/* Copyright 2011 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include /* IPSET_OPT_* */ #include /* parser functions */ #include /* printing functions */ #include /* ipset_port_usage */ #include /* prototypes */ /* Parse commandline arguments */ static const struct ipset_arg hash_netiface_create_args0[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, }, /* Alias: family inet */ { .name = { "-4", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, /* Alias: family inet6 */ { .name = { "-6", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, { .name = { "hashsize", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "maxelem", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { }, }; static const struct ipset_arg hash_netiface_add_args0[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { }, }; static const char hash_netiface_usage0[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" " [timeout VALUE]\n" "add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE]\n" "del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" "test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.\n"; static struct ipset_type ipset_hash_netiface0 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 0, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args0, [IPSET_ADD] = hash_netiface_add_args0, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), }, .usage = hash_netiface_usage0, .description = "Initial revision", }; static const struct ipset_arg hash_netiface_add_args1[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "nomatch", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const char hash_netiface_usage1[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" " [timeout VALUE]\n" "add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" "del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" "test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.\n"; static struct ipset_type ipset_hash_netiface1 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 1, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args0, [IPSET_ADD] = hash_netiface_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_NOMATCH), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), }, .usage = hash_netiface_usage1, .description = "nomatch flag support", }; static struct ipset_type ipset_hash_netiface2 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 2, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args0, [IPSET_ADD] = hash_netiface_add_args1, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_NOMATCH), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), }, .usage = hash_netiface_usage1, .description = "/0 network support", }; /* Parse commandline arguments */ static const struct ipset_arg hash_netiface_create_args3[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, }, /* Alias: family inet */ { .name = { "-4", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, /* Alias: family inet6 */ { .name = { "-6", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, { .name = { "hashsize", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "maxelem", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "counters", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const struct ipset_arg hash_netiface_add_args3[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "nomatch", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "packets", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, .parse = ipset_parse_uint64, .print = ipset_print_number, }, { .name = { "bytes", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, .parse = ipset_parse_uint64, .print = ipset_print_number, }, { }, }; static const struct ipset_arg hash_netiface_test_args3[] = { { .name = { "nomatch", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const char hash_netiface_usage3[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" " [timeout VALUE] [counters]\n" "add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" " [packets VALUE] [bytes VALUE]\n" "del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" "test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.\n"; static struct ipset_type ipset_hash_netiface3 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 3, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args3, [IPSET_ADD] = hash_netiface_add_args3, [IPSET_TEST] = hash_netiface_test_args3, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_COUNTERS), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_NOMATCH) | IPSET_FLAG(IPSET_OPT_PACKETS) | IPSET_FLAG(IPSET_OPT_BYTES), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_NOMATCH), }, .usage = hash_netiface_usage3, .description = "counters support", }; /* Parse commandline arguments */ static const struct ipset_arg hash_netiface_create_args4[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, }, /* Alias: family inet */ { .name = { "-4", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, /* Alias: family inet6 */ { .name = { "-6", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, { .name = { "hashsize", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "maxelem", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "counters", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "comment", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const struct ipset_arg hash_netiface_add_args4[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "nomatch", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "packets", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, .parse = ipset_parse_uint64, .print = ipset_print_number, }, { .name = { "bytes", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, .parse = ipset_parse_uint64, .print = ipset_print_number, }, { .name = { "comment", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT, .parse = ipset_parse_comment, .print = ipset_print_comment, }, { }, }; static const struct ipset_arg hash_netiface_test_args4[] = { { .name = { "nomatch", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const char hash_netiface_usage4[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" " [timeout VALUE] [counters] [comment]\n" "add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" " [packets VALUE] [bytes VALUE] [comment \"string\"]\n" "del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" "test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.