diff options
| author | Patrick McHardy <kaber@trash.net> | 2011-05-09 11:26:32 +0200 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-05-09 11:26:32 +0200 |
| commit | edc2b1adf32d2b11e126174f525293b3bca6e7bc (patch) | |
| tree | 6d386bcbd9717b9d78005899b462690463bd4ecf /extensions | |
| parent | 26ed9ea93564bb5ffdb5238eaa202cd9bcf6d6d1 (diff) | |
| parent | 753bbed383cde1c18e05b5b726b6c28afbde3a3c (diff) | |
Merge branch 'opts' of git://dev.medozas.de/iptables
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libxt_TEE.c | 103 | ||||
| -rw-r--r-- | extensions/libxt_TOS.c | 137 | ||||
| -rw-r--r-- | extensions/libxt_dccp.c | 134 | ||||
| -rw-r--r-- | extensions/libxt_tos.c | 88 | ||||
| -rw-r--r-- | extensions/libxt_udp.c | 95 | ||||
| -rw-r--r-- | extensions/tos_values.c | 58 |
6 files changed, 174 insertions, 441 deletions
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c index 00a4de67..fd9a1b23 100644 --- a/extensions/libxt_TEE.c +++ b/extensions/libxt_TEE.c @@ -25,15 +25,19 @@ #include <linux/netfilter/xt_TEE.h> enum { - FLAG_GATEWAY = 1 << 0, - FLAG_OIF = 1 << 1, + O_GATEWAY = 0, + O_OIF, }; -static const struct option tee_tg_opts[] = { - {.name = "gateway", .has_arg = true, .val = 'g'}, - {.name = "oif", .has_arg = true, .val = 'o'}, - {NULL}, +#define s struct xt_tee_tginfo +static const struct xt_option_entry tee_tg_opts[] = { + {.name = "gateway", .id = O_GATEWAY, .type = XTTYPE_ONEHOST, + .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, gw)}, + {.name = "oif", .id = O_OIF, .type = XTTYPE_STRING, + .flags = XTOPT_PUT, XTOPT_POINTER(s, oif)}, + XTOPT_TABLEEND, }; +#undef s static void tee_tg_help(void) { @@ -44,83 +48,6 @@ static void tee_tg_help(void) "\n"); } -static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) -{ - struct xt_tee_tginfo *info = (void *)(*target)->data; - const struct in_addr *ia; - - switch (c) { - case 'g': - if (*flags & FLAG_GATEWAY) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --gateway more than once"); - - ia = xtables_numeric_to_ipaddr(optarg); - if (ia == NULL) - xtables_error(PARAMETER_PROBLEM, - "Invalid IP address %s", optarg); - - memcpy(&info->gw, ia, sizeof(*ia)); - *flags |= FLAG_GATEWAY; - return true; - case 'o': - if (*flags & FLAG_OIF) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --oif more than once"); - if (strlen(optarg) >= sizeof(info->oif)) - xtables_error(PARAMETER_PROBLEM, - "oif name too long"); - strcpy(info->oif, optarg); - *flags |= FLAG_OIF; - return true; - } - - return false; -} - -static int tee_tg6_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) -{ - struct xt_tee_tginfo *info = (void *)(*target)->data; - const struct in6_addr *ia; - - switch (c) { - case 'g': - if (*flags & FLAG_GATEWAY) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --gateway more than once"); - - ia = xtables_numeric_to_ip6addr(optarg); - if (ia == NULL) - xtables_error(PARAMETER_PROBLEM, - "Invalid IP address %s", optarg); - - memcpy(&info->gw, ia, sizeof(*ia)); - *flags |= FLAG_GATEWAY; - return true; - case 'o': - if (*flags & FLAG_OIF) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --oif more than once"); - if (strlen(optarg) >= sizeof(info->oif)) - xtables_error(PARAMETER_PROBLEM, - "oif name too long"); - strcpy(info->oif, optarg); - *flags |= FLAG_OIF; - return true; - } - - return false; -} - -static void tee_tg_check(unsigned int flags) -{ - if (flags == 0) - xtables_error(PARAMETER_PROBLEM, "TEE target: " - "--gateway parameter required"); -} - static void tee_tg_print(const void *ip, const struct xt_entry_target *target, int numeric) { @@ -173,11 +100,10 @@ static struct xtables_target tee_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)), .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)), .help = tee_tg_help, - .parse = tee_tg_parse, - .final_check = tee_tg_check, .print = tee_tg_print, .save = tee_tg_save, - .extra_opts = tee_tg_opts, + .x6_parse = xtables_option_parse, + .x6_options = tee_tg_opts, }; static struct xtables_target tee_tg6_reg = { @@ -188,11 +114,10 @@ static struct xtables_target tee_tg6_reg = { .