1 /* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
7 #include <libipset/data.h> /* IPSET_OPT_* */
8 #include <libipset/parse.h> /* parser functions */
9 #include <libipset/print.h> /* printing functions */
10 #include <libipset/ui.h> /* ipset_port_usage */
11 #include <libipset/types.h> /* prototypes */
13 /* SCTP and UDPLITE support */
14 static struct ipset_type ipset_hash_ipportip1 = {
15 .name = "hash:ip,port,ip",
16 .alias = { "ipportiphash", NULL },
18 .family = NFPROTO_IPSET_IPV46,
19 .dimension = IPSET_DIM_THREE,
21 [IPSET_DIM_ONE - 1] = {
22 .parse = ipset_parse_ip4_single6,
23 .print = ipset_print_ip,
26 [IPSET_DIM_TWO - 1] = {
27 .parse = ipset_parse_proto_port,
28 .print = ipset_print_proto_port,
31 [IPSET_DIM_THREE - 1] = {
32 .parse = ipset_parse_single_ip,
33 .print = ipset_print_ip,
47 /* Ignored options: backward compatibilty */
50 IPSET_ARG_IGNORED_FROM,
52 IPSET_ARG_IGNORED_NETWORK,
64 .need = IPSET_FLAG(IPSET_OPT_IP)
65 | IPSET_FLAG(IPSET_OPT_PROTO)
66 | IPSET_FLAG(IPSET_OPT_PORT)
67 | IPSET_FLAG(IPSET_OPT_IP2),
68 .full = IPSET_FLAG(IPSET_OPT_IP)
69 | IPSET_FLAG(IPSET_OPT_IP_TO)
70 | IPSET_FLAG(IPSET_OPT_PROTO)
71 | IPSET_FLAG(IPSET_OPT_PORT)
72 | IPSET_FLAG(IPSET_OPT_PORT_TO)
73 | IPSET_FLAG(IPSET_OPT_IP2),
74 .help = "IP,[PROTO:]PORT,IP",
80 .need = IPSET_FLAG(IPSET_OPT_IP)
81 | IPSET_FLAG(IPSET_OPT_PROTO)
82 | IPSET_FLAG(IPSET_OPT_PORT)
83 | IPSET_FLAG(IPSET_OPT_IP2),
84 .full = IPSET_FLAG(IPSET_OPT_IP)
85 | IPSET_FLAG(IPSET_OPT_IP_TO)
86 | IPSET_FLAG(IPSET_OPT_PROTO)
87 | IPSET_FLAG(IPSET_OPT_PORT)
88 | IPSET_FLAG(IPSET_OPT_PORT_TO)
89 | IPSET_FLAG(IPSET_OPT_IP2),
90 .help = "IP,[PROTO:]PORT,IP",
96 .need = IPSET_FLAG(IPSET_OPT_IP)
97 | IPSET_FLAG(IPSET_OPT_PROTO)
98 | IPSET_FLAG(IPSET_OPT_PORT)
99 | IPSET_FLAG(IPSET_OPT_IP2),
100 .full = IPSET_FLAG(IPSET_OPT_IP)
101 | IPSET_FLAG(IPSET_OPT_PROTO)
102 | IPSET_FLAG(IPSET_OPT_PORT)
103 | IPSET_FLAG(IPSET_OPT_IP2),
104 .help = "IP,[PROTO:]PORT,IP",
107 .usage = "where depending on the INET family\n"
108 " IP is a valid IPv4 or IPv6 address (or hostname).\n"
109 " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
110 " in the first IP component is supported for IPv4.\n"
111 " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
112 " port range is supported both for IPv4 and IPv6.",
113 .usagefn = ipset_port_usage,
114 .description = "SCTP and UDPLITE support",
117 /* counters support */
118 static struct ipset_type ipset_hash_ipportip2 = {
119 .name = "hash:ip,port,ip",
120 .alias = { "ipportiphash", NULL },
122 .family = NFPROTO_IPSET_IPV46,
123 .dimension = IPSET_DIM_THREE,
125 [IPSET_DIM_ONE - 1] = {
126 .parse = ipset_parse_ip4_single6,
127 .print = ipset_print_ip,
130 [IPSET_DIM_TWO - 1] = {
131 .parse = ipset_parse_proto_port,
132 .print = ipset_print_proto_port,
133 .opt = IPSET_OPT_PORT
