From f713cb1e105740c29c0a0906f4eb0ba375f64491 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Thu, 22 Apr 2010 16:48:33 +0200 Subject: Second stage to ipset-5 Rename files in src/ according to the new naming convention. --- src/ipset.h | 200 --------------------- src/ipset_bitmap_ip.c | 376 +++++++++++++++++++++++++++++++++++++++ src/ipset_bitmap_ipmac.c | 382 ++++++++++++++++++++++++++++++++++++++++ src/ipset_bitmap_port.c | 272 +++++++++++++++++++++++++++++ src/ipset_hash_ip.c | 279 +++++++++++++++++++++++++++++ src/ipset_hash_ipport.c | 350 +++++++++++++++++++++++++++++++++++++ src/ipset_hash_ipportip.c | 361 ++++++++++++++++++++++++++++++++++++++ src/ipset_hash_ipportnet.c | 426 +++++++++++++++++++++++++++++++++++++++++++++ src/ipset_hash_net.c | 308 ++++++++++++++++++++++++++++++++ src/ipset_iphash.c | 279 ----------------------------- src/ipset_ipmap.c | 376 --------------------------------------- src/ipset_ipporthash.c | 350 ------------------------------------- src/ipset_ipportiphash.c | 361 -------------------------------------- src/ipset_ipportnethash.c | 426 --------------------------------------------- src/ipset_iptree.c | 224 ------------------------ src/ipset_list_set.c | 229 ++++++++++++++++++++++++ src/ipset_macipmap.c | 382 ---------------------------------------- src/ipset_nethash.c | 308 -------------------------------- src/ipset_portmap.c | 272 ----------------------------- src/ipset_setlist.c | 229 ------------------------ src/ipset_tree_ip.c | 224 ++++++++++++++++++++++++ 21 files changed, 3207 insertions(+), 3407 deletions(-) delete mode 100644 src/ipset.h create mode 100644 src/ipset_bitmap_ip.c create mode 100644 src/ipset_bitmap_ipmac.c create mode 100644 src/ipset_bitmap_port.c create mode 100644 src/ipset_hash_ip.c create mode 100644 src/ipset_hash_ipport.c create mode 100644 src/ipset_hash_ipportip.c create mode 100644 src/ipset_hash_ipportnet.c create mode 100644 src/ipset_hash_net.c delete mode 100644 src/ipset_iphash.c delete mode 100644 src/ipset_ipmap.c delete mode 100644 src/ipset_ipporthash.c delete mode 100644 src/ipset_ipportiphash.c delete mode 100644 src/ipset_ipportnethash.c delete mode 100644 src/ipset_iptree.c create mode 100644 src/ipset_list_set.c delete mode 100644 src/ipset_macipmap.c delete mode 100644 src/ipset_nethash.c delete mode 100644 src/ipset_portmap.c delete mode 100644 src/ipset_setlist.c create mode 100644 src/ipset_tree_ip.c (limited to 'src') diff --git a/src/ipset.h b/src/ipset.h deleted file mode 100644 index c49418d..0000000 --- a/src/ipset.h +++ /dev/null @@ -1,200 +0,0 @@ -#ifndef __IPSET_H -#define __IPSET_H - -/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* struct option */ -#include -#include - -#include - -#define IPSET_LIB_NAME "/libipset_%s.so" -#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" - -#define LIST_TRIES 5 - -#ifdef IPSET_DEBUG -extern int option_debug; -#define DP(format, args...) if (option_debug) \ - do { \ - fprintf(stderr, "%s: %s (DBG): ", __FILE__, __FUNCTION__);\ - fprintf(stderr, format "\n" , ## args); \ - } while (0) -#else -#define DP(format, args...) -#endif - -/* Commands */ -enum set_commands { - CMD_NONE, - CMD_CREATE, /* -N */ - CMD_DESTROY, /* -X */ - CMD_FLUSH, /* -F */ - CMD_RENAME, /* -E */ - CMD_SWAP, /* -W */ - CMD_LIST, /* -L */ - CMD_SAVE, /* -S */ - CMD_RESTORE, /* -R */ - CMD_ADD, /* -A */ - CMD_DEL, /* -D */ - CMD_TEST, /* -T */ - CMD_HELP, /* -H */ - CMD_VERSION, /* -V */ - NUMBER_OF_CMD = CMD_VERSION, - /* Internal commands */ - CMD_MAX_SETS, - CMD_LIST_SIZE, - CMD_SAVE_SIZE, - CMD_ADT_GET, -}; - -enum exittype { - OTHER_PROBLEM = 1, - PARAMETER_PROBLEM, - VERSION_PROBLEM -}; - -/* The view of an ipset in userspace */ -struct set { - char name[IP_SET_MAXNAMELEN]; /* Name of the set */ - ip_set_id_t id; /* Unique set id */ - ip_set_id_t index; /* Array index */ - unsigned ref; /* References in kernel */ - struct settype *settype; /* Pointer to set type functions */ -}; - -struct settype { - struct settype *next; - - char typename[IP_SET_MAXNAMELEN]; - - int protocol_version; - - /* - * Create set - */ - - /* Size of create data. Will be sent to kernel */ - u_int32_t create_size; - - /* Initialize the create. */ - void (*create_init) (void *data); - - /* Function which parses command options; returns true if it ate an option */ - int (*create_parse) (int c, char *argv[], void *data, - unsigned *flags); - - /* Final check; exit if not ok. */ - void (*create_final) (void *data, unsigned int flags); - - /* Pointer to list of extra command-line options for create */ - const struct option *create_opts; - - /* - * Add/del/test IP - */ - - /* Size of data. Will be sent to kernel */ - u_int32_t adt_size; - - /* Function which parses command options */ - ip_set_ip_t (*adt_parser) (int cmd, const char *optarg, void *data); - - /* - * Printing - */ - - /* Size of header. */ - u_int32_t header_size; - - /* Initialize the type-header */ - void (*initheader) (struct set *set, const void *data); - - /* Pretty print the type-header */ - void (*printheader) (struct set *set, unsigned options); - - /* Pretty print all IPs */ - void (*printips) (struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align); - - /* Pretty print all IPs sorted */ - void (*printips_sorted) (struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align); - - /* Print save arguments for creating the set */ - void (*saveheader) (struct set *set, unsigned options); - - /* Print save for all IPs */ - void (*saveips) (struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align); - - /* Print usage */ - void (*usage) (void); - - /* Internal data */ - void *header; - void *data; - int option_offset; - unsigned int flags; -}; - -extern void settype_register(struct settype *settype); - -/* extern void unregister_settype(set_type_t *set_type); */ - -extern void exit_error(int status, const char *msg, ...); - -extern char *binding_ip_tostring(struct set *set, - ip_set_ip_t ip, unsigned options); -extern char *ip_tostring(ip_set_ip_t ip, unsigned options); -extern char *ip_tostring_numeric(ip_set_ip_t ip); -extern void parse_ip(const char *str, ip_set_ip_t * ip); -extern void parse_mask(const char *str, ip_set_ip_t * mask); -extern void parse_ipandmask(const char *str, ip_set_ip_t * ip, - ip_set_ip_t * mask); -extern char *port_tostring(ip_set_ip_t port, unsigned options); -extern void parse_port(const char *str, ip_set_ip_t * port); -extern int string_to_number(const char *str, unsigned int min, unsigned int max, - ip_set_ip_t *port); - -extern void *ipset_malloc(size_t size); -extern char *ipset_strdup(const char *); -extern void ipset_free(void *data); - -extern struct set *set_find_byname(const char *name); -extern struct set *set_find_byid(ip_set_id_t id); - -extern unsigned warn_once; - -#define BITS_PER_LONG (8*sizeof(ip_set_ip_t)) -#define BIT_WORD(nr) ((nr) / BITS_PER_LONG) - -static inline int test_bit(int nr, const ip_set_ip_t *addr) -{ - return 1 & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1))); -} - -#define UNUSED __attribute__ ((unused)) -#define CONSTRUCTOR(module) \ -void __attribute__ ((constructor)) module##_init(void); \ -void module##_init(void) - -#endif /* __IPSET_H */ diff --git a/src/ipset_bitmap_ip.c b/src/ipset_bitmap_ip.c new file mode 100644 index 0000000..87b8e69 --- /dev/null +++ b/src/ipset_bitmap_ip.c @@ -0,0 +1,376 @@ +/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu) + * Patrick Schaaf (bof@bof.de) + * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* *printf */ +#include /* mem* */ + +#include "ipset.h" + +#include + +#define BUFLEN 30; + +#define OPT_CREATE_FROM 0x01U +#define OPT_CREATE_TO 0x02U +#define OPT_CREATE_NETWORK 0x04U +#define OPT_CREATE_NETMASK 0x08U + +#define OPT_ADDDEL_IP 0x01U + +/* Initialize the create. */ +static void +ipmap_create_init(void *data) +{ + struct ip_set_req_ipmap_create *mydata = data; + + DP("create INIT"); + mydata->netmask = 0xFFFFFFFF; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +ipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) +{ + struct ip_set_req_ipmap_create *mydata = data; + unsigned int bits; + + DP("create_parse"); + + switch (c) { + case '1': + parse_ip(optarg, &mydata->from); + + *flags |= OPT_CREATE_FROM; + + DP("--from %x (%s)", mydata->from, + ip_tostring_numeric(mydata->from)); + + break; + + case '2': + parse_ip(optarg, &mydata->to); + + *flags |= OPT_CREATE_TO; + + DP("--to %x (%s)", mydata->to, + ip_tostring_numeric(mydata->to)); + + break; + + case '3': + parse_ipandmask(optarg, &mydata->from, &mydata->to); + + /* Make to the last of from + mask */ + if (mydata->to) + mydata->to = mydata->from | ~(mydata->to); + else { + mydata->from = 0x00000000; + mydata->to = 0xFFFFFFFF; + } + *flags |= OPT_CREATE_NETWORK; + + DP("--network from %x (%s)", + mydata->from, ip_tostring_numeric(mydata->from)); + DP("--network to %x (%s)", + mydata->to, ip_tostring_numeric(mydata->to)); + + break; + + case '4': + if (string_to_number(optarg, 0, 32, &bits)) + exit_error(PARAMETER_PROBLEM, + "Invalid netmask `%s' specified", optarg); + + if (bits != 0) + mydata->netmask = 0xFFFFFFFF << (32 - bits); + + *flags |= OPT_CREATE_NETMASK; + + DP("--netmask %x", mydata->netmask); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +ipmap_create_final(void *data, unsigned int flags) +{ + struct ip_set_req_ipmap_create *mydata = data; + ip_set_ip_t range; + + if (flags == 0) + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to, or --network\n"); + + if (flags & OPT_CREATE_NETWORK) { + /* --network */ + if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Can't specify --from or --to with --network\n"); + } else { + /* --from --to */ + if ((flags & OPT_CREATE_FROM) == 0 + || (flags & OPT_CREATE_TO) == 0) + exit_error(PARAMETER_PROBLEM, + "Need to specify both --from and --to\n"); + } + + DP("from : %x to: %x diff: %x", + mydata->from, mydata->to, + mydata->to - mydata->from); + + if (mydata->from > mydata->to) + exit_error(PARAMETER_PROBLEM, + "From can't be lower than to.\n"); + + if (flags & OPT_CREATE_NETMASK) { + unsigned int mask_bits, netmask_bits; + ip_set_ip_t mask; + + if ((mydata->from & mydata->netmask) != mydata->from) + exit_error(PARAMETER_PROBLEM, + "%s is not a network address according to netmask %d\n", + ip_tostring_numeric(mydata->from), + mask_to_bits(mydata->netmask)); + + mask = range_to_mask(mydata->from, mydata->to, &mask_bits); + if (!mask + && (mydata->from || mydata->to != 0xFFFFFFFF)) { + exit_error(PARAMETER_PROBLEM, + "You have to define a full network with --from" + " and --to if you specify the --network option\n"); + } + netmask_bits = mask_to_bits(mydata->netmask); + if (netmask_bits <= mask_bits) { + exit_error(PARAMETER_PROBLEM, + "%d netmask specifies larger or equal netblock than the network itself\n"); + } + range = (1<<(netmask_bits - mask_bits)) - 1; + } else { + range = mydata->to - mydata->from; + } + if (range > MAX_RANGE) + exit_error(PARAMETER_PROBLEM, + "Range too large. Max is %d IPs in range\n", + MAX_RANGE+1); +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "from", .has_arg = required_argument, .val = '1'}, + {.name = "to", .has_arg = required_argument, .val = '2'}, + {.name = "network", .has_arg = required_argument, .val = '3'}, + {.name = "netmask", .has_arg = required_argument, .val = '4'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +ipmap_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_ipmap *mydata = data; + + DP("ipmap: %p %p", arg, data); + + parse_ip(arg, &mydata->ip); + DP("%s", ip_tostring_numeric(mydata->ip)); + + return 1; +} + +/* + * Print and save + */ + +static void +ipmap_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_ipmap_create *header = data; + struct ip_set_ipmap *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_ipmap)); + map->first_ip = header->from; + map->last_ip = header->to; + map->netmask = header->netmask; + + if (map->netmask == 0xFFFFFFFF) { + map->hosts = 1; + map->sizeid = map->last_ip - map->first_ip + 1; + } else { + unsigned int mask_bits, netmask_bits; + ip_set_ip_t mask; + + mask = range_to_mask(header->from, header->to, &mask_bits); + netmask_bits = mask_to_bits(header->netmask); + + DP("bits: %d %d", mask_bits, netmask_bits); + map->hosts = 2 << (32 - netmask_bits - 1); + map->sizeid = 2 << (netmask_bits - mask_bits - 1); + } + + DP("%d %d", map->hosts, map->sizeid ); +} + +static void +ipmap_printheader(struct set *set, unsigned options) +{ + struct ip_set_ipmap *mysetdata = set->settype->header; + + printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); + printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); + if (mysetdata->netmask == 0xFFFFFFFF) + printf("\n"); + else + printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); +} + +static inline void +__ipmap_printips_sorted(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options) +{ + struct ip_set_ipmap *mysetdata = set->settype->header; + ip_set_ip_t id; + + for (id = 0; id < mysetdata->sizeid; id++) + if (test_bit(id, data)) + printf("%s\n", + ip_tostring(mysetdata->first_ip + + id * mysetdata->hosts, + options)); +} + +static void +ipmap_printips_sorted(struct set *set, void *data, + u_int32_t len, unsigned options, + char dont_align) +{ + ip_set_ip_t *ip; + size_t offset = 0; + + if (dont_align) + return __ipmap_printips_sorted(set, data, len, options); + + while (offset < len) { + DP("offset: %zu, len %u\n", offset, len); + ip = data + offset; + printf("%s\n", ip_tostring(*ip, options)); + offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); + } +} + +static void +ipmap_saveheader(struct set *set, unsigned options) +{ + struct ip_set_ipmap *mysetdata = set->settype->header; + + printf("-N %s %s --from %s", + set->name, set->settype->typename, + ip_tostring(mysetdata->first_ip, options)); + printf(" --to %s", + ip_tostring(mysetdata->last_ip, options)); + if (mysetdata->netmask == 0xFFFFFFFF) + printf("\n"); + else + printf(" --netmask %d\n", + mask_to_bits(mysetdata->netmask)); +} + +static inline void +__ipmap_saveips(struct set *set, void *data, u_int32_t len UNUSED, + unsigned options) +{ + struct ip_set_ipmap *mysetdata = set->settype->header; + ip_set_ip_t id; + + DP("%s", set->name); + for (id = 0; id < mysetdata->sizeid; id++) + if (test_bit(id, data)) + printf("-A %s %s\n", + set->name, + ip_tostring(mysetdata->first_ip + + id * mysetdata->hosts, + options)); +} + +static void +ipmap_saveips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + ip_set_ip_t *ip; + size_t offset = 0; + + if (dont_align) + return __ipmap_saveips(set, data, len, options); + + while (offset < len) { + ip = data + offset; + printf("-A %s %s\n", set->name, ip_tostring(*ip, options)); + offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); + } +} + +static void +ipmap_usage(void) +{ + printf + ("-N set ipmap --from IP --to IP [--netmask CIDR-netmask]\n" + "-N set ipmap --network IP/mask [--netmask CIDR-netmask]\n" + "-A set IP\n" + "-D set IP\n" + "-T set IP\n"); +} + +static struct settype settype_ipmap = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_ipmap_create), + .create_init = ipmap_create_init, + .create_parse = ipmap_create_parse, + .create_final = ipmap_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_ipmap), + .adt_parser = ipmap_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_ipmap), + .initheader = ipmap_initheader, + .printheader = ipmap_printheader, + .printips = ipmap_printips_sorted, + .printips_sorted = ipmap_printips_sorted, + .saveheader = ipmap_saveheader, + .saveips = ipmap_saveips, + + .usage = ipmap_usage, +}; + +CONSTRUCTOR(ipmap) +{ + settype_register(&settype_ipmap); + +} diff --git a/src/ipset_bitmap_ipmac.c b/src/ipset_bitmap_ipmac.c new file mode 100644 index 0000000..fb97cae --- /dev/null +++ b/src/ipset_bitmap_ipmac.c @@ -0,0 +1,382 @@ +/* Copyright 2000, 2001, 2002 Joakim Axelsson (gozem@linux.nu) + * Patrick Schaaf (bof@bof.de) + * Martin Josefsson (gandalf@wlug.westbo.se) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include /* *printf */ +#include /* mem* */ +#include /* str* */ +#include /* ETH_ALEN */ + +#include "ipset.h" + +#include + +#define BUFLEN 30; + +#define OPT_CREATE_FROM 0x01U +#define OPT_CREATE_TO 0x02U +#define OPT_CREATE_NETWORK 0x04U +#define OPT_CREATE_MATCHUNSET 0x08U + +#define OPT_ADDDEL_IP 0x01U +#define OPT_ADDDEL_MAC 0x02U + +/* Initialize the create. */ +static void +macipmap_create_init(void *data UNUSED) +{ + DP("create INIT"); + /* Nothing */ +} + +/* Function which parses command options; returns true if it ate an option */ +static int +macipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) +{ + struct ip_set_req_macipmap_create *mydata = data; + + DP("create_parse"); + + switch (c) { + case '1': + parse_ip(optarg, &mydata->from); + + *flags |= OPT_CREATE_FROM; + + DP("--from %x (%s)", mydata->from, + ip_tostring_numeric(mydata->from)); + + break; + + case '2': + parse_ip(optarg, &mydata->to); + + *flags |= OPT_CREATE_TO; + + DP("--to %x (%s)", mydata->to, + ip_tostring_numeric(mydata->to)); + + break; + + case '3': + parse_ipandmask(optarg, &mydata->from, &mydata->to); + + /* Make to the last of from + mask */ + mydata->to = mydata->from | (~mydata->to); + + *flags |= OPT_CREATE_NETWORK; + + DP("--network from %x (%s)", + mydata->from, ip_tostring_numeric(mydata->from)); + DP("--network to %x (%s)", + mydata->to, ip_tostring_numeric(mydata->to)); + + break; + + case '4': + mydata->flags |= IPSET_MACIP_MATCHUNSET; + + *flags |= OPT_CREATE_MATCHUNSET; + + DP("--matchunset"); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +macipmap_create_final(void *data, unsigned int flags) +{ + struct ip_set_req_macipmap_create *mydata = data; + + if (flags == 0) + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to, or --network\n"); + + if (flags & OPT_CREATE_NETWORK) { + /* --network */ + if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Can't specify --from or --to with --network\n"); + } else { + /* --from --to */ + if ((flags & OPT_CREATE_FROM) == 0 + || (flags & OPT_CREATE_TO) == 0) + exit_error(PARAMETER_PROBLEM, + "Need to specify both --from and --to\n"); + } + + + DP("from : %x to: %x diff: %d match unset: %d", mydata->from, + mydata->to, mydata->to - mydata->from, + flags & OPT_CREATE_MATCHUNSET); + + if (mydata->from > mydata->to) + exit_error(PARAMETER_PROBLEM, + "From can't be lower than to.