diff options
| author | Patrick McHardy <kaber@trash.net> | 2011-04-13 13:38:20 +0200 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-04-13 13:38:20 +0200 |
| commit | 316ae9d2f1996caea4cf221201accb8c2087a154 (patch) | |
| tree | cc0f2f89f0c41a5523af6f49e90e55892b7b680c /extensions | |
| parent | cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a (diff) | |
| parent | 4f7f187ffe1773487071b413491f062d141309dd (diff) | |
Merge branch 'opts' of git://dev.medozas.de/iptables
Diffstat (limited to 'extensions')
32 files changed, 858 insertions, 1780 deletions
diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c index 900564c4..254b1914 100644 --- a/extensions/libip6t_HL.c +++ b/extensions/libip6t_HL.c @@ -4,17 +4,33 @@ * Based on HW's ttl target * This program is distributed under the terms of GNU GPL */ - -#include <getopt.h> -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> #include <xtables.h> - #include <linux/netfilter_ipv6/ip6t_HL.h> -#define IP6T_HL_USED 1 +enum { + O_HL_SET = 0, + O_HL_INC, + O_HL_DEC, + F_HL_SET = 1 << O_HL_SET, + F_HL_INC = 1 << O_HL_INC, + F_HL_DEC = 1 << O_HL_DEC, + F_ANY = F_HL_SET | F_HL_INC | F_HL_DEC, +}; + +#define s struct ip6t_HL_info +static const struct xt_option_entry HL_opts[] = { + {.name = "ttl-set", .type = XTTYPE_UINT8, .id = O_HL_SET, + .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, + {.name = "ttl-dec", .type = XTTYPE_UINT8, .id = O_HL_DEC, + .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit), + .min = 1}, + {.name = "ttl-inc", .type = XTTYPE_UINT8, .id = O_HL_INC, + .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit), + .min = 1}, + XTOPT_TABLEEND, +}; +#undef s static void HL_help(void) { @@ -25,63 +41,27 @@ static void HL_help(void) " --hl-inc value Increment HL by <value 1-255>\n"); } -static int HL_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void HL_parse(struct xt_option_call *cb) { - struct ip6t_HL_info *info = (struct ip6t_HL_info *) (*target)->data; - unsigned int value; - - if (*flags & IP6T_HL_USED) { - xtables_error(PARAMETER_PROBLEM, - "Can't specify HL option twice"); + struct ip6t_HL_info *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_HL_SET: + info->mode = IP6T_HL_SET; + break; + case O_HL_INC: + info->mode = IP6T_HL_INC; + break; + case O_HL_DEC: + info->mode = IP6T_HL_DEC; + break; } - - if (!optarg) - xtables_error(PARAMETER_PROBLEM, - "HL: You must specify a value"); - - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "HL: unexpected `!'"); - - if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "HL: Expected value between 0 and 255"); - - switch (c) { - - case '1': - info->mode = IP6T_HL_SET; - break; - - case '2': - if (value == 0) { - xtables_error(PARAMETER_PROBLEM, - "HL: decreasing by 0?"); - } - - info->mode = IP6T_HL_DEC; - break; - - case '3': - if (value == 0) { - xtables_error(PARAMETER_PROBLEM, - "HL: increasing by 0?"); - } - - info->mode = IP6T_HL_INC; - break; - } - - info->hop_limit = value; - *flags |= IP6T_HL_USED; - - return 1; } -static void HL_check(unsigned int flags) +static void HL_check(struct xt_fcheck_call *cb) { - if (!(flags & IP6T_HL_USED)) + if (!(cb->xflags & F_ANY)) xtables_error(PARAMETER_PROBLEM, "HL: You must specify an action"); } @@ -127,13 +107,6 @@ static void HL_print(const void *ip, const struct xt_entry_target *target, printf(" %u", info->hop_limit); } -static const struct option HL_opts[] = { - {.name = "hl-set", .has_arg = true, .val = '1'}, - {.name = "hl-dec", .has_arg = true, .val = '2'}, - {.name = "hl-inc", .has_arg = true, .val = '3'}, - XT_GETOPT_TABLEEND, -}; - static struct xtables_target hl_tg6_reg = { .name = "HL", .version = XTABLES_VERSION, @@ -141,11 +114,11 @@ static struct xtables_target hl_tg6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_HL_info)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_HL_info)), .help = HL_help, - .parse = HL_parse, - .final_check = HL_check, .print = HL_print, .save = HL_save, - .extra_opts = HL_opts, + .x6_parse = HL_parse, + .x6_fcheck = HL_check, + .x6_options = HL_opts, }; void _init(void) diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c index f906ab81..8085321a 100644 --- a/extensions/libip6t_REJECT.c +++ b/extensions/libip6t_REJECT.c @@ -5,11 +5,8 @@ * ported to IPv6 by Harald Welte <laforge@gnumonks.org> * */ -#include <stdbool.h> #include <stdio.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter_ipv6/ip6t_REJECT.h> @@ -20,6 +17,10 @@ struct reject_names { const char *desc; }; +enum { + O_REJECT_WITH = 0, +}; + static const struct reject_names reject_table[] = { {"icmp6-no-route", "no-route", IP6T_ICMP6_NO_ROUTE, "ICMPv6 no route"}, @@ -61,9 +62,9 @@ static void REJECT_help(void) print_reject_types(); } -static const struct option REJECT_opts[] = { - {.name = "reject-with", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry REJECT_opts[] = { + {.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; static void REJECT_init(struct xt_entry_target *t) @@ -75,27 +76,22 @@ static void REJECT_init(struct xt_entry_target *t) } -static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void REJECT_parse(struct xt_option_call *cb) { - struct ip6t_reject_info *reject = - (struct ip6t_reject_info *)(*target)->data; + struct ip6t_reject_info *reject = cb->data; unsigned int i; - switch(c) { - case '1': - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --reject-with"); - for (i = 0; i < ARRAY_SIZE(reject_table); ++i) - if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0) - || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) { - reject->with = reject_table[i].with; - return 1; - } - xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg); - } - return 0; + xtables_option_parse(cb); + for (i = 0; i < ARRAY_SIZE(reject_table); ++i) + if (strncasecmp(reject_table[i].name, + cb->arg, strlen(cb->arg)) == 0 || + strncasecmp(reject_table[i].alias, + cb->arg, strlen(cb->arg)) == 0) { + reject->with = reject_table[i].with; + return; + } + xtables_error(PARAMETER_PROBLEM, + "unknown reject type \"%s\"", cb->arg); } static void REJECT_print(const void *ip, const struct xt_entry_target *target, @@ -132,10 +128,10 @@ static struct xtables_target reject_tg6_reg = { .userspacesize = XT_ALIGN(sizeof(struct ip6t_reject_info)), .help = REJECT_help, .init = REJECT_init, - .parse = REJECT_parse, .print = REJECT_print, .save = REJECT_save, - .extra_opts = REJECT_opts, + .x6_parse = REJECT_parse, + .x6_options = REJECT_opts, }; void _init(void) diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c index 29220474..d30ddfa4 100644 --- a/extensions/libip6t_ah.c +++ b/extensions/libip6t_ah.c @@ -1,14 +1,13 @@ -/* Shared library add-on to ip6tables to add AH support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <errno.h> #include <xtables.h> #include <linux/netfilter_ipv6/ip6t_ah.h> +enum { + O_AHSPI = 0, + O_AHLEN, + O_AHRES, +}; + static void ah_help(void) { printf( @@ -18,55 +17,16 @@ static void ah_help(void) " --ahres check the reserved field too\n"); } -static const struct option ah_opts[] = { - {.name = "ahspi", .has_arg = true, .val = '1'}, - {.name = "ahlen", .has_arg = true, .val = '2'}, - {.name = "ahres", .has_arg = false, .val = '3'}, - XT_GETOPT_TABLEEND, +#define s struct ip6t_ah +static const struct xt_option_entry ah_opts[] = { + {.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spis)}, + {.name = "ahlen", .id = O_AHLEN, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)}, + {.name = "ahres", .id = O_AHRES, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; - -static uint32_t -parse_ah_spi(const char *spistr, const char *typestr) -{ - unsigned long int spi; - char* ep; - - spi = strtoul(spistr, &ep, 0); - - if ( spistr == ep ) - xtables_error(PARAMETER_PROBLEM, - "AH no valid digits in %s `%s'", typestr, spistr); - - if ( spi == ULONG_MAX && errno == ERANGE ) - xtables_error(PARAMETER_PROBLEM, - "%s `%s' specified too big: would overflow", - typestr, spistr); - - if ( *spistr != '\0' && *ep != '\0' ) - xtables_error(PARAMETER_PROBLEM, - "AH error parsing %s `%s'", typestr, spistr); - - return spi; -} - -static void -parse_ah_spis(const char *spistring, uint32_t *spis) -{ - char *buffer; - char *cp; - - buffer = strdup(spistring); - if ((cp = strchr(buffer, ':')) == NULL) - spis[0] = spis[1] = parse_ah_spi(buffer, "spi"); - else { - *cp = '\0'; - cp++; - - spis[0] = buffer[0] ? parse_ah_spi(buffer, "spi") : 0; - spis[1] = cp[0] ? parse_ah_spi(cp, "spi") : 0xFFFFFFFF; - } - free(buffer); -} +#undef s static void ah_init(struct xt_entry_match *m) { @@ -75,42 +35,24 @@ static void ah_init(struct xt_entry_match *m) ahinfo->spis[1] = 0xFFFFFFFF; } -static int ah_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void ah_parse(struct xt_option_call *cb) { - struct ip6t_ah *ahinfo = (struct ip6t_ah *)(*match)->data; - - switch (c) { - case '1': - if (*flags & IP6T_AH_SPI) - xtables_error(PARAMETER_PROBLEM, - "Only one `--ahspi' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_ah_spis(optarg, ahinfo->spis); - if (invert) + struct ip6t_ah *ahinfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_AHSPI: + if (cb->invert) ahinfo->invflags |= IP6T_AH_INV_SPI; - *flags |= IP6T_AH_SPI; break; - case '2': - if (*flags & IP6T_AH_LEN) - xtables_error(PARAMETER_PROBLEM, - "Only one `--ahlen' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - ahinfo->hdrlen = parse_ah_spi(optarg, "length"); - if (invert) + case O_AHLEN: + if (cb->invert) ahinfo->invflags |= IP6T_AH_INV_LEN; - *flags |= IP6T_AH_LEN; break; - case '3': - if (*flags & IP6T_AH_RES) - xtables_error(PARAMETER_PROBLEM, - "Only one `--ahres' allowed"); + case O_AHRES: ahinfo->hdrres = 1; - *flags |= IP6T_AH_RES; break; } - - return 1; } static void @@ -191,10 +133,10 @@ static struct xtables_match ah_mt6_reg = { .userspacesize = XT_ALIGN(sizeof(struct ip6t_ah)), .help = ah_help, .init = ah_init, - .parse = ah_parse, .print = ah_print, .save = ah_save, - .extra_opts = ah_opts, + .x6_parse = ah_parse, + .x6_options = ah_opts, }; void diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c index 74f6029f..4125bd3d 100644 --- a/extensions/libip6t_dst.c +++ b/extensions/libip6t_dst.c @@ -1,16 +1,14 @@ -/* Shared library add-on to ip6tables to add Dst header support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> #include <string.h> #include <stdlib.h> -#include <getopt.h> #include <errno.h> #include <xtables.h> #include <linux/netfilter_ipv6/ip6t_opts.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <arpa/inet.h> + +enum { + O_DSTLEN = 0, + O_DSTOPTS, +}; static void dst_help(void) { @@ -22,10 +20,12 @@ static void dst_help(void) IP6T_OPTS_OPTSNR); } -static const struct option dst_opts[] = { - {.name = "dst-len", .has_arg = true, .val = '1'}, - {.name = "dst-opts", .has_arg = true, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry dst_opts[] = { + {.name = "dst-len", .id = O_DSTLEN, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_PUT, + XTOPT_POINTER(struct ip6t_opts, hdrlen)}, + {.name = "dst-opts", .id = O_DSTOPTS, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; static uint32_t @@ -105,38 +105,17 @@ parse_options(const char *optsstr, uint16_t *opts) return i; } -static int dst_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void dst_parse(struct xt_option_call *cb) { - struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data; - - switch (c) { - case '1': - if (*flags & IP6T_OPTS_LEN) - xtables_error(PARAMETER_PROBLEM, - "Only one `--dst-len' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - optinfo->hdrlen = parse_opts_num(optarg, "length"); - if (invert) - optinfo->invflags |= IP6T_OPTS_INV_LEN; - optinfo->flags |= IP6T_OPTS_LEN; - *flags |= IP6T_OPTS_LEN; - break; - case '2': - if (*flags & IP6T_OPTS_OPTS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--dst-opts' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) - xtables_error(PARAMETER_PROBLEM, - " '!' not allowed with `--dst-opts'"); - optinfo->optsnr = parse_options(optarg, optinfo->opts); + struct ip6t_opts *optinfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_DSTOPTS: + optinfo->optsnr = parse_options(cb->arg, optinfo->opts); optinfo->flags |= IP6T_OPTS_OPTS; - *flags |= IP6T_OPTS_OPTS; break; } - - return 1; } static void @@ -199,10 +178,10 @@ static struct xtables_match dst_mt6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_opts)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)), .help = dst_help, - .parse = dst_parse, .print = dst_print, .save = dst_save, - .extra_opts = dst_opts, + .x6_parse = dst_parse, + .x6_options = dst_opts, }; void diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 19aca4c5..12794e42 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -1,14 +1,18 @@ -/* Shared library add-on to ip6tables to add Fragmentation header support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <errno.h> #include <xtables.h> #include <linux/netfilter_ipv6/ip6t_frag.h> +enum { + O_FRAGID = 0, + O_FRAGLEN, + O_FRAGRES, + O_FRAGFIRST, + O_FRAGMORE, + O_FRAGLAST, + F_FRAGMORE = 1 << O_FRAGMORE, + F_FRAGLAST = 1 << O_FRAGLAST, +}; + static void frag_help(void) { printf( @@ -21,58 +25,21 @@ static void frag_help(void) " is the last one\n"); } -static const struct option frag_opts[] = { - {.name = "fragid", .has_arg = true, .val = '1'}, - {.name = "fraglen", .has_arg = true, .val = '2'}, - {.name = "fragres", .has_arg = false, .val = '3'}, - {.name = "fragfirst", .has_arg = false, .val = '4'}, - {.name = "fragmore", .has_arg = false, .val = '5'}, - {.name = "fraglast", .has_arg = false, .val = '6'}, - XT_GETOPT_TABLEEND, +#define s struct ip6t_frag +static const struct xt_option_entry frag_opts[] = { + {.name = "fragid", .id = O_FRAGID, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ids)}, + {.name = "fraglen", .id = O_FRAGLEN, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)}, + {.name = "fragres", .id = O_FRAGRES, .type = XTTYPE_NONE}, + {.name = "fragfirst", .id = O_FRAGFIRST, .type = XTTYPE_NONE}, + {.name = "fragmore", .id = O_FRAGMORE, .type = XTTYPE_NONE, + .excl = F_FRAGLAST}, + {.name = "fraglast", .id = O_FRAGLAST, .type = XTTYPE_NONE, + .excl = F_FRAGMORE}, + XTOPT_TABLEEND, }; - -static uint32_t -parse_frag_id(const char *idstr, const char *typestr) -{ - unsigned long int id; - char* ep; - - id = strtoul(idstr, &ep, 0); - - if ( idstr == ep ) { - xtables_error(PARAMETER_PROBLEM, - "FRAG no valid digits in %s `%s'", typestr, idstr); - } - if ( id == ULONG_MAX && errno == ERANGE ) { - xtables_error(PARAMETER_PROBLEM, - "%s `%s' specified too big: would overflow", - typestr, idstr); - } - if ( *idstr != '\0' && *ep != '\0' ) { - xtables_error(PARAMETER_PROBLEM, - "FRAG error parsing %s `%s'", typestr, idstr); - } - return id; -} - -static void -parse_frag_ids(const char *idstring, uint32_t *ids) -{ - char *buffer; - char *cp; - - buffer = strdup(idstring); - if ((cp = strchr(buffer, ':')) == NULL) - ids[0] = ids[1] = parse_frag_id(buffer,"id"); - else { - *cp = '\0'; - cp++; - - ids[0] = buffer[0] ? parse_frag_id(buffer,"id") : 0; - ids[1] = cp[0] ? parse_frag_id(cp,"id") : 0xFFFFFFFF; - } - free(buffer); -} +#undef s static void frag_init(struct xt_entry_match *m) { @@ -81,65 +48,25 @@ static void frag_init(struct xt_entry_match *m) fraginfo->ids[1] = 0xFFFFFFFF; } -static int frag_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void frag_parse(struct xt_option_call *cb) { - struct ip6t_frag *fraginfo = (struct ip6t_frag *)(*match)->data; - - switch (c) { - case '1': - if (*flags & IP6T_FRAG_IDS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--fragid' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_frag_ids(optarg, fraginfo->ids); - if (invert) - fraginfo->invflags |= IP6T_FRAG_INV_IDS; - fraginfo->flags |= IP6T_FRAG_IDS; - *flags |= IP6T_FRAG_IDS; - break; - case '2': - if (*flags & IP6T_FRAG_LEN) - xtables_error(PARAMETER_PROBLEM, - "Only one `--fraglen' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - fraginfo->hdrlen = parse_frag_id(optarg, "length"); - if (invert) - fraginfo->invflags |= IP6T_FRAG_INV_LEN; - fraginfo->flags |= IP6T_FRAG_LEN; - *flags |= IP6T_FRAG_LEN; - break; - case '3': - if (*flags & IP6T_FRAG_RES) - xtables_error(PARAMETER_PROBLEM, - "Only one `--fragres' allowed"); + struct ip6t_frag *fraginfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_FRAGRES: fraginfo->flags |= IP6T_FRAG_RES; - *flags |= IP6T_FRAG_RES; break; - case '4': - if (*flags & IP6T_FRAG_FST) - xtables_error(PARAMETER_PROBLEM, - "Only one `--fragfirst' allowed"); + case O_FRAGFIRST: fraginfo->flags |= IP6T_FRAG_FST; - *flags |= IP6T_FRAG_FST; break; - case '5': - if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF)) - xtables_error(PARAMETER_PROBLEM, - "Only one `--fragmore' or `--fraglast' allowed"); + case O_FRAGMORE: fraginfo->flags |= IP6T_FRAG_MF; - *flags |= IP6T_FRAG_MF; break; - case '6': - if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF)) - xtables_error(PARAMETER_PROBLEM, - "Only one `--fragmore' or `--fraglast' allowed"); + case O_FRAGLAST: fraginfo->flags |= IP6T_FRAG_NMF; - *flags |= IP6T_FRAG_NMF; break; } - - return 1; } static void @@ -234,10 +161,10 @@ static struct xtables_match frag_mt6_reg = { .userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)), .help = frag_help, .init = frag_init, - .parse = frag_parse, .print = frag_print, .save = frag_save, - .extra_opts = frag_opts, + .x6_parse = frag_parse, + .x6_options = frag_opts, }; void diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c index b6a8e461..809e80d5 100644 --- a/extensions/libip6t_hbh.c +++ b/extensions/libip6t_hbh.c @@ -1,19 +1,17 @@ -/* Shared library add-on to ip6tables to add Hop-by-Hop header support. */ #include <stdio.h> -#include <netdb.h> #include <string.h> #include <stdlib.h> -#include <getopt.h> #include <errno.h> #include <xtables.h> -/*#include <linux/in6.h>*/ #include <linux/netfilter_ipv6/ip6t_opts.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <arpa/inet.h> #define DEBUG 0 +enum { + O_HBH_LEN = 0, + O_HBH_OPTS, +}; + static void hbh_help(void) { printf( @@ -24,10 +22,12 @@ static void hbh_help(void) IP6T_OPTS_OPTSNR); } -static const struct option hbh_opts[] = { - {.name = "hbh-len", .has_arg = true, .val = '1'}, - {.name = "hbh-opts", .has_arg = true, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry hbh_opts[] = { + {.name = "hbh-len", .id = O_HBH_LEN, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_PUT, + XTOPT_POINTER(struct ip6t_opts, hdrlen)}, + {.name = "hbh-opts", .id = O_HBH_OPTS, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; static uint32_t @@ -99,38 +99,21 @@ parse_options(const char *optsstr, uint16_t *opts) return i; } -static int hbh_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void hbh_parse(struct xt_option_call *cb) { - struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data; - - switch (c) { - case '1': - if (*flags & IP6T_OPTS_LEN) - xtables_error(PARAMETER_PROBLEM, - "Only one `--hbh-len' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - optinfo->hdrlen = parse_opts_num(optarg, "length"); - if (invert) + struct ip6t_opts *optinfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_HBH_LEN: + if (cb->invert) optinfo->invflags |= IP6T_OPTS_INV_LEN; - optinfo->flags |= IP6T_OPTS_LEN; - *flags |= IP6T_OPTS_LEN; break; - case '2': - if (*flags & IP6T_OPTS_OPTS) - xtables_error(PARAMETER_PROBLEM, - "Only one `--hbh-opts' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) - xtables_error(PARAMETER_PROBLEM, - " '!' not allowed with `--hbh-opts'"); - optinfo->optsnr = parse_options(optarg, optinfo->opts); + case O_HBH_OPTS: + optinfo->optsnr = parse_options(cb->arg, optinfo->opts); optinfo->flags |= IP6T_OPTS_OPTS; - *flags |= IP6T_OPTS_OPTS; break; } - - return 1; } static void @@ -187,10 +170,10 @@ static struct xtables_match hbh_mt6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_opts)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)), .help = hbh_help, - .parse = hbh_parse, .print = hbh_print, .save = hbh_save, - .extra_opts = hbh_opts, + .x6_parse = hbh_parse, + .x6_options = hbh_opts, }; void diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c index 5da3210a..3559db46 100644 --- a/extensions/libip6t_hl.c +++ b/extensions/libip6t_hl.c @@ -5,15 +5,20 @@ * This program is released under the terms of GNU GPL * Cleanups by Stephane Ouellette <ouellettes@videotron.ca> */ -#include <stdbool.h> #include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <getopt.h> #include <xtables.h> - #include <linux/netfilter_ipv6/ip6t_hl.h> +enum { + O_HL_EQ = 0, + O_HL_LT, + O_HL_GT, + F_HL_EQ = 1 << O_HL_EQ, + F_HL_LT = 1 << O_HL_LT, + F_HL_GT = 1 << O_HL_GT, + F_ANY = F_HL_EQ | F_HL_LT | F_HL_GT, +}; + static void hl_help(void) { printf( @@ -23,62 +28,27 @@ static void hl_help(void) " --hl-gt value Match HL > value\n"); } -static int hl_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void hl_parse(struct xt_option_call *cb) { - struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data; - uint8_t value; - - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - value = atoi(optarg); - - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "Can't specify HL option twice"); - - if (!optarg) - xtables_error(PARAMETER_PROBLEM, - "hl: You must specify a value"); - switch (c) { - case '2': - if (invert) - info->mode = IP6T_HL_NE; - else - info->mode = IP6T_HL_EQ; - - /* is 0 allowed? */ - info->hop_limit = value; - *flags = 1; - - break; - case '3': - if (invert) - xtables_error(PARAMETER_PROBLEM, - "hl: unexpected `!'"); - - info->mode = IP6T_HL_LT; - info->hop_limit = value; - *flags = 1; - - break; - case '4': - if (invert) - xtables_error(PARAMETER_PROBLEM, - "hl: unexpected `!'"); - - info->mode = IP6T_HL_GT; - info->hop_limit = value; - *flags = 1; - - break; + struct ip6t_hl_info *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_HL_EQ: + info->mode = cb->invert ? IP6T_HL_NE : IP6T_HL_EQ; + break; + case O_HL_LT: + info->mode = IP6T_HL_LT; + break; + case O_HL_GT: + info->mode = IP6T_HL_GT; + break; } - - return 1; } -static void hl_check(unsigned int flags) +static void hl_check(struct xt_fcheck_call *cb) { - if (!flags) + if (!(cb->xflags & F_ANY)) xtables_error(PARAMETER_PROBLEM, "HL match: You must specify one of " "`--hl-eq', `--hl-lt', `--hl-gt'"); @@ -113,13 +83,19 @@ static void hl_save(const void *ip, const struct xt_entry_match *match) printf(" %s %u", op[info->mode], info->hop_limit); } -static const struct option hl_opts[] = { - {.name = "hl", .has_arg = true, .val = '2'}, - {.name = "hl-eq", .has_arg = true, .val = '2'}, - {.name = "hl-lt", .has_arg = true, .val = '3'}, - {.name = "hl-gt", .has_arg = true, .val = '4'}, - XT_GETOPT_TABLEEND, +#define s struct ip6t_hl_info +static const struct xt_option_entry hl_opts[] = { + {.name = "hl-lt", .id = O_HL_LT, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, + {.name = "hl-gt", .id = O_HL_GT, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, + {.name = "hl-eq", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, + {.name = "hl", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, + XTOPT_TABLEEND, }; +#undef s static struct xtables_match hl_mt6_reg = { .name = "hl", @@ -128,11 +104,11 @@ static struct xtables_match hl_mt6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_hl_info)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)), .help = hl_help, - .parse = hl_parse, - .final_check = hl_check, .print = hl_print, .save = hl_save, - .extra_opts = hl_opts, + .x6_parse = hl_parse, + .x6_fcheck = hl_check, + .x6_options = hl_opts, }; diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index fa87b696..68b940bd 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -1,14 +1,14 @@ -/* Shared library add-on to ip6tables to add ICMP support. */ -#include <stdbool.h> +#include <stdint.h> #include <stdio.h> -#include <netdb.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <limits.h> /* INT_MAX in ip6_tables.h */ #include <linux/netfilter_ipv6/ip6_tables.h> +enum { + O_ICMPV6_TYPE = 0, +}; + struct icmpv6_names { const char *name; uint8_t type; @@ -84,9 +84,10 @@ static void icmp6_help(void) print_icmpv6types(); } -static const struct option icmp6_opts[] = { - {.name = "icmpv6-type", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry icmp6_opts[] = { + {.name = "icmpv6-type", .id = O_ICMPV6_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_INVERT}, + XTOPT_TABLEEND, }; static void @@ -149,26 +150,14 @@ static void icmp6_init(struct xt_entry_match *m) icmpv6info->code[1] = 0xFF; } -static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void icmp6_parse(struct xt_option_call *cb) { - struct ip6t_icmp *icmpv6info = (struct ip6t_icmp *)(*match)->data; - - switch (c) { - case '1': - if (*flags == 1) - xtables_error(PARAMETER_PROBLEM, - "icmpv6 match: only use --icmpv6-type once!