diff --git a/doc/changelog.txt b/doc/changelog.txt index 48f85a5..ca87eeb 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -8,6 +8,7 @@ Fixes: Changes: - Remove unsupported ipset 4.x from the Xtables-addons distribution - ipset: move ipset_errcode from src to library to avoid undefined reference +- update to ipset 6.9.1 v1.38 (2011-08-20) diff --git a/extensions/ipset-6/Kbuild b/extensions/ipset-6/Kbuild index f54e8a1..a3c51f9 100644 --- a/extensions/ipset-6/Kbuild +++ b/extensions/ipset-6/Kbuild @@ -8,4 +8,4 @@ obj-m += ip_set_hash_netiface.o ip_set_hash_netport.o ip_set_list_set.o ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o -EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256 +EXTRA_CFLAGS += -DLCONFIG_IP_SET_MAX=256 -DIPSET_EXTERNAL_MODULE=1 diff --git a/extensions/ipset-6/include/libipset/linux_ip_set.h b/extensions/ipset-6/include/libipset/linux_ip_set.h index 1a20a69..b601b96 100644 --- a/extensions/ipset-6/include/libipset/linux_ip_set.h +++ b/extensions/ipset-6/include/libipset/linux_ip_set.h @@ -11,6 +11,8 @@ * published by the Free Software Foundation. */ +#include + /* The protocol version */ #define IPSET_PROTOCOL 0x60 @@ -168,4 +170,30 @@ enum ipset_adt { IPSET_CADT_MAX, }; +/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t + * and IPSET_INVALID_ID if you want to increase the max number of sets. + */ +typedef __u16 ip_set_id_t; + +#define IPSET_INVALID_ID 65535 + +enum ip_set_dim { + IPSET_DIM_ZERO = 0, + IPSET_DIM_ONE, + IPSET_DIM_TWO, + IPSET_DIM_THREE, + /* Max dimension in elements. + * If changed, new revision of iptables match/target is required. + */ + IPSET_DIM_MAX = 6, +}; + +/* Option flags for kernel operations */ +enum ip_set_kopt { + IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), + IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), + IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), + IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), +}; + #endif /* __IP_SET_H */ diff --git a/extensions/ipset-6/include/libipset/nfproto.h b/extensions/ipset-6/include/libipset/nfproto.h new file mode 100644 index 0000000..800da11 --- /dev/null +++ b/extensions/ipset-6/include/libipset/nfproto.h @@ -0,0 +1,19 @@ +#ifndef LIBIPSET_NFPROTO_H +#define LIBIPSET_NFPROTO_H + +/* + * The constants to select, same as in linux/netfilter.h. + * Like nf_inet_addr.h, this is just here so that we need not to rely on + * the presence of a recent-enough netfilter.h. + */ +enum { + NFPROTO_UNSPEC = 0, + NFPROTO_IPV4 = 2, + NFPROTO_ARP = 3, + NFPROTO_BRIDGE = 7, + NFPROTO_IPV6 = 10, + NFPROTO_DECNET = 12, + NFPROTO_NUMPROTO, +}; + +#endif /* LIBIPSET_NFPROTO_H */ diff --git a/extensions/ipset-6/include/libipset/types.h b/extensions/ipset-6/include/libipset/types.h index d3a0b4c..cacce26 100644 --- a/extensions/ipset-6/include/libipset/types.h +++ b/extensions/ipset-6/include/libipset/types.h @@ -14,24 +14,22 @@ #include /* ipset_parsefn */ #include /* ipset_printfn */ #include /* IPSET_MAXNAMELEN */ - -#define AF_INET46 255 +#include /* for NFPROTO_ */ /* Family rules: - * - AF_UNSPEC: type is family-neutral - * - AF_INET: type supports IPv4 only - * - AF_INET6: type supports IPv6 only - * - AF_INET46: type supports both IPv4 and IPv6 + * - NFPROTO_UNSPEC: type is family-neutral + * - NFPROTO_IPV4: type supports IPv4 only + * - NFPROTO_IPV6: type supports IPv6 only + * Special (userspace) ipset-only extra value: + * - NFPROTO_IPSET_IPV46: type supports both IPv4 and IPv6 */ - -/* Set dimensions */ enum { - IPSET_DIM_ONE, /* foo */ - IPSET_DIM_TWO, /* foo,bar */ - IPSET_DIM_THREE, /* foo,bar,fie */ - IPSET_DIM_MAX, + NFPROTO_IPSET_IPV46 = 255, }; +/* The maximal type dimension userspace supports */ +#define IPSET_DIM_UMAX 3 + /* Parser options */ enum { IPSET_NO_ARG = -1, @@ -76,7 +74,7 @@ struct ipset_type { uint8_t dimension; /* elem dimension */ int8_t kernel_check; /* kernel check */ bool last_elem_optional; /* last element optional */ - struct ipset_elem elem[IPSET_DIM_MAX]; /* parse elem */ + struct ipset_elem elem[IPSET_DIM_UMAX]; /* parse elem */ ipset_parsefn compat_parse_elem; /* compatibility parser */ const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args besides elem */ uint64_t mandatory[IPSET_CADT_MAX]; /* create/ADT mandatory flags */ diff --git a/extensions/ipset-6/ip_set.h b/extensions/ipset-6/ip_set.h index 84bd212..52c1cd1 100644 --- a/extensions/ipset-6/ip_set.h +++ b/extensions/ipset-6/ip_set.h @@ -11,6 +11,7 @@ * published by the Free Software Foundation. */ +#include #include /* The protocol version */ @@ -170,19 +171,10 @@ enum ipset_adt { IPSET_CADT_MAX, }; -#ifdef __KERNEL__ -#include -#include -#include -#include -#include -#include -#include - /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t * and IPSET_INVALID_ID if you want to increase the max number of sets. */ -typedef u16 ip_set_id_t; +typedef __u16 ip_set_id_t; #define IPSET_INVALID_ID 65535 @@ -205,6 +197,15 @@ enum ip_set_kopt { IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), }; +#ifdef __KERNEL__ +#include +#include +#include +#include +#include +#include +#include + /* Set features */ enum ip_set_feature { IPSET_TYPE_IP_FLAG = 0, @@ -290,7 +291,10 @@ struct ip_set_type { u8 features; /* Set type dimension */ u8 dimension; - /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */ + /* + * Supported family: may be NFPROTO_UNSPEC for both + * NFPROTO_IPV4/NFPROTO_IPV6. + */ u8 family; /* Type revisions */ u8 revision_min, revision_max; @@ -465,6 +469,8 @@ bitmap_bytes(u32 a, u32 b) return 4 * ((((b - a + 8) / 8) + 3) / 4); } +#endif /* __KERNEL__ */ + /* Interface to iptables/ip6tables */ #define SO_IP_SET 83 @@ -490,6 +496,4 @@ struct ip_set_req_version { unsigned version; }; -#endif /* __KERNEL__ */ - #endif /*_IP_SET_H */ diff --git a/extensions/ipset-6/ip_set_bitmap_ip.c