\n"); + + if (mydata->to - mydata->from > MAX_RANGE) + exit_error(PARAMETER_PROBLEM, + "Range too large. Max is %d IPs in range\n", + MAX_RANGE+1); +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "from", .has_arg = required_argument, .val = '1'}, + {.name = "to", .has_arg = required_argument, .val = '2'}, + {.name = "network", .has_arg = required_argument, .val = '3'}, + {.name = "matchunset", .has_arg = no_argument, .val = '4'}, + {NULL}, +}; + +static void +parse_mac(const char *mac, unsigned char *ethernet) +{ + unsigned int i = 0; + + if (strlen(mac) != ETH_ALEN * 3 - 1) + exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac); + + for (i = 0; i < ETH_ALEN; i++) { + long number; + char *end; + + number = strtol(mac + i * 3, &end, 16); + + if (end == mac + i * 3 + 2 && number >= 0 && number <= 255) + ethernet[i] = number; + else + exit_error(PARAMETER_PROBLEM, + "Bad mac address `%s'", mac); + } +} + +/* Add, del, test parser */ +static ip_set_ip_t +macipmap_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_macipmap *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + + DP("macipmap: %p %p", arg, data); + + ptr = strsep(&tmp, ","); + if (!tmp) { + tmp = saved; + ptr = strsep(&tmp, ":%"); + if (tmp && ++warn_once == 1) + fprintf(stderr, "Warning: please use ',' separator token between ip,mac.\n" + "Next release won't support old separator tokens.\n"); + } + parse_ip(ptr, &mydata->ip); + + if (tmp) + parse_mac(tmp, mydata->ethernet); + else + memset(mydata->ethernet, 0, ETH_ALEN); + + free(saved); + + return 1; +} + +/* + * Print and save + */ + +static void +macipmap_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_macipmap_create *header = data; + struct ip_set_macipmap *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_macipmap)); + map->first_ip = header->from; + map->last_ip = header->to; + map->flags = header->flags; +} + +static void +macipmap_printheader(struct set *set, unsigned options) +{ + struct ip_set_macipmap *mysetdata = set->settype->header; + + printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); + printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); + + if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) + printf(" matchunset"); + printf("\n"); +} + +static void +print_mac(unsigned char macaddress[ETH_ALEN]) +{ + unsigned int i; + + printf("%02X", macaddress[0]); + for (i = 1; i < ETH_ALEN; i++) + printf(":%02X", macaddress[i]); +} + +static inline void +__macipmap_printips_sorted(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options) +{ + struct ip_set_macipmap *mysetdata = set->settype->header; + struct ip_set_macip *table = data; + u_int32_t addr = mysetdata->first_ip; + + while (addr <= mysetdata->last_ip) { + if (table[addr - mysetdata->first_ip].match) { + printf("%s,", ip_tostring(addr, options)); + print_mac(table[addr - mysetdata->first_ip]. + ethernet); + printf("\n"); + } + addr++; + } +} + +static void +macipmap_printips_sorted(struct set *set, void *data, + u_int32_t len, unsigned options, + char dont_align) +{ + struct ip_set_req_macipmap *d; + size_t offset = 0; + + if (dont_align) + return __macipmap_printips_sorted(set, data, len, options); + + while (offset < len) { + d = data + offset; + printf("%s,", ip_tostring(d->ip, options)); + print_mac(d->ethernet); + printf("\n"); + offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); + } +} + +static void +macipmap_saveheader(struct set *set, unsigned options) +{ + struct ip_set_macipmap *mysetdata = set->settype->header; + + printf("-N %s %s --from %s", + set->name, set->settype->typename, + ip_tostring(mysetdata->first_ip, options)); + printf(" --to %s", ip_tostring(mysetdata->last_ip, options)); + + if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) + printf(" --matchunset"); + printf("\n"); +} + +static inline void +__macipmap_saveips(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options) +{ + struct ip_set_macipmap *mysetdata = set->settype->header; + struct ip_set_macip *table = data; + u_int32_t addr = mysetdata->first_ip; + + while (addr <= mysetdata->last_ip) { + if (table[addr - mysetdata->first_ip].match) { + printf("-A %s %s,", + set->name, ip_tostring(addr, options)); + print_mac(table[addr - mysetdata->first_ip]. + ethernet); + printf("\n"); + } + addr++; + } +} + +static void +macipmap_saveips(struct set *set, void *data, + u_int32_t len, unsigned options, + char dont_align) +{ + struct ip_set_req_macipmap *d; + size_t offset = 0; + + if (dont_align) + return __macipmap_saveips(set, data, len, options); + + while (offset < len) { + d = data + offset; + printf("-A %s %s,", set->name, ip_tostring(d->ip, options)); + print_mac(d->ethernet); + printf("\n"); + offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); + } +} + +static void +macipmap_usage(void) +{ + printf + ("-N set macipmap --from IP --to IP [--matchunset]\n" + "-N set macipmap --network IP/mask [--matchunset]\n" + "-A set IP[,MAC]\n" + "-D set IP[,MAC]\n" + "-T set IP[,MAC]\n"); +} + +static struct settype settype_macipmap = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_macipmap_create), + .create_init = macipmap_create_init, + .create_parse = macipmap_create_parse, + .create_final = macipmap_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_macipmap), + .adt_parser = macipmap_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_macipmap), + .initheader = macipmap_initheader, + .printheader = macipmap_printheader, + .printips = macipmap_printips_sorted, + .printips_sorted = macipmap_printips_sorted, + .saveheader = macipmap_saveheader, + .saveips = macipmap_saveips, + + .usage = macipmap_usage, +}; + +CONSTRUCTOR(macipmap) +{ + settype_register(&settype_macipmap); + +} diff --git a/src/ipset_bitmap_port.c b/src/ipset_bitmap_port.c new file mode 100644 index 0000000..a1065ae --- /dev/null +++ b/src/ipset_bitmap_port.c @@ -0,0 +1,272 @@ +/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include /* *printf */ +#include /* mem* */ + +#include "ipset.h" + +#include + +#define BUFLEN 30; + +#define OPT_CREATE_FROM 0x01U +#define OPT_CREATE_TO 0x02U + +#define OPT_ADDDEL_PORT 0x01U + +/* Initialize the create. */ +static void +portmap_create_init(void *data UNUSED) +{ + DP("create INIT"); + /* Nothing */ +} + +/* Function which parses command options; returns true if it ate an option */ +static int +portmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) +{ + struct ip_set_req_portmap_create *mydata = data; + + DP("create_parse"); + + switch (c) { + case '1': + parse_port(optarg, &mydata->from); + + *flags |= OPT_CREATE_FROM; + + DP("--from %x (%s)", mydata->from, + port_tostring(mydata->from, 0)); + + break; + + case '2': + parse_port(optarg, &mydata->to); + + *flags |= OPT_CREATE_TO; + + DP("--to %x (%s)", mydata->to, + port_tostring(mydata->to, 0)); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +portmap_create_final(void *data, unsigned int flags) +{ + struct ip_set_req_portmap_create *mydata = data; + + if (flags == 0) { + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to\n"); + } else { + /* --from --to */ + if ((flags & OPT_CREATE_FROM) == 0 + || (flags & OPT_CREATE_TO) == 0) + exit_error(PARAMETER_PROBLEM, + "Need to specify both --from and --to\n"); + } + + DP("from : %x to: %x diff: %d", mydata->from, mydata->to, + mydata->to - mydata->from); + + if (mydata->from > mydata->to) + exit_error(PARAMETER_PROBLEM, + "From can't be lower than to.\n"); + + if (mydata->to - mydata->from > MAX_RANGE) + exit_error(PARAMETER_PROBLEM, + "Range too large. Max is %d ports in range\n", + MAX_RANGE+1); +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "from", .has_arg = required_argument, .val = '1'}, + {.name = "to", .has_arg = required_argument, .val = '2'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +portmap_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_portmap *mydata = data; + + parse_port(arg, &mydata->ip); + DP("%s", port_tostring(mydata->ip, 0)); + + return 1; +} + +/* + * Print and save + */ + +static void +portmap_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_portmap_create *header = data; + struct ip_set_portmap *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_portmap)); + map->first_ip = header->from; + map->last_ip = header->to; +} + +static void +portmap_printheader(struct set *set, unsigned options) +{ + struct ip_set_portmap *mysetdata = set->settype->header; + + printf(" from: %s", port_tostring(mysetdata->first_ip, options)); + printf(" to: %s\n", port_tostring(mysetdata->last_ip, options)); +} + +static inline void +__portmap_printips_sorted(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options) +{ + struct ip_set_portmap *mysetdata = set->settype->header; + ip_set_ip_t addr = mysetdata->first_ip; + + DP("%u -- %u", mysetdata->first_ip, mysetdata->last_ip); + while (addr <= mysetdata->last_ip) { + if (test_bit(addr - mysetdata->first_ip, data)) + printf("%s\n", port_tostring(addr, options)); + addr++; + } +} + +static void +portmap_printips_sorted(struct set *set, void *data, + u_int32_t len, unsigned options, + char dont_align) +{ + ip_set_ip_t *ip; + size_t offset = 0; + + if (dont_align) + return __portmap_printips_sorted(set, data, len, options); + + while (offset < len) { + ip = data + offset; + printf("%s\n", port_tostring(*ip, options)); + offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); + } +} + +static void +portmap_saveheader(struct set *set, unsigned options) +{ + struct ip_set_portmap *mysetdata = set->settype->header; + + printf("-N %s %s --from %s", + set->name, + set->settype->typename, + port_tostring(mysetdata->first_ip, options)); + printf(" --to %s\n", + port_tostring(mysetdata->last_ip, options)); +} + +static inline void +__portmap_saveips(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options) +{ + struct ip_set_portmap *mysetdata = set->settype->header; + ip_set_ip_t addr = mysetdata->first_ip; + + while (addr <= mysetdata->last_ip) { + DP("addr: %lu, last_ip %lu", (long unsigned)addr, (long unsigned)mysetdata->last_ip); + if (test_bit(addr - mysetdata->first_ip, data)) + printf("-A %s %s\n", + set->name, + port_tostring(addr, options)); + addr++; + } +} + +static void +portmap_saveips(struct set *set, void *data, + u_int32_t len, unsigned options, + char dont_align) +{ + ip_set_ip_t *ip; + size_t offset = 0; + + if (dont_align) + return __portmap_saveips(set, data, len, options); + + while (offset < len) { + ip = data + offset; + printf("-A %s %s\n", set->name, port_tostring(*ip, options)); + offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); + } +} + +static void +portmap_usage(void) +{ + printf + ("-N set portmap --from PORT --to PORT\n" + "-A set PORT\n" + "-D set PORT\n" + "-T set PORT\n"); +} + +static struct settype settype_portmap = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_portmap_create), + .create_init = portmap_create_init, + .create_parse = portmap_create_parse, + .create_final = portmap_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_portmap), + .adt_parser = portmap_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_portmap), + .initheader = portmap_initheader, + .printheader = portmap_printheader, + .printips = portmap_printips_sorted, + .printips_sorted = portmap_printips_sorted, + .saveheader = portmap_saveheader, + .saveips = portmap_saveips, + + .usage = portmap_usage, +}; + +CONSTRUCTOR(portmap) +{ + settype_register(&settype_portmap); + +} diff --git a/src/ipset_hash_ip.c b/src/ipset_hash_ip.c new file mode 100644 index 0000000..0bc5bd1 --- /dev/null +++ b/src/ipset_hash_ip.c @@ -0,0 +1,279 @@ +/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* UINT_MAX */ +#include /* *printf */ +#include /* mem* */ + +#include "ipset.h" + +#include + +#define BUFLEN 30; + +#define OPT_CREATE_HASHSIZE 0x01U +#define OPT_CREATE_PROBES 0x02U +#define OPT_CREATE_RESIZE 0x04U +#define OPT_CREATE_NETMASK 0x08U + +/* Initialize the create. */ +static void +iphash_create_init(void *data) +{ + struct ip_set_req_iphash_create *mydata = data; + + DP("create INIT"); + + /* Default create parameters */ + mydata->hashsize = 1024; + mydata->probes = 8; + mydata->resize = 50; + + mydata->netmask = 0xFFFFFFFF; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +iphash_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) +{ + struct ip_set_req_iphash_create *mydata = + (struct ip_set_req_iphash_create *) data; + unsigned int bits; + ip_set_ip_t value; + + DP("create_parse"); + + switch (c) { + case '1': + + if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) + exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); + + *flags |= OPT_CREATE_HASHSIZE; + + DP("--hashsize %u", mydata->hashsize); + + break; + + case '2': + + if (string_to_number(optarg, 1, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); + + mydata->probes = value; + *flags |= OPT_CREATE_PROBES; + + DP("--probes %u", mydata->probes); + + break; + + case '3': + + if (string_to_number(optarg, 0, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); + + mydata->resize = value; + *flags |= OPT_CREATE_RESIZE; + + DP("--resize %u", mydata->resize); + + break; + + case '4': + + if (string_to_number(optarg, 0, 32, &bits)) + exit_error(PARAMETER_PROBLEM, + "Invalid netmask `%s' specified", optarg); + + if (bits != 0) + mydata->netmask = 0xFFFFFFFF << (32 - bits); + + *flags |= OPT_CREATE_NETMASK; + + DP("--netmask %x", mydata->netmask); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +iphash_create_final(void *data UNUSED, unsigned int flags UNUSED) +{ +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {.name = "netmask", .has_arg = required_argument, .val = '4'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +iphash_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_iphash *mydata = data; + + parse_ip(arg, &mydata->ip); + if (!mydata->ip) + exit_error(PARAMETER_PROBLEM, + "Zero valued IP address `%s' specified", arg); + + return mydata->ip; +}; + +/* + * Print and save + */ + +static void +iphash_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_iphash_create *header = data; + struct ip_set_iphash *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_iphash)); + map->hashsize = header->hashsize; + map->probes = header->probes; + map->resize = header->resize; + map->netmask = header->netmask; +} + +static unsigned int +mask_to_bits(ip_set_ip_t