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)), .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)), .help = tee_tg_help, - .parse = tee_tg6_parse, - .final_check = tee_tg_check, .print = tee_tg6_print, .save = tee_tg6_save, - .extra_opts = tee_tg_opts, + .x6_parse = xtables_option_parse, + .x6_options = tee_tg_opts, }; void _init(void) diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index 58ff2fc7..cef58765 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -2,7 +2,7 @@ * Shared library add-on to iptables to add TOS target support * * Copyright © CC Computer Consultants GmbH, 2007 - * Contact: Jan Engelhardt <jengelh@computergmbh.de> + * Contact: Jan Engelhardt <jengelh@medozas.de> */ #include <getopt.h> #include <stdbool.h> @@ -20,20 +20,33 @@ struct ipt_tos_target_info { }; enum { - FLAG_TOS = 1 << 0, + O_SET_TOS = 0, + O_AND_TOS, + O_OR_TOS, + O_XOR_TOS, + F_SET_TOS = 1 << O_SET_TOS, + F_AND_TOS = 1 << O_AND_TOS, + F_OR_TOS = 1 << O_OR_TOS, + F_XOR_TOS = 1 << O_XOR_TOS, + F_ANY = F_SET_TOS | F_AND_TOS | F_OR_TOS | F_XOR_TOS, }; -static const struct option tos_tg_opts_v0[] = { - {.name = "set-tos", .has_arg = true, .val = '='}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry tos_tg_opts_v0[] = { + {.name = "set-tos", .id = O_SET_TOS, .type = XTTYPE_TOSMASK, + .excl = F_ANY, .max = 0xFF}, + XTOPT_TABLEEND, }; -static const struct option tos_tg_opts[] = { - {.name = "set-tos", .has_arg = true, .val = '='}, - {.name = "and-tos", .has_arg = true, .val = '&'}, - {.name = "or-tos", .has_arg = true, .val = '|'}, - {.name = "xor-tos", .has_arg = true, .val = '^'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry tos_tg_opts[] = { + {.name = "set-tos", .id = O_SET_TOS, .type = XTTYPE_TOSMASK, + .excl = F_ANY, .max = 0x3F}, + {.name = "and-tos", .id = O_AND_TOS, .type = XTTYPE_UINT8, + .excl = F_ANY}, + {.name = "or-tos", .id = O_OR_TOS, .type = XTTYPE_UINT8, + .excl = F_ANY}, + {.name = "xor-tos", .id = O_XOR_TOS, .type = XTTYPE_UINT8, + .excl = F_ANY}, + XTOPT_TABLEEND, }; static void tos_tg_help_v0(void) @@ -78,84 +91,48 @@ XTABLES_VERSION); ); } -static int tos_tg_parse_v0(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void tos_tg_parse_v0(struct xt_option_call *cb) { - struct ipt_tos_target_info *info = (void *)(*target)->data; - struct tos_value_mask tvm; - - switch (c) { - case '=': - xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); - xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert); - if (!tos_parse_symbolic(optarg, &tvm, 0xFF)) - xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg); - if (tvm.mask != 0xFF) - xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel " - "is too old to support anything besides " - "/0xFF as a mask."); - info->tos = tvm.value; - *flags |= FLAG_TOS; - return true; - } - - return false; + struct ipt_tos_target_info *info = cb->data; + + xtables_option_parse(cb); + if (cb->val.tos_mask != 0xFF) + xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel " + "is too old to support anything besides " + "/0xFF as a mask."); + info->tos = cb->val.tos_value; } -static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void tos_tg_parse(struct xt_option_call *cb) { - struct xt_tos_target_info *info = (void *)(*target)->data; - struct tos_value_mask tvm; - unsigned int bits; - - switch (c) { - case '=': /* --set-tos */ - xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); - xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert); - if (!tos_parse_symbolic(optarg, &tvm, 0x3F)) - xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg); - info->tos_value = tvm.value; - info->tos_mask = tvm.mask; - break; + struct xt_tos_target_info *info = cb->data; - case '&': /* --and-tos */ - xtables_param_act(XTF_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); - xtables_param_act(XTF_NO_INVERT, "TOS", "--and-tos", invert); - if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) - xtables_param_act(XTF_BAD_VALUE, "TOS", "--and-tos", optarg); + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SET_TOS: + info->tos_value = cb->val.tos_value; + info->tos_mask = cb->val.tos_mask; + break; + case O_AND_TOS: info->tos_value = 0; - info->tos_mask = ~bits; + info->tos_mask = ~cb->val.u8; break; - - case '|': /* --or-tos */ - xtables_param_act(XTF_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); - xtables_param_act(XTF_NO_INVERT, "TOS", "--or-tos", invert); - if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) - xtables_param_act(XTF_BAD_VALUE, "TOS", "--or-tos", optarg); - info->tos_value = bits; - info->tos_mask = bits; + case O_OR_TOS: + info->tos_value = cb->val.u8; + info->tos_mask = cb->val.u8; break; - - case '^': /* --xor-tos */ - xtables_param_act(XTF_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); - xtables_param_act(XTF_NO_INVERT, "TOS", "--xor-tos", invert); - if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) - xtables_param_act(XTF_BAD_VALUE, "TOS", "--xor-tos", optarg); - info->tos_value = bits; + case O_XOR_TOS: + info->tos_value = cb->val.u8; info->tos_mask = 0; break; } - - *flags |= FLAG_TOS; - return true; } -static void tos_tg_check(unsigned int flags) +static void tos_tg_check(struct xt_fcheck_call *cb) { - if (flags == 0) + if (!(cb->xflags & F_ANY)) xtables_error(PARAMETER_PROBLEM, - "TOS: The --set-tos parameter is required"); + "TOS: An action is required"); } static void tos_tg_print_v0(const void *ip, @@ -215,11 +192,11 @@ static struct xtables_target tos_tg_reg[] = { .size = XT_ALIGN(sizeof(struct xt_tos_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)), .help = tos_tg_help_v0, - .parse = tos_tg_parse_v0, - .final_check = tos_tg_check, .print = tos_tg_print_v0, .save = tos_tg_save_v0, - .extra_opts = tos_tg_opts_v0, + .x6_parse = tos_tg_parse_v0, + .x6_fcheck = tos_tg_check, + .x6_options = tos_tg_opts_v0, }, { .version = XTABLES_VERSION, @@ -229,11 +206,11 @@ static struct xtables_target tos_tg_reg[] = { .size = XT_ALIGN(sizeof(struct xt_tos_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)), .help = tos_tg_help, - .parse = tos_tg_parse, - .final_check = tos_tg_check, .print = tos_tg_print, .save = tos_tg_save, - .extra_opts = tos_tg_opts, + .x6_parse = tos_tg_parse, + .x6_fcheck = tos_tg_check, + .x6_options = tos_tg_opts, }, }; diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index ee8e0095..5aff262a 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -5,15 +5,12 @@ * This program is distributed under the terms of GNU GPL v2, 1991 * */ -#include <stdbool.h> +#include <stdint.h> #include <stdio.h> #include <string.h> #include <stdlib.h> -#include <getopt.h> #include <netdb.h> -#include <ctype.h> - -#include <netinet/in.h> +#include <arpa/inet.h> #include <xtables.h> #include <linux/dccp.h> #include <linux/netfilter/x_tables.h> @@ -26,6 +23,13 @@ #define DEBUGP(format, fist...) #endif +enum { + O_SOURCE_PORT = 0, + O_DEST_PORT, + O_DCCP_TYPES, + O_DCCP_OPTION, +}; + static void dccp_help(void) { printf( @@ -36,41 +40,23 @@ static void dccp_help(void) " --dport ...\n"); } -static const struct option dccp_opts[] = { - {.name = "source-port", .has_arg = true, .val = '1'}, - {.name = "sport", .has_arg = true, .val = '1'}, - {.name = "destination-port", .has_arg = true, .val = '2'}, - {.name = "dport", .has_arg = true, .val = '2'}, - {.name = "dccp-types", .has_arg = true, .val = '3'}, - {.name = "dccp-option", .has_arg = true, .val = '4'}, - XT_GETOPT_TABLEEND, +#define s struct xt_dccp_info +static const struct xt_option_entry dccp_opts[] = { + {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)}, + {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)}, + {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)}, + {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)}, + {.