* ipset: use NFPROTO_ (v2) @ 2011-08-31 12:43 Jan Engelhardt 2011-08-31 12:43 ` [PATCH 1/3] ipset: use NFPROTO_ constants Jan Engelhardt ` (3 more replies) 0 siblings, 4 replies; 8+ messages in thread From: Jan Engelhardt @ 2011-08-31 12:43 UTC (permalink / raw) To: kadlec; +Cc: netfilter-devel The following changes since commit cdb6bb6cf01909e84bae99af0d83946884f24611: ipset 6.8 released (2011-07-11 11:10:47 +0200) are available in the git repository at: git://dev.medozas.de/ipset master Jan Engelhardt (3): ipset: use NFPROTO_ constants build: abort autogen on subcommand failure build: move ipset_errcode into library autogen.sh | 2 +- include/libipset/nfproto.h | 19 +++++++ include/libipset/types.h | 15 +++-- kernel/include/linux/netfilter/ipset/ip_set.h | 5 ++- kernel/net/netfilter/ipset/ip_set_bitmap_ip.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_port.c | 4 +- kernel/net/netfilter/ipset/ip_set_core.c | 16 +++--- kernel/net/netfilter/ipset/ip_set_getport.c | 4 +- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 18 +++--- kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_net.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netport.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_list_set.c | 2 +- lib/Makefile.am | 1 + lib/data.c | 21 ++++---- lib/debug.c | 4 +- {src => lib}/errcode.c | 0 lib/parse.c | 52 ++++++++++---------- lib/print.c | 20 ++++---- lib/session.c | 34 ++++++------ lib/types.c | 29 ++++++----- src/Makefile.am | 1 - src/ipset.c | 10 ++-- src/ipset_bitmap_ip.c | 2 +- src/ipset_bitmap_ipmac.c | 2 +- src/ipset_bitmap_port.c | 2 +- src/ipset_hash_ip.c | 2 +- src/ipset_hash_ipport.c | 2 +- src/ipset_hash_ipportip.c | 2 +- src/ipset_hash_ipportnet.c | 4 +- src/ipset_hash_net.c | 4 +- src/ipset_hash_netiface.c | 2 +- src/ipset_hash_netport.c | 4 +- src/ipset_list_set.c | 2 +- 38 files changed, 194 insertions(+), 167 deletions(-) create mode 100644 include/libipset/nfproto.h rename {src => lib}/errcode.c (100%) ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/3] ipset: use NFPROTO_ constants 2011-08-31 12:43 ipset: use NFPROTO_ (v2) Jan Engelhardt @ 2011-08-31 12:43 ` Jan Engelhardt 2011-08-31 12:43 ` [PATCH 2/3] build: abort autogen on subcommand failure Jan Engelhardt ` (2 subsequent siblings) 3 siblings, 0 replies; 8+ messages in thread From: Jan Engelhardt @ 2011-08-31 12:43 UTC (permalink / raw) To: kadlec; +Cc: netfilter-devel ipset is actually using NFPROTO values rather than AF (xt_set passes that along). --- include/libipset/nfproto.h | 19 +++++++ include/libipset/types.h | 15 +++-- kernel/include/linux/netfilter/ipset/ip_set.h | 5 ++- kernel/net/netfilter/ipset/ip_set_bitmap_ip.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_port.c | 4 +- kernel/net/netfilter/ipset/ip_set_core.c | 16 +++--- kernel/net/netfilter/ipset/ip_set_getport.c | 4 +- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 18 +++--- kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_net.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netport.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_list_set.c | 2 +- lib/data.c | 21 ++++---- lib/debug.c | 4 +- lib/parse.c | 52 ++++++++++---------- lib/print.c | 20 ++++---- lib/session.c | 34 ++++++------ lib/types.c | 29 ++++++----- src/ipset.c | 10 ++-- src/ipset_bitmap_ip.c | 2 +- src/ipset_bitmap_ipmac.c | 2 +- src/ipset_bitmap_port.c | 2 +- src/ipset_hash_ip.c | 2 +- src/ipset_hash_ipport.c | 2 +- src/ipset_hash_ipportip.c | 2 +- src/ipset_hash_ipportnet.c | 4 +- src/ipset_hash_net.c | 4 +- src/ipset_hash_netiface.c | 2 +- src/ipset_hash_netport.c | 4 +- src/ipset_list_set.c | 2 +- 34 files changed, 192 insertions(+), 165 deletions(-) create mode 100644 include/libipset/nfproto.h diff --git a/include/libipset/nfproto.h b/include/libipset/nfproto.h new file mode 100644 index 0000000..800da11 --- /dev/null +++ b/include/libipset/nfproto.h @@ -0,0 +1,19 @@ +#ifndef LIBIPSET_NFPROTO_H +#define LIBIPSET_NFPROTO_H + +/* + * The constants to select, same as in linux/netfilter.h. + * Like nf_inet_addr.h, this is just here so that we need not to rely on + * the presence of a recent-enough netfilter.h. + */ +enum { + NFPROTO_UNSPEC = 0, + NFPROTO_IPV4 = 2, + NFPROTO_ARP = 3, + NFPROTO_BRIDGE = 7, + NFPROTO_IPV6 = 10, + NFPROTO_DECNET = 12, + NFPROTO_NUMPROTO, +}; + +#endif /* LIBIPSET_NFPROTO_H */ diff --git a/include/libipset/types.h b/include/libipset/types.h index d3a0b4c..bca5cf8 100644 --- a/include/libipset/types.h +++ b/include/libipset/types.h @@ -14,15 +14,18 @@ #include <libipset/parse.h> /* ipset_parsefn */ #include <libipset/print.h> /* ipset_printfn */ #include <libipset/linux_ip_set.h> /* IPSET_MAXNAMELEN */ - -#define AF_INET46 255 +#include <libipset/nfproto.h> /* for NFPROTO_ */ /* Family rules: - * - AF_UNSPEC: type is family-neutral - * - AF_INET: type supports IPv4 only - * - AF_INET6: type supports IPv6 only - * - AF_INET46: type supports both IPv4 and IPv6 + * - NFPROTO_UNSPEC: type is family-neutral + * - NFPROTO_IPV4: type supports IPv4 only + * - NFPROTO_IPV6: type supports IPv6 only + * Special (userspace) ipset-only extra value: + * - NFPROTO_IPSET_IPV46: type supports both IPv4 and IPv6 */ +enum { + NFPROTO_IPSET_IPV46 = 255, +}; /* Set dimensions */ enum { diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index 3540c6e..e7b06f5 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -288,7 +288,10 @@ struct ip_set_type { u8 features; /* Set type dimension */ u8 dimension; - /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */ + /* + * Supported family: may be NFPROTO_UNSPEC for both + * NFPROTO_IPV4/NFPROTO_IPV6. + */ u8 family; /* Type revisions */ u8 revision_min, revision_max; diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c index e3e7399..a72a4df 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c @@ -442,7 +442,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -550,7 +550,7 @@ static struct ip_set_type bitmap_ip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ip_create, diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 56096f5..81324c1 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c @@ -543,7 +543,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -623,7 +623,7 @@ static struct ip_set_type bitmap_ipmac_type = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_MAC, .dimension = IPSET_DIM_TWO, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ipmac_create, diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c index 29ba93b..382ec28 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c @@ -422,7 +422,7 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_UNSPEC; + set->family = NFPROTO_UNSPEC; return true; } @@ -483,7 +483,7 @@ static struct ip_set_type bitmap_port_type = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_PORT, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = bitmap_port_create, diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index cb4abbb..1a01628 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -70,7 +70,7 @@ find_set_type(const char *name, u8 family, u8 revision) list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family || type->family == AF_UNSPEC) && + (type->family == family || type->family == NFPROTO_UNSPEC) && revision >= type->revision_min && revision <= type->revision_max) return type; @@ -135,7 +135,7 @@ find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max) rcu_read_lock(); list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family || type->family == AF_UNSPEC)) { + (type->family == family || type->family == NFPROTO_UNSPEC)) { found = true; if (type->revision_min < *min) *min = type->revision_min; @@ -149,8 +149,8 @@ find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max) return try_to_load_type(name); } -#define family_name(f) ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") +#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") /* Register a set type structure. The type is identified by * the unique triple of name, family and revision. @@ -344,7 +344,7 @@ ip_set_test(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; read_lock_bh(&set->lock); @@ -377,7 +377,7 @@ ip_set_add(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -400,7 +400,7 @@ ip_set_del(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -565,7 +565,7 @@ start_msg(struct sk_buff *skb, u32 pid, u32 seq, unsigned int flags, return NULL; nfmsg = nlmsg_data(nlh); - nfmsg->nfgen_family = AF_INET; + nfmsg->nfgen_family = NFPROTO_IPV4; nfmsg->version = NFNETLINK_V0; nfmsg->res_id = 0; diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c index 757143b..58ca4e1 100644 --- a/kernel/net/netfilter/ipset/ip_set_getport.c +++ b/kernel/net/netfilter/ipset/ip_set_getport.c @@ -133,10 +133,10 @@ ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port) u8 proto; switch (pf) { - case AF_INET: + case NFPROTO_IPV4: ret = ip_set_get_ip4_port(skb, src, port, &proto); break; - case AF_INET6: + case NFPROTO_IPV6: ret = ip_set_get_ip6_port(skb, src, port, &proto); break; default: diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c index f2d576e..14a8628 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c @@ -366,11 +366,11 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u8 netmask, hbits; struct ip_set_hash *h; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; - netmask = set->family == AF_INET ? 32 : 128; + netmask = set->family == NFPROTO_IPV4 ? 