+[2.3.3]
+ - compatibility for the 2.6.x kernel tree improved and compiler warnings
+ fixed (Jan Engelhardt)
+ - compatibility fixes for the 2.4.36.x kernel tree added
+
[2.3.2]
- including limits.h for UINT_MAX is required with glibc-2.8 (pud)
- needless cast from and to void pointers cleanups in iptreemap (Sven Wegener)
IP_NF_SET_HASHSIZE=1024
endif
-IPSET_VERSION:=2.3.2
+IPSET_VERSION:=2.3.3
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
cd kernel; ./patch_kernel $(KERNEL_DIR)
modules:
- @[ -f $(KERNEL_DIR)/net/ipv4/netfilter/Kconfig ] || (echo "Error: the directory '$(KERNEL_DIR)' doesn't look like a Linux 2.6.x kernel source tree." && exit 1)
- @[ -f $(KERNEL_DIR)/.config ] || (echo "Error: the kernel source in '$(KERNEL_DIR)' must be configured" && exit 1)
- @[ -f $(KERNEL_DIR)/Module.symvers ] || echo "Warning: you should run 'make modules' in '$(KERNEL_DIR)' beforehand"
+ @[ ! -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (echo "Error: The directory '$(KERNEL_DIR)' looks like a Linux 2.4.x kernel source tree, you have to patch it by 'make patch_kernel'." && exit 1)
+ @[ -f $(KERNEL_DIR)/net/ipv4/netfilter/Kconfig ] || (echo "Error: The directory '$(KERNEL_DIR)' doesn't look like a Linux 2.6.x kernel source tree." && exit 1)
+ @[ -f $(KERNEL_DIR)/.config ] || (echo "Error: The kernel source in '$(KERNEL_DIR)' must be configured" && exit 1)
+ @[ -f $(KERNEL_DIR)/Module.symvers ] || echo "Warning: You should run 'make modules' in '$(KERNEL_DIR)' beforehand"
cd kernel; make -C $(KERNEL_DIR) M=`pwd` IP_NF_SET_MAX=$(IP_NF_SET_MAX) IP_NF_SET_HASHSIZE=$(IP_NF_SET_HASHSIZE) modules
modules_install: modules
clean: $(EXTRA_CLEANS)
rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~
- cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean
+ [ -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean)
#The ipset(8) self
ipset.o: ipset.c
This is the ipset source tree. Follow these steps to install ipset:
-0. You need the source tree of your kernel (version >= 2.6.16) and it have
- to be configured, modules compiled.
+0. You need the source tree of your kernel (version >= 2.6.16 or 2.4.36.x)
+ and it have to be configured, modules compiled.
1. Compile ipset and it's kernel modules
Read the ipset(8) and iptables(8) manpages on how to use ipset
and its match and target from iptables.
-If you want to build a non-modular kernel, then proceed with the following
-steps:
+If you want to build a non-modular >= 2.6.16 kernel or has got a 2.4.36.x
+kernel tree, then proceed with the following steps:
1. Compile the ipset binaries
struct ip_set_restore *restore_set = NULL;
size_t restore_offset = 0;
socklen_t restore_size;
-unsigned line = 0;
+unsigned restore_line = 0;
#define TEMPFILE_PATTERN "/ipsetXXXXXX"
{"help", 2, 0, 'H'},
/* end */
- {0}
+ {NULL},
};
static char opts_short[] =
/* Main parser function */
int parse_commandline(int argc, char *argv[]);
-void exit_tryhelp(int status)
+static void exit_tryhelp(int status)
{
fprintf(stderr,
"Try `%s -H' or '%s --help' for more information.\n",
exit(status);
}
-void exit_error(enum exittype status, char *msg, ...)
+void exit_error(enum exittype status, const char *msg, ...)
{
va_list args;
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, "\n");
- if (line)
- fprintf(stderr, "Restore failed at line %u:\n", line);
+ if (restore_line)
+ fprintf(stderr, "Restore failed at line %u:\n", restore_line);
if (status == PARAMETER_PROBLEM)
exit_tryhelp(status);
if (status == VERSION_PROBLEM)
exit(status);
}
-void ipset_printf(char *msg, ...)
+static void ipset_printf(char *msg, ...)