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING}, + {.name = "dccp-option", .id = O_DCCP_OPTION, .type = XTTYPE_UINT8, + .min = 1, .max = UINT8_MAX, .flags = XTOPT_PUT, + XTOPT_POINTER(s, option)}, + XTOPT_TABLEEND, }; - -static void -parse_dccp_ports(const char *portstring, - uint16_t *ports) -{ - char *buffer; - char *cp; - - buffer = strdup(portstring); - DEBUGP("%s\n", portstring); - if ((cp = strchr(buffer, ':')) == NULL) { - ports[0] = ports[1] = xtables_parse_port(buffer, "dccp"); - } - else { - *cp = '\0'; - cp++; - - ports[0] = buffer[0] ? xtables_parse_port(buffer, "dccp") : 0; - ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF; - - if (ports[0] > ports[1]) - xtables_error(PARAMETER_PROBLEM, - "invalid portrange (min > max)"); - } - free(buffer); -} +#undef s static const char *const dccp_pkt_types[] = { [DCCP_PKT_REQUEST] = "REQUEST", @@ -110,74 +96,34 @@ parse_dccp_types(const char *typestring) return typemask; } -static uint8_t parse_dccp_option(char *optstring) +static void dccp_parse(struct xt_option_call *cb) { - unsigned int ret; - - if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, "Bad DCCP option \"%s\"", - optstring); - - return ret; -} + struct xt_dccp_info *einfo = cb->data; -static int -dccp_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) -{ - struct xt_dccp_info *einfo - = (struct xt_dccp_info *)(*match)->data; - - switch (c) { - case '1': - if (*flags & XT_DCCP_SRC_PORTS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--source-port' allowed"); + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SOURCE_PORT: einfo->flags |= XT_DCCP_SRC_PORTS; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_dccp_ports(optarg, einfo->spts); - if (invert) + if (cb->invert) einfo->invflags |= XT_DCCP_SRC_PORTS; - *flags |= XT_DCCP_SRC_PORTS; break; - - case '2': - if (*flags & XT_DCCP_DEST_PORTS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--destination-port' allowed"); + case O_DEST_PORT: einfo->flags |= XT_DCCP_DEST_PORTS; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_dccp_ports(optarg, einfo->dpts); - if (invert) + if (cb->invert) einfo->invflags |= XT_DCCP_DEST_PORTS; - *flags |= XT_DCCP_DEST_PORTS; break; - - case '3': - if (*flags & XT_DCCP_TYPE) - xtables_error(PARAMETER_PROBLEM, - "Only one `--dccp-types' allowed"); + case O_DCCP_TYPES: einfo->flags |= XT_DCCP_TYPE; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - einfo->typemask = parse_dccp_types(optarg); - if (invert) + einfo->typemask = parse_dccp_types(cb->arg); + if (cb->invert) einfo->invflags |= XT_DCCP_TYPE; - *flags |= XT_DCCP_TYPE; break; - - case '4': - if (*flags & XT_DCCP_OPTION) - xtables_error(PARAMETER_PROBLEM, - "Only one `--dccp-option' allowed"); + case O_DCCP_OPTION: einfo->flags |= XT_DCCP_OPTION; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - einfo->option = parse_dccp_option(optarg); - if (invert) + if (cb->invert) einfo->invflags |= XT_DCCP_OPTION; - *flags |= XT_DCCP_OPTION; break; } - return 1; } static char * @@ -333,10 +279,10 @@ static struct xtables_match dccp_match = { .size = XT_ALIGN(sizeof(struct xt_dccp_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)), .help = dccp_help, - .parse = dccp_parse, .print = dccp_print, .save = dccp_save, - .extra_opts = dccp_opts, + .x6_parse = dccp_parse, + .x6_options = dccp_opts, }; void _init(void) diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c index 8b83e180..7646a4f3 100644 --- a/extensions/libxt_tos.c +++ b/extensions/libxt_tos.c @@ -21,12 +21,19 @@ struct ipt_tos_info { }; enum { - FLAG_TOS = 1 << 0, + O_TOS = 1 << 0, }; -static const struct option tos_mt_opts[] = { - {.name = "tos", .has_arg = true, .val = 't'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry tos_mt_opts_v0[] = { + {.name = "tos", .id = O_TOS, .type = XTTYPE_TOSMASK, + .flags = XTOPT_MAND, .max = 0xFF}, + XTOPT_TABLEEND, +}; + +static const struct xt_option_entry tos_mt_opts[] = { + {.name = "tos", .id = O_TOS, .type = XTTYPE_TOSMASK, + .flags = XTOPT_MAND, .max = 0x3F}, + XTOPT_TABLEEND, }; static void tos_mt_help(void) @@ -46,56 +53,29 @@ static void tos_mt_help(void) printf("\n"); } -static int tos_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void tos_mt_parse_v0(struct xt_option_call *cb) { - struct ipt_tos_info *info = (void *)(*match)->data; - struct tos_value_mask tvm; - - switch (c) { - case 't': - xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); - if (!tos_parse_symbolic(optarg, &tvm, 0xFF)) - xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg); - if (tvm.mask != 0xFF) - xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is " - "too old to support anything besides /0xFF " - "as a mask."); - info->tos = tvm.value; - if (invert) - info->invert = true; - *flags |= FLAG_TOS; - return true; - } - return false; + struct ipt_tos_info *info = cb->data; + + xtables_option_parse(cb); + if (cb->val.tos_mask != 0xFF) + xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is " + "too old to support anything besides /0xFF " + "as a mask."); + info->tos = cb->val.tos_value; + if (cb->invert) + info->invert = true; } -static int tos_mt_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void tos_mt_parse(struct xt_option_call *cb) { - struct xt_tos_match_info *info = (void *)(*match)->data; - struct tos_value_mask tvm = {.mask = 0xFF}; - - switch (c) { - case 't': - xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); - if (!tos_parse_symbolic(optarg, &tvm, 0x3F)) - xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg); - info->tos_value = tvm.value; - info->tos_mask = tvm.mask; - if (invert) - info->invert = true; - *flags |= FLAG_TOS; - return true; - } - return false; -} + struct xt_tos_match_info *info = cb->data; -static void tos_mt_check(unsigned int flags) -{ - if (flags == 0) - xtables_error(PARAMETER_PROBLEM, - "tos: --tos parameter required"); + xtables_option_parse(cb); + info->tos_value = cb->val.tos_value; + info->tos_mask = cb->val.tos_mask; + if (cb->invert) + info->invert = true; } static void tos_mt_print_v0(const void *ip, const struct xt_entry_match *match, @@ -150,11 +130,10 @@ static struct xtables_match tos_mt_reg[] = { .size = XT_ALIGN(sizeof(struct ipt_tos_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)), .help = tos_mt_help, - .parse = tos_mt_parse_v0, - .final_check = tos_mt_check, .print = tos_mt_print_v0, .save = tos_mt_save_v0, - .extra_opts = tos_mt_opts, + .x6_parse = tos_mt_parse_v0, + .x6_options = tos_mt_opts_v0, }, { .version = XTABLES_VERSION, @@ -164,11 +143,10 @@ static struct xtables_match tos_mt_reg[] = { .size = XT_ALIGN(sizeof(struct xt_tos_match_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)), .help = tos_mt_help, - .parse = tos_mt_parse, - .final_check = tos_mt_check, .print = tos_mt_print, .save = tos_mt_save, - .extra_opts = tos_mt_opts, + .x6_parse = tos_mt_parse, + .x6_options = tos_mt_opts, }, }; diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c index 505b3c88..d4930725 100644 --- a/extensions/libxt_udp.c +++ b/extensions/libxt_udp.c @@ -1,14 +1,15 @@ -/* Shared library add-on to iptables to add UDP support. */ -#include <stdbool.h> +#include <stdint.h> #include <stdio.h> #include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <netinet/in.h> +#include <arpa/inet.h> #include <xtables.h> #include <linux/netfilter/xt_tcpudp.h> +enum { + O_SOURCE_PORT = 0, + O_DEST_PORT, +}; + static void udp_help(void) { printf( @@ -21,36 +22,19 @@ static void udp_help(void) " match destination port(s)\n"); } -static const struct option udp_opts[] = { - {.name = "source-port", .has_arg = true, .val = '1'}, - {.name = "sport", .has_arg = true, .val = '1'}, /* synonym */ - {.name = "destination-port", .has_arg = true, .val = '2'}, - {.name = "dport", .has_arg = true, .val = '2'}, /* synonym */ - XT_GETOPT_TABLEEND, +#define s struct xt_udp +static const struct xt_option_entry