Jozsef Kadlecsik | d40f162 | 2010-06-16 12:45:33 +0200 | [diff] [blame] | 1 | #ifndef _LIBXT_SET_H |
| 2 | #define _LIBXT_SET_H |
| 3 | |
| 4 | #include <unistd.h> |
| 5 | #include <sys/types.h> |
| 6 | #include <sys/socket.h> |
| 7 | #include <errno.h> |
| 8 | |
| 9 | #ifdef DEBUG |
| 10 | #define DEBUGP(x, args...) fprintf(stderr, x , ## args) |
| 11 | #else |
| 12 | #define DEBUGP(x, args...) |
| 13 | #endif |
| 14 | |
| 15 | static int |
| 16 | get_version(unsigned *version) |
| 17 | { |
| 18 | int res, sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); |
| 19 | struct ip_set_req_version req_version; |
| 20 | socklen_t size = sizeof(req_version); |
| 21 | |
| 22 | if (sockfd < 0) |
| 23 | xtables_error(OTHER_PROBLEM, |
| 24 | "Can't open socket to ipset.\n"); |
| 25 | |
| 26 | req_version.op = IP_SET_OP_VERSION; |
| 27 | res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size); |
| 28 | if (res != 0) |
| 29 | xtables_error(OTHER_PROBLEM, |
| 30 | "Kernel module xt_set is not loaded in.\n"); |
| 31 | |
| 32 | *version = req_version.version; |
| 33 | |
| 34 | return sockfd; |
| 35 | } |
| 36 | |
| 37 | static void |
| 38 | get_set_byid(char *setname, ip_set_id_t idx) |
| 39 | { |
| 40 | struct ip_set_req_get_set req; |
| 41 | socklen_t size = sizeof(struct ip_set_req_get_set); |
| 42 | int res, sockfd; |
| 43 | |
| 44 | sockfd = get_version(&req.version); |
| 45 | req.op = IP_SET_OP_GET_BYINDEX; |
| 46 | req.set.index = idx; |
| 47 | res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req, &size); |
| 48 | close(sockfd); |
| 49 | |
| 50 | if (res != 0) |
| 51 | xtables_error(OTHER_PROBLEM, |
| 52 | "Problem when communicating with ipset, errno=%d.\n", |
| 53 | errno); |
| 54 | if (size != sizeof(struct ip_set_req_get_set)) |
| 55 | xtables_error(OTHER_PROBLEM, |
| 56 | "Incorrect return size from kernel during ipset lookup, " |
| 57 | "(want %zu, got %zu)\n", |
| 58 | sizeof(struct ip_set_req_get_set), (size_t)size); |
| 59 | if (req.set.name[0] == '\0') |
| 60 | xtables_error(PARAMETER_PROBLEM, |
| 61 | "Set with index %i in kernel doesn't exist.\n", idx); |
| 62 | |
| 63 | strncpy(setname, req.set.name, IPSET_MAXNAMELEN); |
| 64 | } |
| 65 | |
| 66 | static void |
| 67 | get_set_byname(const char *setname, struct xt_set_info *info) |
| 68 | { |
| 69 | struct ip_set_req_get_set req; |
| 70 | socklen_t size = sizeof(struct ip_set_req_get_set); |
| 71 | int res, sockfd; |
| 72 | |
| 73 | sockfd = get_version(&req.version); |
| 74 | req.op = IP_SET_OP_GET_BYNAME; |
| 75 | strncpy(req.set.name, setname, IPSET_MAXNAMELEN); |
| 76 | req.set.name[IPSET_MAXNAMELEN - 1] = '\0'; |
| 77 | res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req, &size); |
| 78 | close(sockfd); |
| 79 | |
