From 9ce8ca5ec9d28f6e5449c6ce138648cbaf99b438 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 30 Apr 2013 21:18:15 +0200 Subject: [PATCH] Store ipset storage method and matches in state file, keep iprange and ports if set --- ipsets.c | 31 +++---------------------------- options.c | 10 ++++++---- options.h | 8 ++++++++ utils.c | 41 ++++++++++++++++++++++++++++++++--------- 4 files changed, 49 insertions(+), 41 deletions(-) diff --git a/ipsets.c b/ipsets.c index eb37d0a..713b343 100644 --- a/ipsets.c +++ b/ipsets.c @@ -91,15 +91,6 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset) uint32_t typelist = 0; struct fw3_ipset_datatype *type; - const char *methods[] = { - "(bug)", - "bitmap", - "hash", - "list", - }; - - typelist = 0; - list_for_each_entry(type, &ipset->datatypes, list) { if (i >= 3) @@ -121,7 +112,7 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset) ipset->method = ipset_types[i].method; warn_elem(e, "defines no storage method, assuming '%s'", - methods[ipset->method]); + fw3_ipset_method_names[ipset->method]); break; } @@ -277,33 +268,17 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state) struct fw3_ipset_datatype *type; - const char *methods[] = { - "(bug)", - "bitmap", - "hash", - "list", - }; - - const char *types[] = { - "(bug)", - "ip", - "port", - "mac", - "net", - "set", - }; - if (ipset->external && *ipset->external) return; info(" * Creating ipset %s", ipset->name); first = true; - fw3_pr("create %s %s", ipset->name, methods[ipset->method]); + fw3_pr("create %s %s", ipset->name, fw3_ipset_method_names[ipset->method]); list_for_each_entry(type, &ipset->datatypes, list) { - fw3_pr("%c%s", first ? ':' : ',', types[type->type]); + fw3_pr("%c%s", first ? ':' : ',', fw3_ipset_type_names[type->type]); first = false; } diff --git a/options.c b/options.c index 724a215..47cd727 100644 --- a/options.c +++ b/options.c @@ -91,13 +91,15 @@ static const char *limit_units[] = { "day", }; -static const char *ipset_methods[] = { +const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX] = { + "(bug)", "bitmap", "hash", "list", }; -static const char *ipset_types[] = { +const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX] = { + "(bug)", "ip", "port", "mac", @@ -558,7 +560,7 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list) bool fw3_parse_ipset_method(void *ptr, const char *val, bool is_list) { - return parse_enum(ptr, val, ipset_methods, + return parse_enum(ptr, val, &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP], FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST); } @@ -583,7 +585,7 @@ fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list) type.dest = false; } - if (parse_enum(&type.type, val, ipset_types, + if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP], FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET)) { put_value(ptr, &type, sizeof(type), is_list); diff --git a/options.h b/options.h index e242f67..5678451 100644 --- a/options.h +++ b/options.h @@ -100,6 +100,8 @@ enum fw3_ipset_method FW3_IPSET_METHOD_BITMAP = 1, FW3_IPSET_METHOD_HASH = 2, FW3_IPSET_METHOD_LIST = 3, + + __FW3_IPSET_METHOD_MAX }; enum fw3_ipset_type @@ -110,8 +112,14 @@ enum fw3_ipset_type FW3_IPSET_TYPE_MAC = 3, FW3_IPSET_TYPE_NET = 4, FW3_IPSET_TYPE_SET = 5, + + __FW3_IPSET_TYPE_MAX }; +extern const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX]; +extern const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX]; + + enum fw3_include_type { FW3_INC_TYPE_SCRIPT = 0, diff --git a/utils.c b/utils.c index aef1cc6..a728e77 100644 --- a/utils.c +++ b/utils.c @@ -490,7 +490,9 @@ static void write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s, struct uci_package *dest) { - char buf[sizeof("0xffffffff\0")]; + struct fw3_ipset_datatype *type; + + char buf[sizeof("65535-65535\0")]; struct uci_ptr ptr = { .p = dest }; @@ -504,17 +506,38 @@ write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s, ptr.value = s->name; uci_set(ctx, &ptr); - sprintf(buf, "0x%x", s->flags[0]); ptr.o = NULL; - ptr.option = "__flags_v4"; - ptr.value = buf; + ptr.option = "storage"; + ptr.value = fw3_ipset_method_names[s->method]; uci_set(ctx, &ptr); - sprintf(buf, "0x%x", s->flags[1]); - ptr.o = NULL; - ptr.option = "__flags_v6"; - ptr.value = buf; - uci_set(ctx, &ptr); + list_for_each_entry(type, &s->datatypes, list) + { + sprintf(buf, "%s_%s", type->dest ? "dst" : "src", + fw3_ipset_type_names[type->type]); + + ptr.o = NULL; + ptr.option = "match"; + ptr.value = buf; + uci_add_list(ctx, &ptr); + } + + if (s->iprange.set) + { + ptr.o = NULL; + ptr.option = "iprange"; + ptr.value = fw3_address_to_string(&s->iprange, false); + uci_set(ctx, &ptr); + } + + if (s->portrange.set) + { + sprintf(buf, "%u-%u", s->portrange.port_min, s->portrange.port_max); + ptr.o = NULL; + ptr.option = "portrange"; + ptr.value = buf; + uci_set(ctx, &ptr); + } } void -- 2.25.1