X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=ipsets.c;h=03259444b564c30e582189836d1fe1e36154bbb5;hb=6015fc07618173bc9cc44890e0f9c86081c80848;hp=06aafb77ecab50be9b5ffbdb8f917183e9b176b9;hpb=9767873f92a53e996cc90fd8ff56d72dd3026567;p=project%2Ffirewall3.git diff --git a/ipsets.c b/ipsets.c index 06aafb7..0325944 100644 --- a/ipsets.c +++ b/ipsets.c @@ -1,7 +1,7 @@ /* * firewall3 - 3rd OpenWrt UCI firewall implementation * - * Copyright (C) 2013 Jo-Philipp Wich + * Copyright (C) 2013 Jo-Philipp Wich * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -107,6 +107,11 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset) { for (i = 0; i < ARRAY_SIZE(ipset_types); i++) { + /* skip type for v6 if it does not support family */ + if (ipset->family != FW3_FAMILY_V4 && + !(ipset_types[i].optional & OPT_FAMILY)) + continue; + if (ipset_types[i].types == typelist) { ipset->method = ipset_types[i].method; @@ -198,13 +203,10 @@ fw3_alloc_ipset(void) { struct fw3_ipset *ipset; - ipset = malloc(sizeof(*ipset)); - + ipset = calloc(1, sizeof(*ipset)); if (!ipset) return NULL; - memset(ipset, 0, sizeof(*ipset)); - INIT_LIST_HEAD(&ipset->datatypes); ipset->enabled = true; @@ -259,6 +261,10 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p) { warn_elem(e, "must not have family 'any'"); } + else if (ipset->iprange.set && ipset->family != ipset->iprange.family) + { + warn_elem(e, "has iprange of wrong address family"); + } else if (list_empty(&ipset->datatypes)) { warn_elem(e, "has no datatypes assigned"); @@ -292,9 +298,12 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state) first = false; } + if (ipset->method == FW3_IPSET_METHOD_HASH) + fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6"); + if (ipset->iprange.set) { - fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false)); + fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false, true)); } else if (ipset->portrange.set) { @@ -302,8 +311,6 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state) ipset->portrange.port_min, ipset->portrange.port_max); } - fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6"); - if (ipset->timeout > 0) fw3_pr(" timeout %u", ipset->timeout);