b/extensions/ipset-6/ip_set_bitmap_ip.c index bae805a..e305653 100644 --- a/extensions/ipset-6/ip_set_bitmap_ip.c +++ b/extensions/ipset-6/ip_set_bitmap_ip.c @@ -442,7 +442,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -550,7 +550,7 @@ static struct ip_set_type bitmap_ip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ip_create, diff --git a/extensions/ipset-6/ip_set_bitmap_ipmac.c b/extensions/ipset-6/ip_set_bitmap_ipmac.c index a76bab4..eaec01d 100644 --- a/extensions/ipset-6/ip_set_bitmap_ipmac.c +++ b/extensions/ipset-6/ip_set_bitmap_ipmac.c @@ -543,7 +543,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_INET; + set->family = NFPROTO_IPV4; return true; } @@ -623,7 +623,7 @@ static struct ip_set_type bitmap_ipmac_type = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_MAC, .dimension = IPSET_DIM_TWO, - .family = AF_INET, + .family = NFPROTO_IPV4, .revision_min = 0, .revision_max = 0, .create = bitmap_ipmac_create, diff --git a/extensions/ipset-6/ip_set_bitmap_port.c b/extensions/ipset-6/ip_set_bitmap_port.c index 4c6b26c..fd43aa7 100644 --- a/extensions/ipset-6/ip_set_bitmap_port.c +++ b/extensions/ipset-6/ip_set_bitmap_port.c @@ -422,7 +422,7 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, map->timeout = IPSET_NO_TIMEOUT; set->data = map; - set->family = AF_UNSPEC; + set->family = NFPROTO_UNSPEC; return true; } @@ -483,7 +483,7 @@ static struct ip_set_type bitmap_port_type = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_PORT, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = bitmap_port_create, diff --git a/extensions/ipset-6/ip_set_core.c b/extensions/ipset-6/ip_set_core.c index 52181e6..6f7f9cb 100644 --- a/extensions/ipset-6/ip_set_core.c +++ b/extensions/ipset-6/ip_set_core.c @@ -17,7 +17,9 @@ #include #include #include +#ifdef IPSET_EXTERNAL_MODULE #include +#endif #include #include @@ -75,7 +77,7 @@ find_set_type(const char *name, u8 family, u8 revision) list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family || type->family == AF_UNSPEC) && + (type->family == family || type->family == NFPROTO_UNSPEC) && revision >= type->revision_min && revision <= type->revision_max) return type; @@ -83,37 +85,42 @@ find_set_type(const char *name, u8 family, u8 revision) } /* Unlock, try to load a set type module and lock again */ -static int -try_to_load_type(const char *name) +static bool +load_settype(const char *name) { genl_unlock(); pr_debug("try to load ip_set_%s\n", name); if (request_module("ip_set_%s", name) < 0) { pr_warning("Can't find ip_set type %s\n", name); genl_lock(); - return -IPSET_ERR_FIND_TYPE; + return false; } genl_lock(); - return -EAGAIN; + return true; } /* Find a set type and reference it */ +#define find_set_type_get(name, family, revision, found) \ + __find_set_type_get(name, family, revision, found, false) + static int -find_set_type_get(const char *name, u8 family, u8 revision, - struct ip_set_type **found) +__find_set_type_get(const char *name, u8 family, u8 revision, + struct ip_set_type **found, bool retry) { struct ip_set_type *type; - unsigned int retry = 0; int err; -retry: + if (retry && !load_settype(name)) + return -IPSET_ERR_FIND_TYPE; + rcu_read_lock(); *found = find_set_type(name, family, revision); if (*found) { err = !try_module_get((*found)->me) ? -EFAULT : 0; goto unlock; } - /* Make sure the type is loaded but we don't support the revision */ + /* Make sure the type is already loaded + * but we don't support the revision */ list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name)) { err = -IPSET_ERR_FIND_TYPE; @@ -121,10 +128,8 @@ retry: } rcu_read_unlock(); - err = try_to_load_type(name); - if (err == -EAGAIN && retry++ == 0) - goto retry; - return err; + return retry ? -IPSET_ERR_FIND_TYPE : + __find_set_type_get(name, family, revision, found, true); unlock: rcu_read_unlock(); @@ -135,20 +140,24 @@ unlock: * If we succeeded, the supported minimal and maximum revisions are * filled out. */ +#define find_set_type_minmax(name, family, min, max) \ + __find_set_type_minmax(name, family, min, max, false) + static int -find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max) +__find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max, + bool retry) { struct ip_set_type *type; bool found = false; - unsigned int retry = 0; - int err; -retry: + if (retry && !load_settype(name)) + return -IPSET_ERR_FIND_TYPE; + *min = 255; *max = 0; rcu_read_lock(); list_for_each_entry_rcu(type, &ip_set_type_list, list) if (STREQ(type->name, name) && - (type->family == family || type->family == AF_UNSPEC)) { + (type->family == family || type->family == NFPROTO_UNSPEC)) { found = true; if (type->revision_min < *min) *min = type->revision_min; @@ -159,14 +168,12 @@ retry: if (found) return 0; - err = try_to_load_type(name); - if (err == -EAGAIN && retry++ == 0) - goto retry; - return err; + return retry ? -IPSET_ERR_FIND_TYPE : + __find_set_type_minmax(name, family, min, max, true); } -#define family_name(f) ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") +#define family_name(f) ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") /* Register a set type structure. The type is identified by * the unique triple of name, family and revision. @@ -360,7 +367,7 @@ ip_set_test(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; read_lock_bh(&set->lock); @@ -393,7 +400,7 @@ ip_set_add(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -416,7 +423,7 @@ ip_set_del(ip_set_id_t index, const struct sk_buff *skb, pr_debug("set %s, index %u\n", set->name, index); if (opt->dim < set->type->dimension || - !(opt->family == set->family || set->family == AF_UNSPEC)) + !