[netfilter-cvslog] r4353 - trunk/ipset

kadlec at netfilter.org kadlec at netfilter.org
Thu Oct 13 10:55:33 CEST 2005


Author: kadlec at netfilter.org
Date: 2005-10-13 10:55:32 +0200 (Thu, 13 Oct 2005)
New Revision: 4353

Added:
   trunk/ipset/ipset_ipporthash.c
Modified:
   trunk/ipset/ChangeLog
   trunk/ipset/Makefile
   trunk/ipset/ipset.8
   trunk/ipset/ipset.c
   trunk/ipset/ipset.h
   trunk/ipset/ipset_iphash.c
   trunk/ipset/ipset_ipmap.c
   trunk/ipset/ipset_iptree.c
   trunk/ipset/ipset_macipmap.c
   trunk/ipset/ipset_nethash.c
   trunk/ipset/ipset_portmap.c
Log:
ipporthash set type added plus manpage corrections (JK)


Modified: trunk/ipset/ChangeLog
===================================================================
--- trunk/ipset/ChangeLog	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ChangeLog	2005-10-13 08:55:32 UTC (rev 4353)
@@ -1,3 +1,8 @@
+2.2.5
+ - garbage collector of iptree type of sets is fixed: flushing
+   sets/removing kernel module could corrupt the timer
+ - new ipporthash type added
+ - manpage fixes and corrections
 2.2.4
  - half-fixed memory allocation bug in iphash and nethash finally
    completely fixed (bug reported by Nikolai Malykh)

Modified: trunk/ipset/Makefile
===================================================================
--- trunk/ipset/Makefile	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/Makefile	2005-10-13 08:55:32 UTC (rev 4353)
@@ -8,7 +8,7 @@
 KERNEL_DIR=/usr/src/linux
 endif
 
-IPSET_VERSION:=2.2.4
+IPSET_VERSION:=2.2.5
 
 PREFIX:=/usr/local
 LIBDIR:=$(PREFIX)/lib
@@ -23,7 +23,7 @@
 COPT_FLAGS:=-O2
 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. # -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
 SH_CFLAGS:=$(CFLAGS) -fPIC
-SETTYPES:=ipmap portmap macipmap iphash nethash iptree
+SETTYPES:=ipmap portmap macipmap iphash nethash iptree ipporthash
 
 PROGRAMS=ipset
 SHARED_LIBS=$(foreach T, $(SETTYPES),libipset_$(T).so)