{
va_list args;
static ip_set_id_t set_find_free_index(const char *name)
{
- ip_set_id_t i, index = IP_SET_INVALID_ID;
+ ip_set_id_t i, idx = IP_SET_INVALID_ID;
for (i = 0; i < max_sets; i++) {
- if (index == IP_SET_INVALID_ID
+ if (idx == IP_SET_INVALID_ID
&& set_list[i] == NULL)
- index = i;
+ idx = i;
if (set_list[i] != NULL
&& strncmp(set_list[i]->name, name,
IP_SET_MAXNAMELEN) == 0)
name);
}
- if (index == IP_SET_INVALID_ID)
+ if (idx == IP_SET_INVALID_ID)
exit_error(PARAMETER_PROBLEM,
"Set %s cannot be restored, "
"max number of set %u reached",
name, max_sets);
- return index;
+ return idx;
}
/*
* Send MAX_SETS, LIST_SIZE and/or SAVE_SIZE orders to kernel
*/
static size_t load_set_list(const char name[IP_SET_MAXNAMELEN],
- ip_set_id_t *index,
+ ip_set_id_t *idx,
unsigned op, unsigned cmd)
{
void *data = NULL;
max_sets = req_max_sets.max_sets;
set_list = ipset_malloc(max_sets * sizeof(struct set *));
memset(set_list, 0, max_sets * sizeof(struct set *));
- *index = req_max_sets.set.index;
+ *idx = req_max_sets.set.index;
if (req_max_sets.sets == 0)
/* No sets in kernel */
+ req_max_sets.sets * sizeof(struct ip_set_name_list);
data = ipset_malloc(size);
((struct ip_set_req_setnames *) data)->op = op;
- ((struct ip_set_req_setnames *) data)->index = *index;
+ ((struct ip_set_req_setnames *) data)->index = *idx;
res = kernel_getfrom_handleerrno(cmd, data, &size);
{
void *data = NULL;
socklen_t size, req_size = 0;
- ip_set_id_t index;
+ ip_set_id_t idx;
int res = 0, bindings = 0;
time_t now = time(NULL);
/* Load set_list from kernel */
- size = load_set_list(name, &index,
+ size = load_set_list(name, &idx,
IP_SET_OP_SAVE_SIZE, CMD_SAVE);
if (size) {
req_size = (size += sizeof(struct ip_set_save));
data = ipset_malloc(size);
((struct ip_set_req_list *) data)->op = IP_SET_OP_SAVE;
- ((struct ip_set_req_list *) data)->index = index;
+ ((struct ip_set_req_list *) data)->index = idx;
res = kernel_getfrom_handleerrno(CMD_SAVE, data, &size);
if (res != 0 || size != req_size) {
char buffer[1024];
char *ptr, *name = NULL;
char cmd = ' ';
- int line = 0, first_pass, i, bindings = 0;
+ int restore_line = 0, first_pass, i, bindings = 0;
struct settype *settype = NULL;
struct ip_set_req_setnames *header;
- ip_set_id_t index;
+ ip_set_id_t idx;
FILE *in;
int res;
in = create_tempfile();
/* Load existing sets from kernel */
- load_set_list(IPSET_TOKEN_ALL, &index,
+ load_set_list(IPSET_TOKEN_ALL, &idx,
IP_SET_OP_LIST_SIZE, CMD_RESTORE);
restore_size = sizeof(struct ip_set_req_setnames)/* header */
DP("restore_size: %u", restore_size);
/* First pass: calculate required amount of data */
while (fgets(buffer, sizeof(buffer), in)) {
- line++;
+ restore_line++;
if (buffer[0] == '\n')
continue;
|| ptr[2] != '\0') {
exit_error(PARAMETER_PROBLEM,
"Line %u does not start as a valid restore command\n",
- line);
+ restore_line);
}
cmd = ptr[1];
/* setname */
if (ptr == NULL)
exit_error(PARAMETER_PROBLEM,
"Missing set name in line %u\n",
- line);
+ restore_line);
DP("cmd %c", cmd);
switch (cmd) {
case 'N': {
if (ptr == NULL)
exit_error(PARAMETER_PROBLEM,
"Missing settype in line %u\n",
- line);
+ restore_line);
if (bindings)
exit_error(PARAMETER_PROBLEM,
"Invalid line %u: create must precede bindings\n",
- line);
+ restore_line);
settype = check_set_typename(ptr);
restore_size += sizeof(struct ip_set_restore)
+ settype->create_size;
exit_error(PARAMETER_PROBLEM,
"Add IP to set %s in line %u without "
"preceding corresponding create set line\n",
- ptr, line);
+ ptr, restore_line);
if (bindings)
exit_error(PARAMETER_PROBLEM,
"Invalid line %u: adding entries must precede bindings\n",
- line);
+ restore_line);
restore_size += settype->adt_size;
DP("restore_size (A): %u", restore_size);
break;
default: {
exit_error(PARAMETER_PROBLEM,
"Unrecognized restore command in line %u\n",
- line);
+ restore_line);
}
} /* end of switch */
}
/* Rewind to scan the file again */
fseek(in, 0L, SEEK_SET);
- first_pass = line;
- line = 0;
+ first_pass = restore_line;
+ restore_line = 0;
/* Initialize newargv/newargc */
newargv[newargc++] = ipset_strdup(argv0);
/* Second pass: build up restore request */
while (fgets(buffer, sizeof(buffer), in)) {
- line++;
+ restore_line++;
if (buffer[0] == '\n')
continue;
goto do_restore;
DP("restoring: %s", buffer);
/* Build faked argv, argc */
- build_argv(line, buffer);
+ build_argv(restore_line, buffer);
for (i = 0; i < newargc; i++)
DP("argv[%u]: %s", i, newargv[i]);
unsigned options)
{
void *data = NULL;
- ip_set_id_t index;
+ ip_set_id_t idx;
socklen_t size, req_size;
int res = 0;
DP("%s", name);
/* Load set_list from kernel */
- size = req_size = load_set_list(name, &index,
+ size = req_size = load_set_list(name, &idx,
IP_SET_OP_LIST_SIZE, CMD_LIST);
if (size) {
/* Get sets and print them */
data = ipset_malloc(size);
((struct ip_set_req_list *) data)->op = IP_SET_OP_LIST;
- ((struct ip_set_req_list *) data)->index = index;
+ ((struct ip_set_req_list *) data)->index = idx;
res = kernel_getfrom_handleerrno(CMD_LIST, data, &size);
DP("get_lists getsockopt() res=%d errno=%d", res, errno);
void (*create_final) (void *data, unsigned int flags);
/* Pointer to list of extra command-line options for create */
- struct option *create_opts;
+ const struct option *create_opts;
/*
* Add/del/test IP
/* extern void unregister_settype(set_type_t *set_type); */
-extern void exit_error(enum exittype status, char *msg, ...);
+extern void exit_error(enum exittype status, const char *msg, ...);
extern char *binding_ip_tostring(struct set *set,
ip_set_ip_t ip, unsigned options);
#define OPT_CREATE_NETMASK 0x08U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
struct ip_set_req_iphash_create *mydata =
(struct ip_set_req_iphash_create *) data;
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_iphash_create *mydata =
(struct ip_set_req_iphash_create *) data;
}
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
#ifdef IPSET_DEBUG
struct ip_set_req_iphash_create *mydata =
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"hashsize", 1, 0, '1'},
- {"probes", 1, 0, '2'},
- {"resize", 1, 0, '3'},
- {"netmask", 1, 0, '4'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "hashsize", .has_arg = required_argument, .val = '1'},
+ {.name = "probes", .has_arg = required_argument, .val = '2'},
+ {.name = "resize", .has_arg = required_argument, .val = '3'},
+ {.name = "netmask", .has_arg = required_argument, .val = '4'},
