From 541e328689042fb855ac22903996b67b57e1f15a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 25 Aug 2011 11:17:33 +0200 Subject: ipset: use NFPROTO_ constants ipset is actually using NFPROTO values rather than AF (xt_set passes that along). --- lib/data.c | 21 ++++++++++----------- lib/debug.c | 4 ++-- lib/parse.c | 52 ++++++++++++++++++++++++++-------------------------- lib/print.c | 20 ++++++++++---------- lib/session.c | 34 +++++++++++++++++----------------- lib/types.c | 29 ++++++++++++++++------------- 6 files changed, 81 insertions(+), 79 deletions(-) (limited to 'lib') diff --git a/lib/data.c b/lib/data.c index dfae6aa..0210b7b 100644 --- a/lib/data.c +++ b/lib/data.c @@ -8,7 +8,6 @@ #include /* ntoh* */ #include /* ETH_ALEN */ #include /* IFNAMSIZ */ -#include /* AF_ */ #include /* malloc, free */ #include /* memset */ @@ -81,7 +80,7 @@ struct ipset_data { static void copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value) { - if (family == AF_INET) + if (family == NFPROTO_IPV4) in4cpy(&ip->in, value); else in6cpy(&ip->in6, value); @@ -213,12 +212,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) break; /* CADT options */ case IPSET_OPT_IP: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip, value); break; case IPSET_OPT_IP_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip_to, value); break; @@ -288,12 +287,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN); break; case IPSET_OPT_IP2: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2, value); break; case IPSET_OPT_IP2_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2_to, value); break; @@ -456,7 +455,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_IP_TO: case IPSET_OPT_IP2: case IPSET_OPT_IP2_TO: - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: @@ -511,14 +510,14 @@ ipset_data_setname(const struct ipset_data *data) * @data: data blob * * Return the INET family supported by the set from the data blob. - * If the family is not set yet, AF_UNSPEC is returned. + * If the family is not set yet, NFPROTO_UNSPEC is returned. */ uint8_t ipset_data_family(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_FAMILY) - ? data->family : AF_UNSPEC; + ? data->family : NFPROTO_UNSPEC; } /** @@ -534,8 +533,8 @@ ipset_data_cidr(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : - data->family == AF_INET6 ? 128 : 0; + data->family == NFPROTO_IPV4 ? 32 : + data->family == NFPROTO_IPV6 ? 128 : 0; } /** diff --git a/lib/debug.c b/lib/debug.c index 931b0c1..486d910 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -116,14 +116,14 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV4]); - inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV6]); - inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } diff --git a/lib/parse.c b/lib/parse.c index 1aaf072..241d5ae 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -511,7 +511,7 @@ ipset_parse_proto_port(struct ipset_session *session, tmp = a; goto parse_port; case IPPROTO_ICMP: - if (family != AF_INET) { + if (family != NFPROTO_IPV4) { syntax_err("Protocol ICMP can be used " "with family INET only"); goto error; @@ -519,7 +519,7 @@ ipset_parse_proto_port(struct ipset_session *session, err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: - if (family != AF_INET6) { + if (family != NFPROTO_IPV6) { syntax_err("Protocol ICMPv6 can be used " "with family INET6 only"); goto error; @@ -577,11 +577,11 @@ ipset_parse_family(struct ipset_session *session, "multiple times"); if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4")) - family = AF_INET; + family = NFPROTO_IPV4; else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6")) - family = AF_INET6; + family = NFPROTO_IPV6; else if (STREQ(str, "any") || STREQ(str, "unspec")) - family = AF_UNSPEC; + family = NFPROTO_UNSPEC; else return syntax_err("unknown INET family %s", str); @@ -610,7 +610,7 @@ call_getaddrinfo(struct ipset_session *session, const char *str, if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", + str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4", gai_strerror(err)); return NULL; } else @@ -625,13 +625,13 @@ get_addrinfo(struct ipset_session *session, uint8_t family) { struct addrinfo *i; - size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) + size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); int found, err = 0; if ((*info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return EINVAL; } @@ -639,7 +639,7 @@ get_addrinfo(struct ipset_session *session, if (i->ai_family != family || i->ai_addrlen != addrlen) continue; if (found == 0) { - if (family == AF_INET) { + if (family == NFPROTO_IPV4) { /* Workaround: direct cast increases * required alignment on Sparc */ @@ -668,7 +668,7 @@ get_addrinfo(struct ipset_session *session, if (found == 0) return syntax_err("cannot parse %s: " "%s address could not be resolved", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return err; } @@ -677,7 +677,7 @@ parse_ipaddr(struct ipset_session *session, enum ipset_opt opt, const char *str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; + uint8_t m = family == NFPROTO_IPV4 ? 