32 : 128; pr_debug("Create set %s with family %s\n", - set->name, set->family == AF_INET ? "inet" : "inet6"); + set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || @@ -389,8 +389,8 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_NETMASK]) { netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); - if ((set->family == AF_INET && netmask > 32) || - (set->family == AF_INET6 && netmask > 128) || + if ((set->family == NFPROTO_IPV4 && netmask > 32) || + (set->family == NFPROTO_IPV6 && netmask > 128) || netmask == 0) return -IPSET_ERR_INVALID_NETMASK; } @@ -419,15 +419,15 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_tvariant : &hash_ip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ip4_gc_init(set); else hash_ip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_variant : &hash_ip6_variant; } @@ -443,7 +443,7 @@ static struct ip_set_type hash_ip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = hash_ip_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c index 6ee10f5..30a6273 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c @@ -450,7 +450,7 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -490,15 +490,15 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_tvariant : &hash_ipport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipport4_gc_init(set); else hash_ipport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_variant : &hash_ipport6_variant; } @@ -514,7 +514,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipport_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c index fb90e34..55de642 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c @@ -468,7 +468,7 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -508,15 +508,15 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportip4_gc_init(set); else hash_ipportip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_variant : &hash_ipportip6_variant; } @@ -532,7 +532,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipportip_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c index deb3e3d..6ee4f72 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c @@ -554,7 +554,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -573,7 +573,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -596,16 +596,16 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_tvariant : &hash_ipportnet6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportnet4_gc_init(set); else hash_ipportnet6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_variant : &hash_ipportnet6_variant; } @@ -621,7 +621,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added */ .revision_max = 2, /* Range as input support for IPv4 added */ diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c index 60d0165..48e35ba 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_net.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c @@ -406,7 +406,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) struct ip_set_hash *h; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -425,7 +425,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -448,15 +448,15 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_tvariant : &hash_net6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_net4_gc_init(set); else hash_net6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_variant : &hash_net6_variant; } @@ -472,7 +472,7 @@ static struct ip_set_type hash_net_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* Range as input support for IPv4 added */ .create = hash_net_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c index e13095d..a9fb4af 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c @@ -678,7 +678,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -697,7 +697,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -722,15 +722,15 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_tvariant : &hash_netiface6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netiface4_gc_init(set); else hash_netiface6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_variant : &hash_netiface6_variant; } @@ -746,7 +746,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_IFACE, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .create = hash_netiface_create, .create_policy = { diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c index 8f9de72..1fcc102 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c @@ -507,7 +507,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -526,7 +526,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -549,15 +549,15 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_tvariant : &hash_netport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netport4_gc_init(set); else hash_netport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_variant : &hash_netport6_variant; } @@ -573,7 +573,7 @@ static struct ip_set_type hash_netport_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added */ .revision_max = 2, /* Range as input support for IPv4 added */ diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c index 4d10819..7e095f9 100644 --- a/kernel/net/netfilter/ipset/ip_set_list_set.c +++ b/kernel/net/netfilter/ipset/ip_set_list_set.c @@ -575,7 +575,7 @@ static struct ip_set_type list_set_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_NAME | IPSET_DUMP_LAST, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = list_set_create, diff --git a/lib/data.c b/lib/data.c index dfae6aa..0210b7b 100644 --- a/lib/data.c +++ b/lib/data.c @@ -8,7 +8,6 @@ #include <arpa/inet.h> /* ntoh* */ #include <net/ethernet.h> /* ETH_ALEN */ #include <net/if.h> /* IFNAMSIZ */ -#include <sys/socket.h> /* AF_ */ #include <stdlib.h> /* malloc, free */ #include <string.h> /* memset */ @@ -81,7 +80,7 @@ struct ipset_data { static void copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value) { - if (family == AF_INET) + if (family == NFPROTO_IPV4) in4cpy(&ip->in, value); else in6cpy(&ip->in6, value); @@ -213,12 +212,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) break; /* CADT options */ case IPSET_OPT_IP: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip, value); break; case IPSET_OPT_IP_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip_to, value); break; @@ -288,12 +287,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN); break; case IPSET_OPT_IP2: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2, value); break; case IPSET_OPT_IP2_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2_to, value); break; @@ -456,7 +455,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_IP_TO: case IPSET_OPT_IP2: case IPSET_OPT_IP2_TO: - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: @@ -511,14 +510,14 @@ ipset_data_setname(const struct ipset_data *data) * @data: data blob * * Return the INET family supported by the set from the data blob. - * If the family is not set yet, AF_UNSPEC is returned. + * If the family is not set yet, NFPROTO_UNSPEC is returned. */ uint8_t ipset_data_family(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_FAMILY) - ? data->family : AF_UNSPEC; + ? data->family : NFPROTO_UNSPEC; } /** @@ -534,8 +533,8 @@ ipset_data_cidr(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : - data->family == AF_INET6 ? 128 : 0; + data->family == NFPROTO_IPV4 ? 32 : + data->family == NFPROTO_IPV6 ? 128 : 0; } /** diff --git a/lib/debug.c b/lib/debug.c index 931b0c1..486d910 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -116,14 +116,14 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV4]); - inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV6]); - inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } diff --git a/lib/parse.c b/lib/parse.c index 2bb0601..b13b4d6 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -511,7 +511,7 @@ ipset_parse_proto_port(struct ipset_session *session, tmp = a; goto parse_port; case IPPROTO_ICMP: - if (family != AF_INET) { + if (family != NFPROTO_IPV4) { syntax_err("Protocol ICMP can be used " "with family INET only"); goto error; @@ -519,7 +519,7 @@ ipset_parse_proto_port(struct ipset_session *session, err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: - if (family != AF_INET6) { + if (family != NFPROTO_IPV6) { syntax_err("Protocol ICMPv6 can be used " "with family INET6 only"); goto error; @@ -577,11 +577,11 @@ ipset_parse_family(struct ipset_session *session, "multiple times"); if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4")) - family = AF_INET; + family = NFPROTO_IPV4; else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6")) - family = AF_INET6; + family = NFPROTO_IPV6; else if (STREQ(str, "any") || STREQ(str, "unspec")) - family = AF_UNSPEC; + family = NFPROTO_UNSPEC; else return syntax_err("unknown INET family %s", str); @@ -610,7 +610,7 @@ call_getaddrinfo(struct ipset_session *session, const char *str, if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", + str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4", gai_strerror(err)); return NULL; } else @@ -625,13 +625,13 @@ get_addrinfo(struct ipset_session *session, uint8_t family) { struct addrinfo *i; - size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) + size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); int found, err = 0; if ((*info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return EINVAL; } @@ -639,7 +639,7 @@ get_addrinfo(struct ipset_session *session, if (i->ai_family != family || i->ai_addrlen != addrlen) continue; if (found == 0) { - if (family == AF_INET) { + if (family == NFPROTO_IPV4) { /* Workaround: direct cast increases * required alignment on Sparc */ @@ -668,7 +668,7 @@ get_addrinfo(struct ipset_session *session, if (found == 0) return syntax_err("cannot parse %s: " "%s address could not be resolved", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return err; } @@ -677,7 +677,7 @@ parse_ipaddr(struct ipset_session *session, enum ipset_opt opt, const char *str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; + uint8_t m = family == NFPROTO_IPV4 ? 32 : 128; int aerr = EINVAL, err = 0, range = 0; char *saved = strdup(str); char *a, *tmp = saved; @@ -737,7 +737,7 @@ cidr_hostaddr(const char *str, uint8_t family) { char *a = cidr_separator(str); - return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); + return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128"); } static int @@ -747,8 +747,8 @@ parse_ip(struct ipset_session *session, struct ipset_data *data = ipset_session_data(session); uint8_t family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -985,12 +985,12 @@ ipset_parse_ip4_single6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? ipset_parse_ip(session, opt, str) + return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); } @@ -1025,12 +1025,12 @@ ipset_parse_ip4_net6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) + return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); } @@ -1330,21 +1330,21 @@ ipset_parse_netmask(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124, + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124, &cidr); if (err) return syntax_err("netmask is out of the inclusive range " "of %u-%u", - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124); + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124); return ipset_data_set(data, opt, &cidr); } diff --git a/lib/print.c b/lib/print.c index 6452ab5..d7f99a4 100644 --- a/lib/print.c +++ b/lib/print.c @@ -152,7 +152,7 @@ __getnameinfo4(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in4cpy(&saddr.sin_addr, &addr->in); - saddr.sin_family = AF_INET; + saddr.sin_family = NFPROTO_IPV4; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -178,7 +178,7 @@ __getnameinfo6(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in6cpy(&saddr.sin6_addr, &addr->in6); - saddr.sin6_family = AF_INET6; + saddr.sin6_family = NFPROTO_IPV6; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -253,14 +253,14 @@ ipset_print_ip(char *buf, unsigned int len, cidr = *(const uint8_t *) ipset_data_get(data, cidropt); D("CIDR: %u", cidr); } else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf, len, flags, ip, cidr); else return -1; @@ -275,9 +275,9 @@ ipset_print_ip(char *buf, unsigned int len, SNPRINTF_FAILURE(size, len, offset); ip = ipset_data_get(data, IPSET_OPT_IP_TO); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf + offset, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; @@ -320,14 +320,14 @@ ipset_print_ipaddr(char *buf, unsigned int len, if (ipset_data_test(data, cidropt)) cidr = *(const uint8_t *) ipset_data_get(data, cidropt); else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) return snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) return snprintf_ipv6(buf, len, flags, ip, cidr); return -1; diff --git a/lib/session.c b/lib/session.c index 9e36efd..472b974 100644 --- a/lib/session.c +++ b/lib/session.c @@ -568,7 +568,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], /* Validate by hand */ switch (family) { - case AF_INET: + case NFPROTO_IPV4: atype = IPSET_ATTR_IPADDR_IPV4; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv4 address " @@ -578,7 +578,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], "cannot validate IPv4 " "address attribute!"); break; - case AF_INET6: + case NFPROTO_IPV6: atype = IPSET_ATTR_IPADDR_IPV6; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv6 address " @@ -814,8 +814,8 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) } #define FAMILY_TO_STR(f) \ - ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") + ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") static int list_create(struct ipset_session *session, struct nlattr *nla[]) @@ -1413,7 +1413,7 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags) return attr->len; *flags = NLA_F_NET_BYTEORDER; - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case MNL_TYPE_U32: *flags = NLA_F_NET_BYTEORDER; @@ -1446,7 +1446,7 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, if (attr->type == MNL_TYPE_NESTED) { /* IP addresses */ struct nlattr *nested; - int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4 + int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); @@ -1454,8 +1454,8 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); - D("family: %s", family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC"); + D("family: %s", family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype | flags, alen, d); mnl_attr_nest_end(nlh, nested); @@ -1509,14 +1509,14 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh, data2attr(session, nlh, data, type, family, attrs) #define ADDATTR_SETNAME(session, nlh, data) \ - data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) + data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ - rawdata2attr(session, nlh, data, type, AF_INET, attrs) + rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs) static void addattr_create(struct ipset_session *session, @@ -1572,13 +1572,13 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) "Invalid internal TYPE command: " "missing settype"); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); break; default: return ipset_err(session, "Internal error: " @@ -1638,17 +1638,17 @@ build_msg(struct ipset_session *session, bool aggregate) * setname, typename, revision, family, flags (optional) */ ADDATTR_SETNAME(session, nlh, data); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", ipset_data_family(data), type->family); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); /* Type-specific create attributes */ D("call open_nested"); @@ -1675,7 +1675,7 @@ build_msg(struct ipset_session *session, bool aggregate) ADDATTR_SETNAME(session, nlh, data); if (flags && session->mode != IPSET_LIST_SAVE) { ipset_data_set(data, IPSET_OPT_FLAGS, &flags); - ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET, + ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4, cmd_attrs); } break; diff --git a/lib/types.c b/lib/types.c index 7c16a30..e93b4bd 100644 --- a/lib/types.c +++ b/lib/types.c @@ -173,7 +173,8 @@ ipset_cache_swap(const char *from, const char *to) } #define MATCH_FAMILY(type, f) \ - (f == AF_UNSPEC || type->family == f || type->family == AF_INET46) + (f == NFPROTO_UNSPEC || type->family == f || \ + type->family == NFPROTO_IPSET_IPV46) bool ipset_match_typename(const char *name, const struct ipset_type *type) @@ -227,8 +228,9 @@ create_type_get(struct ipset_session *session) typename); /* Family is unspecified yet: set from matching set type */ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) { - family = match->family == AF_INET46 ? AF_INET : match->family; + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) { + family = match->family == NFPROTO_IPSET_IPV46 ? + NFPROTO_IPV4 : match->family; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -254,8 +256,8 @@ create_type_get(struct ipset_session *session) "with maximal revision %u.\n" "You need to upgrade your ipset program.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmin, tmax); else return ipset_errptr(session, @@ -264,8 +266,8 @@ create_type_get(struct ipset_session *session) "with minimal revision %u.\n" "You need to upgrade your kernel.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmax, tmin); } @@ -290,8 +292,9 @@ found: } #define set_family_and_type(data, match, family) do { \ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) \ - family = match->family == AF_INET46 ? AF_INET : match->family;\ + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \ + family = match->family == NFPROTO_IPSET_IPV46 ? \ + NFPROTO_IPV4 : match->family;\ ipset_data_set(data, IPSET_OPT_FAMILY, &family); \ ipset_data_set(data, IPSET_OPT_TYPE, match); \ } while (0) @@ -306,7 +309,7 @@ adt_type_get(struct ipset_session *session) const struct ipset_type *match; const char *setname, *typename; const uint8_t *revision; - uint8_t family = AF_UNSPEC; + uint8_t family = NFPROTO_UNSPEC; int ret; data = ipset_session_data(session); @@ -352,8 +355,8 @@ adt_type_get(struct ipset_session *session) "ipset library does not support the " "settype with that family and revision.", setname, typename, - family == AF_INET ? "inet" : - family == AF_INET6 ? "inet6" : "unspec", + family == NFPROTO_IPV4 ? "inet" : + family == NFPROTO_IPV6 ? "inet6" : "unspec", *revision); set_family_and_type(data, match, family); @@ -409,7 +412,7 @@ ipset_type_check(struct ipset_session *session) const struct ipset_type *t, *match = NULL; struct ipset_data *data; const char *typename; - uint8_t family = AF_UNSPEC, revision; + uint8_t family = NFPROTO_UNSPEC, revision; assert(session); data = ipset_session_data(session); diff --git a/src/ipset.c b/src/ipset.c index 358befe..e835f06 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -324,9 +324,9 @@ static const char * session_family(void) { switch (ipset_data_family(ipset_session_data(session))) { - case AF_INET: + case NFPROTO_IPV4: return "inet"; - case AF_INET6: + case NFPROTO_IPV6: return "inet6"; default: return "unspec"; @@ -581,10 +581,10 @@ parse_commandline(int argc, char *argv[]) type->name, type->usage); if (type->usagefn) type->usagefn(); - if (type->family == AF_UNSPEC) + if (type->family == NFPROTO_UNSPEC) printf("\nType %s is family neutral.\n", type->name); - else if (type->family == AF_INET46) + else if (type->family == NFPROTO_IPSET_IPV46) printf("\nType %s supports INET " "and INET6.\n", type->name); @@ -592,7 +592,7 @@ parse_commandline(int argc, char *argv[]) printf("\nType %s supports family " "%s only.\n", type->name, - type->family == AF_INET + type->family == NFPROTO_IPV4 ? "INET" : "INET6"); } else { printf("\nSupported set types:\n"); diff --git a/src/ipset_bitmap_ip.c b/src/ipset_bitmap_ip.c index e73bc7c..890b0dc 100644 --- a/src/ipset_bitmap_ip.c +++ b/src/ipset_bitmap_ip.c @@ -60,7 +60,7 @@ struct ipset_type ipset_bitmap_ip0 = { .name = "bitmap:ip", .alias = { "ipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_bitmap_ipmac.c b/src/ipset_bitmap_ipmac.c index f47f25d..385f2a8 100644 --- a/src/ipset_bitmap_ipmac.c +++ b/src/ipset_bitmap_ipmac.c @@ -57,7 +57,7 @@ struct ipset_type ipset_bitmap_ipmac0 = { .name = "bitmap:ip,mac", .alias = { "macipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_TWO, .last_elem_optional = true, .elem = { diff --git a/src/ipset_bitmap_port.c b/src/ipset_bitmap_port.c index c8c6e1f..d9b4cd8 100644 --- a/src/ipset_bitmap_port.c +++ b/src/ipset_bitmap_port.c @@ -51,7 +51,7 @@ struct ipset_type ipset_bitmap_port0 = { .name = "bitmap:port", .alias = { "portmap", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ip.c b/src/ipset_hash_ip.c index 315804a..22bff14 100644 --- a/src/ipset_hash_ip.c +++ b/src/ipset_hash_ip.c @@ -83,7 +83,7 @@ struct ipset_type ipset_hash_ip0 = { .name = "hash:ip", .alias = { "iphash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ipport.c b/src/ipset_hash_ipport.c index b5bd41b..2e7d177 100644 --- a/src/ipset_hash_ipport.c +++ b/src/ipset_hash_ipport.c @@ -89,7 +89,7 @@ struct ipset_type ipset_hash_ipport1 = { .name = "hash:ip,port", .alias = { "ipporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ipportip.c b/src/ipset_hash_ipportip.c index b27cebf..74d6c8b 100644 --- a/src/ipset_hash_ipportip.c +++ b/src/ipset_hash_ipportip.c @@ -89,7 +89,7 @@ struct ipset_type ipset_hash_ipportip1 = { .name = "hash:ip,port,ip", .alias = { "ipportiphash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ipportnet.c b/src/ipset_hash_ipportnet.c index ecab191..0e1a47e 100644 --- a/src/ipset_hash_ipportnet.c +++ b/src/ipset_hash_ipportnet.c @@ -90,7 +90,7 @@ struct ipset_type ipset_hash_ipportnet1 = { .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { [IPSET_DIM_ONE] = { @@ -180,7 +180,7 @@ struct ipset_type ipset_hash_ipportnet2 = { .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_net.c b/src/ipset_hash_net.c index 665c398..5b3d870 100644 --- a/src/ipset_hash_net.c +++ b/src/ipset_hash_net.c @@ -73,7 +73,7 @@ struct ipset_type ipset_hash_net0 = { .name = "hash:net", .alias = { "nethash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { @@ -125,7 +125,7 @@ struct ipset_type ipset_hash_net1 = { .name = "hash:net", .alias = { "nethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_netiface.c b/src/ipset_hash_netiface.c index 2fbe27d..bf1486e 100644 --- a/src/ipset_hash_netiface.c +++ b/src/ipset_hash_netiface.c @@ -66,7 +66,7 @@ struct ipset_type ipset_hash_netiface0 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_netport.c b/src/ipset_hash_netport.c index 480dd84..a8cce93 100644 --- a/src/ipset_hash_netport.c +++ b/src/ipset_hash_netport.c @@ -67,7 +67,7 @@ struct ipset_type ipset_hash_netport1 = { .