diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ipset_bitmap_ip.c | 117 | ||||
-rw-r--r-- | lib/ipset_bitmap_ipmac.c | 120 | ||||
-rw-r--r-- | lib/ipset_bitmap_port.c | 107 | ||||
-rw-r--r-- | lib/ipset_hash_ip.c | 140 | ||||
-rw-r--r-- | lib/ipset_hash_ipport.c | 163 | ||||
-rw-r--r-- | lib/ipset_hash_ipportip.c | 174 | ||||
-rw-r--r-- | lib/ipset_hash_ipportnet.c | 215 | ||||
-rw-r--r-- | lib/ipset_hash_net.c | 165 | ||||
-rw-r--r-- | lib/ipset_hash_netiface.c | 169 | ||||
-rw-r--r-- | lib/ipset_hash_netport.c | 178 | ||||
-rw-r--r-- | lib/ipset_list_set.c | 115 |
11 files changed, 1560 insertions, 103 deletions
diff --git a/lib/ipset_bitmap_ip.c b/lib/ipset_bitmap_ip.c index 212c93e..a4726db 100644 --- a/lib/ipset_bitmap_ip.c +++ b/lib/ipset_bitmap_ip.c @@ -10,7 +10,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg bitmap_ip_create_args[] = { +static const struct ipset_arg bitmap_ip_create_args0[] = { { .name = { "range", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, .parse = ipset_parse_netrange, .print = ipset_print_ip, @@ -39,7 +39,7 @@ static const struct ipset_arg bitmap_ip_create_args[] = { { }, }; -static const struct ipset_arg bitmap_ip_add_args[] = { +static const struct ipset_arg bitmap_ip_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -47,7 +47,7 @@ static const struct ipset_arg bitmap_ip_add_args[] = { { }, }; -static const char bitmap_ip_usage[] = +static const char bitmap_ip_usage0[] = "create SETNAME bitmap:ip range IP/CIDR|FROM-TO\n" " [netmask CIDR] [timeout VALUE]\n" "add SETNAME IP|IP/CIDR|FROM-TO [timeout VALUE]\n" @@ -70,8 +70,8 @@ static struct ipset_type ipset_bitmap_ip0 = { }, }, .args = { - [IPSET_CREATE] = bitmap_ip_create_args, - [IPSET_ADD] = bitmap_ip_add_args, + [IPSET_CREATE] = bitmap_ip_create_args0, + [IPSET_ADD] = bitmap_ip_add_args0, }, .mandatory = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) @@ -93,12 +93,117 @@ static struct ipset_type ipset_bitmap_ip0 = { [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), }, - .usage = bitmap_ip_usage, + .usage = bitmap_ip_usage0, .description = "Initial revision", }; +/* Parse commandline arguments */ +static const struct ipset_arg bitmap_ip_create_args1[] = { + { .name = { "range", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_netrange, .print = ipset_print_ip, + }, + { .name = { "netmask", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_NETMASK, + .parse = ipset_parse_netmask, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_single_ip, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_single_ip, + }, + { .name = { "network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_net, + }, + { }, +}; + +static const struct ipset_arg bitmap_ip_add_args1[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char bitmap_ip_usage1[] = +"create SETNAME bitmap:ip range IP/CIDR|FROM-TO\n" +" [netmask CIDR] [timeout VALUE] [counters]\n" +"add SETNAME IP|IP/CIDR|FROM-TO [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP|IP/CIDR|FROM-TO\n" +"test SETNAME IP\n\n" +"where IP, FROM and TO are IPv4 addresses (or hostnames),\n" +" CIDR is a valid IPv4 CIDR prefix.\n"; + +static struct ipset_type ipset_bitmap_ip1 = { + .name = "bitmap:ip", + .alias = { "ipmap", NULL }, + .revision = 1, + .family = NFPROTO_IPV4, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + }, + .args = { + [IPSET_CREATE] = bitmap_ip_create_args1, + [IPSET_ADD] = bitmap_ip_add_args1, + }, + .mandatory = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_NETMASK) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + + .usage = bitmap_ip_usage1, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_bitmap_ip0); + ipset_type_add(&ipset_bitmap_ip1); } diff --git a/lib/ipset_bitmap_ipmac.c b/lib/ipset_bitmap_ipmac.c index da69ceb..67217a9 100644 --- a/lib/ipset_bitmap_ipmac.c +++ b/lib/ipset_bitmap_ipmac.c @@ -10,7 +10,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg bitmap_ipmac_create_args[] = { +static const struct ipset_arg bitmap_ipmac_create_args0[] = { { .name = { "range", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, .parse = ipset_parse_netrange, .print = ipset_print_ip, @@ -35,7 +35,7 @@ static const struct ipset_arg bitmap_ipmac_create_args[] = { { }, }; -static const struct ipset_arg bitmap_ipmac_add_args[] = { +static const struct ipset_arg bitmap_ipmac_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -43,7 +43,7 @@ static const struct ipset_arg bitmap_ipmac_add_args[] = { { }, }; -static const char bitmap_ipmac_usage[] = +static const char bitmap_ipmac_usage0[] = "create SETNAME bitmap:ip,mac range IP/CIDR|FROM-TO\n" " [matchunset] [timeout VALUE]\n" "add SETNAME IP[,MAC] [timeout VALUE]\n" @@ -73,8 +73,8 @@ static struct ipset_type ipset_bitmap_ipmac0 = { }, }, .args = { - [IPSET_CREATE] = bitmap_ipmac_create_args, - [IPSET_ADD] = bitmap_ipmac_add_args, + [IPSET_CREATE] = bitmap_ipmac_create_args0, + [IPSET_ADD] = bitmap_ipmac_add_args0, }, .mandatory = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) @@ -96,12 +96,120 @@ static struct ipset_type ipset_bitmap_ipmac0 = { | IPSET_FLAG(IPSET_OPT_ETHER), }, - .usage = bitmap_ipmac_usage, + .usage = bitmap_ipmac_usage0, .description = "Initial revision", }; +/* Parse commandline arguments */ +static const struct ipset_arg bitmap_ipmac_create_args1[] = { + { .name = { "range", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_netrange, .print = ipset_print_ip, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_single_ip, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_single_ip, + }, + { .name = { "network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_net, + }, + { }, +}; + +static const struct ipset_arg bitmap_ipmac_add_args1[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char bitmap_ipmac_usage1[] = +"create SETNAME bitmap:ip,mac range IP/CIDR|FROM-TO\n" +" [matchunset] [timeout VALUE] [counters]\n" +"add SETNAME IP[,MAC] [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP[,MAC]\n" +"test SETNAME IP[,MAC]\n\n" +"where IP, FROM and TO are IPv4 addresses (or hostnames),\n" +" CIDR is a valid IPv4 CIDR prefix,\n" +" MAC is a valid MAC address.\n"; + +static struct ipset_type ipset_bitmap_ipmac1 = { + .name = "bitmap:ip,mac", + .alias = { "macipmap", NULL }, + .revision = 1, + .family = NFPROTO_IPV4, + .dimension = IPSET_DIM_TWO, + .last_elem_optional = true, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_single_ip, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_ether, + .print = ipset_print_ether, + .opt = IPSET_OPT_ETHER + }, + }, + .args = { + [IPSET_CREATE] = bitmap_ipmac_create_args1, + [IPSET_ADD] = bitmap_ipmac_add_args1, + }, + .mandatory = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + }, + + .usage = bitmap_ipmac_usage1, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_bitmap_ipmac0); + ipset_type_add(&ipset_bitmap_ipmac1); } diff --git a/lib/ipset_bitmap_port.c b/lib/ipset_bitmap_port.c index 9a37e35..6959c3a 100644 --- a/lib/ipset_bitmap_port.c +++ b/lib/ipset_bitmap_port.c @@ -10,7 +10,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg bitmap_port_create_args[] = { +static const struct ipset_arg bitmap_port_create_args0[] = { { .name = { "range", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, .parse = ipset_parse_tcp_port, .print = ipset_print_port, @@ -31,7 +31,7 @@ static const struct ipset_arg bitmap_port_create_args[] = { { }, }; -static const struct ipset_arg bitmap_port_add_args[] = { +static const struct ipset_arg bitmap_port_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -39,7 +39,7 @@ static const struct ipset_arg bitmap_port_add_args[] = { { }, }; -static const char bitmap_port_usage[] = +static const char bitmap_port_usage0[] = "create SETNAME bitmap:port range FROM-TO\n" " [timeout VALUE]\n" "add SETNAME PORT|FROM-TO [timeout VALUE]\n" @@ -61,8 +61,8 @@ static struct ipset_type ipset_bitmap_port0 = { }, }, .args = { - [IPSET_CREATE] = bitmap_port_create_args, - [IPSET_ADD] = bitmap_port_add_args, + [IPSET_CREATE] = bitmap_port_create_args0, + [IPSET_ADD] = bitmap_port_add_args0, }, .mandatory = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) @@ -83,12 +83,107 @@ static struct ipset_type ipset_bitmap_port0 = { [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), }, - .usage = bitmap_port_usage, + .usage = bitmap_port_usage0, .description = "Initial revision", }; +/* Parse commandline arguments */ +static const struct ipset_arg bitmap_port_create_args1[] = { + { .name = { "range", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, + .parse = ipset_parse_tcp_port, .print = ipset_print_port, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, + .parse = ipset_parse_single_tcp_port, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT_TO, + .parse = ipset_parse_single_tcp_port, + }, + { }, +}; + +static const struct ipset_arg bitmap_port_add_args1[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char bitmap_port_usage1[] = +"create SETNAME bitmap:port range FROM-TO\n" +" [timeout VALUE] [counters]\n" +"add SETNAME PORT|FROM-TO [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME PORT|FROM-TO\n" +"test SETNAME PORT\n\n" +"where PORT, FROM and TO are port numbers or port names from /etc/services.