From 3ff8549795a48dfb420678cebc5398b0ecba0bd6 Mon Sep 17 00:00:00 2001 From: laforge Date: Tue, 7 May 2002 14:41:43 +0000 Subject: remove '-C' check function; add check for chain names starting with '-' to -N command. --- iptables.c | 70 +++++++------------------------------------------------------- 1 file changed, 7 insertions(+), 63 deletions(-) diff --git a/iptables.c b/iptables.c index 66f41a6..f3dae23 100644 --- a/iptables.c +++ b/iptables.c @@ -79,7 +79,7 @@ #define CMD_RENAME_CHAIN 0x1000U #define NUMBER_OF_CMD 13 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'C', 'E' }; + 'N', 'X', 'P', 'E' }; #define OPTION_OFFSET 256 @@ -108,7 +108,6 @@ static struct option original_opts[] = { { "list", 2, 0, 'L' }, { "flush", 2, 0, 'F' }, { "zero", 2, 0, 'Z' }, - { "check", 1, 0, 'C' }, { "new-chain", 1, 0, 'N' }, { "delete-chain", 2, 0, 'X' }, { "rename-chain", 2, 0, 'E' }, @@ -362,7 +361,6 @@ exit_printhelp(void) " --list -L [chain] List the rules in a chain or all chains\n" " --flush -F [chain] Delete all rules in chain or all chains\n" " --zero -Z [chain] Zero counters in chain or all chains\n" -" --check -C chain Test this packet on chain\n" " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" @@ -1418,35 +1416,6 @@ delete_entry(const ipt_chainlabel chain, return ret; } -static int -check_packet(const ipt_chainlabel chain, - struct ipt_entry *fw, - unsigned int nsaddrs, - const struct in_addr saddrs[], - unsigned int ndaddrs, - const struct in_addr daddrs[], - int verbose, - iptc_handle_t *handle) -{ - int ret = 1; - unsigned int i, j; - const char *msg; - - for (i = 0; i < nsaddrs; i++) { - fw->ip.src.s_addr = saddrs[i].s_addr; - for (j = 0; j < ndaddrs; j++) { - fw->ip.dst.s_addr = daddrs[j].s_addr; - if (verbose) - print_firewall_line(fw, *handle); - msg = iptc_check_packet(chain, fw, handle); - if (!msg) ret = 0; - else printf("%s\n", msg); - } - } - - return ret; -} - int for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *), int verbose, int builtinstoo, iptc_handle_t *handle) @@ -1736,12 +1705,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) } break; - case 'C': - add_command(&command, CMD_CHECK, CMD_NONE, - invert); - chain = optarg; - break; - case 'R': add_command(&command, CMD_REPLACE, CMD_NONE, invert); @@ -1793,6 +1756,10 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) break; case 'N': + if (optarg && *optarg == '-') + exit_error(PARAMETER_PROBLEM, + "chain name not allowed to start " + "with `-'\n"); add_command(&command, CMD_NEW_CHAIN, CMD_NONE, invert); chain = optarg; @@ -2103,8 +2070,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) exit_error(PARAMETER_PROBLEM, "nothing appropriate following !"); - if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | - CMD_CHECK)) { + if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) { if (!(options & OPT_DESTINATION)) dhostnetworkmask = "0.0.0.0/0"; if (!(options & OPT_SOURCE)) @@ -2124,10 +2090,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) exit_error(PARAMETER_PROBLEM, "! not allowed with multiple" " source or destination IP addresses"); - if (command == CMD_CHECK && fw.ip.invflags != 0) - exit_error(PARAMETER_PROBLEM, "! not allowed with -%c", - cmd2char(CMD_CHECK)); - if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1)) exit_error(PARAMETER_PROBLEM, "Replacement rule does not " "specify a unique address"); @@ -2154,8 +2116,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) "can't initialize iptables table `%s': %s", *table, iptc_strerror(errno)); - if (command == CMD_CHECK - || command == CMD_APPEND + if (command == CMD_APPEND || command == CMD_DELETE || command == CMD_INSERT || command == CMD_REPLACE) { @@ -2167,12 +2128,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) "Can't use -%c with %s\n", opt2char(OPT_VIANAMEOUT), chain); - /* -i required with -C */ - if (command == CMD_CHECK && !(options & OPT_VIANAMEIN)) - exit_error(PARAMETER_PROBLEM, - "Need -%c with %s\n", - opt2char(OPT_VIANAMEIN), - chain); } if (strcmp(chain, "POSTROUTING") == 0 @@ -2183,12 +2138,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) "Can't use -%c with %s\n", opt2char(OPT_VIANAMEIN), chain); - /* -o required with -C */ - if (command == CMD_CHECK && !(options&OPT_VIANAMEOUT)) - exit_error(PARAMETER_PROBLEM, - "Need -%c with %s\n", - opt2char(OPT_VIANAMEOUT), - chain); } if (target && iptc_is_chain(jumpto, *handle)) { @@ -2234,11 +2183,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) options&OPT_VERBOSE, handle); break; - case CMD_CHECK: - ret = check_packet(chain, e, - nsaddrs, saddrs, ndaddrs, daddrs, - options&OPT_VERBOSE, handle); - break; case CMD_DELETE: ret = delete_entry(chain, e, nsaddrs, saddrs, ndaddrs, daddrs, -- cgit v1.2.3