summaryrefslogtreecommitdiffstats
path: root/lib/ipset.c
Commit message (Collapse)AuthorAgeFilesLines
* add ipset to nftables translation infrastructurePablo Neira Ayuso2021-06-261-1/+540
| | | | | | | | | | | | | | | | | | | | | This patch provides the ipset-translate utility which allows you to translate your existing ipset file to nftables. The ipset-translate utility is actually a symlink to ipset, which checks for 'argv[0] == ipset-translate' to exercise the translation path. You can translate your ipset file through: ipset-translate restore < sets.ipt This patch reuses the existing parser and API to represent the sets and the elements. There is a new ipset_xlate_set dummy object that allows to store a created set to fetch the type without interactions with the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
* lib: Detach restore routine from parserPablo Neira Ayuso2021-06-261-1/+4
| | | | | | | | | | | Do not call restore() from ipset_parser(). Instead, ipset_parser() returns the IPSET_CMD_RESTORE command and the caller invokes restore(). This patch comes in preparation for the ipset to nftables translation infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
* lib: split parser from command executionPablo Neira Ayuso2021-06-261-14/+30
| | | | | | | | | | | | ipset_parse_argv() parses, builds and send the netlink messages to the kernel. This patch extracts the parser and wrap it around the new ipset_parser() function. This patch comes is preparation for the ipset to nftables translation infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
* Handle -Werror=implicit-fallthrough= in debug mode compilingJozsef Kadlecsik2021-02-091-0/+2
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
* Argument parsing buffer overflow in ipset_parse_argv fixedJozsef Kadlecsik2021-01-191-0/+5
| | | | | | | Argument length checking was simply missing. Fixes netfilter bugzilla #1492, reported by Marshall Whittaker. Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
* ipset: update my email addressJozsef Kadlecsik2019-06-051-1/+1
| | | | | | | | | It's better to use my kadlec@netfilter.org email address in the source code. I might not be able to use kadlec@blackhole.kfki.hu in the future. Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Fix to list/save into file specified by optionJozsef Kadlecsik2018-11-101-2/+3
| | | | | list/save into file given by "-f filename" did not work in 7.0, reported by Isaac Good.
* Prepare the ipset tool to handle multiple protocol versionsJozsef Kadlecsik2018-10-221-0/+4
| | | | | From now on the "version" command asks the kernel protocol version too and reports if the userspace - kernel protocols do not match.
* Fix warning message handlingJozsef Kadlecsik2018-10-221-13/+11
| | | | | Warning messages were not printed and handled properly, the patch fixes the issue.
* Library reworked to support embedding ipset completelyJozsef Kadlecsik2018-10-181-0/+1472
The ipset library is rewritten/extended to support embedding ipset, so that sets can fully be managed without calling the ipset binary. The ipset binary relies completely on the new library. The libipset.3 manpage was written about the library functions and usage. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>