\n"; + +static struct ipset_type ipset_bitmap_port1 = { + .name = "bitmap:port", + .alias = { "portmap", NULL }, + .revision = 1, + .family = NFPROTO_UNSPEC, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_tcp_port, + .print = ipset_print_port, + .opt = IPSET_OPT_PORT + }, + }, + .args = { + [IPSET_CREATE] = bitmap_port_create_args1, + [IPSET_ADD] = bitmap_port_add_args1, + }, + .mandatory = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), + }, + + .usage = bitmap_port_usage1, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_bitmap_port0); + ipset_type_add(&ipset_bitmap_port1); } diff --git a/lib/ipset_hash_ip.c b/lib/ipset_hash_ip.c index 6c2b049..19688db 100644 --- a/lib/ipset_hash_ip.c +++ b/lib/ipset_hash_ip.c @@ -10,7 +10,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_ip_create_args[] = { +static const struct ipset_arg hash_ip_create_args0[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -57,7 +57,7 @@ static const struct ipset_arg hash_ip_create_args[] = { { }, }; -static const struct ipset_arg hash_ip_add_args[] = { +static const struct ipset_arg hash_ip_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -65,7 +65,7 @@ static const struct ipset_arg hash_ip_add_args[] = { { }, }; -static const char hash_ip_usage[] = +static const char hash_ip_usage0[] = "create SETNAME hash:ip\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -93,8 +93,8 @@ static struct ipset_type ipset_hash_ip0 = { }, }, .args = { - [IPSET_CREATE] = hash_ip_create_args, - [IPSET_ADD] = hash_ip_add_args, + [IPSET_CREATE] = hash_ip_create_args0, + [IPSET_ADD] = hash_ip_add_args0, }, .mandatory = { [IPSET_CREATE] = 0, @@ -115,12 +115,140 @@ static struct ipset_type ipset_hash_ip0 = { [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), }, - .usage = hash_ip_usage, + .usage = hash_ip_usage0, .description = "Initial revision", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_ip_create_args1[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "netmask", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_NETMASK, + .parse = ipset_parse_netmask, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Ignored options: backward compatibilty */ + { .name = { "probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "gc", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_GC, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_ip_add_args1[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char hash_ip_usage1[] = +"create SETNAME hash:ip\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [netmask CIDR] [timeout VALUE]\n" +" [counters]\n" +"add SETNAME IP [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP\n" +"test SETNAME IP\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" +" is supported for IPv4.\n"; + +static struct ipset_type ipset_hash_ip1 = { + .name = "hash:ip", + .alias = { "iphash", NULL }, + .revision = 1, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + }, + .args = { + [IPSET_CREATE] = hash_ip_create_args1, + [IPSET_ADD] = hash_ip_add_args1, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_NETMASK) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + + .usage = hash_ip_usage1, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ip0); + ipset_type_add(&ipset_hash_ip1); } diff --git a/lib/ipset_hash_ipport.c b/lib/ipset_hash_ipport.c index 65197d9..b1c9f72 100644 --- a/lib/ipset_hash_ipport.c +++ b/lib/ipset_hash_ipport.c @@ -11,7 +11,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_ipport_create_args[] = { +static const struct ipset_arg hash_ipport_create_args1[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -62,7 +62,7 @@ static const struct ipset_arg hash_ipport_create_args[] = { { }, }; -static const struct ipset_arg hash_ipport_add_args[] = { +static const struct ipset_arg hash_ipport_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -70,7 +70,7 @@ static const struct ipset_arg hash_ipport_add_args[] = { { }, }; -static const char hash_ipport1_usage[] = +static const char hash_ipport_usage1[] = "create SETNAME hash:ip,port\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -104,8 +104,8 @@ static struct ipset_type ipset_hash_ipport1 = { }, }, .args = { - [IPSET_CREATE] = hash_ipport_create_args, - [IPSET_ADD] = hash_ipport_add_args, + [IPSET_CREATE] = hash_ipport_create_args1, + [IPSET_ADD] = hash_ipport_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -139,13 +139,164 @@ static struct ipset_type ipset_hash_ipport1 = { | IPSET_FLAG(IPSET_OPT_PROTO), }, - .usage = hash_ipport1_usage, + .usage = hash_ipport_usage1, .usagefn = ipset_port_usage, .description = "SCTP and UDPLITE support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_ipport_create_args2[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_ignored, + }, + { .name = { "network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { }, +}; + +static const struct ipset_arg hash_ipport_add_args2[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char hash_ipport_usage2[] = +"create SETNAME hash:ip,port\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP,PROTO:PORT [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP,PROTO:PORT\n" +"test SETNAME IP,PROTO:PORT\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname).\n" +" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" +" is supported for IPv4.