135 [IPSET_DIM_THREE - 1] = {
136 .parse = ipset_parse_single_ip,
137 .print = ipset_print_ip,
152 /* Ignored options: backward compatibilty */
155 IPSET_ARG_IGNORED_FROM,
156 IPSET_ARG_IGNORED_TO,
157 IPSET_ARG_IGNORED_NETWORK,
171 .need = IPSET_FLAG(IPSET_OPT_IP)
172 | IPSET_FLAG(IPSET_OPT_PROTO)
173 | IPSET_FLAG(IPSET_OPT_PORT)
174 | IPSET_FLAG(IPSET_OPT_IP2),
175 .full = IPSET_FLAG(IPSET_OPT_IP)
176 | IPSET_FLAG(IPSET_OPT_IP_TO)
177 | IPSET_FLAG(IPSET_OPT_PROTO)
178 | IPSET_FLAG(IPSET_OPT_PORT)
179 | IPSET_FLAG(IPSET_OPT_PORT_TO)
180 | IPSET_FLAG(IPSET_OPT_IP2),
181 .help = "IP,[PROTO:]PORT,IP",
187 .need = IPSET_FLAG(IPSET_OPT_IP)
188 | IPSET_FLAG(IPSET_OPT_PROTO)
189 | IPSET_FLAG(IPSET_OPT_PORT)
190 | IPSET_FLAG(IPSET_OPT_IP2),
191 .full = IPSET_FLAG(IPSET_OPT_IP)
192 | IPSET_FLAG(IPSET_OPT_IP_TO)
193 | IPSET_FLAG(IPSET_OPT_PROTO)
194 | IPSET_FLAG(IPSET_OPT_PORT)
195 | IPSET_FLAG(IPSET_OPT_PORT_TO)
196 | IPSET_FLAG(IPSET_OPT_IP2),
197 .help = "IP,[PROTO:]PORT,IP",
203 .need = IPSET_FLAG(IPSET_OPT_IP)
204 | IPSET_FLAG(IPSET_OPT_PROTO)
205 | IPSET_FLAG(IPSET_OPT_PORT)
206 | IPSET_FLAG(IPSET_OPT_IP2),
207 .full = IPSET_FLAG(IPSET_OPT_IP)
208 | IPSET_FLAG(IPSET_OPT_PROTO)
209 | IPSET_FLAG(IPSET_OPT_PORT)
210 | IPSET_FLAG(IPSET_OPT_IP2),
211 .help = "IP,[PROTO:]PORT,IP",
214 .usage = "where depending on the INET family\n"
215 " IP is a valid IPv4 or IPv6 address (or hostname).\n"
216 " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
217 " in the first IP component is supported for IPv4.\n"
218 " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
219 " port range is supported both for IPv4 and IPv6.",
220 .usagefn = ipset_port_usage,
221 .description = "counters support",
224 /* comment support */
225 static struct ipset_type ipset_hash_ipportip3 = {
226 .name = "hash:ip,port,ip",
227 .alias = { "ipportiphash", NULL },
229 .family = NFPROTO_IPSET_IPV46,
230 .dimension = IPSET_DIM_THREE,
232 [IPSET_DIM_ONE - 1] = {
233 .parse = ipset_parse_ip4_single6,
234 .print = ipset_print_ip,
237 [IPSET_DIM_TWO - 1] = {
238 .parse = ipset_parse_proto_port,
239 .print = ipset_print_proto_port,
240 .opt = IPSET_OPT_PORT
242 [IPSET_DIM_THREE - 1] = {
243 .parse = ipset_parse_single_ip,
244 .print = ipset_print_ip,
260 /* Ignored options: backward compatibilty */
263 IPSET_ARG_IGNORED_FROM,
264 IPSET_ARG_IGNORED_TO,
265 IPSET_ARG_IGNORED_NETWORK,
277 IPSET_ARG_ADT_COMMENT,
280 .need = IPSET_FLAG(IPSET_OPT_IP)
281 | IPSET_FLAG(IPSET_OPT_PROTO)
282 | IPSET_FLAG(IPSET_OPT_PORT)
283 | IPSET_FLAG(IPSET_OPT_IP2),
284 .full = IPSET_FLAG(IPSET_OPT_IP)
285 | IPSET_FLAG(IPSET_OPT_IP_TO)
286 | IPSET_FLAG(IPSET_OPT_PROTO)
287 | IPSET_FLAG(IPSET_OPT_PORT)
288 | IPSET_FLAG(IPSET_OPT_PORT_TO)
289 | IPSET_FLAG(IPSET_OPT_IP2),
290 .help = "IP,[PROTO:]PORT,IP",
296 .need = IPSET_FLAG(IPSET_OPT_IP)
