet2_usage, + .usage = hash_ipportnet_usage2, .usagefn = ipset_port_usage, .description = "Add/del range support", }; -static const struct ipset_arg hash_ipportnet3_add_args[] = { +static const struct ipset_arg hash_ipportnet_add_args3[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -266,7 +266,7 @@ static const struct ipset_arg hash_ipportnet3_add_args[] = { { }, }; -static const char hash_ipportnet3_usage[] = +static const char hash_ipportnet_usage3[] = "create SETNAME hash:ip,port,net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -306,8 +306,8 @@ static struct ipset_type ipset_hash_ipportnet3 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportnet_create_args, - [IPSET_ADD] = hash_ipportnet3_add_args, + [IPSET_CREATE] = hash_ipportnet_create_args1, + [IPSET_ADD] = hash_ipportnet_add_args3, }, .mandatory = { [IPSET_CREATE] = 0, @@ -355,15 +355,200 @@ static struct ipset_type ipset_hash_ipportnet3 = { | IPSET_FLAG(IPSET_OPT_CIDR2), }, - .usage = hash_ipportnet3_usage, + .usage = hash_ipportnet_usage3, .usagefn = ipset_port_usage, .description = "nomatch flag support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_ipportnet_create_args4[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_ignored, + }, + { .name = { "network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { }, +}; + +static const struct ipset_arg hash_ipportnet_add_args4[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_ipportnet_test_args4[] = { + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_ipportnet_usage4[] = +"create SETNAME hash:ip,port,net\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n" +"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n" +"where depending on the INET family\n" +" IP are valid IPv4 or IPv6 addresses (or hostnames),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" +" in both IP components are supported for IPv4.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +static struct ipset_type ipset_hash_ipportnet4 = { + .name = "hash:ip,port,net", + .alias = { "ipportnethash", NULL }, + .revision = 4, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .args = { + [IPSET_CREATE] = hash_ipportnet_create_args4, + [IPSET_ADD] = hash_ipportnet_add_args4, + [IPSET_TEST] = hash_ipportnet_test_args4, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + }, + + .usage = hash_ipportnet_usage4, + .usagefn = ipset_port_usage, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ipportnet1); ipset_type_add(&ipset_hash_ipportnet2); ipset_type_add(&ipset_hash_ipportnet3); + ipset_type_add(&ipset_hash_ipportnet4); } |