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +static struct ipset_type ipset_hash_ipport2 = { + .name = "hash:ip,port", + .alias = { "ipporthash", NULL }, + .revision = 2, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + }, + .args = { + [IPSET_CREATE] = hash_ipport_create_args2, + [IPSET_ADD] = hash_ipport_add_args2, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO), + }, + + .usage = hash_ipport_usage2, + .usagefn = ipset_port_usage, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ipport1); + ipset_type_add(&ipset_hash_ipport2); } diff --git a/lib/ipset_hash_ipportip.c b/lib/ipset_hash_ipportip.c index 58be660..d5cf1d2 100644 --- a/lib/ipset_hash_ipportip.c +++ b/lib/ipset_hash_ipportip.c @@ -11,7 +11,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_ipportip_create_args[] = { +static const struct ipset_arg hash_ipportip_create_args1[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -62,7 +62,7 @@ static const struct ipset_arg hash_ipportip_create_args[] = { { }, }; -static const struct ipset_arg hash_ipportip_add_args[] = { +static const struct ipset_arg hash_ipportip_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -70,7 +70,7 @@ static const struct ipset_arg hash_ipportip_add_args[] = { { }, }; -static const char hash_ipportip1_usage[] = +static const char hash_ipportip_usage1[] = "create SETNAME hash:ip,port,ip\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -109,8 +109,8 @@ static struct ipset_type ipset_hash_ipportip1 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportip_create_args, - [IPSET_ADD] = hash_ipportip_add_args, + [IPSET_CREATE] = hash_ipportip_create_args1, + [IPSET_ADD] = hash_ipportip_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -150,13 +150,175 @@ static struct ipset_type ipset_hash_ipportip1 = { | IPSET_FLAG(IPSET_OPT_IP2), }, - .usage = hash_ipportip1_usage, + .usage = hash_ipportip_usage1, .usagefn = ipset_port_usage, .description = "SCTP and UDPLITE support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_ipportip_create_args2[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_ignored, + }, + { .name = { "network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { }, +}; + +static const struct ipset_arg hash_ipportip_add_args2[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char hash_ipportip_usage2[] = +"create SETNAME hash:ip,port,ip\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP,PROTO:PORT,IP [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP,PROTO:PORT,IP\n" +"test SETNAME IP,PROTO:PORT,IP\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname).\n" +" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" +" in the first IP component is supported for IPv4.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +static struct ipset_type ipset_hash_ipportip2 = { + .name = "hash:ip,port,ip", + .alias = { "ipportiphash", NULL }, + .revision = 2, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_single_ip, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .args = { + [IPSET_CREATE] = hash_ipportip_create_args2, + [IPSET_ADD] = hash_ipportip_add_args2, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + }, + + .usage = hash_ipportip_usage2, + .usagefn = ipset_port_usage, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ipportip1); + ipset_type_add(&ipset_hash_ipportip2); } diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c index c867e90..2c2e014 100644 --- a/lib/ipset_hash_ipportnet.c +++ b/lib/ipset_hash_ipportnet.c @@ -11,7 +11,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_ipportnet_create_args[] = { +static const struct ipset_arg hash_ipportnet_create_args1[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -62,7 +62,7 @@ static const struct ipset_arg hash_ipportnet_create_args[] = { { }, }; -static const struct ipset_arg hash_ipportnet_add_args[] = { +static const struct ipset_arg hash_ipportnet_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -70,7 +70,7 @@ static const struct ipset_arg hash_ipportnet_add_args[] = { { }, }; -static const char hash_ipportnet1_usage[] = +static const char hash_ipportnet_usage1[] = "create SETNAME hash:ip,port,net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -110,8 +110,8 @@ static struct ipset_type ipset_hash_ipportnet1 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportnet_create_args, - [IPSET_ADD] = hash_ipportnet_add_args, + [IPSET_CREATE] = hash_ipportnet_create_args1, + [IPSET_ADD] = hash_ipportnet_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -156,12 +156,12 @@ static struct ipset_type ipset_hash_ipportnet1 = { | IPSET_FLAG(IPSET_OPT_CIDR2), }, - .usage = hash_ipportnet1_usage, + .usage = hash_ipportnet_usage1, .usagefn = ipset_port_usage, .description = "SCTP and UDPLITE support", }; -static const char hash_ipportnet2_usage[] = +static const char hash_ipportnet_usage2[] = "create SETNAME hash:ip,port,net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -201,8 +201,8 @@ static struct ipset_type ipset_hash_ipportnet2 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportnet_create_args, - [IPSET_ADD] = hash_ipportnet_add_args, + [IPSET_CREATE] = hash_ipportnet_create_args1, + [IPSET_ADD] = hash_ipportnet_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -249,12 +249,12 @@ static struct ipset_type