297 | IPSET_FLAG(IPSET_OPT_PROTO)
298 | IPSET_FLAG(IPSET_OPT_PORT)
299 | IPSET_FLAG(IPSET_OPT_IP2),
300 .full = IPSET_FLAG(IPSET_OPT_IP)
301 | IPSET_FLAG(IPSET_OPT_IP_TO)
302 | IPSET_FLAG(IPSET_OPT_PROTO)
303 | IPSET_FLAG(IPSET_OPT_PORT)
304 | IPSET_FLAG(IPSET_OPT_PORT_TO)
305 | IPSET_FLAG(IPSET_OPT_IP2),
306 .help = "IP,[PROTO:]PORT,IP",
312 .need = IPSET_FLAG(IPSET_OPT_IP)
313 | IPSET_FLAG(IPSET_OPT_PROTO)
314 | IPSET_FLAG(IPSET_OPT_PORT)
315 | IPSET_FLAG(IPSET_OPT_IP2),
316 .full = IPSET_FLAG(IPSET_OPT_IP)
317 | IPSET_FLAG(IPSET_OPT_PROTO)
318 | IPSET_FLAG(IPSET_OPT_PORT)
319 | IPSET_FLAG(IPSET_OPT_IP2),
320 .help = "IP,[PROTO:]PORT,IP",
323 .usage = "where depending on the INET family\n"
324 " IP is a valid IPv4 or IPv6 address (or hostname).\n"
325 " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
326 " in the first IP component is supported for IPv4.\n"
327 " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
328 " port range is supported both for IPv4 and IPv6.",
329 .usagefn = ipset_port_usage,
330 .description = "comment support",
333 /* forceadd support */
334 static struct ipset_type ipset_hash_ipportip4 = {
335 .name = "hash:ip,port,ip",
336 .alias = { "ipportiphash", NULL },
338 .family = NFPROTO_IPSET_IPV46,
339 .dimension = IPSET_DIM_THREE,
341 [IPSET_DIM_ONE - 1] = {
342 .parse = ipset_parse_ip4_single6,
343 .print = ipset_print_ip,
346 [IPSET_DIM_TWO - 1] = {
347 .parse = ipset_parse_proto_port,
348 .print = ipset_print_proto_port,
349 .opt = IPSET_OPT_PORT
351 [IPSET_DIM_THREE - 1] = {
352 .parse = ipset_parse_single_ip,
353 .print = ipset_print_ip,
370 /* Ignored options: backward compatibilty */
373 IPSET_ARG_IGNORED_FROM,
374 IPSET_ARG_IGNORED_TO,
375 IPSET_ARG_IGNORED_NETWORK,
387 IPSET_ARG_ADT_COMMENT,
390 .need = IPSET_FLAG(IPSET_OPT_IP)
391 | IPSET_FLAG(IPSET_OPT_PROTO)
392 | IPSET_FLAG(IPSET_OPT_PORT)
393 | IPSET_FLAG(IPSET_OPT_IP2),
394 .full = IPSET_FLAG(IPSET_OPT_IP)
395 | IPSET_FLAG(IPSET_OPT_IP_TO)
396 | IPSET_FLAG(IPSET_OPT_PROTO)
397 | IPSET_FLAG(IPSET_OPT_PORT)
398 | IPSET_FLAG(IPSET_OPT_PORT_TO)
399 | IPSET_FLAG(IPSET_OPT_IP2),
400 .help = "IP,[PROTO:]PORT,IP",
406 .need = IPSET_FLAG(IPSET_OPT_IP)
407 | IPSET_FLAG(IPSET_OPT_PROTO)
408 | IPSET_FLAG(IPSET_OPT_PORT)
409 | IPSET_FLAG(IPSET_OPT_IP2),
410 .full = IPSET_FLAG(IPSET_OPT_IP)
411 | IPSET_FLAG(IPSET_OPT_IP_TO)
412 | IPSET_FLAG(IPSET_OPT_PROTO)
413 | IPSET_FLAG(IPSET_OPT_PORT)
414 | IPSET_FLAG(IPSET_OPT_PORT_TO)
415 | IPSET_FLAG(IPSET_OPT_IP2),
416 .help = "IP,[PROTO:]PORT,IP",
422 .need = IPSET_FLAG(IPSET_OPT_IP)
423 | IPSET_FLAG(IPSET_OPT_PROTO)
424 | IPSET_FLAG(IPSET_OPT_PORT)
425 | IPSET_FLAG(IPSET_OPT_IP2),
426 .full = IPSET_FLAG(IPSET_OPT_IP)
427 | IPSET_FLAG(IPSET_OPT_PROTO)
428 | IPSET_FLAG(IPSET_OPT_PORT)
429 | IPSET_FLAG(IPSET_OPT_IP2),
430 .help = "IP,[PROTO:]PORT,IP",
