diff options
Diffstat (limited to 'lib/ipset_bitmap_port.c')
-rw-r--r-- | lib/ipset_bitmap_port.c | 546 |
1 files changed, 205 insertions, 341 deletions
diff --git a/lib/ipset_bitmap_port.c b/lib/ipset_bitmap_port.c index 1f1fe10..cbffdd1 100644 --- a/lib/ipset_bitmap_port.c +++ b/lib/ipset_bitmap_port.c @@ -9,46 +9,7 @@ #include <libipset/print.h> /* printing functions */ #include <libipset/types.h> /* prototypes */ -/* Parse commandline arguments */ -static const struct ipset_arg bitmap_port_create_args0[] = { - { .name = { "range", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_tcp_udp_port, .print = ipset_print_port, - }, - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - /* Backward compatibility */ - { .name = { "from", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_single_tcp_port, - }, - { .name = { "to", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT_TO, - .parse = ipset_parse_single_tcp_port, - }, - { }, -}; - -static const struct ipset_arg bitmap_port_add_args0[] = { - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { }, -}; - -static const char bitmap_port_usage0[] = -"create SETNAME bitmap:port range [PROTO:]FROM-TO\n" -" [timeout VALUE]\n" -"add SETNAME [PROTO:]PORT|FROM-TO [timeout VALUE]\n" -"del SETNAME [PROTO:]PORT|FROM-TO\n" -"test SETNAME [PROTO:]PORT\n\n" -"where PORT, FROM and TO are port numbers or port names from /etc/services.\n" -"PROTO is only needed if a service name is used and it does not exist as a TCP service;\n" -"it isn't used otherwise with the bitmap.\n"; - +/* Initial release */ static struct ipset_type ipset_bitmap_port0 = { .name = "bitmap:port", .alias = { "portmap", NULL }, @@ -62,86 +23,57 @@ static struct ipset_type ipset_bitmap_port0 = { .opt = IPSET_OPT_PORT }, }, - .args = { - [IPSET_CREATE] = bitmap_port_create_args0, - [IPSET_ADD] = bitmap_port_add_args0, - }, - .mandatory = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), - }, - .full = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_PORTRANGE, + IPSET_ARG_TIMEOUT, + /* Backward compatibility */ + IPSET_ARG_FROM_PORT, + IPSET_ARG_TO_PORT, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "range [PROTO:]FROM-TO", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT), + .help = "[PROTO:]PORT", + }, }, - - .usage = bitmap_port_usage0, + .usage = "where PORT, FROM and TO are port numbers or port names from /etc/services.\n" + " PROTO is only needed if a service name is used and it does not exist\n" + " as a TCP service; it isn't used otherwise with the bitmap.", .description = "Initial revision", }; -/* Parse commandline arguments */ -static const struct ipset_arg bitmap_port_create_args1[] = { - { .name = { "range", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_tcp_udp_port, .print = ipset_print_port, - }, - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { .name = { "counters", NULL }, - .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, - .parse = ipset_parse_flag, .print = ipset_print_flag, - }, - /* Backward compatibility */ - { .name = { "from", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_single_tcp_port, - }, - { .name = { "to", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT_TO, - .parse = ipset_parse_single_tcp_port, - }, - { }, -}; - -static const struct ipset_arg bitmap_port_add_args1[] = { - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { .name = { "packets", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, - .parse = ipset_parse_uint64, .print = ipset_print_number, - }, - { .name = { "bytes", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, - .parse = ipset_parse_uint64, .print = ipset_print_number, - }, - { }, -}; - -static const char bitmap_port_usage1[] = -"create SETNAME bitmap:port range [PROTO:]FROM-TO\n" -" [timeout VALUE] [counters]\n" -"add SETNAME [PROTO:]PORT|FROM-TO [timeout VALUE]\n" -" [packets VALUE] [bytes VALUE]\n" -"del SETNAME [PROTO:]PORT|FROM-TO\n" -"test SETNAME [PROTO:]PORT\n\n" -"where PORT, FROM and TO are port numbers or port names from /etc/services.\n" -"PROTO is only needed if a service name is used and it does not exist as a TCP service;\n" -"it isn't used otherwise with the bitmap.