From 7752e649cec9d23b867d166ace38d213f0584077 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 8 May 2011 12:16:18 +0200 Subject: libip6t_mh: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libip6t_mh.c | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) (limited to 'extensions') diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c index 460f9e47..686a2932 100644 --- a/extensions/libip6t_mh.c +++ b/extensions/libip6t_mh.c @@ -11,15 +11,17 @@ * * Based on libip6t_{icmpv6,udp}.c */ -#include +#include #include -#include #include #include -#include #include #include +enum { + O_MH_TYPE = 0, +}; + struct mh_name { const char *name; uint8_t type; @@ -122,27 +124,14 @@ static void parse_mh_types(const char *mhtype, uint8_t *types) free(buffer); } -#define MH_TYPES 0x01 - -static int mh_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void mh_parse(struct xt_option_call *cb) { - struct ip6t_mh *mhinfo = (struct ip6t_mh *)(*match)->data; - - switch (c) { - case '1': - if (*flags & MH_TYPES) - xtables_error(PARAMETER_PROBLEM, - "Only one `--mh-type' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_mh_types(optarg, mhinfo->types); - if (invert) - mhinfo->invflags |= IP6T_MH_INV_TYPE; - *flags |= MH_TYPES; - break; - } + struct ip6t_mh *mhinfo = cb->data; - return 1; + xtables_option_parse(cb); + parse_mh_types(cb->arg, mhinfo->types); + if (cb->invert) + mhinfo->invflags |= IP6T_MH_INV_TYPE; } static const char *type_to_name(uint8_t type) @@ -213,9 +202,10 @@ static void mh_save(const void *ip, const struct xt_entry_match *match) printf(" --mh-type %u", mhinfo->types[0]); } -static const struct option mh_opts[] = { - {.name = "mh-type", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry mh_opts[] = { + {.name = "mh-type", .id = O_MH_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + XTOPT_TABLEEND, }; static struct xtables_match mh_mt6_reg = { @@ -226,10 +216,10 @@ static struct xtables_match mh_mt6_reg = { .userspacesize = XT_ALIGN(sizeof(struct ip6t_mh)), .help = mh_help, .init = mh_init, - .parse = mh_parse, + .x6_parse = mh_parse, .print = mh_print, .save = mh_save, - .extra_opts = mh_opts, + .x6_options = mh_opts, }; void _init(void) -- cgit v1.2.3 From 1f8e52ed2ac513476dc93fedde915079c4387728 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 8 May 2011 12:53:20 +0200 Subject: libip6t_rt: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libip6t_rt.c | 159 ++++++++++++++---------------------------------- 1 file changed, 44 insertions(+), 115 deletions(-) (limited to 'extensions') diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c index 1c57dbd6..11bfda92 100644 --- a/extensions/libip6t_rt.c +++ b/extensions/libip6t_rt.c @@ -1,19 +1,20 @@ -/* Shared library add-on to ip6tables to add Routing header support. */ -#include #include -#include #include #include -#include -#include #include -/*#include */ #include -#include -#include #include -/*#define DEBUG 1*/ +enum { + O_RT_TYPE = 0, + O_RT_SEGSLEFT, + O_RT_LEN, + O_RT0RES, + O_RT0ADDRS, + O_RT0NSTRICT, + F_RT_TYPE = 1 << O_RT_TYPE, + F_RT0ADDRS = 1 << O_RT0ADDRS, +}; static void rt_help(void) { @@ -28,58 +29,20 @@ static void rt_help(void) IP6T_RT_HOPS); } -static const struct option rt_opts[] = { - {.name = "rt-type", .has_arg = true, .val = '1'}, - {.name = "rt-segsleft", .has_arg = true, .val = '2'}, - {.name = "rt-len", .has_arg = true, .val = '3'}, - {.name = "rt-0-res", .has_arg = false, .val = '4'}, - {.name = "rt-0-addrs", .has_arg = true, .val = '5'}, - {.name = "rt-0-not-strict", .has_arg = false, .val = '6'}, - XT_GETOPT_TABLEEND, +#define s struct ip6t_rt +static const struct xt_option_entry rt_opts[] = { + {.name = "rt-type", .id = O_RT_TYPE, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT}, + {.name = "rt-segsleft", .id = O_RT_SEGSLEFT, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segsleft)}, + {.name = "rt-len", .id = O_RT_LEN, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)}, + {.name = "rt-0-res", .id = O_RT0RES, .type = XTTYPE_NONE}, + {.name = "rt-0-addrs", .id = O_RT0ADDRS, .type = XTTYPE_STRING}, + {.name = "rt-0-not-strict", .id = O_RT0NSTRICT, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; - -static uint32_t -parse_rt_num(const char *idstr, const char *typestr) -{ - unsigned long int id; - char* ep; - - id = strtoul(idstr,&ep,0) ; - - if ( idstr == ep ) { - xtables_error(PARAMETER_PROBLEM, - "RT no valid digits in %s `%s'", typestr, idstr); - } - if ( id == ULONG_MAX && errno == ERANGE ) { - xtables_error(PARAMETER_PROBLEM, - "%s `%s' specified too big: would overflow", - typestr, idstr); - } - if ( *idstr != '\0' && *ep != '\0' ) { - xtables_error(PARAMETER_PROBLEM, - "RT error parsing %s `%s'", typestr, idstr); - } - return id; -} - -static void -parse_rt_segsleft(const char *idstring, uint32_t *ids) -{ - char *buffer; - char *cp; - - buffer = strdup(idstring); - if ((cp = strchr(buffer, ':')) == NULL) - ids[0] = ids[1] = parse_rt_num(buffer,"segsleft"); - else { - *cp = '\0'; - cp++; - - ids[0] = buffer[0] ? parse_rt_num(buffer,"segsleft") : 0; - ids[1] = cp[0] ? parse_rt_num(cp,"segsleft") : 0xFFFFFFFF; - } - free(buffer); -} +#undef s static const char * addr_to_numeric(const struct in6_addr *addrp) @@ -143,83 +106,49 @@ static void rt_init(struct xt_entry_match *m) rtinfo->segsleft[1] = 0xFFFFFFFF; } -static int rt_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void rt_parse(struct xt_option_call *cb) { - struct ip6t_rt *rtinfo = (struct ip6t_rt *)(*match)->data; + struct ip6t_rt *rtinfo = cb->data; - switch (c) { - case '1': - if (*flags & IP6T_RT_TYP) - xtables_error(PARAMETER_PROBLEM, - "Only one `--rt-type' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - rtinfo->rt_type = parse_rt_num(optarg, "type"); - if (invert) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_RT_TYPE: + if (cb->invert) rtinfo->invflags |= IP6T_RT_INV_TYP; rtinfo->flags |= IP6T_RT_TYP; - *flags |= IP6T_RT_TYP; break; - case '2': - if (*flags & IP6T_RT_SGS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--rt-segsleft' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_rt_segsleft(optarg, rtinfo->segsleft); - if (invert) + case O_RT_SEGSLEFT: + if (cb->invert) rtinfo->invflags |= IP6T_RT_INV_SGS; rtinfo->flags |= IP6T_RT_SGS; - *flags |= IP6T_RT_SGS; break; - case '3': - if (*flags & IP6T_RT_LEN) - xtables_error(PARAMETER_PROBLEM, - "Only one `--rt-len' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - rtinfo->hdrlen = parse_rt_num(optarg, "length"); - if (invert) + case O_RT_LEN: + if (cb->invert) rtinfo->invflags |= IP6T_RT_INV_LEN; rtinfo->flags |= IP6T_RT_LEN; - *flags |= IP6T_RT_LEN; break; - case '4': - if (*flags & IP6T_RT_RES) - xtables_error(PARAMETER_PROBLEM, - "Only one `--rt-0-res' allowed"); - if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) ) + case O_RT0RES: + if (!(cb->xflags & F_RT_TYPE) || rtinfo->rt_type != 0 || + rtinfo->invflags & IP6T_RT_INV_TYP) xtables_error(PARAMETER_PROBLEM, "`--rt-type 0' required before `--rt-0-res'"); rtinfo->flags |= IP6T_RT_RES; - *flags |= IP6T_RT_RES; break; - case '5': - if (*flags & IP6T_RT_FST) - xtables_error(PARAMETER_PROBLEM, - "Only one `--rt-0-addrs' allowed"); - if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) ) + case O_RT0ADDRS: + if (!(cb->xflags & F_RT_TYPE) || rtinfo->rt_type != 0 || + rtinfo->invflags & IP6T_RT_INV_TYP) xtables_error(PARAMETER_PROBLEM, "`--rt-type 0' required before `--rt-0-addrs'"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) - xtables_error(PARAMETER_PROBLEM, - " '!' not allowed with `--rt-0-addrs'"); - rtinfo->addrnr = parse_addresses(optarg, rtinfo->addrs); + rtinfo->addrnr = parse_addresses(cb->arg, rtinfo->addrs); rtinfo->flags |= IP6T_RT_FST; - *flags |= IP6T_RT_FST; break; - case '6': - if (*flags & IP6T_RT_FST_NSTRICT) - xtables_error(PARAMETER_PROBLEM, - "Only one `--rt-0-not-strict' allowed"); - if ( !(*flags & IP6T_RT_FST) ) + case O_RT0NSTRICT: + if (!(cb->xflags & F_RT0ADDRS)) xtables_error(PARAMETER_PROBLEM, "`--rt-0-addr ...' required before `--rt-0-not-strict'"); rtinfo->flags |= IP6T_RT_FST_NSTRICT; - *flags |= IP6T_RT_FST_NSTRICT; break; } - - return 1; } static void @@ -322,10 +251,10 @@ static struct xtables_match rt_mt6_reg = { .userspacesize = XT_ALIGN(sizeof(struct ip6t_rt)), .help = rt_help, .init = rt_init, - .parse = rt_parse, + .x6_parse = rt_parse, .print = rt_print, .save = rt_save, - .extra_opts = rt_opts, + .x6_options = rt_opts, }; void -- cgit v1.2.3 From 7e79d139c1ea6e1b72bbedc53c0426c9d5ffa0e0 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 7 May 2011 03:18:11 +0200 Subject: libxt_mac: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_mac.c | 80 +++++++++++++------------------------------------- 1 file changed, 20 insertions(+), 60 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c index d7e65dac..f171d153 100644 --- a/extensions/libxt_mac.c +++ b/extensions/libxt_mac.c @@ -1,10 +1,4 @@ -/* Shared library add-on to iptables to add MAC address support. */ -#include #include -#include -#include -#include -#include #if defined(__GLIBC__) && __GLIBC__ == 2 #include #else @@ -13,6 +7,10 @@ #include #include +enum { + O_MAC = 0, +}; + static void mac_help(void) { printf( @@ -21,70 +19,33 @@ static void mac_help(void) " Match source MAC address\n"); } -static const struct option mac_opts[] = { - {.name = "mac-source", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +#define s struct xt_mac_info +static const struct xt_option_entry mac_opts[] = { + {.name = "mac-source", .id = O_MAC, .type = XTTYPE_ETHERMAC, + .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT, + XTOPT_POINTER(s, srcaddr)}, + XTOPT_TABLEEND, }; +#undef s -static void -parse_mac(const char *mac, struct xt_mac_info *info) -{ - unsigned int i = 0; - - if (strlen(mac) != ETH_ALEN*3-1) - xtables_error(PARAMETER_PROBLEM, "Bad mac address \"%s\"", mac); - - for (i = 0; i < ETH_ALEN; i++) { - long number; - char *end; - - number = strtol(mac + i*3, &end, 16); - - if (end == mac + i*3 + 2 - && number >= 0 - && number <= 255) - info->srcaddr[i] = number; - else - xtables_error(PARAMETER_PROBLEM, - "Bad mac address `%s'", mac); - } -} - -static int -mac_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void mac_parse(struct xt_option_call *cb) { - struct xt_mac_info *macinfo = (struct xt_mac_info *)(*match)->data; - - switch (c) { - case '1': - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_mac(optarg, macinfo); - if (invert) - macinfo->invert = 1; - *flags = 1; - break; - } + struct xt_mac_info *macinfo = cb->data; - return 1; + xtables_option_parse(cb); + if (cb->invert) + macinfo->invert = 1; } -static void print_mac(const unsigned char macaddress[ETH_ALEN]) +static void print_mac(const unsigned char *macaddress) { unsigned int i; printf(" %02X", macaddress[0]); - for (i = 1; i < ETH_ALEN; i++) + for (i = 1; i < ETH_ALEN; ++i) printf(":%02X", macaddress[i]); } -static void mac_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "You must specify `--mac-source'"); -} - static void mac_print(const void *ip, const struct xt_entry_match *match, int numeric) { @@ -115,11 +76,10 @@ static struct xtables_match mac_match = { .size = XT_ALIGN(sizeof(struct xt_mac_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)), .help = mac_help, - .parse = mac_parse, - .final_check = mac_check, + .x6_parse = mac_parse, .print = mac_print, .save = mac_save, - .extra_opts = mac_opts, + .x6_options = mac_opts, }; void _init(void) -- cgit v1.2.3 From 4eb3d6da8f677f978126bb00928f64da15c3d623 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 8 May 2011 14:43:55 +0200 Subject: libipt_CLUSTERIP: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libipt_CLUSTERIP.c | 157 ++++++++++++++---------------------------- 1 file changed, 52 insertions(+), 105 deletions(-) (limited to 'extensions') diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c index f7f46d1c..301e0e1d 100644 --- a/extensions/libipt_CLUSTERIP.c +++ b/extensions/libipt_CLUSTERIP.c @@ -19,6 +19,22 @@ #include #include +enum { + O_NEW = 0, + O_HASHMODE, + O_CLUSTERMAC, + O_TOTAL_NODES, + O_LOCAL_NODE, + O_HASH_INIT, + F_NEW = 1 << O_NEW, + F_HASHMODE = 1 << O_HASHMODE, + F_CLUSTERMAC = 1 << O_CLUSTERMAC, + F_TOTAL_NODES = 1 << O_TOTAL_NODES, + F_LOCAL_NODE = 1 << O_LOCAL_NODE, + F_FULL = F_NEW | F_HASHMODE | F_CLUSTERMAC | + F_TOTAL_NODES | F_LOCAL_NODE, +}; + static void CLUSTERIP_help(void) { printf( @@ -34,130 +50,61 @@ static void CLUSTERIP_help(void) " --hash-init Set init value of the Jenkins hash\n"); } -#define PARAM_NEW 0x0001 -#define PARAM_HMODE 0x0002 -#define PARAM_MAC 0x0004 -#define PARAM_TOTALNODE 0x0008 -#define PARAM_LOCALNODE 0x0010 -#define PARAM_HASHINIT 0x0020 - -static const struct option CLUSTERIP_opts[] = { - {.name = "new", .has_arg = false, .val = '1'}, - {.name = "hashmode", .has_arg = true, .val = '2'}, - {.name = "clustermac", .has_arg = true, .val = '3'}, - {.name = "total-nodes", .has_arg = true, .val = '4'}, - {.name = "local-node", .has_arg = true, .val = '5'}, - {.name = "hash-init", .has_arg = true, .val = '6'}, - XT_GETOPT_TABLEEND, +#define s struct ipt_clusterip_tgt_info +static const struct xt_option_entry CLUSTERIP_opts[] = { + {.name = "new", .id = O_NEW, .type = XTTYPE_NONE}, + {.name = "hashmode", .id = O_HASHMODE, .type = XTTYPE_STRING, + .also = O_NEW}, + {.name = "clustermac", .id = O_CLUSTERMAC, .type = XTTYPE_ETHERMAC, + .also = O_NEW, .flags = XTOPT_PUT, XTOPT_POINTER(s, clustermac)}, + {.name = "total-nodes", .id = O_TOTAL_NODES, .type = XTTYPE_UINT16, + .flags = XTOPT_PUT, XTOPT_POINTER(s, num_total_nodes), + .also = O_NEW, .max = CLUSTERIP_MAX_NODES}, + {.name = "local-node", .id = O_LOCAL_NODE, .type = XTTYPE_UINT16, + .flags = XTOPT_PUT, XTOPT_POINTER(s, local_nodes[0]), + .also = O_NEW, .max = CLUSTERIP_MAX_NODES}, + {.name = "hash-init", .id = O_HASH_INIT, .type = XTTYPE_UINT32, + .flags = XTOPT_PUT, XTOPT_POINTER(s, hash_initval), + .also = O_NEW, .max = UINT_MAX}, + XTOPT_TABLEEND, }; +#undef s -static void -parse_mac(const char *mac, char *macbuf) +static void CLUSTERIP_parse(struct xt_option_call *cb) { - unsigned int i = 0; - - if (strlen(mac) != ETH_ALEN*3-1) - xtables_error(PARAMETER_PROBLEM, "Bad mac address \"%s\"", mac); - - for (i = 0; i < ETH_ALEN; i++) { - long number; - char *end; + struct ipt_clusterip_tgt_info *cipinfo = cb->data; - number = strtol(mac + i*3, &end, 16); - - if (end == mac + i*3 + 2 - && number >= 0 - && number <= 255) - macbuf[i] = number; - else - xtables_error(PARAMETER_PROBLEM, - "Bad mac address `%s'", mac); - } -} - -static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) -{ - struct ipt_clusterip_tgt_info *cipinfo - = (struct ipt_clusterip_tgt_info *)(*target)->data; - - switch (c) { - unsigned int num; - case '1': + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_NEW: cipinfo->flags |= CLUSTERIP_FLAG_NEW; - if (*flags & PARAM_NEW) - xtables_error(PARAMETER_PROBLEM, "Can only specify \"--new\" once\n"); - *flags |= PARAM_NEW; break; - case '2': - if (!(*flags & PARAM_NEW)) - xtables_error(PARAMETER_PROBLEM, "Can only specify hashmode combined with \"--new\"\n"); - if (*flags & PARAM_HMODE) - xtables_error(PARAMETER_PROBLEM, "Can only specify hashmode once\n"); - if (!strcmp(optarg, "sourceip")) + case O_HASHMODE: + if (strcmp(cb->arg, "sourceip") == 0) cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP; - else if (!strcmp(optarg, "sourceip-sourceport")) + else if (strcmp(cb->arg, "sourceip-sourceport") == 0) cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT; - else if (!strcmp(optarg, "sourceip-sourceport-destport")) + else if (strcmp(cb->arg, "sourceip-sourceport-destport") == 0) cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT_DPT; else xtables_error(PARAMETER_PROBLEM, "Unknown hashmode \"%s\"\n", - optarg); - *flags |= PARAM_HMODE; + cb->arg); break; - case '3': - if (!(*flags & PARAM_NEW)) - xtables_error(PARAMETER_PROBLEM, "Can only specify MAC combined with \"--new\"\n"); - if (*flags & PARAM_MAC) - xtables_error(PARAMETER_PROBLEM, "Can only specify MAC once\n"); - parse_mac(optarg, (char *)cipinfo->clustermac); + case O_CLUSTERMAC: if (!(cipinfo->clustermac[0] & 0x01)) xtables_error(PARAMETER_PROBLEM, "MAC has to be a multicast ethernet address\n"); - *flags |= PARAM_MAC; - break; - case '4': - if (!(*flags & PARAM_NEW)) - xtables_error(PARAMETER_PROBLEM, "Can only specify node number combined with \"--new\"\n"); - if (*flags & PARAM_TOTALNODE) - xtables_error(PARAMETER_PROBLEM, "Can only specify total node number once\n"); - if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES)) - xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg); - cipinfo->num_total_nodes = num; - *flags |= PARAM_TOTALNODE; break; - case '5': - if (!