+ {NULL},
};
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_iphash *mydata =
(struct ip_set_req_iphash *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_iphash_create *header =
(struct ip_set_req_iphash_create *) data;
map->netmask = header->netmask;
}
-unsigned int
+static unsigned int
mask_to_bits(ip_set_ip_t mask)
{
unsigned int bits = 32;
return bits;
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_iphash *mysetdata =
(struct ip_set_iphash *) set->settype->header;
printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask));
}
-void printips(struct set *set, void *data, size_t len, unsigned options)
+static void
+printips(struct set *set, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_iphash *mysetdata =
(struct ip_set_iphash *) set->settype->header;
}
/* Print save for an IP */
-void saveips(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveips(struct set *set, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
}
-void usage(void)
+static void usage(void)
{
printf
("-N set iphash [--hashsize hashsize] [--probes probes ]\n"
#define OPT_ADDDEL_IP 0x01U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
struct ip_set_req_ipmap_create *mydata =
(struct ip_set_req_ipmap_create *) data;
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_ipmap_create *mydata =
(struct ip_set_req_ipmap_create *) data;
#define ERRSTRLEN 256
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
struct ip_set_req_ipmap_create *mydata =
(struct ip_set_req_ipmap_create *) data;
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"from", 1, 0, '1'},
- {"to", 1, 0, '2'},
- {"network", 1, 0, '3'},
- {"netmask", 1, 0, '4'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "from", .has_arg = required_argument, .val = '1'},
+ {.name = "to", .has_arg = required_argument, .val = '2'},
+ {.name = "network", .has_arg = required_argument, .val = '3'},
+ {.name = "netmask", .has_arg = required_argument, .val = '4'},
+ {NULL},
};
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_ipmap *mydata =
(struct ip_set_req_ipmap *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_ipmap_create *header =
(struct ip_set_req_ipmap_create *) data;
DP("%i %i", map->hosts, map->sizeid );
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_ipmap *mysetdata =
(struct ip_set_ipmap *) set->settype->header;
printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask));
}
-void printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+static void
+printips_sorted(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_ipmap *mysetdata =
(struct ip_set_ipmap *) set->settype->header;
options));
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_ipmap *mysetdata =
(struct ip_set_ipmap *) set->settype->header;
mask_to_bits(mysetdata->netmask));
}
-void saveips(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveips(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_ipmap *mysetdata =
(struct ip_set_ipmap *) set->settype->header;
options));
}
-void usage(void)
+static void usage(void)
{
printf
("-N set ipmap --from IP --to IP [--netmask CIDR-netmask]\n"
#define OPT_CREATE_TO 0x20U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
struct ip_set_req_ipporthash_create *mydata =
(struct ip_set_req_ipporthash_create *) data;
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_ipporthash_create *mydata =
(struct ip_set_req_ipporthash_create *) data;
}
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
struct ip_set_req_ipporthash_create *mydata =
(struct ip_set_req_ipporthash_create *) data;
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"hashsize", 1, 0, '1'},
- {"probes", 1, 0, '2'},
- {"resize", 1, 0, '3'},
- {"from", 1, 0, '4'},
- {"to", 1, 0, '5'},
- {"network", 1, 0, '6'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "hashsize", .has_arg = required_argument, .val = '1'},
+ {.name = "probes", .has_arg = required_argument, .val = '2'},
+ {.name = "resize", .has_arg = required_argument, .val = '3'},
+ {.name = "from", .has_arg = required_argument, .val = '4'},
+ {.name = "to", .has_arg = required_argument, .val = '5'},
+ {.name = "network", .has_arg = required_argument, .val = '6'},
+ {NULL},
};
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_ipporthash *mydata =
(struct ip_set_req_ipporthash *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_ipporthash_create *header =
(struct ip_set_req_ipporthash_create *) data;
map->last_ip = header->to;
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_ipporthash *mysetdata =
(struct ip_set_ipporthash *) set->settype->header;
printf(" resize: %u\n", mysetdata->resize);
}
-void printips(struct set *set, void *data, size_t len, unsigned options)
+static void
+printips(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_ipporthash *mysetdata =
(struct ip_set_ipporthash *) set->settype->header;
}
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_ipporthash *mysetdata =
(struct ip_set_ipporthash *) set->settype->header;
}
/* Print save for an IP */
-void saveips(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveips(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_ipporthash *mysetdata =
(struct ip_set_ipporthash *) set->settype->header;
static char buffer[22];
-static char * unpack_ipport_tostring(struct set *set, ip_set_ip_t bip, unsigned options)
+static char *
+unpack_ipport_tostring(struct set *set, ip_set_ip_t bip, unsigned options)
{
struct ip_set_ipporthash *mysetdata =
(struct ip_set_ipporthash *) set->settype->header;
return buffer;
}
-void usage(void)
+static void usage(void)
{
printf
("-N set ipporthash --from IP --to IP\n"
#define OPT_CREATE_TIMEOUT 0x01U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
struct ip_set_req_iptree_create *mydata =
(struct ip_set_req_iptree_create *) data;
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_iptree_create *mydata =
(struct ip_set_req_iptree_create *) data;
}
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"timeout", 1, 0, '1'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "timeout", .has_arg = required_argument, .val = '1'},
+ {NULL},
};
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_iptree *mydata =
(struct ip_set_req_iptree *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_iptree_create *header =
(struct ip_set_req_iptree_create *) data;
map->timeout = header->timeout;