(opt->family == set->family || set->family == NFPROTO_UNSPEC)) return 0; write_lock_bh(&set->lock); @@ -1137,6 +1144,7 @@ release_refcount: if (ret || !cb->args[2]) { pr_debug("release set %s\n", ip_set_list[index]->name); ip_set_put_byindex(index); + cb->args[2] = 0; } out: if (nlh) { @@ -1160,12 +1168,12 @@ ip_set_dump(struct sk_buff *skb, struct genl_info *info) return -IPSET_ERR_PROTOCOL; genl_unlock(); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 1, 0) - ret = netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done, 0); -#else ret = netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, +#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) ip_set_dump_done); +#else + ip_set_dump_done, 0); #endif genl_lock(); return ret; @@ -1738,10 +1746,8 @@ ip_set_init(void) ip_set_list = kzalloc(sizeof(struct ip_set *) * ip_set_max, GFP_KERNEL); - if (!ip_set_list) { - pr_err("ip_set: Unable to create ip_set_list\n"); + if (!ip_set_list) return -ENOMEM; - } ret = genl_register_family_with_ops(&ip_set_netlink_subsys, ip_set_netlink_subsys_cb, ARRAY_SIZE(ip_set_netlink_subsys_cb)); diff --git a/extensions/ipset-6/ip_set_getport.c b/extensions/ipset-6/ip_set_getport.c index 8600041..9824d00 100644 --- a/extensions/ipset-6/ip_set_getport.c +++ b/extensions/ipset-6/ip_set_getport.c @@ -133,10 +133,10 @@ ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port) u8 proto; switch (pf) { - case AF_INET: + case NFPROTO_IPV4: ret = ip_set_get_ip4_port(skb, src, port, &proto); break; - case AF_INET6: + case NFPROTO_IPV6: ret = ip_set_get_ip6_port(skb, src, port, &proto); break; default: diff --git a/extensions/ipset-6/ip_set_hash_ip.c b/extensions/ipset-6/ip_set_hash_ip.c index 0e0dc30..c5c1234 100644 --- a/extensions/ipset-6/ip_set_hash_ip.c +++ b/extensions/ipset-6/ip_set_hash_ip.c @@ -366,11 +366,11 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u8 netmask, hbits; struct ip_set_hash *h; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; - netmask = set->family == AF_INET ? 32 : 128; + netmask = set->family == NFPROTO_IPV4 ? 32 : 128; pr_debug("Create set %s with family %s\n", - set->name, set->family == AF_INET ? "inet" : "inet6"); + set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) || @@ -389,8 +389,8 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_NETMASK]) { netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]); - if ((set->family == AF_INET && netmask > 32) || - (set->family == AF_INET6 && netmask > 128) || + if ((set->family == NFPROTO_IPV4 && netmask > 32) || + (set->family == NFPROTO_IPV6 && netmask > 128) || netmask == 0) return -IPSET_ERR_INVALID_NETMASK; } @@ -419,15 +419,15 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_tvariant : &hash_ip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ip4_gc_init(set); else hash_ip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ip4_variant : &hash_ip6_variant; } @@ -443,7 +443,7 @@ static struct ip_set_type hash_ip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = hash_ip_create, diff --git a/extensions/ipset-6/ip_set_hash_ipport.c b/extensions/ipset-6/ip_set_hash_ipport.c index 68622d2..0a96b5a 100644 --- a/extensions/ipset-6/ip_set_hash_ipport.c +++ b/extensions/ipset-6/ip_set_hash_ipport.c @@ -450,7 +450,7 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -490,15 +490,15 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_tvariant : &hash_ipport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipport4_gc_init(set); else hash_ipport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipport4_variant : &hash_ipport6_variant; } @@ -514,7 +514,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipport_create, diff --git a/extensions/ipset-6/ip_set_hash_ipportip.c b/extensions/ipset-6/ip_set_hash_ipportip.c index 06e069a..6dd0556 100644 --- a/extensions/ipset-6/ip_set_hash_ipportip.c +++ b/extensions/ipset-6/ip_set_hash_ipportip.c @@ -468,7 +468,7 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -508,15 +508,15 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportip4_gc_init(set); else hash_ipportip6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportip4_variant : &hash_ipportip6_variant; } @@ -532,7 +532,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* SCTP and UDPLITE support added */ .create = hash_ipportip_create, diff --git a/extensions/ipset-6/ip_set_hash_ipportnet.c b/extensions/ipset-6/ip_set_hash_ipportnet.c index 81a566c..57b94cc 100644 --- a/extensions/ipset-6/ip_set_hash_ipportnet.c +++ b/extensions/ipset-6/ip_set_hash_ipportnet.c @@ -554,7 +554,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -573,7 +573,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -596,16 +596,16 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_tvariant : &hash_ipportnet6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_ipportnet4_gc_init(set); else hash_ipportnet6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_ipportnet4_variant : &hash_ipportnet6_variant; } @@ -621,7 +621,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2, .dimension = IPSET_DIM_THREE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added */ .revision_max = 2, /* Range as input support for IPv4 added */ diff --git a/extensions/ipset-6/ip_set_hash_net.c b/extensions/ipset-6/ip_set_hash_net.c index 4921f3e..4e6505a 100644 --- a/extensions/ipset-6/ip_set_hash_net.c +++ b/extensions/ipset-6/ip_set_hash_net.c @@ -406,7 +406,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) struct ip_set_hash *h; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -425,7 +425,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -448,15 +448,15 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_tvariant : &hash_net6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_net4_gc_init(set); else hash_net6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_net4_variant : &hash_net6_variant; } @@ -472,7 +472,7 @@ static struct ip_set_type hash_net_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 1, /* Range as input support