(*flags & PARAM_NEW)) - xtables_error(PARAMETER_PROBLEM, "Can only specify node number combined with \"--new\"\n"); - if (*flags & PARAM_LOCALNODE) - xtables_error(PARAMETER_PROBLEM, "Can only specify local node number once\n"); - if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES)) - xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg); + case O_LOCAL_NODE: cipinfo->num_local_nodes = 1; - cipinfo->local_nodes[0] = num; - *flags |= PARAM_LOCALNODE; - break; - case '6': - if (!(*flags & PARAM_NEW)) - xtables_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with \"--new\"\n"); - if (*flags & PARAM_HASHINIT) - xtables_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n"); - if (!xtables_strtoui(optarg, NULL, &num, 0, UINT_MAX)) - xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg); - cipinfo->hash_initval = num; - *flags |= PARAM_HASHINIT; break; } - - return 1; } -static void CLUSTERIP_check(unsigned int flags) +static void CLUSTERIP_check(struct xt_fcheck_call *cb) { - if (flags == 0) + if (cb->xflags == 0) return; - - if ((flags & (PARAM_NEW|PARAM_HMODE|PARAM_MAC|PARAM_TOTALNODE|PARAM_LOCALNODE)) - == (PARAM_NEW|PARAM_HMODE|PARAM_MAC|PARAM_TOTALNODE|PARAM_LOCALNODE)) + if ((cb->xflags & F_FULL) == F_FULL) return; xtables_error(PARAMETER_PROBLEM, "CLUSTERIP target: Invalid parameter combination\n"); @@ -235,11 +182,11 @@ static struct xtables_target clusterip_tg_reg = { .size = XT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)), .userspacesize = offsetof(struct ipt_clusterip_tgt_info, config), .help = CLUSTERIP_help, - .parse = CLUSTERIP_parse, - .final_check = CLUSTERIP_check, + .x6_parse = CLUSTERIP_parse, + .x6_fcheck = CLUSTERIP_check, .print = CLUSTERIP_print, .save = CLUSTERIP_save, - .extra_opts = CLUSTERIP_opts, + .x6_options = CLUSTERIP_opts, }; void _init(void) -- cgit v1.2.3 From ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 7 May 2011 14:39:08 +0200 Subject: libxt_iprange: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_iprange.c | 144 +++++++++++++++++---------------------------- 1 file changed, 54 insertions(+), 90 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 2a914165..2c9ea992 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -1,12 +1,7 @@ -/* Shared library add-on to iptables to add IP range matching support. */ -#include +#include #include -#include #include #include -#include - -#include #include #include #include @@ -25,8 +20,8 @@ struct ipt_iprange_info { }; enum { - F_SRCIP = 1 << 0, - F_DSTIP = 1 << 1, + O_SRC_RANGE = 0, + O_DST_RANGE, }; static void iprange_mt_help(void) @@ -37,10 +32,12 @@ static void iprange_mt_help(void) "[!] --dst-range ip[-ip] Match destination IP in the specified range\n"); } -static const struct option iprange_mt_opts[] = { - {.name = "src-range", .has_arg = true, .val = '1'}, - {.name = "dst-range", .has_arg = true, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry iprange_mt_opts[] = { + {.name = "src-range", .id = O_SRC_RANGE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + {.name = "dst-range", .id = O_DST_RANGE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + XTOPT_TABLEEND, }; static void @@ -73,14 +70,18 @@ iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range, } } -static void iprange_parse_range(char *arg, union nf_inet_addr *range, +static void iprange_parse_range(const char *oarg, union nf_inet_addr *range, uint8_t family, const char *optname) { + char *arg = strdup(oarg); char *dash; + if (arg == NULL) + xtables_error(RESOURCE_PROBLEM, "strdup"); dash = strchr(arg, '-'); if (dash == NULL) { iprange_parse_spec(arg, arg, range, family, optname); + free(arg); return; } @@ -89,108 +90,71 @@ static void iprange_parse_range(char *arg, union nf_inet_addr *range, if (memcmp(&range[0], &range[1], sizeof(*range)) > 0) fprintf(stderr, "xt_iprange: range %s-%s is reversed and " "will never match\n", arg, dash + 1); + free(arg); } -static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void iprange_parse(struct xt_option_call *cb) { - struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data; + struct ipt_iprange_info *info = cb->data; union nf_inet_addr range[2]; - switch (c) { - case '1': - if (*flags & IPRANGE_SRC) - xtables_error(PARAMETER_PROBLEM, - "iprange match: Only use --src-range ONCE!"); - *flags |= IPRANGE_SRC; - + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SRC_RANGE: info->flags |= IPRANGE_SRC; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) + if (cb->invert) info->flags |= IPRANGE_SRC_INV; - iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range"); + iprange_parse_range(cb->arg, range, NFPROTO_IPV4, "--src-range"); info->src.min_ip = range[0].ip; info->src.max_ip = range[1].ip; break; - - case '2': - if (*flags & IPRANGE_DST) - xtables_error(PARAMETER_PROBLEM, - "iprange match: Only use --dst-range ONCE!"); - *flags |= IPRANGE_DST; - + case O_DST_RANGE: info->flags |= IPRANGE_DST; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) + if (cb->invert) info->flags |= IPRANGE_DST_INV; - - iprange_parse_range(optarg, range, NFPROTO_IPV4, "--dst-range"); + iprange_parse_range(cb->arg, range, NFPROTO_IPV4, "--dst-range"); info->dst.min_ip = range[0].ip; info->dst.max_ip = range[1].ip; break; } - return 1; } -static int -iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void iprange_mt_parse(struct xt_option_call *cb, uint8_t nfproto) { - struct xt_iprange_mtinfo *info = (void *)(*match)->data; + struct xt_iprange_mtinfo *info = cb->data; - switch (c) { - case '1': /* --src-range */ - iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV4, + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SRC_RANGE: + iprange_parse_range(cb->arg, &info->src_min, nfproto, "--src-range"); info->flags |= IPRANGE_SRC; - if (invert) + if (cb->invert) info->flags |= IPRANGE_SRC_INV; - *flags |= F_SRCIP; - return true; - - case '2': /* --dst-range */ - iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV4, + break; + case O_DST_RANGE: + iprange_parse_range(cb->arg, &info->dst_min, nfproto, "--dst-range"); info->flags |= IPRANGE_DST; - if (invert) + if (cb->invert) info->flags |= IPRANGE_DST_INV; - *flags |= F_DSTIP; - return true; + break; } - return false; } -static int -iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void iprange_mt4_parse(struct xt_option_call *cb) { - struct xt_iprange_mtinfo *info = (void *)(*match)->data; - - switch (c) { - case '1': /* --src-range */ - iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV6, - "--src-range"); - info->flags |= IPRANGE_SRC; - if (invert) - info->flags |= IPRANGE_SRC_INV; - *flags |= F_SRCIP; - return true; + iprange_mt_parse(cb, NFPROTO_IPV4); +} - case '2': /* --dst-range */ - iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV6, - "--dst-range"); - info->flags |= IPRANGE_DST; - if (invert) - info->flags |= IPRANGE_DST_INV; - *flags |= F_DSTIP; - return true; - } - return false; +static void iprange_mt6_parse(struct xt_option_call *cb) +{ + iprange_mt_parse(cb, NFPROTO_IPV6); } -static void iprange_mt_check(unsigned int flags) +static void iprange_mt_check(struct xt_fcheck_call *cb) { - if (flags == 0) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, "iprange match: You must specify `--src-range' or `--dst-range'"); } @@ -341,11 +305,11 @@ static struct xtables_match iprange_mt_reg[] = { .size = XT_ALIGN(sizeof(struct ipt_iprange_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)), .help = iprange_mt_help, - .parse = iprange_parse, - .final_check = iprange_mt_check, + .x6_parse = iprange_parse, + .x6_fcheck = iprange_mt_check, .print = iprange_print, .save = iprange_save, - .extra_opts = iprange_mt_opts, + .x6_options = iprange_mt_opts, }, { .version = XTABLES_VERSION, @@ -355,11 +319,11 @@ static struct xtables_match iprange_mt_reg[] = { .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)), .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)), .help = iprange_mt_help, - .parse = iprange_mt4_parse, - .final_check = iprange_mt_check, + .x6_parse = iprange_mt4_parse, + .x6_fcheck = iprange_mt_check, .print = iprange_mt4_print, .save = iprange_mt4_save, - .extra_opts = iprange_mt_opts, + .x6_options = iprange_mt_opts, }, { .version = XTABLES_VERSION, @@ -369,11 +333,11 @@ static struct xtables_match iprange_mt_reg[] = { .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)), .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)), .help = iprange_mt_help, - .parse = iprange_mt6_parse, - .final_check = iprange_mt_check, + .x6_parse = iprange_mt6_parse, + .x6_fcheck = iprange_mt_check, .print = iprange_mt6_print, .save = iprange_mt6_save, - .extra_opts = iprange_mt_opts, + .x6_options = iprange_mt_opts, }, }; -- cgit v1.2.3 From f875e84427de17b34ecb69a56d87161571ffab76 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 8 May 2011 18:18:46 +0200 Subject: libipt_DNAT: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libipt_DNAT.c | 88 +++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 49 deletions(-) (limited to 'extensions') diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 49c74e10..e7fd7c92 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -1,18 +1,20 @@ -/* Shared library add-on to iptables to add destination-NAT support. */ -#include #include #include #include #include -#include #include #include /* get_kernel_version */ #include /* INT_MAX in ip_tables.h */ #include #include -#define IPT_DNAT_OPT_DEST 0x1 -#define IPT_DNAT_OPT_RANDOM 0x2 +enum { + O_TO_DEST = 0, + O_RANDOM, + O_PERSISTENT, + F_TO_DEST = 1 << O_TO_DEST, + F_RANDOM = 1 << O_RANDOM, +}; /* Dest NAT data consists of a multi-range, indicating where to map to. */ @@ -31,11 +33,12 @@ static void DNAT_help(void) "[--random] [--persistent]\n"); } -static const struct option DNAT_opts[] = { - {.name = "to-destination", .has_arg = true, .val = '1'}, - {.name = "random", .has_arg = false, .val = '2'}, - {.name = "persistent", .has_arg = false, .val = '3'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry DNAT_opts[] = { + {.name = "to-destination", .id = O_TO_DEST, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_MULTI}, + {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE}, + {.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static struct ipt_natinfo * @@ -59,12 +62,15 @@ append_range(struct ipt_natinfo *info, const struct nf_nat_range *range) /* Ranges expected in network order. */ static struct xt_entry_target * -parse_to(char *arg, int portok, struct ipt_natinfo *info) +parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) { struct nf_nat_range range; - char *colon, *dash, *error; + char *arg, *colon, *dash, *error; const struct in_addr *ip; + arg = strdup(orig_arg); + if (arg == NULL) + xtables_error(RESOURCE_PROBLEM, "strdup"); memset(&range, 0, sizeof(range)); colon = strchr(arg, ':'); @@ -107,8 +113,10 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) range.max.tcp.port = htons(maxport); } /* Starts with a colon? No IP info...