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_iptree *mysetdata =
(struct ip_set_iptree *) set->settype->header;
printf("\n");
}
-void printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+static void
+printips_sorted(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_iptree *mysetdata =
(struct ip_set_iptree *) set->settype->header;
}
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_iptree *mysetdata =
(struct ip_set_iptree *) set->settype->header;
set->name, set->settype->typename);
}
-void saveips(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveips(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_iptree *mysetdata =
(struct ip_set_iptree *) set->settype->header;
}
}
-void usage(void)
+static void usage(void)
{
printf
("-N set iptree [--timeout value]\n"
#define OPT_CREATE_GC 0x1
-void
+static void
create_init(void *data)
{
struct ip_set_req_iptreemap_create *mydata = data;
mydata->gc_interval = 0;
}
-int
+static int
create_parse(int c, char *argv[], void *data, unsigned int *flags)
{
struct ip_set_req_iptreemap_create *mydata = data;
return 1;
}
-void
+static void
create_final(void *data, unsigned int flags)
{
}
-static struct option create_opts[] = {
- {"gc", 1, 0, 'g'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "gc", .has_arg = required_argument, .val = 'g'},
+ {NULL},
};
-ip_set_ip_t
+static ip_set_ip_t
adt_parser(unsigned int cmd, const char *optarg, void *data)
{
struct ip_set_req_iptreemap *mydata = data;
return 1;
}
-void
+static void
initheader(struct set *set, const void *data)
{
const struct ip_set_req_iptreemap_create *header = data;
map->gc_interval = header->gc_interval;
}
-void
+static void
printheader(struct set *set, unsigned int options)
{
struct ip_set_iptreemap *mysetdata = set->settype->header;
printf("\n");
}
-void
+static void
printips_sorted(struct set *set, void *data, size_t len, unsigned int options)
{
struct ip_set_req_iptreemap *req;
}
}
-void
+static void
saveheader(struct set *set, unsigned int options)
{
struct ip_set_iptreemap *mysetdata = set->settype->header;
printf("\n");
}
-void
+static void
saveips(struct set *set, void *data, size_t len, unsigned int options)
{
struct ip_set_req_iptreemap *req;
}
}
-void
+static void
usage(void)
{
printf(
#define OPT_ADDDEL_MAC 0x02U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
DP("create INIT");
/* Nothing */
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_macipmap_create *mydata =
(struct ip_set_req_macipmap_create *) data;
}
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
struct ip_set_req_macipmap_create *mydata =
(struct ip_set_req_macipmap_create *) data;
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"from", 1, 0, '1'},
- {"to", 1, 0, '2'},
- {"network", 1, 0, '3'},
- {"matchunset", 0, 0, '4'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "from", .has_arg = required_argument, .val = '1'},
+ {.name = "to", .has_arg = required_argument, .val = '2'},
+ {.name = "network", .has_arg = required_argument, .val = '3'},
+ {.name = "matchunset", .has_arg = no_argument, .val = '4'},
+ {NULL},
};
-static void parse_mac(const char *mac, unsigned char *ethernet)
+static void
+parse_mac(const char *mac, unsigned char *ethernet)
{
unsigned int i = 0;
}
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_macipmap *mydata =
(struct ip_set_req_macipmap *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_macipmap_create *header =
(struct ip_set_req_macipmap_create *) data;
map->flags = header->flags;
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_macipmap *mysetdata =
(struct ip_set_macipmap *) set->settype->header;
printf("\n");
}
-static void print_mac(unsigned char macaddress[ETH_ALEN])
+static void
+print_mac(unsigned char macaddress[ETH_ALEN])
{
unsigned int i;
printf(":%02X", macaddress[i]);
}
-void printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+static void
+printips_sorted(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_macipmap *mysetdata =
(struct ip_set_macipmap *) set->settype->header;
}
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_macipmap *mysetdata =
(struct ip_set_macipmap *) set->settype->header;
printf("\n");
}
-void saveips(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveips(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_macipmap *mysetdata =
(struct ip_set_macipmap *) set->settype->header;
}
}
-void usage(void)
+static void usage(void)
{
printf
("-N set macipmap --from IP --to IP [--matchunset]\n"
#define OPT_CREATE_RESIZE 0x04U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
struct ip_set_req_nethash_create *mydata =
(struct ip_set_req_nethash_create *) data;
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_nethash_create *mydata =
(struct ip_set_req_nethash_create *) data;
}
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
#ifdef IPSET_DEBUG
struct ip_set_req_nethash_create *mydata =
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"hashsize", 1, 0, '1'},
- {"probes", 1, 0, '2'},
- {"resize", 1, 0, '3'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "hashsize", .has_arg = required_argument, .val = '1'},
+ {.name = "probes", .has_arg = required_argument, .val = '2'},
+ {.name = "resize", .has_arg = required_argument, .val = '3'},
+ {NULL},
};
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_nethash *mydata =
(struct ip_set_req_nethash *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_nethash_create *header =
(struct ip_set_req_nethash_create *) data;
map->resize = header->resize;
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_nethash *mysetdata =
(struct ip_set_nethash *) set->settype->header;
static char buf[20];
-static char * unpack_ip_tostring(ip_set_ip_t ip, unsigned options)
+static char *
+unpack_ip_tostring(ip_set_ip_t ip, unsigned options)
{
int i, j = 3;
unsigned char a, b;
return buf;
}
-void printips(struct set *set, void *data, size_t len, unsigned options)
+static void
+printips(struct set *set, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_nethash *mysetdata =
(struct ip_set_nethash *) set->settype->header;
}
/* Print save for an IP */
-void saveips(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveips(struct set *set, void *data, size_t len, unsigned options)
{
size_t offset = 0;
ip_set_ip_t *ip;
}
}
-static char * net_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+static char *
+net_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
