--- /dev/null
+#ifndef LIBIPSET_NFPROTO_H
+#define LIBIPSET_NFPROTO_H
+
+/*
+ * The constants to select, same as in linux/netfilter.h.
+ * Like nf_inet_addr.h, this is just here so that we need not to rely on
+ * the presence of a recent-enough netfilter.h.
+ */
+enum {
+ NFPROTO_UNSPEC = 0,
+ NFPROTO_IPV4 = 2,
+ NFPROTO_ARP = 3,
+ NFPROTO_BRIDGE = 7,
+ NFPROTO_IPV6 = 10,
+ NFPROTO_DECNET = 12,
+ NFPROTO_NUMPROTO,
+};
+
+#endif /* LIBIPSET_NFPROTO_H */
#include <libipset/parse.h> /* ipset_parsefn */
#include <libipset/print.h> /* ipset_printfn */
#include <libipset/linux_ip_set.h> /* IPSET_MAXNAMELEN */
-
-#define AF_INET46 255
+#include <libipset/nfproto.h> /* for NFPROTO_ */
/* Family rules:
- * - AF_UNSPEC: type is family-neutral
- * - AF_INET: type supports IPv4 only
- * - AF_INET6: type supports IPv6 only
- * - AF_INET46: type supports both IPv4 and IPv6
+ * - NFPROTO_UNSPEC: type is family-neutral
+ * - NFPROTO_IPV4: type supports IPv4 only
+ * - NFPROTO_IPV6: type supports IPv6 only
+ * Special (userspace) ipset-only extra value:
+ * - NFPROTO_IPSET_IPV46: type supports both IPv4 and IPv6
*/
+enum {
+ NFPROTO_IPSET_IPV46 = 255,
+};
/* The maximal type dimension userspace supports */
#define IPSET_DIM_UMAX 3
u8 features;
/* Set type dimension */
u8 dimension;
- /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */
+ /*
+ * Supported family: may be NFPROTO_UNSPEC for both
+ * NFPROTO_IPV4/NFPROTO_IPV6.
+ */
u8 family;
/* Type revisions */
u8 revision_min, revision_max;
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_INET;
+ set->family = NFPROTO_IPV4;
return true;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_ip_create,
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_INET;
+ set->family = NFPROTO_IPV4;
return true;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_MAC,
.dimension = IPSET_DIM_TWO,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_ipmac_create,
map->timeout = IPSET_NO_TIMEOUT;
set->data = map;
- set->family = AF_UNSPEC;
+ set->family = NFPROTO_UNSPEC;
return true;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_PORT,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = bitmap_port_create,
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) &&
- (type->family == family || type->family == AF_UNSPEC) &&
+ (type->family == family || type->family == NFPROTO_UNSPEC) &&
revision >= type->revision_min &&
revision <= type->revision_max)
return type;
rcu_read_lock();
list_for_each_entry_rcu(type, &ip_set_type_list, list)
if (STREQ(type->name, name) &&
- (type->family == family || type->family == AF_UNSPEC)) {
+ (type->family == family || type->family == NFPROTO_UNSPEC)) {
found = true;
if (type->revision_min < *min)
*min = type->revision_min;
__find_set_type_minmax(name, family, min, max, true);
}
-#define family_name(f) ((f) == AF_INET ? "inet" : \
- (f) == AF_INET6 ? "inet6" : "any")
+#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \
+ (f) == NFPROTO_IPV6 ? "inet6" : "any")
/* Register a set type structure. The type is identified by
* the unique triple of name, family and revision.
