summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2010-10-24 21:42:48 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2010-10-24 21:42:48 +0200
commit0d32c5c070f817229110f92d7b31df9a3e4eeec5 (patch)
tree5ee04a9e03de32d2029ad0d708811e382ca922d1 /include
parent62a3d29539aa109fed1c8a20d63ef95948b13842 (diff)
Fixes, cleanups, commentsv5.0-pre8
- More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
Diffstat (limited to 'include')
-rw-r--r--include/libipset/errcode.h7
-rw-r--r--include/libipset/icmp.h16
-rw-r--r--include/libipset/icmpv6.h16
-rw-r--r--include/libipset/linux_ip_set.h19
-rw-r--r--include/libipset/linux_ip_set_bitmap.h2
-rw-r--r--include/libipset/linux_ip_set_hash.h6
-rw-r--r--include/libipset/linux_ip_set_list.h6
-rw-r--r--include/libipset/nf_inet_addr.h2
-rw-r--r--include/libipset/parse.h13
-rw-r--r--include/libipset/print.h58
-rw-r--r--include/libipset/types.h29
-rw-r--r--include/libipset/ui.h3
-rw-r--r--include/libipset/utils.h4
13 files changed, 128 insertions, 53 deletions
diff --git a/include/libipset/errcode.h b/include/libipset/errcode.h
index 5ad41ff..ed56eb5 100644
--- a/include/libipset/errcode.h
+++ b/include/libipset/errcode.h
@@ -11,10 +11,11 @@
struct ipset_session;
+/* Kernel error code to message table */
struct ipset_errcode_table {
- int errcode;
- enum ipset_cmd cmd;
- const char *message;
+ int errcode; /* error code returned by the kernel */
+ enum ipset_cmd cmd; /* issued command */
+ const char *message; /* error message the code translated to */
};
extern int ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd,
diff --git a/include/libipset/icmp.h b/include/libipset/icmp.h
new file mode 100644
index 0000000..89604cd
--- /dev/null
+++ b/include/libipset/icmp.h
@@ -0,0 +1,16 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_ICMP_H
+#define LIBIPSET_ICMP_H
+
+#include <stdint.h> /* uintxx_t */
+
+extern const char * id_to_icmp(uint8_t id);
+extern const char * icmp_to_name(uint8_t type, uint8_t code);
+extern int name_to_icmp(const char *str, uint16_t *typecode);
+
+#endif /* LIBIPSET_ICMP_H */
diff --git a/include/libipset/icmpv6.h b/include/libipset/icmpv6.h
new file mode 100644
index 0000000..b23c822
--- /dev/null
+++ b/include/libipset/icmpv6.h
@@ -0,0 +1,16 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_ICMPV6_H
+#define LIBIPSET_ICMPV6_H
+
+#include <stdint.h> /* uintxx_t */
+
+extern const char * id_to_icmpv6(uint8_t id);
+extern const char * icmpv6_to_name(uint8_t type, uint8_t code);
+extern int name_to_icmpv6(const char *str, uint16_t *typecode);
+
+#endif /* LIBIPSET_ICMPV6_H */
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index 0ad2b14..c3296df 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -52,7 +52,7 @@ enum {
IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
IPSET_ATTR_SETNAME, /* 2: Name of the set */
IPSET_ATTR_TYPENAME, /* 3: Typename */
- IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* rename/swap */
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
IPSET_ATTR_REVISION, /* 4: Settype revision */
IPSET_ATTR_FAMILY, /* 5: Settype family */
IPSET_ATTR_FLAGS, /* 6: Flags at command level */
@@ -77,7 +77,7 @@ enum {
IPSET_ATTR_TIMEOUT, /* 6 */
IPSET_ATTR_PROTO, /* 7 */
IPSET_ATTR_CADT_FLAGS, /* 8 */
- IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO,
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16,
/* Create-only specific attributes */
@@ -108,6 +108,14 @@ enum {
};
#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
+/* IP specific attributes */
+enum {
+ IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IPADDR_IPV6,
+ __IPSET_ATTR_IPADDR_MAX,
+};
+#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
+
/* Error codes */
enum ipset_errno {
IPSET_ERR_PRIVATE = 128,
@@ -123,16 +131,20 @@ enum ipset_errno {
IPSET_ERR_INVALID_FAMILY,
IPSET_ERR_TIMEOUT,
IPSET_ERR_REFERENCED,
+ IPSET_ERR_IPADDR_IPV4,
+ IPSET_ERR_IPADDR_IPV6,
/* Type specific error codes */
IPSET_ERR_TYPE_SPECIFIC = 160,
};
+/* Flags at command level */
enum ipset_cmd_flags {
IPSET_FLAG_BIT_EXIST = 0,
IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
};
+/* Flags at CADT attribute level */
enum ipset_cadt_flags {
IPSET_FLAG_BIT_BEFORE = 0,
IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
@@ -148,7 +160,4 @@ enum ipset_adt {
IPSET_CADT_MAX,
};
-#define IPSET_IPPROTO_ANY 255
-#define IPSET_IPPROTO_TCPUDP 254
-
#endif /* __IP_SET_H */
diff --git a/include/libipset/linux_ip_set_bitmap.h b/include/libipset/linux_ip_set_bitmap.h
index 01ea534..95fb963 100644
--- a/include/libipset/linux_ip_set_bitmap.h
+++ b/include/libipset/linux_ip_set_bitmap.h
@@ -3,7 +3,9 @@
/* Bitmap type specific error codes */
enum {
+ /* The element is out of the range of the set */
IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