{
return unpack_ip_tostring(ip, options);
}
-static void parse_net(const char *str, ip_set_ip_t *ip)
+static void
+parse_net(const char *str, ip_set_ip_t *ip)
{
char *saved = strdup(str);
char *ptr, *tmp = saved;
*ip = pack(*ip, cidr);
}
-void usage(void)
+static void usage(void)
{
printf
("-N set nethash [--hashsize hashsize] [--probes probes ]\n"
#define OPT_ADDDEL_PORT 0x01U
/* Initialize the create. */
-void create_init(void *data)
+static void
+create_init(void *data)
{
DP("create INIT");
/* Nothing */
}
/* Function which parses command options; returns true if it ate an option */
-int create_parse(int c, char *argv[], void *data, unsigned *flags)
+static int
+create_parse(int c, char *argv[], void *data, unsigned *flags)
{
struct ip_set_req_portmap_create *mydata =
(struct ip_set_req_portmap_create *) data;
}
/* Final check; exit if not ok. */
-void create_final(void *data, unsigned int flags)
+static void
+create_final(void *data, unsigned int flags)
{
struct ip_set_req_portmap_create *mydata =
(struct ip_set_req_portmap_create *) data;
}
/* Create commandline options */
-static struct option create_opts[] = {
- {"from", 1, 0, '1'},
- {"to", 1, 0, '2'},
- {0}
+static const struct option create_opts[] = {
+ {.name = "from", .has_arg = required_argument, .val = '1'},
+ {.name = "to", .has_arg = required_argument, .val = '2'},
+ {NULL},
};
/* Add, del, test parser */
-ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+static ip_set_ip_t
+adt_parser(unsigned cmd, const char *optarg, void *data)
{
struct ip_set_req_portmap *mydata =
(struct ip_set_req_portmap *) data;
* Print and save
*/
-void initheader(struct set *set, const void *data)
+static void
+initheader(struct set *set, const void *data)
{
struct ip_set_req_portmap_create *header =
(struct ip_set_req_portmap_create *) data;
map->last_port = header->to;
}
-void printheader(struct set *set, unsigned options)
+static void
+printheader(struct set *set, unsigned options)
{
struct ip_set_portmap *mysetdata =
(struct ip_set_portmap *) set->settype->header;
printf(" to: %s\n", port_tostring(mysetdata->last_port, options));
}
-void printports_sorted(struct set *set, void *data, size_t len, unsigned options)
+static void
+printports_sorted(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_portmap *mysetdata =
(struct ip_set_portmap *) set->settype->header;
}
}
-char * binding_port_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+static char *
+binding_port_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
{
return port_tostring(ip, options);
}
-void saveheader(struct set *set, unsigned options)
+static void
+saveheader(struct set *set, unsigned options)
{
struct ip_set_portmap *mysetdata =
(struct ip_set_portmap *) set->settype->header;
port_tostring(mysetdata->last_port, options));
}
-void saveports(struct set *set, void *data, size_t len, unsigned options)
+static void
+saveports(struct set *set, void *data, size_t len, unsigned options)
{
struct ip_set_portmap *mysetdata =
(struct ip_set_portmap *) set->settype->header;
}
}
-void usage(void)
+static void usage(void)
{
printf
("-N set portmap --from PORT --to PORT\n"
--- /dev/null
+ dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
+ if [ "$CONFIG_IP_NF_SET" != "n" ]; then
+ int ' Maximum number of sets' CONFIG_IP_NF_SET_MAX 256
+ int ' Hash size for bindings of IP sets' CONFIG_IP_NF_SET_HASHSIZE 1024
+ dep_tristate ' set match support' CONFIG_IP_NF_MATCH_SET $CONFIG_IP_NF_SET
+ dep_tristate ' SET target support' CONFIG_IP_NF_TARGET_SET $CONFIG_IP_NF_SET
+ dep_tristate ' ipmap set type support' CONFIG_IP_NF_SET_IPMAP $CONFIG_IP_NF_SET
+ dep_tristate ' macipmap set type support' CONFIG_IP_NF_SET_MACIPMAP $CONFIG_IP_NF_SET
+ dep_tristate ' portmap set type support' CONFIG_IP_NF_SET_PORTMAP $CONFIG_IP_NF_SET
+ dep_tristate ' iphash set type support' CONFIG_IP_NF_SET_IPHASH $CONFIG_IP_NF_SET
+ dep_tristate ' nethash set type support' CONFIG_IP_NF_SET_NETHASH $CONFIG_IP_NF_SET
+ dep_tristate ' ipporthash set type support' CONFIG_IP_NF_SET_IPPORTHASH $CONFIG_IP_NF_SET
+ dep_tristate ' iptree set type support' CONFIG_IP_NF_SET_IPTREE $CONFIG_IP_NF_SET
+ dep_tristate ' iptreemap set type support' CONFIG_IP_NF_SET_IPTREEMAP $CONFIG_IP_NF_SET
+ fi
--- /dev/null
+ifdef CONFIG_IP_NF_SET
+ export-objs += ip_set.o
+endif
}
#ifdef __KERNEL__
+#include <linux/netfilter_ipv4/ip_set_compat.h>
#define ip_set_printk(format, args...) \
do { \
--- /dev/null
+#ifndef _IP_SET_COMPAT_H
+#define _IP_SET_COMPAT_H
+
+#ifdef __KERNEL__
+#include <linux/version.h>
+
+/* Arrgh */
+#ifdef MODULE
+#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo)
+#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo)
+#else
+#define __MOD_INC(foo)
+#define __MOD_DEC(foo)
+#endif
+
+/* Backward compatibility */
+#ifndef __nocast
+#define __nocast
+#endif
+#ifndef __bitwise__
+#define __bitwise__
+#endif
+
+/* Compatibility glue code */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#include <linux/interrupt.h>
+#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED
+#define try_module_get(x) (__MOD_INC(x), 1)
+#define module_put(x) __MOD_DEC(x)
+#define __clear_bit(nr, addr) clear_bit(nr, addr)
+#define __set_bit(nr, addr) set_bit(nr, addr)
+#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr)
+#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr)
+
+typedef unsigned __bitwise__ gfp_t;
+
+static inline void *kzalloc(size_t size, gfp_t flags)
+{
+ void *data = kmalloc(size, flags);
+
+ if (data)
+ memset(data, 0, size);
+
+ return data;
+}
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
+#define __KMEM_CACHE_T__ kmem_cache_t
+#else
+#define __KMEM_CACHE_T__ struct kmem_cache
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
+#define ip_hdr(skb) ((skb)->nh.iph)
+#define skb_mac_header(skb) ((skb)->mac.raw)
+#define eth_hdr(skb) ((struct ethhdr *)skb_mac_header(skb))
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+#define KMEM_CACHE_CREATE(name, size) \
+ kmem_cache_create(name, size, 0, 0, NULL, NULL)
+#else
+#define KMEM_CACHE_CREATE(name, size) \
+ kmem_cache_create(name, size, 0, 0, NULL)
+#endif
+
+
+#endif /* __KERNEL__ */
+#endif /* _IP_SET_COMPAT_H */
ip_set_ip_t ip;
};
-unsigned int
+static unsigned int
mask_to_bits(ip_set_ip_t mask)
{
unsigned int bits = 32;
return bits;
}
-ip_set_ip_t
+static ip_set_ip_t
range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits)