Modified: trunk/ipset/ipset.8
===================================================================
--- trunk/ipset/ipset.8	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset.8	2005-10-13 08:55:32 UTC (rev 4353)
@@ -41,15 +41,15 @@
 means a general term here. See the set type definitions below.
 .P
 Any entry in a set can be bound to another set, which forms a relationship
-between a set element and the set it is bound to. The sets may have a 
-default binding, which is valid for every set element for which there is
-no binding defined at all. There is no need for the entry to be
-added to the set for a binding to be defined for it.
+between a set element and the set it is bound to. In order to define a
+binding it is not required that the entry be already added to the set. 
+The sets may have a default binding, which is valid for every set element 
+for which there is no binding defined at all.
 .P
 IP set bindings pointing to sets and iptables matches and targets 
 referring to sets creates references, which protects the given sets in 
-the kernel. A set cannot be removed (destroyed) while there is a reference 
-pointing to it.
+the kernel. A set cannot be removed (destroyed) while there is a single
+reference pointing to it.
 .SH OPTIONS
 The options that are recognized by
 .B ipset
@@ -62,7 +62,7 @@
 .B ipset
 can differentiate it from all other options.
 .TP
-.BI "-N, --create " "\fIsetname\fP type type-options"
+.BI "-N, --create " "\fIsetname\fP type type-specific-options"
 Create a set identified with setname and specified type. 
 Type-specific options must be supplied.
 .TP
@@ -93,8 +93,8 @@
 rules or
 .B
 ipset
-bindings pointing to from-setname will point to to-setname
-and vice versa. Both sets must exist.
+bindings pointing to the content of from-setname will point to 
+the content of to-setname and vice versa. Both sets must exist.
 .TP
 .BI "-L, --list " "[\fIsetname\fP]"
 List the entries and bindings for the specified set, or for
@@ -107,7 +107,7 @@
 output. When the
 .B "-s, --sorted"
 option is given, the entries are listed sorted (if the given set
-supports it).
+type supports the operation).
 .TP
 .BI "-S, --save " "[\fIsetname\fP]"
 Save the given set, or all sets if none or the keyword
@@ -122,7 +122,8 @@
 When generating a session file please note that the supported commands
 (create set, add element, bind) must appear in a strict order: first create
 the set, then add all elements. Then create the next set, add all its elements
-and so on. Finally you can append all binding commands. 
+and so on. Finally you can list all binding commands. Also, it is a restore
+operation, so the sets being restored must not exist.
 .TP
 .BI "-A, --add " "\fIsetname\fP \fIIP\fP"
 Add an IP to a set.
@@ -275,9 +276,9 @@
 Create a portmap set from the specified range.
 .SS iphash
 The iphash set type uses a hash to store IP addresses.
-In order to avoid clashes in the hash, double-hashing and, as a last
+In order to avoid clashes in the hash double-hashing, and as a last
 resort, dynamic growing of the hash performed. The iphash set type is
-fast and great for use to store random addresses. By supplyig the
+great to store random addresses. By supplyig the
 .B "--netmask"
 option with a CIDR netmask value between 0-32 at creating the set,
 you will be able to store and match network addresses instead: i.e 
@@ -306,17 +307,27 @@
 parameter specified, network addresses will be 
 stored in the set instead of IP addresses.
 .P
+Sets created by zero valued resize parameter won't be resized at all.
+The lookup time in an iphash type of set approximately linearly grows with
+the value of the 
+.B
+probes
+parameter. At the same time higher 
+.B
+probes
+values result a better utilized hash while smaller values 
+produce a larger, sparse hash.
 .SS nethash
 The nethash set type uses a hash to store different size of
 network addresses. The
 .I
 IP
-"address" used in the ipset command must be in the form
+"address" used in the ipset commands must be in the form
 .I
 IP-address/cidr-size
 where the CIDR block size must be in the inclusive range of 1-31.
-In order to avoid clashes in the hash, 
-double-hashing and, as a last resort, dynamic growing of the hash performed.
+In order to avoid clashes in the hash 
+double-hashing, and as a last resort, dynamic growing of the hash performed.
 .P
 Options to use when creating an nethash set:
 .TP
@@ -332,14 +343,66 @@
 an IP to the hash could not be performed after
 .P
 An IP address will be in a nethash type of set if it is in any of the
-netblocks added to the set, where the matching start from the smallest
-size of netblock to the biggest ones. When adding/deleting IP addresses
+netblocks added to the set and the matching always start from the smallest
+size of netblock (most specific netmask) to the biggest ones (least
+specific netmasks). When adding/deleting IP addresses
 to a nethash set by the
 .I
 SET
 netfilter kernel module, it will be added/deleted by the smallest
 netblock size which can be found in the set.
 .P
+The lookup time in a nethash type of set is approximately linearly 
+grows with the times of the
+.B
+probes
+parameter and the number of different mask parameters in the hash.
+Otherwise the same speed and memory efficiency comments applies here 
+as at the iphash type.
+.SS ipporthash
+The ipporthash set type uses a hash to store IP address and port pairs.
+In order to avoid clashes in the hash double-hashing, and as a last
+resort, dynamic growing of the hash performed. An ipporthash set can 
+store up to 65536 (B-class network) IP addresses with all possible port
+values. When adding, deleting and testing values in an ipporthash type of
+set, the entries must be specified as
+.B
+"IP%port".
+.P
+The ipporthash types of sets evaluates two src/dst parameters of the 
+.I
+set
+match and 
+.I
+SET
+target. 
+.P
+Options to use when creating an ipporthash set:
+.TP
+.BR "--from " from-IP
+.TP
+.BR "--to " to-IP
+Create an ipporthash set from the specified range.
+.TP
+.BR "--network " IP/mask
+Create an ipporthash set from the specified network.
+.TP
+.BR "--hashsize " hashsize
+The initial hash size (default 1024)
+.TP
+.BR "--probes " probes
+How many times try to resolve clashing at adding an IP to the hash 
+by double-hashing (default 8).
+.TP
+.BR "--resize " percent
+Increase the hash size by this many percent (default 50) when adding
+an IP to the hash could not be performed after
+.B
+probes
+number of double-hashing.
+.P
+The same resizing, speed and memory efficiency comments applies here 
+as at the iphash type.
 .SS iptree
 The iptree set type uses a tree to store IP addresses, optionally 
 with timeout values.