mask) +{ + unsigned int bits = 32; + ip_set_ip_t maskaddr; + + if (mask == 0xFFFFFFFF) + return bits; + + maskaddr = 0xFFFFFFFE; + while (--bits > 0 && maskaddr != mask) + maskaddr <<= 1; + + return bits; +} + +static void +iphash_printheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_iphash *mysetdata = set->settype->header; + + printf(" hashsize: %u", mysetdata->hashsize); + printf(" probes: %u", mysetdata->probes); + printf(" resize: %u", mysetdata->resize); + if (mysetdata->netmask == 0xFFFFFFFF) + printf("\n"); + else + printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); +} + +static void +iphash_printips(struct set *set UNUSED, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + size_t offset = 0; + ip_set_ip_t *ip; + + while (offset < len) { + ip = data + offset; + printf("%s\n", ip_tostring(*ip, options)); + offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); + } +} + +static void +iphash_saveheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_iphash *mysetdata = set->settype->header; + + printf("-N %s %s --hashsize %u --probes %u --resize %u", + set->name, set->settype->typename, + mysetdata->hashsize, mysetdata->probes, mysetdata->resize); + if (mysetdata->netmask == 0xFFFFFFFF) + printf("\n"); + else + printf(" --netmask %d\n", mask_to_bits(mysetdata->netmask)); +} + +/* Print save for an IP */ +static void +iphash_saveips(struct set *set UNUSED, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + size_t offset = 0; + ip_set_ip_t *ip; + + while (offset < len) { + ip = data + offset; + printf("-A %s %s\n", set->name, ip_tostring(*ip, options)); + offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); + } +} + +static void +iphash_usage(void) +{ + printf + ("-N set iphash [--hashsize hashsize] [--probes probes ]\n" + " [--resize resize] [--netmask CIDR-netmask]\n" + "-A set IP\n" + "-D set IP\n" + "-T set IP\n"); +} + +static struct settype settype_iphash = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_iphash_create), + .create_init = iphash_create_init, + .create_parse = iphash_create_parse, + .create_final = iphash_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_iphash), + .adt_parser = iphash_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_iphash), + .initheader = iphash_initheader, + .printheader = iphash_printheader, + .printips = iphash_printips, + .printips_sorted = iphash_printips, + .saveheader = iphash_saveheader, + .saveips = iphash_saveips, + + .usage = iphash_usage, +}; + +CONSTRUCTOR(iphash) +{ + settype_register(&settype_iphash); + +} diff --git a/src/ipset_hash_ipport.c b/src/ipset_hash_ipport.c new file mode 100644 index 0000000..9249b2a --- /dev/null +++ b/src/ipset_hash_ipport.c @@ -0,0 +1,350 @@ +/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* UINT_MAX */ +#include /* *printf */ +#include /* mem*, str* */ + +#include "ipset.h" + +#include + +#define OPT_CREATE_HASHSIZE 0x01U +#define OPT_CREATE_PROBES 0x02U +#define OPT_CREATE_RESIZE 0x04U +#define OPT_CREATE_NETWORK 0x08U +#define OPT_CREATE_FROM 0x10U +#define OPT_CREATE_TO 0x20U + +/* Initialize the create. */ +static void +ipporthash_create_init(void *data) +{ + struct ip_set_req_ipporthash_create *mydata = data; + + DP("create INIT"); + + /* Default create parameters */ + mydata->hashsize = 1024; + mydata->probes = 8; + mydata->resize = 50; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +ipporthash_create_parse(int c, char *argv[] UNUSED, void *data, + unsigned *flags) +{ + struct ip_set_req_ipporthash_create *mydata = data; + ip_set_ip_t value; + + DP("create_parse"); + + switch (c) { + case '1': + + if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) + exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); + + *flags |= OPT_CREATE_HASHSIZE; + + DP("--hashsize %u", mydata->hashsize); + + break; + + case '2': + + if (string_to_number(optarg, 1, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); + + mydata->probes = value; + *flags |= OPT_CREATE_PROBES; + + DP("--probes %u", mydata->probes); + + break; + + case '3': + + if (string_to_number(optarg, 0, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); + + mydata->resize = value; + *flags |= OPT_CREATE_RESIZE; + + DP("--resize %u", mydata->resize); + + break; + + case '4': + parse_ip(optarg, &mydata->from); + + *flags |= OPT_CREATE_FROM; + + DP("--from %x (%s)", mydata->from, + ip_tostring_numeric(mydata->from)); + + break; + + case '5': + parse_ip(optarg, &mydata->to); + + *flags |= OPT_CREATE_TO; + + DP("--to %x (%s)", mydata->to, + ip_tostring_numeric(mydata->to)); + + break; + + case '6': + parse_ipandmask(optarg, &mydata->from, &mydata->to); + + /* Make to the last of from + mask */ + if (mydata->to) + mydata->to = mydata->from | ~(mydata->to); + else { + mydata->from = 0x00000000; + mydata->to = 0xFFFFFFFF; + } + *flags |= OPT_CREATE_NETWORK; + + DP("--network from %x (%s)", + mydata->from, ip_tostring_numeric(mydata->from)); + DP("--network to %x (%s)", + mydata->to, ip_tostring_numeric(mydata->to)); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +ipporthash_create_final(void *data, unsigned int flags) +{ + struct ip_set_req_ipporthash_create *mydata = data; + +#ifdef IPSET_DEBUG + DP("hashsize %u probes %u resize %u", + mydata->hashsize, mydata->probes, mydata->resize); +#endif + + if (flags & OPT_CREATE_NETWORK) { + /* --network */ + if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Can't specify --from or --to with --network\n"); + } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { + /* --from --to */ + if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Need to specify both --from and --to\n"); + } else { + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to, or --network\n"); + + } + + DP("from : %x to: %x diff: %x", + mydata->from, mydata->to, + mydata->to - mydata->from); + + if (mydata->from > mydata->to) + exit_error(PARAMETER_PROBLEM, + "From can't be higher than to.\n"); + + if (mydata->to - mydata->from > MAX_RANGE) + exit_error(PARAMETER_PROBLEM, + "Range too large. Max is %d IPs in range\n", + MAX_RANGE+1); +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {.name = "from", .has_arg = required_argument, .val = '4'}, + {.name = "to", .has_arg = required_argument, .val = '5'}, + {.name = "network", .has_arg = required_argument, .val = '6'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +ipporthash_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_ipporthash *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + + DP("ipporthash: %p %p", arg, data); + + if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) + fprintf(stderr, "Warning: please use ',' separator token between ip,port.\n" + "Next release won't support old separator tokens.\n"); + + ptr = strsep(&tmp, ":%,"); + parse_ip(ptr, &mydata->ip); + + if (tmp) + parse_port(tmp, &mydata->port); + else + exit_error(PARAMETER_PROBLEM, + "IP address and port must be specified: ip,port"); + + if (!(mydata->ip || mydata->port)) + exit_error(PARAMETER_PROBLEM, + "Zero valued IP address and port `%s' specified", arg); + ipset_free(saved); + return 1; +}; + +/* + * Print and save + */ + +static void +ipporthash_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_ipporthash_create *header = data; + struct ip_set_ipporthash *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_ipporthash)); + map->hashsize = header->hashsize; + map->probes = header->probes; + map->resize = header->resize; + map->first_ip = header->from; + map->last_ip = header->to; +} + +static void +ipporthash_printheader(struct set *set, unsigned options) +{ + struct ip_set_ipporthash *mysetdata = set->settype->header; + + printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); + printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); + printf(" hashsize: %u", mysetdata->hashsize); + printf(" probes: %u", mysetdata->probes); + printf(" resize: %u\n", mysetdata->resize); +} + +static void +ipporthash_printips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_ipporthash *mysetdata = set->settype->header; + size_t offset = 0; + ip_set_ip_t *ipptr, ip; + uint16_t port; + + while (offset < len) { + ipptr = data + offset; + ip = (*ipptr>>16) + mysetdata->first_ip; + port = (uint16_t) *ipptr; + printf("%s,%s\n", + ip_tostring(ip, options), + port_tostring(port, options)); + offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); + } +} + +static void +ipporthash_saveheader(struct set *set, unsigned options) +{ + struct ip_set_ipporthash *mysetdata = set->settype->header; + + printf("-N %s %s --from %s", + set->name, set->settype->typename, + ip_tostring(mysetdata->first_ip, options)); + printf(" --to %s", + ip_tostring(mysetdata->last_ip, options)); + printf(" --hashsize %u --probes %u --resize %u\n", + mysetdata->hashsize, mysetdata->probes, mysetdata->resize); +} + +/* Print save for an IP */ +static void +ipporthash_saveips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_ipporthash *mysetdata = set->settype->header; + size_t offset = 0; + ip_set_ip_t *ipptr, ip; + uint16_t port; + + while (offset < len) { + ipptr = data + offset; + ip = (*ipptr>>16) + mysetdata->first_ip; + port = (uint16_t) *ipptr; + printf("-A %s %s,%s\n", set->name, + ip_tostring(ip, options), + port_tostring(port, options)); + offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); + } +} + +static void +ipporthash_usage(void) +{ + printf + ("-N set ipporthash --from IP --to IP\n" + " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" + "-N set ipporthash --network IP/mask\n" + " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" + "-A set IP,port\n" + "-D set IP,port\n" + "-T set IP,port\n"); +} + +static struct settype settype_ipporthash = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_ipporthash_create), + .create_init = ipporthash_create_init, + .create_parse = ipporthash_create_parse, + .create_final = ipporthash_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_ipporthash), + .adt_parser = ipporthash_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_ipporthash), + .initheader = ipporthash_initheader, + .printheader = ipporthash_printheader, + .printips = ipporthash_printips, + .printips_sorted = ipporthash_printips, + .saveheader = ipporthash_saveheader, + .saveips = ipporthash_saveips, + + .usage = ipporthash_usage, +}; + +CONSTRUCTOR(ipporthash) +{ + settype_register(&settype_ipporthash); + +} diff --git a/src/ipset_hash_ipportip.c b/src/ipset_hash_ipportip.c new file mode 100644 index 0000000..49861bf --- /dev/null +++ b/src/ipset_hash_ipportip.c @@ -0,0 +1,361 @@ +/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* UINT_MAX */ +#include /* *printf */ +#include /* mem*, str* */ + +#include "ipset.h" + +#include + +#define OPT_CREATE_HASHSIZE 0x01U +#define OPT_CREATE_PROBES 0x02U +#define OPT_CREATE_RESIZE 0x04U +#define OPT_CREATE_NETWORK 0x08U +#define OPT_CREATE_FROM 0x10U +#define OPT_CREATE_TO 0x20U + +/* Initialize the create. */ +static void +ipportiphash_create_init(void *data) +{ + struct ip_set_req_ipportiphash_create *mydata = data; + + DP("create INIT"); + + /* Default create parameters */ + mydata->hashsize = 1024; + mydata->probes = 8; + mydata->resize = 50; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +ipportiphash_create_parse(int c, char *argv[] UNUSED, void *data, + unsigned *flags) +{ + struct ip_set_req_ipportiphash_create *mydata = data; + ip_set_ip_t value; + + DP("create_parse"); + + switch (c) { + case '1': + + if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) + exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); + + *flags |= OPT_CREATE_HASHSIZE; + + DP("--hashsize %u", mydata->hashsize); + + break; + + case '2': + + if (string_to_number(optarg, 1, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); + + mydata->probes = value; + *flags |= OPT_CREATE_PROBES; + + DP("--probes %u", mydata->probes); + + break; + + case '3': + + if (string_to_number(optarg, 0, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); + + mydata->resize = value; + *flags |= OPT_CREATE_RESIZE; + + DP("--resize %u", mydata->resize); + + break; + + case '4': + parse_ip(optarg, &mydata->from); + + *flags |= OPT_CREATE_FROM; + + DP("--from %x (%s)", mydata->from, + ip_tostring_numeric(mydata->from)); + + break; + + case '5': + parse_ip(optarg, &mydata->to); + + *flags |= OPT_CREATE_TO; + + DP("--to %x (%s)", mydata->to, + ip_tostring_numeric(mydata->to)); + + break; + + case '6': + parse_ipandmask(optarg, &mydata->from, &mydata->to); + + /* Make to the last of from + mask */ + if (mydata->to) + mydata->to = mydata->from | ~(mydata->to); + else { + mydata->from = 0x00000000; + mydata->to = 0xFFFFFFFF; + } + *flags |= OPT_CREATE_NETWORK; + + DP("--network from %x (%s)", + mydata->from, ip_tostring_numeric(mydata->from)); + DP("--network to %x (%s)", + mydata->to, ip_tostring_numeric(mydata->to)); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +ipportiphash_create_final(void *data, unsigned int flags) +{ + struct ip_set_req_ipportiphash_create *mydata = data; + +#ifdef IPSET_DEBUG + DP("hashsize %u probes %u resize %u", + mydata->hashsize, mydata->probes, mydata->resize); +#endif + + if (flags & OPT_CREATE_NETWORK) { + /* --network */ + if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Can't specify --from or --to with --network\n"); + } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { + /* --from --to */ + if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Need to specify both --from and --to\n"); + } else { + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to, or --network\n"); + + } + + DP("from : %x to: %x diff: %x", + mydata->from, mydata->to, + mydata->to - mydata->from); + + if (mydata->from > mydata->to) + exit_error(PARAMETER_PROBLEM, + "From can't be higher than to.\n"); + + if (mydata->to - mydata->from > MAX_RANGE) + exit_error(PARAMETER_PROBLEM, + "Range too large. Max is %d IPs in range\n", + MAX_RANGE+1); +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {.name = "from", .has_arg = required_argument, .val = '4'}, + {.name = "to", .has_arg = required_argument, .val = '5'}, + {.name = "network", .has_arg = required_argument, .val = '6'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +ipportiphash_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_ipportiphash *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + + DP("ipportiphash: %p %p", arg, data); + + if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) + fprintf(stderr, "Warning: please use ',' separator token between ip,port,ip.\n" + "Next release won't support old separator tokens.\n"); + + ptr = strsep(&tmp, ":%,"); + parse_ip(ptr, &mydata->ip); + + if (!tmp) + exit_error(PARAMETER_PROBLEM, + "IP address, port and IP address must be specified: ip,port,ip"); + + ptr = strsep(&tmp, ":%,"); + parse_port(ptr, &mydata->port); + if (tmp) + parse_ip(tmp, &mydata->ip1); + else + exit_error(PARAMETER_PROBLEM, + "IP address, port and IP address must be specified: ip,port,ip"); + if (!