for IPv4 added */ .create = hash_net_create, diff --git a/extensions/ipset-6/ip_set_hash_netiface.c b/extensions/ipset-6/ip_set_hash_netiface.c index bb2705e..d5ed56d 100644 --- a/extensions/ipset-6/ip_set_hash_netiface.c +++ b/extensions/ipset-6/ip_set_hash_netiface.c @@ -678,7 +678,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -697,7 +697,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -722,15 +722,15 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_tvariant : &hash_netiface6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netiface4_gc_init(set); else hash_netiface6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netiface4_variant : &hash_netiface6_variant; } @@ -746,7 +746,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_IFACE, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .create = hash_netiface_create, .create_policy = { diff --git a/extensions/ipset-6/ip_set_hash_netport.c b/extensions/ipset-6/ip_set_hash_netport.c index 3148142..c6a2c27 100644 --- a/extensions/ipset-6/ip_set_hash_netport.c +++ b/extensions/ipset-6/ip_set_hash_netport.c @@ -507,7 +507,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; - if (!(set->family == AF_INET || set->family == AF_INET6)) + if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) || @@ -526,7 +526,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h = kzalloc(sizeof(*h) + sizeof(struct ip_set_hash_nets) - * (set->family == AF_INET ? 32 : 128), GFP_KERNEL); + * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL); if (!h) return -ENOMEM; @@ -549,15 +549,15 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (tb[IPSET_ATTR_TIMEOUT]) { h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_tvariant : &hash_netport6_tvariant; - if (set->family == AF_INET) + if (set->family == NFPROTO_IPV4) hash_netport4_gc_init(set); else hash_netport6_gc_init(set); } else { - set->variant = set->family == AF_INET + set->variant = set->family == NFPROTO_IPV4 ? &hash_netport4_variant : &hash_netport6_variant; } @@ -573,7 +573,7 @@ static struct ip_set_type hash_netport_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_IP | IPSET_TYPE_PORT, .dimension = IPSET_DIM_TWO, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, /* 1 SCTP and UDPLITE support added */ .revision_max = 2, /* Range as input support for IPv4 added */ diff --git a/extensions/ipset-6/ip_set_list_set.c b/extensions/ipset-6/ip_set_list_set.c index 5253a52..070d086 100644 --- a/extensions/ipset-6/ip_set_list_set.c +++ b/extensions/ipset-6/ip_set_list_set.c @@ -575,7 +575,7 @@ static struct ip_set_type list_set_type __read_mostly = { .protocol = IPSET_PROTOCOL, .features = IPSET_TYPE_NAME | IPSET_DUMP_LAST, .dimension = IPSET_DIM_ONE, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .revision_min = 0, .revision_max = 0, .create = list_set_create, diff --git a/extensions/ipset-6/libipset/data.c b/extensions/ipset-6/libipset/data.c index dfae6aa..0210b7b 100644 --- a/extensions/ipset-6/libipset/data.c +++ b/extensions/ipset-6/libipset/data.c @@ -8,7 +8,6 @@ #include /* ntoh* */ #include /* ETH_ALEN */ #include /* IFNAMSIZ */ -#include /* AF_ */ #include /* malloc, free */ #include /* memset */ @@ -81,7 +80,7 @@ struct ipset_data { static void copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value) { - if (family == AF_INET) + if (family == NFPROTO_IPV4) in4cpy(&ip->in, value); else in6cpy(&ip->in6, value); @@ -213,12 +212,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) break; /* CADT options */ case IPSET_OPT_IP: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip, value); break; case IPSET_OPT_IP_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->ip_to, value); break; @@ -288,12 +287,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN); break; case IPSET_OPT_IP2: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2, value); break; case IPSET_OPT_IP2_TO: - if (!(data->family == AF_INET || data->family == AF_INET6)) + if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6)) return -1; copy_addr(data->family, &data->adt.ip2_to, value); break; @@ -456,7 +455,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_IP_TO: case IPSET_OPT_IP2: case IPSET_OPT_IP2_TO: - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: @@ -511,14 +510,14 @@ ipset_data_setname(const struct ipset_data *data) * @data: data blob * * Return the INET family supported by the set from the data blob. - * If the family is not set yet, AF_UNSPEC is returned. + * If the family is not set yet, NFPROTO_UNSPEC is returned. */ uint8_t ipset_data_family(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_FAMILY) - ? data->family : AF_UNSPEC; + ? data->family : NFPROTO_UNSPEC; } /** @@ -534,8 +533,8 @@ ipset_data_cidr(const struct ipset_data *data) { assert(data); return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr : - data->family == AF_INET ? 32 : - data->family == AF_INET6 ? 128 : 0; + data->family == NFPROTO_IPV4 ? 32 : + data->family == NFPROTO_IPV6 ? 