From 020936c8c3375e1efe44a3087c891a4b2cbfe044 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 22 Jun 2010 10:49:41 +0200 Subject: ipset 5: last new feature added - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage --- include/libipset/data.h | 2 + include/libipset/linux_ip_set.h | 74 +++++++++++++++++++----------------- include/libipset/linux_ip_set_hash.h | 2 + include/libipset/parse.h | 5 +++ include/libipset/print.h | 6 +++ include/libipset/session.h | 1 + 6 files changed, 55 insertions(+), 35 deletions(-) (limited to 'include/libipset') diff --git a/include/libipset/data.h b/include/libipset/data.h index 936b807..cb35393 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -44,6 +44,7 @@ enum ipset_opt { IPSET_OPT_NAMEREF, IPSET_OPT_IP2, IPSET_OPT_CIDR2, + IPSET_OPT_PROTO, /* Swap/rename to */ IPSET_OPT_SETNAME2, /* Flags */ @@ -93,6 +94,7 @@ enum ipset_opt { | IPSET_FLAG(IPSET_OPT_NAMEREF) \ | IPSET_FLAG(IPSET_OPT_IP2) \ | IPSET_FLAG(IPSET_OPT_CIDR2) \ + | IPSET_FLAG(IPSET_OPT_PROTO) \ | IPSET_FLAG(IPSET_OPT_CADT_FLAGS)\ | IPSET_FLAG(IPSET_OPT_BEFORE)) diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index 4af75ba..0ad2b14 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -20,47 +20,47 @@ /* Message types and commands */ enum ipset_cmd { IPSET_CMD_NONE, - IPSET_CMD_CREATE, /* Create a new (empty) set */ - IPSET_CMD_DESTROY, /* Remove a (empty) set */ - IPSET_CMD_FLUSH, /* Remove all elements from a set */ - IPSET_CMD_RENAME, /* Rename a set */ - IPSET_CMD_SWAP, /* Swap two sets */ - IPSET_CMD_LIST, /* List sets */ - IPSET_CMD_SAVE, /* Save sets */ - IPSET_CMD_ADD, /* Add an element to a set */ - IPSET_CMD_DEL, /* Delete an element from a set */ - IPSET_CMD_TEST, /* Test an element in a set */ - IPSET_CMD_HEADER, /* Get set header data only */ - IPSET_CMD_TYPE, /* Get set type */ - IPSET_CMD_PROTOCOL, /* Return protocol version */ + IPSET_CMD_CREATE, /* 1: Create a new (empty) set */ + IPSET_CMD_DESTROY, /* 2: Remove a (empty) set */ + IPSET_CMD_FLUSH, /* 3: Remove all elements from a set */ + IPSET_CMD_RENAME, /* 4: Rename a set */ + IPSET_CMD_SWAP, /* 5: Swap two sets */ + IPSET_CMD_LIST, /* 6: List sets */ + IPSET_CMD_SAVE, /* 7: Save sets */ + IPSET_CMD_ADD, /* 8: Add an element to a set */ + IPSET_CMD_DEL, /* 9: Delete an element from a set */ + IPSET_CMD_TEST, /* 10: Test an element in a set */ + IPSET_CMD_HEADER, /* 11: Get set header data only */ + IPSET_CMD_TYPE, /* 12: Get set type */ + IPSET_CMD_PROTOCOL, /* 13: Return protocol version */ IPSET_MSG_MAX, /* Netlink message commands */ /* Commands in userspace: */ - IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* Enter restore mode */ - IPSET_CMD_HELP, /* Get help */ - IPSET_CMD_VERSION, /* Get program version */ - IPSET_CMD_QUIT, /* Quit from interactive mode */ + IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ + IPSET_CMD_HELP, /* 15: Get help */ + IPSET_CMD_VERSION, /* 16: Get program version */ + IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ IPSET_CMD_MAX, - IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* Commit buffered commands */ + IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ }; /* Attributes at command level */ enum { IPSET_ATTR_UNSPEC, - IPSET_ATTR_PROTOCOL, /* Protocol version */ - IPSET_ATTR_SETNAME, /* Name of the set */ - IPSET_ATTR_TYPENAME, /* Typename */ + IPSET_ATTR_PROTOCOL, /* 1: Protocol version */ + IPSET_ATTR_SETNAME, /* 2: Name of the set */ + IPSET_ATTR_TYPENAME, /* 3: Typename */ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* rename/swap */ - IPSET_ATTR_REVISION, /* Settype revision */ - IPSET_ATTR_FAMILY, /* Settype family */ - IPSET_ATTR_FLAGS, /* Flags at command level */ - IPSET_ATTR_DATA, /* Nested attributes */ - IPSET_ATTR_ADT, /* Multiple data containers */ - IPSET_ATTR_LINENO, /* Restore lineno */ - IPSET_ATTR_PROTOCOL_MIN,/* Minimal supported version number */ - IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ + IPSET_ATTR_REVISION, /* 4: Settype revision */ + IPSET_ATTR_FAMILY, /* 5: Settype family */ + IPSET_ATTR_FLAGS, /* 6: Flags at command level */ + IPSET_ATTR_DATA, /* 7: Nested attributes */ + IPSET_ATTR_ADT, /* 8: Multiple data containers */ + IPSET_ATTR_LINENO, /* 9: Restore lineno */ + IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ + IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ __IPSET_ATTR_CMD_MAX, }; #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) @@ -69,13 +69,14 @@ enum { enum { IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, - IPSET_ATTR_IP_TO, - IPSET_ATTR_CIDR, - IPSET_ATTR_PORT, + IPSET_ATTR_IP_TO, /* 2 */ + IPSET_ATTR_CIDR, /* 3 */ + IPSET_ATTR_PORT, /* 4 */ IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, - IPSET_ATTR_PORT_TO, - IPSET_ATTR_TIMEOUT, - IPSET_ATTR_CADT_FLAGS, + IPSET_ATTR_PORT_TO, /* 5 */ + IPSET_ATTR_TIMEOUT, /* 6 */ + IPSET_ATTR_PROTO, /* 7 */ + IPSET_ATTR_CADT_FLAGS, /* 8 */ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* Reserve empty slots */ IPSET_ATTR_CADT_MAX = 16, @@ -147,4 +148,7 @@ enum ipset_adt { IPSET_CADT_MAX, }; +#define IPSET_IPPROTO_ANY 255 +#define IPSET_IPPROTO_TCPUDP 254 + #endif /* __IP_SET_H */ diff --git a/include/libipset/linux_ip_set_hash.h b/include/libipset/linux_ip_set_hash.h index 76d2489..db6977b 100644 --- a/include/libipset/linux_ip_set_hash.h +++ b/include/libipset/linux_ip_set_hash.h @@ -5,6 +5,8 @@ enum { IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC, IPSET_ERR_HASH_ELEM, + IPSET_ERR_INVALID_PROTO, + IPSET_ERR_MISSING_PROTO, }; #endif /* __IP_SET_HASH_H */ diff --git a/include/libipset/parse.h b/include/libipset/parse.h index 143e2b3..1e055ee 100644 --- a/include/libipset/parse.h +++ b/include/libipset/parse.h @@ -14,6 +14,7 @@ #define IPSET_RANGE_SEPARATOR "-" #define IPSET_ELEM_SEPARATOR "," #define IPSET_NAME_SEPARATOR "," +#define IPSET_PROTO_SEPARATOR ":" struct ipset_session; @@ -26,6 +27,10 @@ extern int ipset_parse_single_port(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_port(struct ipset_session *session, enum ipset_opt opt, const char *str); +extern int ipset_parse_proto(struct ipset_session *session, + enum ipset_opt opt, const char *str); +extern int ipset_parse_proto_port(struct ipset_session *session, + enum ipset_opt opt, const char *str); extern int ipset_parse_family(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_ip(struct ipset_session *session, diff --git a/include/libipset/print.h b/include/libipset/print.h index dbb70f3..1fc5abc 100644 --- a/include/libipset/print.h +++ b/include/libipset/print.h @@ -37,6 +37,12 @@ extern int ipset_print_name(char *buf, unsigned int len, extern int ipset_print_port(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); +extern int ipset_print_proto(char *buf, unsigned int len, + const struct ipset_data *data, enum ipset_opt opt, + uint8_t env); +extern int ipset_print_proto_port(char *buf, unsigned int len, + const struct ipset_data *data, + enum ipset_opt opt, uint8_t env); extern int ipset_print_flag(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); diff --git a/include/libipset/session.h b/include/libipset/session.h index cc0940e..02e8b36 100644 --- a/include/libipset/session.h +++ b/include/libipset/session.h @@ -23,6 +23,7 @@ struct ipset_handle; extern struct ipset_data * ipset_session_data(const struct ipset_session *session); extern struct ipset_handle * ipset_session_handle(const struct ipset_session *session); +extern const struct ipset_type * ipset_saved_type(const struct ipset_session *session); enum ipset_err_type { IPSET_ERROR, -- cgit v1.2.3