On Sun, 22 Sep 2013, Oliver wrote:
> From: Oliver Smith <oliver@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>
> This introduces new revisions of all hash and bitmap ipsets to
> complement the comment functionality introduced into the kernel modules.
>
> Currently all sets have a compile-time limit of 255 characters including
> \0. This can otherwise be arbitrarily modified.
Patch is applied, with a fix and a minor modifications:
> diff --git a/lib/ipset_bitmap_ipmac.c b/lib/ipset_bitmap_ipmac.c
> index 67217a9..084f2fc 100644
> --- a/lib/ipset_bitmap_ipmac.c
> +++ b/lib/ipset_bitmap_ipmac.c
> @@ -207,9 +207,127 @@ static struct ipset_type ipset_bitmap_ipmac1 = {
> .description = "counters support",
> };
>
> +/* Parse commandline arguments */
> +static const struct ipset_arg bitmap_ipmac_create_args2[] = {
> + { .name = { "range", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
> + .parse = ipset_parse_netrange, .print = ipset_print_ip,
> + },
> + { .name = { "timeout", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
> + .parse = ipset_parse_timeout, .print = ipset_print_number,
> + },
> + { .name = { "counters", NULL },
> + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
> + .parse = ipset_parse_flag, .print = ipset_print_flag,
> + },
> + { .name = { "comment", NULL },
> + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
> + .parse = ipset_parse_flag, .print = ipset_print_flag,
> + },
> + /* Backward compatibility */
> + { .name = { "from", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
> + .parse = ipset_parse_single_ip,
> + },
> + { .name = { "to", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP_TO,
> + .parse = ipset_parse_single_ip,
> + },
> + { .name = { "network", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_IP,
> + .parse = ipset_parse_net,
> + },
> + { },
> +};
> +
> +static const struct ipset_arg bitmap_ipmac_add_args2[] = {
> + { .name = { "timeout", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
> + .parse = ipset_parse_timeout, .print = ipset_print_number,
> + },
> + { .name = { "packets", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PACKETS,
> + .parse = ipset_parse_uint64, .print = ipset_print_number,
> + },
> + { .name = { "bytes", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
> + .parse = ipset_parse_uint64, .print = ipset_print_number,
> + },
> + { .name = { "comment", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_BYTES,
> + .parse = ipset_parse_comment, .print = ipset_print_comment,
Cut&paste error, corrected to IPSET_OTP_ADT_COMMENT.
> diff --git a/lib/ipset_hash_net.c b/lib/ipset_hash_net.c
> index a80d732..99ffc1f 100644
> --- a/lib/ipset_hash_net.c
> +++ b/lib/ipset_hash_net.c
> @@ -366,6 +366,150 @@ static struct ipset_type ipset_hash_net3 = {
> .description = "counters support",
> };
>
> +/* Parse commandline arguments */
> +static const struct ipset_arg hash_net_create_args4[] = {
> + { .name = { "family", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_FAMILY,
> + .parse = ipset_parse_family, .print = ipset_print_family,
> + },
> + /* Alias: family inet */
> + { .name = { "-4", NULL },
> + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
> + .parse = ipset_parse_family,
> + },
> + /* Alias: family inet6 */
> + { .name = { "-6", NULL },
> + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_FAMILY,
> + .parse = ipset_parse_family,
> + },
> + { .name = { "hashsize", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_HASHSIZE,
> + .parse = ipset_parse_uint32, .print = ipset_print_number,
> + },
> + { .name = { "maxelem", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_MAXELEM,
> + .parse = ipset_parse_uint32, .print = ipset_print_number,
> + },
> + { .name = { "timeout", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_TIMEOUT,
> + .parse = ipset_parse_timeout, .print = ipset_print_number,
> + },
> + { .name = { "counters", NULL },
> + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_COUNTERS,
> + .parse = ipset_parse_flag, .print = ipset_print_flag,
> + },
> + /* Ignored options: backward compatibilty */
Line above is moved after the comment option.
> + { .name = { "comment", NULL },
> + .has_arg = IPSET_NO_ARG, .opt = IPSET_OPT_CREATE_COMMENT,
> + .parse = ipset_parse_flag, .print = ipset_print_flag,
> + },
> + { .name = { "probes", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_PROBES,
> + .parse = ipset_parse_ignored, .print = ipset_print_number,
> + },
> + { .name = { "resize", NULL },
> + .has_arg = IPSET_MANDATORY_ARG, .opt = IPSET_OPT_RESIZE,
> + .parse = ipset_parse_ignored, .print = ipset_print_number,
> + },
> + { },
> +};
> +
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