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_icmpv6(optarg, &icmpv6info->type, - icmpv6info->code); - if (invert) - icmpv6info->invflags |= IP6T_ICMP_INV; - *flags = 1; - break; - } + struct ip6t_icmp *icmpv6info = cb->data; - return 1; + xtables_option_parse(cb); + parse_icmpv6(cb->arg, &icmpv6info->type, icmpv6info->code); + if (cb->invert) + icmpv6info->invflags |= IP6T_ICMP_INV; } static void print_icmpv6type(uint8_t type, @@ -230,13 +219,6 @@ static void icmp6_save(const void *ip, const struct xt_entry_match *match) printf("/%u", icmpv6->code[0]); } -static void icmp6_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "icmpv6 match: You must specify `--icmpv6-type'"); -} - static struct xtables_match icmp6_mt6_reg = { .name = "icmp6", .version = XTABLES_VERSION, @@ -245,11 +227,10 @@ static struct xtables_match icmp6_mt6_reg = { .userspacesize = XT_ALIGN(sizeof(struct ip6t_icmp)), .help = icmp6_help, .init = icmp6_init, - .parse = icmp6_parse, - .final_check = icmp6_check, .print = icmp6_print, .save = icmp6_save, - .extra_opts = icmp6_opts, + .x6_parse = icmp6_parse, + .x6_options = icmp6_opts, }; void _init(void) diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index c05cedbb..fca6f323 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -3,24 +3,18 @@ on whether they contain certain headers */ /* Original idea: Brad Chapman * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */ - -#include <getopt.h> -#include <xtables.h> -#include <stdbool.h> -#include <stddef.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <netdb.h> -#include <sys/types.h> - +#include <xtables.h> #include <linux/netfilter_ipv6/ip6t_ipv6header.h> -/* This maybe required -#include <linux/in.h> -#include <linux/in6.h> -*/ - +enum { + O_HEADER = 0, + O_SOFT, +}; /* A few hardcoded protocols for 'all' and in case the user has no * /etc/protocols */ @@ -140,10 +134,11 @@ static void ipv6header_help(void) "--soft The header CONTAINS the specified extensions\n"); } -static const struct option ipv6header_opts[] = { - {.name = "header", .has_arg = true, .val = '1'}, - {.name = "soft", .has_arg = false, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry ipv6header_opts[] = { + {.name = "header", .id = O_HEADER, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_INVERT}, + {.name = "soft", .id = O_SOFT, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static unsigned int @@ -161,50 +156,22 @@ parse_header(const char *flags) { return ret; } -#define IPV6_HDR_HEADER 0x01 -#define IPV6_HDR_SOFT 0x02 - -static int -ipv6header_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void ipv6header_parse(struct xt_option_call *cb) { - struct ip6t_ipv6header_info *info = (struct ip6t_ipv6header_info *)(*match)->data; - - switch (c) { - case '1' : - /* Parse the provided header names */ - if (*flags & IPV6_HDR_HEADER) - xtables_error(PARAMETER_PROBLEM, - "Only one `--header' allowed"); - - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - if (! (info->matchflags = parse_header(optarg)) ) - xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names"); - - if (invert) - info->invflags |= 0xFF; - *flags |= IPV6_HDR_HEADER; - break; - case '2' : - /* Soft-mode requested? */ - if (*flags & IPV6_HDR_SOFT) - xtables_error(PARAMETER_PROBLEM, - "Only one `--soft' allowed"); - - info->modeflag |= 0xFF; - *flags |= IPV6_HDR_SOFT; - break; + struct ip6t_ipv6header_info *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_HEADER: + if (!(info->matchflags = parse_header(cb->arg))) + xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names"); + if (cb->invert) + info->invflags |= 0xFF; + break; + case O_SOFT: + info->modeflag |= 0xFF; + break; } - - return 1; -} - -static void ipv6header_check(unsigned int flags) -{ - if (!(flags & IPV6_HDR_HEADER)) - xtables_error(PARAMETER_PROBLEM, - "ip6t_ipv6header: no options specified"); } static void @@ -266,11 +233,10 @@ static struct xtables_match ipv6header_mt6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_ipv6header_info)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_ipv6header_info)), .help = ipv6header_help, - .parse = ipv6header_parse, - .final_check = ipv6header_check, .print = ipv6header_print, .save = ipv6header_save, - .extra_opts = ipv6header_opts, + .x6_parse = ipv6header_parse, + .x6_options = ipv6header_opts, }; void _init(void) diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c index 2aa1a00c..ee09f299 100644 --- a/extensions/libipt_ECN.c +++ b/extensions/libipt_ECN.c @@ -6,15 +6,20 @@ * * libipt_ECN.c borrowed heavily from libipt_DSCP.c */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> #include <linux/netfilter_ipv4/ipt_ECN.h> +enum { + O_ECN_TCP_REMOVE = 0, + O_ECN_TCP_CWR, + O_ECN_TCP_ECE, + O_ECN_IP_ECT, + F_ECN_TCP_REMOVE = 1 << O_ECN_TCP_REMOVE, + F_ECN_TCP_CWR = 1 << O_ECN_TCP_CWR, + F_ECN_TCP_ECE = 1 << O_ECN_TCP_ECE, +}; + static void ECN_help(void) { printf( @@ -29,73 +34,47 @@ static void ECN_help(void) " --ecn-tcp-ece Set the IPv4 ECE bit (0 or 1)\n", #endif - -static const struct option ECN_opts[] = { - {.name = "ecn-tcp-remove", .has_arg = false, .val = 'F'}, - {.name = "ecn-tcp-cwr", .has_arg = true, .val = 'G'}, - {.name = "ecn-tcp-ece", .has_arg = true, .val = 'H'}, - {.name = "ecn-ip-ect", .has_arg = true, .val = '9'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry ECN_opts[] = { + {.name = "ecn-tcp-remove", .id = O_ECN_TCP_REMOVE, .type = XTTYPE_NONE, + .excl = F_ECN_TCP_CWR | F_ECN_TCP_ECE}, + {.name = "ecn-tcp-cwr", .id = O_ECN_TCP_CWR, .type = XTTYPE_UINT8, + .min = 0, .max = 1, .excl = F_ECN_TCP_REMOVE}, + {.name = "ecn-tcp-ece", .id = O_ECN_TCP_ECE, .type = XTTYPE_UINT8, + .min = 0, .max = 1, .excl = F_ECN_TCP_REMOVE}, + {.name = "ecn-ip-ect", .id = O_ECN_IP_ECT, .type = XTTYPE_UINT8, + .min = 0, .max = 3}, + XTOPT_TABLEEND, }; -static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void ECN_parse(struct xt_option_call *cb) { - unsigned int result; - struct ipt_ECN_info *einfo - = (struct ipt_ECN_info *)(*target)->data; - - switch (c) { - case 'F': - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Only use --ecn-tcp-remove ONCE!"); + struct ipt_ECN_info *einfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_ECN_TCP_REMOVE: einfo->operation = IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR; einfo->proto.tcp.ece = 0; einfo->proto.tcp.cwr = 0; - *flags |= IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR; break; - case 'G': - if (*flags & IPT_ECN_OP_SET_CWR) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Only use --ecn-tcp-cwr ONCE!"); - if (!xtables_strtoui(optarg, NULL, &result, 0, 1)) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Value out of range"); + case O_ECN_TCP_CWR: einfo->operation |= IPT_ECN_OP_SET_CWR; - einfo->proto.tcp.cwr = result; - *flags |= IPT_ECN_OP_SET_CWR; + einfo->proto.tcp.cwr = cb->val.u8; break; - case 'H': - if (*flags & IPT_ECN_OP_SET_ECE) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Only use --ecn-tcp-ece ONCE!"); - if (!xtables_strtoui(optarg, NULL, &result, 0, 1)) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Value out of range"); + case O_ECN_TCP_ECE: einfo->operation |= IPT_ECN_OP_SET_ECE; - einfo->proto.tcp.ece = result; - *flags |= IPT_ECN_OP_SET_ECE; + einfo->proto.tcp.ece = cb->val.u8; break; - case '9': - if (*flags & IPT_ECN_OP_SET_IP) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Only use --ecn-ip-ect ONCE!"); - if (!xtables_strtoui(optarg, NULL, &result, 0, 3)) - xtables_error(PARAMETER_PROBLEM, - "ECN target: Value out of range"); + case O_ECN_IP_ECT: einfo->operation |= IPT_ECN_OP_SET_IP; - einfo->ip_ect = result; - *flags |= IPT_ECN_OP_SET_IP; + einfo->ip_ect = cb->val.u8; break; } - - return 1; } -static void ECN_check(unsigned int flags) +static void ECN_check(struct xt_fcheck_call *cb) { - if (!flags) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, "ECN target: An operation is required"); } @@ -153,11 +132,11 @@ static struct xtables_target ecn_tg_reg = { .size = XT_ALIGN(sizeof(struct ipt_ECN_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_ECN_info)), .help = ECN_help, - .parse = ECN_parse, - .final_check = ECN_check, .print = ECN_print, .save = ECN_save, - .extra_opts = ECN_opts, + .x6_parse = ECN_parse, + .x6_fcheck = ECN_check, + .x6_options = ECN_opts, }; void _init(void) diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index 0ed58cbd..362c65ed 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -2,11 +2,8 @@ * * (C) 2000 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> */ -#include <stdbool.h> #include <stdio.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter_ipv4/ipt_REJECT.h> #include <linux/version.h> @@ -27,6 +24,10 @@ struct reject_names { const char *desc; }; +enum { + O_REJECT_WITH = 0, +}; + static const struct reject_names reject_table[] = { {"icmp-net-unreachable", "net-unreach", IPT_ICMP_NET_UNREACHABLE, "ICMP network unreachable"}, @@ -76,9 +77,9 @@ static void REJECT_help(void) printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n"); } -static const struct option REJECT_opts[] = { - {.name = "reject-with", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry REJECT_opts[] = { + {.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; static void REJECT_init(struct xt_entry_target *t) @@ -90,34 +91,27 @@ static void REJECT_init(struct xt_entry_target *t) } -static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void REJECT_parse(struct xt_option_call *cb) { - struct ipt_reject_info *reject = (struct ipt_reject_info *)(*target)->data; - static const unsigned int limit = ARRAY_SIZE(reject_table); + struct ipt_reject_info *reject = cb->data; unsigned int i; - switch(c) { - case '1': - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --reject-with"); - for (i = 0; i < limit; i++) { - if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0) - || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) { - reject->with = reject_table[i].with; - return 1; - } + xtables_option_parse(cb); + for (i = 0; i < ARRAY_SIZE(reject_table); ++i) + if (strncasecmp(reject_table[i].name, + cb->arg, strlen(cb->arg)) == 0 || + strncasecmp(reject_table[i].alias, + cb->arg, strlen(cb->arg)) == 0) { + reject->with = reject_table[i].with; + return; } - /* This due to be dropped late in 2.4 pre-release cycle --RR */ - if (strncasecmp("echo-reply", optarg, strlen(optarg)) == 0 - || strncasecmp("echoreply", optarg, strlen(optarg)) == 0) - fprintf(stderr, "--reject-with echo-reply no longer" - " supported\n"); - xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg); - break; - } - return 0; + /* This due to be dropped late in 2.4 pre-release cycle --RR */ + if (strncasecmp("echo-reply", cb->arg, strlen(cb->arg)) == 0 || + strncasecmp("echoreply", cb->arg, strlen(cb->arg)) == 0) + fprintf(stderr, "--reject-with echo-reply no longer" + " supported\n"); + xtables_error(PARAMETER_PROBLEM, + "unknown reject type \"%s\"", cb->arg); } static void REJECT_print(const void *ip, const struct xt_entry_target *target, @@ -154,10 +148,10 @@ static struct xtables_target reject_tg_reg = { .userspacesize = XT_ALIGN(sizeof(struct ipt_reject_info)), .help = REJECT_help, .init = REJECT_init, - .parse = REJECT_parse, .print = REJECT_print, .save = REJECT_save, - .extra_opts = REJECT_opts, + .x6_parse = REJECT_parse, + .x6_options = REJECT_opts, }; void _init(void) diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index c2518f86..0f81280b 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -3,16 +3,33 @@ * * This program is distributed under the terms of GNU GPL */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> - #include <linux/netfilter_ipv4/ipt_TTL.h> -#define IPT_TTL_USED 1 +enum { + O_TTL_SET = 0, + O_TTL_INC, + O_TTL_DEC, + F_TTL_SET = 1 << O_TTL_SET, + F_TTL_INC = 1 << O_TTL_INC, + F_TTL_DEC = 1 << O_TTL_DEC, + F_ANY = F_TTL_SET | F_TTL_INC | F_TTL_DEC, +}; + +#define s struct ipt_TTL_info +static const struct xt_option_entry TTL_opts[] = { + {.name = "ttl-set", .type = XTTYPE_UINT8, .id = O_TTL_SET, + .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)}, + {.name = "ttl-dec", .type = XTTYPE_UINT8, .id = O_TTL_DEC, + .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl), + .min = 1}, + {.name = "ttl-inc", .type = XTTYPE_UINT8, .id = O_TTL_INC, + .