128 : 0; } /** diff --git a/extensions/ipset-6/libipset/debug.c b/extensions/ipset-6/libipset/debug.c index 931b0c1..486d910 100644 --- a/extensions/ipset-6/libipset/debug.c +++ b/extensions/ipset-6/libipset/debug.c @@ -116,14 +116,14 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy, d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV4]); - inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) { d = mnl_attr_get_payload( ipattr[IPSET_ATTR_IPADDR_IPV6]); - inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN); + inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN); fprintf(stderr, "\t\t%s: %s\n", attr2name[i].name, addr); } diff --git a/extensions/ipset-6/libipset/parse.c b/extensions/ipset-6/libipset/parse.c index 2bb0601..241d5ae 100644 --- a/extensions/ipset-6/libipset/parse.c +++ b/extensions/ipset-6/libipset/parse.c @@ -511,7 +511,7 @@ ipset_parse_proto_port(struct ipset_session *session, tmp = a; goto parse_port; case IPPROTO_ICMP: - if (family != AF_INET) { + if (family != NFPROTO_IPV4) { syntax_err("Protocol ICMP can be used " "with family INET only"); goto error; @@ -519,7 +519,7 @@ ipset_parse_proto_port(struct ipset_session *session, err = ipset_parse_icmp(session, opt, a); break; case IPPROTO_ICMPV6: - if (family != AF_INET6) { + if (family != NFPROTO_IPV6) { syntax_err("Protocol ICMPv6 can be used " "with family INET6 only"); goto error; @@ -577,11 +577,11 @@ ipset_parse_family(struct ipset_session *session, "multiple times"); if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4")) - family = AF_INET; + family = NFPROTO_IPV4; else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6")) - family = AF_INET6; + family = NFPROTO_IPV6; else if (STREQ(str, "any") || STREQ(str, "unspec")) - family = AF_UNSPEC; + family = NFPROTO_UNSPEC; else return syntax_err("unknown INET family %s", str); @@ -610,7 +610,7 @@ call_getaddrinfo(struct ipset_session *session, const char *str, if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) { syntax_err("cannot resolve '%s' to an %s address: %s", - str, family == AF_INET6 ? "IPv6" : "IPv4", + str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4", gai_strerror(err)); return NULL; } else @@ -625,13 +625,13 @@ get_addrinfo(struct ipset_session *session, uint8_t family) { struct addrinfo *i; - size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in) + size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); int found, err = 0; if ((*info = call_getaddrinfo(session, str, family)) == NULL) { syntax_err("cannot parse %s: resolving to %s address failed", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return EINVAL; } @@ -639,7 +639,7 @@ get_addrinfo(struct ipset_session *session, if (i->ai_family != family || i->ai_addrlen != addrlen) continue; if (found == 0) { - if (family == AF_INET) { + if (family == NFPROTO_IPV4) { /* Workaround: direct cast increases * required alignment on Sparc */ @@ -668,7 +668,7 @@ get_addrinfo(struct ipset_session *session, if (found == 0) return syntax_err("cannot parse %s: " "%s address could not be resolved", - str, family == AF_INET ? "IPv4" : "IPv6"); + str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6"); return err; } @@ -677,7 +677,7 @@ parse_ipaddr(struct ipset_session *session, enum ipset_opt opt, const char *str, uint8_t family) { - uint8_t m = family == AF_INET ? 32 : 128; + uint8_t m = family == NFPROTO_IPV4 ? 32 : 128; int aerr = EINVAL, err = 0, range = 0; char *saved = strdup(str); char *a, *tmp = saved; @@ -737,7 +737,7 @@ cidr_hostaddr(const char *str, uint8_t family) { char *a = cidr_separator(str); - return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128"); + return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128"); } static int @@ -747,8 +747,8 @@ parse_ip(struct ipset_session *session, struct ipset_data *data = ipset_session_data(session); uint8_t family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -985,12 +985,12 @@ ipset_parse_ip4_single6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? ipset_parse_ip(session, opt, str) + return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str) : ipset_parse_single_ip(session, opt, str); } @@ -1025,12 +1025,12 @@ ipset_parse_ip4_net6(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY) + return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY) : ipset_parse_ipnet(session, opt, str); } @@ -1330,21 +1330,21 @@ ipset_parse_netmask(struct ipset_session *session, data = ipset_session_data(session); family = ipset_data_family(data); - if (family == AF_UNSPEC) { - family = AF_INET; + if (family == NFPROTO_UNSPEC) { + family = NFPROTO_IPV4; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } err = string_to_cidr(session, str, - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124, + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124, &cidr); if (err) return syntax_err("netmask is out of the inclusive range " "of %u-%u", - family == AF_INET ? 1 : 4, - family == AF_INET ? 31 : 124); + family == NFPROTO_IPV4 ? 1 : 4, + family == NFPROTO_IPV4 ? 31 : 124); return ipset_data_set(data, opt, &cidr); } @@ -1525,9 +1525,9 @@ ipset_call_parser(struct ipset_session *session, #define parse_elem(s, t, d, str) \ do { \ - if (!(t)->elem[d].parse) \ + if (!(t)->elem[d - 1].parse) \ goto internal; \ - ret = (t)->elem[d].parse(s, (t)->elem[d].opt, str); \ + ret = (t)->elem[d - 1].parse(s, (t)->elem[d - 1].opt, str); \ if (ret) \ goto out; \ } while (0) @@ -1582,7 +1582,7 @@ ipset_parse_elem(struct ipset_session *session, } else if (a != NULL) { if (type->compat_parse_elem) { ret = type->compat_parse_elem(session, - type->elem[IPSET_DIM_ONE].opt, + type->elem[IPSET_DIM_ONE - 1].opt, saved); goto out; } diff --git a/extensions/ipset-6/libipset/print.c b/extensions/ipset-6/libipset/print.c index 6452ab5..f04377f 100644 --- a/extensions/ipset-6/libipset/print.c +++ b/extensions/ipset-6/libipset/print.c @@ -152,7 +152,7 @@ __getnameinfo4(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in4cpy(&saddr.sin_addr, &addr->in); - saddr.sin_family = AF_INET; + saddr.sin_family = NFPROTO_IPV4; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -178,7 +178,7 @@ __getnameinfo6(char *buf, unsigned int len, memset(&saddr, 0, sizeof(saddr)); in6cpy(&saddr.sin6_addr, &addr->in6); - saddr.sin6_family = AF_INET6; + saddr.sin6_family = NFPROTO_IPV6; err = getnameinfo((const struct sockaddr *)&saddr, sizeof(saddr), @@ -253,14 +253,14 @@ ipset_print_ip(char *buf, unsigned int len, cidr = *(const uint8_t *) ipset_data_get(data, cidropt); D("CIDR: %u", cidr); } else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf, len, flags, ip, cidr); else return -1; @@ -275,9 +275,9 @@ ipset_print_ip(char *buf, unsigned int len, SNPRINTF_FAILURE(size, len, offset); ip = ipset_data_get(data, IPSET_OPT_IP_TO); - if (family == AF_INET) + if (family == NFPROTO_IPV4) size = snprintf_ipv4(buf + offset, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) size = snprintf_ipv6(buf + offset, len, flags, ip, cidr); else return -1; @@ -320,14 +320,14 @@ ipset_print_ipaddr(char *buf, unsigned int len, if (ipset_data_test(data, cidropt)) cidr = *(const uint8_t *) ipset_data_get(data, cidropt); else - cidr = family == AF_INET6 ? 