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
read_lock_bh(&set->lock);
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
write_lock_bh(&set->lock);
pr_debug("set %s, index %u\n", set->name, index);
if (opt->dim < set->type->dimension ||
- !(opt->family == set->family || set->family == AF_UNSPEC))
+ !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
return 0;
write_lock_bh(&set->lock);
return NULL;
nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_INET;
+ nfmsg->nfgen_family = NFPROTO_IPV4;
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = 0;
u8 proto;
switch (pf) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = ip_set_get_ip4_port(skb, src, port, &proto);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
ret = ip_set_get_ip6_port(skb, src, port, &proto);
break;
default:
u8 netmask, hbits;
struct ip_set_hash *h;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
- netmask = set->family == AF_INET ? 32 : 128;
+ netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
pr_debug("Create set %s with family %s\n",
- set->name, set->family == AF_INET ? "inet" : "inet6");
+ set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
if (tb[IPSET_ATTR_NETMASK]) {
netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
- if ((set->family == AF_INET && netmask > 32) ||
- (set->family == AF_INET6 && netmask > 128) ||
+ if ((set->family == NFPROTO_IPV4 && netmask > 32) ||
+ (set->family == NFPROTO_IPV6 && netmask > 128) ||
netmask == 0)
return -IPSET_ERR_INVALID_NETMASK;
}
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ip4_tvariant : &hash_ip6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ip4_gc_init(set);
else
hash_ip6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ip4_variant : &hash_ip6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = hash_ip_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipport4_tvariant : &hash_ipport6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipport4_gc_init(set);
else
hash_ipport6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipport4_variant : &hash_ipport6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* SCTP and UDPLITE support added */
.create = hash_ipport_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipportip4_gc_init(set);
else
hash_ipportip6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportip4_variant : &hash_ipportip6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
.dimension = IPSET_DIM_THREE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* SCTP and UDPLITE support added */
.create = hash_ipportip_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportnet4_tvariant
: &hash_ipportnet6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_ipportnet4_gc_init(set);
else
hash_ipportnet6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_ipportnet4_variant : &hash_ipportnet6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
.dimension = IPSET_DIM_THREE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
/* 1 SCTP and UDPLITE support added */
.revision_max = 2, /* Range as input support for IPv4 added */
struct ip_set_hash *h;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_net4_tvariant : &hash_net6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_net4_gc_init(set);
else
hash_net6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_net4_variant : &hash_net6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 1, /* Range as input support for IPv4 added */
.create = hash_net_create,
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netiface4_tvariant : &hash_netiface6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_netiface4_gc_init(set);
else
hash_netiface6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netiface4_variant : &hash_netiface6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_IFACE,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.create = hash_netiface_create,
.create_policy = {
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
- if (!(set->family == AF_INET || set->family == AF_INET6))
+ if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
h = kzalloc(sizeof(*h)
+ sizeof(struct ip_set_hash_nets)
- * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+ * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
if (!h)
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netport4_tvariant : &hash_netport6_tvariant;
- if (set->family == AF_INET)
+ if (set->family == NFPROTO_IPV4)
hash_netport4_gc_init(set);
else
hash_netport6_gc_init(set);
} else {
- set->variant = set->family == AF_INET
+ set->variant = set->family == NFPROTO_IPV4
? &hash_netport4_variant : &hash_netport6_variant;
}
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_IP | IPSET_TYPE_PORT,
.dimension = IPSET_DIM_TWO,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
/* 1 SCTP and UDPLITE support added */
.revision_max = 2, /* Range as input support for IPv4 added */
.protocol = IPSET_PROTOCOL,
.features = IPSET_TYPE_NAME | IPSET_DUMP_LAST,
.dimension = IPSET_DIM_ONE,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.revision_min = 0,
.revision_max = 0,
.create = list_set_create,
#include <arpa/inet.h> /* ntoh* */
#include <net/ethernet.h> /* ETH_ALEN */
#include <net/if.h> /* IFNAMSIZ */
-#include <sys/socket.h> /* AF_ */
#include <stdlib.h> /* malloc, free */
#include <string.h> /* memset */
static void
copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value)
{
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
in4cpy(&ip->in, value);
else
in6cpy(&ip->in6, value);
break;
/* CADT options */
case IPSET_OPT_IP:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->ip, value);
break;
case IPSET_OPT_IP_TO:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->ip_to, value);
break;
ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN);
break;
case IPSET_OPT_IP2:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->adt.ip2, value);
break;
case IPSET_OPT_IP2_TO:
- if (!(data->family == AF_INET || data->family == AF_INET6))
+ if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
return -1;
copy_addr(data->family, &data->adt.ip2_to, value);
break;
case IPSET_OPT_IP_TO:
case IPSET_OPT_IP2:
case IPSET_OPT_IP2_TO:
- return family == AF_INET ? sizeof(uint32_t)
+ return family == NFPROTO_IPV4 ? sizeof(uint32_t)
: sizeof(struct in6_addr);
case IPSET_OPT_PORT:
case IPSET_OPT_PORT_TO:
* @data: data blob
*
* Return the INET family supported by the set from the data blob.