Modified: trunk/ipset/ipset.c
===================================================================
--- trunk/ipset/ipset.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -495,6 +495,10 @@
 	return inet_ntoa(addr);
 }
 
+char *binding_ip_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+{
+	return ip_tostring(ip, options);
+}
 char *ip_tostring_numeric(ip_set_ip_t ip)
 {
 	return ip_tostring(ip, OPT_NUMERIC);
@@ -1039,7 +1043,7 @@
 			   "Save binding failed, try again later.");
 	printf("-B %s %s -b %s\n",
 		set->name,
-		set->settype->bindip_tostring(hash->ip, OPT_NUMERIC),
+		set->settype->bindip_tostring(set, hash->ip, OPT_NUMERIC),
 		set_list[hash->binding]->name);
 
 	return sizeof(struct ip_set_hash_save);
@@ -1624,8 +1628,10 @@
  * Print operation
  */
 
-static void print_bindings(void *data, size_t size, unsigned options,
-			   char * (*printip)(ip_set_ip_t ip, unsigned options))
+static void print_bindings(struct set *set,
+			   void *data, size_t size, unsigned options,
+			   char * (*printip)(struct set *set, 
+					     ip_set_ip_t ip, unsigned options))
 {
 	size_t offset = 0;
 	struct ip_set_hash_list *hash;
@@ -1633,7 +1639,7 @@
 	while (offset < size) {
 		hash = (struct ip_set_hash_list *) (data + offset);
 		printf("%s -> %s\n", 
-			printip(hash->ip, options),
+			printip(set, hash->ip, options),
 			set_list[hash->binding]->name);
 		offset += sizeof(struct ip_set_hash_list);
 	}
@@ -1676,7 +1682,8 @@
 	/* Print bindings */
 	printf("Bindings:\n");
 	offset += setlist->members_size;
-	print_bindings(data + offset, setlist->bindings_size, options,
+	print_bindings(set,
+		       data + offset, setlist->bindings_size, options,
 		       settype->bindip_tostring);
 
 	printf("\n");		/* One newline between sets */

Modified: trunk/ipset/ipset.h
===================================================================
--- trunk/ipset/ipset.h	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset.h	2005-10-13 08:55:32 UTC (rev 4353)
@@ -146,7 +146,7 @@
 	void (*saveips) (struct set *set, void *data, size_t len, unsigned options);
 
 	/* Conver a single IP (binding) to string */
-	char * (*bindip_tostring)(ip_set_ip_t ip, unsigned options);
+	char * (*bindip_tostring)(struct set *set, ip_set_ip_t ip, unsigned options);
 	
 	/* Parse an IP at restoring bindings. FIXME */
 	void (*bindip_parse) (const char *str, ip_set_ip_t * ip);
@@ -167,6 +167,8 @@
 
 extern void exit_error(enum exittype status, char *msg, ...);
 
