- Do not consider bitmap storage for IPv6 family sets
- Move ipset family parameter before any additional option
- Only emit family parameter for hash sets
- Do not allow IPv6 iprange for IPv4 sets and vice versa
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
{
for (i = 0; i < ARRAY_SIZE(ipset_types); i++)
{
{
for (i = 0; i < ARRAY_SIZE(ipset_types); i++)
{
+ /* skip type for v6 if it does not support family */
+ if (ipset->family != FW3_FAMILY_V4 &&
+ !(ipset_types[i].optional & OPT_FAMILY))
+ continue;
+
if (ipset_types[i].types == typelist)
{
ipset->method = ipset_types[i].method;
if (ipset_types[i].types == typelist)
{
ipset->method = ipset_types[i].method;
{
warn_elem(e, "must not have family 'any'");
}
{
warn_elem(e, "must not have family 'any'");
}
+ else if (ipset->iprange.set && ipset->family != ipset->iprange.family)
+ {
+ warn_elem(e, "has iprange of wrong address family");
+ }
else if (list_empty(&ipset->datatypes))
{
warn_elem(e, "has no datatypes assigned");
else if (list_empty(&ipset->datatypes))
{
warn_elem(e, "has no datatypes assigned");
+ if (ipset->method == FW3_IPSET_METHOD_HASH)
+ fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
+
if (ipset->iprange.set)
{
fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false));
if (ipset->iprange.set)
{
fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false));
ipset->portrange.port_min, ipset->portrange.port_max);
}
ipset->portrange.port_min, ipset->portrange.port_max);
}
- fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
-
if (ipset->timeout > 0)
fw3_pr(" timeout %u", ipset->timeout);
if (ipset->timeout > 0)
fw3_pr(" timeout %u", ipset->timeout);