From 1e6e8bd9a62aa7cd72e13db9355badc96df18ee8 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Thu, 22 Apr 2010 16:50:57 +0200 Subject: Third stage to ipset-5 Refresh existing files in src/ with the new content. --- src/ipset_hash_ipportnet.c | 557 +++++++++++---------------------------------- 1 file changed, 135 insertions(+), 422 deletions(-) (limited to 'src/ipset_hash_ipportnet.c') diff --git a/src/ipset_hash_ipportnet.c b/src/ipset_hash_ipportnet.c index 3a60bf1..769304d 100644 --- a/src/ipset_hash_ipportnet.c +++ b/src/ipset_hash_ipportnet.c @@ -1,426 +1,139 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) +/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem*, str* */ - -#include "ipset.h" - -#include - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/* Initialize the create. */ -static void -ipportnethash_create_init(void *data) -{ - struct ip_set_req_ipportnethash_create *mydata = data; - - DP("create INIT"); - - /* Default create parameters */ - mydata->hashsize = 1024; - mydata->probes = 8; - mydata->resize = 50; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -ipportnethash_create_parse(int c, char *argv[] UNUSED, void *data, - unsigned *flags) -{ - struct ip_set_req_ipportnethash_create *mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - *flags |= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - *flags |= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - *flags |= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - if (mydata->to) - mydata->to = mydata->from | ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -ipportnethash_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_ipportnethash_create *mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { - /* --from --to */ - if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, +#include /* IPSET_OPT_* */ +#include /* parser functions */ +#include /* printing functions */ +#include /* prototypes */ + +/* Parse commandline arguments */ +static const struct ipset_arg hash_ipportnet_create_args[] = { + { .name = { "range", "--range", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_netrange, .print = ipset_print_ip, + }, + { .name = { "hashsize", "--hashsize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "maxelem", "--maxleme", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { .name = { "probes", "--probes", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES, + .parse = ipset_parse_uint8, .print = ipset_print_number, + }, + { .name = { "resize", "--resize", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE, + .parse = ipset_parse_uint8, .print = ipset_print_number, + }, + { .name = { "timeout", "--timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + /* Backward compatibility */ + { .name = { "--from", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_single_ip, + }, + { .name = { "--to", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO, + .parse = ipset_parse_single_ip, + }, + { .name = { "--network", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP, + .parse = ipset_parse_net, + }, + { }, +}; + +static const struct ipset_arg hash_ipportnet_add_args[] = { + { .name = { "timeout", "--timeout", NULL }, + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, + .parse = ipset_parse_uint32, .print = ipset_print_number, + }, + { }, +}; + +static const char hash_ipportnet_usage[] = +"create SETNAME hash:ip,port,net range IP/CIDR|FROM-TO\n" +" [family inet|inet6]\n" +" [hashsize VALUE] [maxelem VALUE]\n" +" [probes VALUE] [resize VALUE]\n" +" [timeout VALUE]\n" +"add SETNAME IP,PORT,IP/CIDR [timeout VALUE]\n" +"del SETNAME IP,PORT,IP/CIDR\n" +"test SETNAME IP,PORT,IP/CIDR\n"; + +struct ipset_type ipset_hash_ipportnet0 = { + .name = "hash:ip,port,net", + .alias = "ipportnethash", + .revision = 0, + .family = AF_INET46, + .dimension = IPSET_DIM_THREE, + .elem = { + [IPSET_DIM_ONE] = { + .parse = ipset_parse_single_ip, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO] = { + .parse = ipset_parse_single_port, + .print = ipset_print_port, + .opt = IPSET_OPT_PORT + }, + [IPSET_DIM_THREE] = { + .parse = ipset_parse_net, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP2 + }, + }, + .args = { + [IPSET_CREATE] = hash_ipportnet_create_args, + [IPSET_ADD] = hash_ipportnet_add_args, + }, + .mandatory = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_PROBES) + | IPSET_FLAG(IPSET_OPT_RESIZE) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_IP2) + | IPSET_FLAG(IPSET_OPT_CIDR2), + }, + + .usage = hash_ipportnet_usage, }; - -/* Add, del, test parser */ -static ip_set_ip_t -ipportnethash_adt_parser(int cmd, const char *arg, void *data) -{ - struct ip_set_req_ipportnethash *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - ip_set_ip_t cidr; - - DP("ipportnethash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port,net.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and network address must be specified: ip,port,net"); - - ptr = strsep(&tmp, ":%,"); - parse_port(ptr, &mydata->port); - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and network address must be specified: ip,port,net"); - - ptr = strsep(&tmp, "/"); - if (tmp == NULL) - if (cmd == CMD_TEST) - cidr = 32; - else - exit_error(PARAMETER_PROBLEM, - "Missing /cidr from `%s'", arg); - else - if (string_to_number(tmp, 1, 31, &cidr)) - exit_error(PARAMETER_PROBLEM, - "Out of range cidr `%s' specified", arg); - - mydata->cidr = cidr; - - parse_ip(ptr, &mydata->ip1); - ipset_free(saved); - return 1; -}; - -/* - * Print and save - */ - -static void -ipportnethash_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_ipportnethash_create *header = data; - struct ip_set_ipportnethash *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipportnethash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipportnethash_printheader(struct set *set, unsigned options) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static char buf[20]; - -static char * -unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) -{ - int i, j = 3; - unsigned char a, b; - - ip = htonl(ip); - for (i = 3; i >= 0; i--) - if (((unsigned char *)&ip)[i] != 0) { - j = i; - break; - } - - a = ((unsigned char *)&ip)[j]; - if (a <= 128) { - a = (a - 1) * 2; - b = 7; - } else if (a <= 192) { - a = (a - 129) * 4; - b = 6; - } else if (a <= 224) { - a = (a - 193) * 8; - b = 5; - } else if (a <= 240) { - a = (a - 225) * 16; - b = 4; - } else if (a <= 248) { - a = (a - 241) * 32; - b = 3; - } else if (a <= 252) { - a = (a - 249) * 64; - b = 2; - } else if (a <= 254) { - a = (a - 253) * 128; - b = 1; - } else { - a = b = 0; - } - ((unsigned char *)&ip)[j] = a; - b += j * 8; - - sprintf(buf, "%u.%u.%u.%u/%u", - ((unsigned char *)&ip)[0], - ((unsigned char *)&ip)[1], - ((unsigned char *)&ip)[2], - ((unsigned char *)&ip)[3], - b); - - DP("%s %s", ip_tostring(ntohl(ip), 0), buf); - return buf; -} - -static void -ipportnethash_printips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip *ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportnethash_saveheader(struct set *set, unsigned options) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP */ -static void -ipportnethash_saveips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip *ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportnethash_usage(void) -{ - printf - ("-N set ipportnethash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipportnethash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port,IP/net\n" - "-D set IP,port,IP/net\n" - "-T set IP,port,IP[/net]\n"); -} - -static struct settype settype_ipportnethash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_ipportnethash_create), - .create_init = ipportnethash_create_init, - .create_parse = ipportnethash_create_parse, - .create_final = ipportnethash_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_ipportnethash), - .adt_parser = ipportnethash_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_ipportnethash), - .initheader = ipportnethash_initheader, - .printheader = ipportnethash_printheader, - .printips = ipportnethash_printips, - .printips_sorted = ipportnethash_printips, - .saveheader = ipportnethash_saveheader, - .saveips = ipportnethash_saveips, - - .usage = ipportnethash_usage, -}; - -CONSTRUCTOR(ipportnethash) -{ - settype_register(&settype_ipportnethash); - -} -- cgit v1.2.3