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { @@ -141,7 +141,7 @@ struct ipset_type ipset_hash_netport2 = { .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_list_set.c b/src/ipset_list_set.c index f3fa6df..8f813d6 100644 --- a/src/ipset_list_set.c +++ b/src/ipset_list_set.c @@ -50,7 +50,7 @@ struct ipset_type ipset_list_set0 = { .name = "list:set", .alias = { "setlist", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { -- 1.7.3.4 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/3] build: abort autogen on subcommand failure 2011-08-31 12:43 ipset: use NFPROTO_ (v2) Jan Engelhardt 2011-08-31 12:43 ` [PATCH 1/3] ipset: use NFPROTO_ constants Jan Engelhardt @ 2011-08-31 12:43 ` Jan Engelhardt 2011-08-31 12:43 ` [PATCH 3/3] build: move ipset_errcode into library Jan Engelhardt 2011-08-31 19:13 ` ipset: use NFPROTO_ (v2) Jozsef Kadlecsik 3 siblings, 0 replies; 8+ messages in thread From: Jan Engelhardt @ 2011-08-31 12:43 UTC (permalink / raw) To: kadlec; +Cc: netfilter-devel Needed to stop an automated build process when automake requirements are not fulfilled. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- autogen.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/autogen.sh b/autogen.sh index d0d5d98..9c0f327 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e aclocal -I m4 autoreconf -fi -- 1.7.3.4 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/3] build: move ipset_errcode into library 2011-08-31 12:43 ipset: use NFPROTO_ (v2) Jan Engelhardt 2011-08-31 12:43 ` [PATCH 1/3] ipset: use NFPROTO_ constants Jan Engelhardt 2011-08-31 12:43 ` [PATCH 2/3] build: abort autogen on subcommand failure Jan Engelhardt @ 2011-08-31 12:43 ` Jan Engelhardt 2011-08-31 19:13 ` ipset: use NFPROTO_ (v2) Jozsef Kadlecsik 3 siblings, 0 replies; 8+ messages in thread From: Jan Engelhardt @ 2011-08-31 12:43 UTC (permalink / raw) To: kadlec; +Cc: netfilter-devel The library cannot stand on its own: 19:13 seven:../ipset/lib > ldd -r .libs/libipset.so.1 linux-vdso.so.1 => (0x00007fff9a569000) libmnl.so.0 => /usr/lib64/libmnl.so.0 (0x00007fd42ae5c000) libc.so.6 => /lib64/libc.so.6 (0x00007fd42aaef000) /lib64/ld-linux-x86-64.so.2 (0x00007fd42b28d000) undefined symbol: ipset_errcode (.libs/libipset.so.1) Resolve this by moving ipset_errcode into the library. Reported-by: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com> References: http://marc.info/?l=netfilter-devel&m=131435791514602&w=2 --- lib/Makefile.am | 1 + lib/errcode.c | 200 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/Makefile.am | 1 - src/errcode.c | 200 ------------------------------------------------------- 4 files changed, 201 insertions(+), 201 deletions(-) create mode 100644 lib/errcode.c delete mode 100644 src/errcode.c diff --git a/lib/Makefile.am b/lib/Makefile.am index 7913877..8afe611 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -8,6 +8,7 @@ libipset_la_LDFLAGS = -version-info $(LIBVERSION) libipset_la_LIBADD = ${libmnl_LIBS} libipset_la_SOURCES = \ data.c \ + errcode.c \ icmp.c \ icmpv6.c \ mnl.c \ diff --git a/lib/errcode.c b/lib/errcode.c new file mode 100644 index 0000000..1ce5c00 --- /dev/null +++ b/lib/errcode.c @@ -0,0 +1,200 @@ +/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ +#include <assert.h> /* assert */ +#include <errno.h> /* errno */ +#include <string.h> /* strerror */ + +#include <libipset/debug.h> /* D() */ +#include <libipset/data.h> /* ipset_data_get */ +#include <libipset/session.h> /* ipset_err */ +#include <libipset/types.h> /* struct ipset_type */ +#include <libipset/utils.h> /* STRNEQ */ +#include <libipset/errcode.h> /* prototypes */ +#include <libipset/linux_ip_set_bitmap.h> /* bitmap specific errcodes */ +#include <libipset/linux_ip_set_hash.h> /* hash specific errcodes */ +#include <libipset/linux_ip_set_list.h> /* list specific errcodes */ + +/* Core kernel error codes */ +static const struct ipset_errcode_table core_errcode_table[] = { + /* Generic error codes */ + { ENOENT, 0, + "The set with the given name does not exist" }, + { EMSGSIZE, 0, + "Kernel error received: message could not be created" }, + { IPSET_ERR_PROTOCOL, 0, + "Kernel error received: ipset protocol error" }, + + /* CREATE specific error codes */ + { EEXIST, IPSET_CMD_CREATE, + "Set cannot be created: set with the same name already exists" }, + { IPSET_ERR_FIND_TYPE, 0, + "Kernel error received: set type not supported" }, + { IPSET_ERR_MAX_SETS, 0, + "Kernel error received: maximal number of sets reached, " + "cannot create more." }, + { IPSET_ERR_INVALID_NETMASK, 0, + "The value of the netmask parameter is invalid" }, + { IPSET_ERR_INVALID_FAMILY, 0, + "Protocol family not supported by the set type" }, + + /* DESTROY specific error codes */ + { IPSET_ERR_BUSY, IPSET_CMD_DESTROY, + "Set cannot be destroyed: it is in use by a kernel component" }, + + /* FLUSH specific error codes */ + + /* RENAME specific error codes */ + { IPSET_ERR_EXIST_SETNAME2, IPSET_CMD_RENAME, + "Set cannot be renamed: a set with the new name already exists" }, + { IPSET_ERR_REFERENCED, IPSET_CMD_RENAME, + "Set cannot be renamed: it is in use by another system" }, + + /* SWAP specific error codes */ + { IPSET_ERR_EXIST_SETNAME2, IPSET_CMD_SWAP, + "Sets cannot be swapped: the second set does not exist" }, + { IPSET_ERR_TYPE_MISMATCH, IPSET_CMD_SWAP, + "The sets cannot be swapped: they type does not match" }, + + /* LIST/SAVE specific error codes */ + + /* Generic (CADT) error codes */ + { IPSET_ERR_INVALID_CIDR, 0, + "The value of the CIDR parameter of the IP address is invalid" }, + { IPSET_ERR_TIMEOUT, 0, + "Timeout cannot be used: set was created without timeout support" }, + { IPSET_ERR_IPADDR_IPV4, 0, + "An IPv4 address is expected, but not received" }, + { IPSET_ERR_IPADDR_IPV6, 0, + "An IPv6 address is expected, but not received" }, + + /* ADD specific error codes */ + { IPSET_ERR_EXIST, IPSET_CMD_ADD, + "Element cannot be added to the set: it's already added" }, + + /* DEL specific error codes */ + { IPSET_ERR_EXIST, IPSET_CMD_DEL, + "Element cannot be deleted from the set: it's not added" }, + + /* TEST specific error codes */ + + /* HEADER specific error codes */ + + /* TYPE specific error codes */ + { EEXIST, IPSET_CMD_TYPE, + "Kernel error received: set type does not supported" }, + + /* PROTOCOL specific error codes */ + + { }, +}; + +/* Bitmap type-specific error codes */ +static const struct ipset_errcode_table bitmap_errcode_table[] = { + /* Generic (CADT) error codes */ + { IPSET_ERR_BITMAP_RANGE, 0, + "Element is out of the range of the set" }, + { IPSET_ERR_BITMAP_RANGE_SIZE, IPSET_CMD_CREATE, + "The range you specified exceeds the size limit of the set type" }, + { }, +}; + +/* Hash type-specific error codes */ +static const struct ipset_errcode_table hash_errcode_table[] = { + /* Generic (CADT) error codes */ + { IPSET_ERR_HASH_FULL, 0, + "Hash is full, cannot add more elements" }, + { IPSET_ERR_HASH_ELEM, 0, + "Null-valued element, cannot be stored in a hash type of set" }, + { IPSET_ERR_INVALID_PROTO, 0, + "Invalid protocol specified" }, + { IPSET_ERR_MISSING_PROTO, 0, + "Protocol missing, but must be specified" }, + { IPSET_ERR_HASH_RANGE_UNSUPPORTED, 0, + "Range is not supported in the \"net\" component of the element" }, + { IPSET_ERR_HASH_RANGE, 0, + "Invalid range, covers the whole address space" }, + { }, +}; + +/* List type-specific error codes */ +static const struct ipset_errcode_table list_errcode_table[] = { + /* Generic (CADT) error codes */ + { IPSET_ERR_NAME, 0, + "Set to be added/deleted/tested as element does not exist." }, + { IPSET_ERR_LOOP, 0, + "Sets with list:set type cannot be added to the set." }, + { IPSET_ERR_BEFORE, 0, + "No reference set specified." }, + { IPSET_ERR_NAMEREF, 0, + "The set to which you referred with 'before' or 'after' " + "does not exist." }, + { IPSET_ERR_LIST_FULL, 0, + "The set is full, more elements cannot be added." }, + { IPSET_ERR_REF_EXIST, 0, + "The set to which you referred with 'before' or 'after' " + "is not added to the set." }, + { }, +}; + +#define MATCH_TYPENAME(a, b) STRNEQ(a, b, strlen(b)) + +/** + * ipset_errcode - interpret a kernel error code + * @session: session structure + * @errcode: errcode + * + * Find the error code and print the appropriate + * error message into the error buffer. + * + * Returns -1. + */ +int +ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd, int errcode) +{ + const struct ipset_errcode_table *table = core_errcode_table; + int i, generic; + + if (errcode >= IPSET_ERR_TYPE_SPECIFIC) { + const struct ipset_type *type; + + type = ipset_saved_type(session); + if (type) { + if (MATCH_TYPENAME(type->name, "bitmap:")) + table = bitmap_errcode_table; + else if (MATCH_TYPENAME(type->name, "hash:")) + table = hash_errcode_table; + else if (MATCH_TYPENAME(type->name, "list:")) + table = list_errcode_table; + } + } + +retry: + for (i = 0, generic = -1; table[i].errcode; i++) { + if (table[i].errcode == errcode && + (table[i].cmd == cmd || table[i].cmd == 0)) { + if (table[i].cmd == 0) { + generic = i; + continue; + } + return ipset_err(session, table[i].message); + } + } + if (generic != -1) + return ipset_err(session, table[generic].message); + /* Fall back to the core table */ + if (table != core_errcode_table) { + table = core_errcode_table; + goto retry; + } + if (errcode < IPSET_ERR_PRIVATE) + return ipset_err(session, "Kernel error received: %s", + strerror(errcode)); + else + return ipset_err(session, + "Undecoded error %u received from kernel", + errcode); +} diff --git a/src/Makefile.am b/src/Makefile.am index f3047f0..8ba441d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,7 +2,6 @@ include $(top_srcdir)/Make_global.am sbin_PROGRAMS = ipset ipset_SOURCES = ipset.c \ - errcode.c \ ipset_bitmap_ip.c \ ipset_bitmap_ipmac.c \ ipset_bitmap_port.c \ diff --git a/src/errcode.c b/src/errcode.c deleted file mode 100644 index 1ce5c00..0000000 --- a/src/errcode.c +++ /dev/null @@ -1,200 +0,0 @@ -/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - */ -#include <assert.h> /* assert */ -#include <errno.h> /* errno */ -#include <string.h> /* strerror */ - -#include <libipset/debug.h> /* D() */ -#include <libipset/data.h> /* ipset_data_get */ -#include <libipset/session.h> /* ipset_err */ -#include <libipset/types.h> /* struct ipset_type */ -#include <libipset/utils.h> /* STRNEQ */ -#include <libipset/errcode.h> /* prototypes */ -#include <libipset/linux_ip_set_bitmap.h> /* bitmap specific errcodes */ -#include <libipset/linux_ip_set_hash.h> /* hash specific errcodes */ -#include <libipset/linux_ip_set_list.h> /* list specific errcodes */ - -/* Core kernel error codes */ -static const struct ipset_errcode_table core_errcode_table[] = { - /* Generic error codes */ - { ENOENT, 0, - "The set with the given name does not exist" }, - { EMSGSIZE, 0, - "Kernel error received: message could not be created" }, - { IPSET_ERR_PROTOCOL, 0, - "Kernel error received: ipset protocol error" }, - - /* CREATE specific error codes */ - { EEXIST, IPSET_CMD_CREATE, - "Set cannot be created: set with the same name already exists" }, - { IPSET_ERR_FIND_TYPE, 0, - "Kernel error received: set type not supported" }, - { IPSET_ERR_MAX_SETS, 0, - "Kernel error received: maximal number of sets reached, " - "cannot create more." }, - { IPSET_ERR_INVALID_NETMASK, 0, - "The value of the netmask parameter is invalid" }, - { IPSET_ERR_INVALID_FAMILY, 0, - "Protocol family not supported by the set type" }, - - /* DESTROY specific error codes */ - { IPSET_ERR_BUSY, IPSET_CMD_DESTROY, - "Set cannot be destroyed: it is in use by a kernel component" }, - - /* FLUSH specific error codes */ - - /* RENAME specific error codes */ - { IPSET_ERR_EXIST_SETNAME2, IPSET_CMD_RENAME, - "Set cannot be renamed: a set with the new name already exists" }, - { IPSET_ERR_REFERENCED, IPSET_CMD_RENAME, - "Set cannot be renamed: it is in use by another system" }, - - /* SWAP specific error codes */ - { IPSET_ERR_EXIST_SETNAME2, IPSET_CMD_SWAP, - "Sets cannot be swapped: the second set does not exist" }, - { IPSET_ERR_TYPE_MISMATCH, IPSET_CMD_SWAP, - "The sets cannot be swapped: they type does not match" }, - - /* LIST/SAVE specific error codes */ - - /* Generic (CADT) error codes */ - { IPSET_ERR_INVALID_CIDR, 0, - "The value of the CIDR parameter of the IP address is invalid" }, - { IPSET_ERR_TIMEOUT, 0, - "Timeout cannot be used: set was created without timeout support" }, - { IPSET_ERR_IPADDR_IPV4, 0, - "An IPv4 address is expected, but not received" }, - { IPSET_ERR_IPADDR_IPV6, 0, - "An IPv6 address is expected, but not received" }, - - /* ADD specific error codes */ - { IPSET_ERR_EXIST, IPSET_CMD_ADD, - "Element cannot be added to the set: it's already added" }, - - /* DEL specific error codes */ - { IPSET_ERR_EXIST, IPSET_CMD_DEL, - "Element cannot be deleted from the set: it's not added" }, - - /* TEST specific error codes */ - - /* HEADER specific error codes */ - - /* TYPE specific error codes */ - { EEXIST, IPSET_CMD_TYPE, - "Kernel error received: set type does not supported" }, - - /* PROTOCOL specific error codes */ - - { }, -}; - -/* Bitmap type-specific error codes */ -static const struct ipset_errcode_table bitmap_errcode_table[] = { - /* Generic (CADT) error codes */ - { IPSET_ERR_BITMAP_RANGE, 0, - "Element is out of the range of the set" }, - { IPSET_ERR_BITMAP_RANGE_SIZE, IPSET_CMD_CREATE, - "The range you specified exceeds the size limit of the set type" }, - { }, -}; - -/* Hash type-specific error codes */ -static const struct ipset_errcode_table hash_errcode_table[] = { - /* Generic (CADT) error codes */ - { IPSET_ERR_HASH_FULL, 0, - "Hash is full, cannot add more elements" }, - { IPSET_ERR_HASH_ELEM, 0, - "Null-valued element, cannot be stored in a hash type of set" }, - { IPSET_ERR_INVALID_PROTO, 0, - "Invalid protocol specified" }, - { IPSET_ERR_MISSING_PROTO, 0, - "Protocol missing, but must be specified" }, - { IPSET_ERR_HASH_RANGE_UNSUPPORTED, 0, - "Range is not supported in the \"net\" component of the element" }, - { IPSET_ERR_HASH_RANGE, 0, - "Invalid range, covers the whole address space" }, - { }, -}; - -/* List type-specific error codes */ -static const struct ipset_errcode_table list_errcode_table[] = { - /* Generic (CADT) error codes */ - { IPSET_ERR_NAME, 0, - "Set to be added/deleted/tested as element does not exist." }, - { IPSET_ERR_LOOP, 0, - "Sets with list:set type cannot be added to the set." }, - { IPSET_ERR_BEFORE, 0, - "No reference set specified." }, - { IPSET_ERR_NAMEREF, 0, - "The set to which you referred with 'before' or 'after' " - "does not exist." }, - { IPSET_ERR_LIST_FULL, 0, - "The set is full, more elements cannot be added." }, - { IPSET_ERR_REF_EXIST, 0, - "The set to which you referred with 'before' or 'after' " - "is not added to the set." }, - { }, -}; - -#define MATCH_TYPENAME(a, b) STRNEQ(a, b, strlen(b)) - -/** - * ipset_errcode - interpret a kernel error code - * @session: session structure - * @errcode: errcode - * - * Find the error code and print the appropriate - * error message into the error buffer. - * - * Returns -1. - */ -int -ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd, int errcode) -{ - const struct ipset_errcode_table *table = core_errcode_table; - int i, generic; - - if (errcode >= IPSET_ERR_TYPE_SPECIFIC) { - const struct ipset_type *type; - - type = ipset_saved_type(session); - if (type) { - if (MATCH_TYPENAME(type->name, "bitmap:")) - table = bitmap_errcode_table; - else if (MATCH_TYPENAME(type->name, "hash:")) - table = hash_errcode_table; - else if (MATCH_TYPENAME(type->name, "list:")) - table = list_errcode_table; - } - } - -retry: - for (i = 0, generic = -1; table[i].errcode; i++) { - if (table[i].errcode == errcode && - (table[i].cmd == cmd || table[i].cmd == 0)) { - if (table[i].cmd == 0) { - generic = i; - continue; - } - return ipset_err(session, table[i].message); - } - } - if (generic != -1) - return ipset_err(session, table[generic].message); - /* Fall back to the core table */ - if (table != core_errcode_table) { - table = core_errcode_table; - goto retry; - } - if (errcode < IPSET_ERR_PRIVATE) - return ipset_err(session, "Kernel error received: %s", - strerror(errcode)); - else - return ipset_err(session, - "Undecoded error %u received from kernel", - errcode); -} -- 1.7.3.4 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: ipset: use NFPROTO_ (v2) 2011-08-31 12:43 ipset: use NFPROTO_ (v2) Jan Engelhardt ` (2 preceding siblings ...) 2011-08-31 12:43 ` [PATCH 3/3] build: move ipset_errcode into library Jan Engelhardt @ 2011-08-31 19:13 ` Jozsef Kadlecsik 2011-08-31 20:30 ` Jan Engelhardt 3 siblings, 1 reply; 8+ messages in thread From: Jozsef Kadlecsik @ 2011-08-31 19:13 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Hi Jan, On Wed, 31 Aug 2011, Jan Engelhardt wrote: > The following changes since commit cdb6bb6cf01909e84bae99af0d83946884f24611: > > ipset 6.8 released (2011-07-11 11:10:47 +0200) > > are available in the git repository at: > git://dev.medozas.de/ipset master > > Jan Engelhardt (3): > ipset: use NFPROTO_ constants > build: abort autogen on subcommand failure > build: move ipset_errcode into library Please rebase these patches against commit 20a52295775126d1bd5740b6543d1ea8ea239b1b and send them again: the compatibility patch I had to wrote on top of your previous batch broke them. Thanks! Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipset: use NFPROTO_ (v2) 2011-08-31 19:13 ` ipset: use NFPROTO_ (v2) Jozsef Kadlecsik @ 2011-08-31 20:30 ` Jan Engelhardt 2011-09-01 9:22 ` Jozsef Kadlecsik 0 siblings, 1 reply; 8+ messages in thread From: Jan Engelhardt @ 2011-08-31 20:30 UTC (permalink / raw) To: Jozsef Kadlecsik; +Cc: netfilter-devel On Wednesday 2011-08-31 21:13, Jozsef Kadlecsik wrote: >Hi Jan, > >On Wed, 31 Aug 2011, Jan Engelhardt wrote: > >> The following changes since commit cdb6bb6cf01909e84bae99af0d83946884f24611: >> >> ipset 6.8 released (2011-07-11 11:10:47 +0200) >> >> are available in the git repository at: >> git://dev.medozas.de/ipset master >> >> Jan Engelhardt (3): >> ipset: use NFPROTO_ constants >> build: abort autogen on subcommand failure >> build: move ipset_errcode into library > >Please rebase these patches against commit >20a52295775126d1bd5740b6543d1ea8ea239b1b and send them again: the >compatibility patch I had to wrote on top of your previous batch broke >them. Thanks! Rebased. Same URL. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipset: use NFPROTO_ (v2) 2011-08-31 20:30 ` Jan Engelhardt @ 2011-09-01 9:22 ` Jozsef Kadlecsik 0 siblings, 0 replies; 8+ messages in thread From: Jozsef Kadlecsik @ 2011-09-01 9:22 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel On Wed, 31 Aug 2011, Jan Engelhardt wrote: > On Wednesday 2011-08-31 21:13, Jozsef Kadlecsik wrote: > > >On Wed, 31 Aug 2011, Jan Engelhardt wrote: > > > >> The following changes since commit cdb6bb6cf01909e84bae99af0d83946884f24611: > >> > >> ipset 6.8 released (2011-07-11 11:10:47 +0200) > >> > >> are available in the git repository at: > >> git://dev.medozas.de/ipset master > >> > >> Jan Engelhardt (3): > >> ipset: use NFPROTO_ constants > >> build: abort autogen on subcommand failure > >> build: move ipset_errcode into library > > > >Please rebase these patches against commit > >20a52295775126d1bd5740b6543d1ea8ea239b1b and send them again: the > >compatibility patch I had to wrote on top of your previous batch broke > >them. Thanks! > > Rebased. Same URL. Pulled and pushed out, thanks, Jan. Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 8+ messages in thread
* ipset 6.8 patches @ 2011-08-28 17:32 Jan Engelhardt 2011-08-28 17:32 ` [PATCH 1/3] ipset: use NFPROTO_ constants Jan Engelhardt 0 siblings, 1 reply; 8+ messages in thread From: Jan Engelhardt @ 2011-08-28 17:32 UTC (permalink / raw) To: kadlec; +Cc: netfilter-devel The following changes since commit cdb6bb6cf01909e84bae99af0d83946884f24611: ipset 6.8 released (2011-07-11 11:10:47 +0200) are available in the git repository at: git://dev.medozas.de/ipset master Jan Engelhardt (3): ipset: use NFPROTO_ constants build: abort autogen on subcommand failure build: move ipset_errcode into library autogen.sh | 2 +- include/libipset/nfproto.h | 19 +++++++ include/libipset/types.h | 15 +++-- kernel/include/linux/netfilter/ipset/ip_set.h | 5 ++- kernel/net/netfilter/ipset/ip_set_bitmap_ip.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_port.c | 4 +- kernel/net/netfilter/ipset/ip_set_core.c | 16 +++--- kernel/net/netfilter/ipset/ip_set_getport.c | 4 +- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 18 +++--- kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_net.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netport.