+extern char *binding_ip_tostring(struct set *set,
+				 ip_set_ip_t ip, unsigned options);
 extern char *ip_tostring(ip_set_ip_t ip, unsigned options);
 extern char *ip_tostring_numeric(ip_set_ip_t ip);
 extern void parse_ip(const char *str, ip_set_ip_t * ip);

Modified: trunk/ipset/ipset_iphash.c
===================================================================
--- trunk/ipset/ipset_iphash.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_iphash.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -284,7 +284,7 @@
 	.saveips = &saveips,
 	
 	/* Bindings */
-	.bindip_tostring = &ip_tostring,
+	.bindip_tostring = &binding_ip_tostring,
 	.bindip_parse = &parse_ip,
 	
 	.usage = &usage,

Modified: trunk/ipset/ipset_ipmap.c
===================================================================
--- trunk/ipset/ipset_ipmap.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_ipmap.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -347,7 +347,7 @@
 	.saveips = &saveips,
 	
 	/* Bindings */
-	.bindip_tostring = &ip_tostring,
+	.bindip_tostring = &binding_ip_tostring,
 	.bindip_parse	= &parse_ip,
 
 	.usage = &usage,

Added: trunk/ipset/ipset_ipporthash.c
===================================================================
--- trunk/ipset/ipset_ipporthash.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_ipporthash.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -0,0 +1,374 @@
+/* Copyright 2004 Jozsef Kadlecsik (kadlec at blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify   
+ * it under the terms of the GNU General Public License as published by   
+ * the Free Software Foundation; either version 2 of the License, or      
+ * (at your option) any later version.                                    
+ *                                                                         
+ * This program is distributed in the hope that it will be useful,        
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of         
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          
+ * GNU General Public License for more details.                           
+ *                                                                         
+ * You should have received a copy of the GNU General Public License      
+ * along with this program; if not, write to the Free Software            
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <time.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <asm/bitops.h>
+#include <asm/types.h>
+
+#include <linux/netfilter_ipv4/ip_set_ipporthash.h>
+#include <linux/netfilter_ipv4/ip_set_jhash.h>
+
+#include "ipset.h"
+
+#define OPT_CREATE_HASHSIZE	0x01U
+#define OPT_CREATE_PROBES	0x02U
+#define OPT_CREATE_RESIZE	0x04U
+#define OPT_CREATE_NETWORK	0x08U
+#define OPT_CREATE_FROM		0x10U
+#define OPT_CREATE_TO		0x10U
+
+/* Initialize the create. */
+void create_init(void *data)
+{
+	struct ip_set_req_ipporthash_create *mydata =
+	    (struct ip_set_req_ipporthash_create *) data;
+
+	DP("create INIT");
+
+	/* Default create parameters */	
+	mydata->hashsize = 1024;
+	mydata->probes = 8;
+	mydata->resize = 50;
+}
+
+/* Function which parses command options; returns true if it ate an option */
+int create_parse(int c, char *argv[], void *data, unsigned *flags)
+{
+	struct ip_set_req_ipporthash_create *mydata =
+	    (struct ip_set_req_ipporthash_create *) data;
+	ip_set_ip_t value;
+
+	DP("create_parse");
+
+	switch (c) {
+	case '1':
+
+		if (string_to_number(optarg, 1, UINT_MAX - 1, &mydata->hashsize))
+			exit_error(PARAMETER_PROBLEM, "Invalid hashsize `%s' specified", optarg);
+
+		*flags |= OPT_CREATE_HASHSIZE;
+
+		DP("--hashsize %u", mydata->hashsize);
+		
+		break;
+
+	case '2':
+
+		if (string_to_number(optarg, 1, 65535, &value))
