diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-05-30 17:48:01 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-05-30 21:30:10 +0200 |
| commit | 418a3a4f4d4e38abd1d691f81f2445590f02ecaf (patch) | |
| tree | a41ed16b366c854786eea8f3da5c80fa50636dc6 /lib/print.c | |
| parent | 4e21d6b5ce623f7601a872b94f3b88105356e2d3 (diff) | |
hash:net,iface type introduced
The hash:net,iface type makes possible to store network address and
interface name pairs in a set. It's mostly suitable for egress
and ingress filtering. Examples:
# ipset create test hash:net,iface
# ipset add test 192.168.0.0/16,eth0
# ipset add test 192.168.0.0/24,eth1
Diffstat (limited to 'lib/print.c')
| -rw-r--r-- | lib/print.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/lib/print.c b/lib/print.c index 66b9c1a..bcccd3f 100644 --- a/lib/print.c +++ b/lib/print.c @@ -12,6 +12,7 @@ #include <sys/socket.h> /* inet_ntop */ #include <arpa/inet.h> /* inet_ntop */ #include <net/ethernet.h> /* ETH_ALEN */ +#include <net/if.h> /* IFNAMSIZ */ #include <libipset/debug.h> /* D() */ #include <libipset/data.h> /* ipset_data_* */ @@ -444,6 +445,45 @@ ipset_print_port(char *buf, unsigned int len, } /** + * ipset_print_iface - print interface element string + * @buf: printing buffer + * @len: length of available buffer space + * @data: data blob + * @opt: the option kind + * @env: environment flags + * + * Print interface element string to output buffer. + * + * Return lenght of printed string or error size. + */ +int +ipset_print_iface(char *buf, unsigned int len, + const struct ipset_data *data, enum ipset_opt opt, + uint8_t env UNUSED) +{ + const char *name; + int size, offset = 0; + + assert(buf); + assert(len > 0); + assert(data); + assert(opt == IPSET_OPT_IFACE); + + if (len < IFNAMSIZ + strlen("physdev:")) + return -1; + + if (ipset_data_test(data, IPSET_OPT_PHYSDEV)) { + size = snprintf(buf, len, "physdev:"); + SNPRINTF_FAILURE(size, len, offset); + } + name = ipset_data_get(data, opt); + assert(name); + size = snprintf(buf, len, "%s", name); + SNPRINTF_FAILURE(size, len, offset); + return offset; +} + +/** * ipset_print_proto - print protocol name * @buf: printing buffer * @len: length of available buffer space @@ -731,6 +771,9 @@ ipset_print_data(char *buf, unsigned int len, case IPSET_OPT_PORT: size = ipset_print_port(buf, len, data, opt, env); break; + case IPSET_OPT_IFACE: + size = ipset_print_iface(buf, len, data, opt, env); + break; case IPSET_OPT_GC: case IPSET_OPT_HASHSIZE: case IPSET_OPT_MAXELEM: |