From 458d84de2412b43604a8efe2b82a2084a2859a46 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 1 Mar 2011 19:48:10 +0100 Subject: extensions: add missing checks for specific flags (2) Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use ipv6header's --soft without specifying any options. Signed-off-by: Jan Engelhardt --- extensions/libip6t_ipv6header.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index 187e0a43..c05cedbb 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -202,7 +202,9 @@ ipv6header_parse(int c, char **argv, int invert, unsigned int *flags, static void ipv6header_check(unsigned int flags) { - if (!flags) xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: no options specified"); + if (!(flags & IPV6_HDR_HEADER)) + xtables_error(PARAMETER_PROBLEM, + "ip6t_ipv6header: no options specified"); } static void -- cgit v1.2.3 From f92bca9da4ee68f05dbb827a8444804a8edb1b87 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 27 Feb 2011 16:54:27 +0100 Subject: libxt_CHECKSUM: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_CHECKSUM.c | 46 ++++++++++++++------------------------------- 1 file changed, 14 insertions(+), 32 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c index 83b3d699..df9f9b3c 100644 --- a/extensions/libxt_CHECKSUM.c +++ b/extensions/libxt_CHECKSUM.c @@ -8,15 +8,14 @@ * * libxt_CHECKSUM.c borrowed some bits from libipt_ECN.c */ -#include #include -#include -#include -#include - #include #include +enum { + O_CHECKSUM_FILL = 0, +}; + static void CHECKSUM_help(void) { printf( @@ -24,34 +23,18 @@ static void CHECKSUM_help(void) " --checksum-fill Fill in packet checksum.\n"); } -static const struct option CHECKSUM_opts[] = { - {.name = "checksum-fill", .has_arg = false, .val = 'F'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry CHECKSUM_opts[] = { + {.name = "checksum-fill", .id = O_CHECKSUM_FILL, + .flags = XTOPT_MAND, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; -static int CHECKSUM_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void CHECKSUM_parse(struct xt_option_call *cb) { - struct xt_CHECKSUM_info *einfo - = (struct xt_CHECKSUM_info *)(*target)->data; - - switch (c) { - case 'F': - xtables_param_act(XTF_ONLY_ONCE, "CHECKSUM", "--checksum-fill", - *flags & XT_CHECKSUM_OP_FILL); - einfo->operation = XT_CHECKSUM_OP_FILL; - *flags |= XT_CHECKSUM_OP_FILL; - break; - } + struct xt_CHECKSUM_info *einfo = cb->data; - return 1; -} - -static void CHECKSUM_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "CHECKSUM target: Parameter --checksum-fill is required"); + xtables_option_parse(cb); + einfo->operation = XT_CHECKSUM_OP_FILL; } static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target, @@ -82,11 +65,10 @@ static struct xtables_target checksum_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), .help = CHECKSUM_help, - .parse = CHECKSUM_parse, - .final_check = CHECKSUM_check, .print = CHECKSUM_print, .save = CHECKSUM_save, - .extra_opts = CHECKSUM_opts, + .x6_parse = CHECKSUM_parse, + .x6_options = CHECKSUM_opts, }; void _init(void) -- cgit v1.2.3 From 9c5c10554c61f0b22cbc65b27b765fa8172040f7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 18 Feb 2011 03:22:52 +0100 Subject: libxt_socket: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_socket.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c index e89d1c56..39016493 100644 --- a/extensions/libxt_socket.c +++ b/extensions/libxt_socket.c @@ -3,15 +3,17 @@ * * Copyright (C) 2007 BalaBit IT Ltd. */ -#include -#include #include #include #include -static const struct option socket_mt_opts[] = { - {.name = "transparent", .has_arg = false, .val = 't'}, - XT_GETOPT_TABLEEND, +enum { + O_TRANSPARENT = 0, +}; + +static const struct xt_option_entry socket_mt_opts[] = { + {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static void socket_mt_help(void) @@ -21,17 +23,16 @@ static void socket_mt_help(void) " --transparent Ignore non-transparent sockets\n\n"); } -static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void socket_mt_parse(struct xt_option_call *cb) { - struct xt_socket_mtinfo1 *info = (void *)(*match)->data; + struct xt_socket_mtinfo1 *info = cb->data; - switch (c) { - case 't': + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TRANSPARENT: info->flags |= XT_SOCKET_TRANSPARENT; - return true; + break; } - return false; } static void @@ -68,10 +69,10 @@ static struct xtables_match socket_mt_reg[] = { .