Annotation of embedaddon/dnsmasq/src/ipset.c, revision 1.1
1.1 ! misho 1: /* ipset.c is Copyright (c) 2013 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
! 2:
! 3: This program is free software; you can redistribute it and/or modify
! 4: it under the terms of the GNU General Public License as published by
! 5: the Free Software Foundation; version 2 dated June, 1991, or
! 6: (at your option) version 3 dated 29 June, 2007.
! 7:
! 8: This program is distributed in the hope that it will be useful,
! 9: but WITHOUT ANY WARRANTY; without even the implied warranty of
! 10: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 11: GNU General Public License for more details.
! 12:
! 13: You should have received a copy of the GNU General Public License
! 14: along with this program. If not, see <http://www.gnu.org/licenses/>.
! 15: */
! 16:
! 17: #include "dnsmasq.h"
! 18:
! 19: #ifdef HAVE_IPSET
! 20:
! 21: #include <string.h>
! 22: #include <errno.h>
! 23: #include <sys/types.h>
! 24: #include <sys/socket.h>
! 25: #include <sys/utsname.h>
! 26: #include <arpa/inet.h>
! 27: #include <linux/version.h>
! 28: #include <linux/netlink.h>
! 29: #include <linux/netfilter/nfnetlink.h>
! 30: #ifndef NFNL_SUBSYS_IPSET
! 31: #define NFNL_SUBSYS_IPSET 6
! 32: #define IPSET_ATTR_DATA 7
! 33: #define IPSET_ATTR_IP 1
! 34: #define IPSET_ATTR_IPADDR_IPV4 1
! 35: #define IPSET_ATTR_IPADDR_IPV6 2
! 36: #define IPSET_ATTR_PROTOCOL 1
! 37: #define IPSET_ATTR_SETNAME 2
! 38: #define IPSET_CMD_ADD 9
! 39: #define IPSET_CMD_DEL 10
! 40: #define IPSET_MAXNAMELEN 32
! 41: #define IPSET_PROTOCOL 6
! 42: #else
! 43: #include <linux/netfilter/ipset/ip_set.h>
! 44: #endif
! 45:
! 46: /* data structure size in here is fixed */
! 47: #define BUFF_SZ 256
! 48:
! 49: #define NL_ALIGN(len) (((len)+3) & ~(3))
! 50: static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
! 51: static int ipset_sock, old_kernel;
! 52: static char *buffer;
! 53:
! 54: static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
! 55: {
! 56: struct nlattr *attr = (void *)nlh + NL_ALIGN(nlh->nlmsg_len);
! 57: uint16_t payload_len = NL_ALIGN(sizeof(struct nlattr)) + len;
! 58: attr->nla_type = type;
! 59: attr->nla_len = payload_len;
! 60: memcpy((void *)attr + NL_ALIGN(sizeof(struct nlattr)), data, len);
! 61: nlh->nlmsg_len += NL_ALIGN(payload_len);
! 62: }
! 63:
! 64: void ipset_init(void)
! 65: {
! 66: struct utsname utsname;
! 67: int version;
! 68: char *split;
! 69:
! 70: if (uname(&utsname) < 0)
! 71: die(_("failed to find kernel version: %s"), NULL, EC_MISC);
! 72:
! 73: split = strtok(utsname.release, ".");
! 74: version = (split ? atoi(split) : 0);
! 75: split = strtok(NULL, ".");
! 76: version = version * 256 + (split ? atoi(split) : 0);
! 77: split = strtok(NULL, ".");
! 78: version = version * 256 + (split ? atoi(split) : 0);
! 79: old_kernel = (version < KERNEL_VERSION(2,6,32));
! 80:
! 81: if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
! 82: return;
! 83:
! 84: if (!old_kernel &&
! 85: (buffer = safe_malloc(BUFF_SZ)) &&
! 86: (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
! 87: (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
! 88: return;
! 89:
! 90: die (_("failed to create IPset control socket: %s"), NULL, EC_MISC);
! 91: }
! 92:
! 93: static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int af, int remove)
! 94: {
! 95: struct nlmsghdr *nlh;
! 96: struct nfgenmsg *nfg;
