[BACK]Return to ipset.c CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src / ipset.c
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Mon Jul 29 19:37:40 2013 UTC (10 years, 11 months ago) by misho
Branches: elwix, dnsmasq, MAIN
CVS tags: v2_66p0, v2_66, HEAD
dnsmasq

    1: /* ipset.c is Copyright (c) 2013 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
    2: 
    3:    This program is free software; you can redistribute it and/or modify
    4:    it under the terms of the GNU General Public License as published by
    5:    the Free Software Foundation; version 2 dated June, 1991, or
    6:    (at your option) version 3 dated 29 June, 2007.
    7:  
    8:    This program is distributed in the hope that it will be useful,
    9:    but WITHOUT ANY WARRANTY; without even the implied warranty of
   10:    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   11:    GNU General Public License for more details.
   12:      
   13:    You should have received a copy of the GNU General Public License
   14:    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   15: */
   16: 
   17: #include "dnsmasq.h"
   18: 
   19: #ifdef HAVE_IPSET
   20: 
   21: #include <string.h>
   22: #include <errno.h>
   23: #include <sys/types.h>
   24: #include <sys/socket.h>
   25: #include <sys/utsname.h>
   26: #include <arpa/inet.h>
   27: #include <linux/version.h>
   28: #include <linux/netlink.h>
   29: #include <linux/netfilter/nfnetlink.h>
   30: #ifndef NFNL_SUBSYS_IPSET
   31: #define NFNL_SUBSYS_IPSET 6
   32: #define IPSET_ATTR_DATA 7
   33: #define IPSET_ATTR_IP 1
   34: #define IPSET_ATTR_IPADDR_IPV4 1
   35: #define IPSET_ATTR_IPADDR_IPV6 2
   36: #define IPSET_ATTR_PROTOCOL 1
   37: #define IPSET_ATTR_SETNAME 2
   38: #define IPSET_CMD_ADD 9
   39: #define IPSET_CMD_DEL 10
   40: #define IPSET_MAXNAMELEN 32
   41: #define IPSET_PROTOCOL 6
   42: #else
   43: #include <linux/netfilter/ipset/ip_set.h>
   44: #endif
   45: 
   46: /* data structure size in here is fixed */
   47: #define BUFF_SZ 256
   48: 
   49: #define NL_ALIGN(len) (((len)+3) & ~(3))
   50: static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
   51: static int ipset_sock, old_kernel;
   52: static char *buffer;
   53: 
   54: static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
   55: {
   56:   struct nlattr *attr = (void *)nlh + NL_ALIGN(nlh->nlmsg_len);
   57:   uint16_t payload_len = NL_ALIGN(sizeof(struct nlattr)) + len;
   58:   attr->nla_type = type;
   59:   attr->nla_len = payload_len;
   60:   memcpy((void *)attr + NL_ALIGN(sizeof(struct nlattr)), data, len);
   61:   nlh->nlmsg_len += NL_ALIGN(payload_len);
   62: }
   63: 
   64: void ipset_init(void)
   65: {
   66:   struct utsname utsname;
   67:   int version;
   68:   char *split;
   69:   
   70:   if (uname(&utsname) < 0)
   71:     die(_("failed to find kernel version: %s"), NULL, EC_MISC);
   72:   
   73:   split = strtok(utsname.release, ".");
   74:   version = (split ? atoi(split) : 0);
   75:   split = strtok(NULL, ".");
   76:   version = version * 256 + (split ? atoi(split) : 0);
   77:   split = strtok(NULL, ".");
   78:   version = version * 256 + (split ? atoi(split) : 0);
   79:   old_kernel = (version < KERNEL_VERSION(2,6,32));
   80:   
   81:   if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
   82:     return;
   83:   
   84:   if (!old_kernel && 
   85:       (buffer = safe_malloc(BUFF_SZ)) &&
   86:       (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
   87:       (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
   88:     return;
   89:   
   90:   die (_("failed to create IPset control socket: %s"), NULL, EC_MISC);
   91: }
   92: 
   93: static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int af, int remove)