*/ - if (colon == arg) + if (colon == arg) { + free(arg); return &(append_range(info, &range)->t); + } *colon = '\0'; } @@ -134,14 +142,14 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) } else range.max_ip = range.min_ip; + free(arg); return &(append_range(info, &range)->t); } -static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags, - const void *e, struct xt_entry_target **target) +static void DNAT_parse(struct xt_option_call *cb) { - const struct ipt_entry *entry = e; - struct ipt_natinfo *info = (void *)*target; + const struct ipt_entry *entry = cb->xt_entry; + struct ipt_natinfo *info = (void *)(*cb->target); int portok; if (entry->ip.proto == IPPROTO_TCP @@ -153,46 +161,29 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags, else portok = 0; - switch (c) { - case '1': - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --to-destination"); - - if (*flags & IPT_DNAT_OPT_DEST) { + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TO_DEST: + if (cb->xflags & F_TO_DEST) { if (!kernel_version) get_kernel_version(); if (kernel_version > LINUX_VERSION(2, 6, 10)) xtables_error(PARAMETER_PROBLEM, "Multiple --to-destination not supported"); } - *target = parse_to(optarg, portok, info); + *cb->target = parse_to(cb->arg, portok, info); /* WTF do we need this for?? */ - if (*flags & IPT_DNAT_OPT_RANDOM) + if (cb->xflags & F_RANDOM) info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - *flags |= IPT_DNAT_OPT_DEST; - return 1; - - case '2': - if (*flags & IPT_DNAT_OPT_DEST) { + break; + case O_RANDOM: + if (cb->xflags & F_TO_DEST) info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - *flags |= IPT_DNAT_OPT_RANDOM; - } else - *flags |= IPT_DNAT_OPT_RANDOM; - return 1; - - case '3': + break; + case O_PERSISTENT: info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT; - return 1; + break; } - return 0; -} - -static void DNAT_check(unsigned int flags) -{ - if (!(flags & IPT_DNAT_OPT_DEST)) - xtables_error(PARAMETER_PROBLEM, - "You must specify --to-destination"); } static void print_range(const struct nf_nat_range *r) @@ -253,11 +244,10 @@ static struct xtables_target dnat_tg_reg = { .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), .help = DNAT_help, - .parse = DNAT_parse, - .final_check = DNAT_check, + .x6_parse = DNAT_parse, .print = DNAT_print, .save = DNAT_save, - .extra_opts = DNAT_opts, + .x6_options = DNAT_opts, }; void _init(void) -- cgit v1.2.3 From 9f4a637ee5856e8f260e3f3867782ed5584e00f9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 8 May 2011 19:07:28 +0200 Subject: libipt_SNAT: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libipt_SNAT.c | 88 +++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 49 deletions(-) (limited to 'extensions') diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 532770da..97769e68 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -1,18 +1,20 @@ -/* Shared library add-on to iptables to add source-NAT support. */ -#include #include #include #include #include -#include #include #include #include /* INT_MAX in ip_tables.h */ #include #include -#define IPT_SNAT_OPT_SOURCE 0x01 -#define IPT_SNAT_OPT_RANDOM 0x02 +enum { + O_TO_SRC = 0, + O_RANDOM, + O_PERSISTENT, + F_TO_SRC = 1 << O_TO_SRC, + F_RANDOM = 1 << O_RANDOM, +}; /* Source NAT data consists of a multi-range, indicating where to map to. */ @@ -31,11 +33,12 @@ static void SNAT_help(void) "[--random] [--persistent]\n"); } -static const struct option SNAT_opts[] = { - {.name = "to-source", .has_arg = true, .val = '1'}, - {.name = "random", .has_arg = false, .val = '2'}, - {.name = "persistent", .has_arg = false, .val = '3'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry SNAT_opts[] = { + {.name = "to-source", .id = O_TO_SRC, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_MULTI}, + {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE}, + {.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static struct ipt_natinfo * @@ -59,12 +62,15 @@ append_range(struct ipt_natinfo *info, const struct nf_nat_range *range) /* Ranges expected in network order. */ static struct xt_entry_target * -parse_to(char *arg, int portok, struct ipt_natinfo *info) +parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) { struct nf_nat_range range; - char *colon, *dash, *error; + char *arg, *colon, *dash, *error; const struct in_addr *ip; + arg = strdup(orig_arg); + if (arg == NULL) + xtables_error(RESOURCE_PROBLEM, "strdup"); memset(&range, 0, sizeof(range)); colon = strchr(arg, ':'); @@ -107,8 +113,10 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) range.max.tcp.port = htons(maxport); } /* Starts with a colon? No IP info...*/ - if (colon == arg) + if (colon == arg) { + free(arg); return &(append_range(info, &range)->t); + } *colon = '\0'; } @@ -134,14 +142,14 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) } else range.max_ip = range.min_ip; + free(arg); return &(append_range(info, &range)->t); } -static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags, - const void *e, struct xt_entry_target **target) +static void SNAT_parse(struct xt_option_call *cb) { - const struct ipt_entry *entry = e; - struct ipt_natinfo *info = (void *)*target; + const struct ipt_entry *entry = cb->xt_entry; + struct ipt_natinfo *info = (void *)(*cb->target); int portok; if (entry->ip.proto == IPPROTO_TCP @@ -153,46 +161,29 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags, else portok = 0; - switch (c) { - case '1': - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --to-source"); - - if (*flags & IPT_SNAT_OPT_SOURCE) { + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TO_SRC: + if (cb->xflags & F_TO_SRC) { if (!kernel_version) get_kernel_version(); if (kernel_version > LINUX_VERSION(2, 6, 10)) xtables_error(PARAMETER_PROBLEM, "Multiple --to-source not supported"); } - *target = parse_to(optarg, portok, info); + *cb->target = parse_to(cb->arg, portok, info); /* WTF do we need this for?? */ - if (*flags & IPT_SNAT_OPT_RANDOM) + if (cb->xflags & F_RANDOM) info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - *flags |= IPT_SNAT_OPT_SOURCE; - return 1; - - case '2': - if (*flags & IPT_SNAT_OPT_SOURCE) { + break; + case O_RANDOM: + if (cb->xflags & F_TO_SRC) info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - *flags |= IPT_SNAT_OPT_RANDOM; - } else - *flags |= IPT_SNAT_OPT_RANDOM; - return 1; - - case '3': + break; + case O_PERSISTENT: info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT; - return 1; + break; } - return 0; -} - -static void SNAT_check(unsigned int flags) -{ - if (!