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_list_set.c | 2 +- lib/Makefile.am | 1 + lib/data.c | 21 ++++---- lib/debug.c | 4 +- {src => lib}/errcode.c | 0 lib/parse.c | 52 ++++++++++---------- lib/print.c | 20 ++++---- lib/session.c | 34 ++++++------ lib/types.c | 26 +++++----- src/Makefile.am | 1 - src/ipset.c | 10 ++-- src/ipset_bitmap_ip.c | 2 +- src/ipset_bitmap_ipmac.c | 2 +- src/ipset_bitmap_port.c | 2 +- src/ipset_hash_ip.c | 2 +- src/ipset_hash_ipport.c | 2 +- src/ipset_hash_ipportip.c | 2 +- src/ipset_hash_ipportnet.c | 4 +- src/ipset_hash_net.c | 4 +- src/ipset_hash_netiface.c | 2 +- src/ipset_hash_netport.c | 4 +- src/ipset_list_set.c | 2 +- 38 files changed, 191 insertions(+), 167 deletions(-) create mode 100644 include/libipset/nfproto.h rename {src => lib}/errcode.c (100%) ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/3] ipset: use NFPROTO_ constants 2011-08-28 17:32 ipset 6.8 patches Jan Engelhardt @ 2011-08-28 17:32 ` Jan Engelhardt 0 siblings, 0 replies; 8+ messages in thread From: Jan Engelhardt @ 2011-08-28 17:32 UTC (permalink / raw) To: kadlec; +Cc: netfilter-devel ipset is actually using NFPROTO values rather than AF (xt_set passes that along). --- include/libipset/nfproto.h | 19 +++++++ include/libipset/types.h | 15 +++-- kernel/include/linux/netfilter/ipset/ip_set.h | 5 ++- kernel/net/netfilter/ipset/ip_set_bitmap_ip.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | 4 +- kernel/net/netfilter/ipset/ip_set_bitmap_port.c | 4 +- kernel/net/netfilter/ipset/ip_set_core.c | 16 +++--- kernel/net/netfilter/ipset/ip_set_getport.c | 4 +- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 18 +++--- kernel/net/netfilter/ipset/ip_set_hash_ipport.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 10 ++-- kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_net.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netiface.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_hash_netport.c | 12 ++-- kernel/net/netfilter/ipset/ip_set_list_set.c | 2 +- lib/data.c | 21 ++++---- lib/debug.c | 4 +- lib/parse.c | 52 ++++++++++---------- lib/print.c | 20 ++++---- lib/session.c | 34 ++++++------ lib/types.c | 26 +++++----- src/ipset.c | 10 ++-- src/ipset_bitmap_ip.c | 2 +- src/ipset_bitmap_ipmac.c | 2 +- src/ipset_bitmap_port.c | 2 +- src/ipset_hash_ip.c | 2 +- src/ipset_hash_ipport.c | 2 +- src/ipset_hash_ipportip.c | 2 +- src/ipset_hash_ipportnet.c | 4 +- src/ipset_hash_net.c | 4 +- src/ipset_hash_netiface.c | 2 +- src/ipset_hash_netport.c | 4 +- src/ipset_list_set.c | 2 +- 34 files changed, 189 insertions(+), 165 deletions(-) create mode 100644 include/libipset/nfproto.h diff --git a/include/libipset/nfproto.h b/include/libipset/nfproto.h new file mode 100644 index 0000000..800da11 --- /dev/null +++ b/include/libipset/nfproto.h @@ -0,0 +1,19 @@ +#ifndef LIBIPSET_NFPROTO_H +#define LIBIPSET_NFPROTO_H + +/* + * The constants to select, same as in linux/netfilter.h. + * Like nf_inet_addr.h, this is just here so that we need not to rely on + * the presence of a recent-enough netfilter.h. + */ +enum { + NFPROTO_UNSPEC = 0, + NFPROTO_IPV4 = 2, + NFPROTO_ARP = 3, + NFPROTO_BRIDGE = 7, + NFPROTO_IPV6 = 10, + NFPROTO_DECNET = 12, + NFPROTO_NUMPROTO, +}; + +#endif /* LIBIPSET_NFPROTO_H */ diff --git a/include/libipset/types.h b/include/libipset/types.h index d3a0b4c..edec2c9 100644 --- a/include/libipset/types.h +++ b/include/libipset/types.h @@ -14,15 +14,18 @@ #include <libipset/parse.h> /* ipset_parsefn */ #include <libipset/print.h> /* ipset_printfn */ #include <libipset/linux_ip_set.h> /* IPSET_MAXNAMELEN */ - -#define AF_INET46 255 +#include <libipset/nfproto.h> /* for NFPROTO_ */ /* Family rules: - * - AF_UNSPEC: type is family-neutral - * - AF_INET: type supports IPv4 only - * - AF_INET6: type supports IPv6 only - * - AF_INET46: type supports both IPv4 and IPv6 + * - NFPROTO_UNSPEC: type is family-neutral + * - NFPROTO_IPV4: type supports IPv4 only + * - NFPROTO_IPV6: type supports IPv6 only + * Special (userspace) ipset-only extra value: + * - NFPROTO_X_IPV46: type supports both IPv4 and IPv6 */ +enum { + NFPROTO_X_IPV46 = 255, +}; /* Set dimensions */ enum { diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index 3540c6e..e7b06f5 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -288,7 +288,10 @@ struct ip_set_type { u8 features; /* Set type dimension */ u8 dimension; - /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */ + /* + * Supported family: may be NFPROTO_UNSPEC for both + * NFPROTO_IPV4/NFPROTO_IPV6. + */ u8 family; /* Type revisions */ u8 revision_min, revision_max; diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c index e3e7399..a72a4df 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c @@ -442,7 +442,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -550,7 +550,7 @@ static struct ip_set_type bitmap_ip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ip_create, diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 56096f5..81324c1 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c @@ -543,7 +543,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -623,7 +623,7 @@ static struct ip_set_type bitmap_ipmac_type = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_MAC, .dimension = IPSET_DIM_TWO, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ipmac_create, diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c index 29ba93b..382ec28 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c @@ -422,7 +422,7 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_UNSPEC; + set->family = NFPROTO_UNSPEC; return true; } @@ -483,7 +483,7 @@ static struct ip_set_type bitmap_port_type = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_PORT, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = bitmap_port_create, diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index cb4abbb..1a01628 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -70,7 +70,7 @@ find_set_type(const char *name, u8 family, u8 revision) list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family || type->family == AF_UNSPEC) && + (type->family == family || type->family == NFPROTO_UNSPEC) && revision >= type->revision_min && revision <= type->revision_max) return type; @@ -135,7 +135,7 @@ find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max) rcu_read_lock(); list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family || type->family == AF_UNSPEC)) { + (type->family == family || type->family == NFPROTO_UNSPEC)) { found = true; if (type->revision_min < *min) *min = type->revision_min; @@ -149,8 +149,8 @@ find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max) return try_to_load_type(name); } -#define family_name(f) ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") +#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") /* Register a set type structure. The type is identified by * the unique triple of name, family and revision. @@ -344,7 +344,7 @@ ip_set_test(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; read_lock_bh(&set->lock); @@ -377,7 +377,7 @@ ip_set_add(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -400,7 +400,7 @@ ip_set_del(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -565,7 +565,7 @@ start_msg(struct sk_buff *skb, u32 pid, u32 seq, unsigned int flags, return NULL; nfmsg = nlmsg_data(nlh); - nfmsg->nfgen_family = AF_INET; + nfmsg->nfgen_family = NFPROTO_IPV4; nfmsg->version = NFNETLINK_V0; nfmsg->res_id = 0; diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c index 757143b..58ca4e1 100644 --- a/kernel/net/netfilter/ipset/ip_set_getport.c +++ b/kernel/net/netfilter/ipset/ip_set_getport.c @@ -133,10 +133,10 @@ ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port) u8 proto; switch (pf) { - case AF_INET: + case NFPROTO_IPV4: ret = ip_set_get_ip4_port(skb, src, port, &proto); break; - case AF_INET6: + case NFPROTO_IPV6: ret = ip_set_get_ip6_port(skb, src, port, &proto); break; default: diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c index f2d576e..14a8628 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c @@ -366,11 +366,11 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u8 netmask, hbits; struct ip_set_hash *h; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; - netmask = set->family == AF_INET ? 32 : 128; + netmask = set->family == NFPROTO_IPV4 ? 32 : 128; pr_debug("Create set %s with family %s\n", - set->name, set->family == AF_INET ? "inet" : "inet6"); + set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || @@ -389,8 +389,8 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_NETMASK]) { netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); - if ((set->family == AF_INET && netmask > 32) || - (set->family == AF_INET6 && netmask > 128) || + if ((set->family == NFPROTO_IPV4 && netmask > 32) || + (set->family == NFPROTO_IPV6 && netmask > 128) || netmask == 0) return -IPSET_ERR_INVALID_NETMASK; } @@ -419,15 +419,15 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_tvariant : &hash_ip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ip4_gc_init(set); else hash_ip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_variant : &hash_ip6_variant; } @@ -443,7 +443,7 @@ static struct ip_set_type hash_ip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = hash_ip_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c index 6ee10f5..30a6273 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c @@ -450,7 +450,7 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -490,15 +490,15 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_tvariant : &hash_ipport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipport4_gc_init(set); else hash_ipport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_variant : &hash_ipport6_variant; } @@ -514,7 +514,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipport_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c index fb90e34..55de642 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c @@ -468,7 +468,7 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -508,15 +508,15 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportip4_gc_init(set); else hash_ipportip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_variant : &hash_ipportip6_variant; } @@ -532,7 +532,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipportip_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c index deb3e3d..6ee4f72 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c @@ -554,7 +554,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -573,7 +573,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -596,16 +596,16 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_tvariant : &hash_ipportnet6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportnet4_gc_init(set); else hash_ipportnet6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_variant : &hash_ipportnet6_variant; } @@ -621,7 +621,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added */ .revision_max = 2, /* Range as input support for IPv4 added */ diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c index 60d0165..48e35ba 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_net.