   94: {
   95:   struct nlmsghdr *nlh;
   96:   struct nfgenmsg *nfg;
   97:   struct nlattr *nested[2];
   98:   uint8_t proto;
   99:   int addrsz = INADDRSZ;
  100:   ssize_t rc;
  101: 
  102: #ifdef HAVE_IPV6
  103:   if (af == AF_INET6)
  104:     addrsz = IN6ADDRSZ;
  105: #endif
  106:     
  107:   if (strlen(setname) >= IPSET_MAXNAMELEN) 
  108:     {
  109:       errno = ENAMETOOLONG;
  110:       return -1;
  111:     }
  112:   
  113:   memset(buffer, 0, sizeof(buffer));
  114: 
  115:   nlh = (struct nlmsghdr *)buffer;
  116:   nlh->nlmsg_len = NL_ALIGN(sizeof(struct nlmsghdr));
  117:   nlh->nlmsg_type = (remove ? IPSET_CMD_DEL : IPSET_CMD_ADD) | (NFNL_SUBSYS_IPSET << 8);
  118:   nlh->nlmsg_flags = NLM_F_REQUEST;
  119:   
  120:   nfg = (struct nfgenmsg *)(buffer + nlh->nlmsg_len);
  121:   nlh->nlmsg_len += NL_ALIGN(sizeof(struct nfgenmsg));
  122:   nfg->nfgen_family = af;
  123:   nfg->version = NFNETLINK_V0;
  124:   nfg->res_id = htons(0);
  125:   
  126:   proto = IPSET_PROTOCOL;
  127:   add_attr(nlh, IPSET_ATTR_PROTOCOL, sizeof(proto), &proto);
  128:   add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname);
  129:   nested[0] = (struct nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
  130:   nlh->nlmsg_len += NL_ALIGN(sizeof(struct nlattr));
  131:   nested[0]->nla_type = NLA_F_NESTED | IPSET_ATTR_DATA;
  132:   nested[1] = (struct nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
  133:   nlh->nlmsg_len += NL_ALIGN(sizeof(struct nlattr));
  134:   nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP;
  135:   add_attr(nlh, 
  136: 	   (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER,
  137: 	   addrsz, &ipaddr->addr);
  138:   nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1];
  139:   nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0];
  140: 	
  141:   while ((rc = sendto(ipset_sock, buffer, nlh->nlmsg_len, 0,
  142: 		      (struct sockaddr *)&snl, sizeof(snl))) == -1 && retry_send());
  143:   return rc;
  144: }
  145: 
  146: 
  147: static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove)
  148: {
  149:   socklen_t size;
  150:   struct ip_set_req_adt_get {
  151:     unsigned op;
  152:     unsigned version;
  153:     union {
  154:       char name[IPSET_MAXNAMELEN];
  155:       uint16_t index;
  156:     } set;
  157:     char typename[IPSET_MAXNAMELEN];
  158:   } req_adt_get;
  159:   struct ip_set_req_adt {
  160:     unsigned op;
  161:     uint16_t index;
  162:     uint32_t ip;
  163:   } req_adt;
  164:   
  165:   if (strlen(setname) >= sizeof(req_adt_get.set.name)) 
  166:     {
  167:       errno = ENAMETOOLONG;
  168:       return -1;
  169:     }
  170:   
  171:   req_adt_get.op = 0x10;
  172:   req_adt_get.version = 3;
  173:   strcpy(req_adt_get.set.name, setname);
  174:   size = sizeof(req_adt_get);
  175:   if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
  176:     return -1;
  177:   req_adt.op = remove ? 0x102 : 0x101;
  178:   req_adt.index = req_adt_get.set.index;
  179:   req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr);
  180:   if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
  181:     return -1;
  182:   
  183:   return 0;
  184: }
  185: 
  186: 
  187: 
  188: int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove)
  189: {
  190:   int af = AF_INET;
  191: 
  192: #ifdef HAVE_IPV6
  193:   if (flags & F_IPV6)
  194:     {
  195:       af = AF_INET6;
  196:       /* old method only supports IPv4 */
  197:       if (old_kernel)
  198: 	return -1;
  199:     }
  200: #endif
  201:   
  202:   return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
  203: }
  204: 
  205: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>