(mydata->ip || mydata->port || mydata->ip1)) + exit_error(PARAMETER_PROBLEM, + "Zero valued IP address, port and IP address `%s' specified", arg); + ipset_free(saved); + return 1; +}; + +/* + * Print and save + */ + +static void +ipportiphash_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_ipportiphash_create *header = data; + struct ip_set_ipportiphash *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_ipportiphash)); + map->hashsize = header->hashsize; + map->probes = header->probes; + map->resize = header->resize; + map->first_ip = header->from; + map->last_ip = header->to; +} + +static void +ipportiphash_printheader(struct set *set, unsigned options) +{ + struct ip_set_ipportiphash *mysetdata = set->settype->header; + + printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); + printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); + printf(" hashsize: %u", mysetdata->hashsize); + printf(" probes: %u", mysetdata->probes); + printf(" resize: %u\n", mysetdata->resize); +} + +static void +ipportiphash_printips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_ipportiphash *mysetdata = set->settype->header; + size_t offset = 0; + struct ipportip *ipptr; + ip_set_ip_t ip; + uint16_t port; + + while (offset < len) { + ipptr = data + offset; + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("%s,%s,", + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + ip_tostring(ipptr->ip1, options)); + offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); + } +} + +static void +ipportiphash_saveheader(struct set *set, unsigned options) +{ + struct ip_set_ipportiphash *mysetdata = set->settype->header; + + printf("-N %s %s --from %s", + set->name, set->settype->typename, + ip_tostring(mysetdata->first_ip, options)); + printf(" --to %s", + ip_tostring(mysetdata->last_ip, options)); + printf(" --hashsize %u --probes %u --resize %u\n", + mysetdata->hashsize, mysetdata->probes, mysetdata->resize); +} + +/* Print save for an IP */ +static void +ipportiphash_saveips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_ipportiphash *mysetdata = set->settype->header; + size_t offset = 0; + struct ipportip *ipptr; + ip_set_ip_t ip; + uint16_t port; + + while (offset < len) { + ipptr = data + offset; + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("-A %s %s,%s,", set->name, + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + ip_tostring(ipptr->ip1, options)); + offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); + } +} + +static void +ipportiphash_usage(void) +{ + printf + ("-N set ipportiphash --from IP --to IP\n" + " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" + "-N set ipportiphash --network IP/mask\n" + " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" + "-A set IP,port,IP\n" + "-D set IP,port,IP\n" + "-T set IP,port,IP\n"); +} + +static struct settype settype_ipportiphash = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_ipportiphash_create), + .create_init = ipportiphash_create_init, + .create_parse = ipportiphash_create_parse, + .create_final = ipportiphash_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_ipportiphash), + .adt_parser = ipportiphash_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_ipportiphash), + .initheader = ipportiphash_initheader, + .printheader = ipportiphash_printheader, + .printips = ipportiphash_printips, + .printips_sorted = ipportiphash_printips, + .saveheader = ipportiphash_saveheader, + .saveips = ipportiphash_saveips, + + .usage = ipportiphash_usage, +}; + +CONSTRUCTOR(ipportiphash) +{ + settype_register(&settype_ipportiphash); + +} diff --git a/src/ipset_hash_ipportnet.c b/src/ipset_hash_ipportnet.c new file mode 100644 index 0000000..3a60bf1 --- /dev/null +++ b/src/ipset_hash_ipportnet.c @@ -0,0 +1,426 @@ +/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* UINT_MAX */ +#include /* *printf */ +#include /* mem*, str* */ + +#include "ipset.h" + +#include + +#define OPT_CREATE_HASHSIZE 0x01U +#define OPT_CREATE_PROBES 0x02U +#define OPT_CREATE_RESIZE 0x04U +#define OPT_CREATE_NETWORK 0x08U +#define OPT_CREATE_FROM 0x10U +#define OPT_CREATE_TO 0x20U + +/* Initialize the create. */ +static void +ipportnethash_create_init(void *data) +{ + struct ip_set_req_ipportnethash_create *mydata = data; + + DP("create INIT"); + + /* Default create parameters */ + mydata->hashsize = 1024; + mydata->probes = 8; + mydata->resize = 50; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +ipportnethash_create_parse(int c, char *argv[] UNUSED, void *data, + unsigned *flags) +{ + struct ip_set_req_ipportnethash_create *mydata = data; + ip_set_ip_t value; + + DP("create_parse"); + + switch (c) { + case '1': + + if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) + exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); + + *flags |= OPT_CREATE_HASHSIZE; + + DP("--hashsize %u", mydata->hashsize); + + break; + + case '2': + + if (string_to_number(optarg, 1, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); + + mydata->probes = value; + *flags |= OPT_CREATE_PROBES; + + DP("--probes %u", mydata->probes); + + break; + + case '3': + + if (string_to_number(optarg, 0, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); + + mydata->resize = value; + *flags |= OPT_CREATE_RESIZE; + + DP("--resize %u", mydata->resize); + + break; + + case '4': + parse_ip(optarg, &mydata->from); + + *flags |= OPT_CREATE_FROM; + + DP("--from %x (%s)", mydata->from, + ip_tostring_numeric(mydata->from)); + + break; + + case '5': + parse_ip(optarg, &mydata->to); + + *flags |= OPT_CREATE_TO; + + DP("--to %x (%s)", mydata->to, + ip_tostring_numeric(mydata->to)); + + break; + + case '6': + parse_ipandmask(optarg, &mydata->from, &mydata->to); + + /* Make to the last of from + mask */ + if (mydata->to) + mydata->to = mydata->from | ~(mydata->to); + else { + mydata->from = 0x00000000; + mydata->to = 0xFFFFFFFF; + } + *flags |= OPT_CREATE_NETWORK; + + DP("--network from %x (%s)", + mydata->from, ip_tostring_numeric(mydata->from)); + DP("--network to %x (%s)", + mydata->to, ip_tostring_numeric(mydata->to)); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +ipportnethash_create_final(void *data, unsigned int flags) +{ + struct ip_set_req_ipportnethash_create *mydata = data; + +#ifdef IPSET_DEBUG + DP("hashsize %u probes %u resize %u", + mydata->hashsize, mydata->probes, mydata->resize); +#endif + + if (flags & OPT_CREATE_NETWORK) { + /* --network */ + if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Can't specify --from or --to with --network\n"); + } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { + /* --from --to */ + if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) + exit_error(PARAMETER_PROBLEM, + "Need to specify both --from and --to\n"); + } else { + exit_error(PARAMETER_PROBLEM, + "Need to specify --from and --to, or --network\n"); + + } + + DP("from : %x to: %x diff: %x", + mydata->from, mydata->to, + mydata->to - mydata->from); + + if (mydata->from > mydata->to) + exit_error(PARAMETER_PROBLEM, + "From can't be higher than to.\n"); + + if (mydata->to - mydata->from > MAX_RANGE) + exit_error(PARAMETER_PROBLEM, + "Range too large. Max is %d IPs in range\n", + MAX_RANGE+1); +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {.name = "from", .has_arg = required_argument, .val = '4'}, + {.name = "to", .has_arg = required_argument, .val = '5'}, + {.name = "network", .has_arg = required_argument, .val = '6'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +ipportnethash_adt_parser(int cmd, const char *arg, void *data) +{ + struct ip_set_req_ipportnethash *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + ip_set_ip_t cidr; + + DP("ipportnethash: %p %p", arg, data); + + if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) + fprintf(stderr, "Warning: please use ',' separator token between ip,port,net.\n" + "Next release won't support old separator tokens.\n"); + + ptr = strsep(&tmp, ":%,"); + parse_ip(ptr, &mydata->ip); + if (!tmp) + exit_error(PARAMETER_PROBLEM, + "IP address, port and network address must be specified: ip,port,net"); + + ptr = strsep(&tmp, ":%,"); + parse_port(ptr, &mydata->port); + if (!tmp) + exit_error(PARAMETER_PROBLEM, + "IP address, port and network address must be specified: ip,port,net"); + + ptr = strsep(&tmp, "/"); + if (tmp == NULL) + if (cmd == CMD_TEST) + cidr = 32; + else + exit_error(PARAMETER_PROBLEM, + "Missing /cidr from `%s'", arg); + else + if (string_to_number(tmp, 1, 31, &cidr)) + exit_error(PARAMETER_PROBLEM, + "Out of range cidr `%s' specified", arg); + + mydata->cidr = cidr; + + parse_ip(ptr, &mydata->ip1); + ipset_free(saved); + return 1; +}; + +/* + * Print and save + */ + +static void +ipportnethash_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_ipportnethash_create *header = data; + struct ip_set_ipportnethash *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_ipportnethash)); + map->hashsize = header->hashsize; + map->probes = header->probes; + map->resize = header->resize; + map->first_ip = header->from; + map->last_ip = header->to; +} + +static void +ipportnethash_printheader(struct set *set, unsigned options) +{ + struct ip_set_ipportnethash *mysetdata = set->settype->header; + + printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); + printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); + printf(" hashsize: %u", mysetdata->hashsize); + printf(" probes: %u", mysetdata->probes); + printf(" resize: %u\n", mysetdata->resize); +} + +static char buf[20]; + +static char * +unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) +{ + int i, j = 3; + unsigned char a, b; + + ip = htonl(ip); + for (i = 3; i >= 0; i--) + if (((unsigned char *)&ip)[i] != 0) { + j = i; + break; + } + + a = ((unsigned char *)&ip)[j]; + if (a <= 128) { + a = (a - 1) * 2; + b = 7; + } else if (a <= 192) { + a = (a - 129) * 4; + b = 6; + } else if (a <= 224) { + a = (a - 193) * 8; + b = 5; + } else if (a <= 240) { + a = (a - 225) * 16; + b = 4; + } else if (a <= 248) { + a = (a - 241) * 32; + b = 3; + } else if (a <= 252) { + a = (a - 249) * 64; + b = 2; + } else if (a <= 254) { + a = (a - 253) * 128; + b = 1; + } else { + a = b = 0; + } + ((unsigned char *)&ip)[j] = a; + b += j * 8; + + sprintf(buf, "%u.%u.%u.%u/%u", + ((unsigned char *)&ip)[0], + ((unsigned char *)&ip)[1], + ((unsigned char *)&ip)[2], + ((unsigned char *)&ip)[3], + b); + + DP("%s %s", ip_tostring(ntohl(ip), 0), buf); + return buf; +} + +static void +ipportnethash_printips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_ipportnethash *mysetdata = set->settype->header; + size_t offset = 0; + struct ipportip *ipptr; + ip_set_ip_t ip; + uint16_t port; + + while (offset < len) { + ipptr = data + offset; + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("%s,%s,", + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + unpack_ip_tostring(ipptr->ip1, options)); + offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); + } +} + +static void +ipportnethash_saveheader(struct set *set, unsigned options) +{ + struct ip_set_ipportnethash *mysetdata = set->settype->header; + + printf("-N %s %s --from %s", + set->name, set->settype->typename, + ip_tostring(mysetdata->first_ip, options)); + printf(" --to %s", + ip_tostring(mysetdata->last_ip, options)); + printf(" --hashsize %u --probes %u --resize %u\n", + mysetdata->hashsize, mysetdata->probes, mysetdata->resize); +} + +/* Print save for an IP */ +static void +ipportnethash_saveips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_ipportnethash *mysetdata = set->settype->header; + size_t offset = 0; + struct ipportip *ipptr; + ip_set_ip_t ip; + uint16_t port; + + while (offset < len) { + ipptr = data + offset; + ip = (ipptr->ip>>16) + mysetdata->first_ip; + port = (uint16_t) ipptr->ip; + printf("-A %s %s,%s,", set->name, + ip_tostring(ip, options), + port_tostring(port, options)); + printf("%s\n", + unpack_ip_tostring(ipptr->ip, options)); + offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); + } +} + +static void +ipportnethash_usage(void) +{ + printf + ("-N set ipportnethash --from IP --to IP\n" + " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" + "-N set ipportnethash --network IP/mask\n" + " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" + "-A set IP,port,IP/net\n" + "-D set IP,port,IP/net\n" + "-T set IP,port,IP[/net]\n"); +} + +static struct settype settype_ipportnethash = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_ipportnethash_create), + .create_init = ipportnethash_create_init, + .create_parse = ipportnethash_create_parse, + .create_final = ipportnethash_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_ipportnethash), + .adt_parser = ipportnethash_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_ipportnethash), + .initheader = ipportnethash_initheader, + .printheader = ipportnethash_printheader, + .printips = ipportnethash_printips, + .printips_sorted = ipportnethash_printips, + .saveheader = ipportnethash_saveheader, + .saveips = ipportnethash_saveips, + + .usage = ipportnethash_usage, +}; + +CONSTRUCTOR(ipportnethash) +{ + settype_register(&settype_ipportnethash); + +} diff --git a/src/ipset_hash_net.c b/src/ipset_hash_net.c new file mode 100644 index 0000000..c7891cf --- /dev/null +++ b/src/ipset_hash_net.c @@ -0,0 +1,308 @@ +/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* UINT_MAX */ +#include /* *printf */ +#include /* mem*, str* */ + +#include "ipset.h" + +#include + +#define BUFLEN 30; + +#define OPT_CREATE_HASHSIZE 0x01U +#define OPT_CREATE_PROBES 0x02U +#define OPT_CREATE_RESIZE 0x04U + +/* Initialize the create. */ +static void +nethash_create_init(void *data) +{ + struct ip_set_req_nethash_create *mydata = data; + + DP("create INIT"); + + /* Default create parameters */ + mydata->hashsize = 1024; + mydata->probes = 4; + mydata->resize = 50; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +nethash_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) +{ + struct ip_set_req_nethash_create *mydata = data; + ip_set_ip_t value; + + DP("create_parse"); + + switch (c) { + case '1': + + if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) + exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); + + *flags |= OPT_CREATE_HASHSIZE; + + DP("--hashsize %u", mydata->hashsize); + + break; + + case '2': + + if (string_to_number(optarg, 1, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); + + mydata->probes = value; + *flags |= OPT_CREATE_PROBES; + + DP("--probes %u", mydata->probes); + + break; + + case '3': + + if (string_to_number(optarg, 0, 65535, &value)) + exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); + + mydata->resize = value; + *flags |= OPT_CREATE_RESIZE; + + DP("--resize %u", mydata->resize); + + break; + + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +nethash_create_final(void *data UNUSED, unsigned int flags UNUSED) +{ +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +nethash_adt_parser(int cmd, const char *arg, void *data) +{ + struct ip_set_req_nethash *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + ip_set_ip_t cidr; + + ptr = strsep(&tmp, "/"); + + if (tmp == NULL) { + if (cmd == CMD_TEST) + cidr = 32; + else + exit_error(PARAMETER_PROBLEM, + "Missing cidr from `%s'", arg); + } else + if (string_to_number(tmp, 1, 31, &cidr)) + exit_error(PARAMETER_PROBLEM, + "Out of range cidr `%s' specified", arg); + + mydata->cidr = cidr; + parse_ip(ptr, &mydata->ip); +#if 0 + if (!mydata->ip) + exit_error(PARAMETER_PROBLEM, + "Zero valued IP address `%s' specified", ptr); +#endif + ipset_free(saved); + + return 1; +}; + +/* + * Print and save + */ + +static void +nethash_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_nethash_create *header = data; + struct ip_set_nethash *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_nethash)); + map->hashsize = header->hashsize; + map->probes = header->probes; + map->resize = header->resize; +} + +static void +nethash_printheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_nethash *mysetdata = set->settype->header; + + printf(" hashsize: %u", mysetdata->hashsize); + printf(" probes: %u", mysetdata->probes); + printf(" resize: %u\n", mysetdata->resize); +} + +static char buf[20]; + +static char * +unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) +{ + int i, j = 3; + unsigned char a, b; + + ip = htonl(ip); + for (i = 3; i >= 0; i--) + if (((unsigned char *)&ip)[i] != 0) { + j = i; + break; + } + + a = ((unsigned char *)&ip)[j]; + if (a <= 128) { + a = (a - 1) * 2; + b = 7; + } else if (a <= 192) { + a = (a - 129) * 4; + b = 6; + } else if (a <= 224) { + a = (a - 193) * 8; + b = 5; + } else if (a <= 240) { + a = (a - 225) * 16; + b = 4; + } else if (a <= 248) { + a = (a - 241) * 32; + b = 3; + } else if (a <= 252) { + a = (a - 249) * 64; + b = 2; + } else if (a <= 254) { + a = (a - 253) * 128; + b = 1; + } else { + a = b = 0; + } + ((unsigned char *)&ip)[j] = a; + b += j * 8; + + sprintf(buf, "%u.%u.%u.