From 9e0d9b82fb54cec29f35bbb59fcfa83e5e7d8654 Mon Sep 17 00:00:00 2001 From: Tomasz Chilinski Date: Thu, 5 May 2016 07:32:19 +0200 Subject: hash:ipmac type support added to ipset, userspace part Signed-off-by: Tomasz Chili??ski Signed-off-by: Jozsef Kadlecsik --- lib/Makefile.am | 1 + lib/ipset_hash_ipmac.c | 165 +++++++++++++++++++++++++++++++++++++++++++++++++ src/ipset.8 | 22 +++++++ 3 files changed, 188 insertions(+) create mode 100644 lib/ipset_hash_ipmac.c diff --git a/lib/Makefile.am b/lib/Makefile.am index 4a376ca..6990b0f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -14,6 +14,7 @@ IPSET_SETTYPE_LIST = \ ipset_hash_netportnet.c \ ipset_hash_netport.c \ ipset_hash_netiface.c \ + ipset_hash_ipmac.c \ ipset_hash_mac.c \ ipset_list_set.c diff --git a/lib/ipset_hash_ipmac.c b/lib/ipset_hash_ipmac.c new file mode 100644 index 0000000..4a2f3d3 --- /dev/null +++ b/lib/ipset_hash_ipmac.c @@ -0,0 +1,165 @@ +/* Copyright 2016 Tomasz Chilinski (tomasz.chilinski@chilan.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ +#include /* IPSET_OPT_* */ +#include /* parser functions */ +#include /* printing functions */ +#include /* prototypes */ + +/* Parse commandline arguments */ +static const struct ipset_arg hash_ipmac_create_args0[] = { + { .name = { "family", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, .print = ipset_print_family, + }, + /* Alias: family inet */ + { .name = { "-4", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + /* Alias: family inet6 */ + { .name = { "-6", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, + .parse = ipset_parse_family, + }, + { .name = { "hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "counters", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "comment", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "forceadd", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { .name = { "skbinfo", NULL }, + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_SKBINFO, + .parse = ipset_parse_flag, .print = ipset_print_flag, + }, + { }, +}; + +static const struct ipset_arg hash_ipmac_add_args0[] = { + { .name = { "timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_timeout, .print = ipset_print_number, + }, + { .name = { "packets", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "bytes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, + .parse = ipset_parse_uint64, .print = ipset_print_number, + }, + { .name = { "comment", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT, + .parse = ipset_parse_comment, .print = ipset_print_comment, + }, + { .name = { "skbmark", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBMARK, + .parse = ipset_parse_skbmark, .print = ipset_print_skbmark, + }, + { .name = { "skbprio", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBPRIO, + .parse = ipset_parse_skbprio, .print = ipset_print_skbprio, + }, + { .name = { "skbqueue", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBQUEUE, + .parse = ipset_parse_uint16, .print = ipset_print_number, + }, + { }, +}; + + +static const char hash_ipmac_usage0[] = +"create SETNAME hash:ip,mac\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [timeout VALUE]\n" +" [counters] [comment] [forceadd] [skbinfo]\n" +"add SETNAME IP,MAC [timeout VALUE]\n" +" [packets VALUE] [bytes VALUE] [comment \"string\"]\n" +" [skbmark VALUE] [skbprio VALUE] [skbqueue VALUE]\n" +"del SETNAME IP,MAC\n" +"test SETNAME IP,MAC\n"; + +static struct ipset_type ipset_hash_ipmac0 = { + .name = "hash:ip,mac", + .alias = { "ipmachash", NULL }, + .revision = 0, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_single6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_ether, + .print = ipset_print_ether, + .opt = IPSET_OPT_ETHER + }, + }, + .args = { + [IPSET_CREATE] = hash_ipmac_create_args0, + [IPSET_ADD] = hash_ipmac_add_args0, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_COUNTERS) + | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT) + | IPSET_FLAG(IPSET_OPT_FORCEADD) + | IPSET_FLAG(IPSET_OPT_SKBINFO), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_PACKETS) + | IPSET_FLAG(IPSET_OPT_BYTES) + | IPSET_FLAG(IPSET_OPT_ADT_COMMENT) + | IPSET_FLAG(IPSET_OPT_SKBMARK) + | IPSET_FLAG(IPSET_OPT_SKBPRIO) + | IPSET_FLAG(IPSET_OPT_SKBQUEUE), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_ETHER), + }, + + .usage = hash_ipmac_usage0, + .description = "Initial revision", +}; + +void _init(void) +{ + ipset_type_add(&ipset_hash_ipmac0); +} diff --git a/src/ipset.8 b/src/ipset.8 index a919afc..a578930 100644 --- a/src/ipset.8 +++ b/src/ipset.8 @@ -551,6 +551,28 @@ ipset add foo 01:02:03:04:05:06 .IP ipset test foo 01:02:03:04:05:06 +.SS hash:ip,mac +The \fBhash:ip,mac\fR set type uses a hash to store IP and a MAC address pairs. Zero valued MAC addresses cannot be stored in a \fBhash:ip,mac\fR +type of set. +.PP +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ] +.PP +\fIADD\-ENTRY\fR := \fIipaddr\fR,\fImacaddr\fR +.PP +\fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] [ \fBpackets\fR \fIvalue\fR ] [ \fBbytes\fR \fIvalue\fR ] [ \fBcomment\fR \fIstring\fR ] [ \fBskbmark\fR \fIvalue\fR ] [ \fBskbprio\fR \fIvalue\fR ] [ \fBskbqueue\fR \fIvalue\fR ] +.PP +\fIDEL\-ENTRY\fR := \fIipaddr\fR,\fImacaddr\fR +.PP +\fITEST\-ENTRY\fR := \fIipaddr\fR,\fImacaddr\fR +.PP +Examples: +.IP +ipset create foo hash:ip,mac +.IP +ipset add foo 1.1.1.1,01:02:03:04:05:06 +.IP +ipset test foo 1.1.1.1,01:02:03:04:05:06 + .SS hash:net The \fBhash:net\fR set type uses a hash to store different sized IP network addresses. Network address with zero prefix size cannot be stored in this type of sets. -- cgit v1.2.3