(flags & IPT_SNAT_OPT_SOURCE)) - xtables_error(PARAMETER_PROBLEM, - "You must specify --to-source"); } static void print_range(const struct nf_nat_range *r) @@ -253,11 +244,10 @@ static struct xtables_target snat_tg_reg = { .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), .help = SNAT_help, - .parse = SNAT_parse, - .final_check = SNAT_check, + .x6_parse = SNAT_parse, .print = SNAT_print, .save = SNAT_save, - .extra_opts = SNAT_opts, + .x6_options = SNAT_opts, }; void _init(void) -- cgit v1.2.3 From bf07750fd4fc5f5e603e59e72d62696d2389e9b3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 8 May 2011 19:46:17 +0200 Subject: libipt_MASQUERADE: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libipt_MASQUERADE.c | 48 ++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 27 deletions(-) (limited to 'extensions') diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 00baf25e..7ba42dfd 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -1,5 +1,3 @@ -/* Shared library add-on to iptables to add masquerade support. */ -#include #include #include #include @@ -10,6 +8,11 @@ #include #include +enum { + O_TO_PORTS = 0, + O_RANDOM, +}; + static void MASQUERADE_help(void) { printf( @@ -20,10 +23,10 @@ static void MASQUERADE_help(void) " Randomize source port.\n"); } -static const struct option MASQUERADE_opts[] = { - {.name = "to-ports", .has_arg = true, .val = '1'}, - {.name = "random", .has_arg = false, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry MASQUERADE_opts[] = { + {.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING}, + {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static void MASQUERADE_init(struct xt_entry_target *t) @@ -32,7 +35,6 @@ static void MASQUERADE_init(struct xt_entry_target *t) /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; - } /* Parses ports */ @@ -69,13 +71,11 @@ parse_ports(const char *arg, struct nf_nat_multi_range *mr) xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg); } -static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, - const void *e, struct xt_entry_target **target) +static void MASQUERADE_parse(struct xt_option_call *cb) { - const struct ipt_entry *entry = e; + const struct ipt_entry *entry = cb->xt_entry; int portok; - struct nf_nat_multi_range *mr - = (struct nf_nat_multi_range *)(*target)->data; + struct nf_nat_multi_range *mr = cb->data; if (entry->ip.proto == IPPROTO_TCP || entry->ip.proto == IPPROTO_UDP @@ -86,24 +86,18 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, else portok = 0; - switch (c) { - case '1': + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TO_PORTS: if (!portok) xtables_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --to-ports"); - - parse_ports(optarg, mr); - return 1; - - case '2': + parse_ports(cb->arg, mr); + break; + case O_RANDOM: mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - return 1; + break; } - return 0; } static void @@ -148,10 +142,10 @@ static struct xtables_target masquerade_tg_reg = { .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), .help = MASQUERADE_help, .init = MASQUERADE_init, - .parse = MASQUERADE_parse, + .x6_parse = MASQUERADE_parse, .print = MASQUERADE_print, .save = MASQUERADE_save, - .extra_opts = MASQUERADE_opts, + .x6_options = MASQUERADE_opts, }; void _init(void) -- cgit v1.2.3 From c0bba1a8033ce15d1eec80da94c8f249a967568e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 9 May 2011 01:10:30 +0200 Subject: libipt_REDIRECT: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libipt_REDIRECT.c | 62 ++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 37 deletions(-) (limited to 'extensions') diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 471ff29a..426a7463 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -1,17 +1,17 @@ -/* Shared library add-on to iptables to add redirect support. */ -#include #include -#include #include #include -#include #include #include /* INT_MAX in ip_tables.h */ #include #include -#define IPT_REDIRECT_OPT_DEST 0x01 -#define IPT_REDIRECT_OPT_RANDOM 0x02 +enum { + O_TO_PORTS = 0, + O_RANDOM, + F_TO_PORTS = 1 << O_TO_PORTS, + F_RANDOM = 1 << O_RANDOM, +}; static void REDIRECT_help(void) { @@ -22,10 +22,11 @@ static void REDIRECT_help(void) " [--random]\n"); } -static const struct option REDIRECT_opts[] = { - {.name = "to-ports", .has_arg = true, .val = '1'}, - {.name = "random", .has_arg = false, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry REDIRECT_opts[] = { + {.