diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/data.c | 16 | ||||
-rw-r--r-- | lib/debug.c | 71 | ||||
-rw-r--r-- | lib/icmp.c | 20 | ||||
-rw-r--r-- | lib/icmpv6.c | 23 | ||||
-rw-r--r-- | lib/mnl.c | 29 | ||||
-rw-r--r-- | lib/parse.c | 244 | ||||
-rw-r--r-- | lib/print.c | 165 | ||||
-rw-r--r-- | lib/session.c | 254 | ||||
-rw-r--r-- | lib/types.c | 48 |
9 files changed, 479 insertions, 391 deletions
@@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -18,7 +18,7 @@ #include <libipset/utils.h> /* inXcpy */ #include <libipset/data.h> /* prototypes */ -/* Internal data structure to hold +/* Internal data structure to hold * a) input data entered by the user or * b) data received from kernel * @@ -174,7 +174,7 @@ ipset_data_ignored(struct ipset_data *data, enum ipset_opt opt) { bool ignored; assert(data); - + ignored = data->ignored & IPSET_FLAG(opt); data->ignored |= IPSET_FLAG(opt); @@ -329,7 +329,7 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) default: return -1; }; - + ipset_data_flags_set(data, IPSET_FLAG(opt)); return 0; } @@ -348,7 +348,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) { assert(data); assert(opt != IPSET_OPT_NONE); - + if (!(opt == IPSET_OPT_TYPENAME || ipset_data_test(data, opt))) return NULL; @@ -533,8 +533,8 @@ uint8_t ipset_data_cidr(const struct ipset_data *data) { assert(data); - return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : + return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : + data->family == AF_INET ? 32 : data->family == AF_INET6 ? 128 : 0; } diff --git a/lib/debug.c b/lib/debug.c index 5b97e6e..931b0c1 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -1,12 +1,12 @@ /* Copyright 2011 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <arpa/inet.h> /* inet_ntop */ -#include <libmnl/libmnl.h> /* libmnl backend */ +#include <libmnl/libmnl.h> /* libmnl backend */ struct ipset_attrname { const char *name; @@ -74,23 +74,24 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, uint32_t v; int i; - fprintf(stderr,"\t\t%s attributes:\n", policy == create_attrs ? "CREATE" : "ADT"); + fprintf(stderr, "\t\t%s attributes:\n", + policy == create_attrs ? "CREATE" : "ADT"); for (i = IPSET_ATTR_UNSPEC + 1; i <= max; i++) { if (!nla[i]) continue; switch (policy[i].type) { case MNL_TYPE_U8: - v = * (uint8_t *) mnl_attr_get_payload(nla[i]); + v = *(uint8_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", attr2name[i].name, v); break; case MNL_TYPE_U16: - v = * (uint16_t *) mnl_attr_get_payload(nla[i]); + v = *(uint16_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", attr2name[i].name, ntohs(v)); break; case MNL_TYPE_U32: - v = * (uint32_t *) mnl_attr_get_payload(nla[i]); + v = *(uint32_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t\t%s: %u\n", attr2name[i].name, ntohl(v)); break; @@ -104,18 +105,23 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, char addr[INET6_ADDRSTRLEN]; void *d; - if (mnl_attr_parse_nested(nla[i], ipaddr_attr_cb, ipattr) < 0) { - fprintf(stderr, "\t\tIPADDR: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(nla[i], ipaddr_attr_cb, + ipattr) < 0) { + fprintf(stderr, + "\t\tIPADDR: cannot validate " + "and parse attributes\n"); continue; } if (ipattr[IPSET_ATTR_IPADDR_IPV4]) { - d = mnl_attr_get_payload(ipattr[IPSET_ATTR_IPADDR_IPV4]); + d = mnl_attr_get_payload( + ipattr[IPSET_ATTR_IPADDR_IPV4]); inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { - d = mnl_attr_get_payload(ipattr[IPSET_ATTR_IPADDR_IPV6]); + d = mnl_attr_get_payload( + ipattr[IPSET_ATTR_IPADDR_IPV6]); inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", @@ -138,23 +144,23 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) uint32_t v; int i; - fprintf(stderr,"\tCommand attributes:\n"); + fprintf(stderr, "\tCommand attributes:\n"); for (i = IPSET_ATTR_UNSPEC + 1; i <= IPSET_ATTR_CMD_MAX; i++) { if (!nla[i]) continue; switch (cmd_attrs[i].type) { case MNL_TYPE_U8: - v = * (uint8_t *) mnl_attr_get_payload(nla[i]); + v = *(uint8_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t%s: %u\n", cmdattr2name[i].name, v); break; case MNL_TYPE_U16: - v = * (uint16_t *) mnl_attr_get_payload(nla[i]); + v = *(uint16_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t%s: %u\n", cmdattr2name[i].name, ntohs(v)); break; case MNL_TYPE_U32: - v = * (uint32_t *) mnl_attr_get_payload(nla[i]); + v = *(uint32_t *) mnl_attr_get_payload(nla[i]); fprintf(stderr, "\t%s: %u\n", cmdattr2name[i].name, ntohl(v)); break; @@ -169,8 +175,11 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) case IPSET_CMD_ADD: case IPSET_CMD_DEL: case IPSET_CMD_TEST: - if (mnl_attr_parse_nested(nla[i], adt_attr_cb, adt) < 0) { - fprintf(stderr, "\tADT: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(nla[i], + adt_attr_cb, adt) < 0) { + fprintf(stderr, + "\tADT: cannot validate " + "and parse attributes\n"); continue; } debug_cadt_attrs(IPSET_ATTR_ADT_MAX, @@ -179,8 +188,12 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) adt); break; default: - if (mnl_attr_parse_nested(nla[i], create_attr_cb, cattr) < 0) { - fprintf(stderr, "\tCREATE: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(nla[i], + create_attr_cb, + cattr) < 0) { + fprintf(stderr, + "\tCREATE: cannot validate " + "and parse attributes\n"); continue; } debug_cadt_attrs(IPSET_ATTR_CREATE_MAX, @@ -192,15 +205,18 @@ debug_cmd_attrs(int cmd, struct nlattr *nla[]) struct nlattr *tb; mnl_attr_for_each_nested(tb, nla[i]) { memset(adt, 0, sizeof(adt)); - if (mnl_attr_parse_nested(tb, adt_attr_cb, adt) < 0) { - fprintf(stderr, "\tADT: cannot validate and parse attributes\n"); + if (mnl_attr_parse_nested(tb, + adt_attr_cb, adt) < 0) { + fprintf(stderr, + "\tADT: cannot validate " + "and parse attributes\n"); continue; } debug_cadt_attrs(IPSET_ATTR_ADT_MAX, adt_attrs, adtattr2name, adt); - } + } } break; default: @@ -227,8 +243,9 @@ ipset_debug_msg(const char *dir, void *buffer, int len) "\tlen %d\n" "\tseq %u\n", dir, - nlh->nlmsg_type == NLMSG_NOOP ? "NOOP" : - nlh->nlmsg_type == NLMSG_DONE ? "DONE" : "OVERRUN", + nlh->nlmsg_type == NLMSG_NOOP ? "NOOP" : + nlh->nlmsg_type == NLMSG_DONE ? "DONE" : + "OVERRUN", len, nlh->nlmsg_seq); goto next_msg; case NLMSG_ERROR: { @@ -257,8 +274,10 @@ ipset_debug_msg(const char *dir, void *buffer, int len) if (cmd <= IPSET_CMD_NONE || cmd >= IPSET_CMD_MAX) goto next_msg; memset(nla, 0, sizeof(nla)); - if (mnl_attr_parse(nlh, nfmsglen, cmd_attr_cb, nla) < MNL_CB_STOP) { - fprintf(stderr, "\tcannot validate and parse attributes\n"); + if (mnl_attr_parse(nlh, nfmsglen, + cmd_attr_cb, nla) < MNL_CB_STOP) { + fprintf(stderr, "\tcannot validate " + "and parse attributes\n"); goto next_msg; } debug_cmd_attrs(cmd, nla); @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/utils.h> /* STRNEQ */ @@ -49,19 +49,20 @@ static const struct icmp_names icmp_typecodes[] = { { "address-mask-reply", 18, 0 }, }; -const char * id_to_icmp(uint8_t id) +const char *id_to_icmp(uint8_t id) { return id < ARRAY_SIZE(icmp_typecodes) ? icmp_typecodes[id].name : NULL; } -const char * icmp_to_name(uint8_t type, uint8_t code) +const char *icmp_to_name(uint8_t type, uint8_t code) { unsigned int i; - + for (i = 0; i < ARRAY_SIZE(icmp_typecodes); i++) - if (icmp_typecodes[i].type == type && icmp_typecodes[i].code == code) + if (icmp_typecodes[i].type == type && + icmp_typecodes[i].code == code) return icmp_typecodes[i].name; - + return NULL; } @@ -71,9 +72,10 @@ int name_to_icmp(const char *str, uint16_t *typecode) for (i = 0; i < ARRAY_SIZE(icmp_typecodes); i++) if (STRNCASEQ(icmp_typecodes[i].name, str, strlen(str))) { - *typecode = (icmp_typecodes[i].type << 8) | icmp_typecodes[i].code; + *typecode = (icmp_typecodes[i].type << 8) | + icmp_typecodes[i].code; return 0; } - + return -1; } diff --git a/lib/icmpv6.c b/lib/icmpv6.c index 5ba93ca..82234da 100644 --- a/lib/icmpv6.c +++ b/lib/icmpv6.