%u/%u", + ((unsigned char *)&ip)[0], + ((unsigned char *)&ip)[1], + ((unsigned char *)&ip)[2], + ((unsigned char *)&ip)[3], + b); + + DP("%s %s", ip_tostring(ntohl(ip), 0), buf); + return buf; +} + +static void +nethash_printips(struct set *set UNUSED, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + size_t offset = 0; + ip_set_ip_t *ip; + + while (offset < len) { + ip = data + offset; + printf("%s\n", unpack_ip_tostring(*ip, options)); + offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); + } +} + +static void +nethash_saveheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_nethash *mysetdata = set->settype->header; + + printf("-N %s %s --hashsize %u --probes %u --resize %u\n", + set->name, set->settype->typename, + mysetdata->hashsize, mysetdata->probes, mysetdata->resize); +} + +/* Print save for an IP */ +static void +nethash_saveips(struct set *set UNUSED, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + size_t offset = 0; + ip_set_ip_t *ip; + + while (offset < len) { + ip = data + offset; + printf("-A %s %s\n", set->name, + unpack_ip_tostring(*ip, options)); + offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); + } +} + +static void +nethash_usage(void) +{ + printf + ("-N set nethash [--hashsize hashsize] [--probes probes ]\n" + " [--resize resize]\n" + "-A set IP/cidr\n" + "-D set IP/cidr\n" + "-T set IP/cidr\n"); +} + +static struct settype settype_nethash = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_nethash_create), + .create_init = nethash_create_init, + .create_parse = nethash_create_parse, + .create_final = nethash_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_nethash), + .adt_parser = nethash_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_nethash), + .initheader = nethash_initheader, + .printheader = nethash_printheader, + .printips = nethash_printips, + .printips_sorted = nethash_printips, + .saveheader = nethash_saveheader, + .saveips = nethash_saveips, + + .usage = nethash_usage, +}; + +CONSTRUCTOR(nethash) +{ + settype_register(&settype_nethash); + +} diff --git a/src/ipset_iphash.c b/src/ipset_iphash.c deleted file mode 100644 index 0bc5bd1..0000000 --- a/src/ipset_iphash.c +++ /dev/null @@ -1,279 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem* */ - -#include "ipset.h" - -#include - -#define BUFLEN 30; - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETMASK 0x08U - -/* Initialize the create. */ -static void -iphash_create_init(void *data) -{ - struct ip_set_req_iphash_create *mydata = data; - - DP("create INIT"); - - /* Default create parameters */ - mydata->hashsize = 1024; - mydata->probes = 8; - mydata->resize = 50; - - mydata->netmask = 0xFFFFFFFF; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -iphash_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_iphash_create *mydata = - (struct ip_set_req_iphash_create *) data; - unsigned int bits; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - *flags |= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - *flags |= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - *flags |= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - - if (string_to_number(optarg, 0, 32, &bits)) - exit_error(PARAMETER_PROBLEM, - "Invalid netmask `%s' specified", optarg); - - if (bits != 0) - mydata->netmask = 0xFFFFFFFF << (32 - bits); - - *flags |= OPT_CREATE_NETMASK; - - DP("--netmask %x", mydata->netmask); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -iphash_create_final(void *data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "netmask", .has_arg = required_argument, .val = '4'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -iphash_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_iphash *mydata = data; - - parse_ip(arg, &mydata->ip); - if (!mydata->ip) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address `%s' specified", arg); - - return mydata->ip; -}; - -/* - * Print and save - */ - -static void -iphash_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_iphash_create *header = data; - struct ip_set_iphash *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_iphash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->netmask = header->netmask; -} - -static unsigned int -mask_to_bits(ip_set_ip_t mask) -{ - unsigned int bits = 32; - ip_set_ip_t maskaddr; - - if (mask == 0xFFFFFFFF) - return bits; - - maskaddr = 0xFFFFFFFE; - while (--bits > 0 && maskaddr != mask) - maskaddr <<= 1; - - return bits; -} - -static void -iphash_printheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_iphash *mysetdata = set->settype->header; - - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u", mysetdata->resize); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); -} - -static void -iphash_printips(struct set *set UNUSED, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t *ip; - - while (offset < len) { - ip = data + offset; - printf("%s\n", ip_tostring(*ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -iphash_saveheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_iphash *mysetdata = set->settype->header; - - printf("-N %s %s --hashsize %u --probes %u --resize %u", - set->name, set->settype->typename, - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" --netmask %d\n", mask_to_bits(mysetdata->netmask)); -} - -/* Print save for an IP */ -static void -iphash_saveips(struct set *set UNUSED, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t *ip; - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, ip_tostring(*ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -iphash_usage(void) -{ - printf - ("-N set iphash [--hashsize hashsize] [--probes probes ]\n" - " [--resize resize] [--netmask CIDR-netmask]\n" - "-A set IP\n" - "-D set IP\n" - "-T set IP\n"); -} - -static struct settype settype_iphash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_iphash_create), - .create_init = iphash_create_init, - .create_parse = iphash_create_parse, - .create_final = iphash_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_iphash), - .adt_parser = iphash_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_iphash), - .initheader = iphash_initheader, - .printheader = iphash_printheader, - .printips = iphash_printips, - .printips_sorted = iphash_printips, - .saveheader = iphash_saveheader, - .saveips = iphash_saveips, - - .usage = iphash_usage, -}; - -CONSTRUCTOR(iphash) -{ - settype_register(&settype_iphash); - -} diff --git a/src/ipset_ipmap.c b/src/ipset_ipmap.c deleted file mode 100644 index 87b8e69..0000000 --- a/src/ipset_ipmap.c +++ /dev/null @@ -1,376 +0,0 @@ -/* Copyright 2000-2004 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* *printf */ -#include /* mem* */ - -#include "ipset.h" - -#include - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U -#define OPT_CREATE_NETWORK 0x04U -#define OPT_CREATE_NETMASK 0x08U - -#define OPT_ADDDEL_IP 0x01U - -/* Initialize the create. */ -static void -ipmap_create_init(void *data) -{ - struct ip_set_req_ipmap_create *mydata = data; - - DP("create INIT"); - mydata->netmask = 0xFFFFFFFF; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -ipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_ipmap_create *mydata = data; - unsigned int bits; - - DP("create_parse"); - - switch (c) { - case '1': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '2': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '3': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - if (mydata->to) - mydata->to = mydata->from | ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - case '4': - if (string_to_number(optarg, 0, 32, &bits)) - exit_error(PARAMETER_PROBLEM, - "Invalid netmask `%s' specified", optarg); - - if (bits != 0) - mydata->netmask = 0xFFFFFFFF << (32 - bits); - - *flags |= OPT_CREATE_NETMASK; - - DP("--netmask %x", mydata->netmask); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -ipmap_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_ipmap_create *mydata = data; - ip_set_ip_t range; - - if (flags == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else { - /* --from --to */ - if ((flags & OPT_CREATE_FROM) == 0 - || (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (flags & OPT_CREATE_NETMASK) { - unsigned int mask_bits, netmask_bits; - ip_set_ip_t mask; - - if ((mydata->from & mydata->netmask) != mydata->from) - exit_error(PARAMETER_PROBLEM, - "%s is not a network address according to netmask %d\n", - ip_tostring_numeric(mydata->from), - mask_to_bits(mydata->netmask)); - - mask = range_to_mask(mydata->from, mydata->to, &mask_bits); - if (!mask - && (mydata->from || mydata->to != 0xFFFFFFFF)) { - exit_error(PARAMETER_PROBLEM, - "You have to define a full network with --from" - " and --to if you specify the --network option\n"); - } - netmask_bits = mask_to_bits(mydata->netmask); - if (netmask_bits <= mask_bits) { - exit_error(PARAMETER_PROBLEM, - "%d netmask specifies larger or equal netblock than the network itself\n"); - } - range = (1<<(netmask_bits - mask_bits)) - 1; - } else { - range = mydata->to - mydata->from; - } - if (range > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {.name = "network", .has_arg = required_argument, .val = '3'}, - {.name = "netmask", .has_arg = required_argument, .val = '4'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -ipmap_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_ipmap *mydata = data; - - DP("ipmap: %p %p", arg, data); - - parse_ip(arg, &mydata->ip); - DP("%s", ip_tostring_numeric(mydata->ip)); - - return 1; -} - -/* - * Print and save - */ - -static void -ipmap_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_ipmap_create *header = data; - struct ip_set_ipmap *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipmap)); - map->first_ip = header->from; - map->last_ip = header->to; - map->netmask = header->netmask; - - if (map->netmask == 0xFFFFFFFF) { - map->hosts = 1; - map->sizeid = map->last_ip - map->first_ip + 1; - } else { - unsigned int mask_bits, netmask_bits; - ip_set_ip_t mask; - - mask = range_to_mask(header->from, header->to, &mask_bits); - netmask_bits = mask_to_bits(header->netmask); - - DP("bits: %d %d", mask_bits, netmask_bits); - map->hosts = 2 << (32 - netmask_bits - 1); - map->sizeid = 2 << (netmask_bits - mask_bits - 1); - } - - DP("%d %d", map->hosts, map->sizeid ); -} - -static void -ipmap_printheader(struct set *set, unsigned options) -{ - struct ip_set_ipmap *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); -} - -static inline void -__ipmap_printips_sorted(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_ipmap *mysetdata = set->settype->header; - ip_set_ip_t id; - - for (id = 0; id < mysetdata->sizeid; id++) - if (test_bit(id, data)) - printf("%s\n", - ip_tostring(mysetdata->first_ip - + id * mysetdata->hosts, - options)); -} - -static void -ipmap_printips_sorted(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - ip_set_ip_t *ip; - size_t offset = 0; - - if (dont_align) - return __ipmap_printips_sorted(set, data, len, options); - - while (offset < len) { - DP("offset: %zu, len %u\n", offset, len); - ip = data + offset; - printf("%s\n", ip_tostring(*ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -ipmap_saveheader(struct set *set, unsigned options) -{ - struct ip_set_ipmap *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - if (mysetdata->netmask == 0xFFFFFFFF) - printf("\n"); - else - printf(" --netmask %d\n", - mask_to_bits(mysetdata->netmask)); -} - -static inline void -__ipmap_saveips(struct set *set, void *data, u_int32_t len UNUSED, - unsigned options) -{ - struct ip_set_ipmap *mysetdata = set->settype->header; - ip_set_ip_t id; - - DP("%s", set->name); - for (id = 0; id < mysetdata->sizeid; id++) - if (test_bit(id, data)) - printf("-A %s %s\n", - set->name, - ip_tostring(mysetdata->first_ip - + id * mysetdata->hosts, - options)); -} - -static void -ipmap_saveips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - ip_set_ip_t *ip; - size_t offset = 0; - - if (dont_align) - return __ipmap_saveips(set, data, len, options); - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, ip_tostring(*ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -ipmap_usage(void) -{ - printf - ("-N set ipmap --from IP --to IP [--netmask CIDR-netmask]\n" - "-N set ipmap --network IP/mask [--netmask CIDR-netmask]\n" - "-A set IP\n" - "-D set IP\n" - "-T set IP\n"); -} - -static struct settype settype_ipmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_ipmap_create), - .create_init = ipmap_create_init, - .create_parse = ipmap_create_parse, - .create_final = ipmap_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_ipmap), - .adt_parser = ipmap_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_ipmap), - .initheader = ipmap_initheader, - .printheader = ipmap_printheader, - .printips = ipmap_printips_sorted, - .printips_sorted = ipmap_printips_sorted, - .saveheader = ipmap_saveheader, - .saveips = ipmap_saveips, - - .usage = ipmap_usage, -}; - -CONSTRUCTOR(ipmap) -{ - settype_register(&settype_ipmap); - -} diff --git a/src/ipset_ipporthash.c b/src/ipset_ipporthash.c deleted file mode 100644 index 9249b2a..0000000 --- a/src/ipset_ipporthash.c +++ /dev/null @@ -1,350 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem*, str* */ - -#include "ipset.h" - -#include - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/* Initialize the create. */ -static void -ipporthash_create_init(void *data) -{ - struct ip_set_req_ipporthash_create *mydata = data; - - DP("create INIT"); - - /* Default create parameters */ - mydata->hashsize = 1024; - mydata->probes = 8; - mydata->resize = 50; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -ipporthash_create_parse(int c, char *argv[] UNUSED, void *data, - unsigned *flags) -{ - struct ip_set_req_ipporthash_create *mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - *flags |= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - *flags |= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - *flags |= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - if (mydata->to) - mydata->to = mydata->from | ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -ipporthash_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_ipporthash_create *mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { - /* --from --to */ - if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -ipporthash_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_ipporthash *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - - DP("ipporthash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - - if (tmp) - parse_port(tmp, &mydata->port); - else - exit_error(PARAMETER_PROBLEM, - "IP address and port must be specified: ip,port"); - - if (!(mydata->ip || mydata->port)) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address and port `%s' specified", arg); - ipset_free(saved); - return 1; -}; - -/* - * Print and save - */ - -static void -ipporthash_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_ipporthash_create *header = data; - struct ip_set_ipporthash *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipporthash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipporthash_printheader(struct set *set, unsigned options) -{ - struct ip_set_ipporthash *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static void -ipporthash_printips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipporthash *mysetdata = set->settype->header; - size_t offset = 0; - ip_set_ip_t *ipptr, ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (*ipptr>>16) + mysetdata->first_ip; - port = (uint16_t) *ipptr; - printf("%s,%s\n", - ip_tostring(ip, options), - port_tostring(port, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -ipporthash_saveheader(struct set *set, unsigned options) -{ - struct ip_set_ipporthash *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP */ -static void -ipporthash_saveips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipporthash *mysetdata = set->settype->header; - size_t offset = 0; - ip_set_ip_t *ipptr, ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (*ipptr>>16) + mysetdata->first_ip; - port = (uint16_t) *ipptr; - printf("-A %s %s,%s\n", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -ipporthash_usage(void) -{ - printf - ("-N set ipporthash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipporthash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port\n" - "-D set IP,port\n" - "-T set IP,port\n"); -} - -static struct settype settype_ipporthash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_ipporthash_create), - .create_init = ipporthash_create_init, - .create_parse = ipporthash_create_parse, - .create_final = ipporthash_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_ipporthash), - .adt_parser = ipporthash_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_ipporthash), - .initheader = ipporthash_initheader, - .printheader = ipporthash_printheader, - .printips = ipporthash_printips, - .printips_sorted = ipporthash_printips, - .saveheader = ipporthash_saveheader, - .saveips = ipporthash_saveips, - - .usage = ipporthash_usage, -}; - -CONSTRUCTOR(ipporthash) -{ - settype_register(&settype_ipporthash); - -} diff --git a/src/ipset_ipportiphash.c b/src/ipset_ipportiphash.c deleted file mode 100644 index 49861bf..0000000 --- a/src/ipset_ipportiphash.c +++ /dev/null @@ -1,361 +0,0 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem*, str* */ - -#include "ipset.h" - -#include - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/* Initialize the create. */ -static void -ipportiphash_create_init(void *data) -{ - struct ip_set_req_ipportiphash_create *mydata = data; - - DP("create INIT"); - - /* Default create parameters */ - mydata->hashsize = 1024; - mydata->probes = 8; - mydata->resize = 50; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -ipportiphash_create_parse(int c, char *argv[] UNUSED, void *data, - unsigned *flags) -{ - struct ip_set_req_ipportiphash_create *mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - *flags |= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - *flags |= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - *flags |= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - if (mydata->to) - mydata->to = mydata->from | ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -ipportiphash_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_ipportiphash_create *mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { - /* --from --to */ - if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -ipportiphash_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_ipportiphash *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - - DP("ipportiphash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port,ip.