- * If the family is not set yet, AF_UNSPEC is returned.
+ * If the family is not set yet, NFPROTO_UNSPEC is returned.
*/
uint8_t
ipset_data_family(const struct ipset_data *data)
{
assert(data);
return ipset_data_test(data, IPSET_OPT_FAMILY)
- ? data->family : AF_UNSPEC;
+ ? data->family : NFPROTO_UNSPEC;
}
/**
{
assert(data);
return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr :
- data->family == AF_INET ? 32 :
- data->family == AF_INET6 ? 128 : 0;
+ data->family == NFPROTO_IPV4 ? 32 :
+ data->family == NFPROTO_IPV6 ? 128 : 0;
}
/**
d = mnl_attr_get_payload(
ipattr[IPSET_ATTR_IPADDR_IPV4]);
- inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN);
+ inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN);
fprintf(stderr, "\t\t%s: %s\n",
attr2name[i].name, addr);
} else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) {
d = mnl_attr_get_payload(
ipattr[IPSET_ATTR_IPADDR_IPV6]);
- inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN);
+ inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN);
fprintf(stderr, "\t\t%s: %s\n",
attr2name[i].name, addr);
}
tmp = a;
goto parse_port;
case IPPROTO_ICMP:
- if (family != AF_INET) {
+ if (family != NFPROTO_IPV4) {
syntax_err("Protocol ICMP can be used "
"with family INET only");
goto error;
err = ipset_parse_icmp(session, opt, a);
break;
case IPPROTO_ICMPV6:
- if (family != AF_INET6) {
+ if (family != NFPROTO_IPV6) {
syntax_err("Protocol ICMPv6 can be used "
"with family INET6 only");
goto error;
"multiple times");
if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4"))
- family = AF_INET;
+ family = NFPROTO_IPV4;
else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6"))
- family = AF_INET6;
+ family = NFPROTO_IPV6;
else if (STREQ(str, "any") || STREQ(str, "unspec"))
- family = AF_UNSPEC;
+ family = NFPROTO_UNSPEC;
else
return syntax_err("unknown INET family %s", str);
if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) {
syntax_err("cannot resolve '%s' to an %s address: %s",
- str, family == AF_INET6 ? "IPv6" : "IPv4",
+ str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4",
gai_strerror(err));
return NULL;
} else
uint8_t family)
{
struct addrinfo *i;
- size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in)
+ size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in)
: sizeof(struct sockaddr_in6);
int found, err = 0;
if ((*info = call_getaddrinfo(session, str, family)) == NULL) {
syntax_err("cannot parse %s: resolving to %s address failed",
- str, family == AF_INET ? "IPv4" : "IPv6");
+ str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
return EINVAL;
}
if (i->ai_family != family || i->ai_addrlen != addrlen)
continue;
if (found == 0) {
- if (family == AF_INET) {
+ if (family == NFPROTO_IPV4) {
/* Workaround: direct cast increases
* required alignment on Sparc
*/
if (found == 0)
return syntax_err("cannot parse %s: "
"%s address could not be resolved",
- str, family == AF_INET ? "IPv4" : "IPv6");
+ str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
return err;
}
enum ipset_opt opt, const char *str,
uint8_t family)
{
- uint8_t m = family == AF_INET ? 32 : 128;
+ uint8_t m = family == NFPROTO_IPV4 ? 32 : 128;
int aerr = EINVAL, err = 0, range = 0;
char *saved = strdup(str);
char *a, *tmp = saved;
{
char *a = cidr_separator(str);
- return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128");
+ return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128");