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <libipset/utils.h> /* STRNEQ */ @@ -36,19 +36,21 @@ static const struct icmpv6_names icmpv6_typecodes[] = { { "redirect", 137, 0 }, }; -const char * id_to_icmpv6(uint8_t id) +const char *id_to_icmpv6(uint8_t id) { - return id < ARRAY_SIZE(icmpv6_typecodes) ? icmpv6_typecodes[id].name : NULL; + return id < ARRAY_SIZE(icmpv6_typecodes) ? + icmpv6_typecodes[id].name : NULL; } -const char * icmpv6_to_name(uint8_t type, uint8_t code) +const char *icmpv6_to_name(uint8_t type, uint8_t code) { unsigned int i; - + for (i = 0; i < ARRAY_SIZE(icmpv6_typecodes); i++) - if (icmpv6_typecodes[i].type == type && icmpv6_typecodes[i].code == code) + if (icmpv6_typecodes[i].type == type && + icmpv6_typecodes[i].code == code) return icmpv6_typecodes[i].name; - + return NULL; } @@ -58,9 +60,10 @@ int name_to_icmpv6(const char *str, uint16_t *typecode) for (i = 0; i < ARRAY_SIZE(icmpv6_typecodes); i++) if (STRNCASEQ(icmpv6_typecodes[i].name, str, strlen(str))) { - *typecode = (icmpv6_typecodes[i].type << 8) | icmpv6_typecodes[i].code; + *typecode = (icmpv6_typecodes[i].type << 8) | + icmpv6_typecodes[i].code; return 0; } - + return -1; } @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -32,13 +32,16 @@ struct ipset_handle { /* Netlink flags of the commands */ static const uint16_t cmdflags[] = { - [IPSET_CMD_CREATE-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_CREATE|NLM_F_EXCL, + [IPSET_CMD_CREATE-1] = NLM_F_REQUEST|NLM_F_ACK| + NLM_F_CREATE|NLM_F_EXCL, [IPSET_CMD_DESTROY-1] = NLM_F_REQUEST|NLM_F_ACK, [IPSET_CMD_FLUSH-1] = NLM_F_REQUEST|NLM_F_ACK, [IPSET_CMD_RENAME-1] = NLM_F_REQUEST|NLM_F_ACK, [IPSET_CMD_SWAP-1] = NLM_F_REQUEST|NLM_F_ACK, - [IPSET_CMD_LIST-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, - [IPSET_CMD_SAVE-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, + [IPSET_CMD_LIST-1] = NLM_F_REQUEST|NLM_F_ACK| + NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, + [IPSET_CMD_SAVE-1] = NLM_F_REQUEST|NLM_F_ACK| + NLM_F_ROOT|NLM_F_MATCH|NLM_F_DUMP, [IPSET_CMD_ADD-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL, [IPSET_CMD_DEL-1] = NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL, [IPSET_CMD_TEST-1] = NLM_F_REQUEST|NLM_F_ACK, @@ -74,7 +77,7 @@ ipset_mnl_fill_hdr(struct ipset_handle *handle, enum ipset_cmd cmd, nlh->nlmsg_type = cmd | (NFNL_SUBSYS_IPSET << 8); nlh->nlmsg_flags = cmdflags[cmd - 1]; if (envflags & IPSET_ENV_EXIST) - nlh->nlmsg_flags &= ~NLM_F_EXCL; + nlh->nlmsg_flags &= ~NLM_F_EXCL; nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); nfg->nfgen_family = AF_INET; @@ -119,28 +122,28 @@ ipset_mnl_query(struct ipset_handle *handle, void *buffer, size_t len) static struct ipset_handle * ipset_mnl_init(mnl_cb_t *cb_ctl, void *data) -{ +{ struct ipset_handle *handle; - + assert(cb_ctl); assert(data); handle = calloc(1, sizeof(*handle)); if (!handle) return NULL; - + handle->h = mnl_socket_open(NETLINK_NETFILTER); if (!handle->h) goto free_handle; - + if (mnl_socket_bind(handle->h, 0, MNL_SOCKET_AUTOPID) < 0) goto close_nl; - + handle->portid = mnl_socket_get_portid(handle->h); handle->cb_ctl = cb_ctl; handle->data = data; handle->seq = time(NULL); - + return handle; close_nl: @@ -148,7 +151,7 @@ close_nl: free_handle: free(handle); - return NULL; + return NULL; } static int diff --git a/lib/parse.c b/lib/parse.c index 3d2a12b..2bb0601 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -44,21 +44,23 @@ static char * ipset_strchr(const char *str, const char *sep) { char *match; - + assert(str); assert(sep); - - for (; *sep != '\0'; sep++) - if ((match = strchr(str, sep[0])) != NULL - && str[0] != sep[0] - && str[strlen(str)-1] != sep[0]) + + for (; *sep != '\0'; sep++) { + match = strchr(str, sep[0]); + if (match != NULL && + str[0] != sep[0] && + str[strlen(str)-1] != sep[0]) return match; - + } + return NULL; } -/* - * Parser functions, shamelessly taken from iptables.c, ip6tables.c +/* + * Parser functions, shamelessly taken from iptables.c, ip6tables.c * and parser.c from libnetfilter_conntrack. */ @@ -67,7 +69,7 @@ ipset_strchr(const char *str, const char *sep) */ static int string_to_number_ll(struct ipset_session *session, - const char *str, + const char *str, unsigned long long min, unsigned long long max, unsigned long long *ret) @@ -114,7 +116,7 @@ string_to_cidr(struct ipset_session *session, const char *str, uint8_t min, uint8_t max, uint8_t *ret) { int err = string_to_u8(session, str, ret); - + if (!err && (*ret < min || *ret > max)) return syntax_err("'%s' is out of range %u-%u", str, min, max); @@ -165,7 +167,7 @@ ipset_parse_ether(struct ipset_session *session, { unsigned int i = 0; unsigned char ether[ETH_ALEN]; - + assert(session); assert(opt == IPSET_OPT_ETHER); assert(str); @@ -179,9 +181,9 @@ ipset_parse_ether(struct ipset_session *session, number = strtol(str + i * 3, &end, 16); - if (end == str + i * 3 + 2 - && (*end == ':' || *end == '\0') - && number >= 0 && number <= 255) + if (end == str + i * 3 + 2 && + (*end == ':' || *end == '\0') && + number >= 0 && number <= 255) ether[i] = number; else goto error; @@ -199,13 +201,13 @@ static int parse_portname(struct ipset_session *session, const char *str, uint16_t *port, const char *proto) { - struct servent *service; + struct servent *service = getservbyname(str, proto); - if ((service = getservbyname(str, proto)) != NULL) { + if (service != NULL) { *port = ntohs((uint16_t) service->s_port); return 0; } - + return syntax_err("cannot parse '%s' as a %s port", str, proto); } @@ -233,8 +235,8 @@ ipset_parse_port(struct ipset_session *session, assert(opt == IPSET_OPT_PORT || opt == IPSET_OPT_PORT_TO); assert(str); - if ((err = string_to_u16(session, str, &port)) == 0 - || (err = parse_portname(session, str, &port, proto)) == 0) + if ((err = string_to_u16(session, str, &port)) == 0 || + (err = parse_portname(session, str, &port, proto)) == 0) err = ipset_session_data_set(session, opt, &port); if (!err) @@ -352,7 +354,7 @@ ipset_parse_proto(struct ipset_session *session, assert(session); assert(opt == IPSET_OPT_PROTO); assert(str); - + protoent = getprotobyname(strcasecmp(str, "icmpv6") == 0 ? "ipv6-icmp" : str); if (protoent == NULL) @@ -361,7 +363,7 @@ ipset_parse_proto(struct ipset_session *session, proto = protoent->p_proto; if (!proto) return syntax_err("Unsupported protocol '%s'", str); - + return ipset_session_data_set(session, opt, &proto); } @@ -375,7 +377,7 @@ parse_icmp_typecode(struct ipset_session *session, uint8_t type, code; char *a, *saved, *tmp; int err; - + saved = tmp = strdup(str); if (tmp == NULL) return ipset_err(session, @@ -385,13 +387,14 @@ parse_icmp_typecode(struct ipset_session *session, if (a == NULL) { free(saved); return ipset_err(session, - "Cannot parse %s as an %s type/code.", str, family); + "Cannot parse %s as an %s type/code.", + str, family); } *a++ = '\0'; - if ((err = string_to_u8(session, a, &type)) != 0 - || (err = string_to_u8(session, tmp, &code)) != 0) - goto error; - + if ((err = string_to_u8(session, a, &type)) != 0 || + (err = string_to_u8(session, tmp, &code)) != 0) + goto error; + typecode = (type << 8) | code; err = ipset_session_data_set(session, opt, &typecode); @@ -497,7 +500,7 @@ ipset_parse_proto_port(struct ipset_session *session, err = ipset_parse_proto(session, IPSET_OPT_PROTO, tmp); if (err) goto error; - + p = *(const uint8_t *) ipset_data_get(data, IPSET_OPT_PROTO); switch (p) { case IPPROTO_TCP: @@ -509,28 +512,31 @@ ipset_parse_proto_port(struct ipset_session *session, goto parse_port; case IPPROTO_ICMP: if (family != AF_INET) { - syntax_err("Protocol ICMP can be used with family INET only"); + syntax_err("Protocol ICMP can be used " + "with family INET only"); goto error; } err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: if (family != AF_INET6) { - syntax_err("Protocol ICMPv6 can be used with family INET6 only"); + syntax_err("Protocol ICMPv6 can be used " + "with family INET6 only"); goto error; } err = ipset_parse_icmpv6(session, opt, a); break; default: if (!STREQ(a, "0")) { - syntax_err("Protocol %s can be used with pseudo port value 0 only."); + syntax_err("Protocol %s can be used " + "with pseudo port value 0 only."); goto error; } ipset_data_flags_set(data, IPSET_FLAG(opt)); } goto error; } else { - proto = "TCP"; + proto = "TCP"; err = ipset_data_set(data, IPSET_OPT_PROTO, &p); if (err) goto error; @@ -560,7 +566,7 @@ ipset_parse_family(struct ipset_session *session, { struct ipset_data *data; uint8_t family; - + assert(session); assert(opt == IPSET_OPT_FAMILY); assert(str); @@ -578,7 +584,7 @@ ipset_parse_family(struct ipset_session *session, family = AF_UNSPEC; else return syntax_err("unknown INET family %s", str); - + return ipset_data_set(data, opt, &family); } @@ -586,27 +592,27 @@ ipset_parse_family(struct ipset_session *session, * Parse IPv4/IPv6 addresses, networks and ranges. * We resolve hostnames but just the first IP address is used. */ - + static struct addrinfo * call_getaddrinfo(struct ipset_session *session, const char *str, uint8_t family) { struct addrinfo hints; - struct addrinfo *res; + struct addrinfo *res; int err; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; - hints.ai_family = family; - hints.ai_socktype = SOCK_RAW; - hints.ai_protocol = 0; - hints.ai_next = NULL; - - if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { - syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", - gai_strerror(err)); - return NULL; + hints.ai_family = family; + hints.ai_socktype = SOCK_RAW; + hints.ai_protocol = 0; + hints.ai_next = NULL; + + if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { + syntax_err("cannot resolve '%s' to an %s address: %s", + str, family == AF_INET6 ? "IPv6" : "IPv4", + gai_strerror(err)); + return NULL; } else return res; } @@ -618,10 +624,10 @@ get_addrinfo(struct ipset_session *session, struct addrinfo **info, uint8_t family) { - struct addrinfo *i; + struct addrinfo *i; size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); - int found, err = 0; + int found, err = 0; if ((*info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", @@ -634,13 +640,21 @@ get_addrinfo(struct ipset_session *session, continue; if (found == 0) { if (family == AF_INET) { - /* Workaround: direct cast increases required alignment on Sparc */ - const struct sockaddr_in *saddr = (void *)i->ai_addr; - err = ipset_session_data_set(session, opt, &saddr->sin_addr); + /* Workaround: direct cast increases + * required alignment on Sparc + */ + const struct sockaddr_in *saddr = + (void *)i->ai_addr; + err = ipset_session_data_set(session, + opt, &saddr->sin_addr); } else { - /* Workaround: direct cast increases required alignment on Sparc */ - const struct sockaddr_in6 *saddr = (void *)i->ai_addr; - err = ipset_session_data_set(session, opt, &saddr->sin6_addr); + /* Workaround: direct cast increases + * required alignment on Sparc + */ + const struct sockaddr_in6 *saddr = + (void *)i->ai_addr; + err = ipset_session_data_set(session, + opt, &saddr->sin6_addr); } } else if (found == 1) { ipset_warn(session, @@ -663,12 +677,12 @@ parse_ipaddr(struct ipset_session *session, enum ipset_opt opt, const char *str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; - int aerr = EINVAL, err = 0, range = 0; - char *saved = strdup(str); - char *a, *tmp = saved; - struct addrinfo *info; - enum ipset_opt copt, opt2; + uint8_t m = family == AF_INET ? 32 : 128; + int aerr = EINVAL, err = 0, range = 0; + char *saved = strdup(str); + char *a, *tmp = saved; + struct addrinfo *info; + enum ipset_opt copt, opt2; if (opt == IPSET_OPT_IP) { copt = IPSET_OPT_CIDR; @@ -686,8 +700,8 @@ parse_ipaddr(struct ipset_session *session, /* IP/mask */ *a++ = '\0'; - if ((err = string_to_cidr(session, a, 0, m, &m)) != 0 - || (err = ipset_session_data_set(session, copt, &m)) != 0) + if ((err = string_to_cidr(session, a, 0, m, &m)) != 0 || + (err = ipset_session_data_set(session, copt, &m)) != 0) goto out; } else if ((a = range_separator(tmp)) != NULL) { /* IP-IP */ @@ -695,8 +709,8 @@ parse_ipaddr(struct ipset_session *session, D("range %s", a); range++; } - if ((aerr = get_addrinfo(session, opt, tmp, &info, family)) != 0 - || !range) + if ((aerr = get_addrinfo(session, opt, tmp, &info, family)) != 0 || + !range) goto out; freeaddrinfo(info); aerr = get_addrinfo(session, opt2, a, &info, family); @@ -709,7 +723,7 @@ out: err = -1; free(saved); return err; -} +} enum ipaddr_type { IPADDR_ANY, @@ -722,7 +736,7 @@ static inline bool cidr_hostaddr(const char *str, uint8_t family) { char *a = cidr_separator(str); - + return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); } @@ -740,10 +754,10 @@ parse_ip(struct ipset_session *session, switch (addrtype) { case IPADDR_PLAIN: - if (range_separator(str) - || (cidr_separator(str) && !cidr_hostaddr(str, family))) - return syntax_err("plain IP address must be supplied: %s", - str); + if (range_separator(str) || + (cidr_separator(str) && !cidr_hostaddr(str, family))) + return syntax_err("plain IP address must be supplied: " + "%s", str); break; case IPADDR_NET: if (!cidr_separator(str) || range_separator(str)) @@ -796,7 +810,7 @@ ipset_parse_ip(struct ipset_session *session, * @opt: option kind of the data * @str: string to parse * - * Parse string as an IPv4|IPv6 address or hostname. If family + * Parse string as an IPv4|IPv6 address or hostname. If family * is not set yet in the data blob, INET is assumed. * The value is stored in the data blob of the session. * @@ -807,9 +821,9 @@ ipset_parse_single_ip(struct ipset_session *session, enum ipset_opt opt, const char *str) { assert(session); - assert(opt == IPSET_OPT_IP - || opt == IPSET_OPT_IP_TO - || opt == IPSET_OPT_IP2); + assert(opt == IPSET_OPT_IP || + opt == IPSET_OPT_IP_TO || + opt == IPSET_OPT_IP2); assert(str); return parse_ip(session, opt, str, IPADDR_PLAIN); @@ -821,7 +835,7 @@ ipset_parse_single_ip(struct ipset_session *session, * @opt: option kind of the data * @str: string to parse * - * Parse string as an IPv4|IPv6 address/cidr pattern. If family + * Parse string as an IPv4|IPv6 address/cidr pattern. If family * is not set yet in the data blob, INET is assumed. * The value is stored in the data blob of the session. * @@ -883,8 +897,8 @@ ipset_parse_netrange(struct ipset_session *session, assert(str); if (!(range_separator(str) || cidr_separator(str))) - return syntax_err("IP/cidr or IP-IP range must be specified: %s", - str); + return syntax_err("IP/cidr or IP-IP range must be specified: " + "%s", str); return parse_ip(session, opt, str, IPADDR_ANY); } @@ -910,8 +924,8 @@ ipset_parse_iprange(struct ipset_session *session, assert(str); if (cidr_separator(str)) - return syntax_err("IP address or IP-IP range must be specified: %s", - str); + return syntax_err("IP address or IP-IP range must be " + "specified: %s", str); return parse_ip(session, opt, str, IPADDR_ANY); } @@ -967,15 +981,15 @@ ipset_parse_ip4_single6(struct ipset_session *session, assert(session); assert(opt == IPSET_OPT_IP || opt == IPSET_OPT_IP2); assert(str); - + data = ipset_session_data(session); family = ipset_data_family(data); - + if (family == AF_UNSPEC) { family = AF_INET; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - + return family == AF_INET ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); @@ -1007,15 +1021,15 @@ ipset_parse_ip4_net6(struct ipset_session *session, assert(session); assert(opt == IPSET_OPT_IP || opt == IPSET_OPT_IP2); assert(str); - + data = ipset_session_data(session); family = ipset_data_family(data); - + if (family == AF_UNSPEC) { family = AF_INET; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - + return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); @@ -1050,8 +1064,8 @@ ipset_parse_iptimeout(struct ipset_session *session, if (ipset_data_flags_test(ipset_session_data(session), IPSET_FLAG(IPSET_OPT_TIMEOUT))) return syntax_err("mixed syntax, timeout already specified"); - - tmp = saved = strdup(str); + + tmp = saved = strdup(str); if (saved == NULL) return ipset_err(session, "Cannot allocate memory to duplicate %s.", @@ -1073,12 +1087,12 @@ ipset_parse_iptimeout(struct ipset_session *session, #define check_setname(str, saved) \ do { \ - if (strlen(str) > IPSET_MAXNAMELEN - 1) { \ - if (saved != NULL) \ - free(saved); \ - return syntax_err("setname '%s' is longer than %u characters", \ - str, IPSET_MAXNAMELEN - 1); \ - } \ + if (strlen(str) > IPSET_MAXNAMELEN - 1) { \ + if (saved != NULL) \ + free(saved); \ + return syntax_err("setname '%s' is longer than %u characters",\ + str, IPSET_MAXNAMELEN - 1); \ + } \ } while (0) @@ -1113,7 +1127,7 @@ ipset_parse_name_compat(struct ipset_session *session, if (ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_NAMEREF))) syntax_err("mixed syntax, before|after option already used"); - tmp = saved = strdup(str); + tmp = saved = strdup(str); if (saved == NULL) return ipset_err(session, "Cannot allocate memory to duplicate %s.", @@ -1123,8 +1137,8 @@ ipset_parse_name_compat(struct ipset_session *session, *a++ = '\0'; if ((b = elem_separator(a)) != NULL) *b++ = '\0'; - if (b == NULL - || !(STREQ(a, "before") || STREQ(a, "after"))) { + if (b == NULL || + !(STREQ(a, "before") || STREQ(a, "after"))) { err = ipset_err(session, "you must specify elements " "as setname%s[before|after]%ssetname", sep, sep); @@ -1165,9 +1179,9 @@ ipset_parse_setname(struct ipset_session *session, enum ipset_opt opt, const char *str) { assert(session); - assert(opt == IPSET_SETNAME - || opt == IPSET_OPT_NAME - || opt == IPSET_OPT_SETNAME2); + assert(opt == IPSET_SETNAME || + opt == IPSET_OPT_NAME || + opt == IPSET_OPT_SETNAME2); assert(str); check_setname(str, NULL); @@ -1253,13 +1267,13 @@ ipset_parse_uint32(struct ipset_session *session, { uint32_t value; int err; - + assert(session); assert(str); if ((err = string_to_u32(session, str, &value)) == 0) return ipset_session_data_set(session, opt, &value); - + return err; } @@ -1280,7 +1294,7 @@ ipset_parse_uint8(struct ipset_session *session, { uint8_t value; int err; - + assert(session); assert(str); @@ -1309,7 +1323,7 @@ ipset_parse_netmask(struct ipset_session *session, uint8_t family, cidr; struct ipset_data *data; int err = 0; - + assert(session); assert(opt == IPSET_OPT_NETMASK); assert(str); @@ -1322,7 +1336,7 @@ ipset_parse_netmask(struct ipset_session *session, } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, + family == AF_INET ? 1 : 4, family == AF_INET ? 31 : 124, &cidr); @@ -1351,7 +1365,7 @@ ipset_parse_flag(struct ipset_session *session, enum ipset_opt opt, const char *str UNUSED) { assert(session); - + return ipset_session_data_set(session, opt, NULL); } @@ -1391,7 +1405,7 @@ ipset_parse_typename(struct ipset_session *session, if (type == NULL) return -1; - + return ipset_session_data_set(session, IPSET_OPT_TYPE, type); } @@ -1423,7 +1437,8 @@ ipset_parse_iface(struct ipset_session *session, err = ipset_data_set(data, IPSET_OPT_PHYSDEV, str); } if (strlen(str + offset) > IFNAMSIZ - 1) - return syntax_err("interface name '%s' is longer than %u characters", + return syntax_err("interface name '%s' is longer " + "than %u characters", str + offset, IFNAMSIZ - 1); return ipset_data_set(data, opt, str + offset); @@ -1477,7 +1492,8 @@ ipset_parse_ignored(struct ipset_session *session, if (!ipset_data_ignored(ipset_session_data(session), opt)) ipset_warn(session, - "Option %s is ignored. Please upgrade your syntax.", str); + "Option %s is ignored. " + "Please upgrade your syntax.", str); return 0; } @@ -1508,7 +1524,7 @@ ipset_call_parser(struct ipset_session *session, } #define parse_elem(s, t, d, str) \ -do { \ +do { \ if (!(t)->elem[d].parse) \ goto internal; \ ret = (t)->elem[d].parse(s, (t)->elem[d].opt, str); \ @@ -1566,8 +1582,8 @@ ipset_parse_elem(struct ipset_session *session, } else if (a != NULL) { if (type->compat_parse_elem) { ret = type->compat_parse_elem(session, - type->elem[IPSET_DIM_ONE].opt, - saved); + type->elem[IPSET_DIM_ONE].opt, + saved); goto out; } elem_syntax_err("Elem separator in %s, " diff --git a/lib/print.c b/lib/print.c index bcccd3f..6452ab5 100644 --- a/lib/print.c +++ b/lib/print.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -54,15 +54,15 @@ ipset_print_ether(char *buf, unsigned int len, { const unsigned char *ether; int i, size, offset = 0; - + assert(buf); assert(len > 0); assert(data); assert(opt == IPSET_OPT_ETHER); - + if (len < ETH_ALEN*3) return -1; - + ether = ipset_data_get(data, opt); assert(ether); @@ -72,7 +72,7 @@ ipset_print_ether(char *buf, unsigned int len, size = snprintf(buf + offset, len, ":%02X", ether[i]); SNPRINTF_FAILURE(size, len, offset); } - + return offset; } @@ -139,35 +139,60 @@ ipset_print_type(char *buf, unsigned int len, assert(type); if (len < strlen(type->name) + 1) return -1; - + return snprintf(buf, len, "%s", type->name); } -#define GETNAMEINFO(family, f, n) \ -static inline int \ -__getnameinfo##f(char *buf, unsigned int len, \ - int flags, const union nf_inet_addr *addr) \ -{ \ - struct sockaddr_in##n saddr; \ - int err; \ - \ - memset(&saddr, 0, sizeof(saddr)); \ - in##f##cpy(&saddr.sin##n##_addr, &addr->in##n); \ - saddr.sin##n##_family = family; \ - \ - err = getnameinfo((const struct sockaddr *)&saddr, \ - sizeof(saddr), \ - buf, len, NULL, 0, flags); \ - \ - if (!(flags & NI_NUMERICHOST) && \ - (err == EAI_AGAIN || (err == 0 && strchr(buf, '-') != NULL))) \ - err = getnameinfo((const struct sockaddr *)&saddr, \ - sizeof(saddr), \ - buf, len, NULL, 0, \ - flags | NI_NUMERICHOST); \ - D("getnameinfo err: %i, errno %i", err, errno); \ - return (err == 0 ? (int)strlen(buf) : \ - (err == EAI_OVERFLOW || err == EAI_SYSTEM) ? (int)len : -1);\ +static inline int +__getnameinfo4(char *buf, unsigned int len, + int flags, const union nf_inet_addr *addr) +{ + struct sockaddr_in saddr; + int err; + + memset(&saddr, 0, sizeof(saddr)); + in4cpy(&saddr.sin_addr, &addr->in); + saddr.sin_family = AF_INET; + + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, flags); + + if (!(flags & NI_NUMERICHOST) && + (err == EAI_AGAIN || (err == 0 && strchr(buf, '-') != NULL))) + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, + flags | NI_NUMERICHOST); + D("getnameinfo err: %i, errno %i", err, errno); + return (err == 0 ? (int)strlen(buf) : + (err == EAI_OVERFLOW || err == EAI_SYSTEM) ? (int)len : -1); +} + +static inline int +__getnameinfo6(char *buf, unsigned int len, + int flags, const union nf_inet_addr *addr) +{ + struct sockaddr_in6 saddr; + int err; + + memset(&saddr, 0, sizeof(saddr)); + in6cpy(&saddr.sin6_addr, &addr->in6); + saddr.sin6_family = AF_INET6; + + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, flags); + + if (!