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl), + .min = 1}, + XTOPT_TABLEEND, +}; +#undef s static void TTL_help(void) { @@ -23,63 +40,27 @@ static void TTL_help(void) " --ttl-inc value Increment TTL by <value 1-255>\n"); } -static int TTL_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void TTL_parse(struct xt_option_call *cb) { - struct ipt_TTL_info *info = (struct ipt_TTL_info *) (*target)->data; - unsigned int value; - - if (*flags & IPT_TTL_USED) { - xtables_error(PARAMETER_PROBLEM, - "Can't specify TTL option twice"); - } - - if (!optarg) - xtables_error(PARAMETER_PROBLEM, - "TTL: You must specify a value"); - - if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) - xtables_error(PARAMETER_PROBLEM, - "TTL: unexpected `!'"); - - if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "TTL: Expected value between 0 and 255"); - - switch (c) { - - case '1': - info->mode = IPT_TTL_SET; - break; - - case '2': - if (value == 0) { - xtables_error(PARAMETER_PROBLEM, - "TTL: decreasing by 0?"); - } - - info->mode = IPT_TTL_DEC; - break; - - case '3': - if (value == 0) { - xtables_error(PARAMETER_PROBLEM, - "TTL: increasing by 0?"); - } - - info->mode = IPT_TTL_INC; - break; + struct ipt_TTL_info *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TTL_SET: + info->mode = IPT_TTL_SET; + break; + case O_TTL_DEC: + info->mode = IPT_TTL_DEC; + break; + case O_TTL_INC: + info->mode = IPT_TTL_INC; + break; } - - info->ttl = value; - *flags |= IPT_TTL_USED; - - return 1; } -static void TTL_check(unsigned int flags) +static void TTL_check(struct xt_fcheck_call *cb) { - if (!(flags & IPT_TTL_USED)) + if (!(cb->xflags & F_ANY)) xtables_error(PARAMETER_PROBLEM, "TTL: You must specify an action"); } @@ -125,13 +106,6 @@ static void TTL_print(const void *ip, const struct xt_entry_target *target, printf(" %u", info->ttl); } -static const struct option TTL_opts[] = { - {.name = "ttl-set", .has_arg = true, .val = '1'}, - {.name = "ttl-dec", .has_arg = true, .val = '2'}, - {.name = "ttl-inc", .has_arg = true, .val = '3'}, - XT_GETOPT_TABLEEND, -}; - static struct xtables_target ttl_tg_reg = { .name = "TTL", .version = XTABLES_VERSION, @@ -139,11 +113,11 @@ static struct xtables_target ttl_tg_reg = { .size = XT_ALIGN(sizeof(struct ipt_TTL_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_TTL_info)), .help = TTL_help, - .parse = TTL_parse, - .final_check = TTL_check, .print = TTL_print, .save = TTL_save, - .extra_opts = TTL_opts, + .x6_parse = TTL_parse, + .x6_fcheck = TTL_check, + .x6_options = TTL_opts, }; void _init(void) diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c index a592f0d5..3dec626b 100644 --- a/extensions/libipt_addrtype.c +++ b/extensions/libipt_addrtype.c @@ -1,15 +1,22 @@ /* Shared library add-on to iptables to add addrtype matching support * * This program is released under the terms of GNU GPL */ -#include <stdbool.h> #include <stdio.h> -#include <stdlib.h> #include <string.h> -#include <getopt.h> #include <xtables.h> - #include <linux/netfilter_ipv4/ipt_addrtype.h> +enum { + O_SRC_TYPE = 0, + O_DST_TYPE, + O_LIMIT_IFACE_IN, + O_LIMIT_IFACE_OUT, + F_SRC_TYPE = 1 << O_SRC_TYPE, + F_DST_TYPE = 1 << O_DST_TYPE, + F_LIMIT_IFACE_IN = 1 << O_LIMIT_IFACE_IN, + F_LIMIT_IFACE_OUT = 1 << O_LIMIT_IFACE_OUT, +}; + /* from linux/rtnetlink.h, must match order of enumeration */ static const char *const rtn_names[] = { "UNSPEC", @@ -89,110 +96,57 @@ static void parse_types(const char *arg, uint16_t *mask) xtables_error(PARAMETER_PROBLEM, "addrtype: bad type \"%s\"", arg); } -#define IPT_ADDRTYPE_OPT_SRCTYPE 0x1 -#define IPT_ADDRTYPE_OPT_DSTTYPE 0x2 -#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN 0x4 -#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT 0x8 - -static int -addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void addrtype_parse_v0(struct xt_option_call *cb) { - struct ipt_addrtype_info *info = - (struct ipt_addrtype_info *) (*match)->data; + struct ipt_addrtype_info *info = cb->data; - switch (c) { - case '1': - if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE) - xtables_error(PARAMETER_PROBLEM, - "addrtype: can't specify src-type twice"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_types(optarg, &info->source); - if (invert) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SRC_TYPE: + parse_types(cb->arg, &info->source); + if (cb->invert) info->invert_source = 1; - *flags |= IPT_ADDRTYPE_OPT_SRCTYPE; break; - case '2': - if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE) - xtables_error(PARAMETER_PROBLEM, - "addrtype: can't specify dst-type twice"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_types(optarg, &info->dest); - if (invert) + case O_DST_TYPE: + parse_types(cb->arg, &info->dest); + if (cb->invert) info->invert_dest = 1; - *flags |= IPT_ADDRTYPE_OPT_DSTTYPE; break; } - - return 1; } -static int -addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void addrtype_parse_v1(struct xt_option_call *cb) { - struct ipt_addrtype_info_v1 *info = - (struct ipt_addrtype_info_v1 *) (*match)->data; + struct ipt_addrtype_info_v1 *info = cb->data; - switch (c) { - case '1': - if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE) - xtables_error(PARAMETER_PROBLEM, - "addrtype: can't specify src-type twice"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_types(optarg, &info->source); - if (invert) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SRC_TYPE: + parse_types(cb->arg, &info->source); + if (cb->invert) info->flags |= IPT_ADDRTYPE_INVERT_SOURCE; - *flags |= IPT_ADDRTYPE_OPT_SRCTYPE; break; - case '2': - if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE) - xtables_error(PARAMETER_PROBLEM, - "addrtype: can't specify dst-type twice"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_types(optarg, &info->dest); - if (invert) + case O_DST_TYPE: + parse_types(cb->arg, &info->dest); + if (cb->invert) info->flags |= IPT_ADDRTYPE_INVERT_DEST; - *flags |= IPT_ADDRTYPE_OPT_DSTTYPE; break; - case '3': - if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN) - xtables_error(PARAMETER_PROBLEM, - "addrtype: can't specify limit-iface-in twice"); + case O_LIMIT_IFACE_IN: info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_IN; - *flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN; break; - case '4': - if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT) - xtables_error(PARAMETER_PROBLEM, - "addrtype: can't specify limit-iface-out twice"); + case O_LIMIT_IFACE_OUT: info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_OUT; - *flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT; break; } - - return 1; } -static void addrtype_check_v0(unsigned int flags) +static void addrtype_check(struct xt_fcheck_call *cb) { - if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE))) + if (!(cb->xflags & (F_SRC_TYPE | F_DST_TYPE))) xtables_error(PARAMETER_PROBLEM, "addrtype: you must specify --src-type or --dst-type"); } -static void addrtype_check_v1(unsigned int flags) -{ - if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE))) - xtables_error(PARAMETER_PROBLEM, - "addrtype: you must specify --src-type or --dst-type"); - if (flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN && - flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT) - xtables_error(PARAMETER_PROBLEM, - "addrtype: you can't specify both --limit-iface-in " - "and --limit-iface-out"); -} - static void print_types(uint16_t mask) { const char *sep = ""; @@ -297,24 +251,24 @@ static void addrtype_save_v1(const void *ip, const struct xt_entry_match *match) } } -static const struct option addrtype_opts[] = { - {.name = "src-type", .has_arg = true, .val = '1'}, - {.name = "dst-type", .has_arg = true, .val = '2'}, - XT_GETOPT_TABLEEND, -}; - -static const struct option addrtype_opts_v0[] = { - {.name = "src-type", .has_arg = true, .val = '1'}, - {.name = "dst-type", .has_arg = true, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry addrtype_opts_v0[] = { + {.name = "src-type", .id = O_SRC_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + {.name = "dst-type", .id = O_DST_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + XTOPT_TABLEEND, }; -static const struct option addrtype_opts_v1[] = { - {.name = "src-type", .has_arg = true, .val = '1'}, - {.name = "dst-type", .has_arg = true, .val = '2'}, - {.name = "limit-iface-in", .has_arg = false, .val = '3'}, - {.name = "limit-iface-out", .has_arg = false, .val = '4'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry addrtype_opts_v1[] = { + {.name = "src-type", .id = O_SRC_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + {.name = "dst-type", .id = O_DST_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + {.name = "limit-iface-in", .id = O_LIMIT_IFACE_IN, + .type = XTTYPE_NONE, .excl = F_LIMIT_IFACE_OUT}, + {.name = "limit-iface-out", .id = O_LIMIT_IFACE_OUT, + .type = XTTYPE_NONE, .excl = F_LIMIT_IFACE_IN}, + XTOPT_TABLEEND, }; static struct xtables_match addrtype_mt_reg[] = { @@ -325,11 +279,11 @@ static struct xtables_match addrtype_mt_reg[] = { .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)), .help = addrtype_help_v0, - .parse = addrtype_parse_v0, - .final_check = addrtype_check_v0, .print = addrtype_print_v0, .save = addrtype_save_v0, - .extra_opts = addrtype_opts_v0, + .x6_parse = addrtype_parse_v0, + .x6_fcheck = addrtype_check, + .x6_options = addrtype_opts_v0, }, { .name = "addrtype", @@ -339,11 +293,11 @@ static struct xtables_match addrtype_mt_reg[] = { .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)), .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)), .help = addrtype_help_v1, - .parse = addrtype_parse_v1, - .final_check = addrtype_check_v1, .print = addrtype_print_v1, .save = addrtype_save_v1, - .extra_opts = addrtype_opts_v1, + .x6_parse = addrtype_parse_v1, + .x6_fcheck = addrtype_check, + .x6_options = addrtype_opts_v1, }, }; diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index c50eecc4..53adfd87 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -1,14 +1,11 @@ -/* Shared library add-on to iptables to add AH support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <errno.h> #include <xtables.h> #include <linux/netfilter_ipv4/ipt_ah.h> +enum { + O_AHSPI = 0, +}; + static void ah_help(void) { printf( @@ -17,53 +14,13 @@ static void ah_help(void) " match spi (range)\n"); } -static const struct option ah_opts[] = { - {.name = "ahspi", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry ah_opts[] = { + {.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT | XTOPT_PUT, + XTOPT_POINTER(struct ipt_ah, spis)}, + XTOPT_TABLEEND, }; -static uint32_t -parse_ah_spi(const char *spistr) -{ - unsigned long int spi; - char* ep; - - spi = strtoul(spistr,&ep,0) ; - - if ( spistr == ep ) { - xtables_error(PARAMETER_PROBLEM, - "AH no valid digits in spi `%s'", spistr); - } - if ( spi == ULONG_MAX && errno == ERANGE ) { - xtables_error(PARAMETER_PROBLEM, - "spi `%s' specified too big: would overflow", spistr); - } - if ( *spistr != '\0' && *ep != '\0' ) { - xtables_error(PARAMETER_PROBLEM, - "AH error parsing spi `%s'", spistr); - } - return spi; -} - -static void -parse_ah_spis(const char *spistring, uint32_t *spis) -{ - char *buffer; - char *cp; - - buffer = strdup(spistring); - if ((cp = strchr(buffer, ':')) == NULL) - spis[0] = spis[1] = parse_ah_spi(buffer); - else { - *cp = '\0'; - cp++; - - spis[0] = buffer[0] ? parse_ah_spi(buffer) : 0; - spis[1] = cp[0] ? parse_ah_spi(cp) : 0xFFFFFFFF; - } - free(buffer); -} - static void ah_init(struct xt_entry_match *m) { struct ipt_ah *ahinfo = (struct ipt_ah *)m->data; @@ -71,27 +28,13 @@ static void ah_init(struct xt_entry_match *m) ahinfo->spis[1] = 0xFFFFFFFF; } -#define AH_SPI 0x01 - -static int ah_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void ah_parse(struct xt_option_call *cb) { - struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data; - - switch (c) { - case '1': - if (*flags & AH_SPI) - xtables_error(PARAMETER_PROBLEM, - "Only one `--ahspi' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_ah_spis(optarg, ahinfo->spis); - if (invert) - ahinfo->invflags |= IPT_AH_INV_SPI; - *flags |= AH_SPI; - break; - } + struct ipt_ah *ahinfo = cb->data; - return 1; + xtables_option_parse(cb); + if (cb->invert) + ahinfo->invflags |= IPT_AH_INV_SPI; } static void @@ -155,10 +98,10 @@ static struct xtables_match ah_mt_reg = { .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)), .help = ah_help, .init = ah_init, - .parse = ah_parse, .print = ah_print, .save = ah_save, - .extra_opts = ah_opts, + .x6_parse = ah_parse, + .x6_options = ah_opts, }; void diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c index d6b521fe..56a0347e 100644 --- a/extensions/libipt_ecn.c +++ b/extensions/libipt_ecn.c @@ -7,15 +7,16 @@ * libipt_ecn.c borrowed heavily from libipt_dscp.c * */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> #include <linux/netfilter_ipv4/ipt_ecn.h> +enum { + O_ECN_TCP_CWR = 0, + O_ECN_TCP_ECE, + O_ECN_IP_ECT, +}; + static void ecn_help(void) { printf( @@ -25,65 +26,44 @@ static void ecn_help(void) "[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4 header\n"); } -static const struct option ecn_opts[] = { - {.name = "ecn-tcp-cwr", .has_arg = false, .val = 'F'}, - {.name = "ecn-tcp-ece", .has_arg = false, .val = 'G'}, - {.name = "ecn-ip-ect", .has_arg = true, .val = 'H'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry ecn_opts[] = { + {.name = "ecn-tcp-cwr", .id = O_ECN_TCP_CWR, .type = XTTYPE_NONE, + .flags = XTOPT_INVERT}, + {.name = "ecn-tcp-ece", .id = O_ECN_TCP_ECE, .type = XTTYPE_NONE, + .flags = XTOPT_INVERT}, + {.name = "ecn-ip-ect", .id = O_ECN_IP_ECT, .type = XTTYPE_UINT8, + .min = 0, .max = 3, .flags = XTOPT_INVERT}, + XTOPT_TABLEEND, }; -static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void ecn_parse(struct xt_option_call *cb) { - unsigned int result; - struct ipt_ecn_info *einfo - = (struct ipt_ecn_info *)(*match)->data; - - switch (c) { - case 'F': - if (*flags & IPT_ECN_OP_MATCH_CWR) - xtables_error(PARAMETER_PROBLEM, - "ECN match: can only use parameter ONCE!