}
static int
struct ipset_data *data = ipset_session_data(session);
uint8_t family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
- return family == AF_INET ? ipset_parse_ip(session, opt, str)
+ return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str)
: ipset_parse_single_ip(session, opt, str);
}
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
- return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY)
+ return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY)
: ipset_parse_ipnet(session, opt, str);
}
data = ipset_session_data(session);
family = ipset_data_family(data);
- if (family == AF_UNSPEC) {
- family = AF_INET;
+ if (family == NFPROTO_UNSPEC) {
+ family = NFPROTO_IPV4;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
err = string_to_cidr(session, str,
- family == AF_INET ? 1 : 4,
- family == AF_INET ? 31 : 124,
+ family == NFPROTO_IPV4 ? 1 : 4,
+ family == NFPROTO_IPV4 ? 31 : 124,
&cidr);
if (err)
return syntax_err("netmask is out of the inclusive range "
"of %u-%u",
- family == AF_INET ? 1 : 4,
- family == AF_INET ? 31 : 124);
+ family == NFPROTO_IPV4 ? 1 : 4,
+ family == NFPROTO_IPV4 ? 31 : 124);
return ipset_data_set(data, opt, &cidr);
}
memset(&saddr, 0, sizeof(saddr));
in4cpy(&saddr.sin_addr, &addr->in);
- saddr.sin_family = AF_INET;
+ saddr.sin_family = NFPROTO_IPV4;
err = getnameinfo((const struct sockaddr *)&saddr,
sizeof(saddr),
memset(&saddr, 0, sizeof(saddr));
in6cpy(&saddr.sin6_addr, &addr->in6);
- saddr.sin6_family = AF_INET6;
+ saddr.sin6_family = NFPROTO_IPV6;
err = getnameinfo((const struct sockaddr *)&saddr,
sizeof(saddr),
cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
D("CIDR: %u", cidr);
} else
- cidr = family == AF_INET6 ? 128 : 32;
+ cidr = family == NFPROTO_IPV6 ? 128 : 32;
flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
ip = ipset_data_get(data, opt);
assert(ip);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
size = snprintf_ipv4(buf, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
size = snprintf_ipv6(buf, len, flags, ip, cidr);
else
return -1;
SNPRINTF_FAILURE(size, len, offset);
ip = ipset_data_get(data, IPSET_OPT_IP_TO);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
size = snprintf_ipv4(buf + offset, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
size = snprintf_ipv6(buf + offset, len, flags, ip, cidr);
else
return -1;
if (ipset_data_test(data, cidropt))
cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
else
- cidr = family == AF_INET6 ? 128 : 32;
+ cidr = family == NFPROTO_IPV6 ? 128 : 32;
flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
ip = ipset_data_get(data, opt);
assert(ip);
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
return snprintf_ipv4(buf, len, flags, ip, cidr);
- else if (family == AF_INET6)
+ else if (family == NFPROTO_IPV6)
return snprintf_ipv6(buf, len, flags, ip, cidr);
return -1;
/* Validate by hand */
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
atype = IPSET_ATTR_IPADDR_IPV4;
if (!ipattr[atype])
FAILURE("Broken kernel message: IPv4 address "
"cannot validate IPv4 "
"address attribute!");
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
atype = IPSET_ATTR_IPADDR_IPV6;
if (!ipattr[atype])
FAILURE("Broken kernel message: IPv6 address "
}
#define FAMILY_TO_STR(f) \
- ((f) == AF_INET ? "inet" : \
- (f) == AF_INET6 ? "inet6" : "any")
+ ((f) == NFPROTO_IPV4 ? "inet" : \