udp_opts[] = { + {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)}, + {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)}, + {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)}, + {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)}, + XTOPT_TABLEEND, }; - -static void -parse_udp_ports(const char *portstring, uint16_t *ports) -{ - char *buffer; - char *cp; - - buffer = strdup(portstring); - if ((cp = strchr(buffer, ':')) == NULL) - ports[0] = ports[1] = xtables_parse_port(buffer, "udp"); - else { - *cp = '\0'; - cp++; - - ports[0] = buffer[0] ? xtables_parse_port(buffer, "udp") : 0; - ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF; - - if (ports[0] > ports[1]) - xtables_error(PARAMETER_PROBLEM, - "invalid portrange (min > max)"); - } - free(buffer); -} +#undef s static void udp_init(struct xt_entry_match *m) { @@ -59,40 +43,21 @@ static void udp_init(struct xt_entry_match *m) udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF; } -#define UDP_SRC_PORTS 0x01 -#define UDP_DST_PORTS 0x02 - -static int -udp_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void udp_parse(struct xt_option_call *cb) { - struct xt_udp *udpinfo = (struct xt_udp *)(*match)->data; - - switch (c) { - case '1': - if (*flags & UDP_SRC_PORTS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--source-port' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_udp_ports(optarg, udpinfo->spts); - if (invert) + struct xt_udp *udpinfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SOURCE_PORT: + if (cb->invert) udpinfo->invflags |= XT_UDP_INV_SRCPT; - *flags |= UDP_SRC_PORTS; break; - - case '2': - if (*flags & UDP_DST_PORTS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--destination-port' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_udp_ports(optarg, udpinfo->dpts); - if (invert) + case O_DEST_PORT: + if (cb->invert) udpinfo->invflags |= XT_UDP_INV_DSTPT; - *flags |= UDP_DST_PORTS; break; } - - return 1; } static char * @@ -195,10 +160,10 @@ static struct xtables_match udp_match = { .userspacesize = XT_ALIGN(sizeof(struct xt_udp)), .help = udp_help, .init = udp_init, - .parse = udp_parse, .print = udp_print, .save = udp_save, - .extra_opts = udp_opts, + .x6_parse = udp_parse, + .x6_options = udp_opts, }; void diff --git a/extensions/tos_values.c b/extensions/tos_values.c index c5efd9d7..6dc4743c 100644 --- a/extensions/tos_values.c +++ b/extensions/tos_values.c @@ -23,64 +23,6 @@ static const struct tos_symbol_info { {}, }; -/* - * tos_parse_numeric - parse sth. like "15/255" - * - * @str: input string - * @tvm: (value/mask) tuple - * @max: maximum allowed value (must be pow(2,some_int)-1) - */ -static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm, - unsigned int max) -{ - unsigned int value; - char *end; - - xtables_strtoui(str, &end, &value, 0, max); - tvm->value = value; - tvm->mask = max; - - if (*end == '/') { - const char *p = end + 1; - - if (!xtables_strtoui(p, &end, &value, 0, max)) - xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", - str); - tvm->mask = value; - } - - if (*end != '\0') - xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str); - return true; -} - -/** - * @str: input string - * @tvm: (value/mask) tuple - * @def_mask: mask to force when a symbolic name is used - */ -static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm, - unsigned int def_mask) -{ - static const unsigned int max = UINT8_MAX; - const struct tos_symbol_info *symbol; - char *tmp; - - if (xtables_strtoui(str, &tmp, NULL, 0, max)) - return tos_parse_numeric(str, tvm, max); - - /* Do not consider ECN bits when using preset names */ - tvm->mask = def_mask; - for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol) - if (strcasecmp(str, symbol->name) == 0) { - tvm->value = symbol->value; - return true; - } - - xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", str); - return false; -} - static bool tos_try_print_symbolic(const char *prefix, uint8_t value, uint8_t mask) { |