ipset_hash_ipportnet2 = { | IPSET_FLAG(IPSET_OPT_CIDR2), }, - .usage = hash_ipportnet2_usage, + .usage = hash_ipportnet_usage2, .usagefn = ipset_port_usage, .description = "Add/del range support", }; -static const struct ipset_arg hash_ipportnet3_add_args[] = { +static const struct ipset_arg hash_ipportnet_add_args3[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -266,7 +266,7 @@ static const struct ipset_arg hash_ipportnet3_add_args[] = { { }, }; -static const char hash_ipportnet3_usage[] = +static const char hash_ipportnet_usage3[] = "create SETNAME hash:ip,port,net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -306,8 +306,8 @@ static struct ipset_type ipset_hash_ipportnet3 = { }, }, .args = { - [IPSET_CREATE] = hash_ipportnet_create_args, - [IPSET_ADD] = hash_ipportnet3_add_args, + [IPSET_CREATE] = hash_ipportnet_create_args1, + [IPSET_ADD] = hash_ipportnet_add_args3, }, .mandatory = { [IPSET_CREATE] = 0, @@ -355,15 +355,200 @@ static struct ipset_type ipset_hash_ipportnet3 = { | IPSET_FLAG(IPSET_OPT_CIDR2), }, - .usage = hash_ipportnet3_usage, + .usage = hash_ipportnet_usage3, .usagefn = ipset_port_usage, .description = "nomatch flag support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_ipportnet_create_args4[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Backward compatibility */ + { .name = { "probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { .name = { "to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_ignored, + }, + { .name = { "network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_ignored, + }, + { }, +}; + +static const struct ipset_arg hash_ipportnet_add_args4[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_ipportnet_test_args4[] = { + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_ipportnet_usage4[] = +"create SETNAME hash:ip,port,net\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n" +"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n" +"where depending on the INET family\n" +" IP are valid IPv4 or IPv6 addresses (or hostnames),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n" +" in both IP components are supported for IPv4.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +static struct ipset_type ipset_hash_ipportnet4 = { + .name = "hash:ip,port,net", + .alias = { "ipportnethash", NULL }, + .revision = 4, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .args = { + [IPSET_CREATE] = hash_ipportnet_create_args4, + [IPSET_ADD] = hash_ipportnet_add_args4, + [IPSET_TEST] = hash_ipportnet_test_args4, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_IP2_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + }, + + .usage = hash_ipportnet_usage4, + .usagefn = ipset_port_usage, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_ipportnet1); ipset_type_add(&ipset_hash_ipportnet2); ipset_type_add(&ipset_hash_ipportnet3); + ipset_type_add(&ipset_hash_ipportnet4); } diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c index 4846412..a80d732 100644 --- a/lib/ipset_hash_net.c +++ b/lib/ipset_hash_net.c @@ -10,7 +10,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_net_create_args[] = { +static const struct ipset_arg hash_net_create_args0[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -49,7 +49,7 @@ static const struct ipset_arg hash_net_create_args[] = { { }, }; -static const struct ipset_arg hash_net_add_args[] = { +static const struct ipset_arg hash_net_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -57,7 +57,7 @@ static const struct ipset_arg hash_net_add_args[] = { { }, }; -static const char hash_net0_usage[] = +static const char hash_net_usage0[] = "create SETNAME hash:net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -83,8 +83,8 @@ static struct ipset_type ipset_hash_net0 = { }, }, .args = { - [IPSET_CREATE] = hash_net_create_args, - [IPSET_ADD] = hash_net_add_args, + [IPSET_CREATE] = hash_net_create_args0, + [IPSET_ADD] = hash_net_add_args0, }, .mandatory = { [IPSET_CREATE] = 0, @@ -105,11 +105,11 @@ static struct ipset_type ipset_hash_net0 = { | IPSET_FLAG(IPSET_OPT_CIDR), }, - .usage = hash_net0_usage, + .usage = hash_net_usage0, .description = "Initial revision", }; -static const char hash_net1_usage[] = +static const char hash_net_usage1[] = "create SETNAME hash:net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -136,8 +136,8 @@ static struct ipset_type ipset_hash_net1 = { }, }, .args = { - [IPSET_CREATE] = hash_net_create_args, - [IPSET_ADD] = hash_net_add_args, + [IPSET_CREATE] = hash_net_create_args0, + [IPSET_ADD] = hash_net_add_args0, }, .mandatory = { [IPSET_CREATE] = 0, @@ -160,11 +160,11 @@ static struct ipset_type ipset_hash_net1 = { | IPSET_FLAG(IPSET_OPT_CIDR), }, - .usage = hash_net1_usage, + .usage = hash_net_usage1, .description = "Add/del range support", }; -static const struct ipset_arg hash_net2_add_args[] = { +static const struct ipset_arg hash_net_add_args2[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -176,7 +176,7 @@ static const struct ipset_arg hash_net2_add_args[] = { { }, }; -static const char hash_net2_usage[] = +static const char hash_net_usage2[] = "create SETNAME hash:net\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -203,8 +203,8 @@ static struct ipset_type ipset_hash_net2 = { }, }, .args = { - [IPSET_CREATE] = hash_net_create_args, - [IPSET_ADD] = hash_net2_add_args, + [IPSET_CREATE] = hash_net_create_args0, + [IPSET_ADD] = hash_net_add_args2, }, .mandatory = { [IPSET_CREATE] = 0, @@ -228,14 +228,149 @@ static struct ipset_type ipset_hash_net2 = { | IPSET_FLAG(IPSET_OPT_CIDR), }, - .usage = hash_net2_usage, + .usage = hash_net_usage2, .description = "nomatch flag support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_net_create_args3[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + /* Ignored options: backward compatibilty */ + { .name = { "probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { .name = { "resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_ignored, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_net_add_args3[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_net_test_args3[] = { + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_net_usage3[] = +"create SETNAME hash:net\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP[/CIDR]|FROM-TO [timeout VALUE] [nomatch]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP[/CIDR]|FROM-TO\n" +"test SETNAME IP[/CIDR]\n\n" +"where depending on the INET family\n" +" IP is an IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" IP range is not supported with IPv6.\n"; + +static struct ipset_type ipset_hash_net3 = { + .name = "hash:net", + .alias = { "nethash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + }, + .args = { + [IPSET_CREATE] = hash_net_create_args3, + [IPSET_ADD] = hash_net_add_args3, + [IPSET_TEST] = hash_net_test_args3, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + }, + + .usage = hash_net_usage3, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_net0); ipset_type_add(&ipset_hash_net1); ipset_type_add(&ipset_hash_net2); + ipset_type_add(&ipset_hash_net3); } diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c index c14d4f2..d54b05a 100644 --- a/lib/ipset_hash_netiface.c +++ b/lib/ipset_hash_netiface.c @@ -11,7 +11,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_netiface_create_args[] = { +static const struct ipset_arg hash_netiface_create_args0[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -41,7 +41,7 @@ static const struct ipset_arg hash_netiface_create_args[] = { { }, }; -static const struct ipset_arg hash_netiface_add_args[] = { +static const struct ipset_arg hash_netiface_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -49,7 +49,7 @@ static const struct ipset_arg hash_netiface_add_args[] = { { }, }; -static const char hash_netiface_usage[] = +static const char hash_netiface_usage0[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -81,8 +81,8 @@ static struct ipset_type ipset_hash_netiface0 = { }, }, .args = { - [IPSET_CREATE] = hash_netiface_create_args, - [IPSET_ADD] = hash_netiface_add_args, + [IPSET_CREATE] = hash_netiface_create_args0, + [IPSET_ADD] = hash_netiface_add_args0, }, .mandatory = { [IPSET_CREATE] = 0, @@ -115,11 +115,11 @@ static struct ipset_type ipset_hash_netiface0 = { | IPSET_FLAG(IPSET_OPT_PHYSDEV), }, - .usage = hash_netiface_usage, + .usage = hash_netiface_usage0, .description = "Initial revision", }; -static const struct ipset_arg hash_netiface1_add_args[] = { +static const struct ipset_arg hash_netiface_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -131,7 +131,7 @@ static const struct ipset_arg hash_netiface1_add_args[] = { { }, }; -static const char hash_netiface1_usage[] = +static const char hash_netiface_usage1[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -163,8 +163,8 @@ static struct ipset_type ipset_hash_netiface1 = { }, }, .args = { - [IPSET_CREATE] = hash_netiface_create_args, - [IPSET_ADD] = hash_netiface1_add_args, + [IPSET_CREATE] = hash_netiface_create_args0, + [IPSET_ADD] = hash_netiface_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -198,7 +198,7 @@ static struct ipset_type ipset_hash_netiface1 = { | IPSET_FLAG(IPSET_OPT_PHYSDEV), }, - .usage = hash_netiface1_usage, + .usage = hash_netiface_usage1, .description = "nomatch flag support", }; @@ -221,8 +221,8 @@ static struct ipset_type ipset_hash_netiface2 = { }, }, .args = { - [IPSET_CREATE] = hash_netiface_create_args, - [IPSET_ADD] = hash_netiface1_add_args, + [IPSET_CREATE] = hash_netiface_create_args0, + [IPSET_ADD] = hash_netiface_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -256,14 +256,155 @@ static struct ipset_type ipset_hash_netiface2 = { | IPSET_FLAG(IPSET_OPT_PHYSDEV), }, - .usage = hash_netiface1_usage, + .usage = hash_netiface_usage1, .description = "/0 network support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_netiface_create_args3[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const struct ipset_arg hash_netiface_add_args3[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_netiface_test_args3[] = { + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_netiface_usage3[] = +"create SETNAME hash:net,iface\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" +"test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements with IPv4 is supported.