276 |
return error; |
return error; |
277 |
} |
} |
278 |
|
|
279 |
static bool ccs_is_same_ip_network_acl(const struct ccs_acl_info *a, |
static bool ccs_same_ip_network_acl(const struct ccs_acl_info *a, |
280 |
const struct ccs_acl_info *b) |
const struct ccs_acl_info *b) |
281 |
{ |
{ |
282 |
const struct ccs_ip_network_acl *p1 = container_of(a, typeof(*p1), |
const struct ccs_ip_network_acl *p1 = container_of(a, typeof(*p1), |
283 |
head); |
head); |
284 |
const struct ccs_ip_network_acl *p2 = container_of(b, typeof(*p2), |
const struct ccs_ip_network_acl *p2 = container_of(b, typeof(*p2), |
285 |
head); |
head); |
286 |
return ccs_is_same_acl_head(&p1->head, &p2->head) |
return ccs_same_acl_head(&p1->head, &p2->head) |
287 |
&& p1->address_type == p2->address_type && |
&& p1->address_type == p2->address_type && |
288 |
p1->address.ipv4.min == p2->address.ipv4.min && |
p1->address.ipv4.min == p2->address.ipv4.min && |
289 |
p1->address.ipv6.min == p2->address.ipv6.min && |
p1->address.ipv6.min == p2->address.ipv6.min && |
290 |
p1->address.ipv4.max == p2->address.ipv4.max && |
p1->address.ipv4.max == p2->address.ipv4.max && |
291 |
p1->address.ipv6.max == p2->address.ipv6.max && |
p1->address.ipv6.max == p2->address.ipv6.max && |
292 |
p1->address.group == p2->address.group && |
p1->address.group == p2->address.group && |
293 |
ccs_is_same_number_union(&p1->port, &p2->port); |
ccs_same_number_union(&p1->port, &p2->port); |
294 |
} |
} |
295 |
|
|
296 |
static bool ccs_merge_ip_network_acl(struct ccs_acl_info *a, |
static bool ccs_merge_ip_network_acl(struct ccs_acl_info *a, |
310 |
} |
} |
311 |
|
|
312 |
/** |
/** |
313 |
* ccs_write_network_policy - Write "struct ccs_ip_network_acl" list. |
* ccs_write_network - Write "struct ccs_ip_network_acl" list. |
314 |
* |
* |
315 |
* @data: String to parse. |
* @data: String to parse. |
316 |
* @domain: Pointer to "struct ccs_domain_info". |
* @domain: Pointer to "struct ccs_domain_info". |
319 |
* |
* |
320 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
321 |
*/ |
*/ |
322 |
int ccs_write_network_policy(char *data, struct ccs_domain_info *domain, |
int ccs_write_network(char *data, struct ccs_domain_info *domain, |
323 |
struct ccs_condition *condition, |
struct ccs_condition *condition, const bool is_delete) |
|
const bool is_delete) |
|
324 |
{ |
{ |
325 |
struct ccs_ip_network_acl e = { |
struct ccs_ip_network_acl e = { |
326 |
.head.type = CCS_TYPE_IP_NETWORK_ACL, |
.head.type = CCS_TYPE_IP_NETWORK_ACL, |
398 |
} |
} |
399 |
if (!ccs_parse_number_union(w[3], &e.port)) |
if (!ccs_parse_number_union(w[3], &e.port)) |
400 |
goto out; |
goto out; |
401 |
error = ccs_update_domain_policy(&e.head, sizeof(e), is_delete, domain, |
error = ccs_update_domain(&e.head, sizeof(e), is_delete, domain, |
402 |
ccs_is_same_ip_network_acl, |
ccs_same_ip_network_acl, |
403 |
ccs_merge_ip_network_acl); |
ccs_merge_ip_network_acl); |
404 |
out: |
out: |
405 |
if (w[2][0] == '@') |
if (w[2][0] == '@') |
406 |
ccs_put_group(e.address.group); |
ccs_put_group(e.address.group); |