{
ip_set_ip_t mask = 0xFFFFFFFE;
static size_t max_malloc_size = 0, max_page_size = 0;
-static inline bool init_max_page_size(void)
+static inline int init_max_page_size(void)
{
+/* Compatibility glues to support 2.4.36 */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#define __GFP_NOWARN 0
+
+ /* Guaranteed: slab.c */
+ max_malloc_size = max_page_size = 131072;
+#else
size_t page_size = 0;
-
+
#define CACHE(x) if (max_page_size == 0 || x < max_page_size) \
page_size = x;
#include <linux/kmalloc_sizes.h>
return 1;
}
+#endif
return 0;
}
if (set_hash != NULL)
__set_hash_del(set_hash);
- write_unlock_bh(&ip_set_lock);
+ write_unlock_bh(&ip_set_lock);
return 0;
}
/* Kernel module implementing an ip hash set */
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/version.h>
{
return __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
{
return __addip((struct ip_set_iphash *) set->data,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
{
int res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
return (res < 0 ? 0 : res);
}
{
return __addip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
/* Kernel module implementing an ip+port hash set */
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
struct iphdr *iph = ip_hdr(skb);
-#else
- struct iphdr *iph = skb->nh.iph;
-#endif
u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
switch (iph->protocol) {
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
DP("flag %s port %u",
flags[index+1] & IPSET_SRC ? "SRC" : "DST",
port);
res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
port,
hash_ip);
return (res < 0 ? 0 : res);
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
DP("flag %s port %u",
flags[index+1] & IPSET_SRC ? "SRC" : "DST",
port);
return __addip(set->data,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
port,
hash_ip);
}
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
DP("flag %s port %u",
flags[index+1] & IPSET_SRC ? "SRC" : "DST",
port);
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
port,
hash_ip);
}
#include <linux/version.h>
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <asm/bitops.h>
#include <linux/spinlock.h>
-/* Backward compatibility */
-#ifndef __nocast
-#define __nocast
-#endif
-
#include <linux/netfilter_ipv4/ip_set_iptree.h>
static int limit = MAX_RANGE;
* to delete the gc timer at destroying/flushing a set */
#define IPTREE_DESTROY_SLEEP 100
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-static struct kmem_cache *branch_cachep;
-static struct kmem_cache *leaf_cachep;
-#else
-static kmem_cache_t *branch_cachep;
-static kmem_cache_t *leaf_cachep;
-#endif
+static __KMEM_CACHE_T__ *branch_cachep;
+static __KMEM_CACHE_T__ *leaf_cachep;
+
#if defined(__LITTLE_ENDIAN)
#define ABCD(a,b,c,d,addrp) do { \
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
return (res < 0 ? 0 : res);
}
return __addip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
map->timeout,
hash_ip);
}
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
{
int ret;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- branch_cachep = kmem_cache_create("ip_set_iptreeb",
- sizeof(struct ip_set_iptreeb),
- 0, 0, NULL);
-#else
- branch_cachep = kmem_cache_create("ip_set_iptreeb",
- sizeof(struct ip_set_iptreeb),
- 0, 0, NULL, NULL);
-#endif
+ branch_cachep = KMEM_CACHE_CREATE("ip_set_iptreeb",
+ sizeof(struct ip_set_iptreeb));
if (!branch_cachep) {
printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n");
ret = -ENOMEM;
goto out;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- leaf_cachep = kmem_cache_create("ip_set_iptreed",
- sizeof(struct ip_set_iptreed),
- 0, 0, NULL);
-#else
- leaf_cachep = kmem_cache_create("ip_set_iptreed",
- sizeof(struct ip_set_iptreed),
- 0, 0, NULL, NULL);
-#endif
+ leaf_cachep = KMEM_CACHE_CREATE("ip_set_iptreed",
+ sizeof(struct ip_set_iptreed));
if (!leaf_cachep) {
printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n");
ret = -ENOMEM;
#define IPTREEMAP_DEFAULT_GC_TIME (5 * 60)
#define IPTREEMAP_DESTROY_SLEEP (100)
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-static struct kmem_cache *cachep_b;
-static struct kmem_cache *cachep_c;
-static struct kmem_cache *cachep_d;
-#else
-static kmem_cache_t *cachep_b;
-static kmem_cache_t *cachep_c;
-static kmem_cache_t *cachep_d;
-#endif
+static __KMEM_CACHE_T__ *cachep_b;
+static __KMEM_CACHE_T__ *cachep_c;
+static __KMEM_CACHE_T__ *cachep_d;
static struct ip_set_iptreemap_d *fullbitmap_d;
static struct ip_set_iptreemap_c *fullbitmap_c;
res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
return (res < 0 ? 0 : res);
return __addip_single(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
{
return __delip_single(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip,
GFP_ATOMIC);
}
int ret = -ENOMEM;
int a;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- cachep_b = kmem_cache_create("ip_set_iptreemap_b",
- sizeof(struct ip_set_iptreemap_b),
- 0, 0, NULL);
-#else
- cachep_b = kmem_cache_create("ip_set_iptreemap_b",
- sizeof(struct ip_set_iptreemap_b),
- 0, 0, NULL, NULL);
-#endif
+ cachep_b = KMEM_CACHE_CREATE("ip_set_iptreemap_b",
+ sizeof(struct ip_set_iptreemap_b));
if (!cachep_b) {
ip_set_printk("Unable to create ip_set_iptreemap_b slab cache");
goto out;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- cachep_c = kmem_cache_create("ip_set_iptreemap_c",
- sizeof(struct ip_set_iptreemap_c),
- 0, 0, NULL);
-#else
- cachep_c = kmem_cache_create("ip_set_iptreemap_c",
- sizeof(struct ip_set_iptreemap_c),
- 0, 0, NULL, NULL);
-#endif
+ cachep_c = KMEM_CACHE_CREATE("ip_set_iptreemap_c",
+ sizeof(struct ip_set_iptreemap_c));
if (!cachep_c) {
ip_set_printk("Unable to create ip_set_iptreemap_c slab cache");
goto outb;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- cachep_d = kmem_cache_create("ip_set_iptreemap_d",
- sizeof(struct ip_set_iptreemap_d),
- 0, 0, NULL);
-#else
- cachep_d = kmem_cache_create("ip_set_iptreemap_d",
- sizeof(struct ip_set_iptreemap_d),
- 0, 0, NULL, NULL);
-#endif
+ cachep_d = KMEM_CACHE_CREATE("ip_set_iptreemap_d",
+ sizeof(struct ip_set_iptreemap_d));
if (!cachep_d) {
ip_set_printk("Unable to create ip_set_iptreemap_d slab cache");
goto outc;
ip_set_ip_t ip;
ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
if (ip < map->first_ip || ip > map->last_ip)
return 0;
(void *) &table[ip - map->first_ip].flags)) {
/* Is mac pointer valid?
