From 2d280014e281b520280b1a11662aea0da2ffc59c Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Thu, 11 Jun 2009 12:27:09 +0200 Subject: Updated set/SET match and target to support multiple ipset protocols. By checking the protocol version of the kernel part, the sockopt type of ipset protocols are all supported. Forward compatibility with the netlink based protocol is missing. The --set option of the set match is replaced by --match-set to avoid clashing with the recent match, but the old option is also kept. Manpages are updated, references to bindings removed. --- extensions/libipt_set.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) (limited to 'extensions/libipt_set.c') diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c index 33a2c8b9..50753599 100644 --- a/extensions/libipt_set.c +++ b/extensions/libipt_set.c @@ -24,15 +24,16 @@ static void set_help(void) { printf("set match options:\n" - " [!] --set name flags\n" - " 'name' is the set name from to match,\n" - " 'flags' are the comma separated list of\n" - " 'src' and 'dst'.\n"); + " [!] --match-set name flags\n" + " 'name' is the set name from to match,\n" + " 'flags' are the comma separated list of\n" + " 'src' and 'dst' specifications.\n"); } static const struct option set_opts[] = { - {"set", 1, NULL, '1'}, - { } + { .name = "match-set", .has_arg = true, .val = '1'}, + { .name = "set", .has_arg = true, .val = '2'}, + { .name = NULL } }; static void set_init(struct xt_entry_match *match) @@ -53,10 +54,15 @@ static int set_parse(int c, char **argv, int invert, unsigned int *flags, struct ipt_set_info *info = &myinfo->match_set; switch (c) { - case '1': /* --set [, */ + case '2': +#if 0 + fprintf(stderr, + "--set option deprecated, please use --match-set\n"); +#endif + case '1': /* --match-set [, */ if (info->flags[0]) xtables_error(PARAMETER_PROBLEM, - "--set can be specified only once"); + "--match-set can be specified only once"); xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) @@ -66,7 +72,7 @@ static int set_parse(int c, char **argv, int invert, unsigned int *flags, || argv[optind][0] == '-' || argv[optind][0] == '!') xtables_error(PARAMETER_PROBLEM, - "--set requires two args."); + "--match-set requires two args."); if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1) xtables_error(PARAMETER_PROBLEM, @@ -92,7 +98,7 @@ static void set_check(unsigned int flags) { if (!flags) xtables_error(PARAMETER_PROBLEM, - "You must specify `--set' with proper arguments"); + "You must specify `--match-set' with proper arguments"); DEBUGP("final check OK\n"); } @@ -123,14 +129,14 @@ static void set_print(const void *ip, const struct xt_entry_match *match, { const struct ipt_set_info_match *info = (const void *)match->data; - print_match("set", &info->match_set); + print_match("match-set", &info->match_set); } static void set_save(const void *ip, const struct xt_entry_match *match) { const struct ipt_set_info_match *info = (const void *)match->data; - print_match("--set", &info->match_set); + print_match("--match-set", &info->match_set); } static struct xtables_match set_mt_reg = { -- cgit v1.2.3