 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
#include <assert.h>#include <arpa/inet.h>#include <net/ethernet.h>#include <net/if.h>#include <stdlib.h>#include <string.h>#include <libipset/linux_ip_set.h>#include <libipset/debug.h>#include <libipset/types.h>#include <libipset/utils.h>#include <libipset/data.h>
Data Structures | |
| struct | ipset_data |
Macros | |
| #define | flag_type_attr(data, opt, flag) |
| #define | cadt_flag_type_attr(data, opt, flag) |
Functions | |
| void | ipset_strlcpy (char *dst, const char *src, size_t len) |
| ipset_strlcpy - copy the string from src to dst : the target string buffer : the source string buffer : the length of bytes to copy, including the terminating null byte. More... | |
| void | ipset_strlcat (char *dst, const char *src, size_t len) |
| ipset_strlcat - concatenate the string from src to the end of dst : the target string buffer : the source string buffer : the length of bytes to concat, including the terminating null byte. More... | |
| bool | ipset_data_flags_test (const struct ipset_data *data, uint64_t flags) |
| ipset_data_flags_test - test option bits in the data blob : data blob : the option flags to test More... | |
| void | ipset_data_flags_set (struct ipset_data *data, uint64_t flags) |
| ipset_data_flags_set - set option bits in the data blob : data blob : the option flags to set More... | |
| void | ipset_data_flags_unset (struct ipset_data *data, uint64_t flags) |
| ipset_data_flags_unset - unset option bits in the data blob : data blob : the option flags to unset More... | |
| bool | ipset_data_ignored (struct ipset_data *data, enum ipset_opt opt) |
| ipset_data_ignored - test and set ignored bits in the data blob : data blob : the option flag to be ignored More... | |
| bool | ipset_data_test_ignored (struct ipset_data *data, enum ipset_opt opt) |
| ipset_data_test_ignored - test ignored bits in the data blob : data blob : the option flag to be tested More... | |
| int | ipset_data_set (struct ipset_data *data, enum ipset_opt opt, const void *value) |
| ipset_data_set - put data into the data blob : data blob : the option kind of the data : the value of the data More... | |
| const void * | ipset_data_get (const struct ipset_data *data, enum ipset_opt opt) |
| ipset_data_get - get data from the data blob : data blob : option kind of the requested data More... | |
| size_t | ipset_data_sizeof (enum ipset_opt opt, uint8_t family) |
| ipset_data_sizeof - calculates the size of the data type : option kind of the data : INET family More... | |
| const char * | ipset_data_setname (const struct ipset_data *data) |
| ipset_setname - return the name of the set from the data blob : data blob More... | |
| uint8_t | ipset_data_family (const struct ipset_data *data) |
| ipset_family - return the INET family of the set from the data blob : data blob More... | |
| uint8_t | ipset_data_cidr (const struct ipset_data *data) |
| ipset_data_cidr - return the value of IPSET_OPT_CIDR : data blob More... | |
| uint64_t | ipset_data_flags (const struct ipset_data *data) |
| ipset_flags - return which fields are set in the data blob : data blob More... | |
| void | ipset_data_reset (struct ipset_data *data) |
| ipset_data_reset - reset the data blob to unset : data blob More... | |
| struct ipset_data * | ipset_data_init (void) |
| ipset_data_init - create a new data blob More... | |
| void | ipset_data_fini (struct ipset_data *data) |
| ipset_data_fini - release a data blob created by ipset_data_init More... | |
Referenced by ipset_data_set().
Referenced by ipset_data_set().
| uint8_t ipset_data_cidr | ( | const struct ipset_data * | data | ) |
ipset_data_cidr - return the value of IPSET_OPT_CIDR : data blob
Return the value of IPSET_OPT_CIDR stored in the data blob. If it is not set, then the returned value corresponds to the default one according to the family type or zero.
References ipset_data::cidr, ipset_data::family, IPSET_OPT_CIDR, NFPROTO_IPV4, and NFPROTO_IPV6.
| uint8_t ipset_data_family | ( | const struct ipset_data * | data | ) |
ipset_family - return the INET family of the set from the data blob : data blob
Return the INET family supported by the set from the data blob. If the family is not set yet, NFPROTO_UNSPEC is returned.
References ipset_data::family, IPSET_OPT_FAMILY, and NFPROTO_UNSPEC.