| 80 | if (res != 0) |
| 81 | xtables_error(OTHER_PROBLEM, |
| 82 | "Problem when communicating with ipset, errno=%d.\n", |
| 83 | errno); |
| 84 | if (size != sizeof(struct ip_set_req_get_set)) |
| 85 | xtables_error(OTHER_PROBLEM, |
| 86 | "Incorrect return size from kernel during ipset lookup, " |
| 87 | "(want %zu, got %zu)\n", |
| 88 | sizeof(struct ip_set_req_get_set), (size_t)size); |
| 89 | if (req.set.index == IPSET_INVALID_ID) |
| 90 | xtables_error(PARAMETER_PROBLEM, |
| 91 | "Set %s doesn't exist.\n", setname); |
| 92 | |
| 93 | info->index = req.set.index; |
| 94 | } |
| 95 | |
| 96 | static void |
| 97 | parse_dirs_v0(const char *opt_arg, struct xt_set_info_v0 *info) |
| 98 | { |
| 99 | char *saved = strdup(opt_arg); |
| 100 | char *ptr, *tmp = saved; |
| 101 | int i = 0; |
| 102 | |
| 103 | while (i < (IPSET_DIM_MAX - 1) && tmp != NULL) { |
| 104 | ptr = strsep(&tmp, ","); |
| 105 | if (strncmp(ptr, "src", 3) == 0) |
| 106 | info->u.flags[i++] |= IPSET_SRC; |
| 107 | else if (strncmp(ptr, "dst", 3) == 0) |
| 108 | info->u.flags[i++] |= IPSET_DST; |
| 109 | else |
| 110 | xtables_error(PARAMETER_PROBLEM, |
| 111 | "You must spefify (the comma separated list of) 'src' or 'dst'."); |
| 112 | } |
| 113 | |
| 114 | if (tmp) |
| 115 | xtables_error(PARAMETER_PROBLEM, |
| 116 | "Can't be more src/dst options than %i.", |
Jozsef Kadlecsik | aeb8af9 | 2011-04-09 21:29:08 +0200 | [diff] [blame] | 117 | IPSET_DIM_MAX); |
Jozsef Kadlecsik | d40f162 | 2010-06-16 12:45:33 +0200 | [diff] [blame] | 118 | |
| 119 | free(saved); |
| 120 | } |
| 121 | |
| 122 | static void |
| 123 | parse_dirs(const char *opt_arg, struct xt_set_info *info) |
| 124 | { |
| 125 | char *saved = strdup(opt_arg); |
| 126 | char *ptr, *tmp = saved; |
Jozsef Kadlecsik | d40f162 | 2010-06-16 12:45:33 +0200 | [diff] [blame] | 127 | |
Jozsef Kadlecsik | aeb8af9 | 2011-04-09 21:29:08 +0200 | [diff] [blame] | 128 | while (info->dim < IPSET_DIM_MAX && tmp != NULL) { |
Jozsef Kadlecsik | d40f162 | 2010-06-16 12:45:33 +0200 | [diff] [blame] | 129 | info->dim++; |
| 130 | ptr = strsep(&tmp, ","); |
| 131 | if (strncmp(ptr, "src", 3) == 0) |
| 132 | info->flags |= (1 << info->dim); |
| 133 | else if (strncmp(ptr, "dst", 3) != 0) |
| 134 | xtables_error(PARAMETER_PROBLEM, |
| 135 | "You must spefify (the comma separated list of) 'src' or 'dst'."); |
| 136 | } |
| 137 | |
| 138 | if (tmp) |
| 139 | xtables_error(PARAMETER_PROBLEM, |
| 140 | "Can't be more src/dst options than %i.", |
Jozsef Kadlecsik | aeb8af9 | 2011-04-09 21:29:08 +0200 | [diff] [blame] | 141 | IPSET_DIM_MAX); |
Jozsef Kadlecsik | d40f162 | 2010-06-16 12:45:33 +0200 | [diff] [blame] | 142 | |
| 143 | free(saved); |
| 144 | } |
| 145 | |
| 146 | #endif /*_LIBXT_SET_H*/ |