* If so, compare... */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
return (skb_mac_header(skb) >= skb->head
&& (skb_mac_header(skb) + ETH_HLEN) <= skb->data
-#else
- return (skb->mac.raw >= skb->head
- && (skb->mac.raw + ETH_HLEN) <= skb->data
-#endif
&& (memcmp(eth_hdr(skb)->h_source,
&table[ip - map->first_ip].ethernet,
ETH_ALEN) == 0));
ip_set_ip_t ip;
ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (!(skb_mac_header(skb) >= skb->head
&& (skb_mac_header(skb) + ETH_HLEN) <= skb->data))
-#else
- if (!(skb->mac.raw >= skb->head
- && (skb->mac.raw + ETH_HLEN) <= skb->data))
-#endif
return -EINVAL;
return __addip(set, ip, eth_hdr(skb)->h_source, hash_ip);
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
/* Kernel module implementing a cidr nethash set */
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/version.h>
{
return __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
struct ip_set_nethash *map = set->data;
int ret = -ERANGE;
ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
if (map->cidr[0])
ret = __addip(map, ip, map->cidr[0], hash_ip);
struct ip_set_nethash *map = set->data;
int ret = -ERANGE;
ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
if (map->cidr[0])
ret = __delip(map, ip, map->cidr[0], hash_ip);
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
struct iphdr *iph = ip_hdr(skb);
-#else
- struct iphdr *iph = skb->nh.iph;
-#endif
u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
switch (iph->protocol) {
case IPPROTO_TCP: {
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
#include <net/protocol.h>
#include <net/checksum.h>
#include <linux/netfilter_ipv4.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
+#define xt_register_target ipt_register_target
+#define xt_unregister_target ipt_unregister_target
+#define xt_target ipt_target
+#define XT_CONTINUE IPT_CONTINUE
+#else
+#include <linux/netfilter/x_tables.h>
+#endif
#include <linux/netfilter_ipv4/ipt_set.h>
static unsigned int
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
-target(struct sk_buff *skb,
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+target(struct sk_buff **pskb,
+ unsigned int hooknum,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *targinfo,
+ void *userinfo)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const void *targinfo,
+ void *userinfo)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
target(struct sk_buff **pskb,
-#endif
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
const struct xt_target *target,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
const void *targinfo,
void *userinfo)
-#else
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
+target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
+ const void *targinfo)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
+target(struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
const void *targinfo)
#endif
{
skb,
info->del_set.flags);
- return IPT_CONTINUE;
+ return XT_CONTINUE;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
static int
-#endif
checkentry(const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- const void *e,
-#else
const struct ipt_entry *e,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+checkentry(const char *tablename,
+ const void *e,
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static int
+checkentry(const char *tablename,
+ const void *e,
const struct xt_target *target,
-#endif
void *targinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
unsigned int targinfosize,
-#endif
unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+static int
+checkentry(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+checkentry(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
+#endif
{
struct ipt_set_info_target *info = targinfo;
ip_set_id_t index;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (targinfosize != IPT_ALIGN(sizeof(*info))) {
DP("bad target info size %u", targinfosize);
return 0;
return 1;
}
-static void destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_target *target,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
- void *targetinfo, unsigned int targetsize)
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static void destroy(void *targetinfo,
+ unsigned int targetsize)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static void destroy(const struct xt_target *target,
+ void *targetinfo,
+ unsigned int targetsize)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
+static void destroy(const struct xt_target *target,
void *targetinfo)
#endif
{
struct ipt_set_info_target *info = targetinfo;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
ip_set_printk("invalid targetsize %d", targetsize);
return;
ip_set_put(info->del_set.index);
}
-static struct ipt_target SET_target = {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static struct xt_target SET_target = {
+ .name = "SET",
+ .target = target,
+ .checkentry = checkentry,
+ .destroy = destroy,
+ .me = THIS_MODULE
+};
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
+static struct xt_target SET_target = {
.name = "SET",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = AF_INET,
-#endif
.target = target,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.targetsize = sizeof(struct ipt_set_info_target),
-#endif
.checkentry = checkentry,
.destroy = destroy,
.me = THIS_MODULE
};
+#endif
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("iptables IP set target module");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-#define ipt_register_target xt_register_target
-#define ipt_unregister_target xt_unregister_target
-#endif
-
static int __init ipt_SET_init(void)
{
- return ipt_register_target(&SET_target);
+ return xt_register_target(&SET_target);
}
static void __exit ipt_SET_fini(void)
{
- ipt_unregister_target(&SET_target);
+ xt_unregister_target(&SET_target);
}
module_init(ipt_SET_init);
#include <linux/skbuff.h>
#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
+#define xt_register_match ipt_register_match