Referenced by ipset_parse_ip4_net6(), ipset_parse_ip4_single6(), ipset_parse_netmask(), ipset_parse_proto_port(), ipset_print_family(), ipset_print_ip(), ipset_print_ipaddr(), and ipset_type_check().
| void ipset_data_fini | ( | struct ipset_data * | data | ) |
ipset_data_fini - release a data blob created by ipset_data_init
Release the data blob created by ipset_data_init previously.
Referenced by ipset_session_fini().
| uint64_t ipset_data_flags | ( | const struct ipset_data * | data | ) |
ipset_flags - return which fields are set in the data blob : data blob
Returns the value of the bit field which elements are set.
References ipset_data::bits.
| void ipset_data_flags_set | ( | struct ipset_data * | data, |
| uint64_t | flags | ||
| ) |
ipset_data_flags_set - set option bits in the data blob : data blob : the option flags to set
The function sets the flags in the data blob so that the corresponding fields are regarded as if filled with proper data.
References ipset_data::bits, and flags.
Referenced by ipset_data_set(), and ipset_parse_proto_port().
| bool ipset_data_flags_test | ( | const struct ipset_data * | data, |
| uint64_t | flags | ||
| ) |
ipset_data_flags_test - test option bits in the data blob : data blob : the option flags to test
Returns true if the options are already set in the data blob.
References ipset_data::bits, and flags.
Referenced by ipset_call_parser(), ipset_parse_after(), ipset_parse_before(), ipset_parse_family(), ipset_parse_iptimeout(), ipset_parse_name_compat(), ipset_print_name(), and ipset_print_proto_port().
| void ipset_data_flags_unset | ( | struct ipset_data * | data, |
| uint64_t | flags | ||
| ) |
ipset_data_flags_unset - unset option bits in the data blob : data blob : the option flags to unset
The function unsets the flags in the data blob. This is the quick way to clear specific fields.
References ipset_data::bits.
Referenced by ipset_parse_tcp_udp_port().
| const void* ipset_data_get | ( | const struct ipset_data * | data, |
| enum ipset_opt | opt | ||
| ) |
ipset_data_get - get data from the data blob : data blob : option kind of the requested data
Returns the pointer to the requested kind of data from the data blob if it is set. If the option kind is not set or is an unknown type, NULL is returned.
References ipset_data::adt, ipset_data::cadt_flags, ipset_data::cidr, ipset_data::create, ipset_data::family, ipset_data::flags, ipset_data::ip, ipset_data::ip_to, IPSET_OPT_ADT_COMMENT, IPSET_OPT_BEFORE, IPSET_OPT_BYTES, IPSET_OPT_CADT_FLAGS, IPSET_OPT_CIDR, IPSET_OPT_CIDR2, IPSET_OPT_COUNTERS, IPSET_OPT_CREATE_COMMENT, IPSET_OPT_ELEMENTS, IPSET_OPT_ETHER, IPSET_OPT_EXIST, IPSET_OPT_FAMILY, IPSET_OPT_FLAGS, IPSET_OPT_FORCEADD, IPSET_OPT_GC, IPSET_OPT_HASHSIZE, IPSET_OPT_IFACE, IPSET_OPT_IP, IPSET_OPT_IP2, IPSET_OPT_IP2_TO, IPSET_OPT_IP_TO, IPSET_OPT_MARK, IPSET_OPT_MARKMASK, IPSET_OPT_MAXELEM, IPSET_OPT_MEMSIZE, IPSET_OPT_NAME, IPSET_OPT_NAMEREF, IPSET_OPT_NETMASK, IPSET_OPT_NOMATCH, IPSET_OPT_NONE, IPSET_OPT_PACKETS, IPSET_OPT_PHYSDEV, IPSET_OPT_PORT, IPSET_OPT_PORT_TO, IPSET_OPT_PROBES, IPSET_OPT_PROTO, IPSET_OPT_REFERENCES, IPSET_OPT_RESIZE, IPSET_OPT_REVISION, IPSET_OPT_REVISION_MIN, IPSET_OPT_SETNAME2, IPSET_OPT_SIZE, IPSET_OPT_SKBINFO, IPSET_OPT_SKBMARK, IPSET_OPT_SKBPRIO, IPSET_OPT_SKBQUEUE, IPSET_OPT_TIMEOUT, IPSET_OPT_TYPE, IPSET_OPT_TYPENAME, IPSET_SETNAME, ipset_data::mark, ipset_type::name, NULL, ipset_data::port, ipset_data::port_to, ipset_data::setname, ipset_data::setname2, ipset_data::timeout, and ipset_data::type.