+			exit_error(PARAMETER_PROBLEM, "Invalid probes `%s' specified", optarg);
+
+		mydata->probes = value;
+		*flags |= OPT_CREATE_PROBES;
+
+		DP("--probes %u", mydata->probes);
+		
+		break;
+
+	case '3':
+
+		if (string_to_number(optarg, 0, 65535, &value))
+			exit_error(PARAMETER_PROBLEM, "Invalid resize `%s' specified", optarg);
+
+		mydata->resize = value;
+		*flags |= OPT_CREATE_RESIZE;
+
+		DP("--resize %u", mydata->resize);
+		
+		break;
+
+	case '4':
+		parse_ip(optarg, &mydata->from);
+
+		*flags |= OPT_CREATE_FROM;
+
+		DP("--from %x (%s)", mydata->from,
+		   ip_tostring_numeric(mydata->from));
+
+		break;
+
+	case '5':
+		parse_ip(optarg, &mydata->to);
+
+		*flags |= OPT_CREATE_TO;
+
+		DP("--to %x (%s)", mydata->to,
+		   ip_tostring_numeric(mydata->to));
+
+		break;
+
+	case '6':
+		parse_ipandmask(optarg, &mydata->from, &mydata->to);
+
+		/* Make to the last of from + mask */
+		if (mydata->to)
+			mydata->to = mydata->from | ~(mydata->to);
+		else {
+			mydata->from = 0x00000000;
+			mydata->to = 0xFFFFFFFF;
+		}
+		*flags |= OPT_CREATE_NETWORK;
+
+		DP("--network from %x (%s)", 
+		   mydata->from, ip_tostring_numeric(mydata->from));
+		DP("--network to %x (%s)", 
+		   mydata->to, ip_tostring_numeric(mydata->to));
+
+		break;
+
+	default:
+		return 0;
+	}
+
+	return 1;
+}
+
+/* Final check; exit if not ok. */
+void create_final(void *data, unsigned int flags)
+{
+	struct ip_set_req_ipporthash_create *mydata =
+	    (struct ip_set_req_ipporthash_create *) data;
+
+#ifdef IPSET_DEBUG
+	DP("hashsize %u probes %u resize %u",
+	   mydata->hashsize, mydata->probes, mydata->resize);
+#endif
+
+	if (flags == 0)
+		exit_error(PARAMETER_PROBLEM,
+			   "Need to specify --from and --to, or --network\n");
+
+	if (flags & OPT_CREATE_NETWORK) {
+		/* --network */
+		if ((flags & OPT_CREATE_FROM) || (flags & OPT_CREATE_TO))
+			exit_error(PARAMETER_PROBLEM,
+				   "Can't specify --from or --to with --network\n");
+	} else {
+		/* --from --to */
+		if ((flags & OPT_CREATE_FROM) == 0
+		    || (flags & OPT_CREATE_TO) == 0)
+			exit_error(PARAMETER_PROBLEM,
+				   "Need to specify both --from and --to\n");
+	}
+
+	DP("from : %x to: %x diff: %x", 
+	   mydata->from, mydata->to,
+	   mydata->to - mydata->from);
+
+	if (mydata->from > mydata->to)
+		exit_error(PARAMETER_PROBLEM,
+			   "From can't be lower than to.\n");
+
+	if (mydata->to - mydata->from > MAX_RANGE)
+		exit_error(PARAMETER_PROBLEM,
+			   "Range to large. Max is %d IPs in range\n",
+			   MAX_RANGE+1);
+}
+
+/* Create commandline options */
+static struct option create_opts[] = {
+	{"hashsize", 1, 0, '1'},
+	{"probes", 1, 0, '2'},
+	{"resize", 1, 0, '3'},
+	{"from", 1, 0, '4'},
+	{"to", 1, 0, '5'},
+	{"network", 1, 0, '6'},
+	{0}
+};
+
+/* Add, del, test parser */
+ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data)
+{
+	struct ip_set_req_ipporthash *mydata =
+	    (struct ip_set_req_ipporthash *) data;
+	char *saved = strdup(optarg);
+	char *ptr, *tmp = saved;
+
+	DP("ipporthash: %p %p", optarg, data);
+
+	ptr = strsep(&tmp, "%");
+	parse_ip(ptr, &mydata->ip);
+
+	if (tmp)
+		parse_port(tmp, &mydata->port);
+	else
+		exit_error(PARAMETER_PROBLEM,
+			   "IP address and port must be specified: ip%%port");
+	free(saved);
+	return 1;	
+};
+
+/*
+ * Print and save
+ */
+
+void initheader(struct set *set, const void *data)
+{
+	struct ip_set_req_ipporthash_create *header =
+	    (struct ip_set_req_ipporthash_create *) data;
+	struct ip_set_ipporthash *map =
+		(struct ip_set_ipporthash *) set->settype->header;
+
+	memset(map, 0, sizeof(struct ip_set_ipporthash));
+	map->hashsize = header->hashsize;
+	map->probes = header->probes;
+	map->resize = header->resize;
+	map->first_ip = header->from;