+ (f) == NFPROTO_IPV6 ? "inet6" : "any")
static int
list_create(struct ipset_session *session, struct nlattr *nla[])
return attr->len;
*flags = NLA_F_NET_BYTEORDER;
- return family == AF_INET ? sizeof(uint32_t)
+ return family == NFPROTO_IPV4 ? sizeof(uint32_t)
: sizeof(struct in6_addr);
case MNL_TYPE_U32:
*flags = NLA_F_NET_BYTEORDER;
if (attr->type == MNL_TYPE_NESTED) {
/* IP addresses */
struct nlattr *nested;
- int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4
+ int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4
: IPSET_ATTR_IPADDR_IPV6;
alen = attr_len(attr, family, &flags);
MNL_ATTR_HDRLEN, alen))
return 1;
nested = mnl_attr_nest_start(nlh, type);
- D("family: %s", family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC");
+ D("family: %s", family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC");
mnl_attr_put(nlh, atype | flags, alen, d);
mnl_attr_nest_end(nlh, nested);
data2attr(session, nlh, data, type, family, attrs)
#define ADDATTR_SETNAME(session, nlh, data) \
- data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs)
+ data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs)
#define ADDATTR_IF(session, nlh, data, type, family, attrs) \
ipset_data_test(data, attrs[type].opt) ? \
data2attr(session, nlh, data, type, family, attrs) : 0
#define ADDATTR_RAW(session, nlh, data, type, attrs) \
- rawdata2attr(session, nlh, data, type, AF_INET, attrs)
+ rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs)
static void
addattr_create(struct ipset_session *session,
"Invalid internal TYPE command: "
"missing settype");
ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
if (ipset_data_test(data, IPSET_OPT_FAMILY))
ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
else
/* bitmap:port and list:set types */
- mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
break;
default:
return ipset_err(session, "Internal error: "
* setname, typename, revision, family, flags (optional) */
ADDATTR_SETNAME(session, nlh, data);
ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
ADDATTR_RAW(session, nlh, &type->revision,
IPSET_ATTR_REVISION, cmd_attrs);
D("family: %u, type family %u",
ipset_data_family(data), type->family);
if (ipset_data_test(data, IPSET_OPT_FAMILY))
ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
- AF_INET, cmd_attrs);
+ NFPROTO_IPV4, cmd_attrs);
else
/* bitmap:port and list:set types */
- mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+ mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
/* Type-specific create attributes */
D("call open_nested");
ADDATTR_SETNAME(session, nlh, data);
if (flags && session->mode != IPSET_LIST_SAVE) {
ipset_data_set(data, IPSET_OPT_FLAGS, &flags);
- ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET,
+ ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4,
cmd_attrs);
}
break;
}
#define MATCH_FAMILY(type, f) \
- (f == AF_UNSPEC || type->family == f || type->family == AF_INET46)
+ (f == NFPROTO_UNSPEC || type->family == f || \
+ type->family == NFPROTO_IPSET_IPV46)
bool
ipset_match_typename(const char *name, const struct ipset_type *type)
typename);
/* Family is unspecified yet: set from matching set type */
- if (family == AF_UNSPEC && match->family != AF_UNSPEC) {
- family = match->family == AF_INET46 ? AF_INET : match->family;
+ if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) {
+ family = match->family == NFPROTO_IPSET_IPV46 ?