(flags & NI_NUMERICHOST) && + (err == EAI_AGAIN || (err == 0 && strchr(buf, '-') != NULL))) + err = getnameinfo((const struct sockaddr *)&saddr, + sizeof(saddr), + buf, len, NULL, 0, + flags | NI_NUMERICHOST); + D("getnameinfo err: %i, errno %i", err, errno); + return (err == 0 ? (int)strlen(buf) : + (err == EAI_OVERFLOW || err == EAI_SYSTEM) ? (int)len : -1); } #define SNPRINTF_IP(mask, f) \ @@ -190,10 +215,8 @@ snprintf_ipv##f(char *buf, unsigned int len, int flags, \ return offset; \ } -GETNAMEINFO(AF_INET, 4, ) SNPRINTF_IP(32, 4) -GETNAMEINFO(AF_INET6, 6, 6) SNPRINTF_IP(128, 6) /** @@ -232,7 +255,7 @@ ipset_print_ip(char *buf, unsigned int len, } else cidr = family == AF_INET6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; - + ip = ipset_data_get(data, opt); assert(ip); if (family == AF_INET) @@ -258,8 +281,8 @@ ipset_print_ip(char *buf, unsigned int len, size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; - - SNPRINTF_FAILURE(size, len, offset); + + SNPRINTF_FAILURE(size, len, offset); return offset; } @@ -288,9 +311,9 @@ ipset_print_ipaddr(char *buf, unsigned int len, assert(buf); assert(len > 0); assert(data); - assert(opt == IPSET_OPT_IP - || opt == IPSET_OPT_IP_TO - || opt == IPSET_OPT_IP2); + assert(opt == IPSET_OPT_IP || + opt == IPSET_OPT_IP_TO || + opt == IPSET_OPT_IP2); family = ipset_data_family(data); cidropt = opt == IPSET_OPT_IP ? IPSET_OPT_CIDR : IPSET_OPT_CIDR2; @@ -333,7 +356,7 @@ ipset_print_number(char *buf, unsigned int len, assert(buf); assert(len > 0); assert(data); - + number = ipset_data_get(data, opt); maxsize = ipset_data_sizeof(opt, AF_INET); D("opt: %u, maxsize %zu", opt, maxsize); @@ -380,7 +403,7 @@ ipset_print_name(char *buf, unsigned int len, name = ipset_data_get(data, opt); assert(name); size = snprintf(buf, len, "%s", name); - SNPRINTF_FAILURE(size, len, offset); + SNPRINTF_FAILURE(size, len, offset); if (ipset_data_test(data, IPSET_OPT_NAMEREF)) { bool before = false; @@ -390,10 +413,10 @@ ipset_print_name(char *buf, unsigned int len, before = (*flags) & IPSET_FLAG_BEFORE; } size = snprintf(buf + offset, len, - " %s %s", before ? "before" : "after", - (const char *) ipset_data_get(data, - IPSET_OPT_NAMEREF)); - SNPRINTF_FAILURE(size, len, offset); + " %s %s", before ? "before" : "after", + (const char *) ipset_data_get(data, + IPSET_OPT_NAMEREF)); + SNPRINTF_FAILURE(size, len, offset); } return offset; @@ -431,13 +454,13 @@ ipset_print_port(char *buf, unsigned int len, port = ipset_data_get(data, IPSET_OPT_PORT); assert(port); size = snprintf(buf, len, "%u", *port); - SNPRINTF_FAILURE(size, len, offset); - + SNPRINTF_FAILURE(size, len, offset); + if (ipset_data_test(data, IPSET_OPT_PORT_TO)) { port = ipset_data_get(data, IPSET_OPT_PORT_TO); size = snprintf(buf + offset, len, - "%s%u", - IPSET_RANGE_SEPARATOR, *port); + "%s%u", + IPSET_RANGE_SEPARATOR, *port); SNPRINTF_FAILURE(size, len, offset); } @@ -479,7 +502,7 @@ ipset_print_iface(char *buf, unsigned int len, name = ipset_data_get(data, opt); assert(name); size = snprintf(buf, len, "%s", name); - SNPRINTF_FAILURE(size, len, offset); + SNPRINTF_FAILURE(size, len, offset); return offset; } @@ -511,12 +534,12 @@ ipset_print_proto(char *buf, unsigned int len, proto = *(const uint8_t *) ipset_data_get(data, IPSET_OPT_PROTO); assert(proto); - + protoent = getprotobynumber(proto); if (protoent) return snprintf(buf, len, "%s", protoent->p_name); - /* Should not happen */ + /* Should not happen */ return snprintf(buf, len, "%u", proto); } @@ -551,7 +574,8 @@ ipset_print_icmp(char *buf, unsigned int len, if (name != NULL) return snprintf(buf, len, "%s", name); else - return snprintf(buf, len, "%u/%u", typecode >> 8, typecode & 0xFF); + return snprintf(buf, len, "%u/%u", + typecode >> 8, typecode & 0xFF); } /** @@ -585,7 +609,8 @@ ipset_print_icmpv6(char *buf, unsigned int len, if (name != NULL) return snprintf(buf, len, "%s", name); else - return snprintf(buf, len, "%u/%u", typecode >> 8, typecode & 0xFF); + return snprintf(buf, len, "%u/%u", + typecode >> 8, typecode & 0xFF); } /** @@ -614,8 +639,8 @@ ipset_print_proto_port(char *buf, unsigned int len, assert(opt == IPSET_OPT_PORT); if (ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_PROTO))) { - uint8_t proto = *(const uint8_t *) ipset_data_get(data, - IPSET_OPT_PROTO); + uint8_t proto = *(const uint8_t *) ipset_data_get(data, + IPSET_OPT_PROTO); size = ipset_print_proto(buf, len, data, IPSET_OPT_PROTO, env); SNPRINTF_FAILURE(size, len, offset); if (len < 2) @@ -641,16 +666,16 @@ ipset_print_proto_port(char *buf, unsigned int len, } size = ipset_print_port(buf + offset, len, data, IPSET_OPT_PORT, env); SNPRINTF_FAILURE(size, len, offset); - + return offset; } #define print_second(data) \ ipset_data_flags_test(data, \ - IPSET_FLAG(IPSET_OPT_PORT)|IPSET_FLAG(IPSET_OPT_ETHER)) + IPSET_FLAG(IPSET_OPT_PORT)|IPSET_FLAG(IPSET_OPT_ETHER)) #define print_third(data) \ -ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_IP2)) +ipset_data_flags_test(data, IPSET_FLAG(IPSET_OPT_IP2)) /** * ipset_print_elem - print ADT elem according to settype @@ -679,25 +704,25 @@ ipset_print_elem(char *buf, unsigned int len, type = ipset_data_get(data, IPSET_OPT_TYPE); if (!type) return -1; - + size = type->elem[IPSET_DIM_ONE].print(buf, len, data, type->elem[IPSET_DIM_ONE].opt, env); SNPRINTF_FAILURE(size, len, offset); IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt), "print second elem"); - if (type->dimension == IPSET_DIM_ONE - || (type->last_elem_optional - && !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt))) + if (type->dimension == IPSET_DIM_ONE || + (type->last_elem_optional && + !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt))) return offset; - + size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); SNPRINTF_FAILURE(size, len, offset); size = type->elem[IPSET_DIM_TWO].print(buf + offset, len, data, type->elem[IPSET_DIM_TWO].opt, env); SNPRINTF_FAILURE(size, len, offset); - if (type->dimension == IPSET_DIM_TWO - || (type->last_elem_optional - && !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt))) + if (type->dimension == IPSET_DIM_TWO || + (type->last_elem_optional && + !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt))) return offset; size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); @@ -725,7 +750,7 @@ int ipset_print_flag(char *buf UNUSED, unsigned int len UNUSED, const struct ipset_data *data UNUSED, enum ipset_opt opt UNUSED, uint8_t env UNUSED) -{ +{ return 0; } @@ -790,6 +815,6 @@ ipset_print_data(char *buf, unsigned int len, return -1; } SNPRINTF_FAILURE(size, len, offset); - + return offset; } diff --git a/lib/session.c b/lib/session.c index 93d33ff..9e36efd 100644 --- a/lib/session.c +++ b/lib/session.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -198,14 +198,14 @@ ipset_session_output(struct ipset_session *session, * * Returns -1. */ -int __attribute__((format(printf,3,4))) +int __attribute__((format(printf, 3, 4))) ipset_session_report(struct ipset_session *session, - enum ipset_err_type type, + enum ipset_err_type type, const char *fmt, ...) { int len, offset = 0; va_list args; - + assert(session); assert(fmt); @@ -214,13 +214,13 @@ ipset_session_report(struct ipset_session *session, session->lineno); } offset = strlen(session->report); - + va_start(args, fmt); len = vsnprintf(session->report + offset, - IPSET_ERRORBUFLEN - 1 - offset, - fmt, args); + IPSET_ERRORBUFLEN - 1 - offset, + fmt, args); va_end(args); - + if (len >= IPSET_ERRORBUFLEN - 1 - offset) session->report[IPSET_ERRORBUFLEN - 1] = '\0'; if (strlen(session->report) < IPSET_ERRORBUFLEN - 1) @@ -501,7 +501,7 @@ generic_data_attr_cb(const struct nlattr *attr, void *data, { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); - + IF_D(debug, "attr type: %u, len %u", type, attr->nla_len); if (mnl_attr_type_valid(attr, attr_max) < 0) { IF_D(debug, "attr type: %u INVALID", type); @@ -512,9 +512,9 @@ generic_data_attr_cb(const struct nlattr *attr, void *data, mnl_attr_get_payload_len(attr)); return MNL_CB_ERROR; } - if (policy[type].type == MNL_TYPE_NUL_STRING - && mnl_attr_get_payload_len(attr) > IPSET_MAXNAMELEN) - return MNL_CB_ERROR; + if (policy[type].type == MNL_TYPE_NUL_STRING && + mnl_attr_get_payload_len(attr) > IPSET_MAXNAMELEN) + return MNL_CB_ERROR; tb[type] = attr; return MNL_CB_OK; } @@ -598,7 +598,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], switch (attr->type) { case MNL_TYPE_U32: { uint32_t value; - + value = ntohl(*(const uint32_t *)d); d = &value; @@ -606,7 +606,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], } case MNL_TYPE_U16: { uint16_t value; - + value = ntohs(*(const