From 9cfd654314d5718393b847758ded6ef86530e5c6 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Tue, 13 Aug 2002 16:08:08 +0000 Subject: cosmetic improvements and some bugfixes (global description) --- extensions/ebt_arp.c | 92 ++++++++++++++++++++++++--------------------- extensions/ebt_ip.c | 46 +++++++++++------------ extensions/ebt_log.c | 23 +++++------- extensions/ebt_mark.c | 32 +++++----------- extensions/ebt_mark_m.c | 9 ++--- extensions/ebt_nat.c | 40 ++++++-------------- extensions/ebt_redirect.c | 20 ++-------- extensions/ebt_standard.c | 7 ++-- extensions/ebt_vlan.c | 8 ++-- extensions/ebtable_broute.c | 1 - extensions/ebtable_filter.c | 2 - extensions/ebtable_nat.c | 1 - 12 files changed, 117 insertions(+), 164 deletions(-) (limited to 'extensions') diff --git a/extensions/ebt_arp.c b/extensions/ebt_arp.c index 3ff1444..bd6bffe 100644 --- a/extensions/ebt_arp.c +++ b/extensions/ebt_arp.c @@ -1,8 +1,6 @@ #include #include #include -#include -#include #include #include "../include/ebtables_u.h" #include @@ -23,40 +21,38 @@ static struct option opts[] = { 0 } }; +#define NUMOPCODES 9 // a few names static char *opcodes[] = { "Request", "Reply", - "Request Reverse", - "Reply Reverse", - "DRARP Request", - "DRARP Reply", - "DRARP Error", - "InARP Request", - "ARP NAK", - "" + "Request_Reverse", + "Reply_Reverse", + "DRARP_Request", + "DRARP_Reply", + "DRARP_Error", + "InARP_Request", + "ARP_NAK", }; static void print_help() { - int i = 0; + int i; printf( "arp options:\n" "--arp-opcode opcode : ARP opcode (integer or string)\n" "--arp-htype type : ARP hardware type (integer or string)\n" "--arp-ptype type : ARP protocol type (hexadecimal or string)\n" -"--arp-ip-src [!] address[/mask]: ARP ip source specification\n" -"--arp-ip-dst [!] address[/mask]: ARP ip target specification\n" +"--arp-ip-src [!] address[/mask]: ARP IP source specification\n" +"--arp-ip-dst [!] address[/mask]: ARP IP target specification\n" " opcode strings: \n"); - while (strcmp(opcodes[i], "")) { + for (i = 0; i < NUMOPCODES; i++) printf("%d = %s\n", i + 1, opcodes[i]); - i++; - } printf( -" hardware type string: \n 1 = Ethernet\n" -" protocol type string: \n 0x0800 = IPv4\n"); +" hardware type string: 1 = Ethernet\n" +" protocol type string: see /etc/ethertypes\n"); } static void init(struct ebt_entry_match *match) @@ -68,7 +64,7 @@ static void init(struct ebt_entry_match *match) } // defined in ebt_ip.c -void parse_ip_address(char *address, __u32 *addr, __u32 *msk); +void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk); #define OPT_OPCODE 0x01 #define OPT_HTYPE 0x02 @@ -79,10 +75,10 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_match **match) { struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data; - int i; + long int i; char *end; - __u32 *addr; - __u32 *mask; + uint32_t *addr; + uint32_t *mask; switch (c) { case ARP_OPCODE: @@ -91,18 +87,16 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, arpinfo->invflags |= EBT_ARP_OPCODE; if (optind > argc) - print_error("Missing arp opcode argument"); + print_error("Missing ARP opcode argument"); i = strtol(argv[optind - 1], &end, 10); if (i < 0 || i >= (0x1 << 16) || *end !='\0') { - i = 0; - while (strcmp(opcodes[i], "")) { + for (i = 0; i < NUMOPCODES; i++) if (!strcasecmp(opcodes[i], optarg)) break; - i++; - } - if (!strcmp(opcodes[i], "")) + if (i == NUMOPCODES) print_error("Problem with specified " - "arp opcode"); + "ARP opcode"); + i++; } arpinfo->opcode = htons(i); arpinfo->bitmask |= EBT_ARP_OPCODE; @@ -114,13 +108,13 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, arpinfo->invflags |= EBT_ARP_HTYPE; if (optind > argc) - print_error("Missing arp hardware type argument"); + print_error("Missing ARP hardware type argument"); i = strtol(argv[optind - 1], &end, 10); if (i < 0 || i >= (0x1 << 16) || *end !