! 97: struct nlattr *nested[2];
! 98: uint8_t proto;
! 99: int addrsz = INADDRSZ;
! 100: ssize_t rc;
! 101:
! 102: #ifdef HAVE_IPV6
! 103: if (af == AF_INET6)
! 104: addrsz = IN6ADDRSZ;
! 105: #endif
! 106:
! 107: if (strlen(setname) >= IPSET_MAXNAMELEN)
! 108: {
! 109: errno = ENAMETOOLONG;
! 110: return -1;
! 111: }
! 112:
! 113: memset(buffer, 0, sizeof(buffer));
! 114:
! 115: nlh = (struct nlmsghdr *)buffer;
! 116: nlh->nlmsg_len = NL_ALIGN(sizeof(struct nlmsghdr));
! 117: nlh->nlmsg_type = (remove ? IPSET_CMD_DEL : IPSET_CMD_ADD) | (NFNL_SUBSYS_IPSET << 8);
! 118: nlh->nlmsg_flags = NLM_F_REQUEST;
! 119:
! 120: nfg = (struct nfgenmsg *)(buffer + nlh->nlmsg_len);
! 121: nlh->nlmsg_len += NL_ALIGN(sizeof(struct nfgenmsg));
! 122: nfg->nfgen_family = af;
! 123: nfg->version = NFNETLINK_V0;
! 124: nfg->res_id = htons(0);
! 125:
! 126: proto = IPSET_PROTOCOL;
! 127: add_attr(nlh, IPSET_ATTR_PROTOCOL, sizeof(proto), &proto);
! 128: add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname);
! 129: nested[0] = (struct nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
! 130: nlh->nlmsg_len += NL_ALIGN(sizeof(struct nlattr));
! 131: nested[0]->nla_type = NLA_F_NESTED | IPSET_ATTR_DATA;
! 132: nested[1] = (struct nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
! 133: nlh->nlmsg_len += NL_ALIGN(sizeof(struct nlattr));
! 134: nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP;
! 135: add_attr(nlh,
! 136: (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER,
! 137: addrsz, &ipaddr->addr);
! 138: nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1];
! 139: nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0];
! 140:
! 141: while ((rc = sendto(ipset_sock, buffer, nlh->nlmsg_len, 0,
! 142: (struct sockaddr *)&snl, sizeof(snl))) == -1 && retry_send());
! 143: return rc;
! 144: }
! 145:
! 146:
! 147: static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove)
! 148: {
! 149: socklen_t size;
! 150: struct ip_set_req_adt_get {
! 151: unsigned op;
! 152: unsigned version;
! 153: union {
! 154: char name[IPSET_MAXNAMELEN];
! 155: uint16_t index;
! 156: } set;
! 157: char typename[IPSET_MAXNAMELEN];
! 158: } req_adt_get;
! 159: struct ip_set_req_adt {
! 160: unsigned op;
! 161: uint16_t index;
! 162: uint32_t ip;
! 163: } req_adt;
! 164:
! 165: if (strlen(setname) >= sizeof(req_adt_get.set.name))
! 166: {
! 167: errno = ENAMETOOLONG;
! 168: return -1;
! 169: }
! 170:
! 171: req_adt_get.op = 0x10;
! 172: req_adt_get.version = 3;
! 173: strcpy(req_adt_get.set.name, setname);
! 174: size = sizeof(req_adt_get);
! 175: if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
! 176: return -1;
! 177: req_adt.op = remove ? 0x102 : 0x101;
! 178: req_adt.index = req_adt_get.set.index;
! 179: req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr);
! 180: if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
! 181: return -1;
! 182:
! 183: return 0;
! 184: }
! 185:
! 186:
! 187:
! 188: int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove)
! 189: {
! 190: int af = AF_INET;
! 191:
! 192: #ifdef HAVE_IPV6
! 193: if (flags & F_IPV6)
! 194: {
! 195: af = AF_INET6;
! 196: /* old method only supports IPv4 */
! 197: if (old_kernel)
! 198: return -1;
! 199: }
! 200: #endif
! 201:
! 202: return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
! 203: }
! 204:
! 205: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ipset.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src