uint16_t *)d); d = &value; @@ -617,15 +617,15 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], } } #ifdef IPSET_DEBUG - if (type == IPSET_ATTR_TYPENAME) + if (type == IPSET_ATTR_TYPENAME) D("nla typename %s", (const char *) d); #endif ret = ipset_data_set(data, attr->opt, d); #ifdef IPSET_DEBUG - if (type == IPSET_ATTR_TYPENAME) + if (type == IPSET_ATTR_TYPENAME) D("nla typename %s", (const char *) ipset_data_get(data, IPSET_OPT_TYPENAME)); -#endif +#endif return ret; } @@ -654,16 +654,16 @@ static inline int call_outfn(struct ipset_session *session) { int ret = session->outfn("%s", session->outbuf); - + session->outbuf[0] = '\0'; - + return ret < 0 ? ret : 0; } /* Handle printing failures */ static jmp_buf printf_failure; -static int __attribute__((format(printf,2,3))) +static int __attribute__((format(printf, 2, 3))) safe_snprintf(struct ipset_session *session, const char *fmt, ...) { va_list args; @@ -676,7 +676,7 @@ retry: ret = vsnprintf(session->outbuf + len, IPSET_OUTBUFLEN - len, fmt, args); va_end(args); - + if (ret < 0) { ipset_err(session, "Internal error at printing to output buffer"); @@ -710,7 +710,7 @@ retry: D("len: %u, retry %u", len, loop); ret = fn(session->outbuf + len, IPSET_OUTBUFLEN - len, session->data, opt, session->envopts); - + if (ret < 0) { ipset_err(session, "Internal error at printing to output buffer"); @@ -732,7 +732,7 @@ retry: } return ret; } - + static int list_adt(struct ipset_session *session, struct nlattr *nla[]) { @@ -742,7 +742,7 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) uint8_t family; int i, found = 0; - D("enter"); + D("enter"); /* Check and load type, family */ if (!ipset_data_test(data, IPSET_OPT_TYPE)) type = ipset_type_get(session, IPSET_CMD_ADD); @@ -773,7 +773,7 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) default: break; } - + safe_dprintf(session, ipset_print_elem, IPSET_OPT_ELEM); for (arg = type->args[IPSET_ADD]; arg != NULL && arg->print; arg++) { @@ -804,7 +804,7 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) break; } } - + if (session->mode == IPSET_LIST_XML) safe_snprintf(session, "</member>\n"); else @@ -863,10 +863,10 @@ list_create(struct ipset_session *session, struct nlattr *nla[]) } for (arg = type->args[IPSET_CREATE]; arg != NULL && arg->opt; arg++) { - if (!arg->print - || !ipset_data_test(data, arg->opt) - || (arg->opt == IPSET_OPT_FAMILY - && family == type->family)) + if (!arg->print || + !ipset_data_test(data, arg->opt) || + (arg->opt == IPSET_OPT_FAMILY && + family == type->family)) continue; switch (session->mode) { case IPSET_LIST_SAVE: @@ -979,15 +979,15 @@ callback_list(struct ipset_session *session, struct nlattr *nla[], if (STREQ(ipset_data_setname(data), session->saved_setname)) { /* Header part already seen */ - if (ipset_data_test(data, IPSET_OPT_TYPE) - && nla[IPSET_ATTR_DATA] != NULL) + if (ipset_data_test(data, IPSET_OPT_TYPE) && + nla[IPSET_ATTR_DATA] != NULL) FAILURE("Broken %s kernel message: " "extra DATA received!", cmd2name[cmd]); } else { if (nla[IPSET_ATTR_DATA] == NULL) FAILURE("Broken %s kernel message: " "missing DATA part!", cmd2name[cmd]); - + /* Close previous set printing */ if (session->saved_setname[0] != '\0') print_set_done(session); @@ -996,13 +996,14 @@ callback_list(struct ipset_session *session, struct nlattr *nla[], if (nla[IPSET_ATTR_DATA] != NULL) { struct nlattr *cattr[IPSET_ATTR_CREATE_MAX+1] = {}; - if (!(nla[IPSET_ATTR_TYPENAME] - && nla[IPSET_ATTR_FAMILY] - && nla[IPSET_ATTR_REVISION])) + if (!(nla[IPSET_ATTR_TYPENAME] && + nla[IPSET_ATTR_FAMILY] && + nla[IPSET_ATTR_REVISION])) FAILURE("Broken %s kernel message: missing %s!", cmd2name[cmd], - !nla[IPSET_ATTR_TYPENAME] ? "typename" : - !nla[IPSET_ATTR_FAMILY] ? "family" : "revision"); + !nla[IPSET_ATTR_TYPENAME] ? "typename" : + !nla[IPSET_ATTR_FAMILY] ? "family" : + "revision"); /* Reset CREATE specific flags */ ipset_data_flags_unset(data, IPSET_CREATE_FLAGS); @@ -1025,7 +1026,7 @@ callback_list(struct ipset_session *session, struct nlattr *nla[], return MNL_CB_ERROR; strcpy(session->saved_setname, ipset_data_setname(data)); } - + if (nla[IPSET_ATTR_ADT] != NULL) { struct nlattr *tb, *adt[IPSET_ATTR_ADT_MAX+1]; @@ -1057,7 +1058,7 @@ static int callback_version(struct ipset_session *session, struct nlattr *nla[]) { uint8_t min, max; - + min = max = mnl_attr_get_u8(nla[IPSET_ATTR_PROTOCOL]); if (nla[IPSET_ATTR_PROTOCOL_MIN]) { @@ -1071,8 +1072,8 @@ callback_version(struct ipset_session *session, struct nlattr *nla[]) "while userspace supports protocol versions %u-%u", min, max, IPSET_PROTOCOL_MIN, IPSET_PROTOCOL_MAX); - if (!(session->envopts & IPSET_ENV_QUIET) - && max != IPSET_PROTOCOL_MAX) + if (!(session->envopts & IPSET_ENV_QUIET) && + max != IPSET_PROTOCOL_MAX) ipset_warn(session, "Kernel support protocol versions %u-%u " "while userspace supports protocol versions %u-%u", @@ -1088,7 +1089,7 @@ callback_header(struct ipset_session *session, struct nlattr *nla[]) { const char *setname; const struct ipset_data *data = session->data; - + if (!nla[IPSET_ATTR_SETNAME]) FAILURE("Broken HEADER kernel message: missing setname!"); @@ -1097,10 +1098,10 @@ callback_header(struct ipset_session *session, struct nlattr *nla[]) FAILURE("Broken HEADER kernel message: sent setname `%s' " "does not match with received one `%s'!", ipset_data_setname(data), setname); - - if (!(nla[IPSET_ATTR_TYPENAME] - && nla[IPSET_ATTR_REVISION] - && nla[IPSET_ATTR_FAMILY])) + + if (!(nla[IPSET_ATTR_TYPENAME] && + nla[IPSET_ATTR_REVISION] && + nla[IPSET_ATTR_FAMILY])) FAILURE("Broken HEADER kernel message: " "missing attribute '%s'!", !nla[IPSET_ATTR_TYPENAME] ? "typename" : @@ -1120,10 +1121,10 @@ callback_type(struct ipset_session *session, struct nlattr *nla[]) { const struct ipset_data *data = session->data; const char *typename, *orig; - - if (!(nla[IPSET_ATTR_TYPENAME] - && nla[IPSET_ATTR_REVISION] - && nla[IPSET_ATTR_FAMILY])) + + if (!(nla[IPSET_ATTR_TYPENAME] && + nla[IPSET_ATTR_REVISION] && + nla[IPSET_ATTR_FAMILY])) FAILURE("Broken TYPE kernel message: " "missing attribute '%s'!", !nla[IPSET_ATTR_TYPENAME] ? "typename" : @@ -1136,7 +1137,7 @@ callback_type(struct ipset_session *session, struct nlattr *nla[]) FAILURE("Broken TYPE kernel message: sent typename `%s' " "does not match with received one `%s'!", orig, typename); - + ATTR2DATA(session, nla, IPSET_ATTR_TYPENAME, cmd_attrs); ATTR2DATA(session, nla, IPSET_ATTR_REVISION, cmd_attrs); ATTR2DATA(session, nla, IPSET_ATTR_FAMILY, cmd_attrs); @@ -1160,7 +1161,7 @@ mnl_attr_parse_dbg(const struct nlmsghdr *nlh, int offset, int ret = MNL_CB_OK; struct nlattr *attr = mnl_nlmsg_get_payload_offset(nlh, offset); int len = nlh->nlmsg_len - MNL_NLMSG_HDRLEN - MNL_ALIGN(offset); - + while (mnl_attr_ok(attr, len)) { D("attr: type %u, attrlen %u, len %u", mnl_attr_get_type(attr), attr->nla_len, len); @@ -1179,7 +1180,7 @@ callback_data(const struct nlmsghdr *nlh, void *data) struct nlattr *nla[IPSET_ATTR_CMD_MAX+1] = {}; uint8_t proto, cmd; int ret = MNL_CB_OK, nfmsglen = MNL_ALIGN(sizeof(struct nfgenmsg)); - + D("called, nlmsg_len %u", nlh->nlmsg_len); cmd = ipset_get_nlmsg_type(nlh); if (cmd == IPSET_CMD_LIST && session->cmd == IPSET_CMD_SAVE) @@ -1199,8 +1200,8 @@ callback_data(const struct nlmsghdr *nlh, void *data) if (!nla[IPSET_ATTR_PROTOCOL]) FAILURE("Sad, sad day: kernel message %s " - "does not carry the protocol version.", - cmd2name[cmd]); + "does not carry the protocol version.", + cmd2name[cmd]); proto = mnl_attr_get_u8(nla[IPSET_ATTR_PROTOCOL]); @@ -1245,8 +1246,8 @@ callback_done(const struct nlmsghdr *nlh UNUSED, void *data) D(" called"); if (session->cmd == IPSET_CMD_LIST || session->cmd == IPSET_CMD_SAVE) - return print_set_done(session); - + return print_set_done(session); + FAILURE("Invalid message received in non LIST or SAVE state."); } @@ -1258,10 +1259,10 @@ decode_errmsg(struct ipset_session *session, const struct nlmsghdr *nlh) struct nlattr *nla[IPSET_ATTR_CMD_MAX+1] = {}; enum ipset_cmd cmd; int nfmsglen = MNL_ALIGN(sizeof(struct nfgenmsg)); - - if (nlh->nlmsg_len < (uint32_t) MNL_ALIGN(sizeof(struct nlmsgerr)) - || nlh->nlmsg_len < MNL_ALIGN(sizeof(struct nlmsgerr)) - + msg->nlmsg_len) + + if (nlh->nlmsg_len < (uint32_t) MNL_ALIGN(sizeof(struct nlmsgerr)) || + nlh->nlmsg_len < MNL_ALIGN(sizeof(struct nlmsgerr)) + + msg->nlmsg_len) FAILURE("Broken error report message received."); cmd = ipset_get_nlmsg_type(msg); @@ -1281,15 +1282,15 @@ decode_errmsg(struct ipset_session *session, const struct nlmsghdr *nlh) FAILURE("Broken %s error report message: " "missing protocol attribute", cmd2name[cmd]); - + if (nla[IPSET_ATTR_LINENO]) { session->lineno = mnl_attr_get_u32(nla[IPSET_ATTR_LINENO]); if (nla[IPSET_ATTR_LINENO]->nla_type & NLA_F_NET_BYTEORDER) session->lineno = ntohl(session->lineno); } - + return ipset_errcode(session, cmd, -err->error); -} +} static int callback_error(const struct nlmsghdr *nlh, void *cbdata) @@ -1322,16 +1323,20 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) break; case IPSET_CMD_RENAME: ipset_cache_rename(ipset_data_setname(data), - ipset_data_get(data, IPSET_OPT_SETNAME2)); + ipset_data_get(data, + IPSET_OPT_SETNAME2)); break; case IPSET_CMD_SWAP: ipset_cache_swap(ipset_data_setname(data), - ipset_data_get(data, IPSET_OPT_SETNAME2)); + ipset_data_get(data, + IPSET_OPT_SETNAME2)); break; case IPSET_CMD_TEST: if (!(session->envopts & IPSET_ENV_QUIET)) { - ipset_print_elem(session->report, IPSET_ERRORBUFLEN, - session->data, IPSET_OPT_NONE, 0); + ipset_print_elem(session->report, + IPSET_ERRORBUFLEN, + session->data, + IPSET_OPT_NONE, 0); ipset_warn(session, " is in set %s.", ipset_data_setname(data)); } @@ -1345,7 +1350,8 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) print_set_done(session); break; default: - FAILURE("ACK message received to command %s[%u], which is not expected", + FAILURE("ACK message received to command %s[%u], " + "which is not expected", session->cmd < IPSET_MSG_MAX ? cmd2name[session->cmd] : "unknown", session->cmd); @@ -1355,10 +1361,10 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) D("nlmsgerr error: %u", -err->error); /* Error messages */ - + /* Special case for IPSET_CMD_TEST */ - if (session->cmd == IPSET_CMD_TEST - && err->error == -IPSET_ERR_EXIST) { + if (session->cmd == IPSET_CMD_TEST && + err->error == -IPSET_ERR_EXIST) { if (!(session->envopts & IPSET_ENV_QUIET)) { ipset_print_elem(session->report, IPSET_ERRORBUFLEN, session->data, IPSET_OPT_NONE, 0); @@ -1369,7 +1375,7 @@ callback_error(const struct nlmsghdr *nlh, void *cbdata) } decode_errmsg(session, nlh); - + return ret; } @@ -1423,7 +1429,8 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags) } #define BUFFER_FULL(bufsize, nlmsg_len, nestlen, attrlen) \ -(nlmsg_len + nestlen + MNL_ATTR_HDRLEN + MNL_ALIGN(alen) + MNL_ALIGN(sizeof(struct nlmsgerr)) > bufsize) +(nlmsg_len + nestlen + MNL_ATTR_HDRLEN + MNL_ALIGN(alen) + \ + MNL_ALIGN(sizeof(struct nlmsgerr)) > bufsize) static int rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, @@ -1443,14 +1450,15 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); - if (BUFFER_FULL(session->bufsize, nlh->nlmsg_len, MNL_ATTR_HDRLEN, alen)) + if (BUFFER_FULL(session->bufsize, nlh->nlmsg_len, + MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); D("family: %s", family == AF_INET ? "INET" : family == AF_INET6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype | flags, alen, d); mnl_attr_nest_end(nlh, nested); - + return 0; } @@ -1464,20 +1472,20 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, break; case MNL_TYPE_U32: { uint32_t value = htonl(*(const uint32_t *)d); - + d = &value; break; } case MNL_TYPE_U16: { uint16_t value = htons(*(const uint16_t *)d); - + d = &value; break; } default: break; } - + mnl_attr_put(nlh, type | flags, alen, d); return 0; @@ -1504,7 +1512,7 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh, data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ - ipset_data_test(data, attrs[type].opt) ? \ + ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ @@ -1525,7 +1533,7 @@ addattr_adt(struct ipset_session *session, struct nlmsghdr *nlh, struct ipset_data *data, uint8_t family) { int i; - + for (i = IPSET_ATTR_UNSPEC + 1; i <= IPSET_ATTR_ADT_MAX; i++) if (ADDATTR_IF(session, nlh, data, i, family, adt_attrs)) return 1; @@ -1545,7 +1553,7 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) /* Initialize header */ session->transport->fill_hdr(session->handle, cmd, buffer, len, 0); - + ADDATTR_PROTOCOL(nlh); switch (cmd) { @@ -1563,9 +1571,11 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) return ipset_err(session, "Invalid internal TYPE command: " "missing settype"); - ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, AF_INET, cmd_attrs); + ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, + AF_INET, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) - ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, AF_INET, cmd_attrs); + ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, + AF_INET, cmd_attrs); else /* bitmap:port and list:set types */ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); @@ -1586,10 +1596,10 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) static inline bool may_aggregate_ad(struct ipset_session *session, enum ipset_cmd cmd) { - return session->lineno != 0 - && (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL) - && cmd == session->cmd - && STREQ(ipset_data_setname(session->data), session->saved_setname); + return session->lineno != 0 && + (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL) && + cmd == session->cmd && + STREQ(ipset_data_setname(session->data), session->saved_setname); } static int @@ -1622,12 +1632,13 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_OPT_TYPE)) return ipset_err(session, "Invalid create command: missing settype"); - + type = ipset_data_get(data, IPSET_OPT_TYPE); /* Core attributes: * setname, typename, revision, family, flags (optional) */ ADDATTR_SETNAME(session, nlh, data); - ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, AF_INET, cmd_attrs); + ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, + AF_INET, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", @@ -1655,7 +1666,7 @@ build_msg(struct ipset_session *session, bool aggregate) break; case IPSET_CMD_LIST: { uint32_t flags = 0; - + if (session->envopts & IPSET_ENV_LIST_SETNAME) flags |= IPSET_FLAG_LIST_SETNAME; if (session->envopts & IPSET_ENV_LIST_HEADER) @@ -1674,13 +1685,16 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_SETNAME)) return ipset_err(session, "Invalid %s command: missing from-setname", - session->cmd == IPSET_CMD_SWAP ? "swap" : "rename"); + session->cmd == IPSET_CMD_SWAP ? "swap" : + "rename"); if (!ipset_data_test(data, IPSET_OPT_SETNAME2)) return ipset_err(session, "Invalid %s command: missing to-setname", - session->cmd == IPSET_CMD_SWAP ? "swap" : "rename"); + session->cmd == IPSET_CMD_SWAP ? "swap" : + "rename"); ADDATTR_SETNAME(session, nlh, data); - ADDATTR_RAW(session, nlh, ipset_data_get(data, IPSET_OPT_SETNAME2), + ADDATTR_RAW(session, nlh, + ipset_data_get(data, IPSET_OPT_SETNAME2), IPSET_ATTR_SETNAME2, cmd_attrs); break; case IPSET_CMD_ADD: @@ -1692,12 +1706,14 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_SETNAME)) return ipset_err(session, "Invalid %s command: missing setname", - session->cmd == IPSET_CMD_ADD ? "add" : "del"); + session->cmd == IPSET_CMD_ADD ? "add" : + "del"); if (!ipset_data_test(data, IPSET_OPT_TYPE)) return ipset_err(session, "Invalid %s command: missing settype", - session->cmd == IPSET_CMD_ADD ? "add" : "del"); + session->cmd == IPSET_CMD_ADD ? "add" : + "del"); /* Core options: setname */ ADDATTR_SETNAME(session, nlh, data); @@ -1715,11 +1731,12 @@ build_msg(struct ipset_session *session, bool aggregate) D("open_nested failed"); return 1; } - if (addattr_adt(session, nlh, data, ipset_data_family(data)) - || ADDATTR_RAW(session, nlh, &session->lineno, - IPSET_ATTR_LINENO, cmd_attrs)) { + if (addattr_adt(session, nlh, data, ipset_data_family(data)) || + ADDATTR_RAW(session, nlh, &session->lineno, + IPSET_ATTR_LINENO, cmd_attrs)) { /* Cancel last, unfinished nested attribute */ - mnl_attr_nest_cancel(nlh, session->nested[session->nestid-1]); + mnl_attr_nest_cancel(nlh, + session->nested[session->nestid-1]); session->nested[--session->nestid] = NULL; return 1; } @@ -1731,7 +1748,7 @@ build_msg(struct ipset_session *session, bool aggregate) /* Return codes are not aggregated, so tests cannot be either */ /* Setname, type not checked/added yet */ - + if (!ipset_data_test(data, IPSET_SETNAME)) return ipset_err(session, "Invalid test command: missing setname"); @@ -1739,7 +1756,7 @@ build_msg(struct ipset_session *session, bool aggregate) if (!ipset_data_test(data, IPSET_OPT_TYPE)) return ipset_err(session, "Invalid test command: missing settype"); - + type = ipset_data_get(data, IPSET_OPT_TYPE); D("family: %u, type family %u", ipset_data_family(data), type->family); @@ -1773,7 +1790,8 @@ ipset_commit(struct ipset_session *session) assert(session); nlh = session->buffer; - D("send buffer: len %u, cmd %s", nlh->nlmsg_len, cmd2name[session->cmd]); + D("send buffer: len %u, cmd %s", + nlh->nlmsg_len, cmd2name[session->cmd]); if (nlh->nlmsg_len == 0) /* Nothing to do */ return 0; @@ -1802,7 +1820,7 @@ ipset_commit(struct ipset_session *session) return -1; else return ipset_err(session, - "Internal protocol error"); + "Internal protocol error"); } return 0; } @@ -1814,7 +1832,7 @@ static mnl_cb_t cb_ctl[] = { [NLMSG_OVERRUN] = callback_noop, [NLMSG_MIN_TYPE] = callback_data, }; - + static inline struct ipset_handle * init_transport(struct ipset_session *session) { @@ -1843,7 +1861,7 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) struct ipset_data *data; bool aggregate = false; int ret = -1; - + assert(session); if (cmd <= IPSET_CMD_NONE || cmd >= IPSET_MSG_MAX) @@ -1863,9 +1881,9 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) } /* Private commands */ - if (cmd == IPSET_CMD_TYPE || cmd == IPSET_CMD_HEADER) + if (cmd == IPSET_CMD_TYPE || cmd == IPSET_CMD_HEADER) return build_send_private_msg(session, cmd); - + /* Check aggregatable commands */ aggregate = may_aggregate_ad(session, cmd); if (!aggregate) { @@ -1878,7 +1896,7 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) /* Real command: update lineno too */ session->cmd = cmd; session->lineno = lineno; - + /* Set default output mode */ if (cmd == IPSET_CMD_LIST) { if (session->mode == IPSET_LIST_NONE) @@ -1906,8 +1924,8 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) /* We have to save the type for error handling */ session->saved_type = ipset_data_get(data, IPSET_OPT_TYPE); - if (session->lineno != 0 - && (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL)) { + if (session->lineno != 0 && + (cmd == IPSET_CMD_ADD || cmd == IPSET_CMD_DEL)) { /* Save setname for the next possible aggregated restore line */ strcpy(session->saved_setname, ipset_data_setname(data)); ipset_data_reset(data); @@ -1916,7 +1934,7 @@ ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno) goto cleanup; } - D("call commit"); + D("call commit"); ret = ipset_commit(session); cleanup: @@ -1948,10 +1966,10 @@ ipset_session_init(ipset_outfn outfn) /* The single transport method yet */ session->transport = &ipset_mnl_transport; - + /* Output function */ session->outfn = outfn; - + /* Initialize data structures */ session->data = ipset_data_init(); if (session->data == NULL) @@ -1961,8 +1979,8 @@ ipset_session_init(ipset_outfn outfn) return session; free_session: - free(session); - return NULL; + free(session); + return NULL; } /** diff --git a/lib/types.c b/lib/types.c index c440993..7c16a30 100644 --- a/lib/types.c +++ b/lib/types.c @@ -1,7 +1,7 @@ /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <assert.h> /* assert */ @@ -28,8 +28,8 @@ struct ipset { struct ipset *next; }; -static struct ipset_type *typelist = NULL; /* registered set types */ -static struct ipset *setlist = NULL; /* cached sets */ +static struct ipset_type *typelist; /* registered set types */ +static struct ipset *setlist; /* cached sets */ /** * ipset_cache_add - add a set to the cache @@ -57,7 +57,7 @@ ipset_cache_add(const char *name, const struct ipset_type *type, ipset_strlcpy(n->name, name, IPSET_MAXNAMELEN); n->type = type; n->family = family; - n->next = NULL; + n->next = NULL; if (setlist == NULL) { setlist = n; @@ -109,7 +109,7 @@ ipset_cache_del(const char *name) } if (match == NULL) return -EEXIST; - + free(match); return 0; } @@ -168,7 +168,7 @@ ipset_cache_swap(const char *from, const char *to) ipset_strlcpy(b->name, from, IPSET_MAXNAMELEN); return 0; } - + return -EEXIST; } @@ -178,7 +178,7 @@ ipset_cache_swap(const char *from, const char *to) bool ipset_match_typename(const char *name, const struct ipset_type *type) { - const char * const * alias = type->alias; + const char * const *alias = type->alias; if (STREQ(name, type->name)) return true; @@ -189,7 +189,7 @@ ipset_match_typename(const char *name, const struct ipset_type *type) alias++; } return false; -} +} static inline const struct ipset_type * create_type_get(struct ipset_session *session) @@ -215,17 +215,17 @@ create_type_get(struct ipset_session *session) if (ipset_match_typename(typename, t) && MATCH_FAMILY(t, family)) { if (match == NULL) { - match = t; - tmin = tmax = t->revision; + match = t; + tmin = tmax = t->revision; } else if (t->family == match->family) tmin = t->revision; - } + } } if (!match) return ipset_errptr(session, "Syntax error: unknown settype %s", typename); - + /* Family is unspecified yet: set from matching set type */ if (family == AF_UNSPEC && match->family != AF_UNSPEC) { family = match->family == AF_INET46 ? AF_INET : match->family; @@ -240,9 +240,11 @@ create_type_get(struct ipset_session *session) if (ret != 0) return NULL; - kmin = kmax = *(const uint8_t *)ipset_data_get(data, IPSET_OPT_REVISION); + kmin = kmax = *(const uint8_t *)ipset_data_get(data, + IPSET_OPT_REVISION); if (ipset_data_test(data, IPSET_OPT_REVISION_MIN)) - kmin = *(const uint8_t *)ipset_data_get(data, IPSET_OPT_REVISION_MIN); + kmin = *(const uint8_t *)ipset_data_get(data, + IPSET_OPT_REVISION_MIN); if (MAX(tmin, kmin) > MIN(tmax, kmax)) { if (kmin > tmax) @@ -266,7 +268,7 @@ create_type_get(struct ipset_session *session) family == AF_INET6 ? "INET6" : "UNSPEC", kmax, tmin); } - + /* Disable unsupported revisions */ for (match = NULL, t = typelist; t != NULL; t = t->next) { /* Skip revisions which are unsupported by the kernel */ @@ -274,16 +276,16 @@ create_type_get(struct ipset_session *session) continue; if (ipset_match_typename(typename, t) && MATCH_FAMILY(t, family)) { - if (t->revision < kmin || t->revision > kmax) - t->kernel_check = IPSET_KERNEL_MISMATCH; + if (t->revision < kmin || t->revision > kmax) + t->kernel_check = IPSET_KERNEL_MISMATCH; else if (match == NULL) - match = t; - } + match = t; + } } match->kernel_check = IPSET_KERNEL_OK; found: ipset_data_set(data, IPSET_OPT_TYPE, match); - + return match; } @@ -327,7 +329,7 @@ adt_type_get(struct ipset_session *session) return NULL; typename = ipset_data_get(data, IPSET_OPT_TYPENAME); - revision = ipset_data_get(data, IPSET_OPT_REVISION); + revision = ipset_data_get(data, IPSET_OPT_REVISION); family = ipset_data_family(data); /* Check registered types */ @@ -542,7 +544,7 @@ void ipset_cache_fini(void) { struct ipset *set; - + while (setlist) { set = setlist; setlist = setlist->next; |