Referenced by ipset_cmd(), ipset_parse_proto_port(), ipset_parse_tcp_udp_port(), ipset_print_comment(), ipset_print_elem(), ipset_print_ether(), ipset_print_icmp(), ipset_print_icmpv6(), ipset_print_iface(), ipset_print_ip(), ipset_print_ipaddr(), ipset_print_mark(), ipset_print_name(), ipset_print_number(), ipset_print_port(), ipset_print_proto(), ipset_print_proto_port(), ipset_print_skbmark(), ipset_print_skbprio(), ipset_print_type(), ipset_type_check(), and ipset_type_get().
| bool ipset_data_ignored | ( | struct ipset_data * | data, |
| enum ipset_opt | opt | ||
| ) |
ipset_data_ignored - test and set ignored bits in the data blob : data blob : the option flag to be ignored
Returns true if the option was already ignored.
References ipset_data::ignored, and IPSET_FLAG.
Referenced by ipset_parse_ignored().
| struct ipset_data* ipset_data_init | ( | void | ) |
ipset_data_init - create a new data blob
Return the new data blob initialized to empty. In case of an error, NULL is retured.
Referenced by ipset_session_init().
| void ipset_data_reset | ( | struct ipset_data * | data | ) |
ipset_data_reset - reset the data blob to unset : data blob
Resets the data blob to the unset state for every field.
Referenced by ipset_cmd().
| int ipset_data_set | ( | struct ipset_data * | data, |
| enum ipset_opt | opt, | ||
| const void * | value | ||
| ) |
ipset_data_set - put data into the data blob : data blob : the option kind of the data : the value of the data
Put a given kind of data into the data blob and mark the option kind as already set in the blob.
Returns 0 on success or a negative error code.
References ipset_data::adt, cadt_flag_type_attr, ipset_data::cadt_flags, ipset_data::cidr, ipset_data::create, D, ETH_ALEN, ipset_data::family, flag_type_attr, ipset_data::flags, IFNAMSIZ, ipset_data::ignored, ipset_data::ip, ipset_data::ip_to, ipset_data_flags_set(), IPSET_FLAG, IPSET_FLAG_BEFORE, IPSET_FLAG_EXIST, IPSET_FLAG_NOMATCH, IPSET_FLAG_PHYSDEV, IPSET_FLAG_WITH_COMMENT, IPSET_FLAG_WITH_COUNTERS, IPSET_FLAG_WITH_FORCEADD, IPSET_FLAG_WITH_SKBINFO, IPSET_MAX_COMMENT_SIZE, IPSET_MAXNAMELEN, IPSET_OPT_ADT_COMMENT, IPSET_OPT_BEFORE, IPSET_OPT_BYTES, IPSET_OPT_CADT_FLAGS, IPSET_OPT_CIDR, IPSET_OPT_CIDR2, IPSET_OPT_COUNTERS, IPSET_OPT_CREATE_COMMENT, IPSET_OPT_ELEMENTS, IPSET_OPT_ETHER, IPSET_OPT_EXIST, IPSET_OPT_FAMILY, IPSET_OPT_FLAGS, IPSET_OPT_FORCEADD, IPSET_OPT_GC, IPSET_OPT_HASHSIZE, IPSET_OPT_IFACE, IPSET_OPT_IP, IPSET_OPT_IP2, IPSET_OPT_IP2_TO, IPSET_OPT_IP_TO, IPSET_OPT_MARK, IPSET_OPT_MARKMASK, IPSET_OPT_MAXELEM, IPSET_OPT_MEMSIZE, IPSET_OPT_NAME, IPSET_OPT_NAMEREF, IPSET_OPT_NETMASK, IPSET_OPT_NOMATCH, IPSET_OPT_NONE, IPSET_OPT_PACKETS, IPSET_OPT_PHYSDEV, IPSET_OPT_PORT, IPSET_OPT_PORT_TO, IPSET_OPT_PROBES, IPSET_OPT_PROTO, IPSET_OPT_REFERENCES, IPSET_OPT_RESIZE, IPSET_OPT_REVISION, IPSET_OPT_REVISION_MIN, IPSET_OPT_SETNAME2, IPSET_OPT_SIZE, IPSET_OPT_SKBINFO, IPSET_OPT_SKBMARK, IPSET_OPT_SKBPRIO, IPSET_OPT_SKBQUEUE, IPSET_OPT_TIMEOUT, IPSET_OPT_TYPE, IPSET_OPT_TYPENAME, IPSET_SETNAME, ipset_strlcpy(), ipset_data::mark, NFPROTO_IPV4, NFPROTO_IPV6, ipset_data::port, ipset_data::port_to, ipset_data::setname, ipset_data::setname2, ipset_data::timeout, ipset_data::type, and value.