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); + struct ipt_ecn_info *einfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_ECN_TCP_CWR: einfo->operation |= IPT_ECN_OP_MATCH_CWR; - if (invert) + if (cb->invert) einfo->invert |= IPT_ECN_OP_MATCH_CWR; - *flags |= IPT_ECN_OP_MATCH_CWR; break; - - case 'G': - if (*flags & IPT_ECN_OP_MATCH_ECE) - xtables_error(PARAMETER_PROBLEM, - "ECN match: can only use parameter ONCE!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); + case O_ECN_TCP_ECE: einfo->operation |= IPT_ECN_OP_MATCH_ECE; - if (invert) + if (cb->invert) einfo->invert |= IPT_ECN_OP_MATCH_ECE; - *flags |= IPT_ECN_OP_MATCH_ECE; break; - - case 'H': - if (*flags & IPT_ECN_OP_MATCH_IP) - xtables_error(PARAMETER_PROBLEM, - "ECN match: can only use parameter ONCE!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) + case O_ECN_IP_ECT: + if (cb->invert) einfo->invert |= IPT_ECN_OP_MATCH_IP; - *flags |= IPT_ECN_OP_MATCH_IP; einfo->operation |= IPT_ECN_OP_MATCH_IP; - if (!xtables_strtoui(optarg, NULL, &result, 0, 3)) - xtables_error(PARAMETER_PROBLEM, - "ECN match: Value out of range"); - einfo->ip_ect = result; + einfo->ip_ect = cb->val.u8; break; } - - return 1; } -static void ecn_check(unsigned int flags) +static void ecn_check(struct xt_fcheck_call *cb) { - if (!flags) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, "ECN match: some option required"); } @@ -144,11 +124,11 @@ static struct xtables_match ecn_mt_reg = { .size = XT_ALIGN(sizeof(struct ipt_ecn_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)), .help = ecn_help, - .parse = ecn_parse, - .final_check = ecn_check, .print = ecn_print, .save = ecn_save, - .extra_opts = ecn_opts, + .x6_parse = ecn_parse, + .x6_fcheck = ecn_check, + .x6_options = ecn_opts, }; void _init(void) diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index c75713d2..666e7daf 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -1,12 +1,8 @@ -/* Shared library add-on to iptables to add ICMP support. */ -#include <stdbool.h> +#include <stdint.h> #include <stdio.h> -#include <netdb.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> -#include <limits.h> /* INT_MAX in ip_tables.h */ +#include <limits.h> /* INT_MAX in ip6_tables.h */ #include <linux/netfilter_ipv4/ip_tables.h> /* special hack for icmp-type 'any': @@ -17,6 +13,10 @@ * See: https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=37 */ +enum { + O_ICMP_TYPE = 0, +}; + struct icmp_names { const char *name; uint8_t type; @@ -108,9 +108,10 @@ static void icmp_help(void) print_icmptypes(); } -static const struct option icmp_opts[] = { - {.name = "icmp-type", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry icmp_opts[] = { + {.name = "icmp-type", .id = O_ICMP_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_INVERT}, + XTOPT_TABLEEND, }; static void @@ -174,26 +175,14 @@ static void icmp_init(struct xt_entry_match *m) icmpinfo->code[1] = 0xFF; } -static int icmp_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void icmp_parse(struct xt_option_call *cb) { - struct ipt_icmp *icmpinfo = (struct ipt_icmp *)(*match)->data; - - switch (c) { - case '1': - if (*flags == 1) - xtables_error(PARAMETER_PROBLEM, - "icmp match: only use --icmp-type once!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_icmp(optarg, &icmpinfo->type, - icmpinfo->code); - if (invert) - icmpinfo->invflags |= IPT_ICMP_INV; - *flags = 1; - break; - } + struct ipt_icmp *icmpinfo = cb->data; - return 1; + xtables_option_parse(cb); + parse_icmp(cb->arg, &icmpinfo->type, icmpinfo->code); + if (cb->invert) + icmpinfo->invflags |= IPT_ICMP_INV; } static void print_icmptype(uint8_t type, @@ -268,10 +257,10 @@ static struct xtables_match icmp_mt_reg = { .userspacesize = XT_ALIGN(sizeof(struct ipt_icmp)), .help = icmp_help, .init = icmp_init, - .parse = icmp_parse, .print = icmp_print, .save = icmp_save, - .extra_opts = icmp_opts, + .x6_parse = icmp_parse, + .x6_options = icmp_opts, }; void _init(void) diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index d10eb808..6370cb67 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -2,15 +2,20 @@ * (C) 2000 by Harald Welte <laforge@gnumonks.org> * * This program is released under the terms of GNU GPL */ -#include <stdbool.h> #include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <getopt.h> #include <xtables.h> - #include <linux/netfilter_ipv4/ipt_ttl.h> +enum { + O_TTL_EQ = 0, + O_TTL_LT, + O_TTL_GT, + F_TTL_EQ = 1 << O_TTL_EQ, + F_TTL_LT = 1 << O_TTL_LT, + F_TTL_GT = 1 << O_TTL_GT, + F_ANY = F_TTL_EQ | F_TTL_LT | F_TTL_GT, +}; + static void ttl_help(void) { printf( @@ -20,65 +25,27 @@ static void ttl_help(void) " --ttl-gt value Match TTL > value\n"); } -static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void ttl_parse(struct xt_option_call *cb) { - struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data; - unsigned int value; - - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - switch (c) { - case '2': - if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "ttl: Expected value between 0 and 255"); - - if (invert) - info->mode = IPT_TTL_NE; - else - info->mode = IPT_TTL_EQ; - - /* is 0 allowed? */ - info->ttl = value; - break; - case '3': - if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "ttl: Expected value between 0 and 255"); - - if (invert) - xtables_error(PARAMETER_PROBLEM, - "ttl: unexpected `!'"); - - info->mode = IPT_TTL_LT; - info->ttl = value; - break; - case '4': - if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "ttl: Expected value between 0 and 255"); - - if (invert) - xtables_error(PARAMETER_PROBLEM, - "ttl: unexpected `!'"); - - info->mode = IPT_TTL_GT; - info->ttl = value; - break; + struct ipt_ttl_info *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TTL_EQ: + info->mode = cb->invert ? IPT_TTL_NE : IPT_TTL_EQ; + break; + case O_TTL_LT: + info->mode = IPT_TTL_LT; + break; + case O_TTL_GT: + info->mode = IPT_TTL_GT; + break; } - - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "Can't specify TTL option twice"); - *flags = 1; - - return 1; } -static void ttl_check(unsigned int flags) +static void ttl_check(struct xt_fcheck_call *cb) { - if (!flags) + if (!(cb->xflags & F_ANY)) xtables_error(PARAMETER_PROBLEM, "TTL match: You must specify one of " "`--ttl-eq', `--ttl-lt', `--ttl-gt"); @@ -133,13 +100,19 @@ static void ttl_save(const void *ip, const struct xt_entry_match *match) printf(" %u", info->ttl); } -static const struct option ttl_opts[] = { - {.name = "ttl", .has_arg = true, .val = '2'}, - {.name = "ttl-eq", .has_arg = true, .val = '2'}, - {.name = "ttl-lt", .has_arg = true, .val = '3'}, - {.name = "ttl-gt", .has_arg = true, .val = '4'}, - XT_GETOPT_TABLEEND, +#define s struct ipt_ttl_info +static const struct xt_option_entry ttl_opts[] = { + {.name = "ttl-lt", .id = O_TTL_LT, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)}, + {.name = "ttl-gt", .id = O_TTL_GT, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)}, + {.name = "ttl-eq", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ttl)}, + {.name = "ttl", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8, + .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)}, + XTOPT_TABLEEND, }; +#undef s static struct xtables_match ttl_mt_reg = { .name = "ttl", @@ -148,11 +121,11 @@ static struct xtables_match ttl_mt_reg = { .size = XT_ALIGN(sizeof(struct ipt_ttl_info)), .userspacesize = XT_ALIGN(sizeof(struct ipt_ttl_info)), .help = ttl_help, - .parse = ttl_parse, - .final_check = ttl_check, .print = ttl_print, .save = ttl_save, - .extra_opts = ttl_opts, + .x6_parse = ttl_parse, + .x6_fcheck = ttl_check, + .x6_options = ttl_opts, }; diff --git a/extensions/libxt_AUDIT.c b/extensions/libxt_AUDIT.c index a6ab37f9..86a61cbe 100644 --- a/extensions/libxt_AUDIT.c +++ b/extensions/libxt_AUDIT.c @@ -5,16 +5,15 @@ * * This program is distributed under the terms of GNU GPL v2, 1991 */ - -#include <stdbool.h> #include <stdio.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> #include <linux/netfilter/xt_AUDIT.h> +enum { + O_AUDIT_TYPE = 0, +}; + static void audit_help(void) { printf( @@ -22,46 +21,26 @@ static void audit_help(void) " --type TYPE Action type to be recorded.\n"); } -static const struct option audit_opts[] = { - {.name = "type", .has_arg = true, .val = 't'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry audit_opts[] = { + {.name = "type", .id = O_AUDIT_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + XTOPT_TABLEEND, }; -static int audit_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) -{ - struct xt_audit_info *einfo - = (struct xt_audit_info *)(*target)->data; - - switch (c) { - case 't': - if (!strcasecmp(optarg, "accept")) - einfo->type = XT_AUDIT_TYPE_ACCEPT; - else if (!strcasecmp(optarg, "drop")) - einfo->type = XT_AUDIT_TYPE_DROP; - else if (!strcasecmp(optarg, "reject")) - einfo->type = XT_AUDIT_TYPE_REJECT; - else - xtables_error(PARAMETER_PROBLEM, - "Bad action type value `%s'", optarg); - - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "AUDIT: Can't specify --type twice"); - *flags = 1; - break; - default: - return 0; - } - - return 1; -} - -static void audit_final_check(unsigned int flags) +static void audit_parse(struct xt_option_call *cb) { - if (!flags) + struct xt_audit_info *einfo = cb->data; + + xtables_option_parse(cb); + if (strcasecmp(cb->arg, "accept") == 0) + einfo->type = XT_AUDIT_TYPE_ACCEPT; + else if (strcasecmp(cb->arg, "drop") == 0) + einfo->type = XT_AUDIT_TYPE_DROP; + else if (strcasecmp(cb->arg, "reject") == 0) + einfo->type = XT_AUDIT_TYPE_REJECT; + else xtables_error(PARAMETER_PROBLEM, - "AUDIT target: Parameter --type is required"); + "Bad action type value \"%s\"", cb->arg); } static void audit_print(const void *ip, const struct xt_entry_target *target, @@ -110,11 +89,10 @@ static struct xtables_target audit_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_audit_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_audit_info)), .help = audit_help, - .parse = audit_parse, - .final_check = audit_final_check, .print = audit_print, .save = audit_save, - .extra_opts = audit_opts, + .x6_parse = audit_parse, + .x6_options = audit_opts, }; void _init(void) diff --git a/extensions/libxt_CLASSIFY.c b/extensions/libxt_CLASSIFY.c index e9a03650..ee0f9e1c 100644 --- a/extensions/libxt_CLASSIFY.c +++ b/extensions/libxt_CLASSIFY.c @@ -1,16 +1,12 @@ -/* Shared library add-on to iptables to add CLASSIFY target support. */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> -#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_CLASSIFY.h> -#include <linux/types.h> #include <linux/pkt_sched.h> +enum { + O_SET_CLASS = 0, +}; + static void CLASSIFY_help(void) { @@ -19,9 +15,10 @@ CLASSIFY_help(void) "--set-class MAJOR:MINOR Set skb->priority value (always hexadecimal!)