128 : 32; + cidr = family == NFPROTO_IPV6 ? 128 : 32; flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST; ip = ipset_data_get(data, opt); assert(ip); - if (family == AF_INET) + if (family == NFPROTO_IPV4) return snprintf_ipv4(buf, len, flags, ip, cidr); - else if (family == AF_INET6) + else if (family == NFPROTO_IPV6) return snprintf_ipv6(buf, len, flags, ip, cidr); return -1; @@ -705,30 +705,30 @@ ipset_print_elem(char *buf, unsigned int len, if (!type) return -1; - size = type->elem[IPSET_DIM_ONE].print(buf, len, data, - type->elem[IPSET_DIM_ONE].opt, env); + size = type->elem[IPSET_DIM_ONE - 1].print(buf, len, data, + type->elem[IPSET_DIM_ONE - 1].opt, env); SNPRINTF_FAILURE(size, len, offset); - IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt), + IF_D(ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt), "print second elem"); if (type->dimension == IPSET_DIM_ONE || (type->last_elem_optional && - !ipset_data_test(data, type->elem[IPSET_DIM_TWO].opt))) + !ipset_data_test(data, type->elem[IPSET_DIM_TWO - 1].opt))) return offset; size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); SNPRINTF_FAILURE(size, len, offset); - size = type->elem[IPSET_DIM_TWO].print(buf + offset, len, data, - type->elem[IPSET_DIM_TWO].opt, env); + size = type->elem[IPSET_DIM_TWO - 1].print(buf + offset, len, data, + type->elem[IPSET_DIM_TWO - 1].opt, env); SNPRINTF_FAILURE(size, len, offset); if (type->dimension == IPSET_DIM_TWO || (type->last_elem_optional && - !ipset_data_test(data, type->elem[IPSET_DIM_THREE].opt))) + !ipset_data_test(data, type->elem[IPSET_DIM_THREE - 1].opt))) return offset; size = snprintf(buf + offset, len, IPSET_ELEM_SEPARATOR); SNPRINTF_FAILURE(size, len, offset); - size = type->elem[IPSET_DIM_THREE].print(buf + offset, len, data, - type->elem[IPSET_DIM_THREE].opt, env); + size = type->elem[IPSET_DIM_THREE - 1].print(buf + offset, len, data, + type->elem[IPSET_DIM_THREE - 1].opt, env); SNPRINTF_FAILURE(size, len, offset); return offset; diff --git a/extensions/ipset-6/libipset/session.c b/extensions/ipset-6/libipset/session.c index b27cdde..4424020 100644 --- a/extensions/ipset-6/libipset/session.c +++ b/extensions/ipset-6/libipset/session.c @@ -570,7 +570,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], /* Validate by hand */ switch (family) { - case AF_INET: + case NFPROTO_IPV4: atype = IPSET_ATTR_IPADDR_IPV4; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv4 address " @@ -580,7 +580,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[], "cannot validate IPv4 " "address attribute!"); break; - case AF_INET6: + case NFPROTO_IPV6: atype = IPSET_ATTR_IPADDR_IPV6; if (!ipattr[atype]) FAILURE("Broken kernel message: IPv6 address " @@ -816,8 +816,8 @@ list_adt(struct ipset_session *session, struct nlattr *nla[]) } #define FAMILY_TO_STR(f) \ - ((f) == AF_INET ? "inet" : \ - (f) == AF_INET6 ? "inet6" : "any") + ((f) == NFPROTO_IPV4 ? "inet" : \ + (f) == NFPROTO_IPV6 ? "inet6" : "any") static int list_create(struct ipset_session *session, struct nlattr *nla[]) @@ -1415,7 +1415,7 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags) return attr->len; *flags = NLA_F_NET_BYTEORDER; - return family == AF_INET ? sizeof(uint32_t) + return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); case MNL_TYPE_U32: *flags = NLA_F_NET_BYTEORDER; @@ -1448,7 +1448,7 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, if (attr->type == MNL_TYPE_NESTED) { /* IP addresses */ struct nlattr *nested; - int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4 + int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6; alen = attr_len(attr, family, &flags); @@ -1456,8 +1456,8 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh, MNL_ATTR_HDRLEN, alen)) return 1; nested = mnl_attr_nest_start(nlh, type); - D("family: %s", family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC"); + D("family: %s", family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC"); mnl_attr_put(nlh, atype | flags, alen, d); mnl_attr_nest_end(nlh, nested); @@ -1511,14 +1511,14 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh, data2attr(session, nlh, data, type, family, attrs) #define ADDATTR_SETNAME(session, nlh, data) \ - data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs) + data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs) #define ADDATTR_IF(session, nlh, data, type, family, attrs) \ ipset_data_test(data, attrs[type].opt) ? \ data2attr(session, nlh, data, type, family, attrs) : 0 #define ADDATTR_RAW(session, nlh, data, type, attrs) \ - rawdata2attr(session, nlh, data, type, AF_INET, attrs) + rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs) static void addattr_create(struct ipset_session *session, @@ -1574,13 +1574,13 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd) "Invalid internal TYPE command: " "missing settype"); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); break; default: return ipset_err(session, "Internal error: " @@ -1640,17 +1640,17 @@ build_msg(struct ipset_session *session, bool aggregate) * setname, typename, revision, family, flags (optional) */ ADDATTR_SETNAME(session, nlh, data); ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); ADDATTR_RAW(session, nlh, &type->revision, IPSET_ATTR_REVISION, cmd_attrs); D("family: %u, type family %u", ipset_data_family(data), type->family); if (ipset_data_test(data, IPSET_OPT_FAMILY)) ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY, - AF_INET, cmd_attrs); + NFPROTO_IPV4, cmd_attrs); else /* bitmap:port and list:set types */ - mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC); + mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC); /* Type-specific create attributes */ D("call open_nested"); @@ -1677,7 +1677,7 @@ build_msg(struct ipset_session *session, bool aggregate) ADDATTR_SETNAME(session, nlh, data); if (flags && session->mode != IPSET_LIST_SAVE) { ipset_data_set(data, IPSET_OPT_FLAGS, &flags); - ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET, + ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4, cmd_attrs); } break; diff --git a/extensions/ipset-6/libipset/types.c b/extensions/ipset-6/libipset/types.c index 7c16a30..e93b4bd 100644 --- a/extensions/ipset-6/libipset/types.c +++ b/extensions/ipset-6/libipset/types.c @@ -173,7 +173,8 @@ ipset_cache_swap(const char *from, const char *to) } #define MATCH_FAMILY(type, f) \ - (f == AF_UNSPEC || type->family == f || type->family == AF_INET46) + (f == NFPROTO_UNSPEC || type->family == f || \ + type->family == NFPROTO_IPSET_IPV46) bool ipset_match_typename(const char *name, const struct ipset_type *type) @@ -227,8 +228,9 @@ create_type_get(struct ipset_session *session) typename); /* Family is unspecified yet: set from matching set type */ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) { - family = match->family == AF_INET46 ? AF_INET : match->family; + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) { + family = match->family == NFPROTO_IPSET_IPV46 ? + NFPROTO_IPV4 : match->family; ipset_data_set(data, IPSET_OPT_FAMILY, &family); } @@ -254,8 +256,8 @@ create_type_get(struct ipset_session *session) "with maximal revision %u.\n" "You need to upgrade your ipset program.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmin, tmax); else return ipset_errptr(session, @@ -264,8 +266,8 @@ create_type_get(struct ipset_session *session) "with minimal revision %u.\n" "You need to upgrade your kernel.", typename, - family == AF_INET ? "INET" : - family == AF_INET6 ? "INET6" : "UNSPEC", + family == NFPROTO_IPV4 ? "INET" : + family == NFPROTO_IPV6 ? "INET6" : "UNSPEC", kmax, tmin); } @@ -290,8 +292,9 @@ found: } #define set_family_and_type(data, match, family) do { \ - if (family == AF_UNSPEC && match->family != AF_UNSPEC) \ - family = match->family == AF_INET46 ? AF_INET : match->family;\ + if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) \ + family = match->family == NFPROTO_IPSET_IPV46 ? \ + NFPROTO_IPV4 : match->family;\ ipset_data_set(data, IPSET_OPT_FAMILY, &family); \ ipset_data_set(data, IPSET_OPT_TYPE, match); \ } while (0) @@ -306,7 +309,7 @@ adt_type_get(struct ipset_session *session) const struct ipset_type *match; const char *setname, *typename; const uint8_t *revision; - uint8_t family = AF_UNSPEC; + uint8_t family = NFPROTO_UNSPEC; int ret; data = ipset_session_data(session); @@ -352,8 +355,8 @@ adt_type_get(struct ipset_session *session) "ipset library does not support the " "settype with that family and revision.", setname, typename, - family == AF_INET ? "inet" : - family == AF_INET6 ? "inet6" : "unspec", + family == NFPROTO_IPV4 ? "inet" : + family == NFPROTO_IPV6 ? "inet6" : "unspec", *revision); set_family_and_type(data, match, family); @@ -409,7 +412,7 @@ ipset_type_check(struct ipset_session *session) const struct ipset_type *t, *match = NULL; struct ipset_data *data; const char *typename; - uint8_t family = AF_UNSPEC, revision; + uint8_t family = NFPROTO_UNSPEC, revision; assert(session); data = ipset_session_data(session); diff --git a/extensions/ipset-6/src/ipset.c b/extensions/ipset-6/src/ipset.c index 593c772..b4caada 100644 --- a/extensions/ipset-6/src/ipset.c +++ b/extensions/ipset-6/src/ipset.c @@ -24,7 +24,7 @@ #include /* STREQ */ static char program_name[] = "ipset"; -static char program_version[] = "6.8-genl-xta"; +static char program_version[] = "6.9.1-genl-xta"; static struct ipset_session *session; static uint32_t restore_line; @@ -324,9 +324,9 @@ static const char * session_family(void) { switch (ipset_data_family(ipset_session_data(session))) { - case AF_INET: + case NFPROTO_IPV4: return "inet"; - case AF_INET6: + case NFPROTO_IPV6: return "inet6"; default: return "unspec"; @@ -581,10 +581,10 @@ parse_commandline(int argc, char *argv[]) type->name, type->usage); if (type->usagefn) type->usagefn(); - if (type->family == AF_UNSPEC) + if (type->family == NFPROTO_UNSPEC) printf("\nType %s is family neutral.\n", type->name); - else if (type->family == AF_INET46) + else if (type->family == NFPROTO_IPSET_IPV46) printf("\nType %s supports INET " "and INET6.\n", type->name); @@ -592,7 +592,7 @@ parse_commandline(int argc, char *argv[]) printf("\nType %s supports family " "%s only.\n", type->name, - type->family == AF_INET + type->family == NFPROTO_IPV4 ? "INET" : "INET6"); } else { printf("\nSupported set types:\n"); diff --git a/extensions/ipset-6/src/ipset_bitmap_ip.c b/extensions/ipset-6/src/ipset_bitmap_ip.c index e73bc7c..8b8220d 100644 --- a/extensions/ipset-6/src/ipset_bitmap_ip.c +++ b/extensions/ipset-6/src/ipset_bitmap_ip.c @@ -60,10 +60,10 @@ struct ipset_type ipset_bitmap_ip0 = { .name = "bitmap:ip", .alias = { "ipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP diff --git a/extensions/ipset-6/src/ipset_bitmap_ipmac.c b/extensions/ipset-6/src/ipset_bitmap_ipmac.c index f47f25d..d822bf6 100644 --- a/extensions/ipset-6/src/ipset_bitmap_ipmac.c +++ b/extensions/ipset-6/src/ipset_bitmap_ipmac.c @@ -57,16 +57,16 @@ struct ipset_type ipset_bitmap_ipmac0 = { .name = "bitmap:ip,mac", .alias = { "macipmap", NULL }, .