Referenced by ipset_parse_after(), ipset_parse_before(), ipset_parse_comment(), ipset_parse_family(), ipset_parse_iface(), ipset_parse_ip4_net6(), ipset_parse_ip4_single6(), ipset_parse_name_compat(), ipset_parse_netmask(), ipset_parse_proto_port(), ipset_parse_skbmark(), and ipset_parse_skbprio().
| const char* ipset_data_setname | ( | const struct ipset_data * | data | ) |
ipset_setname - return the name of the set from the data blob : data blob
Return the name of the set from the data blob or NULL if the name not set yet.
References IPSET_SETNAME, NULL, and ipset_data::setname.
Referenced by ipset_cmd(), and ipset_print_data().
| size_t ipset_data_sizeof | ( | enum ipset_opt | opt, |
| uint8_t | family | ||
| ) |
ipset_data_sizeof - calculates the size of the data type : option kind of the data : INET family
Returns the size required to store the given data type.
References ETH_ALEN, IPSET_MAX_COMMENT_SIZE, IPSET_MAXNAMELEN, IPSET_OPT_ADT_COMMENT, IPSET_OPT_BEFORE, IPSET_OPT_BYTES, IPSET_OPT_CIDR, IPSET_OPT_CIDR2, IPSET_OPT_COUNTERS, IPSET_OPT_ELEMENTS, IPSET_OPT_ETHER, IPSET_OPT_FORCEADD, IPSET_OPT_GC, IPSET_OPT_HASHSIZE, IPSET_OPT_IP, IPSET_OPT_IP2, IPSET_OPT_IP2_TO, IPSET_OPT_IP_TO, IPSET_OPT_MARK, IPSET_OPT_MARKMASK, IPSET_OPT_MAXELEM, IPSET_OPT_MEMSIZE, IPSET_OPT_NAME, IPSET_OPT_NAMEREF, IPSET_OPT_NETMASK, IPSET_OPT_NOMATCH, IPSET_OPT_NONE, IPSET_OPT_PACKETS, IPSET_OPT_PHYSDEV, IPSET_OPT_PORT, IPSET_OPT_PORT_TO, IPSET_OPT_PROBES, IPSET_OPT_PROTO, IPSET_OPT_REFERENCES, IPSET_OPT_RESIZE, IPSET_OPT_SIZE, IPSET_OPT_SKBMARK, IPSET_OPT_SKBPRIO, IPSET_OPT_SKBQUEUE, IPSET_OPT_TIMEOUT, IPSET_SETNAME, and NFPROTO_IPV4.
Referenced by ipset_print_number().
| bool ipset_data_test_ignored | ( | struct ipset_data * | data, |
| enum ipset_opt | opt | ||
| ) |
ipset_data_test_ignored - test ignored bits in the data blob : data blob : the option flag to be tested
Returns true if the option is ignored.
References ipset_data::ignored, and IPSET_FLAG.
Referenced by ipset_call_parser(), and ipset_parse_family().
| void ipset_strlcat | ( | char * | dst, |
| const char * | src, | ||
| size_t | len | ||
| ) |
ipset_strlcat - concatenate the string from src to the end of dst : the target string buffer : the source string buffer : the length of bytes to concat, including the terminating null byte.
Cooncatenate the string in src to destination, but at most len bytes are copied. The target is unconditionally terminated by the null byte.
| void ipset_strlcpy | ( | char * | dst, |
| const char * | src, | ||
| size_t | len | ||
| ) |
ipset_strlcpy - copy the string from src to dst : the target string buffer : the source string buffer : the length of bytes to copy, including the terminating null byte.
Copy the string from src to destination, but at most len bytes are copied. The target is unconditionally terminated by the null byte.
Referenced by ipset_cache_add(), ipset_cache_rename(), ipset_cache_swap(), and ipset_data_set().
1.8.8