\n"); } -static const struct option CLASSIFY_opts[] = { - {.name = "set-class", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry CLASSIFY_opts[] = { + {.name = "set-class", .id = O_SET_CLASS, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + XTOPT_TABLEEND, }; static int CLASSIFY_string_to_priority(const char *s, unsigned int *p) @@ -35,35 +32,14 @@ static int CLASSIFY_string_to_priority(const char *s, unsigned int *p) return 0; } -static int -CLASSIFY_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, - struct xt_entry_target **target) +static void CLASSIFY_parse(struct xt_option_call *cb) { - struct xt_classify_target_info *clinfo - = (struct xt_classify_target_info *)(*target)->data; - - switch (c) { - case '1': - if (CLASSIFY_string_to_priority(optarg, &clinfo->priority)) - xtables_error(PARAMETER_PROBLEM, - "Bad class value `%s'", optarg); - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "CLASSIFY: Can't specify --set-class twice"); - *flags = 1; - break; - } + struct xt_classify_target_info *clinfo = cb->data; - return 1; -} - -static void -CLASSIFY_final_check(unsigned int flags) -{ - if (!flags) + xtables_option_parse(cb); + if (CLASSIFY_string_to_priority(cb->arg, &clinfo->priority)) xtables_error(PARAMETER_PROBLEM, - "CLASSIFY: Parameter --set-class is required"); + "Bad class value \"%s\"", cb->arg); } static void @@ -100,11 +76,10 @@ static struct xtables_target classify_target = { .size = XT_ALIGN(sizeof(struct xt_classify_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_classify_target_info)), .help = CLASSIFY_help, - .parse = CLASSIFY_parse, - .final_check = CLASSIFY_final_check, .print = CLASSIFY_print, .save = CLASSIFY_save, - .extra_opts = CLASSIFY_opts, + .x6_parse = CLASSIFY_parse, + .x6_options = CLASSIFY_opts, }; void _init(void) diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index db27d68f..e16e93c4 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -9,19 +9,21 @@ * * --set-class added by Iain Barnes */ -#include <stdbool.h> #include <stdio.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> -#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_DSCP.h> /* This is evil, but it's my code - HW*/ #include "dscp_helper.c" +enum { + O_SET_DSCP = 0, + O_SET_DSCP_CLASS, + F_SET_DSCP = 1 << O_SET_DSCP, + F_SET_DSCP_CLASS = 1 << O_SET_DSCP_CLASS, +}; + static void DSCP_help(void) { printf( @@ -38,68 +40,31 @@ static void DSCP_help(void) ); } -static const struct option DSCP_opts[] = { - {.name = "set-dscp", .has_arg = true, .val = 'F'}, - {.name = "set-dscp-class", .has_arg = true, .val = 'G'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry DSCP_opts[] = { + {.name = "set-dscp", .id = O_SET_DSCP, .excl = F_SET_DSCP_CLASS, + .type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX, + .flags = XTOPT_PUT, + XTOPT_POINTER(struct xt_DSCP_info, dscp)}, + {.name = "set-dscp-class", .id = O_SET_DSCP_CLASS, .excl = F_SET_DSCP, + .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; -static void -parse_dscp(const char *s, struct xt_DSCP_info *dinfo) -{ - unsigned int dscp; - - if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "Invalid dscp `%s'\n", s); - - if (dscp > XT_DSCP_MAX) - xtables_error(PARAMETER_PROBLEM, - "DSCP `%d` out of range\n", dscp); - - dinfo->dscp = dscp; -} - - -static void -parse_class(const char *s, struct xt_DSCP_info *dinfo) -{ - unsigned int dscp = class_to_dscp(s); - - /* Assign the value */ - dinfo->dscp = dscp; -} - - -static int DSCP_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void DSCP_parse(struct xt_option_call *cb) { - struct xt_DSCP_info *dinfo - = (struct xt_DSCP_info *)(*target)->data; + struct xt_DSCP_info *dinfo = cb->data; - switch (c) { - case 'F': - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "DSCP target: Only use --set-dscp ONCE!"); - parse_dscp(optarg, dinfo); - *flags = 1; - break; - case 'G': - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "DSCP target: Only use --set-dscp-class ONCE!"); - parse_class(optarg, dinfo); - *flags = 1; + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SET_DSCP_CLASS: + dinfo->dscp = class_to_dscp(cb->arg); break; } - - return 1; } -static void DSCP_check(unsigned int flags) +static void DSCP_check(struct xt_fcheck_call *cb) { - if (!flags) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, "DSCP target: Parameter --set-dscp is required"); } @@ -134,11 +99,11 @@ static struct xtables_target dscp_target = { .size = XT_ALIGN(sizeof(struct xt_DSCP_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)), .help = DSCP_help, - .parse = DSCP_parse, - .final_check = DSCP_check, .print = DSCP_print, .save = DSCP_save, - .extra_opts = DSCP_opts, + .x6_parse = DSCP_parse, + .x6_fcheck = DSCP_check, + .x6_options = DSCP_opts, }; void _init(void) diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c index 9e8b9b01..9d68fa27 100644 --- a/extensions/libxt_LED.c +++ b/extensions/libxt_LED.c @@ -9,23 +9,30 @@ * published by the Free Software Foundation. * */ -#include <stdbool.h> #include <stdio.h> #include <string.h> #include <stdlib.h> -#include <getopt.h> -#include <stddef.h> - #include <xtables.h> - #include <linux/netfilter/xt_LED.h> -static const struct option LED_opts[] = { - {.name = "led-trigger-id", .has_arg = true, .val = 'i'}, - {.name = "led-delay", .has_arg = true, .val = 'd'}, - {.name = "led-always-blink", .has_arg = false, .val = 'a'}, - XT_GETOPT_TABLEEND, +enum { + O_LED_TRIGGER_ID = 0, + O_LED_DELAY, + O_LED_ALWAYS_BLINK, +}; + +#define s struct xt_led_info +static const struct xt_option_entry LED_opts[] = { + {.name = "led-trigger-id", .id = O_LED_TRIGGER_ID, + .flags = XTOPT_MAND, .type = XTTYPE_STRING, .min = 0, + .max = sizeof(((struct xt_led_info *)NULL)->id) - + sizeof("netfilter-")}, + {.name = "led-delay", .id = O_LED_DELAY, .type = XTTYPE_STRING}, + {.name = "led-always-blink", .id = O_LED_ALWAYS_BLINK, + .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; +#undef s static void LED_help(void) { @@ -39,50 +46,26 @@ static void LED_help(void) ); } -static int LED_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void LED_parse(struct xt_option_call *cb) { - struct xt_led_info *led = (void *)(*target)->data; - - switch (c) { - case 'i': - xtables_param_act(XTF_NO_INVERT, "LED", - "--led-trigger-id", invert); - if (strlen("netfilter-") + strlen(optarg) > sizeof(led->id)) - xtables_error(PARAMETER_PROBLEM, - "--led-trigger-id must be 16 chars or less"); - if (optarg[0] == '\0') - xtables_error(PARAMETER_PROBLEM, - "--led-trigger-id cannot be blank"); + struct xt_led_info *led = cb->data; - /* "netfilter-" + 16 char id == 26 == sizeof(led->id) */ + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_LED_TRIGGER_ID: strcpy(led->id, "netfilter-"); - strcat(led->id, optarg); - *flags = 1; - return true; - - case 'd': - xtables_param_act(XTF_NO_INVERT, "LED", "--led-delay", invert); - if (strncasecmp(optarg, "inf", 3) == 0) + strcat(led->id, cb->arg); + break; + case O_LED_DELAY: + if (strncasecmp(cb->arg, "inf", 3) == 0) led->delay = -1; else - led->delay = strtoul(optarg, NULL, 0); - - return true; - - case 'a': - if (!invert) - led->always_blink = 1; - return true; + led->delay = strtoul(cb->arg, NULL, 0); + break; + case O_LED_ALWAYS_BLINK: + led->always_blink = 1; + break; } - return false; -} - -static void LED_final_check(unsigned int flags) -{ - if (flags == 0) - xtables_error(PARAMETER_PROBLEM, - "--led-trigger-id must be specified"); } static void LED_print(const void *ip, const struct xt_entry_target *target, @@ -142,11 +125,10 @@ static struct xtables_target led_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_led_info)), .userspacesize = offsetof(struct xt_led_info, internal_data), .help = LED_help, - .parse = LED_parse, - .final_check = LED_final_check, - .extra_opts = LED_opts, .print = LED_print, .save = LED_save, + .x6_parse = LED_parse, + .x6_options = LED_opts, }; void _init(void) diff --git a/extensions/libxt_SECMARK.c b/extensions/libxt_SECMARK.c index 5ad84866..6ba86063 100644 --- a/extensions/libxt_SECMARK.c +++ b/extensions/libxt_SECMARK.c @@ -5,16 +5,16 @@ * * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter/xt_SECMARK.h> #define PFX "SECMARK target: " +enum { + O_SELCTX = 0, +}; + static void SECMARK_help(void) { printf( @@ -22,42 +22,19 @@ static void SECMARK_help(void) " --selctx value Set the SELinux security context\n"); } -static const struct option SECMARK_opts[] = { - {.name = "selctx", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry SECMARK_opts[] = { + {.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_PUT, + XTOPT_POINTER(struct xt_secmark_target_info, secctx)}, + XTOPT_TABLEEND, }; -static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void SECMARK_parse(struct xt_option_call *cb) { - struct xt_secmark_target_info *info = - (struct xt_secmark_target_info*)(*target)->data; - - switch (c) { - case '1': - if (*flags & SECMARK_MODE_SEL) - xtables_error(PARAMETER_PROBLEM, PFX - "Can't specify --selctx twice"); - info->mode = SECMARK_MODE_SEL; - - if (strlen(optarg) > SECMARK_SECCTX_MAX-1) - xtables_error(PARAMETER_PROBLEM, PFX - "Maximum length %u exceeded by --selctx" - " parameter (%zu)", - SECMARK_SECCTX_MAX-1, strlen(optarg)); - - strcpy(info->secctx, optarg); - *flags |= SECMARK_MODE_SEL; - break; - } + struct xt_secmark_target_info *info = cb->data; - return 1; -} - -static void SECMARK_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); + xtables_option_parse(cb); + info->mode = SECMARK_MODE_SEL; } static void print_secmark(const struct xt_secmark_target_info *info) @@ -99,11 +76,10 @@ static struct xtables_target secmark_target = { .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), .help = SECMARK_help, - .parse = SECMARK_parse, - .final_check = SECMARK_check, .print = SECMARK_print, .save = SECMARK_save, - .extra_opts = SECMARK_opts, + .x6_parse = SECMARK_parse, + .x6_options = SECMARK_opts, }; void _init(void) diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c index 338a311d..43320d1b 100644 --- a/extensions/libxt_TCPOPTSTRIP.c +++ b/extensions/libxt_TCPOPTSTRIP.c @@ -4,21 +4,17 @@ * Copyright © CC Computer Consultants GmbH, 2007 * Jan Engelhardt <jengelh@computergmbh.de> */ -#include <getopt.h> -#include <stdbool.h> #include <stdio.h> #include <string.h> -#include <stdlib.h> #include <xtables.h> #include <netinet/tcp.h> -#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_TCPOPTSTRIP.h> #ifndef TCPOPT_MD5SIG # define TCPOPT_MD5SIG 19 #endif enum { - FLAG_STRIP = 1 << 0, + O_STRIP_OPTION = 0, }; struct tcp_optionmap { @@ -26,9 +22,9 @@ struct tcp_optionmap { const unsigned int option; }; -static const struct option tcpoptstrip_tg_opts[] = { - {.name = "strip-options", .has_arg = true, .val = 's'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry tcpoptstrip_tg_opts[] = { + {.name = "strip-options", .id = O_STRIP_OPTION, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; static const struct tcp_optionmap tcp_optionmap[] = { @@ -56,7 +52,8 @@ static void tcpoptstrip_tg_help(void) printf(" %-14s strip \"%s\" option\n", w->name, w->desc); } -static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg) +static void +parse_list(struct xt_tcpoptstrip_target_info *info, const char *arg) { unsigned int option; char *p; @@ -94,30 +91,12 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg) } } -static int tcpoptstrip_tg_parse(int c, char **argv, int invert, - unsigned int *flags, const void *entry, - struct xt_entry_target **target) +static void tcpoptstrip_tg_parse(struct xt_option_call *cb) { - struct xt_tcpoptstrip_target_info *info = (void *)(*target)->data; - - switch (c) { - case 's': - if (*flags & FLAG_STRIP) - xtables_error(PARAMETER_PROBLEM, - "You can specify --strip-options only once"); - parse_list(info, optarg); - *flags |= FLAG_STRIP; - return true; - } - - return false; -} + struct xt_tcpoptstrip_target_info *info = cb->data; -static void tcpoptstrip_tg_check(unsigned int flags) -{ - if (flags == 0) - xtables_error(PARAMETER_PROBLEM, - "TCPOPTSTRIP: --strip-options parameter required"); + xtables_option_parse(cb); + parse_list(info, cb->arg); } static void @@ -176,11 +155,10 @@ static struct xtables_target tcpoptstrip_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)), .help = tcpoptstrip_tg_help, - .parse = tcpoptstrip_tg_parse, - .final_check = tcpoptstrip_tg_check, .print = tcpoptstrip_tg_print, .save = tcpoptstrip_tg_save, - .extra_opts = tcpoptstrip_tg_opts, + .x6_parse = tcpoptstrip_tg_parse, + .x6_options = tcpoptstrip_tg_opts, }; void _init(void) diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c index c10a2540..6ed2ff9b 100644 --- a/extensions/libxt_comment.c +++ b/extensions/libxt_comment.c @@ -6,15 +6,14 @@ * 2004-05-12: Brad Fisher <brad@info-link.net> * Port to patch-o-matic-ng */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> #include <linux/netfilter/xt_comment.h> +enum { + O_COMMENT = 0, +}; + static void comment_help(void) { printf( @@ -22,51 +21,14 @@ static void comment_help(void) "--comment COMMENT Attach a comment to a rule\n"); } -static const struct option comment_opts[] = { - {.name = "comment", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry comment_opts[] = { + {.name = "comment", .id = O_COMMENT, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_PUT, + XTOPT_POINTER(struct xt_comment_info, comment)}, + XTOPT_TABLEEND, }; static void -parse_comment(const char *s, struct xt_comment_info *info) -{ - int slen = strlen(s); - - if (slen >= XT_MAX_COMMENT_LEN) { - xtables_error(PARAMETER_PROBLEM, - "COMMENT must be shorter than %i characters", XT_MAX_COMMENT_LEN); - } - strcpy((char *)info->comment, s); -} - -static int -comment_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) -{ - struct xt_comment_info *commentinfo = (struct xt_comment_info *)(*match)->data; - - switch (c) { - case '1': - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) { - xtables_error(PARAMETER_PROBLEM, - "Sorry, you can't have an inverted comment"); - } - parse_comment(optarg, commentinfo); - *flags = 1; - break; - } - return 1; -} - -static void comment_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "COMMENT match: You must specify `--comment'"); -} - -static void comment_print(const void *ip, const struct xt_entry_match *match, int numeric) { struct xt_comment_info *commentinfo = (void *)match->data; @@ -93,11 +55,10 @@ static struct xtables_match comment_match = { .size = XT_ALIGN(sizeof(struct xt_comment_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)), .help = comment_help, - .parse = comment_parse, - .final_check = comment_check, .print = comment_print, .save = comment_save, - .extra_opts = comment_opts, + .x6_parse = xtables_option_parse, + .x6_options = comment_opts, }; void _init(void) diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index b07f83b0..69533d6b 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -12,19 +12,21 @@ * http://www.iana.org/assignments/dscp-registry * */ -#include <stdbool.h> #include <stdio.