+#define xt_unregister_match ipt_unregister_match
+#define xt_match ipt_match
+#else
+#include <linux/netfilter/x_tables.h>
+#endif
#include <linux/netfilter_ipv4/ip_set.h>
#include <linux/netfilter_ipv4/ipt_set.h>
return inv;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ const void *hdr,
+ u_int16_t datalen,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
static int
-#endif
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
const struct xt_match *match,
-#endif
const void *matchinfo,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- int offset, unsigned int protoff, bool *hotdrop)
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- int offset, unsigned int protoff, int *hotdrop)
-#else
- int offset, int *hotdrop)
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
#endif
{
const struct ipt_set_info_match *info = matchinfo;
info->match_set.flags[0] & IPSET_MATCH_INV);
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
static int
-#endif
checkentry(const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- const void *inf,
-#else
const struct ipt_ip *ip,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+checkentry(const char *tablename,
+ const void *inf,
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static int
+checkentry(const char *tablename,
+ const void *inf,
const struct xt_match *match,
-#endif
void *matchinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
unsigned int matchsize,
-#endif
unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+static int
+checkentry(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+checkentry(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
+#endif
{
struct ipt_set_info_match *info = matchinfo;
ip_set_id_t index;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
return 0;
return 1;
}
-static void destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_match *match,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
- void *matchinfo, unsigned int matchsize)
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static void destroy(void *matchinfo,
+ unsigned int matchsize)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static void destroy(const struct xt_match *match,
+ void *matchinfo,
+ unsigned int matchsize)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
+static void destroy(const struct xt_match *match,
void *matchinfo)
#endif
{
struct ipt_set_info_match *info = matchinfo;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
return;
ip_set_put(info->match_set.index);
}
-static struct ipt_match set_match = {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static struct xt_match set_match = {
+ .name = "set",
+ .match = &match,
+ .checkentry = &checkentry,
+ .destroy = &destroy,
+ .me = THIS_MODULE
+};
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
+static struct xt_match set_match = {
.name = "set",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = AF_INET,
-#endif
.match = &match,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.matchsize = sizeof(struct ipt_set_info_match),
-#endif
.checkentry = &checkentry,
.destroy = &destroy,
.me = THIS_MODULE
};
+#endif
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("iptables IP set match module");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-#define ipt_register_match xt_register_match
-#define ipt_unregister_match xt_unregister_match
-#endif
-
static int __init ipt_ipset_init(void)
{
- return ipt_register_match(&set_match);
+ return xt_register_match(&set_match);
}
static void __exit ipt_ipset_fini(void)
{
- ipt_unregister_match(&set_match);
+ xt_unregister_match(&set_match);
}
module_init(ipt_ipset_init);
echo "endmenu" >> $file
}
+config() {
+ file=$1/net/ipv4/netfilter/Config.in
+ if [ "`grep 'CONFIG_IP_NF_SET' $file`" ]; then
+ return
+ fi
+ mv $file $file.orig
+ grep -v endmenu $file.orig > $file
+ cat Config.in.ipset >> $file
+ echo "endmenu" >> $file
+}
+
makefile() {
file=$1/net/ipv4/netfilter/Makefile
if [ "`grep CONFIG_IP_NF_SET $file`" ]; then
cat Makefile.ipset >> $file
}
+oldmakefile() {
+ file=$1/net/ipv4/netfilter/Makefile
+ if [ "`grep CONFIG_IP_NF_SET $file`" ]; then
+ return
+ fi
+ lineno=`grep -n Rules.make $file | cut -f1 -d:`
+ lineno=$((lineno-1))
+ head -n $lineno $file > $file.head
+ lineno=$((lineno+1))
+ tail +$lineno $file > $file.tail
+ cp $file $file.orig
+ cat $file.head Makefile.ipset Makefile.export.ipset $file.tail > $file
+}
+
tree() {
cp include/linux/netfilter_ipv4/* $1/include/linux/netfilter_ipv4/
cp *.c $1/net/ipv4/netfilter/
echo "Error: missing kernel directory parameter."
exit 1
fi
-if [ ! -f $1/net/ipv4/netfilter/Kconfig ]; then
- echo "Error: the directory $1 doesn't look like a Linux 2.6.x kernel source tree."
+if [ -f $1/net/ipv4/netfilter/Kconfig ]; then
+ tree $1
+ kconfig $1
+ makefile $1
+elif [ -f $1/net/ipv4/netfilter/Config.in ]; then
+ tree $1
+ config $1
+ oldmakefile $1
+else
+ echo "Error: The directory $1 doesn't look like a Linux 2.4/2.6 kernel source tree."
exit 1
fi
-
-tree $1
-kconfig $1
-makefile $1
0 ipset -T test 255.255.255.255
# Full: Test value not added to the set
1 ipset -T test 0.1.0.0
-# Full: Delete test test
+# Full: Delete test set
0 ipset -X test
# eof
1 ipset -A test 1.255.255.255:5
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0:128
-# Network: Delete test test
+# Network: Delete test set
0 ipset -X test
# eof
1 ipset -T test 2.0.0.2
# Timeout: Test value not added to the set
1 ipset -T test 192.168.68.70
-# Timeout: Delete test test
+# Timeout: Delete test set
0 ipset -X test
# eof
0 ipset -D test 192.168.68.70/30
# Test element from the middle
1 ipset -T test 192.168.68.71
-# Delete test test
+# Delete test set
0 ipset -X test
# eof
1 ipset -A test 1.255.255.255
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0
-# Network: Delete test test
+# Network: Delete test set
0 ipset -X test
# eof
0 ipset -T test 65535
# Full: Test value not added to the set
1 ipset -T test 1
-# Full: Delete test test
+# Full: Delete test set
0 ipset -X test
# eof
projects / ipset / commitdiff