\n"; + +static struct ipset_type ipset_hash_netiface3 = { + .name = "hash:net,iface", + .alias = { "netifacehash", NULL }, + .revision = 3, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_iface, + .print = ipset_print_iface, + .opt = IPSET_OPT_IFACE + }, + }, + .args = { + [IPSET_CREATE] = hash_netiface_create_args3, + [IPSET_ADD] = hash_netiface_add_args3, + [IPSET_TEST] = hash_netiface_test_args3, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + }, + + .usage = hash_netiface_usage3, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_netiface0); ipset_type_add(&ipset_hash_netiface1); ipset_type_add(&ipset_hash_netiface2); + ipset_type_add(&ipset_hash_netiface3); } diff --git a/lib/ipset_hash_netport.c b/lib/ipset_hash_netport.c index 2319738..2b26cf2 100644 --- a/lib/ipset_hash_netport.c +++ b/lib/ipset_hash_netport.c @@ -11,7 +11,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg hash_netport_create_args[] = { +static const struct ipset_arg hash_netport_create_args1[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, @@ -41,7 +41,7 @@ static const struct ipset_arg hash_netport_create_args[] = { { }, }; -static const struct ipset_arg hash_netport_add_args[] = { +static const struct ipset_arg hash_netport_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -49,7 +49,7 @@ static const struct ipset_arg hash_netport_add_args[] = { { }, }; -static const char hash_netport1_usage[] = +static const char hash_netport_usage1[] = "create SETNAME hash:net,port\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -82,8 +82,8 @@ static struct ipset_type ipset_hash_netport1 = { }, }, .args = { - [IPSET_CREATE] = hash_netport_create_args, - [IPSET_ADD] = hash_netport_add_args, + [IPSET_CREATE] = hash_netport_create_args1, + [IPSET_ADD] = hash_netport_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -118,12 +118,12 @@ static struct ipset_type ipset_hash_netport1 = { | IPSET_FLAG(IPSET_OPT_CIDR), }, - .usage = hash_netport1_usage, + .usage = hash_netport_usage1, .usagefn = ipset_port_usage, .description = "SCTP and UDPLITE support", }; -static const char hash_netport2_usage[] = +static const char hash_netport_usage2[] = "create SETNAME hash:net,port\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -157,8 +157,8 @@ static struct ipset_type ipset_hash_netport2 = { }, }, .args = { - [IPSET_CREATE] = hash_netport_create_args, - [IPSET_ADD] = hash_netport_add_args, + [IPSET_CREATE] = hash_netport_create_args1, + [IPSET_ADD] = hash_netport_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, @@ -195,12 +195,12 @@ static struct ipset_type ipset_hash_netport2 = { | IPSET_FLAG(IPSET_OPT_PROTO), }, - .usage = hash_netport2_usage, + .usage = hash_netport_usage2, .usagefn = ipset_port_usage, .description = "Add/del range support", }; -static const struct ipset_arg hash_netport3_add_args[] = { +static const struct ipset_arg hash_netport_add_args3[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -212,7 +212,7 @@ static const struct ipset_arg hash_netport3_add_args[] = { { }, }; -static const char hash_netport3_usage[] = +static const char hash_netport_usage3[] = "create SETNAME hash:net,port\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" @@ -246,8 +246,8 @@ static struct ipset_type ipset_hash_netport3 = { }, }, .args = { - [IPSET_CREATE] = hash_netport_create_args, - [IPSET_ADD] = hash_netport3_add_args, + [IPSET_CREATE] = hash_netport_create_args1, + [IPSET_ADD] = hash_netport_add_args3, }, .mandatory = { [IPSET_CREATE] = 0, @@ -285,15 +285,163 @@ static struct ipset_type ipset_hash_netport3 = { | IPSET_FLAG(IPSET_OPT_PROTO), }, - .usage = hash_netport3_usage, + .usage = hash_netport_usage3, .usagefn = ipset_port_usage, .description = "nomatch flag support", }; +/* Parse commandline arguments */ +static const struct ipset_arg hash_netport_create_args4[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const struct ipset_arg hash_netport_add_args4[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const struct ipset_arg hash_netport_test_args4[] = { + { .name = { "nomatch", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const char hash_netport_usage4[] = +"create SETNAME hash:net,port\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE] [counters]\n" +"add SETNAME IP[/CIDR]|FROM-TO,PROTO:PORT [timeout VALUE] [nomatch]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME IP[/CIDR]|FROM-TO,PROTO:PORT\n" +"test SETNAME IP[/CIDR],PROTO:PORT\n\n" +"where depending on the INET family\n" +" IP is a valid IPv4 or IPv6 address (or hostname),\n" +" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" +" Adding/deleting multiple elements with IPv4 is supported.