+	map->last_ip = header->to;
+}
+
+void printheader(struct set *set, unsigned options)
+{
+	struct ip_set_ipporthash *mysetdata =
+	    (struct ip_set_ipporthash *) set->settype->header;
+
+	printf(" from: %s", ip_tostring(mysetdata->first_ip, options));
+	printf(" to: %s", ip_tostring(mysetdata->last_ip, options));
+	printf(" hashsize: %u", mysetdata->hashsize);
+	printf(" probes: %u", mysetdata->probes);
+	printf(" resize: %u\n", mysetdata->resize);
+}
+
+void printips(struct set *set, void *data, size_t len, unsigned options)
+{
+	struct ip_set_ipporthash *mysetdata =
+	    (struct ip_set_ipporthash *) set->settype->header;
+	size_t offset = 0;
+	ip_set_ip_t *ipptr, ip;
+	uint16_t port;
+
+	while (offset < len) {
+		ipptr = data + offset;
+		if (*ipptr) {
+			ip = (*ipptr>>16) + mysetdata->first_ip;
+			port = (uint16_t) *ipptr;
+			printf("%s%%%s\n", 
+			       ip_tostring(ip, options),
+			       port_tostring(port, options));
+		}
+		offset += sizeof(ip_set_ip_t);
+	}
+}
+
+void saveheader(struct set *set, unsigned options)
+{
+	struct ip_set_ipporthash *mysetdata =
+	    (struct ip_set_ipporthash *) set->settype->header;
+
+	printf("-N %s %s --from %s",
+	       set->name, set->settype->typename,
+	       ip_tostring(mysetdata->first_ip, options));
+	printf(" --to %s",
+	       ip_tostring(mysetdata->last_ip, options));
+	printf(" --hashsize %u --probes %u --resize %u\n",
+	       mysetdata->hashsize, mysetdata->probes, mysetdata->resize);
+}
+
+/* Print save for an IP */
+void saveips(struct set *set, void *data, size_t len, unsigned options)
+{
+	struct ip_set_ipporthash *mysetdata =
+	    (struct ip_set_ipporthash *) set->settype->header;
+	size_t offset = 0;
+	ip_set_ip_t *ipptr, ip;
+	uint16_t port;
+
+	while (offset < len) {
+		ipptr = data + offset;
+		if (*ipptr) {
+			ip = (*ipptr>>16) + mysetdata->first_ip;
+			port = (uint16_t) *ipptr;
+			printf("-A %s %s%%%s\n", set->name, 
+			       ip_tostring(ip, options),
+			       port_tostring(port, options));
+		}
+		offset += sizeof(ip_set_ip_t);
+	}
+}
+
+static char buffer[22];
+
+static char * unpack_ipport_tostring(struct set *set, ip_set_ip_t bip, unsigned options)
+{
+	struct ip_set_ipporthash *mysetdata =
+	    (struct ip_set_ipporthash *) set->settype->header;
+	ip_set_ip_t ip, port;
+	
+	ip = (bip>>16) + mysetdata->first_ip;
+	port = (uint16_t) bip;
+	sprintf(buffer, "%s%%%s", 
+		ip_tostring(ip, options), port_tostring(port, options));
+		
+	return buffer;
+}
+
+void usage(void)
+{
+	printf
+	    ("-N set ipporthash --from IP --to IP\n"
+	     "   [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
+	     "-N set ipporthash --network IP/mask\n"
+	     "   [--hashsize hashsize] [--probes probes ] [--resize resize]\n"
+	     "-A set IP\n"
+	     "-D set IP\n"
+	     "-T set IP\n");
+}
+
+static struct settype settype_ipporthash = {
+	.typename = SETTYPE_NAME,
+	.protocol_version = IP_SET_PROTOCOL_VERSION,
+
+	/* Create */
+	.create_size = sizeof(struct ip_set_req_ipporthash_create),
+	.create_init = &create_init,
+	.create_parse = &create_parse,
+	.create_final = &create_final,
+	.create_opts = create_opts,
+
+	/* Add/del/test */
+	.adt_size = sizeof(struct ip_set_req_ipporthash),
+	.adt_parser = &adt_parser,
+
+	/* Printing */
+	.header_size = sizeof(struct ip_set_ipporthash),
+	.initheader = &initheader,
+	.printheader = &printheader,
+	.printips = &printips,		/* We only have the unsorted version */
+	.printips_sorted = &printips,
+	.saveheader = &saveheader,
+	.saveips = &saveips,
+	
+	/* Bindings */
+	.bindip_tostring = &unpack_ipport_tostring,
+	.bindip_parse = &parse_ip,
+	
+	.usage = &usage,
+};
+
+void _init(void)
+{
+	settype_register(&settype_ipporthash);
+
+}

