summaryrefslogtreecommitdiffstats
path: root/lib/ipset_hash_ipportip.c
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2017-10-09 18:43:04 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2018-01-02 21:47:27 +0100
commitd71dd93599b932693f045301424c2276cd25a87e (patch)
treed1779c04b8bb2a44915483751ac33e498b1a2ad9 /lib/ipset_hash_ipportip.c
parente2a84a4a7bb8cdebfe4c0990b79179e2fd717a48 (diff)
Userspace revision handling is reworked
In order to make it simpler and more straightforward to express the revisions of the set type, all keywords and their parsing are separated from the individual set types. All backward compatibility arguments are recognized and ignored arguments are supported. Recognized but ignored arguments will be removed in a later release.
Diffstat (limited to 'lib/ipset_hash_ipportip.c')
-rw-r--r--lib/ipset_hash_ipportip.c1096
1 files changed, 404 insertions, 692 deletions
diff --git a/lib/ipset_hash_ipportip.c b/lib/ipset_hash_ipportip.c
index 5eeb245..c7fc153 100644
--- a/lib/ipset_hash_ipportip.c
+++ b/lib/ipset_hash_ipportip.c
@@ -10,81 +10,7 @@
#include <libipset/ui.h> /* ipset_port_usage */
#include <libipset/types.h> /* prototypes */
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportip_create_args1[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportip_add_args1[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { },
-};
-
-static const char hash_ipportip_usage1[] =
-"create SETNAME hash:ip,port,ip\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE]\n"
-"add SETNAME IP,PROTO:PORT,IP [timeout VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP\n"
-"test SETNAME IP,PROTO:PORT,IP\n\n"
-"where depending on the INET family\n"
-" IP is a valid IPv4 or IPv6 address (or hostname).\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in the first IP component is supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* SCTP and UDPLITE support */
static struct ipset_type ipset_hash_ipportip1 = {
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
@@ -108,141 +34,87 @@ static struct ipset_type ipset_hash_ipportip1 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportip_create_args1,
- [IPSET_ADD] = hash_ipportip_add_args1,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
},
-
- .usage = hash_ipportip_usage1,
+ .usage = "where depending on the INET family\n"
+ " IP is a valid IPv4 or IPv6 address (or hostname).\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "SCTP and UDPLITE support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportip_create_args2[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportip_add_args2[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "packets", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "bytes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { },
-};
-
-static const char hash_ipportip_usage2[] =
-"create SETNAME hash:ip,port,ip\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters]\n"
-"add SETNAME IP,PROTO:PORT,IP [timeout VALUE]\n"
-" [packets VALUE] [bytes VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP\n"
-"test SETNAME IP,PROTO:PORT,IP\n\n"
-"where depending on the INET family\n"
-" IP is a valid IPv4 or IPv6 address (or hostname).\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in the first IP component is supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* counters support */
static struct ipset_type ipset_hash_ipportip2 = {
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
@@ -266,152 +138,90 @@ static struct ipset_type ipset_hash_ipportip2 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportip_create_args2,
- [IPSET_ADD] = hash_ipportip_add_args2,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
},
-
- .usage = hash_ipportip_usage2,
+ .usage = "where depending on the INET family\n"
+ " IP is a valid IPv4 or IPv6 address (or hostname).\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "counters support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportip_create_args3[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportip_add_args3[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "packets", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "bytes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT,
- .parse = ipset_parse_comment, .print = ipset_print_comment,
- },
- { },
-};
-
-static const char hash_ipportip_usage3[] =
-"create SETNAME hash:ip,port,ip\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters] [comment]\n"
-"add SETNAME IP,PROTO:PORT,IP [timeout VALUE]\n"
-" [packets VALUE] [bytes VALUE] [comment \"string\"]\n"
-"del SETNAME IP,PROTO:PORT,IP\n"
-"test SETNAME IP,PROTO:PORT,IP\n\n"
-"where depending on the INET family\n"
-" IP is a valid IPv4 or IPv6 address (or hostname).\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in the first IP component is supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* comment support */
static struct ipset_type ipset_hash_ipportip3 = {
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
@@ -435,139 +245,92 @@ static struct ipset_type ipset_hash_ipportip3 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportip_create_args3,
- [IPSET_ADD] = hash_ipportip_add_args3,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS)
- | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES)
- | IPSET_FLAG(IPSET_OPT_ADT_COMMENT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ IPSET_ARG_COMMENT,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_ADT_COMMENT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
},
-
- .usage = hash_ipportip_usage3,
+ .usage = "where depending on the INET family\n"
+ " IP is a valid IPv4 or IPv6 address (or hostname).\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "comment support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportip_create_args4[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "forceadd", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const char hash_ipportip_usage4[] =
-"create SETNAME hash:ip,port,ip\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters] [comment]\n"
-" [forceadd]\n"
-"add SETNAME IP,PROTO:PORT,IP [timeout VALUE]\n"
-" [packets VALUE] [bytes VALUE] [comment \"string\"]\n"
-"del SETNAME IP,PROTO:PORT,IP\n"
-"test SETNAME IP,PROTO:PORT,IP\n\n"
-"where depending on the INET family\n"
-" IP is a valid IPv4 or IPv6 address (or hostname).\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in the first IP component is supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* forceadd support */
static struct ipset_type ipset_hash_ipportip4 = {
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
@@ -591,177 +354,93 @@ static struct ipset_type ipset_hash_ipportip4 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportip_create_args4,
- [IPSET_ADD] = hash_ipportip_add_args3,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS)
- | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT)
- | IPSET_FLAG(IPSET_OPT_FORCEADD),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES)
- | IPSET_FLAG(IPSET_OPT_ADT_COMMENT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ IPSET_ARG_COMMENT,
+ IPSET_ARG_FORCEADD,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_ADT_COMMENT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
},
-
- .usage = hash_ipportip_usage4,
+ .usage = "where depending on the INET family\n"
+ " IP is a valid IPv4 or IPv6 address (or hostname).\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "forceadd support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportip_create_args5[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "forceadd", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "skbinfo", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_SKBINFO,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportip_add_args5[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "packets", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "bytes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT,
- .parse = ipset_parse_comment, .print = ipset_print_comment,
- },
- { .name = { "skbmark", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBMARK,
- .parse = ipset_parse_skbmark, .print = ipset_print_skbmark,
- },
- { .name = { "skbprio", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBPRIO,
- .parse = ipset_parse_skbprio, .print = ipset_print_skbprio,
- },
- { .name = { "skbqueue", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBQUEUE,
- .parse = ipset_parse_uint16, .print = ipset_print_number,
- },
- { },
-};
-
-static const char hash_ipportip_usage5[] =
-"create SETNAME hash:ip,port,ip\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters] [comment]\n"
-" [forceadd] [skbinfo]\n"
-"add SETNAME IP,PROTO:PORT,IP [timeout VALUE]\n"
-" [packets VALUE] [bytes VALUE] [comment \"string\"]\n"
-" [skbmark VALUE] [skbprio VALUE] [skbqueue VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP\n"
-"test SETNAME IP,PROTO:PORT,IP\n\n"
-"where depending on the INET family\n"
-" IP is a valid IPv4 or IPv6 address (or hostname).\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in the first IP component is supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* skbinfo support */
static struct ipset_type ipset_hash_ipportip5 = {
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
@@ -785,59 +464,92 @@ static struct ipset_type ipset_hash_ipportip5 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportip_create_args5,
- [IPSET_ADD] = hash_ipportip_add_args5,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS)
- | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT)
- | IPSET_FLAG(IPSET_OPT_FORCEADD)
- | IPSET_FLAG(IPSET_OPT_SKBINFO),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES)
- | IPSET_FLAG(IPSET_OPT_ADT_COMMENT)
- | IPSET_FLAG(IPSET_OPT_SKBMARK)
- | IPSET_FLAG(IPSET_OPT_SKBPRIO)
- | IPSET_FLAG(IPSET_OPT_SKBQUEUE),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ IPSET_ARG_COMMENT,
+ IPSET_ARG_FORCEADD,
+ IPSET_ARG_SKBINFO,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_ADT_COMMENT,
+ IPSET_ARG_SKBMARK,
+ IPSET_ARG_SKBPRIO,
+ IPSET_ARG_SKBQUEUE,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .help = "IP,[PROTO:]PORT,IP",
+ },
},
-
- .usage = hash_ipportip_usage5,
+ .usage = "where depending on the INET family\n"
+ " IP is a valid IPv4 or IPv6 address (or hostname).\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "skbinfo support",
};