summaryrefslogtreecommitdiffstats
path: root/lib/ipset_hash_ipportnet.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ipset_hash_ipportnet.c')
-rw-r--r--lib/ipset_hash_ipportnet.c1519
1 files changed, 606 insertions, 913 deletions
diff --git a/lib/ipset_hash_ipportnet.c b/lib/ipset_hash_ipportnet.c
index bd394de..e0e9eb1 100644
--- a/lib/ipset_hash_ipportnet.c
+++ b/lib/ipset_hash_ipportnet.c
@@ -10,82 +10,7 @@
#include <libipset/ui.h> /* ipset_port_usage */
#include <libipset/types.h> /* prototypes */
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportnet_create_args1[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportnet_add_args1[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { },
-};
-
-static const char hash_ipportnet_usage1[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in the first IP component is supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* SCTP and UDPLITE support */
static struct ipset_type ipset_hash_ipportnet1 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -109,74 +34,91 @@ static struct ipset_type ipset_hash_ipportnet1 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args1,
- [IPSET_ADD] = hash_ipportnet_add_args1,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage1,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "SCTP and UDPLITE support",
};
-static const char hash_ipportnet_usage2[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in both IP components are supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* Add/del range support */
static struct ipset_type ipset_hash_ipportnet2 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -200,88 +142,93 @@ static struct ipset_type ipset_hash_ipportnet2 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args1,
- [IPSET_ADD] = hash_ipportnet_add_args1,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage2,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "Add/del range support",
};
-static const struct ipset_arg hash_ipportnet_add_args3[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "nomatch", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { },
-};
-
-static const char hash_ipportnet_usage3[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in both IP components are supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* nomatch flag support */
static struct ipset_type ipset_hash_ipportnet3 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -305,162 +252,95 @@ static struct ipset_type ipset_hash_ipportnet3 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args1,
- [IPSET_ADD] = hash_ipportnet_add_args3,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_NOMATCH),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage3,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "nomatch flag support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportnet_create_args4[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportnet_add_args4[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "nomatch", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "packets", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "bytes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportnet_test_args4[] = {
- { .name = { "nomatch", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { },
-};
-
-static const char hash_ipportnet_usage4[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n"
-" [packets VALUE] [bytes VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in both IP components are supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* counters support */
static struct ipset_type ipset_hash_ipportnet4 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -484,175 +364,98 @@ static struct ipset_type ipset_hash_ipportnet4 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args4,
- [IPSET_ADD] = hash_ipportnet_add_args4,
- [IPSET_TEST] = hash_ipportnet_test_args4,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_NOMATCH)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_NOMATCH),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage4,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "counters support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportnet_create_args5[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportnet_add_args5[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "nomatch", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "packets", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "bytes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT,
- .parse = ipset_parse_comment, .print = ipset_print_comment,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportnet_test_args5[] = {
- { .name = { "nomatch", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { },
-};
-
-static const char hash_ipportnet_usage5[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters] [comment]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n"