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c @@ -406,7 +406,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) struct ip_set_hash *h; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -425,7 +425,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -448,15 +448,15 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_tvariant : &hash_net6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_net4_gc_init(set); else hash_net6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_variant : &hash_net6_variant; } @@ -472,7 +472,7 @@ static struct ip_set_type hash_net_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* Range as input support for IPv4 added */ .create = hash_net_create, diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c index e13095d..a9fb4af 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c @@ -678,7 +678,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -697,7 +697,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -722,15 +722,15 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_tvariant : &hash_netiface6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netiface4_gc_init(set); else hash_netiface6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_variant : &hash_netiface6_variant; } @@ -746,7 +746,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_IFACE, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .create = hash_netiface_create, .create_policy = { diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c index 8f9de72..1fcc102 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c @@ -507,7 +507,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -526,7 +526,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -549,15 +549,15 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_tvariant : &hash_netport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netport4_gc_init(set); else hash_netport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_variant : &hash_netport6_variant; } @@ -573,7 +573,7 @@ static struct ip_set_type hash_netport_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added */ .revision_max = 2, /* Range as input support for IPv4 added */ diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c index 4d10819..7e095f9 100644 --- a/kernel/net/netfilter/ipset/ip_set_list_set.c +++ b/kernel/net/netfilter/ipset/ip_set_list_set.c @@ -575,7 +575,7 @@ static struct ip_set_type list_set_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_NAME | IPSET_DUMP_LAST, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = list_set_create, diff --git a/lib/data.c b/lib/data.c index dfae6aa..0210b7b 100644 --- a/lib/data.c +++ b/lib/data.c @@ -8,7 +8,6 @@ #include <arpa/inet.h> /* ntoh* */ #include <net/ethernet.h> /* ETH_ALEN */ #include <net/if.h> /* IFNAMSIZ */ -#include <sys/socket.h> /* AF_ */ #include <stdlib.h> /* malloc, free */ #include <string.h> /* memset */ @@ -81,7 +80,7 @@ struct ipset_data { static void copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value) { - if (family == AF_INET) + if (family == NFPROTO_IPV4) in4cpy(&ip->in, value); else in6cpy(&ip->in6, value); @@ -213,12 +212,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) break; /* CADT options */ case IPSET_OPT_IP: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip, value); break; case IPSET_OPT_IP_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip_to, value); break; @@ -288,12 +287,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN); break; case IPSET_OPT_IP2: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2, value); break; case IPSET_OPT_IP2_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2_to, value); break; @@ -456,7 +455,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_IP_TO: case IPSET_OPT_IP2: case IPSET_OPT_IP2_TO: - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: @@ -511,14 +510,14 @@ ipset_data_setname(const struct ipset_data *data) * @data: data blob * * Return the INET family supported by the set from the data blob. - * If the family is not set yet, AF_UNSPEC is returned. + * If the family is not set yet, NFPROTO_UNSPEC is returned. */ uint8_t ipset_data_family(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_FAMILY) - ? data->family : AF_UNSPEC; + ? data->family : NFPROTO_UNSPEC; } /** @@ -534,8 +533,8 @@ ipset_data_cidr(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : - data->family == AF_INET6 ? 128 : 0; + data->family == NFPROTO_IPV4 ? 32 : + data->family == NFPROTO_IPV6 ? 128 : 0; } /** diff --git a/lib/debug.c b/lib/debug.c index 931b0c1..486d910 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -116,14 +116,14 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV4]); - inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV6]); - inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } diff --git a/lib/parse.c b/lib/parse.c index 2bb0601..b13b4d6 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -511,7 +511,7 @@ ipset_parse_proto_port(struct ipset_session *session, tmp = a; goto parse_port; case IPPROTO_ICMP: - if (family != AF_INET) { + if (family != NFPROTO_IPV4) { syntax_err("Protocol ICMP can be used " "with family INET only"); goto error; @@ -519,7 +519,7 @@ ipset_parse_proto_port(struct ipset_session *session, err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: - if (family != AF_INET6) { + if (family != NFPROTO_IPV6) { syntax_err("Protocol ICMPv6 can be used " "with family INET6 only"); goto error; @@ -577,11 +577,11 @@ ipset_parse_family(struct ipset_session *session, "multiple times"); if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4")) - family = AF_INET; + family = NFPROTO_IPV4; else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6")) - family = AF_INET6; + family = NFPROTO_IPV6; else if (STREQ(str, "any") || STREQ(str, "unspec")) - family = AF_UNSPEC; + family = NFPROTO_UNSPEC; else return syntax_err("unknown INET family %s", str); @@ -610,7 +610,7 @@ call_getaddrinfo(struct ipset_session *session, const char *str, if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", + str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4", gai_strerror(err)); return NULL; } else @@ -625,13 +625,13 @@ get_addrinfo(struct ipset_session *session, uint8_t family) { struct addrinfo *i; - size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) + size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); int found, err = 0; if ((*info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return EINVAL; } @@ -639,7 +639,7 @@ get_addrinfo(struct ipset_session *session, if (i->ai_family != family || i->ai_addrlen != addrlen) continue; if (found == 0) { - if (family == AF_INET) { + if (family == NFPROTO_IPV4) { /* Workaround: direct cast increases * required alignment on Sparc */ @@ -668,7 +668,7 @@ get_addrinfo(struct ipset_session *session, if (found == 0) return syntax_err("cannot parse %s: " "%s address could not be resolved", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return err; } @@ -677,7 +677,7 @@ parse_ipaddr(struct ipset_session *session, enum ipset_opt opt, const char *str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; + uint8_t m = family == NFPROTO_IPV4 ? 32 : 128; int aerr = EINVAL, err = 0, range = 0; char *saved = strdup(str); char *a, *tmp = saved; @@ -737,7 +737,7 @@ cidr_hostaddr(const char *str, uint8_t family) { char *a = cidr_separator(str); - return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); + return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128"); } static int @@ -747,8 +747,8 @@ parse_ip(struct ipset_session *session, struct ipset_data *data = ipset_session_data(session); uint8_t family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -985,12 +985,12 @@ ipset_parse_ip4_single6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? ipset_parse_ip(session, opt, str) + return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); } @@ -1025,12 +1025,12 @@ ipset_parse_ip4_net6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) + return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); } @@ -1330,21 +1330,21 @@ ipset_parse_netmask(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124, + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124, &cidr); if (err) return syntax_err("netmask is out of the inclusive range " "of %u-%u", - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124); + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124); return ipset_data_set(data, opt, &cidr); } diff --git a/lib/print.c b/lib/print.c index 6452ab5..d7f99a4 100644 --- a/lib/print.c +++ b/lib/print.c @@ -152,7 +152,7 @@ __getnameinfo4(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in4cpy(&saddr.sin_addr, &addr->in); - saddr.sin_family = AF_INET; + saddr.sin_family = NFPROTO_IPV4; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -178,7 +178,7 @@ __getnameinfo6(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in6cpy(&saddr.sin6_addr, &addr->in6); - saddr.sin6_family = AF_INET6; + saddr.sin6_family = NFPROTO_IPV6; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -253,14 +253,14 @@ ipset_print_ip(char *buf, unsigned int len, cidr = *(const uint8_t *) ipset_data_get(data, cidropt); D("CIDR: %u", cidr); } else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf, len, flags, ip, cidr); else return -1; @@ -275,9 +275,9 @@ ipset_print_ip(char *buf, unsigned int len, SNPRINTF_FAILURE(size, len, offset); ip = ipset_data_get(data, IPSET_OPT_IP_TO); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf + offset, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; @@ -320,14 +320,14 @@ ipset_print_ipaddr(char *buf, unsigned int len, if (ipset_data_test(data, cidropt)) cidr = *(const uint8_t *) ipset_data_get(data, cidropt); else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) return snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) return snprintf_ipv6(buf, len, flags, ip, cidr); return -1; diff --git a/lib/session.c b/lib/session.c index 9e36efd..472b974 100644 --- a/lib/session.c +++ b/lib/session.c @@ -568,7 +568,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], /* Validate by hand */ switch (family) { - case AF_INET: + case NFPROTO_IPV4: atype = IPSET_ATTR_IPADDR_IPV4; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv4 address " @@ -578,7 +578,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], "cannot validate IPv4 " "address attribute!"); break; - case AF_INET6: + case NFPROTO_IPV6: atype = IPSET_ATTR_IPADDR_IPV6; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv6 address " @@ -814,8 +814,8 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) } #define FAMILY_TO_STR(f) \ - ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") + ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") static int list_create(struct ipset_session *session, struct nlattr *nla[]) @@ -1413,7 +1413,7 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags) return attr->len; *flags = NLA_F_NET_BYTEORDER; - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case MNL_TYPE_U32: *flags = NLA_F_NET_BYTEORDER; @@ -1446,7 +1446,7 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, if (attr->type == MNL_TYPE_NESTED) { /* IP addresses */ struct nlattr *nested; - int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4 + int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); @@ -1454,8 +1454,8 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); - D("family: %s", family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC"); + D("family: %s", family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype | flags, alen, d); mnl_attr_nest_end(nlh, nested); @@ -1509,14 +1509,14 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh, data2attr(session, nlh, data, type, family, attrs) #define ADDATTR_SETNAME(session, nlh, data) \ - data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) + data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ - rawdata2attr(session, nlh, data, type, AF_INET, attrs) + rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs) static void addattr_create(struct ipset_session *session, @@ -1572,13 +1572,13 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) "Invalid internal TYPE command: " "missing settype"); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); break; default: return ipset_err(session, "Internal error: " @@ -1638,17 +1638,17 @@ build_msg(struct ipset_session *session, bool aggregate) * setname, typename, revision, family, flags (optional) */ ADDATTR_SETNAME(session, nlh, data); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", ipset_data_family(data), type->family); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); /* Type-specific create attributes */ D("call open_nested"); @@ -1675,7 +1675,7 @@ build_msg(struct ipset_session *session, bool aggregate) ADDATTR_SETNAME(session, nlh, data); if (flags && session->mode != IPSET_LIST_SAVE) { ipset_data_set(data, IPSET_OPT_FLAGS, &flags); - ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET, + ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4, cmd_attrs); } break; diff --git a/lib/types.c b/lib/types.c index 7c16a30..2048568 100644 --- a/lib/types.c +++ b/lib/types.c @@ -173,7 +173,7 @@ ipset_cache_swap(const char *from, const char *to) } #define MATCH_FAMILY(type, f) \ - (f == AF_UNSPEC || type->family == f || type->family == AF_INET46) + (f == NFPROTO_UNSPEC || type->family == f || type->family == NFPROTO_X_IPV46) bool ipset_match_typename(const char *name, const struct ipset_type *type) @@ -227,8 +227,8 @@ create_type_get(struct ipset_session *session) typename); /* Family is unspecified yet: set from matching set type */ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) { - family = match->family == AF_INET46 ? AF_INET : match->family; + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) { + family = match->family == NFPROTO_X_IPV46 ? NFPROTO_IPV4 : match->family; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -254,8 +254,8 @@ create_type_get(struct ipset_session *session) "with maximal revision %u.\n" "You need to upgrade your ipset program.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmin, tmax); else return ipset_errptr(session, @@ -264,8 +264,8 @@ create_type_get(struct ipset_session *session) "with minimal revision %u.\n" "You need to upgrade your kernel.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmax, tmin); } @@ -290,8 +290,8 @@ found: } #define set_family_and_type(data, match, family) do { \ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) \ - family = match->family == AF_INET46 ? AF_INET : match->family;\ + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \ + family = match->family == NFPROTO_X_IPV46 ? NFPROTO_IPV4 : match->family;\ ipset_data_set(data, IPSET_OPT_FAMILY, &family); \ ipset_data_set(data, IPSET_OPT_TYPE, match); \ } while (0) @@ -306,7 +306,7 @@ adt_type_get(struct ipset_session *session) const struct ipset_type *match; const char *setname, *typename; const uint8_t *revision; - uint8_t family = AF_UNSPEC; + uint8_t family = NFPROTO_UNSPEC; int ret; data = ipset_session_data(session); @@ -352,8 +352,8 @@ adt_type_get(struct ipset_session *session) "ipset library does not support the " "settype with that family and revision.", setname, typename, - family == AF_INET ? "inet" : - family == AF_INET6 ? "inet6" : "unspec", + family == NFPROTO_IPV4 ? "inet" : + family == NFPROTO_IPV6 ? "inet6" : "unspec", *revision); set_family_and_type(data, match, family); @@ -409,7 +409,7 @@ ipset_type_check(struct ipset_session *session) const struct ipset_type *t, *match = NULL; struct ipset_data *data; const char *typename; - uint8_t family = AF_UNSPEC, revision; + uint8_t family = NFPROTO_UNSPEC, revision; assert(session); data = ipset_session_data(session); diff --git a/src/ipset.c b/src/ipset.c index 358befe..d68b446 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -324,9 +324,9 @@ static const char * session_family(void) { switch (ipset_data_family(ipset_session_data(session))) { - case AF_INET: + case NFPROTO_IPV4: return "inet"; - case AF_INET6: + case NFPROTO_IPV6: return "inet6"; default: return "unspec"; @@ -581,10 +581,10 @@ parse_commandline(int argc, char *argv[]) type->name, type->usage); if (type->usagefn) type->usagefn(); - if (type->family == AF_UNSPEC) + if (type->family == NFPROTO_UNSPEC) printf("\nType %s is family neutral.\n", type->name); - else if (type->family == AF_INET46) + else if (type->family == NFPROTO_X_IPV46) printf("\nType %s supports INET " "and INET6.\n", type->name); @@ -592,7 +592,7 @@ parse_commandline(int argc, char *argv[]) printf("\nType %s supports family " "%s only.\n", type->name, - type->family == AF_INET + type->family == NFPROTO_IPV4 ? "INET" : "INET6"); } else { printf("\nSupported set types:\n"); diff --git a/src/ipset_bitmap_ip.c b/src/ipset_bitmap_ip.c index e73bc7c..890b0dc 100644 --- a/src/ipset_bitmap_ip.c +++ b/src/ipset_bitmap_ip.c @@ -60,7 +60,7 @@ struct ipset_type ipset_bitmap_ip0 = { .name = "bitmap:ip", .alias = { "ipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_bitmap_ipmac.c b/src/ipset_bitmap_ipmac.c index f47f25d..385f2a8 100644 --- a/src/ipset_bitmap_ipmac.c +++ b/src/ipset_bitmap_ipmac.c @@ -57,7 +57,7 @@ struct ipset_type ipset_bitmap_ipmac0 = { .name = "bitmap:ip,mac", .alias = { "macipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_TWO, .last_elem_optional = true, .elem = { diff --git a/src/ipset_bitmap_port.c b/src/ipset_bitmap_port.c index c8c6e1f..d9b4cd8 100644 --- a/src/ipset_bitmap_port.c +++ b/src/ipset_bitmap_port.c @@ -51,7 +51,7 @@ struct ipset_type ipset_bitmap_port0 = { .name = "bitmap:port", .alias = { "portmap", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ip.c b/src/ipset_hash_ip.c index 315804a..88bba80 100644 --- a/src/ipset_hash_ip.c +++ b/src/ipset_hash_ip.c @@ -83,7 +83,7 @@ struct ipset_type ipset_hash_ip0 = { .name = "hash:ip", .alias = { "iphash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ipport.c b/src/ipset_hash_ipport.c index b5bd41b..8fd152c 100644 --- a/src/ipset_hash_ipport.c +++ b/src/ipset_hash_ipport.c @@ -89,7 +89,7 @@ struct ipset_type ipset_hash_ipport1 = { .name = "hash:ip,port", .alias = { "ipporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ipportip.c b/src/ipset_hash_ipportip.c index b27cebf..bf77fbd 100644 --- a/src/ipset_hash_ipportip.c +++ b/src/ipset_hash_ipportip.c @@ -89,7 +89,7 @@ struct ipset_type ipset_hash_ipportip1 = { .name = "hash:ip,port,ip", .alias = { "ipportiphash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_THREE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_ipportnet.c b/src/ipset_hash_ipportnet.c index ecab191..47fd013 100644 --- a/src/ipset_hash_ipportnet.c +++ b/src/ipset_hash_ipportnet.c @@ -90,7 +90,7 @@ struct ipset_type ipset_hash_ipportnet1 = { .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_THREE, .elem = { [IPSET_DIM_ONE] = { @@ -180,7 +180,7 @@ struct ipset_type ipset_hash_ipportnet2 = { .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_THREE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_net.c b/src/ipset_hash_net.c index 665c398..f799987 100644 --- a/src/ipset_hash_net.c +++ b/src/ipset_hash_net.c @@ -73,7 +73,7 @@ struct ipset_type ipset_hash_net0 = { .name = "hash:net", .alias = { "nethash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { @@ -125,7 +125,7 @@ struct ipset_type ipset_hash_net1 = { .name = "hash:net", .alias = { "nethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_netiface.c b/src/ipset_hash_netiface.c index 2fbe27d..b31e30d 100644 --- a/src/ipset_hash_netiface.c +++ b/src/ipset_hash_netiface.c @@ -66,7 +66,7 @@ struct ipset_type ipset_hash_netiface0 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_hash_netport.c b/src/ipset_hash_netport.c index 480dd84..83bd631 100644 --- a/src/ipset_hash_netport.c +++ b/src/ipset_hash_netport.c @@ -67,7 +67,7 @@ struct ipset_type ipset_hash_netport1 = { .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { @@ -141,7 +141,7 @@ struct ipset_type ipset_hash_netport2 = { .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_X_IPV46, .dimension = IPSET_DIM_TWO, .elem = { [IPSET_DIM_ONE] = { diff --git a/src/ipset_list_set.c b/src/ipset_list_set.c index f3fa6df..8f813d6 100644 --- a/src/ipset_list_set.c +++ b/src/ipset_list_set.c @@ -50,7 +50,7 @@ struct ipset_type ipset_list_set0 = { .name = "list:set", .alias = { "setlist", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { [IPSET_DIM_ONE] = { -- 1.7.3.4 ^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-09-01 9:22 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2011-08-31 12:43 ipset: use NFPROTO_ (v2) Jan Engelhardt 2011-08-31 12:43 ` [PATCH 1/3] ipset: use NFPROTO_ constants Jan Engelhardt 2011-08-31 12:43 ` [PATCH 2/3] build: abort autogen on subcommand failure Jan Engelhardt 2011-08-31 12:43 ` [PATCH 3/3] build: move ipset_errcode into library Jan Engelhardt 2011-08-31 19:13 ` ipset: use NFPROTO_ (v2) Jozsef Kadlecsik 2011-08-31 20:30 ` Jan Engelhardt 2011-09-01 9:22 ` Jozsef Kadlecsik -- strict thread matches above, loose matches on Subject: below -- 2011-08-28 17:32 ipset 6.8 patches Jan Engelhardt 2011-08-28 17:32 ` [PATCH 1/3] ipset: use NFPROTO_ constants Jan Engelhardt
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.