\n"; - +/* Counters support */ static struct ipset_type ipset_bitmap_port1 = { .name = "bitmap:port", .alias = { "portmap", NULL }, @@ -155,97 +87,60 @@ static struct ipset_type ipset_bitmap_port1 = { .opt = IPSET_OPT_PORT }, }, - .args = { - [IPSET_CREATE] = bitmap_port_create_args1, - [IPSET_ADD] = bitmap_port_add_args1, - }, - .mandatory = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), - }, - .full = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT) - | IPSET_FLAG(IPSET_OPT_COUNTERS), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT) - | IPSET_FLAG(IPSET_OPT_PACKETS) - | IPSET_FLAG(IPSET_OPT_BYTES), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_PORTRANGE, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + /* Backward compatibility */ + IPSET_ARG_FROM_PORT, + IPSET_ARG_TO_PORT, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "range [PROTO:]FROM-TO", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT), + .help = "[PROTO:]PORT", + }, }, - - .usage = bitmap_port_usage1, + .usage = "where PORT, FROM and TO are port numbers or port names from /etc/services.\n" + " PROTO is only needed if a service name is used and it does not exist\n" + " as a TCP service; it isn't used otherwise with the bitmap.", .description = "counters support", }; -/* Parse commandline arguments */ -static const struct ipset_arg bitmap_port_create_args2[] = { - { .name = { "range", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_tcp_udp_port, .print = ipset_print_port, - }, - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { .name = { "counters", NULL }, - .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, - .parse = ipset_parse_flag, .print = ipset_print_flag, - }, - { .name = { "comment", NULL }, - .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT, - .parse = ipset_parse_flag, .print = ipset_print_flag, - }, - /* Backward compatibility */ - { .name = { "from", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_single_tcp_port, - }, - { .name = { "to", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT_TO, - .parse = ipset_parse_single_tcp_port, - }, - { }, -}; - -static const struct ipset_arg bitmap_port_add_args2[] = { - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { .name = { "packets", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, - .parse = ipset_parse_uint64, .print = ipset_print_number, - }, - { .name = { "bytes", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, - .parse = ipset_parse_uint64, .print = ipset_print_number, - }, - { .name = { "comment", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT, - .parse = ipset_parse_comment, .print = ipset_print_comment, - }, - { }, -}; - -static const char bitmap_port_usage2[] = -"create SETNAME bitmap:port range [PROTO:]FROM-TO\n" -" [timeout VALUE] [counters] [comment]\n" -"add SETNAME [PROTO:]PORT|FROM-TO [timeout VALUE]\n" -" [packets VALUE] [bytes VALUE] [comment \"string\"]\n" -"del SETNAME [PROTO:]PORT|FROM-TO\n" -"test SETNAME [PROTO:]PORT\n\n" -"where PORT, FROM and TO are port numbers or port names from /etc/services.\n" -"PROTO is only needed if a service name is used and it does not exist as a TCP service;\n" -"it isn't used otherwise with the bitmap.\n"; - +/* Comment support */ static struct ipset_type ipset_bitmap_port2 = { .name = "bitmap:port", .alias = { "portmap", NULL }, @@ -259,116 +154,62 @@ static struct ipset_type ipset_bitmap_port2 = { .opt = IPSET_OPT_PORT }, }, - .args = { - [IPSET_CREATE] = bitmap_port_create_args2, - [IPSET_ADD] = bitmap_port_add_args2, - }, - .mandatory = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), - }, - .full = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT) - | IPSET_FLAG(IPSET_OPT_COUNTERS) - | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT) - | IPSET_FLAG(IPSET_OPT_PACKETS) - | IPSET_FLAG(IPSET_OPT_BYTES) - | IPSET_FLAG(IPSET_OPT_ADT_COMMENT), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_PORTRANGE, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + /* Backward compatibility */ + IPSET_ARG_FROM_PORT, + IPSET_ARG_TO_PORT, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "range [PROTO:]FROM-TO", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT), + .help = "[PROTO:]PORT", + }, }, - - .usage = bitmap_port_usage2, + .usage = "where PORT, FROM and TO are port numbers or port names from /etc/services.\n" + " PROTO is only needed if a service name is used and it does not exist\n" + " as a TCP service; it isn't used otherwise with the bitmap.", .description = "comment support", }; -/* Parse commandline arguments */ -static const struct ipset_arg bitmap_port_create_args3[] = { - { .name = { "range", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_tcp_udp_port, .print = ipset_print_port, - }, - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { .name = { "counters", NULL }, - .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS, - .parse = ipset_parse_flag, .print = ipset_print_flag, - }, - { .name = { "comment", NULL }, - .