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static void REDIRECT_init(struct xt_entry_target *t) @@ -34,7 +35,6 @@ static void REDIRECT_init(struct xt_entry_target *t) /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; - } /* Parses ports */ @@ -73,12 +73,10 @@ parse_ports(const char *arg, struct nf_nat_multi_range *mr) xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg); } -static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, - const void *e, struct xt_entry_target **target) +static void REDIRECT_parse(struct xt_option_call *cb) { - const struct ipt_entry *entry = e; - struct nf_nat_multi_range *mr - = (struct nf_nat_multi_range *)(*target)->data; + const struct ipt_entry *entry = cb->xt_entry; + struct nf_nat_multi_range *mr = (void *)(*cb->target)->data; int portok; if (entry->ip.proto == IPPROTO_TCP @@ -90,31 +88,21 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, else portok = 0; - switch (c) { - case '1': + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TO_PORTS: if (!portok) xtables_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --to-ports"); - - parse_ports(optarg, mr); - if (*flags & IPT_REDIRECT_OPT_RANDOM) + parse_ports(cb->arg, mr); + if (cb->xflags & F_RANDOM) mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - *flags |= IPT_REDIRECT_OPT_DEST; - return 1; - - case '2': - if (*flags & IPT_REDIRECT_OPT_DEST) { + break; + case O_RANDOM: + if (cb->xflags & F_TO_PORTS) mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; - *flags |= IPT_REDIRECT_OPT_RANDOM; - } else - *flags |= IPT_REDIRECT_OPT_RANDOM; - return 1; + break; } - return 0; } static void REDIRECT_print(const void *ip, const struct xt_entry_target *target, @@ -156,10 +144,10 @@ static struct xtables_target redirect_tg_reg = { .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), .help = REDIRECT_help, .init = REDIRECT_init, - .parse = REDIRECT_parse, + .x6_parse = REDIRECT_parse, .print = REDIRECT_print, .save = REDIRECT_save, - .extra_opts = REDIRECT_opts, + .x6_options = REDIRECT_opts, }; void _init(void) -- cgit v1.2.3 From 8d14aeb8c4c3dc8ce9264b04b97f2e8634c1f381 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 9 May 2011 02:29:02 +0200 Subject: libipt_SAME: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libipt_SAME.c | 82 ++++++++++++++++++------------------------------ 1 file changed, 30 insertions(+), 52 deletions(-) (limited to 'extensions') diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index b18351e8..2ff6c82e 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -1,15 +1,17 @@ -/* Shared library add-on to iptables to add simple non load-balancing SNAT support. */ -#include #include -#include #include #include -#include #include #include -/* For 64bit kernel / 32bit userspace */ #include +enum { + O_TO_ADDR = 0, + O_NODST, + O_RANDOM, + F_RANDOM = 1 << O_RANDOM, +}; + static void SAME_help(void) { printf( @@ -25,20 +27,23 @@ static void SAME_help(void) " Randomize source port\n"); } -static const struct option SAME_opts[] = { - {.name = "to", .has_arg = true, .val = '1'}, - {.name = "nodst", .has_arg = false, .val = '2'}, - {.name = "random", .has_arg = false, .val = '3'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry SAME_opts[] = { + {.name = "to", .id = O_TO_ADDR, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + {.name = "nodst", .id = O_NODST, .type = XTTYPE_NONE}, + {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; /* Parses range of IPs */ -static void -parse_to(char *arg, struct nf_nat_range *range) +static void parse_to(const char *orig_arg, struct nf_nat_range *range) { - char *dash; + char *dash, *arg; const struct in_addr *ip; + arg = strdup(orig_arg); + if (arg == NULL) + xtables_error(RESOURCE_PROBLEM, "strdup"); range->flags |= IP_NAT_RANGE_MAP_IPS; dash = strchr(arg, '-'); @@ -62,63 +67,37 @@ parse_to(char *arg, struct nf_nat_range *range) if (range->min_ip > range->max_ip) xtables_error(PARAMETER_PROBLEM, "Bad IP range \"%s-%s\"\n", arg, dash+1); + free(arg); } -#define IPT_SAME_OPT_TO 0x01 -#define IPT_SAME_OPT_NODST 0x02 -#define IPT_SAME_OPT_RANDOM 0x04 - -static int SAME_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void SAME_parse(struct xt_option_call *cb) { - struct ipt_same_info *mr - = (struct ipt_same_info *)(*target)->data; + struct ipt_same_info *mr = cb->data; unsigned int count; - switch (c) { - case '1': + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TO_ADDR: if (mr->rangesize == IPT_SAME_MAX_RANGE) xtables_error(PARAMETER_PROBLEM, "Too many ranges specified, maximum " "is %i ranges.\n", IPT_SAME_MAX_RANGE); - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --to"); - - parse_to(optarg, &mr->range[mr->rangesize]); + parse_to(cb->arg, &mr->range[mr->rangesize]); /* WTF do we need this for? */ - if (*flags & IPT_SAME_OPT_RANDOM) + if (cb->xflags & F_RANDOM) mr->range[mr->rangesize].flags |= IP_NAT_RANGE_PROTO_RANDOM; mr->rangesize++; - *flags |= IPT_SAME_OPT_TO; break; - - case '2': - if (*flags & IPT_SAME_OPT_NODST) - xtables_error(PARAMETER_PROBLEM, - "Can't specify --nodst twice"); - + case O_NODST: mr->info |= IPT_SAME_NODST; - *flags |= IPT_SAME_OPT_NODST; break; - - case '3': - *flags |= IPT_SAME_OPT_RANDOM; + case O_RANDOM: for (count=0; count < mr->rangesize; count++) mr->range[count].flags |= IP_NAT_RANGE_PROTO_RANDOM; break; } - - return 1; -} - -static void SAME_check(unsigned int flags) -{ - if (!(flags & IPT_SAME_OPT_TO)) - xtables_error(PARAMETER_PROBLEM, - "SAME needs --to"); } static void SAME_print(const void *ip, const struct xt_entry_target *target, @@ -186,11 +165,10 @@ static struct xtables_target same_tg_reg = { .size = XT_ALIGN(sizeof(struct ipt_same_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_same_info)), .help = SAME_help, - .parse = SAME_parse, - .final_check = SAME_check, + .x6_parse = SAME_parse, .print = SAME_print, .save = SAME_save, - .extra_opts = SAME_opts, + .x6_options = SAME_opts, }; void _init(void) -- cgit v1.2.3