433 .usage = "where depending on the INET family\n"
434 " IP is a valid IPv4 or IPv6 address (or hostname).\n"
435 " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
436 " in the first IP component is supported for IPv4.\n"
437 " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
438 " port range is supported both for IPv4 and IPv6.",
439 .usagefn = ipset_port_usage,
440 .description = "forceadd support",
443 /* skbinfo support */
444 static struct ipset_type ipset_hash_ipportip5 = {
445 .name = "hash:ip,port,ip",
446 .alias = { "ipportiphash", NULL },
448 .family = NFPROTO_IPSET_IPV46,
449 .dimension = IPSET_DIM_THREE,
451 [IPSET_DIM_ONE - 1] = {
452 .parse = ipset_parse_ip4_single6,
453 .print = ipset_print_ip,
456 [IPSET_DIM_TWO - 1] = {
457 .parse = ipset_parse_proto_port,
458 .print = ipset_print_proto_port,
459 .opt = IPSET_OPT_PORT
461 [IPSET_DIM_THREE - 1] = {
462 .parse = ipset_parse_single_ip,
463 .print = ipset_print_ip,
481 /* Ignored options: backward compatibilty */
484 IPSET_ARG_IGNORED_FROM,
485 IPSET_ARG_IGNORED_TO,
486 IPSET_ARG_IGNORED_NETWORK,
498 IPSET_ARG_ADT_COMMENT,
504 .need = IPSET_FLAG(IPSET_OPT_IP)
505 | IPSET_FLAG(IPSET_OPT_PROTO)
506 | IPSET_FLAG(IPSET_OPT_PORT)
507 | IPSET_FLAG(IPSET_OPT_IP2),
508 .full = IPSET_FLAG(IPSET_OPT_IP)
509 | IPSET_FLAG(IPSET_OPT_IP_TO)
510 | IPSET_FLAG(IPSET_OPT_PROTO)
511 | IPSET_FLAG(IPSET_OPT_PORT)
512 | IPSET_FLAG(IPSET_OPT_PORT_TO)
513 | IPSET_FLAG(IPSET_OPT_IP2),
514 .help = "IP,[PROTO:]PORT,IP",
520 .need = IPSET_FLAG(IPSET_OPT_IP)
521 | IPSET_FLAG(IPSET_OPT_PROTO)
522 | IPSET_FLAG(IPSET_OPT_PORT)
523 | IPSET_FLAG(IPSET_OPT_IP2),
524 .full = IPSET_FLAG(IPSET_OPT_IP)
525 | IPSET_FLAG(IPSET_OPT_IP_TO)
526 | IPSET_FLAG(IPSET_OPT_PROTO)
527 | IPSET_FLAG(IPSET_OPT_PORT)
528 | IPSET_FLAG(IPSET_OPT_PORT_TO)
529 | IPSET_FLAG(IPSET_OPT_IP2),
530 .help = "IP,[PROTO:]PORT,IP",
536 .need = IPSET_FLAG(IPSET_OPT_IP)
537 | IPSET_FLAG(IPSET_OPT_PROTO)
538 | IPSET_FLAG(IPSET_OPT_PORT)
539 | IPSET_FLAG(IPSET_OPT_IP2),
540 .full = IPSET_FLAG(IPSET_OPT_IP)
541 | IPSET_FLAG(IPSET_OPT_PROTO)
542 | IPSET_FLAG(IPSET_OPT_PORT)
543 | IPSET_FLAG(IPSET_OPT_IP2),
544 .help = "IP,[PROTO:]PORT,IP",
547 .usage = "where depending on the INET family\n"
548 " IP is a valid IPv4 or IPv6 address (or hostname).\n"
549 " Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
550 " in the first IP component is supported for IPv4.\n"
551 " Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
552 " port range is supported both for IPv4 and IPv6.",
553 .usagefn = ipset_port_usage,
554 .description = "skbinfo support",
560 ipset_type_add(&ipset_hash_ipportip1);
561 ipset_type_add(&ipset_hash_ipportip2);
562 ipset_type_add(&ipset_hash_ipportip3);
563 ipset_type_add(&ipset_hash_ipportip4);
564 ipset_type_add(&ipset_hash_ipportip5);
projects / ipset / blob