='\0') { if (!strcasecmp("Ethernet", argv[optind - 1])) i = 1; else - print_error("Problem with specified arp " + print_error("Problem with specified ARP " "hardware type"); } arpinfo->htype = htons(i); @@ -128,23 +122,26 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, break; case ARP_PTYPE: + { + uint16_t proto; + check_option(flags, OPT_PTYPE); if (check_inverse(optarg)) arpinfo->invflags |= EBT_ARP_PTYPE; if (optind > argc) - print_error("Missing arp protocol type argument"); + print_error("Missing ARP protocol type argument"); i = strtol(argv[optind - 1], &end, 16); if (i < 0 || i >= (0x1 << 16) || *end !='\0') { - if (!strcasecmp("IPv4", argv[optind - 1])) - i = 0x0800; - else - print_error("Problem with specified arp " + if (name_to_number (argv[optind - 1], &proto) == -1) + print_error("Problem with specified ARP " "protocol type"); - } - arpinfo->ptype = htons(i); + } else + proto = i; + arpinfo->ptype = htons(proto); arpinfo->bitmask |= EBT_ARP_PTYPE; break; + } case ARP_IP_S: case ARP_IP_D: @@ -166,7 +163,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, arpinfo->invflags |= EBT_ARP_DST_IP; } if (optind > argc) - print_error("Missing ip address argument"); + print_error("Missing ARP IP address argument"); parse_ip_address(argv[optind - 1], addr, mask); break; default: @@ -187,18 +184,24 @@ static void final_check(const struct ebt_u_entry *entry, } // defined in the ebt_ip.c -char *mask_to_dotted(__u32 mask); +char *mask_to_dotted(uint32_t mask); + static void print(const struct ebt_u_entry *entry, const struct ebt_entry_match *match) { struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data; int i; + char name[21]; if (arpinfo->bitmask & EBT_ARP_OPCODE) { + int opcode = ntohs(arpinfo->opcode); printf("--arp-op "); if (arpinfo->invflags & EBT_ARP_OPCODE) printf("! "); - printf("%d ", ntohs(arpinfo->opcode)); + if (opcode > 0 && opcode <= NUMOPCODES) + printf("%s ", opcodes[opcode - 1]); + else + printf("%d ", opcode); } if (arpinfo->bitmask & EBT_ARP_HTYPE) { printf("--arp-htype "); @@ -210,7 +213,10 @@ static void print(const struct ebt_u_entry *entry, printf("--arp-ptype "); if (arpinfo->invflags & EBT_ARP_PTYPE) printf("! "); - printf("0x%x ", ntohs(arpinfo->ptype)); + if (number_to_name(ntohs(arpinfo->ptype), name)) + printf("0x%x ", ntohs(arpinfo->ptype)); + else + printf("%s ", name); } if (arpinfo->bitmask & EBT_ARP_SRC_IP) { printf("--arp-ip-src "); @@ -279,7 +285,7 @@ static struct ebt_u_match arp_match = final_check, print, compare, - opts, + opts }; static void _init(void) __attribute__ ((constructor)); diff --git a/extensions/ebt_ip.c b/extensions/ebt_ip.c index 91014e4..4a9c8dc 100644 --- a/extensions/ebt_ip.c +++ b/extensions/ebt_ip.c @@ -1,7 +1,5 @@ #include #include -#include -#include #include #include #include "../include/ebtables_u.h" @@ -28,7 +26,8 @@ static struct option opts[] = static int undot_ip(char *ip, unsigned char *ip2) { char *p, *q, *end; - int onebyte, i; + long int onebyte; + int i; char buf[20]; strncpy(buf, ip, sizeof(buf) - 1); @@ -46,7 +45,7 @@ static int undot_ip(char *ip, unsigned char *ip2) } onebyte = strtol(p, &end, 10); - if (*end != '\0' || onebyte >255 || onebyte < 0) + if (*end != '\0' || onebyte > 255 || onebyte < 0) return -1; ip2[3] = (unsigned char)onebyte; @@ -57,8 +56,8 @@ static int undot_ip(char *ip, unsigned char *ip2) static int ip_mask(char *mask, unsigned char *mask2) { char *end; - int bits; - __u32 mask22; + long int bits; + uint32_t mask22; if (undot_ip(mask, mask2)) { // not the /a.b.c.e format, maybe the /x format @@ -77,39 +76,38 @@ static int ip_mask(char *mask, unsigned char *mask2) } // set the ip mask and ip address -void parse_ip_address(char *address, __u32 *addr, __u32 *msk) +void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk) { char *p; - int i; // first the mask if ((p = strrchr(address, '/')) != NULL) { *p = '\0'; - i = ip_mask(p + 1, (unsigned char *)msk); - if (i) + if (ip_mask(p + 1, (unsigned char *)msk)) print_error("Problem with the ip mask"); } else *msk = 0xFFFFFFFF; - i = undot_ip(address, (unsigned char *)addr); - if (i) + if (undot_ip(address, (unsigned char *)addr)) print_error("Problem with the ip address"); *addr = *addr & *msk; } // transform the ip mask into a string ready for output -char *mask_to_dotted(__u32 mask) +char *mask_to_dotted(uint32_t mask) { int i; static char buf[20]; - __u32 maskaddr, bits; + uint32_t maskaddr, bits; maskaddr = ntohl(mask); // don't print /32 - if (mask == 0xFFFFFFFFL) - return ""; + if (mask == 0xFFFFFFFFL) { + *buf = '\0'; + return buf; + } i = 32; bits = 0xFFFFFFFEL; // case 0xFFFFFFFF has just been dealt with @@ -156,7 +154,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, { struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)(*match)->data; char *end; - int i; + long int i; switch (c) { case IP_SOURCE: @@ -176,7 +174,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, } if (optind > argc) - print_error("Missing ip address argument"); + print_error("Missing IP address argument"); if (c == IP_SOURCE) parse_ip_address(argv[optind - 1], &ipinfo->saddr, &ipinfo->smsk); @@ -191,10 +189,10 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, ipinfo->invflags |= EBT_IP_TOS; if (optind > argc) - print_error("Missing ip tos argument"); + print_error("Missing IP tos argument"); i = strtol(argv[optind - 1], &end, 16); if (i < 0 || i > 255 || *end != '\0') - print_error("Problem with specified ip tos"); + print_error("Problem with specified IP tos"); ipinfo->tos = i; ipinfo->bitmask |= EBT_IP_TOS; break; @@ -204,10 +202,10 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, if (check_inverse(optarg)) ipinfo->invflags |= EBT_IP_PROTO; if (optind > argc) - print_error("Missing ip protocol argument"); + print_error("Missing IP protocol argument"); i = strtol(argv[optind - 1], &end, 10); if (i < 0 || i > 255 || *end != '\0') - print_error("Problem with specified ip protocol"); + print_error("Problem with specified IP protocol"); ipinfo->protocol = i; ipinfo->bitmask |= EBT_IP_PROTO; break; @@ -259,7 +257,7 @@ static void print(const struct ebt_u_entry *entry, } if (ipinfo->bitmask & EBT_IP_PROTO) { printf("--ip-proto "); - if (ipinfo->invflags & EBT_IP_DEST) + if (ipinfo->invflags & EBT_IP_PROTO) printf("! "); printf("%d ", ipinfo->protocol); } @@ -308,7 +306,7 @@ static struct ebt_u_match ip_match = final_check, print, compare, - opts, + opts }; static void _init(void) __attribute((constructor)); diff --git a/extensions/ebt_log.c b/extensions/ebt_log.c index b6e62eb..4232bed 100644 --- a/extensions/ebt_log.c +++ b/extensions/ebt_log.c @@ -1,7 +1,6 @@ #include #include #include -#include #include #include "../include/ebtables_u.h" #include @@ -16,11 +15,12 @@ #define LOG_NOTICE 5 // normal but significant condition #define LOG_INFO 6 // informational #define LOG_DEBUG 7 // debug-level messages + #define LOG_DEFAULT_LEVEL LOG_INFO typedef struct _code { - char *c_name; - int c_val; + char *c_name; + int c_val; } CODE; static CODE eight_priority[] = { @@ -31,20 +31,16 @@ static CODE eight_priority[] = { { "warning", LOG_WARNING }, { "notice", LOG_NOTICE }, { "info", LOG_INFO }, - { "debug", LOG_DEBUG }, - { NULL, -1 } + { "debug", LOG_DEBUG } }; static int name_to_loglevel(char* arg) { - int i = 0, c_val = eight_priority[0].c_val; + int i; - while (c_val != -1) { + for (i = 0; i < 8; i++) if (!strcmp(arg, eight_priority[i].c_name)) - return c_val; - i++; - c_val = eight_priority[i].c_val; - } + return eight_priority[i].c_val; // return bad loglevel return 9; } @@ -100,7 +96,7 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_watcher **watcher) { struct ebt_log_info *loginfo = (struct ebt_log_info *)(*watcher)->data; - int i; + long int i; char *end; switch (c) { @@ -186,10 +182,9 @@ static struct ebt_u_watcher log_watcher = final_check, print, compare, - opts, + opts }; -#undef _init static void _init(void) __attribute__ ((constructor)); static void _init(void) { diff --git a/extensions/ebt_mark.c b/extensions/ebt_mark.c index d3c0cd3..0514254 100644 --- a/extensions/ebt_mark.c +++ b/extensions/ebt_mark.c @@ -1,21 +1,17 @@ #include #include #include -#include -#include #include #include "../include/ebtables_u.h" #include -extern char *standard_targets[NUM_STANDARD_TARGETS]; +static int mark_supplied; -int mark_supplied; - -#define MARK_TARGET '1' +#define MARK_TARGET '1' #define MARK_SETMARK '2' static struct option opts[] = { - { "mark-target" , required_argument, 0, MARK_TARGET }, + { "mark-target" , required_argument, 0, MARK_TARGET }, { "set-mark" , required_argument, 0, MARK_SETMARK }, { 0 } }; @@ -24,8 +20,8 @@ static void print_help() { printf( "mark target options:\n" - " --set-mark value : Set nfmark value\n" - " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n"); + " --set-mark value : Set nfmark value\n" + " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n"); } static void init(struct ebt_entry_target *target) @@ -36,16 +32,14 @@ static void init(struct ebt_entry_target *target) markinfo->target = EBT_ACCEPT; markinfo->mark = 0; mark_supplied = 0; - return; } -#define OPT_MARK_TARGET 0x01 +#define OPT_MARK_TARGET 0x01 #define OPT_MARK_SETMARK 0x02 static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_mark_t_info *markinfo = (struct ebt_mark_t_info *)(*target)->data; char *end; @@ -53,12 +47,7 @@ static int parse(int c, char **argv, int argc, switch (c) { case MARK_TARGET: check_option(flags, OPT_MARK_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - markinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, markinfo->target)) print_error("Illegal --mark-target target"); break; case MARK_SETMARK: @@ -83,7 +72,7 @@ static void final_check(const struct ebt_u_entry *entry, if (time == 0 && mark_supplied == 0) print_error("No mark value supplied"); - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && markinfo->target == EBT_RETURN) + if (BASE_CHAIN && markinfo->target == EBT_RETURN) print_error("--mark-target RETURN not allowed on base chain"); } @@ -96,8 +85,7 @@ static void print(const struct ebt_u_entry *entry, printf("--set-mark 0x%lx", markinfo->mark); if (markinfo->target == EBT_ACCEPT) return; - printf(" --mark-target %s", - standard_targets[-markinfo->target - 1]); + printf(" --mark-target %s", TARGET_NAME(markinfo->target)); } static int compare(const struct ebt_entry_target *t1, @@ -122,7 +110,7 @@ static struct ebt_u_target mark_target = final_check, print, compare, - opts, + opts }; static void _init(void) __attribute__ ((constructor)); diff --git a/extensions/ebt_mark_m.c b/extensions/ebt_mark_m.c index 5029738..9ecb07e 100644 --- a/extensions/ebt_mark_m.c +++ b/extensions/ebt_mark_m.c @@ -1,6 +1,5 @@ #include #include -#include #include #include #include "../include/ebtables_u.h" @@ -25,9 +24,9 @@ static void init(struct ebt_entry_match *match) { struct ebt_mark_m_info *markinfo = (struct ebt_mark_m_info *)match->data; - markinfo->mark = 0; - markinfo->mask = 0; - markinfo->invert = 0; + markinfo->mark = 0; + markinfo->mask = 0; + markinfo->invert = 0; markinfo->bitmask = 0; } @@ -113,7 +112,7 @@ static struct ebt_u_match mark_match = final_check, print, compare, - opts, + opts }; static void _init(void) __attribute((constructor)); diff --git a/extensions/ebt_nat.c b/extensions/ebt_nat.c index 25b12ca..d3ed74d 100644 --- a/extensions/ebt_nat.c +++ b/extensions/ebt_nat.c @@ -1,16 +1,12 @@ #include #include #include -#include -#include #include #include #include "../include/ebtables_u.h" #include -extern char *standard_targets[NUM_STANDARD_TARGETS]; - -int to_source_supplied, to_dest_supplied; +static int to_source_supplied, to_dest_supplied; #define NAT_S '1' #define NAT_D '1' @@ -20,7 +16,7 @@ static struct option