+ /* The range exceeds the size limit of the set type */
IPSET_ERR_BITMAP_RANGE_SIZE,
};
diff --git a/include/libipset/linux_ip_set_hash.h b/include/libipset/linux_ip_set_hash.h
index db6977b..7c6336a 100644
--- a/include/libipset/linux_ip_set_hash.h
+++ b/include/libipset/linux_ip_set_hash.h
@@ -1,11 +1,15 @@
#ifndef __IP_SET_HASH_H
#define __IP_SET_HASH_H
-/* Bitmap type specific error codes */
+/* Hash type specific error codes */
enum {
+ /* Hash is full */
IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
+ /* Null-valued element */
IPSET_ERR_HASH_ELEM,
+ /* Invalid protocol */
IPSET_ERR_INVALID_PROTO,
+ /* Protocol missing but must be specified */
IPSET_ERR_MISSING_PROTO,
};
diff --git a/include/libipset/linux_ip_set_list.h b/include/libipset/linux_ip_set_list.h
index cf282c5..2395aa2 100644
--- a/include/libipset/linux_ip_set_list.h
+++ b/include/libipset/linux_ip_set_list.h
@@ -3,11 +3,17 @@
/* List type specific error codes */
enum {
+ /* Set name to be added/deleted/tested does not exist. */
IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
+ /* list:set type is not permitted to add */
IPSET_ERR_LOOP,
+ /* Missing reference set */
IPSET_ERR_BEFORE,
+ /* Reference set does not exist */
IPSET_ERR_NAMEREF,
+ /* Set is full */
IPSET_ERR_LIST_FULL,
+ /* Reference set is not added to the set */
IPSET_ERR_REF_EXIST,
};
diff --git a/include/libipset/nf_inet_addr.h b/include/libipset/nf_inet_addr.h
index 91f1914..0e0701e 100644
--- a/include/libipset/nf_inet_addr.h
+++ b/include/libipset/nf_inet_addr.h
@@ -10,7 +10,7 @@
#include <stdint.h> /* uint32_t */
#include <netinet/in.h> /* struct in[6]_addr */
-/* The same structure to hold IP addresses as in linux/netfilter.h */
+/* The structure to hold IP addresses, same as in linux/netfilter.h */
union nf_inet_addr {
uint32_t all[4];
uint32_t ip;
diff --git a/include/libipset/parse.h b/include/libipset/parse.h
index 1e055ee..aaa1577 100644
--- a/include/libipset/parse.h
+++ b/include/libipset/parse.h
@@ -23,12 +23,19 @@ typedef int (*ipset_parsefn)(struct ipset_session *s,
extern int ipset_parse_ether(struct ipset_session *session,
enum ipset_opt opt, const char *str);
-extern int ipset_parse_single_port(struct ipset_session *session,
- enum ipset_opt opt, const char *str);
extern int ipset_parse_port(struct ipset_session *session,
- enum ipset_opt opt, const char *str);
+ enum ipset_opt opt, const char *str,
+ const char *proto);
+extern int ipset_parse_tcp_port(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_single_tcp_port(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
extern int ipset_parse_proto(struct ipset_session *session,
enum ipset_opt opt, const char *str);
+extern int ipset_parse_icmp(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_icmpv6(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
extern int ipset_parse_proto_port(struct ipset_session *session,
enum ipset_opt opt, const char *str);
extern int ipset_parse_family(struct ipset_session *session,
diff --git a/include/libipset/print.h b/include/libipset/print.h
index 1fc5abc..963b42e 100644
--- a/include/libipset/print.h
+++ b/include/libipset/print.h
@@ -10,50 +10,56 @@
#include <libipset/data.h> /* enum ipset_opt */
typedef int (*ipset_printfn)(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_ether(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_family(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_type(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_ip(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_ipaddr(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_number(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_name(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_port(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_proto(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
+extern int ipset_print_icmp(char *buf, unsigned int len,
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
+extern int ipset_print_icmpv6(char *buf, unsigned int len,
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_proto_port(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);
extern int ipset_print_flag(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_elem(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
#define ipset_print_portnum ipset_print_number
extern int ipset_print_data(char *buf, unsigned int len,
- const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env);
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
#endif /* LIBIPSET_PRINT_H */
diff --git a/include/libipset/types.h b/include/libipset/types.h
index 6a17750..f1847aa 100644
--- a/include/libipset/types.h
+++ b/include/libipset/types.h
@@ -77,22 +77,23 @@ struct ipset_elem {
* but for the readability the full list is supported.