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and IP address must be specified: ip,port,ip"); - - ptr = strsep(&tmp, ":%,"); - parse_port(ptr, &mydata->port); - if (tmp) - parse_ip(tmp, &mydata->ip1); - else - exit_error(PARAMETER_PROBLEM, - "IP address, port and IP address must be specified: ip,port,ip"); - if (!(mydata->ip || mydata->port || mydata->ip1)) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address, port and IP address `%s' specified", arg); - ipset_free(saved); - return 1; -}; - -/* - * Print and save - */ - -static void -ipportiphash_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_ipportiphash_create *header = data; - struct ip_set_ipportiphash *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipportiphash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipportiphash_printheader(struct set *set, unsigned options) -{ - struct ip_set_ipportiphash *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static void -ipportiphash_printips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportiphash *mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip *ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportiphash_saveheader(struct set *set, unsigned options) -{ - struct ip_set_ipportiphash *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP */ -static void -ipportiphash_saveips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportiphash *mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip *ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportiphash_usage(void) -{ - printf - ("-N set ipportiphash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipportiphash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port,IP\n" - "-D set IP,port,IP\n" - "-T set IP,port,IP\n"); -} - -static struct settype settype_ipportiphash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_ipportiphash_create), - .create_init = ipportiphash_create_init, - .create_parse = ipportiphash_create_parse, - .create_final = ipportiphash_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_ipportiphash), - .adt_parser = ipportiphash_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_ipportiphash), - .initheader = ipportiphash_initheader, - .printheader = ipportiphash_printheader, - .printips = ipportiphash_printips, - .printips_sorted = ipportiphash_printips, - .saveheader = ipportiphash_saveheader, - .saveips = ipportiphash_saveips, - - .usage = ipportiphash_usage, -}; - -CONSTRUCTOR(ipportiphash) -{ - settype_register(&settype_ipportiphash); - -} diff --git a/src/ipset_ipportnethash.c b/src/ipset_ipportnethash.c deleted file mode 100644 index 3a60bf1..0000000 --- a/src/ipset_ipportnethash.c +++ /dev/null @@ -1,426 +0,0 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem*, str* */ - -#include "ipset.h" - -#include - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U -#define OPT_CREATE_NETWORK 0x08U -#define OPT_CREATE_FROM 0x10U -#define OPT_CREATE_TO 0x20U - -/* Initialize the create. */ -static void -ipportnethash_create_init(void *data) -{ - struct ip_set_req_ipportnethash_create *mydata = data; - - DP("create INIT"); - - /* Default create parameters */ - mydata->hashsize = 1024; - mydata->probes = 8; - mydata->resize = 50; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -ipportnethash_create_parse(int c, char *argv[] UNUSED, void *data, - unsigned *flags) -{ - struct ip_set_req_ipportnethash_create *mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - *flags |= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - *flags |= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - *flags |= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - case '4': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '5': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '6': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - if (mydata->to) - mydata->to = mydata->from | ~(mydata->to); - else { - mydata->from = 0x00000000; - mydata->to = 0xFFFFFFFF; - } - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -ipportnethash_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_ipportnethash_create *mydata = data; - -#ifdef IPSET_DEBUG - DP("hashsize %u probes %u resize %u", - mydata->hashsize, mydata->probes, mydata->resize); -#endif - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else if (flags & (OPT_CREATE_FROM | OPT_CREATE_TO)) { - /* --from --to */ - if (!(flags & OPT_CREATE_FROM) || !(flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } else { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - } - - DP("from : %x to: %x diff: %x", - mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be higher than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {.name = "from", .has_arg = required_argument, .val = '4'}, - {.name = "to", .has_arg = required_argument, .val = '5'}, - {.name = "network", .has_arg = required_argument, .val = '6'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -ipportnethash_adt_parser(int cmd, const char *arg, void *data) -{ - struct ip_set_req_ipportnethash *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - ip_set_ip_t cidr; - - DP("ipportnethash: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,port,net.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and network address must be specified: ip,port,net"); - - ptr = strsep(&tmp, ":%,"); - parse_port(ptr, &mydata->port); - if (!tmp) - exit_error(PARAMETER_PROBLEM, - "IP address, port and network address must be specified: ip,port,net"); - - ptr = strsep(&tmp, "/"); - if (tmp == NULL) - if (cmd == CMD_TEST) - cidr = 32; - else - exit_error(PARAMETER_PROBLEM, - "Missing /cidr from `%s'", arg); - else - if (string_to_number(tmp, 1, 31, &cidr)) - exit_error(PARAMETER_PROBLEM, - "Out of range cidr `%s' specified", arg); - - mydata->cidr = cidr; - - parse_ip(ptr, &mydata->ip1); - ipset_free(saved); - return 1; -}; - -/* - * Print and save - */ - -static void -ipportnethash_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_ipportnethash_create *header = data; - struct ip_set_ipportnethash *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_ipportnethash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -ipportnethash_printheader(struct set *set, unsigned options) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static char buf[20]; - -static char * -unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) -{ - int i, j = 3; - unsigned char a, b; - - ip = htonl(ip); - for (i = 3; i >= 0; i--) - if (((unsigned char *)&ip)[i] != 0) { - j = i; - break; - } - - a = ((unsigned char *)&ip)[j]; - if (a <= 128) { - a = (a - 1) * 2; - b = 7; - } else if (a <= 192) { - a = (a - 129) * 4; - b = 6; - } else if (a <= 224) { - a = (a - 193) * 8; - b = 5; - } else if (a <= 240) { - a = (a - 225) * 16; - b = 4; - } else if (a <= 248) { - a = (a - 241) * 32; - b = 3; - } else if (a <= 252) { - a = (a - 249) * 64; - b = 2; - } else if (a <= 254) { - a = (a - 253) * 128; - b = 1; - } else { - a = b = 0; - } - ((unsigned char *)&ip)[j] = a; - b += j * 8; - - sprintf(buf, "%u.%u.%u.%u/%u", - ((unsigned char *)&ip)[0], - ((unsigned char *)&ip)[1], - ((unsigned char *)&ip)[2], - ((unsigned char *)&ip)[3], - b); - - DP("%s %s", ip_tostring(ntohl(ip), 0), buf); - return buf; -} - -static void -ipportnethash_printips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip *ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("%s,%s,", - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip1, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportnethash_saveheader(struct set *set, unsigned options) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", - ip_tostring(mysetdata->last_ip, options)); - printf(" --hashsize %u --probes %u --resize %u\n", - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP */ -static void -ipportnethash_saveips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_ipportnethash *mysetdata = set->settype->header; - size_t offset = 0; - struct ipportip *ipptr; - ip_set_ip_t ip; - uint16_t port; - - while (offset < len) { - ipptr = data + offset; - ip = (ipptr->ip>>16) + mysetdata->first_ip; - port = (uint16_t) ipptr->ip; - printf("-A %s %s,%s,", set->name, - ip_tostring(ip, options), - port_tostring(port, options)); - printf("%s\n", - unpack_ip_tostring(ipptr->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ipportip), dont_align); - } -} - -static void -ipportnethash_usage(void) -{ - printf - ("-N set ipportnethash --from IP --to IP\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-N set ipportnethash --network IP/mask\n" - " [--hashsize hashsize] [--probes probes ] [--resize resize]\n" - "-A set IP,port,IP/net\n" - "-D set IP,port,IP/net\n" - "-T set IP,port,IP[/net]\n"); -} - -static struct settype settype_ipportnethash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_ipportnethash_create), - .create_init = ipportnethash_create_init, - .create_parse = ipportnethash_create_parse, - .create_final = ipportnethash_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_ipportnethash), - .adt_parser = ipportnethash_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_ipportnethash), - .initheader = ipportnethash_initheader, - .printheader = ipportnethash_printheader, - .printips = ipportnethash_printips, - .printips_sorted = ipportnethash_printips, - .saveheader = ipportnethash_saveheader, - .saveips = ipportnethash_saveips, - - .usage = ipportnethash_usage, -}; - -CONSTRUCTOR(ipportnethash) -{ - settype_register(&settype_ipportnethash); - -} diff --git a/src/ipset_iptree.c b/src/ipset_iptree.c deleted file mode 100644 index 508e67a..0000000 --- a/src/ipset_iptree.c +++ /dev/null @@ -1,224 +0,0 @@ -/* Copyright 2005 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem* */ - -#include "ipset.h" - -#include - -#define BUFLEN 30; - -#define OPT_CREATE_TIMEOUT 0x01U - -/* Initialize the create. */ -static void -iptree_create_init(void *data) -{ - struct ip_set_req_iptree_create *mydata = data; - - DP("create INIT"); - mydata->timeout = 0; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -iptree_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_iptree_create *mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - string_to_number(optarg, 0, UINT_MAX, &mydata->timeout); - - *flags |= OPT_CREATE_TIMEOUT; - - DP("--timeout %u", mydata->timeout); - - break; - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -iptree_create_final(void *data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "timeout", .has_arg = required_argument, .val = '1'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -iptree_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_iptree *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - - DP("iptree: %p %p", arg, data); - - if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,timeout.\n" - "Next release won't support old separator tokens.\n"); - - ptr = strsep(&tmp, ":%,"); - parse_ip(ptr, &mydata->ip); - - if (tmp) - string_to_number(tmp, 0, UINT_MAX, &mydata->timeout); - else - mydata->timeout = 0; - - ipset_free(saved); - return 1; -} - -/* - * Print and save - */ - -static void -iptree_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_iptree_create *header = data; - struct ip_set_iptree *map = set->settype->header; - - map->timeout = header->timeout; -} - -static void -iptree_printheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_iptree *mysetdata = set->settype->header; - - if (mysetdata->timeout) - printf(" timeout: %u", mysetdata->timeout); - printf("\n"); -} - -static void -iptree_printips_sorted(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_iptree *mysetdata = set->settype->header; - struct ip_set_req_iptree *req; - size_t offset = 0; - - while (len >= offset + sizeof(struct ip_set_req_iptree)) { - req = (struct ip_set_req_iptree *)(data + offset); - if (mysetdata->timeout) - printf("%s,%u\n", ip_tostring(req->ip, options), - req->timeout); - else - printf("%s\n", ip_tostring(req->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); - } -} - -static void -iptree_saveheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_iptree *mysetdata = set->settype->header; - - if (mysetdata->timeout) - printf("-N %s %s --timeout %u\n", - set->name, set->settype->typename, - mysetdata->timeout); - else - printf("-N %s %s\n", - set->name, set->settype->typename); -} - -static void -iptree_saveips(struct set *set, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - struct ip_set_iptree *mysetdata = set->settype->header; - struct ip_set_req_iptree *req; - size_t offset = 0; - - DP("%s", set->name); - - while (len >= offset + sizeof(struct ip_set_req_iptree)) { - req = (struct ip_set_req_iptree *)(data + offset); - if (mysetdata->timeout) - printf("-A %s %s,%u\n", - set->name, - ip_tostring(req->ip, options), - req->timeout); - else - printf("-A %s %s\n", - set->name, - ip_tostring(req->ip, options)); - offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); - } -} - -static void -iptree_usage(void) -{ - printf - ("-N set iptree [--timeout value]\n" - "-A set IP[,timeout]\n" - "-D set IP\n" - "-T set IP\n"); -} - -static struct settype settype_iptree = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_iptree_create), - .create_init = iptree_create_init, - .create_parse = iptree_create_parse, - .create_final = iptree_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_iptree), - .adt_parser = iptree_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_iptree), - .initheader = iptree_initheader, - .printheader = iptree_printheader, - .printips = iptree_printips_sorted, /* We only have sorted version */ - .printips_sorted = iptree_printips_sorted, - .saveheader = iptree_saveheader, - .saveips = iptree_saveips, - - .usage = iptree_usage, -}; - -CONSTRUCTOR(iptree) -{ - settype_register(&settype_iptree); - -} diff --git a/src/ipset_list_set.c b/src/ipset_list_set.c new file mode 100644 index 0000000..de16c44 --- /dev/null +++ b/src/ipset_list_set.c @@ -0,0 +1,229 @@ +/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include +#include +#include +#include +#include + +#include +#include "ipset.h" + +/* Initialize the create. */ +static void +setlist_create_init(void *data) +{ + struct ip_set_req_setlist_create *mydata = data; + + mydata->size = 8; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +setlist_create_parse(int c, char *argv[] UNUSED, void *data, + unsigned *flags UNUSED) +{ + struct ip_set_req_setlist_create *mydata = data; + unsigned int size; + + switch (c) { + case '1': + if (string_to_number(optarg, 1, 255, &size)) + exit_error(PARAMETER_PROBLEM, + "Invalid size '%s specified: must be " + "between 1-255", optarg); + mydata->size = size; + break; + default: + return 0; + } + return 1; +} + +/* Final check; exit if not ok. */ +static void +setlist_create_final(void *data UNUSED, unsigned int flags UNUSED) +{ +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "size", .has_arg = required_argument, .val = '1'}, + {NULL}, +}; + +static void +check_setname(const char *name) +{ + if (strlen(name) > IP_SET_MAXNAMELEN - 1) + exit_error(PARAMETER_PROBLEM, + "Setname %s is longer than %d characters.", + name, IP_SET_MAXNAMELEN - 1); +} + +/* Add, del, test parser */ +static ip_set_ip_t +setlist_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_setlist *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + + DP("setlist: %p %p", arg, data); + + ptr = strsep(&tmp, ","); + check_setname(ptr); + strcpy(mydata->name, ptr); + + if (!tmp) { + mydata->before = 0; + mydata->ref[0] = '\0'; + return 1; + } + + ptr = strsep(&tmp, ","); + + if (tmp == NULL || !