Modified: trunk/ipset/ipset_iptree.c
===================================================================
--- trunk/ipset/ipset_iptree.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_iptree.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -210,7 +210,7 @@
 	.saveips = &saveips,
 	
 	/* Bindings */
-	.bindip_tostring = &ip_tostring,
+	.bindip_tostring = &binding_ip_tostring,
 	.bindip_parse	= &parse_ip,
 
 	.usage = &usage,

Modified: trunk/ipset/ipset_macipmap.c
===================================================================
--- trunk/ipset/ipset_macipmap.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_macipmap.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -327,7 +327,7 @@
 	.saveips = &saveips,
 
 	/* Bindings */
-	.bindip_tostring = &ip_tostring,
+	.bindip_tostring = &binding_ip_tostring,
 	.bindip_parse = &parse_ip,
 
 	.usage = &usage,

Modified: trunk/ipset/ipset_nethash.c
===================================================================
--- trunk/ipset/ipset_nethash.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_nethash.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -291,7 +291,7 @@
 	}
 }
 
-static char * net_tostring(ip_set_ip_t ip, unsigned options)
+static char * net_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
 {
 	return unpack_ip_tostring(ip, options);
 }

Modified: trunk/ipset/ipset_portmap.c
===================================================================
--- trunk/ipset/ipset_portmap.c	2005-10-13 08:53:58 UTC (rev 4352)
+++ trunk/ipset/ipset_portmap.c	2005-10-13 08:55:32 UTC (rev 4353)
@@ -165,6 +165,11 @@
 	}
 }
 
+char * binding_port_tostring(struct set *set, ip_set_ip_t ip, unsigned options)
+{
+	return port_tostring(ip, options);
+}
+
 void saveheader(struct set *set, unsigned options)
 {
 	struct ip_set_portmap *mysetdata =
@@ -227,7 +232,7 @@
 	.saveips = &saveports,
 	
 	/* Bindings */
-	.bindip_tostring = &port_tostring,
+	.bindip_tostring = &binding_port_tostring,
 	.bindip_parse = &parse_port,
 
 	.usage = &usage,




More information about the netfilter-cvslog mailing list