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> -#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_dscp.h> /* This is evil, but it's my code - HW*/ #include "dscp_helper.c" +enum { + O_DSCP = 0, + O_DSCP_CLASS, + F_DSCP = 1 << O_DSCP, + F_DSCP_CLASS = 1 << O_DSCP_CLASS, +}; + static void dscp_help(void) { printf( @@ -38,76 +40,36 @@ static void dscp_help(void) " These two options are mutually exclusive !\n"); } -static const struct option dscp_opts[] = { - {.name = "dscp", .has_arg = true, .val = 'F'}, - {.name = "dscp-class", .has_arg = true, .val = 'G'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry dscp_opts[] = { + {.name = "dscp", .id = O_DSCP, .excl = F_DSCP_CLASS, + .type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX, + .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_dscp_info, dscp)}, + {.name = "dscp-class", .id = O_DSCP_CLASS, .excl = F_DSCP, + .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; -static void -parse_dscp(const char *s, struct xt_dscp_info *dinfo) -{ - unsigned int dscp; - - if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX)) - xtables_error(PARAMETER_PROBLEM, - "Invalid dscp `%s'\n", s); - - if (dscp > XT_DSCP_MAX) - xtables_error(PARAMETER_PROBLEM, - "DSCP `%d` out of range\n", dscp); - - dinfo->dscp = dscp; -} - - -static void -parse_class(const char *s, struct xt_dscp_info *dinfo) -{ - unsigned int dscp = class_to_dscp(s); - - /* Assign the value */ - dinfo->dscp = dscp; -} - - -static int -dscp_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void dscp_parse(struct xt_option_call *cb) { - struct xt_dscp_info *dinfo - = (struct xt_dscp_info *)(*match)->data; + struct xt_dscp_info *dinfo = cb->data; - switch (c) { - case 'F': - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "DSCP match: Only use --dscp ONCE!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_dscp(optarg, dinfo); - if (invert) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_DSCP: + if (cb->invert) dinfo->invert = 1; - *flags = 1; break; - - case 'G': - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "DSCP match: Only use --dscp-class ONCE!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_class(optarg, dinfo); - if (invert) + case O_DSCP_CLASS: + dinfo->dscp = class_to_dscp(cb->arg); + if (cb->invert) dinfo->invert = 1; - *flags = 1; break; } - - return 1; } -static void dscp_check(unsigned int flags) +static void dscp_check(struct xt_fcheck_call *cb) { - if (!flags) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, "DSCP match: Parameter --dscp is required"); } @@ -135,11 +97,11 @@ static struct xtables_match dscp_match = { .size = XT_ALIGN(sizeof(struct xt_dscp_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_dscp_info)), .help = dscp_help, - .parse = dscp_parse, - .final_check = dscp_check, .print = dscp_print, .save = dscp_save, - .extra_opts = dscp_opts, + .x6_parse = dscp_parse, + .x6_fcheck = dscp_check, + .x6_options = dscp_opts, }; void _init(void) diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c index 17698683..e9d7990e 100644 --- a/extensions/libxt_esp.c +++ b/extensions/libxt_esp.c @@ -1,16 +1,11 @@ -/* Shared library add-on to iptables to add ESP support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <errno.h> -#include <limits.h> - #include <xtables.h> #include <linux/netfilter/xt_esp.h> +enum { + O_ESPSPI = 0, +}; + static void esp_help(void) { printf( @@ -19,56 +14,13 @@ static void esp_help(void) " match spi (range)\n"); } -static const struct option esp_opts[] = { - {.name = "espspi", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry esp_opts[] = { + {.name = "espspi", .id = O_ESPSPI, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT | XTOPT_PUT, + XTOPT_POINTER(struct xt_esp, spis)}, + XTOPT_TABLEEND, }; -static uint32_t -parse_esp_spi(const char *spistr) -{ - unsigned long int spi; - char* ep; - - spi = strtoul(spistr,&ep,0) ; - - if ( spistr == ep ) { - xtables_error(PARAMETER_PROBLEM, - "ESP no valid digits in spi `%s'", spistr); - } - if ( spi == ULONG_MAX && errno == ERANGE ) { - xtables_error(PARAMETER_PROBLEM, - "spi `%s' specified too big: would overflow", spistr); - } - if ( *spistr != '\0' && *ep != '\0' ) { - xtables_error(PARAMETER_PROBLEM, - "ESP error parsing spi `%s'", spistr); - } - return spi; -} - -static void -parse_esp_spis(const char *spistring, uint32_t *spis) -{ - char *buffer; - char *cp; - - buffer = strdup(spistring); - if ((cp = strchr(buffer, ':')) == NULL) - spis[0] = spis[1] = parse_esp_spi(buffer); - else { - *cp = '\0'; - cp++; - - spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0; - spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF; - if (spis[0] > spis[1]) - xtables_error(PARAMETER_PROBLEM, - "Invalid ESP spi range: %s", spistring); - } - free(buffer); -} - static void esp_init(struct xt_entry_match *m) { struct xt_esp *espinfo = (struct xt_esp *)m->data; @@ -76,28 +28,13 @@ static void esp_init(struct xt_entry_match *m) espinfo->spis[1] = 0xFFFFFFFF; } -#define ESP_SPI 0x01 - -static int -esp_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void esp_parse(struct xt_option_call *cb) { - struct xt_esp *espinfo = (struct xt_esp *)(*match)->data; - - switch (c) { - case '1': - if (*flags & ESP_SPI) - xtables_error(PARAMETER_PROBLEM, - "Only one `--espspi' allowed"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_esp_spis(optarg, espinfo->spis); - if (invert) - espinfo->invflags |= XT_ESP_INV_SPI; - *flags |= ESP_SPI; - break; - } + struct xt_esp *espinfo = cb->data; - return 1; + xtables_option_parse(cb); + if (cb->invert) + espinfo->invflags |= XT_ESP_INV_SPI; } static void @@ -155,10 +92,10 @@ static struct xtables_match esp_match = { .userspacesize = XT_ALIGN(sizeof(struct xt_esp)), .help = esp_help, .init = esp_init, - .parse = esp_parse, .print = esp_print, .save = esp_save, - .extra_opts = esp_opts, + .x6_parse = esp_parse, + .x6_options = esp_opts, }; void diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c index 1761b4d9..c9f9435e 100644 --- a/extensions/libxt_helper.c +++ b/extensions/libxt_helper.c @@ -1,14 +1,11 @@ -/* Shared library add-on to iptables to add related packet matching support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> #include <linux/netfilter/xt_helper.h> +enum { + O_HELPER = 0, +}; + static void helper_help(void) { printf( @@ -16,38 +13,20 @@ static void helper_help(void) "[!] --helper string Match helper identified by string\n"); } -static const struct option helper_opts[] = { - {.name = "helper", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry helper_opts[] = { + {.name = "helper", .id = O_HELPER, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT, + XTOPT_POINTER(struct xt_helper_info, name)}, + XTOPT_TABLEEND, }; -static int -helper_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void helper_parse(struct xt_option_call *cb) { - struct xt_helper_info *info = (struct xt_helper_info *)(*match)->data; + struct xt_helper_info *info = cb->data; - switch (c) { - case '1': - if (*flags) - xtables_error(PARAMETER_PROBLEM, - "helper match: Only use --helper ONCE!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - strncpy(info->name, optarg, 29); - info->name[29] = '\0'; - if (invert) - info->invert = 1; - *flags = 1; - break; - } - return 1; -} - -static void helper_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "helper match: You must specify `--helper'"); + xtables_option_parse(cb); + if (cb->invert) + info->invert = 1; } static void @@ -72,11 +51,10 @@ static struct xtables_match helper_match = { .version = XTABLES_VERSION, .size = XT_ALIGN(sizeof(struct xt_helper_info)), .help = helper_help, - .parse = helper_parse, - .final_check = helper_check, .print = helper_print, .save = helper_save, - .extra_opts = helper_opts, + .x6_parse = helper_parse, + .x6_options = helper_opts, }; void _init(void) diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c index 1c0de97d..8f57fe9f 100644 --- a/extensions/libxt_physdev.c +++ b/extensions/libxt_physdev.c @@ -1,17 +1,14 @@ -/* Shared library add-on to iptables to add bridge port matching support. */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <ctype.h> #include <xtables.h> #include <linux/netfilter/xt_physdev.h> -#if defined(__GLIBC__) && __GLIBC__ == 2 -#include <net/ethernet.h> -#else -#include <linux/if_ether.h> -#endif + +enum { + O_PHYSDEV_IN = 0, + O_PHYSDEV_OUT, + O_PHYSDEV_IS_IN, + O_PHYSDEV_IS_OUT, + O_PHYSDEV_IS_BRIDGED, +}; static void physdev_help(void) { @@ -24,88 +21,62 @@ static void physdev_help(void) " [!] --physdev-is-bridged it's a bridged packet\n"); } -static const struct option physdev_opts[] = { - {.name = "physdev-in", .has_arg = true, .val = '1'}, - {.name = "physdev-out", .has_arg = true, .val = '2'}, - {.name = "physdev-is-in", .has_arg = false, .val = '3'}, - {.name = "physdev-is-out", .has_arg = false, .val = '4'}, - {.name = "physdev-is-bridged", .has_arg = false, .val = '5'}, - XT_GETOPT_TABLEEND, +#define s struct xt_physdev_info +static const struct xt_option_entry physdev_opts[] = { + {.name = "physdev-in", .id = O_PHYSDEV_IN, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, physindev)}, + {.name = "physdev-out", .id = O_PHYSDEV_OUT, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, physoutdev)}, + {.name = "physdev-is-in", .id = O_PHYSDEV_IS_IN, .type = XTTYPE_NONE}, + {.name = "physdev-is-out", .id = O_PHYSDEV_IS_OUT, + .type = XTTYPE_NONE}, + {.name = "physdev-is-bridged", .id = O_PHYSDEV_IS_BRIDGED, + .