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .dimension = IPSET_DIM_TWO, .last_elem_optional = true, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_single_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_ether, .print = ipset_print_ether, .opt = IPSET_OPT_ETHER diff --git a/extensions/ipset-6/src/ipset_bitmap_port.c b/extensions/ipset-6/src/ipset_bitmap_port.c index c8c6e1f..69be809 100644 --- a/extensions/ipset-6/src/ipset_bitmap_port.c +++ b/extensions/ipset-6/src/ipset_bitmap_port.c @@ -51,10 +51,10 @@ struct ipset_type ipset_bitmap_port0 = { .name = "bitmap:port", .alias = { "portmap", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_tcp_port, .print = ipset_print_port, .opt = IPSET_OPT_PORT diff --git a/extensions/ipset-6/src/ipset_hash_ip.c b/extensions/ipset-6/src/ipset_hash_ip.c index 315804a..912b991 100644 --- a/extensions/ipset-6/src/ipset_hash_ip.c +++ b/extensions/ipset-6/src/ipset_hash_ip.c @@ -83,10 +83,10 @@ struct ipset_type ipset_hash_ip0 = { .name = "hash:ip", .alias = { "iphash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP diff --git a/extensions/ipset-6/src/ipset_hash_ipport.c b/extensions/ipset-6/src/ipset_hash_ipport.c index b5bd41b..748e452 100644 --- a/extensions/ipset-6/src/ipset_hash_ipport.c +++ b/extensions/ipset-6/src/ipset_hash_ipport.c @@ -89,15 +89,15 @@ struct ipset_type ipset_hash_ipport1 = { .name = "hash:ip,port", .alias = { "ipporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT diff --git a/extensions/ipset-6/src/ipset_hash_ipportip.c b/extensions/ipset-6/src/ipset_hash_ipportip.c index b27cebf..7c046a3 100644 --- a/extensions/ipset-6/src/ipset_hash_ipportip.c +++ b/extensions/ipset-6/src/ipset_hash_ipportip.c @@ -89,20 +89,20 @@ struct ipset_type ipset_hash_ipportip1 = { .name = "hash:ip,port,ip", .alias = { "ipportiphash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE - 1] = { .parse = ipset_parse_single_ip, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 diff --git a/extensions/ipset-6/src/ipset_hash_ipportnet.c b/extensions/ipset-6/src/ipset_hash_ipportnet.c index ecab191..c4cf97e 100644 --- a/extensions/ipset-6/src/ipset_hash_ipportnet.c +++ b/extensions/ipset-6/src/ipset_hash_ipportnet.c @@ -90,20 +90,20 @@ struct ipset_type ipset_hash_ipportnet1 = { .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE - 1] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 @@ -180,20 +180,20 @@ struct ipset_type ipset_hash_ipportnet2 = { .name = "hash:ip,port,net", .alias = { "ipportnethash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_THREE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_single6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT }, - [IPSET_DIM_THREE] = { + [IPSET_DIM_THREE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP2 diff --git a/extensions/ipset-6/src/ipset_hash_net.c b/extensions/ipset-6/src/ipset_hash_net.c index 665c398..76269f0 100644 --- a/extensions/ipset-6/src/ipset_hash_net.c +++ b/extensions/ipset-6/src/ipset_hash_net.c @@ -73,10 +73,10 @@ struct ipset_type ipset_hash_net0 = { .name = "hash:net", .alias = { "nethash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP @@ -125,10 +125,10 @@ struct ipset_type ipset_hash_net1 = { .name = "hash:net", .alias = { "nethash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP diff --git a/extensions/ipset-6/src/ipset_hash_netiface.c b/extensions/ipset-6/src/ipset_hash_netiface.c index 2fbe27d..51d9cad 100644 --- a/extensions/ipset-6/src/ipset_hash_netiface.c +++ b/extensions/ipset-6/src/ipset_hash_netiface.c @@ -66,15 +66,15 @@ struct ipset_type ipset_hash_netiface0 = { .name = "hash:net,iface", .alias = { "netifacehash", NULL }, .revision = 0, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_iface, .print = ipset_print_iface, .opt = IPSET_OPT_IFACE diff --git a/extensions/ipset-6/src/ipset_hash_netport.c b/extensions/ipset-6/src/ipset_hash_netport.c index 480dd84..af6adf1 100644 --- a/extensions/ipset-6/src/ipset_hash_netport.c +++ b/extensions/ipset-6/src/ipset_hash_netport.c @@ -67,15 +67,15 @@ struct ipset_type ipset_hash_netport1 = { .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 1, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ipnet, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT @@ -141,15 +141,15 @@ struct ipset_type ipset_hash_netport2 = { .name = "hash:net,port", .alias = { "netporthash", NULL }, .revision = 2, - .family = AF_INET46, + .family = NFPROTO_IPSET_IPV46, .dimension = IPSET_DIM_TWO, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_ip4_net6, .print = ipset_print_ip, .opt = IPSET_OPT_IP }, - [IPSET_DIM_TWO] = { + [IPSET_DIM_TWO - 1] = { .parse = ipset_parse_proto_port, .print = ipset_print_proto_port, .opt = IPSET_OPT_PORT diff --git a/extensions/ipset-6/src/ipset_list_set.c b/extensions/ipset-6/src/ipset_list_set.c index f3fa6df..d95290b 100644 --- a/extensions/ipset-6/src/ipset_list_set.c +++ b/extensions/ipset-6/src/ipset_list_set.c @@ -50,10 +50,10 @@ struct ipset_type ipset_list_set0 = { .name = "list:set", .alias = { "setlist", NULL }, .revision = 0, - .family = AF_UNSPEC, + .family = NFPROTO_UNSPEC, .dimension = IPSET_DIM_ONE, .elem = { - [IPSET_DIM_ONE] = { + [IPSET_DIM_ONE - 1] = { .parse = ipset_parse_setname, .print = ipset_print_name, .opt = IPSET_OPT_NAME diff --git a/extensions/ipset-6/xt_set.c b/extensions/ipset-6/xt_set.c index de98f48..92789cb 100644 --- a/extensions/ipset-6/xt_set.c +++ b/extensions/ipset-6/xt_set.c @@ -13,7 +13,6 @@ #include #include -#include #include #include "xt_set.h" diff --git a/extensions/ipset-6/xt_set.h b/extensions/ipset-6/xt_set.h index c46eaee..a84ac05 100644 --- a/extensions/ipset-6/xt_set.h +++ b/extensions/ipset-6/xt_set.h @@ -58,8 +58,8 @@ struct xt_set_info_target_v1 { struct xt_set_info_target_v2 { struct xt_set_info add_set; struct xt_set_info del_set; - u32 flags; - u32 timeout; + __u32 flags; + __u32 timeout; }; #endif /*_XT_SET_H*/