[PATCH] ipset: SCTP, UDPLITE support added to the bitmap:port type

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] ipset: SCTP, UDPLITE support added to the bitmap:port type
@ 2021-12-30 18:35 Quan Tian
  0 siblings, 0 replies; only message in thread
From: Quan Tian @ 2021-12-30 18:35 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Quan Tian

Currently hash:*port* types support SCTP and UDPLITE while bitmap:port
doesn't.

ip_set_get_ip4_port() and ip_set_get_ip6_port() can get SCTP and TCPLITE
port. This patch adds SCTP and UDPLITE support to bitmap:port type by
making ip_set_get_ip_port() return true for the two protocols.

Signed-off-by: Quan Tian <tianquan23@gmail.com>
---
 .../net/netfilter/ipset/ip_set_bitmap_port.c  |  5 +-
 lib/ipset_bitmap_port.c                       | 74 +++++++++++++++++++
 src/ipset.8                                   |  2 +-
 3 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
index 2a570d8..5a43d9c 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -20,7 +20,8 @@
 #define IPSET_TYPE_REV_MIN	0
 /*				1	   Counter support added */
 /*				2	   Comment support added */
-#define IPSET_TYPE_REV_MAX	3	/* skbinfo support added */
+/*				3	   skbinfo support added */
+#define IPSET_TYPE_REV_MAX	4	/* SCTP and UDPLITE support added */
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>");
@@ -119,7 +120,9 @@ ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
 		return ret;
 	switch (proto) {
 	case IPPROTO_TCP:
+	case IPPROTO_SCTP:
 	case IPPROTO_UDP:
+	case IPPROTO_UDPLITE:
 		return true;
 	default:
 		return false;
diff --git a/lib/ipset_bitmap_port.c b/lib/ipset_bitmap_port.c
index 33f8e6c..016712d 100644
--- a/lib/ipset_bitmap_port.c
+++ b/lib/ipset_bitmap_port.c
@@ -282,6 +282,79 @@ static struct ipset_type ipset_bitmap_port3 = {
 	.description = "skbinfo support",
 };
 
+/* SCTP and UDPLITE support */
+static struct ipset_type ipset_bitmap_port4 = {
+	.name = "bitmap:port",
+	.alias = { "portmap", NULL },
+	.revision = 4,
+	.family = NFPROTO_UNSPEC,
+	.dimension = IPSET_DIM_ONE,
+	.elem = {
+		[IPSET_DIM_ONE - 1] = {
+			.parse = ipset_parse_tcp_udp_port,
+			.print = ipset_print_port,
+			.opt = IPSET_OPT_PORT
+		},
+	},
+	.cmd = {
+		[IPSET_CREATE] = {
+			.args = {
+				IPSET_ARG_PORTRANGE,
+				IPSET_ARG_TIMEOUT,
+				IPSET_ARG_COUNTERS,
+				IPSET_ARG_COMMENT,
+				IPSET_ARG_SKBINFO,
+				/* Backward compatibility */
+				IPSET_ARG_FROM_PORT,
+				IPSET_ARG_TO_PORT,
+				IPSET_ARG_NONE,
+			},
+			.need = IPSET_FLAG(IPSET_OPT_PORT)
+				| IPSET_FLAG(IPSET_OPT_PORT_TO),
+			.full = IPSET_FLAG(IPSET_OPT_PORT)
+				| IPSET_FLAG(IPSET_OPT_PORT_TO),
+			.help = "range [PROTO:]FROM-TO",
+		},
+		[IPSET_ADD] = {
+			.args = {
+				IPSET_ARG_TIMEOUT,
+				IPSET_ARG_PACKETS,
+				IPSET_ARG_BYTES,
+				IPSET_ARG_ADT_COMMENT,
+				IPSET_ARG_SKBMARK,
+				IPSET_ARG_SKBPRIO,
+				IPSET_ARG_SKBQUEUE,
+				IPSET_ARG_NONE,
+			},
+			.need = IPSET_FLAG(IPSET_OPT_PORT),
+			.full = IPSET_FLAG(IPSET_OPT_PORT)
+				| IPSET_FLAG(IPSET_OPT_PORT_TO),
+			.help = "[PROTO:]PORT|FROM-TO",
+		},
+		[IPSET_DEL] = {
+			.args = {
+				IPSET_ARG_NONE,
+			},
+			.need = IPSET_FLAG(IPSET_OPT_PORT),
+			.full = IPSET_FLAG(IPSET_OPT_PORT)
+				| IPSET_FLAG(IPSET_OPT_PORT_TO),
+			.help = "[PROTO:]PORT|FROM-TO",
+		},
+		[IPSET_TEST] = {
+			.args = {
+				IPSET_ARG_NONE,
+			},
+			.need = IPSET_FLAG(IPSET_OPT_PORT),
+			.full = IPSET_FLAG(IPSET_OPT_PORT),
+			.help = "[PROTO:]PORT",
+		},
+	},
+	.usage = "where PORT, FROM and TO are port numbers or port names from /etc/services.\n"
+		 "      PROTO is only needed if a service name is used and it does not exist\n"
+		 "      as a TCP service; just the resolved service numer is stored in the set.",
+	.description = "SCTP and UDPLITE support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -289,4 +362,5 @@ void _init(void)
 	ipset_type_add(&ipset_bitmap_port1);
 	ipset_type_add(&ipset_bitmap_port2);
 	ipset_type_add(&ipset_bitmap_port3);
+	ipset_type_add(&ipset_bitmap_port4);
 }
diff --git a/src/ipset.8 b/src/ipset.8
index 269b9b5..5fa4577 100644
--- a/src/ipset.8
+++ b/src/ipset.8
@@ -504,7 +504,7 @@ Mandatory options to use when creating a \fBbitmap:port\fR type of set:
 Create the set from the specified inclusive port range.
 .PP
 The \fBset\fR match and \fBSET\fR target netfilter kernel modules interpret
-the stored numbers as TCP or UDP port numbers.
+the stored numbers as TCP, SCTP, UDP or UDPLITE port numbers.
 .PP
 \fBproto\fR only needs to be specified if a service name is used
 and that name does not exist as a TCP service. The protocol is never stored
-- 
2.21.1 (Apple Git-122.3)


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2021-12-30 18:35 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-30 18:35 [PATCH] ipset: SCTP, UDPLITE support added to the bitmap:port type Quan Tian

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).