(strcmp(ptr, "before") == 0 || strcmp(ptr, "after") == 0)) + exit_error(PARAMETER_PROBLEM, + "Syntax error, you must specify elements as setname,[before|after],setname"); + + check_setname(tmp); + strcpy(mydata->ref, tmp); + mydata->before = !strcmp(ptr, "before"); + + free(saved); + + return 1; +} + +/* + * Print and save + */ + +static void +setlist_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_setlist_create *header = data; + struct ip_set_setlist *map = set->settype->header; + + memset(map, 0, sizeof(struct ip_set_setlist)); + map->size = header->size; +} + +static void +setlist_printheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_setlist *mysetdata = set->settype->header; + + printf(" size: %u\n", mysetdata->size); +} + +static void +setlist_printips_sorted(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options UNUSED, + char dont_align) +{ + struct ip_set_setlist *mysetdata = set->settype->header; + int i, asize; + ip_set_id_t *id; + struct set *elem; + + asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); + for (i = 0; i < mysetdata->size; i++ ) { + DP("Try %u", i); + id = (ip_set_id_t *)(data + i * asize); + DP("Try %u, check", i); + if (*id == IP_SET_INVALID_ID) + return; + elem = set_find_byid(*id); + printf("%s\n", elem->name); + } +} + +static void +setlist_saveheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_setlist *mysetdata = set->settype->header; + + printf("-N %s %s --size %u\n", + set->name, set->settype->typename, + mysetdata->size); +} + +static void +setlist_saveips(struct set *set, void *data, + u_int32_t len UNUSED, unsigned options UNUSED, char dont_align) +{ + struct ip_set_setlist *mysetdata = set->settype->header; + int i, asize; + ip_set_id_t *id; + struct set *elem; + + asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); + for (i = 0; i < mysetdata->size; i++ ) { + id = (ip_set_id_t *)(data + i * asize); + if (*id == IP_SET_INVALID_ID) + return; + elem = set_find_byid(*id); + printf("-A %s %s\n", set->name, elem->name); + } +} + +static void +setlist_usage(void) +{ + printf + ("-N set setlist --size size\n" + "-A set setname[,before|after,setname]\n" + "-D set setname\n" + "-T set setname\n"); +} + +static struct settype settype_setlist = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_setlist_create), + .create_init = setlist_create_init, + .create_parse = setlist_create_parse, + .create_final = setlist_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_setlist), + .adt_parser = setlist_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_setlist), + .initheader = setlist_initheader, + .printheader = setlist_printheader, + .printips = setlist_printips_sorted, + .printips_sorted = setlist_printips_sorted, + .saveheader = setlist_saveheader, + .saveips = setlist_saveips, + + .usage = setlist_usage, +}; + +CONSTRUCTOR(setlist) +{ + settype_register(&settype_setlist); + +} diff --git a/src/ipset_macipmap.c b/src/ipset_macipmap.c deleted file mode 100644 index fb97cae..0000000 --- a/src/ipset_macipmap.c +++ /dev/null @@ -1,382 +0,0 @@ -/* Copyright 2000, 2001, 2002 Joakim Axelsson (gozem@linux.nu) - * Patrick Schaaf (bof@bof.de) - * Martin Josefsson (gandalf@wlug.westbo.se) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - -#include /* *printf */ -#include /* mem* */ -#include /* str* */ -#include /* ETH_ALEN */ - -#include "ipset.h" - -#include - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U -#define OPT_CREATE_NETWORK 0x04U -#define OPT_CREATE_MATCHUNSET 0x08U - -#define OPT_ADDDEL_IP 0x01U -#define OPT_ADDDEL_MAC 0x02U - -/* Initialize the create. */ -static void -macipmap_create_init(void *data UNUSED) -{ - DP("create INIT"); - /* Nothing */ -} - -/* Function which parses command options; returns true if it ate an option */ -static int -macipmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_macipmap_create *mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - parse_ip(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - ip_tostring_numeric(mydata->from)); - - break; - - case '2': - parse_ip(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - ip_tostring_numeric(mydata->to)); - - break; - - case '3': - parse_ipandmask(optarg, &mydata->from, &mydata->to); - - /* Make to the last of from + mask */ - mydata->to = mydata->from | (~mydata->to); - - *flags |= OPT_CREATE_NETWORK; - - DP("--network from %x (%s)", - mydata->from, ip_tostring_numeric(mydata->from)); - DP("--network to %x (%s)", - mydata->to, ip_tostring_numeric(mydata->to)); - - break; - - case '4': - mydata->flags |= IPSET_MACIP_MATCHUNSET; - - *flags |= OPT_CREATE_MATCHUNSET; - - DP("--matchunset"); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -macipmap_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_macipmap_create *mydata = data; - - if (flags == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to, or --network\n"); - - if (flags & OPT_CREATE_NETWORK) { - /* --network */ - if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO)) - exit_error(PARAMETER_PROBLEM, - "Can't specify --from or --to with --network\n"); - } else { - /* --from --to */ - if ((flags & OPT_CREATE_FROM) == 0 - || (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - - DP("from : %x to: %x diff: %d match unset: %d", mydata->from, - mydata->to, mydata->to - mydata->from, - flags & OPT_CREATE_MATCHUNSET); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d IPs in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {.name = "network", .has_arg = required_argument, .val = '3'}, - {.name = "matchunset", .has_arg = no_argument, .val = '4'}, - {NULL}, -}; - -static void -parse_mac(const char *mac, unsigned char *ethernet) -{ - unsigned int i = 0; - - if (strlen(mac) != ETH_ALEN * 3 - 1) - exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac); - - for (i = 0; i < ETH_ALEN; i++) { - long number; - char *end; - - number = strtol(mac + i * 3, &end, 16); - - if (end == mac + i * 3 + 2 && number >= 0 && number <= 255) - ethernet[i] = number; - else - exit_error(PARAMETER_PROBLEM, - "Bad mac address `%s'", mac); - } -} - -/* Add, del, test parser */ -static ip_set_ip_t -macipmap_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_macipmap *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - - DP("macipmap: %p %p", arg, data); - - ptr = strsep(&tmp, ","); - if (!tmp) { - tmp = saved; - ptr = strsep(&tmp, ":%"); - if (tmp && ++warn_once == 1) - fprintf(stderr, "Warning: please use ',' separator token between ip,mac.\n" - "Next release won't support old separator tokens.\n"); - } - parse_ip(ptr, &mydata->ip); - - if (tmp) - parse_mac(tmp, mydata->ethernet); - else - memset(mydata->ethernet, 0, ETH_ALEN); - - free(saved); - - return 1; -} - -/* - * Print and save - */ - -static void -macipmap_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_macipmap_create *header = data; - struct ip_set_macipmap *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_macipmap)); - map->first_ip = header->from; - map->last_ip = header->to; - map->flags = header->flags; -} - -static void -macipmap_printheader(struct set *set, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - - printf(" from: %s", ip_tostring(mysetdata->first_ip, options)); - printf(" to: %s", ip_tostring(mysetdata->last_ip, options)); - - if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) - printf(" matchunset"); - printf("\n"); -} - -static void -print_mac(unsigned char macaddress[ETH_ALEN]) -{ - unsigned int i; - - printf("%02X", macaddress[0]); - for (i = 1; i < ETH_ALEN; i++) - printf(":%02X", macaddress[i]); -} - -static inline void -__macipmap_printips_sorted(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - struct ip_set_macip *table = data; - u_int32_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - if (table[addr - mysetdata->first_ip].match) { - printf("%s,", ip_tostring(addr, options)); - print_mac(table[addr - mysetdata->first_ip]. - ethernet); - printf("\n"); - } - addr++; - } -} - -static void -macipmap_printips_sorted(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - struct ip_set_req_macipmap *d; - size_t offset = 0; - - if (dont_align) - return __macipmap_printips_sorted(set, data, len, options); - - while (offset < len) { - d = data + offset; - printf("%s,", ip_tostring(d->ip, options)); - print_mac(d->ethernet); - printf("\n"); - offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - } -} - -static void -macipmap_saveheader(struct set *set, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, set->settype->typename, - ip_tostring(mysetdata->first_ip, options)); - printf(" --to %s", ip_tostring(mysetdata->last_ip, options)); - - if (mysetdata->flags & IPSET_MACIP_MATCHUNSET) - printf(" --matchunset"); - printf("\n"); -} - -static inline void -__macipmap_saveips(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_macipmap *mysetdata = set->settype->header; - struct ip_set_macip *table = data; - u_int32_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - if (table[addr - mysetdata->first_ip].match) { - printf("-A %s %s,", - set->name, ip_tostring(addr, options)); - print_mac(table[addr - mysetdata->first_ip]. - ethernet); - printf("\n"); - } - addr++; - } -} - -static void -macipmap_saveips(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - struct ip_set_req_macipmap *d; - size_t offset = 0; - - if (dont_align) - return __macipmap_saveips(set, data, len, options); - - while (offset < len) { - d = data + offset; - printf("-A %s %s,", set->name, ip_tostring(d->ip, options)); - print_mac(d->ethernet); - printf("\n"); - offset += IPSET_ALIGN(sizeof(struct ip_set_req_macipmap)); - } -} - -static void -macipmap_usage(void) -{ - printf - ("-N set macipmap --from IP --to IP [--matchunset]\n" - "-N set macipmap --network IP/mask [--matchunset]\n" - "-A set IP[,MAC]\n" - "-D set IP[,MAC]\n" - "-T set IP[,MAC]\n"); -} - -static struct settype settype_macipmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_macipmap_create), - .create_init = macipmap_create_init, - .create_parse = macipmap_create_parse, - .create_final = macipmap_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_macipmap), - .adt_parser = macipmap_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_macipmap), - .initheader = macipmap_initheader, - .printheader = macipmap_printheader, - .printips = macipmap_printips_sorted, - .printips_sorted = macipmap_printips_sorted, - .saveheader = macipmap_saveheader, - .saveips = macipmap_saveips, - - .usage = macipmap_usage, -}; - -CONSTRUCTOR(macipmap) -{ - settype_register(&settype_macipmap); - -} diff --git a/src/ipset_nethash.c b/src/ipset_nethash.c deleted file mode 100644 index c7891cf..0000000 --- a/src/ipset_nethash.c +++ /dev/null @@ -1,308 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include /* UINT_MAX */ -#include /* *printf */ -#include /* mem*, str* */ - -#include "ipset.h" - -#include - -#define BUFLEN 30; - -#define OPT_CREATE_HASHSIZE 0x01U -#define OPT_CREATE_PROBES 0x02U -#define OPT_CREATE_RESIZE 0x04U - -/* Initialize the create. */ -static void -nethash_create_init(void *data) -{ - struct ip_set_req_nethash_create *mydata = data; - - DP("create INIT"); - - /* Default create parameters */ - mydata->hashsize = 1024; - mydata->probes = 4; - mydata->resize = 50; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -nethash_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_nethash_create *mydata = data; - ip_set_ip_t value; - - DP("create_parse"); - - switch (c) { - case '1': - - if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize)) - exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg); - - *flags |= OPT_CREATE_HASHSIZE; - - DP("--hashsize %u", mydata->hashsize); - - break; - - case '2': - - if (string_to_number(optarg, 1, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg); - - mydata->probes = value; - *flags |= OPT_CREATE_PROBES; - - DP("--probes %u", mydata->probes); - - break; - - case '3': - - if (string_to_number(optarg, 0, 65535, &value)) - exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg); - - mydata->resize = value; - *flags |= OPT_CREATE_RESIZE; - - DP("--resize %u", mydata->resize); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -nethash_create_final(void *data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "hashsize", .has_arg = required_argument, .val = '1'}, - {.name = "probes", .has_arg = required_argument, .val = '2'}, - {.name = "resize", .has_arg = required_argument, .val = '3'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -nethash_adt_parser(int cmd, const char *arg, void *data) -{ - struct ip_set_req_nethash *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - ip_set_ip_t cidr; - - ptr = strsep(&tmp, "/"); - - if (tmp == NULL) { - if (cmd == CMD_TEST) - cidr = 32; - else - exit_error(PARAMETER_PROBLEM, - "Missing cidr from `%s'", arg); - } else - if (string_to_number(tmp, 1, 31, &cidr)) - exit_error(PARAMETER_PROBLEM, - "Out of range cidr `%s' specified", arg); - - mydata->cidr = cidr; - parse_ip(ptr, &mydata->ip); -#if 0 - if (!mydata->ip) - exit_error(PARAMETER_PROBLEM, - "Zero valued IP address `%s' specified", ptr); -#endif - ipset_free(saved); - - return 1; -}; - -/* - * Print and save - */ - -static void -nethash_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_nethash_create *header = data; - struct ip_set_nethash *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_nethash)); - map->hashsize = header->hashsize; - map->probes = header->probes; - map->resize = header->resize; -} - -static void -nethash_printheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_nethash *mysetdata = set->settype->header; - - printf(" hashsize: %u", mysetdata->hashsize); - printf(" probes: %u", mysetdata->probes); - printf(" resize: %u\n", mysetdata->resize); -} - -static char buf[20]; - -static char * -unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED) -{ - int i, j = 3; - unsigned char a, b; - - ip = htonl(ip); - for (i = 3; i >= 0; i--) - if (((unsigned char *)&ip)[i] != 0) { - j = i; - break; - } - - a = ((unsigned char *)&ip)[j]; - if (a <= 128) { - a = (a - 1) * 2; - b = 7; - } else if (a <= 192) { - a = (a - 129) * 4; - b = 6; - } else if (a <= 224) { - a = (a - 193) * 8; - b = 5; - } else if (a <= 240) { - a = (a - 225) * 16; - b = 4; - } else if (a <= 248) { - a = (a - 241) * 32; - b = 3; - } else if (a <= 252) { - a = (a - 249) * 64; - b = 2; - } else if (a <= 254) { - a = (a - 253) * 128; - b = 1; - } else { - a = b = 0; - } - ((unsigned char *)&ip)[j] = a; - b += j * 8; - - sprintf(buf, "%u.%u.%u.