32 : 128; int aerr = EINVAL, err = 0, range = 0; char *saved = strdup(str); char *a, *tmp = saved; @@ -737,7 +737,7 @@ cidr_hostaddr(const char *str, uint8_t family) { char *a = cidr_separator(str); - return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); + return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128"); } static int @@ -747,8 +747,8 @@ parse_ip(struct ipset_session *session, struct ipset_data *data = ipset_session_data(session); uint8_t family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -985,12 +985,12 @@ ipset_parse_ip4_single6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? ipset_parse_ip(session, opt, str) + return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); } @@ -1025,12 +1025,12 @@ ipset_parse_ip4_net6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) + return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); } @@ -1330,21 +1330,21 @@ ipset_parse_netmask(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124, + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124, &cidr); if (err) return syntax_err("netmask is out of the inclusive range " "of %u-%u", - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124); + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124); return ipset_data_set(data, opt, &cidr); } diff --git a/lib/print.c b/lib/print.c index 96c19a1..f04377f 100644 --- a/lib/print.c +++ b/lib/print.c @@ -152,7 +152,7 @@ __getnameinfo4(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in4cpy(&saddr.sin_addr, &addr->in); - saddr.sin_family = AF_INET; + saddr.sin_family = NFPROTO_IPV4; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -178,7 +178,7 @@ __getnameinfo6(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in6cpy(&saddr.sin6_addr, &addr->in6); - saddr.sin6_family = AF_INET6; + saddr.sin6_family = NFPROTO_IPV6; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -253,14 +253,14 @@ ipset_print_ip(char *buf, unsigned int len, cidr = *(const uint8_t *) ipset_data_get(data, cidropt); D("CIDR: %u", cidr); } else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf, len, flags, ip, cidr); else return -1; @@ -275,9 +275,9 @@ ipset_print_ip(char *buf, unsigned int len, SNPRINTF_FAILURE(size, len, offset); ip = ipset_data_get(data, IPSET_OPT_IP_TO); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf + offset, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; @@ -320,14 +320,14 @@ ipset_print_ipaddr(char *buf, unsigned int len, if (ipset_data_test(data, cidropt)) cidr = *(const uint8_t *) ipset_data_get(data, cidropt); else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) return snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) return snprintf_ipv6(buf, len, flags, ip, cidr); return -1; diff --git a/lib/session.c b/lib/session.c index 9e36efd..472b974 100644 --- a/lib/session.c +++ b/lib/session.c @@ -568,7 +568,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], /* Validate by hand */ switch (family) { - case AF_INET: + case NFPROTO_IPV4: atype = IPSET_ATTR_IPADDR_IPV4; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv4 address " @@ -578,7 +578,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], "cannot validate IPv4 " "address attribute!"); break; - case AF_INET6: + case NFPROTO_IPV6: atype = IPSET_ATTR_IPADDR_IPV6; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv6 address " @@ -814,8 +814,8 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) } #define FAMILY_TO_STR(f) \ - ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") + ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") static int list_create(struct ipset_session *session, struct nlattr *nla[]) @@ -1413,7 +1413,7 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags) return attr->len; *flags = NLA_F_NET_BYTEORDER; - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case MNL_TYPE_U32: *flags = NLA_F_NET_BYTEORDER; @@ -1446,7 +1446,7 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, if (attr->type == MNL_TYPE_NESTED) { /* IP addresses */ struct nlattr *nested; - int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4 + int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); @@ -1454,8 +1454,8 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); - D("family: %s", family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC"); + D("family: %s", family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype | flags, alen, d); mnl_attr_nest_end(nlh, nested); @@ -1509,14 +1509,14 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh, data2attr(session, nlh, data, type, family, attrs) #define ADDATTR_SETNAME(session, nlh, data) \ - data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) + data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ - rawdata2attr(session, nlh, data, type, AF_INET, attrs) + rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs) static void addattr_create(struct ipset_session *session, @@ -1572,13 +1572,13 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) "Invalid internal TYPE command: " "missing settype"); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); break; default: return ipset_err(session, "Internal error: " @@ -1638,17 +1638,17 @@ build_msg(struct ipset_session *session, bool aggregate) * setname, typename, revision, family, flags (optional) */ ADDATTR_SETNAME(session, nlh, data); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", ipset_data_family(data), type->family); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); /* Type-specific create attributes */ D("call open_nested"); @@ -1675,7 +1675,7 @@ build_msg(struct ipset_session *session, bool aggregate) ADDATTR_SETNAME(session, nlh, data); if (flags && session->mode != IPSET_LIST_SAVE) { ipset_data_set(data, IPSET_OPT_FLAGS, &flags); - ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET, + ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4, cmd_attrs); } break; diff --git a/lib/types.c b/lib/types.c index 7c16a30..e93b4bd 100644 --- a/lib/types.c +++ b/lib/types.c @@ -173,7 +173,8 @@ ipset_cache_swap(const char *from, const char *to) } #define MATCH_FAMILY(type, f) \ - (f == AF_UNSPEC || type->family == f || type->family == AF_INET46) + (f == NFPROTO_UNSPEC || type->family == f || \ + type->family == NFPROTO_IPSET_IPV46) bool ipset_match_typename(const char *name, const struct ipset_type *type) @@ -227,8 +228,9 @@ create_type_get(struct ipset_session *session) typename); /* Family is unspecified yet: set from matching set type */ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) { - family = match->family == AF_INET46 ? AF_INET : match->family; + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) { + family = match->family == NFPROTO_IPSET_IPV46 ? + NFPROTO_IPV4 : match->family; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -254,8 +256,8 @@ create_type_get(struct ipset_session *session) "with maximal revision %u.\n" "You need to upgrade your ipset program.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmin, tmax); else return ipset_errptr(session, @@ -264,8 +266,8 @@ create_type_get(struct ipset_session *session) "with minimal revision %u.\n" "You need to upgrade your kernel.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmax, tmin); } @@ -290,8 +292,9 @@ found: } #define set_family_and_type(data, match, family) do { \ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) \ - family = match->family == AF_INET46 ? AF_INET : match->family;\ + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \ + family = match->family == NFPROTO_IPSET_IPV46 ? \ + NFPROTO_IPV4 : match->family;\ ipset_data_set(data, IPSET_OPT_FAMILY, &family); \ ipset_data_set(data, IPSET_OPT_TYPE, match); \ } while (0) @@ -306,7 +309,7 @@ adt_type_get(struct ipset_session *session) const struct ipset_type *match; const char *setname, *typename; const uint8_t *revision; - uint8_t family = AF_UNSPEC; + uint8_t family = NFPROTO_UNSPEC; int ret; data = ipset_session_data(session); @@ -352,8 +355,8 @@ adt_type_get(struct ipset_session *session) "ipset library does not support the " "settype with that family and revision.", setname, typename, - family == AF_INET ? "inet" : - family == AF_INET6 ? "inet6" : "unspec", + family == NFPROTO_IPV4 ? "inet" : + family == NFPROTO_IPV6 ? "inet6" : "unspec", *revision); set_family_and_type(data, match, family); @@ -409,7 +412,7 @@ ipset_type_check(struct ipset_session *session) const struct ipset_type *t, *match = NULL; struct ipset_data *data; const char *typename; - uint8_t family = AF_UNSPEC, revision; + uint8_t family = NFPROTO_UNSPEC, revision; assert(session); data = ipset_session_data(session); -- cgit v1.2.3