summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-09-18 13:01:05 +0200
committerHarald Welte <laforge@gnumonks.org>2009-10-25 11:07:35 +0100
commit648a7bafa7acc33d986f113275a20199a6ad2aaa (patch)
tree279343bd8c447e0679eeefc59daf77aade5bc84a
parenta10a12afee2083d240a304ceac7f3d9902a6f60a (diff)
iprange: warn on reverse range
-rw-r--r--extensions/libxt_iprange.c51
1 files changed, 29 insertions, 22 deletions
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index fc9abbb5..c5857669 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -30,51 +30,58 @@ static const struct option iprange_mt_opts[] = {
{ .name = NULL }
};
-static void iprange_parse_range(char *arg, union nf_inet_addr *range,
- u_int8_t family, const char *optname)
+static void
+iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range,
+ uint8_t family, const char *optname)
{
struct in6_addr *ia6;
struct in_addr *ia4;
- char *dash;
memset(range, 0, sizeof(union nf_inet_addr) * 2);
- dash = strchr(arg, '-');
- if (dash != NULL)
- *dash = '\0';
if (family == NFPROTO_IPV6) {
- ia6 = xtables_numeric_to_ip6addr(arg);
+ ia6 = xtables_numeric_to_ip6addr(from);
if (ia6 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
- optname, arg);
+ optname, from);
range[0].in6 = *ia6;
- if (dash == NULL) {
- range[1] = range[0];
- return;
- }
- ia6 = xtables_numeric_to_ip6addr(dash + 1);
+ ia6 = xtables_numeric_to_ip6addr(to);
if (ia6 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
- optname, dash + 1);
+ optname, to);
range[1].in6 = *ia6;
} else {
- ia4 = xtables_numeric_to_ipaddr(arg);
+ ia4 = xtables_numeric_to_ipaddr(from);
if (ia4 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
- optname, arg);
+ optname, from);
range[0].in = *ia4;
- if (dash == NULL) {
- range[1] = range[0];
- return;
- }
- ia4 = xtables_numeric_to_ipaddr(dash + 1);
+ ia4 = xtables_numeric_to_ipaddr(to);
if (ia4 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
- optname, dash + 1);
+ optname, to);
range[1].in = *ia4;
}
}
+static void iprange_parse_range(char *arg, union nf_inet_addr *range,
+ u_int8_t family, const char *optname)
+{
+ char *dash;
+
+ dash = strchr(arg, '-');
+ if (dash == NULL) {
+ iprange_parse_spec(arg, arg, range, family, optname);
+ return;
+ }
+
+ *dash = '\0';
+ iprange_parse_spec(arg, dash + 1, range, family, optname);
+ if (memcmp(&range[0], &range[1], sizeof(*range)) > 0)
+ fprintf(stderr, "xt_iprange: range %s-%s is reversed and "
+ "will never match\n", arg, dash + 1);
+}
+
static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{