+ NFPROTO_IPV4 : match->family;
ipset_data_set(data, IPSET_OPT_FAMILY, &family);
}
"with maximal revision %u.\n"
"You need to upgrade your ipset program.",
typename,
- family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC",
+ family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
kmin, tmax);
else
return ipset_errptr(session,
"with minimal revision %u.\n"
"You need to upgrade your kernel.",
typename,
- family == AF_INET ? "INET" :
- family == AF_INET6 ? "INET6" : "UNSPEC",
+ family == NFPROTO_IPV4 ? "INET" :
+ family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
kmax, tmin);
}
}
#define set_family_and_type(data, match, family) do { \
- if (family == AF_UNSPEC && match->family != AF_UNSPEC) \
- family = match->family == AF_INET46 ? AF_INET : match->family;\
+ if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \
+ family = match->family == NFPROTO_IPSET_IPV46 ? \
+ NFPROTO_IPV4 : match->family;\
ipset_data_set(data, IPSET_OPT_FAMILY, &family); \
ipset_data_set(data, IPSET_OPT_TYPE, match); \
} while (0)
const struct ipset_type *match;
const char *setname, *typename;
const uint8_t *revision;
- uint8_t family = AF_UNSPEC;
+ uint8_t family = NFPROTO_UNSPEC;
int ret;
data = ipset_session_data(session);
"ipset library does not support the "
"settype with that family and revision.",
setname, typename,
- family == AF_INET ? "inet" :
- family == AF_INET6 ? "inet6" : "unspec",
+ family == NFPROTO_IPV4 ? "inet" :
+ family == NFPROTO_IPV6 ? "inet6" : "unspec",
*revision);
set_family_and_type(data, match, family);
const struct ipset_type *t, *match = NULL;
struct ipset_data *data;
const char *typename;
- uint8_t family = AF_UNSPEC, revision;
+ uint8_t family = NFPROTO_UNSPEC, revision;
assert(session);
data = ipset_session_data(session);
session_family(void)
{
switch (ipset_data_family(ipset_session_data(session))) {
- case AF_INET:
+ case NFPROTO_IPV4:
return "inet";
- case AF_INET6:
+ case NFPROTO_IPV6:
return "inet6";
default:
return "unspec";
type->name, type->usage);
if (type->usagefn)
type->usagefn();
- if (type->family == AF_UNSPEC)
+ if (type->family == NFPROTO_UNSPEC)
printf("\nType %s is family neutral.\n",
type->name);
- else if (type->family == AF_INET46)
+ else if (type->family == NFPROTO_IPSET_IPV46)
printf("\nType %s supports INET "
"and INET6.\n",
type->name);
printf("\nType %s supports family "
"%s only.\n",
type->name,
- type->family == AF_INET
+ type->family == NFPROTO_IPV4
? "INET" : "INET6");
} else {
printf("\nSupported set types:\n");
.name = "bitmap:ip",
.alias = { "ipmap", NULL },
.revision = 0,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.dimension = IPSET_DIM_ONE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "bitmap:ip,mac",
.alias = { "macipmap", NULL },
.revision = 0,
- .family = AF_INET,
+ .family = NFPROTO_IPV4,
.dimension = IPSET_DIM_TWO,
.last_elem_optional = true,
.elem = {
.name = "bitmap:port",
.alias = { "portmap", NULL },
.revision = 0,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.dimension = IPSET_DIM_ONE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:ip",
.alias = { "iphash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:ip,port",
.alias = { "ipporthash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:ip,port,ip",
.alias = { "ipportiphash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:ip,port,net",
.alias = { "ipportnethash", NULL },
.revision = 2,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_THREE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:net",
.alias = { "nethash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:net",
.alias = { "nethash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_ONE,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:net,iface",
.alias = { "netifacehash", NULL },
.revision = 0,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:net,port",
.alias = { "netporthash", NULL },
.revision = 1,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "hash:net,port",
.alias = { "netporthash", NULL },
.revision = 2,
- .family = AF_INET46,
+ .family = NFPROTO_IPSET_IPV46,
.dimension = IPSET_DIM_TWO,
.elem = {
[IPSET_DIM_ONE - 1] = {
.name = "list:set",
.alias = { "setlist", NULL },
.revision = 0,
- .family = AF_UNSPEC,
+ .family = NFPROTO_UNSPEC,
.dimension = IPSET_DIM_ONE,
.elem = {
[IPSET_DIM_ONE - 1] = {
projects / ipset / commitdiff