-" [packets VALUE] [bytes VALUE] [comment \"string\"]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in both IP components are supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* comment support */
static struct ipset_type ipset_hash_ipportnet5 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -676,150 +479,100 @@ static struct ipset_type ipset_hash_ipportnet5 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args5,
- [IPSET_ADD] = hash_ipportnet_add_args5,
- [IPSET_TEST] = hash_ipportnet_test_args5,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS)
- | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_NOMATCH)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES)
- | IPSET_FLAG(IPSET_OPT_ADT_COMMENT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_NOMATCH),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ IPSET_ARG_COMMENT,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_ADT_COMMENT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage5,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "comment support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportnet_create_args6[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "forceadd", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const char hash_ipportnet_usage6[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters] [comment]\n"
-" [forceadd]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n"
-" [packets VALUE] [bytes VALUE] [comment \"string\"]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in both IP components are supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* forceadd support */
static struct ipset_type ipset_hash_ipportnet6 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -843,192 +596,101 @@ static struct ipset_type ipset_hash_ipportnet6 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args6,
- [IPSET_ADD] = hash_ipportnet_add_args5,
- [IPSET_TEST] = hash_ipportnet_test_args5,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS)
- | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT)
- | IPSET_FLAG(IPSET_OPT_FORCEADD),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_NOMATCH)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES)
- | IPSET_FLAG(IPSET_OPT_ADT_COMMENT),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_NOMATCH),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ IPSET_ARG_COMMENT,
+ IPSET_ARG_FORCEADD,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_ADT_COMMENT,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage6,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "forceadd support",
};
-/* Parse commandline arguments */
-static const struct ipset_arg hash_ipportnet_create_args7[] = {
- { .name = { "family", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family, .print = ipset_print_family,
- },
- /* Alias: family inet */
- { .name = { "-4", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- /* Alias: family inet6 */
- { .name = { "-6", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
- .parse = ipset_parse_family,
- },
- { .name = { "hashsize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "maxelem", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
- .parse = ipset_parse_uint32, .print = ipset_print_number,
- },
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "counters", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "forceadd", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FORCEADD,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "skbinfo", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_SKBINFO,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- /* Backward compatibility */
- { .name = { "probes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "resize", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
- .parse = ipset_parse_ignored, .print = ipset_print_number,
- },
- { .name = { "from", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { .name = { "to", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
- .parse = ipset_parse_ignored,
- },
- { .name = { "network", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
- .parse = ipset_parse_ignored,
- },
- { },
-};
-
-static const struct ipset_arg hash_ipportnet_add_args7[] = {
- { .name = { "timeout", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
- .parse = ipset_parse_timeout, .print = ipset_print_number,
- },
- { .name = { "nomatch", NULL },
- .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_NOMATCH,
- .parse = ipset_parse_flag, .print = ipset_print_flag,
- },
- { .name = { "packets", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "bytes", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
- .parse = ipset_parse_uint64, .print = ipset_print_number,
- },
- { .name = { "comment", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_ADT_COMMENT,