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), .help = socket_mt_help, - .parse = socket_mt_parse, .print = socket_mt_print, .save = socket_mt_save, - .extra_opts = socket_mt_opts, + .x6_parse = socket_mt_parse, + .x6_options = socket_mt_opts, }, }; -- cgit v1.2.3 From 97265fb806dffc6fd87ee5e0f0963dfbe7a094f6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 27 Feb 2011 16:50:22 +0100 Subject: libxt_CONNSECMARK: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_CONNSECMARK.c | 59 ++++++++++++++++-------------------------- 1 file changed, 23 insertions(+), 36 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c index 6b161f3b..df2e6b82 100644 --- a/extensions/libxt_CONNSECMARK.c +++ b/extensions/libxt_CONNSECMARK.c @@ -5,16 +5,19 @@ * * Copyright (C) 2006 Red Hat, Inc., James Morris */ -#include #include -#include -#include -#include #include #include #define PFX "CONNSECMARK target: " +enum { + O_SAVE = 0, + O_RESTORE, + F_SAVE = 1 << O_SAVE, + F_RESTORE = 1 << O_RESTORE, +}; + static void CONNSECMARK_help(void) { printf( @@ -23,48 +26,32 @@ static void CONNSECMARK_help(void) " --restore Copy security mark from connection to packet\n"); } -static const struct option CONNSECMARK_opts[] = { - {.name = "save", .has_arg = false, .val = '1'}, - {.name = "restore", .has_arg = false, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry CONNSECMARK_opts[] = { + {.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE}, + {.name = "restore", .id = O_RESTORE, .excl = F_SAVE, + .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; -static int -CONNSECMARK_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void CONNSECMARK_parse(struct xt_option_call *cb) { - struct xt_connsecmark_target_info *info = - (struct xt_connsecmark_target_info*)(*target)->data; + struct xt_connsecmark_target_info *info = cb->data; - switch (c) { - case '1': - if (*flags & CONNSECMARK_SAVE) - xtables_error(PARAMETER_PROBLEM, PFX - "Can't specify --save twice"); + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SAVE: info->mode = CONNSECMARK_SAVE; - *flags |= CONNSECMARK_SAVE; break; - - case '2': - if (*flags & CONNSECMARK_RESTORE) - xtables_error(PARAMETER_PROBLEM, PFX - "Can't specify --restore twice"); + case O_RESTORE: info->mode = CONNSECMARK_RESTORE; - *flags |= CONNSECMARK_RESTORE; break; } - - return 1; } -static void CONNSECMARK_check(unsigned int flags) +static void CONNSECMARK_check(struct xt_fcheck_call *cb) { - if (!flags) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); - - if (flags == (CONNSECMARK_SAVE|CONNSECMARK_RESTORE)) - xtables_error(PARAMETER_PROBLEM, PFX "only one flag of --save " - "or --restore is allowed"); } static void print_connsecmark(const struct xt_connsecmark_target_info *info) @@ -111,12 +98,12 @@ static struct xtables_target connsecmark_target = { .revision = 0, .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)), - .parse = CONNSECMARK_parse, .help = CONNSECMARK_help, - .final_check = CONNSECMARK_check, .print = CONNSECMARK_print, .save = CONNSECMARK_save, - .extra_opts = CONNSECMARK_opts, + .x6_parse = CONNSECMARK_parse, + .x6_fcheck = CONNSECMARK_check, + .x6_options = CONNSECMARK_opts, }; void _init(void) -- cgit v1.2.3 From 93112921153c43dc0521be499f6a792d2aaae5e9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 18 Feb 2011 03:41:18 +0100 Subject: libxt_cpu: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_cpu.c | 65 +++++++++++++------------------------------------- 1 file changed, 16 insertions(+), 49 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_cpu.c b/extensions/libxt_cpu.c index 77efec7f..404a6a66 100644 --- a/extensions/libxt_cpu.c +++ b/extensions/libxt_cpu.c @@ -1,13 +1,11 @@ -/* Shared library add-on to iptables to add CPU match support. */ -#include #include -#include -#include -#include -#include #include #include +enum { + O_CPU = 0, +}; + static void cpu_help(void) { printf( @@ -15,50 +13,20 @@ static void cpu_help(void) "[!] --cpu number Match CPU number\n"); } -static const struct option cpu_opts[] = { - {.name = "cpu", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry cpu_opts[] = { + {.name = "cpu", .id = O_CPU, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_MAND | XTOPT_PUT, + XTOPT_POINTER(struct xt_cpu_info, cpu)}, + XTOPT_TABLEEND, }; -static void -parse_cpu(const char *s, struct xt_cpu_info *info) +static void cpu_parse(struct xt_option_call *cb) { - unsigned int cpu; - char *end; - - if (!xtables_strtoui(s, &end, &cpu, 0, UINT32_MAX)) - xtables_param_act(XTF_BAD_VALUE, "cpu", "--cpu", s); - - if (*end != '\0') - xtables_param_act(XTF_BAD_VALUE, "cpu", "--cpu", s); - - info->cpu = cpu; -} + struct xt_cpu_info *cpuinfo = cb->data; -static int -cpu_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) -{ - struct xt_cpu_info *cpuinfo = (struct xt_cpu_info *)(*match)->data; - - switch (c) { - case '1': - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_cpu(optarg, cpuinfo); - if (invert) - cpuinfo->invert = 1; - *flags = 1; - break; - } - - return 1; -} - -static void cpu_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "You must specify `--cpu'"); + xtables_option_parse(cb); + if (cb->invert) + cpuinfo->invert = true; } static void @@ -83,11 +51,10 @@ static struct xtables_match cpu_match = { .size = XT_ALIGN(sizeof(struct xt_cpu_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_cpu_info)), .help = cpu_help, - .parse = cpu_parse, - .final_check = cpu_check, .print = cpu_print, .save = cpu_save, - .extra_opts = cpu_opts, + .x6_parse = cpu_parse, + .x6_options = cpu_opts, }; void _init(void) -- cgit v1.2.3 From b18ffe3636b07cd817628de81643136e4755a944 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 27 Feb 2011 17:52:23 +0100 Subject: libxt_cluster: use guided option parser Signed-off-by: Jan Engelhardt --- extensions/libxt_cluster.c | 187 ++++++++++++--------------------------------- 1 file changed, 48 insertions(+), 139 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_cluster.c b/extensions/libxt_cluster.c index e1607d04..3adff12c 100644 --- a/extensions/libxt_cluster.c +++ b/extensions/libxt_cluster.c @@ -5,21 +5,10 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ -#include #include -#include -#include -#include -#include - #include -#include #include -/* hack to keep for check */ -static unsigned int total_nodes; -static unsigned int node_mask; - static void cluster_help(void) { @@ -32,160 +21,80 @@ cluster_help(void) } enum { - CLUSTER_OPT_TOTAL_NODES, - CLUSTER_OPT_LOCAL_NODE, - CLUSTER_OPT_NODE_MASK, - CLUSTER_OPT_HASH_SEED, + O_CL_TOTAL_NODES = 0, + O_CL_LOCAL_NODE, + O_CL_LOCAL_NODEMASK, + O_CL_HASH_SEED, + F_CL_TOTAL_NODES = 1 << O_CL_TOTAL_NODES, + F_CL_LOCAL_NODE = 1 << O_CL_LOCAL_NODE, + F_CL_LOCAL_NODEMASK = 1 << O_CL_LOCAL_NODEMASK, + F_CL_HASH_SEED = 1 << O_CL_HASH_SEED, }; -static const struct option cluster_opts[] = { - {.name = "cluster-total-nodes", .has_arg = true, .val = CLUSTER_OPT_TOTAL_NODES}, - {.name = "cluster-local-node", .has_arg = true, .val = CLUSTER_OPT_LOCAL_NODE}, - {.name = "cluster-local-nodemask", .has_arg = true, .val = CLUSTER_OPT_NODE_MASK}, - {.name = "cluster-hash-seed", .has_arg = true, .val = CLUSTER_OPT_HASH_SEED}, - XT_GETOPT_TABLEEND, +#define s struct xt_cluster_match_info +static const struct xt_option_entry cluster_opts[] = { + {.name = "cluster-total-nodes", .id = O_CL_TOTAL_NODES, + .type = XTTYPE_UINT32, .min = 1, .max = XT_CLUSTER_NODES_MAX, + .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, total_nodes)}, + {.name = "cluster-local-node", .id = O_CL_LOCAL_NODE, + .excl = F_CL_LOCAL_NODEMASK, .flags = XTOPT_INVERT, + .type = XTTYPE_UINT32, .min = 1, .max = XT_CLUSTER_NODES_MAX}, + {.name = "cluster-local-nodemask", .id = O_CL_LOCAL_NODEMASK, + .excl = F_CL_LOCAL_NODE, .type = XTTYPE_UINT32, + .min = 1, .max = XT_CLUSTER_NODES_MAX, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, node_mask)}, + {.name = "cluster-hash-seed", .id = O_CL_HASH_SEED, + .type = XTTYPE_UINT32, .flags = XTOPT_MAND | XTOPT_PUT, + XTOPT_POINTER(s, hash_seed)}, + XTOPT_TABLEEND, }; -static int -cluster_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void cluster_parse(struct xt_option_call *cb) { - struct xt_cluster_match_info *info = (void *)(*match)->data; - unsigned int num; + struct xt_cluster_match_info *info = cb->data; - switch (c) { - case CLUSTER_OPT_TOTAL_NODES: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-total-nodes' once"); - } - if (!xtables_strtoui(optarg, NULL, &num, 1, - XT_CLUSTER_NODES_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s' in " - "`--cluster-total-nodes'", optarg); - } - total_nodes = num; - info->total_nodes = total_nodes = num; - *flags |= 1 << c; - break; - case CLUSTER_OPT_LOCAL_NODE: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-local-node' once"); - } - if (*flags & (1 << CLUSTER_OPT_NODE_MASK)) { - xtables_error(PARAMETER_PROBLEM, "You cannot use " - "`--cluster-local-nodemask' and " - "`--cluster-local-node'"); - } - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - if (!xtables_strtoui(optarg, NULL, &num, 1, - XT_CLUSTER_NODES_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s' in " - "`--cluster-local-node'", optarg); - } - if (invert) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_CL_LOCAL_NODE: + if (cb->invert) info->flags |= XT_CLUSTER_F_INV; - - info->node_mask = node_mask = (1 << (num - 1)); - *flags |= 1 << c; + info->node_mask = 1 << (cb->val.u32 - 1); break; - case CLUSTER_OPT_NODE_MASK: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-local-node' once"); - } - if (*flags & (1 << CLUSTER_OPT_LOCAL_NODE)) { - xtables_error(PARAMETER_PROBLEM, "You cannot use " - "`--cluster-local-nodemask' and " - "`--cluster-local-node'"); - } - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - if (!xtables_strtoui(optarg, NULL, &num, 1, - XT_CLUSTER_NODES_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s' in " - "`--cluster-local-node'", optarg); - } - if (invert) + case O_CL_LOCAL_NODEMASK: + if (cb->invert) info->flags |= XT_CLUSTER_F_INV; - - info->node_mask = node_mask = num; - *flags |= 1 << c; - break; - - case CLUSTER_OPT_HASH_SEED: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-hash-seed' once"); - } - if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s'", optarg); - } - info->hash_seed = num; - *flags |= 1 << c; break; } - - return 1; } -static void -cluster_check(unsigned int flags) +static void cluster_check(struct xt_fcheck_call *cb) { - if ((flags & ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_LOCAL_NODE) | - (1 << CLUSTER_OPT_HASH_SEED))) - == ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_LOCAL_NODE) | - (1 << CLUSTER_OPT_HASH_SEED))) { - if (node_mask >= (1ULL << total_nodes)) { + const struct xt_cluster_match_info *info = cb->data; + unsigned int test; + + test = F_CL_TOTAL_NODES | F_CL_LOCAL_NODE | F_CL_HASH_SEED; + if ((cb->xflags & test) == test) { + if (info->node_mask >= (1ULL << info->total_nodes)) xtables_error(PARAMETER_PROBLEM, "cluster match: " "`--cluster-local-node' " "must be <= `--cluster-total-nodes'"); - } return; } - if ((flags & ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_NODE_MASK) | - (1 << CLUSTER_OPT_HASH_SEED))) - == ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_NODE_MASK) | - (1 << CLUSTER_OPT_HASH_SEED))) { - if (node_mask >= (1ULL << total_nodes)) { + + test = F_CL_TOTAL_NODES | F_CL_LOCAL_NODEMASK | F_CL_HASH_SEED; + if ((cb->xflags & test) == test) { + if (info->node_mask >= (1ULL << info->total_nodes)) xtables_error(PARAMETER_PROBLEM, "cluster match: " "`--cluster-local-nodemask' too big " "for `--cluster-total-nodes'"); - } return; } - if (!(flags & (1 << CLUSTER_OPT_TOTAL_NODES))) { - xtables_error(PARAMETER_PROBLEM, - "cluster match: `--cluster-total-nodes' " - "is missing"); - } - if (!(flags & (1 << CLUSTER_OPT_HASH_SEED))) { - xtables_error(PARAMETER_PROBLEM, - "cluster match: `--cluster-hash-seed' " - "is missing"); - } - if (!(flags & ((1 << (CLUSTER_OPT_LOCAL_NODE) | - (1 << (CLUSTER_OPT_NODE_MASK)))))) { + if (!(cb->xflags & (F_CL_LOCAL_NODE | F_CL_LOCAL_NODEMASK))) xtables_error(PARAMETER_PROBLEM, "cluster match: `--cluster-local-node' or" "`--cluster-local-nodemask' is missing"); - } } static void @@ -224,11 +133,11 @@ static struct xtables_match cluster_mt_reg = { .size = XT_ALIGN(sizeof(struct xt_cluster_match_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_cluster_match_info)), .help = cluster_help, - .parse = cluster_parse, - .final_check = cluster_check, .print = cluster_print, .save = cluster_save, - .extra_opts = cluster_opts, + .x6_parse = cluster_parse, + .x6_fcheck = cluster_check, + .x6_options = cluster_opts, }; void _init(void) -- cgit v1.2.3