%u/%u", - ((unsigned char *)&ip)[0], - ((unsigned char *)&ip)[1], - ((unsigned char *)&ip)[2], - ((unsigned char *)&ip)[3], - b); - - DP("%s %s", ip_tostring(ntohl(ip), 0), buf); - return buf; -} - -static void -nethash_printips(struct set *set UNUSED, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t *ip; - - while (offset < len) { - ip = data + offset; - printf("%s\n", unpack_ip_tostring(*ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -nethash_saveheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_nethash *mysetdata = set->settype->header; - - printf("-N %s %s --hashsize %u --probes %u --resize %u\n", - set->name, set->settype->typename, - mysetdata->hashsize, mysetdata->probes, mysetdata->resize); -} - -/* Print save for an IP */ -static void -nethash_saveips(struct set *set UNUSED, void *data, u_int32_t len, - unsigned options, char dont_align) -{ - size_t offset = 0; - ip_set_ip_t *ip; - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, - unpack_ip_tostring(*ip, options)); - offset += IPSET_VALIGN(sizeof(ip_set_ip_t), dont_align); - } -} - -static void -nethash_usage(void) -{ - printf - ("-N set nethash [--hashsize hashsize] [--probes probes ]\n" - " [--resize resize]\n" - "-A set IP/cidr\n" - "-D set IP/cidr\n" - "-T set IP/cidr\n"); -} - -static struct settype settype_nethash = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_nethash_create), - .create_init = nethash_create_init, - .create_parse = nethash_create_parse, - .create_final = nethash_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_nethash), - .adt_parser = nethash_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_nethash), - .initheader = nethash_initheader, - .printheader = nethash_printheader, - .printips = nethash_printips, - .printips_sorted = nethash_printips, - .saveheader = nethash_saveheader, - .saveips = nethash_saveips, - - .usage = nethash_usage, -}; - -CONSTRUCTOR(nethash) -{ - settype_register(&settype_nethash); - -} diff --git a/src/ipset_portmap.c b/src/ipset_portmap.c deleted file mode 100644 index a1065ae..0000000 --- a/src/ipset_portmap.c +++ /dev/null @@ -1,272 +0,0 @@ -/* Copyright 2004 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - -#include /* *printf */ -#include /* mem* */ - -#include "ipset.h" - -#include - -#define BUFLEN 30; - -#define OPT_CREATE_FROM 0x01U -#define OPT_CREATE_TO 0x02U - -#define OPT_ADDDEL_PORT 0x01U - -/* Initialize the create. */ -static void -portmap_create_init(void *data UNUSED) -{ - DP("create INIT"); - /* Nothing */ -} - -/* Function which parses command options; returns true if it ate an option */ -static int -portmap_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) -{ - struct ip_set_req_portmap_create *mydata = data; - - DP("create_parse"); - - switch (c) { - case '1': - parse_port(optarg, &mydata->from); - - *flags |= OPT_CREATE_FROM; - - DP("--from %x (%s)", mydata->from, - port_tostring(mydata->from, 0)); - - break; - - case '2': - parse_port(optarg, &mydata->to); - - *flags |= OPT_CREATE_TO; - - DP("--to %x (%s)", mydata->to, - port_tostring(mydata->to, 0)); - - break; - - default: - return 0; - } - - return 1; -} - -/* Final check; exit if not ok. */ -static void -portmap_create_final(void *data, unsigned int flags) -{ - struct ip_set_req_portmap_create *mydata = data; - - if (flags == 0) { - exit_error(PARAMETER_PROBLEM, - "Need to specify --from and --to\n"); - } else { - /* --from --to */ - if ((flags & OPT_CREATE_FROM) == 0 - || (flags & OPT_CREATE_TO) == 0) - exit_error(PARAMETER_PROBLEM, - "Need to specify both --from and --to\n"); - } - - DP("from : %x to: %x diff: %d", mydata->from, mydata->to, - mydata->to - mydata->from); - - if (mydata->from > mydata->to) - exit_error(PARAMETER_PROBLEM, - "From can't be lower than to.\n"); - - if (mydata->to - mydata->from > MAX_RANGE) - exit_error(PARAMETER_PROBLEM, - "Range too large. Max is %d ports in range\n", - MAX_RANGE+1); -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "from", .has_arg = required_argument, .val = '1'}, - {.name = "to", .has_arg = required_argument, .val = '2'}, - {NULL}, -}; - -/* Add, del, test parser */ -static ip_set_ip_t -portmap_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_portmap *mydata = data; - - parse_port(arg, &mydata->ip); - DP("%s", port_tostring(mydata->ip, 0)); - - return 1; -} - -/* - * Print and save - */ - -static void -portmap_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_portmap_create *header = data; - struct ip_set_portmap *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_portmap)); - map->first_ip = header->from; - map->last_ip = header->to; -} - -static void -portmap_printheader(struct set *set, unsigned options) -{ - struct ip_set_portmap *mysetdata = set->settype->header; - - printf(" from: %s", port_tostring(mysetdata->first_ip, options)); - printf(" to: %s\n", port_tostring(mysetdata->last_ip, options)); -} - -static inline void -__portmap_printips_sorted(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_portmap *mysetdata = set->settype->header; - ip_set_ip_t addr = mysetdata->first_ip; - - DP("%u -- %u", mysetdata->first_ip, mysetdata->last_ip); - while (addr <= mysetdata->last_ip) { - if (test_bit(addr - mysetdata->first_ip, data)) - printf("%s\n", port_tostring(addr, options)); - addr++; - } -} - -static void -portmap_printips_sorted(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - ip_set_ip_t *ip; - size_t offset = 0; - - if (dont_align) - return __portmap_printips_sorted(set, data, len, options); - - while (offset < len) { - ip = data + offset; - printf("%s\n", port_tostring(*ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -portmap_saveheader(struct set *set, unsigned options) -{ - struct ip_set_portmap *mysetdata = set->settype->header; - - printf("-N %s %s --from %s", - set->name, - set->settype->typename, - port_tostring(mysetdata->first_ip, options)); - printf(" --to %s\n", - port_tostring(mysetdata->last_ip, options)); -} - -static inline void -__portmap_saveips(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options) -{ - struct ip_set_portmap *mysetdata = set->settype->header; - ip_set_ip_t addr = mysetdata->first_ip; - - while (addr <= mysetdata->last_ip) { - DP("addr: %lu, last_ip %lu", (long unsigned)addr, (long unsigned)mysetdata->last_ip); - if (test_bit(addr - mysetdata->first_ip, data)) - printf("-A %s %s\n", - set->name, - port_tostring(addr, options)); - addr++; - } -} - -static void -portmap_saveips(struct set *set, void *data, - u_int32_t len, unsigned options, - char dont_align) -{ - ip_set_ip_t *ip; - size_t offset = 0; - - if (dont_align) - return __portmap_saveips(set, data, len, options); - - while (offset < len) { - ip = data + offset; - printf("-A %s %s\n", set->name, port_tostring(*ip, options)); - offset += IPSET_ALIGN(sizeof(ip_set_ip_t)); - } -} - -static void -portmap_usage(void) -{ - printf - ("-N set portmap --from PORT --to PORT\n" - "-A set PORT\n" - "-D set PORT\n" - "-T set PORT\n"); -} - -static struct settype settype_portmap = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_portmap_create), - .create_init = portmap_create_init, - .create_parse = portmap_create_parse, - .create_final = portmap_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_portmap), - .adt_parser = portmap_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_portmap), - .initheader = portmap_initheader, - .printheader = portmap_printheader, - .printips = portmap_printips_sorted, - .printips_sorted = portmap_printips_sorted, - .saveheader = portmap_saveheader, - .saveips = portmap_saveips, - - .usage = portmap_usage, -}; - -CONSTRUCTOR(portmap) -{ - settype_register(&settype_portmap); - -} diff --git a/src/ipset_setlist.c b/src/ipset_setlist.c deleted file mode 100644 index de16c44..0000000 --- a/src/ipset_setlist.c +++ /dev/null @@ -1,229 +0,0 @@ -/* Copyright 2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include -#include -#include -#include -#include -#include - -#include -#include "ipset.h" - -/* Initialize the create. */ -static void -setlist_create_init(void *data) -{ - struct ip_set_req_setlist_create *mydata = data; - - mydata->size = 8; -} - -/* Function which parses command options; returns true if it ate an option */ -static int -setlist_create_parse(int c, char *argv[] UNUSED, void *data, - unsigned *flags UNUSED) -{ - struct ip_set_req_setlist_create *mydata = data; - unsigned int size; - - switch (c) { - case '1': - if (string_to_number(optarg, 1, 255, &size)) - exit_error(PARAMETER_PROBLEM, - "Invalid size '%s specified: must be " - "between 1-255", optarg); - mydata->size = size; - break; - default: - return 0; - } - return 1; -} - -/* Final check; exit if not ok. */ -static void -setlist_create_final(void *data UNUSED, unsigned int flags UNUSED) -{ -} - -/* Create commandline options */ -static const struct option create_opts[] = { - {.name = "size", .has_arg = required_argument, .val = '1'}, - {NULL}, -}; - -static void -check_setname(const char *name) -{ - if (strlen(name) > IP_SET_MAXNAMELEN - 1) - exit_error(PARAMETER_PROBLEM, - "Setname %s is longer than %d characters.", - name, IP_SET_MAXNAMELEN - 1); -} - -/* Add, del, test parser */ -static ip_set_ip_t -setlist_adt_parser(int cmd UNUSED, const char *arg, void *data) -{ - struct ip_set_req_setlist *mydata = data; - char *saved = ipset_strdup(arg); - char *ptr, *tmp = saved; - - DP("setlist: %p %p", arg, data); - - ptr = strsep(&tmp, ","); - check_setname(ptr); - strcpy(mydata->name, ptr); - - if (!tmp) { - mydata->before = 0; - mydata->ref[0] = '\0'; - return 1; - } - - ptr = strsep(&tmp, ","); - - if (tmp == NULL || !(strcmp(ptr, "before") == 0 || strcmp(ptr, "after") == 0)) - exit_error(PARAMETER_PROBLEM, - "Syntax error, you must specify elements as setname,[before|after],setname"); - - check_setname(tmp); - strcpy(mydata->ref, tmp); - mydata->before = !strcmp(ptr, "before"); - - free(saved); - - return 1; -} - -/* - * Print and save - */ - -static void -setlist_initheader(struct set *set, const void *data) -{ - const struct ip_set_req_setlist_create *header = data; - struct ip_set_setlist *map = set->settype->header; - - memset(map, 0, sizeof(struct ip_set_setlist)); - map->size = header->size; -} - -static void -setlist_printheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_setlist *mysetdata = set->settype->header; - - printf(" size: %u\n", mysetdata->size); -} - -static void -setlist_printips_sorted(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options UNUSED, - char dont_align) -{ - struct ip_set_setlist *mysetdata = set->settype->header; - int i, asize; - ip_set_id_t *id; - struct set *elem; - - asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); - for (i = 0; i < mysetdata->size; i++ ) { - DP("Try %u", i); - id = (ip_set_id_t *)(data + i * asize); - DP("Try %u, check", i); - if (*id == IP_SET_INVALID_ID) - return; - elem = set_find_byid(*id); - printf("%s\n", elem->name); - } -} - -static void -setlist_saveheader(struct set *set, unsigned options UNUSED) -{ - struct ip_set_setlist *mysetdata = set->settype->header; - - printf("-N %s %s --size %u\n", - set->name, set->settype->typename, - mysetdata->size); -} - -static void -setlist_saveips(struct set *set, void *data, - u_int32_t len UNUSED, unsigned options UNUSED, char dont_align) -{ - struct ip_set_setlist *mysetdata = set->settype->header; - int i, asize; - ip_set_id_t *id; - struct set *elem; - - asize = IPSET_VALIGN(sizeof(ip_set_id_t), dont_align); - for (i = 0; i < mysetdata->size; i++ ) { - id = (ip_set_id_t *)(data + i * asize); - if (*id == IP_SET_INVALID_ID) - return; - elem = set_find_byid(*id); - printf("-A %s %s\n", set->name, elem->name); - } -} - -static void -setlist_usage(void) -{ - printf - ("-N set setlist --size size\n" - "-A set setname[,before|after,setname]\n" - "-D set setname\n" - "-T set setname\n"); -} - -static struct settype settype_setlist = { - .typename = SETTYPE_NAME, - .protocol_version = IP_SET_PROTOCOL_VERSION, - - /* Create */ - .create_size = sizeof(struct ip_set_req_setlist_create), - .create_init = setlist_create_init, - .create_parse = setlist_create_parse, - .create_final = setlist_create_final, - .create_opts = create_opts, - - /* Add/del/test */ - .adt_size = sizeof(struct ip_set_req_setlist), - .adt_parser = setlist_adt_parser, - - /* Printing */ - .header_size = sizeof(struct ip_set_setlist), - .initheader = setlist_initheader, - .printheader = setlist_printheader, - .printips = setlist_printips_sorted, - .printips_sorted = setlist_printips_sorted, - .saveheader = setlist_saveheader, - .saveips = setlist_saveips, - - .usage = setlist_usage, -}; - -CONSTRUCTOR(setlist) -{ - settype_register(&settype_setlist); - -} diff --git a/src/ipset_tree_ip.c b/src/ipset_tree_ip.c new file mode 100644 index 0000000..508e67a --- /dev/null +++ b/src/ipset_tree_ip.c @@ -0,0 +1,224 @@ +/* Copyright 2005 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include /* UINT_MAX */ +#include /* *printf */ +#include /* mem* */ + +#include "ipset.h" + +#include + +#define BUFLEN 30; + +#define OPT_CREATE_TIMEOUT 0x01U + +/* Initialize the create. */ +static void +iptree_create_init(void *data) +{ + struct ip_set_req_iptree_create *mydata = data; + + DP("create INIT"); + mydata->timeout = 0; +} + +/* Function which parses command options; returns true if it ate an option */ +static int +iptree_create_parse(int c, char *argv[] UNUSED, void *data, unsigned *flags) +{ + struct ip_set_req_iptree_create *mydata = data; + + DP("create_parse"); + + switch (c) { + case '1': + string_to_number(optarg, 0, UINT_MAX, &mydata->timeout); + + *flags |= OPT_CREATE_TIMEOUT; + + DP("--timeout %u", mydata->timeout); + + break; + default: + return 0; + } + + return 1; +} + +/* Final check; exit if not ok. */ +static void +iptree_create_final(void *data UNUSED, unsigned int flags UNUSED) +{ +} + +/* Create commandline options */ +static const struct option create_opts[] = { + {.name = "timeout", .has_arg = required_argument, .val = '1'}, + {NULL}, +}; + +/* Add, del, test parser */ +static ip_set_ip_t +iptree_adt_parser(int cmd UNUSED, const char *arg, void *data) +{ + struct ip_set_req_iptree *mydata = data; + char *saved = ipset_strdup(arg); + char *ptr, *tmp = saved; + + DP("iptree: %p %p", arg, data); + + if (((ptr = strchr(tmp, ':')) || (ptr = strchr(tmp, '%'))) && ++warn_once == 1) + fprintf(stderr, "Warning: please use ',' separator token between ip,timeout.\n" + "Next release won't support old separator tokens.\n"); + + ptr = strsep(&tmp, ":%,"); + parse_ip(ptr, &mydata->ip); + + if (tmp) + string_to_number(tmp, 0, UINT_MAX, &mydata->timeout); + else + mydata->timeout = 0; + + ipset_free(saved); + return 1; +} + +/* + * Print and save + */ + +static void +iptree_initheader(struct set *set, const void *data) +{ + const struct ip_set_req_iptree_create *header = data; + struct ip_set_iptree *map = set->settype->header; + + map->timeout = header->timeout; +} + +static void +iptree_printheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_iptree *mysetdata = set->settype->header; + + if (mysetdata->timeout) + printf(" timeout: %u", mysetdata->timeout); + printf("\n"); +} + +static void +iptree_printips_sorted(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_iptree *mysetdata = set->settype->header; + struct ip_set_req_iptree *req; + size_t offset = 0; + + while (len >= offset + sizeof(struct ip_set_req_iptree)) { + req = (struct ip_set_req_iptree *)(data + offset); + if (mysetdata->timeout) + printf("%s,%u\n", ip_tostring(req->ip, options), + req->timeout); + else + printf("%s\n", ip_tostring(req->ip, options)); + offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); + } +} + +static void +iptree_saveheader(struct set *set, unsigned options UNUSED) +{ + struct ip_set_iptree *mysetdata = set->settype->header; + + if (mysetdata->timeout) + printf("-N %s %s --timeout %u\n", + set->name, set->settype->typename, + mysetdata->timeout); + else + printf("-N %s %s\n", + set->name, set->settype->typename); +} + +static void +iptree_saveips(struct set *set, void *data, u_int32_t len, + unsigned options, char dont_align) +{ + struct ip_set_iptree *mysetdata = set->settype->header; + struct ip_set_req_iptree *req; + size_t offset = 0; + + DP("%s", set->name); + + while (len >= offset + sizeof(struct ip_set_req_iptree)) { + req = (struct ip_set_req_iptree *)(data + offset); + if (mysetdata->timeout) + printf("-A %s %s,%u\n", + set->name, + ip_tostring(req->ip, options), + req->timeout); + else + printf("-A %s %s\n", + set->name, + ip_tostring(req->ip, options)); + offset += IPSET_VALIGN(sizeof(struct ip_set_req_iptree), dont_align); + } +} + +static void +iptree_usage(void) +{ + printf + ("-N set iptree [--timeout value]\n" + "-A set IP[,timeout]\n" + "-D set IP\n" + "-T set IP\n"); +} + +static struct settype settype_iptree = { + .typename = SETTYPE_NAME, + .protocol_version = IP_SET_PROTOCOL_VERSION, + + /* Create */ + .create_size = sizeof(struct ip_set_req_iptree_create), + .create_init = iptree_create_init, + .create_parse = iptree_create_parse, + .create_final = iptree_create_final, + .create_opts = create_opts, + + /* Add/del/test */ + .adt_size = sizeof(struct ip_set_req_iptree), + .adt_parser = iptree_adt_parser, + + /* Printing */ + .header_size = sizeof(struct ip_set_iptree), + .initheader = iptree_initheader, + .printheader = iptree_printheader, + .printips = iptree_printips_sorted, /* We only have sorted version */ + .printips_sorted = iptree_printips_sorted, + .saveheader = iptree_saveheader, + .saveips = iptree_saveips, + + .usage = iptree_usage, +}; + +CONSTRUCTOR(iptree) +{ + settype_register(&settype_iptree); + +} -- cgit v1.2.3