opts_s[] = { { "to-source" , required_argument, 0, NAT_S }, { "to-src" , required_argument, 0, NAT_S }, - { "snat-target" , required_argument, 0, NAT_S_TARGET }, + { "snat-target" , required_argument, 0, NAT_S_TARGET }, { 0 } }; @@ -28,7 +24,7 @@ static struct option opts_d[] = { { "to-destination", required_argument, 0, NAT_D }, { "to-dst" , required_argument, 0, NAT_D }, - { "dnat-target" , required_argument, 0, NAT_D_TARGET }, + { "dnat-target" , required_argument, 0, NAT_D_TARGET }, { 0 } }; @@ -72,7 +68,6 @@ static int parse_s(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; struct ether_addr *addr; @@ -86,12 +81,7 @@ static int parse_s(int c, char **argv, int argc, break; case NAT_S_TARGET: check_option(flags, OPT_SNAT_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - natinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, natinfo->target)) print_error("Illegal --snat-target target"); break; default: @@ -106,7 +96,6 @@ static int parse_d(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_nat_info *natinfo = (struct ebt_nat_info *)(*target)->data; struct ether_addr *addr; @@ -121,12 +110,7 @@ static int parse_d(int c, char **argv, int argc, break; case NAT_D_TARGET: check_option(flags, OPT_DNAT_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - natinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, natinfo->target)) print_error("Illegal --dnat-target target"); break; default: @@ -141,10 +125,10 @@ static void final_check_s(const struct ebt_u_entry *entry, { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && natinfo->target == EBT_RETURN) + if (BASE_CHAIN && natinfo->target == EBT_RETURN) print_error("--snat-target RETURN not allowed on base chain"); - hook_mask &= ~(1 << NF_BR_NUMHOOKS); - if (!(hook_mask & (1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) + CLEAR_BASE_CHAIN_BIT; + if ((hook_mask & ~(1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) print_error("Wrong chain for snat"); if (time == 0 && to_source_supplied == 0) print_error("No snat address supplied"); @@ -156,9 +140,9 @@ static void final_check_d(const struct ebt_u_entry *entry, { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && natinfo->target == EBT_RETURN) + if (BASE_CHAIN && natinfo->target == EBT_RETURN) print_error("--dnat-target RETURN not allowed on base chain"); - hook_mask &= ~(1 << NF_BR_NUMHOOKS); + CLEAR_BASE_CHAIN_BIT; if (((hook_mask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT))) || strcmp(name, "nat")) && ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) @@ -174,7 +158,7 @@ static void print_s(const struct ebt_u_entry *entry, printf("--to-src "); printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); - printf(" --snat-target %s", standard_targets[-natinfo->target - 1]); + printf(" --snat-target %s", TARGET_NAME(natinfo->target)); } static void print_d(const struct ebt_u_entry *entry, @@ -184,7 +168,7 @@ static void print_d(const struct ebt_u_entry *entry, printf("--to-dst "); printf("%s", ether_ntoa((struct ether_addr *)natinfo->mac)); - printf(" --dnat-target %s", standard_targets[-natinfo->target - 1]); + printf(" --dnat-target %s", TARGET_NAME(natinfo->target)); } static int compare(const struct ebt_entry_target *t1, diff --git a/extensions/ebt_redirect.c b/extensions/ebt_redirect.c index 6e07d06..436158e 100644 --- a/extensions/ebt_redirect.c +++ b/extensions/ebt_redirect.c @@ -1,14 +1,10 @@ #include #include #include -#include -#include #include #include "../include/ebtables_u.h" #include -extern char *standard_targets[NUM_STANDARD_TARGETS]; - #define REDIRECT_TARGET '1' static struct option opts[] = { @@ -37,19 +33,13 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_target **target) { - int i; struct ebt_redirect_info *redirectinfo = (struct ebt_redirect_info *)(*target)->data; switch (c) { case REDIRECT_TARGET: check_option(flags, OPT_REDIRECT_TARGET); - for (i = 0; i < NUM_STANDARD_TARGETS; i++) - if (!strcmp(optarg, standard_targets[i])) { - redirectinfo->target = -i - 1; - break; - } - if (i == NUM_STANDARD_TARGETS) + if (FILL_TARGET(optarg, redirectinfo->target)) print_error("Illegal --redirect-target target"); break; default: @@ -65,10 +55,9 @@ static void final_check(const struct ebt_u_entry *entry, struct ebt_redirect_info *redirectinfo = (struct ebt_redirect_info *)target->data; - if ((hook_mask & (1 << NF_BR_NUMHOOKS)) && - redirectinfo->target == EBT_RETURN) + if (BASE_CHAIN && redirectinfo->target == EBT_RETURN) print_error("--redirect-target RETURN not allowed on base chain"); - hook_mask &= ~(1 << NF_BR_NUMHOOKS); + CLEAR_BASE_CHAIN_BIT; if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) && ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) ) print_error("Wrong chain for redirect"); @@ -82,8 +71,7 @@ static void print(const struct ebt_u_entry *entry, if (redirectinfo->target == EBT_ACCEPT) return; - printf(" --redirect-target %s", - standard_targets[-redirectinfo->target - 1]); + printf(" --redirect-target %s", TARGET_NAME(redirectinfo->target)); } static int compare(const struct ebt_entry_target *t1, diff --git a/extensions/ebt_standard.c b/extensions/ebt_standard.c index 95e00a5..01f5b8c 100644 --- a/extensions/ebt_standard.c +++ b/extensions/ebt_standard.c @@ -1,6 +1,5 @@ #include #include -#include #include #include "../include/ebtables_u.h" @@ -11,7 +10,8 @@ static struct option opts[] = static void print_help() { - printf("Standard targets: DROP, ACCEPT and CONTINUE\n"); + printf("Standard targets: DROP, ACCEPT, RETURN or CONTINUE;\n" + "The target can also be a user defined chain.\n"); } static void init(struct ebt_entry_target *t) @@ -32,6 +32,7 @@ static void final_check(const struct ebt_u_entry *entry, } struct ebt_u_entries *nr_to_chain(int nr); + static void print(const struct ebt_u_entry *entry, const struct ebt_entry_target *target) { @@ -53,7 +54,7 @@ static void print(const struct ebt_u_entry *entry, else if (verdict == EBT_RETURN) printf("RETURN "); else - print_error("BUG: Bad standard target"); // this is a bug + print_bug("Bad standard target"); } static int compare(const struct ebt_entry_target *t1, diff --git a/extensions/ebt_vlan.c b/extensions/ebt_vlan.c index 148cd87..51f9768 100644 --- a/extensions/ebt_vlan.c +++ b/extensions/ebt_vlan.c @@ -32,8 +32,6 @@ #include #include -#include -#include #include #include #include "../include/ebtables_u.h" @@ -106,7 +104,7 @@ parse (int c, (struct ebt_vlan_info *) (*match)->data; unsigned long i; char *end; - __u16 encap; + uint16_t encap; switch (c) { case VLAN_ID: /* @@ -128,7 +126,7 @@ parse (int c, /* * Convert argv to long int, * set *end to end of argv string, - * base set 10 for decimal only + * base set 10 for decimal only */ (unsigned short) i = strtol (argv[optind - 1], &end, 10); /* @@ -335,7 +333,7 @@ static struct ebt_u_match vlan_match = { final_check, print, compare, - opts, + opts }; static void _init (void) __attribute__ ((constructor)); diff --git a/extensions/ebtable_broute.c b/extensions/ebtable_broute.c index a6a5c61..8549e5b 100644 --- a/extensions/ebtable_broute.c +++ b/extensions/ebtable_broute.c @@ -1,5 +1,4 @@ #include -#include #include "../include/ebtables_u.h" diff --git a/extensions/ebtable_filter.c b/extensions/ebtable_filter.c index cf26983..22915a7 100644 --- a/extensions/ebtable_filter.c +++ b/extensions/ebtable_filter.c @@ -1,6 +1,4 @@ #include -#include -#include #include "../include/ebtables_u.h" #define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \ diff --git a/extensions/ebtable_nat.c b/extensions/ebtable_nat.c index 4b4ca48..b811c32 100644 --- a/extensions/ebtable_nat.c +++ b/extensions/ebtable_nat.c @@ -1,5 +1,4 @@ #include -#include #include "../include/ebtables_u.h" #define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \ -- cgit v1.2.3