*/
struct ipset_type {
- char name[IPSET_MAXNAMELEN]; /* type name */
- uint8_t revision; /* revision number */
- uint8_t family; /* supported family */
- uint8_t dimension; /* elem dimension */
- int8_t kernel_check; /* kernel check */
- bool last_elem_optional; /* last element optional */
- struct ipset_elem elem[IPSET_DIM_MAX]; /* parse elem */
- ipset_parsefn compat_parse_elem; /* compatibility parser */
- const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args except elem */
- uint64_t mandatory[IPSET_CADT_MAX]; /* create/ADT mandatory flags */
- uint64_t full[IPSET_CADT_MAX]; /* full args flags */
- size_t maxsize[IPSET_MAXSIZE_MAX]; /* max sizes */
- const char *usage; /* terse usage */
+ char name[IPSET_MAXNAMELEN]; /* type name */
+ uint8_t revision; /* revision number */
+ uint8_t family; /* supported family */
+ uint8_t dimension; /* elem dimension */
+ int8_t kernel_check; /* kernel check */
+ bool last_elem_optional; /* last element optional */
+ struct ipset_elem elem[IPSET_DIM_MAX]; /* parse elem */
+ ipset_parsefn compat_parse_elem; /* compatibility parser */
+ const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args besides elem */
+ uint64_t mandatory[IPSET_CADT_MAX]; /* create/ADT mandatory flags */
+ uint64_t full[IPSET_CADT_MAX]; /* full args flags */
+ size_t maxsize[IPSET_MAXSIZE_MAX]; /* max sizes */
+ const char *usage; /* terse usage */
+ void (*usagefn)(void); /* additional usage */
struct ipset_type *next;
- const char *alias[]; /* name alias(es) */
+ const char *alias[]; /* name alias(es) */
};
extern int ipset_cache_add(const char *name, const struct ipset_type *type,
diff --git a/include/libipset/ui.h b/include/libipset/ui.h
index f8eeae0..b05b737 100644
--- a/include/libipset/ui.h
+++ b/include/libipset/ui.h
@@ -7,6 +7,8 @@
#ifndef LIBIPSET_UI_H
#define LIBIPSET_UI_H
+#include <libipset/linux_ip_set.h> /* enum ipset_cmd */
+
/* Commands in userspace */
struct ipset_commands {
enum ipset_cmd cmd;
@@ -37,5 +39,6 @@ extern bool ipset_match_cmd(const char *arg, const char * const name[]);
extern bool ipset_match_option(const char *arg, const char * const name[]);
extern bool ipset_match_envopt(const char *arg, const char * const name[]);
extern void ipset_shift_argv(int *argc, char *argv[], int from);
+extern void ipset_port_usage(void);
#endif /* LIBIPSET_UI_H */
diff --git a/include/libipset/utils.h b/include/libipset/utils.h
index 672bfa9..75efdac 100644
--- a/include/libipset/utils.h
+++ b/include/libipset/utils.h
@@ -24,6 +24,10 @@
#define UNUSED __attribute__ ((unused))
+#ifndef ARRAY_SIZE
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+#endif
+
static inline void
in4cpy(struct in_addr *dest, const struct in_addr *src)
{