\n"; static struct ipset_type ipset_hash_netiface4 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 4, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args4, [IPSET_ADD] = hash_netiface_add_args4, [IPSET_TEST] = hash_netiface_test_args4, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_COUNTERS) | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_NOMATCH) | IPSET_FLAG(IPSET_OPT_PACKETS) | IPSET_FLAG(IPSET_OPT_BYTES) | IPSET_FLAG(IPSET_OPT_ADT_COMMENT), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_NOMATCH), }, .usage = hash_netiface_usage4, .description = "comment support", }; /* Parse commandline arguments */ static const struct ipset_arg hash_netiface_create_args5[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, }, /* Alias: family inet */ { .name = { "-4", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, /* Alias: family inet6 */ { .name = { "-6", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, { .name = { "hashsize", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "maxelem", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "counters", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "comment", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "forceadd", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const char hash_netiface_usage5[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" " [timeout VALUE] [counters] [comment]\n" " [forceadd]\n" "add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" " [packets VALUE] [bytes VALUE] [comment \"string\"]\n" "del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" "test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.\n"; static struct ipset_type ipset_hash_netiface5 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 5, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args5, [IPSET_ADD] = hash_netiface_add_args4, [IPSET_TEST] = hash_netiface_test_args4, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_COUNTERS) | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT) | IPSET_FLAG(IPSET_OPT_FORCEADD), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_NOMATCH) | IPSET_FLAG(IPSET_OPT_PACKETS) | IPSET_FLAG(IPSET_OPT_BYTES) | IPSET_FLAG(IPSET_OPT_ADT_COMMENT), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_NOMATCH), }, .usage = hash_netiface_usage5, .description = "forceadd support", }; /* Parse commandline arguments */ static const struct ipset_arg hash_netiface_create_args6[] = { { .name = { "family", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, .print = ipset_print_family, }, /* Alias: family inet */ { .name = { "-4", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, /* Alias: family inet6 */ { .name = { "-6", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY, .parse = ipset_parse_family, }, { .name = { "hashsize", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "maxelem", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM, .parse = ipset_parse_uint32, .print = ipset_print_number, }, { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "counters", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "comment", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "forceadd", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "skbinfo", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_SKBINFO, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { }, }; static const struct ipset_arg hash_netiface_add_args6[] = { { .name = { "timeout", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, .parse = ipset_parse_timeout, .print = ipset_print_number, }, { .name = { "nomatch", NULL }, .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH, .parse = ipset_parse_flag, .print = ipset_print_flag, }, { .name = { "packets", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, .parse = ipset_parse_uint64, .print = ipset_print_number, }, { .name = { "bytes", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, .parse = ipset_parse_uint64, .print = ipset_print_number, }, { .name = { "comment", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT, .parse = ipset_parse_comment, .print = ipset_print_comment, }, { .name = { "skbmark", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBMARK, .parse = ipset_parse_skbmark, .print = ipset_print_skbmark, }, { .name = { "skbprio", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBPRIO, .parse = ipset_parse_skbprio, .print = ipset_print_skbprio, }, { .name = { "skbqueue", NULL }, .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBQUEUE, .parse = ipset_parse_uint16, .print = ipset_print_number, }, { }, }; static const char hash_netiface_usage6[] = "create SETNAME hash:net,iface\n" " [family inet|inet6]\n" " [hashsize VALUE] [maxelem VALUE]\n" " [timeout VALUE] [counters] [comment]\n" " [forceadd] [skbinfo]\n" "add SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE [timeout VALUE] [nomatch]\n" " [packets VALUE] [bytes VALUE] [comment \"string\"]\n" " [skbmark VALUE] [skbprip VALUE] [skbqueue VALUE]\n" "del SETNAME IP[/CIDR]|FROM-TO,[physdev:]IFACE\n" "test SETNAME IP[/CIDR],[physdev:]IFACE\n\n" "where depending on the INET family\n" " IP is a valid IPv4 or IPv6 address (or hostname),\n" " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n" " Adding/deleting multiple elements with IPv4 is supported.\n"; static struct ipset_type ipset_hash_netiface6 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 6, .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE }, }, .args = { [IPSET_CREATE] = hash_netiface_create_args6, [IPSET_ADD] = hash_netiface_add_args6, [IPSET_TEST] = hash_netiface_test_args4, }, .mandatory = { [IPSET_CREATE] = 0, [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_IFACE), }, .full = { [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) | IPSET_FLAG(IPSET_OPT_MAXELEM) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_COUNTERS) | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT) | IPSET_FLAG(IPSET_OPT_FORCEADD) | IPSET_FLAG(IPSET_OPT_SKBINFO), [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_TIMEOUT) | IPSET_FLAG(IPSET_OPT_NOMATCH) | IPSET_FLAG(IPSET_OPT_PACKETS) | IPSET_FLAG(IPSET_OPT_BYTES) | IPSET_FLAG(IPSET_OPT_ADT_COMMENT) | IPSET_FLAG(IPSET_OPT_SKBMARK) | IPSET_FLAG(IPSET_OPT_SKBPRIO) | IPSET_FLAG(IPSET_OPT_SKBQUEUE), [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV), [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) | IPSET_FLAG(IPSET_OPT_CIDR) | IPSET_FLAG(IPSET_OPT_IP_TO) | IPSET_FLAG(IPSET_OPT_IFACE) | IPSET_FLAG(IPSET_OPT_PHYSDEV) | IPSET_FLAG(IPSET_OPT_NOMATCH), }, .usage = hash_netiface_usage6, .description = "skbinfo support", }; void _init(void); void _init(void) { ipset_type_add(&ipset_hash_netiface0); ipset_type_add(&ipset_hash_netiface1); ipset_type_add(&ipset_hash_netiface2); ipset_type_add(&ipset_hash_netiface3); ipset_type_add(&ipset_hash_netiface4); ipset_type_add(&ipset_hash_netiface5); ipset_type_add(&ipset_hash_netiface6); }