static bool
do_ipset_cmd(struct ipset_session* session, enum ipset_cmd cmd, const char *setname,
const ip_address_t *addr, uint32_t timeout, const char* iface)
{
const struct ipset_type *type;
uint8_t family;
int r;
ipset_session_data_set(session, IPSET_SETNAME, setname);
type = ipset_type_get(session, cmd);
if (type == NULL) {
/* possible reasons for failure: set name does not exist */
return false;
}
family = (addr->ifa.ifa_family == AF_INET) ? NFPROTO_IPV4 : NFPROTO_IPV6;
ipset_session_data_set(session, IPSET_OPT_FAMILY, &family);
ipset_session_data_set(session, IPSET_OPT_IP, &addr->u);
if (timeout)
ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout);
if (iface)
ipset_session_data_set(session, IPSET_OPT_IFACE, iface);
r = ipset_cmd1(session, cmd, 0);
return r == 0;
}
/**
* This function was designed for three values of cmd:
* CMD_TEST: true if exists, false if not exists (or set name not found)
* CMD_ADD: true if added, false if error occurred (set name not found?)
* CMD_DEL: true if deleted, false if error occurred (set name not found?)
*/
static bool
try_ipset_cmd(enum ipset_cmd cmd, const char *setname,
const struct in_addr *addr, uint32_t timeout) {
const struct ipset_type *type;
uint8_t family;
int r;
r = ipset_session_data_set(session, IPSET_SETNAME, setname);
/* since the IPSET_SETNAME option is valid, this should never fail */
assert(r == 0);
type = ipset_type_get(session, cmd);
if (type == NULL) {
/* possible reasons for failure: set name does not exist */
return false;
}
family = NFPROTO_IPV4;
ipset_session_data_set(session, IPSET_OPT_FAMILY, &family);
ipset_session_data_set(session, IPSET_OPT_IP, addr);
if (timeout)
ipset_session_data_set(session, IPSET_OPT_TIMEOUT, &timeout);
r = ipset_cmd(session, cmd, /*lineno*/ 0);
/* assume that errors always occur if NOT in set. To do it otherwise,
* see lib/session.c for IPSET_CMD_TEST in ipset_cmd */
return r == 0;
}
r = ipset_cmd1(session, cmd, 0);
return r == 0;
}
static bool
ipset_create(struct ipset_session* session, const char *setname, const char *typename, uint8_t family)
{
const struct ipset_type *type;
int r;
ipset_session_data_set(session, IPSET_SETNAME, setname);
ipset_session_data_set(session, IPSET_OPT_TYPENAME, typename);
type = ipset_type_get(session, IPSET_CMD_CREATE);
if (type == NULL)
return false;
ipset_session_data_set(session, IPSET_OPT_TYPE, type);
ipset_session_data_set(session, IPSET_OPT_FAMILY, &family);
r = ipset_cmd1(session, IPSET_CMD_CREATE, 0);
return r == 0;
}
static bool
ipset_destroy(struct ipset_session* session, const char *setname)
{
int r;