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT, - .parse = ipset_parse_flag, .print = ipset_print_flag, - }, - { .name = { "skbinfo", NULL }, - .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_SKBINFO, - .parse = ipset_parse_flag, .print = ipset_print_flag, - }, - /* Backward compatibility */ - { .name = { "from", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT, - .parse = ipset_parse_single_tcp_port, - }, - { .name = { "to", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PORT_TO, - .parse = ipset_parse_single_tcp_port, - }, - { }, -}; - -static const struct ipset_arg bitmap_port_add_args3[] = { - { .name = { "timeout", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT, - .parse = ipset_parse_timeout, .print = ipset_print_number, - }, - { .name = { "packets", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS, - .parse = ipset_parse_uint64, .print = ipset_print_number, - }, - { .name = { "bytes", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES, - .parse = ipset_parse_uint64, .print = ipset_print_number, - }, - { .name = { "comment", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT, - .parse = ipset_parse_comment, .print = ipset_print_comment, - }, - { .name = { "skbmark", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBMARK, - .parse = ipset_parse_skbmark, .print = ipset_print_skbmark, - }, - { .name = { "skbprio", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBPRIO, - .parse = ipset_parse_skbprio, .print = ipset_print_skbprio, - }, - { .name = { "skbqueue", NULL }, - .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBQUEUE, - .parse = ipset_parse_uint16, .print = ipset_print_number, - }, - { }, -}; - -static const char bitmap_port_usage3[] = -"create SETNAME bitmap:port range [PROTO:]FROM-TO\n" -" [timeout VALUE] [counters] [comment] [skbinfo]\n" -"add SETNAME [PROTO:]PORT|FROM-TO [timeout VALUE]\n" -" [packets VALUE] [bytes VALUE] [comment \"string\"]\n" -" [skbmark VALUE] [skbprio VALUE] [skbqueue VALUE]\n" -"del SETNAME [PROTO:]PORT|FROM-TO\n" -"test SETNAME [PROTO:]PORT\n\n" -"where PORT, FROM and TO are port numbers or port names from /etc/services.\n" -"PROTO is only needed if a service name is used and it does not exist as a TCP service;\n" -"it isn't used otherwise with the bitmap.\n"; - +/* skbinfo support */ static struct ipset_type ipset_bitmap_port3 = { .name = "bitmap:port", .alias = { "portmap", NULL }, @@ -382,39 +223,62 @@ static struct ipset_type ipset_bitmap_port3 = { .opt = IPSET_OPT_PORT }, }, - .args = { - [IPSET_CREATE] = bitmap_port_create_args3, - [IPSET_ADD] = bitmap_port_add_args3, - }, - .mandatory = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), - }, - .full = { - [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT) - | IPSET_FLAG(IPSET_OPT_COUNTERS) - | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT) - | IPSET_FLAG(IPSET_OPT_SKBINFO), - [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO) - | IPSET_FLAG(IPSET_OPT_TIMEOUT) - | IPSET_FLAG(IPSET_OPT_PACKETS) - | IPSET_FLAG(IPSET_OPT_BYTES) - | IPSET_FLAG(IPSET_OPT_ADT_COMMENT) - | IPSET_FLAG(IPSET_OPT_SKBMARK) - | IPSET_FLAG(IPSET_OPT_SKBPRIO) - | IPSET_FLAG(IPSET_OPT_SKBQUEUE), - [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_PORT) - | IPSET_FLAG(IPSET_OPT_PORT_TO), - [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_PORT), + .cmd = { + [IPSET_CREATE] = { + .args = { + IPSET_ARG_PORTRANGE, + IPSET_ARG_TIMEOUT, + IPSET_ARG_COUNTERS, + IPSET_ARG_COMMENT, + IPSET_ARG_SKBINFO, + /* Backward compatibility */ + IPSET_ARG_FROM_PORT, + IPSET_ARG_TO_PORT, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "range [PROTO:]FROM-TO", + }, + [IPSET_ADD] = { + .args = { + IPSET_ARG_TIMEOUT, + IPSET_ARG_PACKETS, + IPSET_ARG_BYTES, + IPSET_ARG_ADT_COMMENT, + IPSET_ARG_SKBMARK, + IPSET_ARG_SKBPRIO, + IPSET_ARG_SKBQUEUE, + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_DEL] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT) + | IPSET_FLAG(IPSET_OPT_PORT_TO), + .help = "[PROTO:]PORT|FROM-TO", + }, + [IPSET_TEST] = { + .args = { + IPSET_ARG_NONE, + }, + .need = IPSET_FLAG(IPSET_OPT_PORT), + .full = IPSET_FLAG(IPSET_OPT_PORT), + .help = "[PROTO:]PORT", + }, }, - - .usage = bitmap_port_usage3, + .usage = "where PORT, FROM and TO are port numbers or port names from /etc/services.\n" + " PROTO is only needed if a service name is used and it does not exist\n" + " as a TCP service; it isn't used otherwise with the bitmap.", .description = "skbinfo support", }; |