- .parse = ipset_parse_comment, .print = ipset_print_comment,
- },
- { .name = { "skbmark", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBMARK,
- .parse = ipset_parse_skbmark, .print = ipset_print_skbmark,
- },
- { .name = { "skbprio", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBPRIO,
- .parse = ipset_parse_skbprio, .print = ipset_print_skbprio,
- },
- { .name = { "skbqueue", NULL },
- .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_SKBQUEUE,
- .parse = ipset_parse_uint16, .print = ipset_print_number,
- },
- { },
-};
-
-static const char hash_ipportnet_usage7[] =
-"create SETNAME hash:ip,port,net\n"
-" [family inet|inet6]\n"
-" [hashsize VALUE] [maxelem VALUE]\n"
-" [timeout VALUE] [counters] [comment]\n"
-" [forceadd] [skbinfo]\n"
-"add SETNAME IP,PROTO:PORT,IP[/CIDR] [timeout VALUE] [nomatch]\n"
-" [packets VALUE] [bytes VALUE] [comment \"string\"]\n"
-" [skbmark VALUE] [skbprio VALUE] [skbqueue VALUE]\n"
-"del SETNAME IP,PROTO:PORT,IP[/CIDR]\n"
-"test SETNAME IP,PROTO:PORT,IP[/CIDR]\n\n"
-"where depending on the INET family\n"
-" IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
-" CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
-" Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
-" in both IP components are supported for IPv4.\n"
-" Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
-" port range is supported both for IPv4 and IPv6.\n";
-
+/* skbinfo support */
static struct ipset_type ipset_hash_ipportnet7 = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
@@ -1052,69 +714,100 @@ static struct ipset_type ipset_hash_ipportnet7 = {
.opt = IPSET_OPT_IP2
},
},
- .args = {
- [IPSET_CREATE] = hash_ipportnet_create_args6,
- [IPSET_ADD] = hash_ipportnet_add_args5,
- [IPSET_TEST] = hash_ipportnet_test_args5,
- },
- .mandatory = {
- [IPSET_CREATE] = 0,
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2),
- },
- .full = {
- [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE)
- | IPSET_FLAG(IPSET_OPT_MAXELEM)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_COUNTERS)
- | IPSET_FLAG(IPSET_OPT_CREATE_COMMENT)
- | IPSET_FLAG(IPSET_OPT_FORCEADD)
- | IPSET_FLAG(IPSET_OPT_SKBINFO),
- [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO)
- | IPSET_FLAG(IPSET_OPT_TIMEOUT)
- | IPSET_FLAG(IPSET_OPT_NOMATCH)
- | IPSET_FLAG(IPSET_OPT_PACKETS)
- | IPSET_FLAG(IPSET_OPT_BYTES)
- | IPSET_FLAG(IPSET_OPT_ADT_COMMENT)
- | IPSET_FLAG(IPSET_OPT_SKBMARK)
- | IPSET_FLAG(IPSET_OPT_SKBPRIO)
- | IPSET_FLAG(IPSET_OPT_SKBQUEUE),
- [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_CIDR)
- | IPSET_FLAG(IPSET_OPT_IP_TO)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PORT_TO)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_IP2_TO),
- [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP)
- | IPSET_FLAG(IPSET_OPT_PORT)
- | IPSET_FLAG(IPSET_OPT_PROTO)
- | IPSET_FLAG(IPSET_OPT_IP2)
- | IPSET_FLAG(IPSET_OPT_CIDR2)
- | IPSET_FLAG(IPSET_OPT_NOMATCH),
+ .cmd = {
+ [IPSET_CREATE] = {
+ .args = {
+ IPSET_ARG_FAMILY,
+ /* Aliases */
+ IPSET_ARG_INET,
+ IPSET_ARG_INET6,
+ IPSET_ARG_HASHSIZE,
+ IPSET_ARG_MAXELEM,
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_COUNTERS,
+ IPSET_ARG_COMMENT,
+ IPSET_ARG_FORCEADD,
+ IPSET_ARG_SKBINFO,
+ /* Ignored options: backward compatibilty */
+ IPSET_ARG_PROBES,
+ IPSET_ARG_RESIZE,
+ IPSET_ARG_IGNORED_FROM,
+ IPSET_ARG_IGNORED_TO,
+ IPSET_ARG_IGNORED_NETWORK,
+ IPSET_ARG_NONE,
+ },
+ .need = 0,
+ .full = 0,
+ .help = "",
+ },
+ [IPSET_ADD] = {
+ .args = {
+ IPSET_ARG_TIMEOUT,
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_PACKETS,
+ IPSET_ARG_BYTES,
+ IPSET_ARG_ADT_COMMENT,
+ IPSET_ARG_SKBMARK,
+ IPSET_ARG_SKBPRIO,
+ IPSET_ARG_SKBQUEUE,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_DEL] = {
+ .args = {
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_IP_TO)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_PORT_TO)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2)
+ | IPSET_FLAG(IPSET_OPT_IP2_TO),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
+ [IPSET_TEST] = {
+ .args = {
+ IPSET_ARG_NOMATCH,
+ IPSET_ARG_NONE,
+ },
+ .need = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2),
+ .full = IPSET_FLAG(IPSET_OPT_IP)
+ | IPSET_FLAG(IPSET_OPT_PROTO)
+ | IPSET_FLAG(IPSET_OPT_PORT)
+ | IPSET_FLAG(IPSET_OPT_IP2)
+ | IPSET_FLAG(IPSET_OPT_CIDR2),
+ .help = "IP,[PROTO:]PORT,IP[/CIDR]",
+ },
},
-
- .usage = hash_ipportnet_usage7,
+ .usage = "where depending on the INET family\n"
+ " IP are valid IPv4 or IPv6 addresses (or hostnames),\n"
+ " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
+ " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+ " in the first IP component is supported for IPv4.\n"
+ " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+ " port range is supported both for IPv4 and IPv6.",
.usagefn = ipset_port_usage,
.description = "skbinfo support",
};