\n" +" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n" +" port range is supported both for IPv4 and IPv6.\n"; + +static struct ipset_type ipset_hash_netport4 = { + .name = "hash:net,port", + .alias = { "netporthash", NULL }, + .revision = 4, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_proto_port, + .print = ipset_print_proto_port, + .opt = IPSET_OPT_PORT + }, + }, + .args = { + [IPSET_CREATE] = hash_netport_create_args4, + [IPSET_ADD] = hash_netport_add_args4, + [IPSET_TEST] = hash_netport_test_args4, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_PORT), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO) + | IPSET_FLAG(IPSET_OPT_PROTO), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PROTO) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + }, + + .usage = hash_netport_usage4, + .usagefn = ipset_port_usage, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_netport1); ipset_type_add(&ipset_hash_netport2); ipset_type_add(&ipset_hash_netport3); + ipset_type_add(&ipset_hash_netport4); } diff --git a/lib/ipset_list_set.c b/lib/ipset_list_set.c index b54c42e..6cec67c 100644 --- a/lib/ipset_list_set.c +++ b/lib/ipset_list_set.c @@ -10,7 +10,7 @@ #include <libipset/types.h> /* prototypes */ /* Parse commandline arguments */ -static const struct ipset_arg list_set_create_args[] = { +static const struct ipset_arg list_set_create_args0[] = { { .name = { "size", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SIZE, .parse = ipset_parse_uint32, .print = ipset_print_number, @@ -22,7 +22,7 @@ static const struct ipset_arg list_set_create_args[] = { { }, }; -static const struct ipset_arg list_set_adt_args[] = { +static const struct ipset_arg list_set_adt_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, @@ -38,7 +38,7 @@ static const struct ipset_arg list_set_adt_args[] = { { }, }; -static const char list_set_usage[] = +static const char list_set_usage0[] = "create SETNAME list:set\n" " [size VALUE] [timeout VALUE]\n" "add SETNAME NAME [before|after NAME] [timeout VALUE]\n" @@ -61,10 +61,10 @@ static struct ipset_type ipset_list_set0 = { }, .compat_parse_elem = ipset_parse_name_compat, .args = { - [IPSET_CREATE] = list_set_create_args, - [IPSET_ADD] = list_set_adt_args, - [IPSET_DEL] = list_set_adt_args, - [IPSET_TEST] = list_set_adt_args, + [IPSET_CREATE] = list_set_create_args0, + [IPSET_ADD] = list_set_adt_args0, + [IPSET_DEL] = list_set_adt_args0, + [IPSET_TEST] = list_set_adt_args0, }, .mandatory = { [IPSET_CREATE] = 0, @@ -87,12 +87,111 @@ static struct ipset_type ipset_list_set0 = { | IPSET_FLAG(IPSET_OPT_NAMEREF), }, - .usage = list_set_usage, + .usage = list_set_usage0, .description = "Initial revision", }; +/* Parse commandline arguments */ +static const struct ipset_arg list_set_create_args1[] = { + { .name = { "size", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const struct ipset_arg list_set_adt_args1[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "before", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_NAMEREF, + .parse = ipset_parse_before, + }, + { .name = { "after", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_NAMEREF, + .parse = ipset_parse_after, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { }, +}; + +static const char list_set_usage1[] = +"create SETNAME list:set\n" +" [size VALUE] [timeout VALUE] [counters\n" +"add SETNAME NAME [before|after NAME] [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE]\n" +"del SETNAME NAME [before|after NAME]\n" +"test SETNAME NAME [before|after NAME]\n\n" +"where NAME are existing set names.\n"; + +static struct ipset_type ipset_list_set1 = { + .name = "list:set", + .alias = { "setlist", NULL }, + .revision = 1, + .family = NFPROTO_UNSPEC, + .dimension = IPSET_DIM_ONE, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_setname, + .print = ipset_print_name, + .opt = IPSET_OPT_NAME + }, + }, + .compat_parse_elem = ipset_parse_name_compat, + .args = { + [IPSET_CREATE] = list_set_create_args1, + [IPSET_ADD] = list_set_adt_args1, + [IPSET_DEL] = list_set_adt_args1, + [IPSET_TEST] = list_set_adt_args1, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_NAME), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_NAME), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_NAME), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_SIZE) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_NAME) + | IPSET_FLAG(IPSET_OPT_BEFORE) + | IPSET_FLAG(IPSET_OPT_NAMEREF) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_NAME) + | IPSET_FLAG(IPSET_OPT_BEFORE) + | IPSET_FLAG(IPSET_OPT_NAMEREF), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_NAME) + | IPSET_FLAG(IPSET_OPT_BEFORE) + | IPSET_FLAG(IPSET_OPT_NAMEREF), + }, + + .usage = list_set_usage1, + .description = "counters support", +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_list_set0); + ipset_type_add(&ipset_list_set1); } |