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; +#undef s -static int -physdev_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void physdev_parse(struct xt_option_call *cb) { - struct xt_physdev_info *info = - (struct xt_physdev_info*)(*match)->data; + struct xt_physdev_info *info = cb->data; - switch (c) { - case '1': - if (*flags & XT_PHYSDEV_OP_IN) - goto multiple_use; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - xtables_parse_interface(optarg, info->physindev, + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_PHYSDEV_IN: + xtables_parse_interface(cb->arg, info->physindev, (unsigned char *)info->in_mask); - if (invert) + if (cb->invert) info->invert |= XT_PHYSDEV_OP_IN; info->bitmask |= XT_PHYSDEV_OP_IN; - *flags |= XT_PHYSDEV_OP_IN; break; - - case '2': - if (*flags & XT_PHYSDEV_OP_OUT) - goto multiple_use; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - xtables_parse_interface(optarg, info->physoutdev, + case O_PHYSDEV_OUT: + xtables_parse_interface(cb->arg, info->physoutdev, (unsigned char *)info->out_mask); - if (invert) + if (cb->invert) info->invert |= XT_PHYSDEV_OP_OUT; info->bitmask |= XT_PHYSDEV_OP_OUT; - *flags |= XT_PHYSDEV_OP_OUT; break; - - case '3': - if (*flags & XT_PHYSDEV_OP_ISIN) - goto multiple_use; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); + case O_PHYSDEV_IS_IN: info->bitmask |= XT_PHYSDEV_OP_ISIN; - if (invert) + if (cb->invert) info->invert |= XT_PHYSDEV_OP_ISIN; - *flags |= XT_PHYSDEV_OP_ISIN; break; - - case '4': - if (*flags & XT_PHYSDEV_OP_ISOUT) - goto multiple_use; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); + case O_PHYSDEV_IS_OUT: info->bitmask |= XT_PHYSDEV_OP_ISOUT; - if (invert) + if (cb->invert) info->invert |= XT_PHYSDEV_OP_ISOUT; - *flags |= XT_PHYSDEV_OP_ISOUT; break; - - case '5': - if (*flags & XT_PHYSDEV_OP_BRIDGED) - goto multiple_use; - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - if (invert) + case O_PHYSDEV_IS_BRIDGED: + if (cb->invert) info->invert |= XT_PHYSDEV_OP_BRIDGED; - *flags |= XT_PHYSDEV_OP_BRIDGED; info->bitmask |= XT_PHYSDEV_OP_BRIDGED; break; } - - return 1; -multiple_use: - xtables_error(PARAMETER_PROBLEM, - "multiple use of the same physdev option is not allowed"); - } -static void physdev_check(unsigned int flags) +static void physdev_check(struct xt_fcheck_call *cb) { - if (flags == 0) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, "PHYSDEV: no physdev option specified"); } @@ -164,11 +135,11 @@ static struct xtables_match physdev_match = { .size = XT_ALIGN(sizeof(struct xt_physdev_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_physdev_info)), .help = physdev_help, - .parse = physdev_parse, - .final_check = physdev_check, .print = physdev_print, .save = physdev_save, - .extra_opts = physdev_opts, + .x6_parse = physdev_parse, + .x6_fcheck = physdev_check, + .x6_options = physdev_opts, }; void _init(void) diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c index f5de3ef0..1ed3b445 100644 --- a/extensions/libxt_pkttype.c +++ b/extensions/libxt_pkttype.c @@ -4,22 +4,15 @@ * * Michal Ludvig <michal@logix.cz> */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> -#if defined(__GLIBC__) && __GLIBC__ == 2 -#include <net/ethernet.h> -#else -#include <linux/if_ether.h> -#endif #include <xtables.h> #include <linux/if_packet.h> #include <linux/netfilter/xt_pkttype.h> -#define PKTTYPE_VERSION "0.1" +enum { + O_PKTTYPE = 0, +}; struct pkttypes { const char *name; @@ -61,9 +54,10 @@ static void pkttype_help(void) print_types(); } -static const struct option pkttype_opts[] = { - {.name = "pkt-type", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry pkttype_opts[] = { + {.name = "pkt-type", .id = O_PKTTYPE, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_INVERT}, + XTOPT_TABLEEND, }; static void parse_pkttype(const char *pkttype, struct xt_pkttype_info *info) @@ -80,29 +74,14 @@ static void parse_pkttype(const char *pkttype, struct xt_pkttype_info *info) xtables_error(PARAMETER_PROBLEM, "Bad packet type '%s'", pkttype); } -static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void pkttype_parse(struct xt_option_call *cb) { - struct xt_pkttype_info *info = (struct xt_pkttype_info *)(*match)->data; - - switch(c) - { - case '1': - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_pkttype(optarg, info); - if(invert) - info->invert=1; - *flags=1; - break; - } + struct xt_pkttype_info *info = cb->data; - return 1; -} - -static void pkttype_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, "You must specify \"--pkt-type\""); + xtables_option_parse(cb); + parse_pkttype(cb->arg, info); + if (cb->invert) + info->invert = 1; } static void print_pkttype(const struct xt_pkttype_info *info) @@ -143,11 +122,10 @@ static struct xtables_match pkttype_match = { .size = XT_ALIGN(sizeof(struct xt_pkttype_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_pkttype_info)), .help = pkttype_help, - .parse = pkttype_parse, - .final_check = pkttype_check, .print = pkttype_print, .save = pkttype_save, - .extra_opts = pkttype_opts, + .x6_parse = pkttype_parse, + .x6_options = pkttype_opts, }; void _init(void) diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c index 9a631aa7..3fc747d8 100644 --- a/extensions/libxt_state.c +++ b/extensions/libxt_state.c @@ -1,10 +1,5 @@ -/* Shared library add-on to iptables to add state tracking support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter/nf_conntrack_common.h> #include <linux/netfilter/xt_state.h> @@ -13,6 +8,10 @@ #define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) #endif +enum { + O_STATE = 0, +}; + static void state_help(void) { @@ -22,9 +21,10 @@ state_help(void) " State(s) to match\n"); } -static const struct option state_opts[] = { - {.name = "state", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry state_opts[] = { + {.name = "state", .id = O_STATE, .type = XTTYPE_STRING, + .flags = XTOPT_MAND}, + XTOPT_TABLEEND, }; static int @@ -63,31 +63,14 @@ state_parse_states(const char *arg, struct xt_state_info *sinfo) xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg); } -static int -state_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, - struct xt_entry_match **match) +static void state_parse(struct xt_option_call *cb) { - struct xt_state_info *sinfo = (struct xt_state_info *)(*match)->data; - - switch (c) { - case '1': - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - state_parse_states(optarg, sinfo); - if (invert) - sinfo->statemask = ~sinfo->statemask; - *flags = 1; - break; - } + struct xt_state_info *sinfo = cb->data; - return 1; -} - -static void state_final_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, "You must specify \"--state\""); + xtables_option_parse(cb); + state_parse_states(cb->arg, sinfo); + if (cb->invert) + sinfo->statemask = ~sinfo->statemask; } static void state_print_state(unsigned int statemask) @@ -142,11 +125,10 @@ static struct xtables_match state_match = { .size = XT_ALIGN(sizeof(struct xt_state_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)), .help = state_help, - .parse = state_parse, - .final_check = state_final_check, .print = state_print, .save = state_save, - .extra_opts = state_opts, + .x6_parse = state_parse, + .x6_options = state_opts, }; void _init(void) diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c index 56fb135a..b538476c 100644 --- a/extensions/libxt_time.c +++ b/extensions/libxt_time.c @@ -9,45 +9,41 @@ * * Based on libipt_time.c. */ -#include <sys/types.h> -#include <getopt.h> -#include <stdbool.h> -#include <stdint.h> #include <stdio.h> #include <string.h> #include <stdlib.h> -#include <stddef.h> #include <time.h> -#include <limits.h> - #include <linux/types.h> #include <linux/netfilter/xt_time.h> #include <xtables.h> -enum { /* getopt "seen" bits */ - F_DATE_START = 1 << 0, - F_DATE_STOP = 1 << 1, - F_TIME_START = 1 << 2, - F_TIME_STOP = 1 << 3, - F_MONTHDAYS = 1 << 4, - F_WEEKDAYS = 1 << 5, - F_TIMEZONE = 1 << 6, +enum { + O_DATE_START = 0, + O_DATE_STOP, + O_TIME_START, + O_TIME_STOP, + O_MONTHDAYS, + O_WEEKDAYS, + O_LOCAL_TZ, + O_UTC, }; static const char *const week_days[] = { NULL, "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun", }; -static const struct option time_opts[] = { - {.name = "datestart", .has_arg = true, .val = 'D'}, - {.name = "datestop", .has_arg = true, .val = 'E'}, - {.name = "timestart", .has_arg = true, .val = 'X'}, - {.name = "timestop", .has_arg = true, .val = 'Y'}, - {.name = "weekdays", .has_arg = true, .val = 'w'}, - {.name = "monthdays", .has_arg = true, .val = 'm'}, - {.name = "localtz", .has_arg = false, .val = 'l'}, - {.name = "utc", .has_arg = false, .val = 'u'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry time_opts[] = { + {.name = "datestart", .id = O_DATE_START, .type = XTTYPE_STRING}, + {.name = "datestop", .id = O_DATE_STOP, .type = XTTYPE_STRING}, + {.name = "timestart", .id = O_TIME_START, .type = XTTYPE_STRING}, + {.name = "timestop", .id = O_TIME_STOP, .type = XTTYPE_STRING}, + {.name = "weekdays", .id = O_WEEKDAYS, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + {.name = "monthdays", .id = O_MONTHDAYS, .type = XTTYPE_STRING, + .flags = XTOPT_INVERT}, + {.name = "localtz", .id = O_LOCAL_TZ, .type = XTTYPE_NONE}, + {.name = "utc", .id = O_UTC, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static void time_help(void) @@ -248,86 +244,41 @@ static unsigned int time_parse_weekdays(const char *arg) return ret; } -static int time_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void time_parse(struct xt_option_call *cb) { - struct xt_time_info *info = (void *)(*match)->data; - - switch (c) { - case 'D': /* --datestart */ - if (*flags & F_DATE_START) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --datestart twice"); - if (invert) - xtables_error(PARAMETER_PROBLEM, - "Unexpected \"!\" with --datestart"); - info->date_start = time_parse_date(optarg, false); - *flags |= F_DATE_START; - return 1; - case 'E': /* --datestop */ - if (*flags & F_DATE_STOP) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --datestop more than once"); - if (invert) - xtables_error(PARAMETER_PROBLEM, - "unexpected \"!\" with --datestop"); - info->date_stop = time_parse_date(optarg, true); - *flags |= F_DATE_STOP; - return 1; - case 'X': /* --timestart */ - if (*flags & F_TIME_START) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --timestart more than once"); - if (invert) - xtables_error(PARAMETER_PROBLEM, - "Unexpected \"!\" with --timestart"); - info->daytime_start = time_parse_minutes(optarg); - *flags |= F_TIME_START; - return 1; - case 'Y': /* --timestop */ - if (*flags & F_TIME_STOP) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --timestop more than once"); - if (invert) - xtables_error(PARAMETER_PROBLEM, - "Unexpected \"!\" with --timestop"); - info->daytime_stop = time_parse_minutes(optarg); - *flags |= F_TIME_STOP; - return 1; - case 'l': /* --localtz */ - if (*flags & F_TIMEZONE) - xtables_error(PARAMETER_PROBLEM, - "Can only specify exactly one of --localtz or --utc"); + struct xt_time_info *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_DATE_START: + info->date_start = time_parse_date(cb->arg, false); + break; + case O_DATE_STOP: + info->date_stop = time_parse_date(cb->arg, true); + break; + case O_TIME_START: + info->daytime_start = time_parse_minutes(cb->arg); + break; + case O_TIME_STOP: + info->daytime_stop = time_parse_minutes(cb->arg); + break; + case O_LOCAL_TZ: info->flags |= XT_TIME_LOCAL_TZ; - *flags |= F_TIMEZONE; - return 1; - case 'm': /* --monthdays */ - if (*flags & F_MONTHDAYS) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --monthdays more than once"); - info->monthdays_match = time_parse_monthdays(optarg); - if (invert) + break; + case O_MONTHDAYS: + info->monthdays_match = time_parse_monthdays(cb->arg); + if (cb->invert) info->monthdays_match ^= XT_TIME_ALL_MONTHDAYS; - *flags |= F_MONTHDAYS; - return 1; - case 'w': /* --weekdays */ - if (*flags & F_WEEKDAYS) - xtables_error(PARAMETER_PROBLEM, - "Cannot specify --weekdays more than once"); - info->weekdays_match = time_parse_weekdays(optarg); - if (invert) + break; + case O_WEEKDAYS: + info->weekdays_match = time_parse_weekdays(cb->arg); + if (cb->invert) info->weekdays_match ^= XT_TIME_ALL_WEEKDAYS; - *flags |= F_WEEKDAYS; - return 1; - case 'u': /* --utc */ - if (*flags & F_TIMEZONE) - xtables_error(PARAMETER_PROBLEM, - "Can only specify exactly one of --localtz or --utc"); + break; + case O_UTC: info->flags &= ~XT_TIME_LOCAL_TZ; - *flags |= F_TIMEZONE; - return 1; + break; } - return 0; } static void time_print_date(time_t date, const char *command) @@ -474,10 +425,10 @@ static struct xtables_match time_match = { .userspacesize = XT_ALIGN(sizeof(struct xt_time_info)), .help = time_help, .init = time_init, - .parse = time_parse, .print = time_print, .save = time_save, - .extra_opts = time_opts, + .x6_parse = time_parse, + .x6_options = time_opts, }; void _init(void) diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c index 7f102d49..0df28a84 100644 --- a/extensions/libxt_u32.c +++ b/extensions/libxt_u32.c @@ -10,22 +10,21 @@ * Copyright © CC Computer Consultants GmbH, 2007 * Contact: <jengelh@computergmbh.de> */ -#include <sys/types.h> #include <ctype.h> #include <errno.h> -#include <getopt.h> -#include <netdb.h> -#include <stdbool.h> +#include <stdint.h> #include <stdlib.h> #include <stdio.h> -#include <string.h> - #include <xtables.h> #include <linux/netfilter/xt_u32.h> -static const struct option u32_opts[] = { - {.name = "u32", .has_arg = true, .val = 'u'}, - XT_GETOPT_TABLEEND, +enum { + O_U32 = 0, +}; + +static const struct xt_option_entry u32_opts[] = { + {.name = "u32", .id = O_U32, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, }; static void u32_help(void) @@ -86,7 +85,7 @@ static void u32_dump(const struct xt_u32 *data) } /* string_to_number() is not quite what we need here ... */ -static uint32_t parse_number(char **s, int pos) +static uint32_t parse_number(const char **s, int pos) { uint32_t number; char *end; @@ -103,20 +102,16 @@ static uint32_t parse_number(char **s, int pos) return number; } -static int u32_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void u32_parse(struct xt_option_call *cb) { - struct xt_u32 *data = (void *)(*match)->data; + struct xt_u32 *data = cb->data; unsigned int testind = 0, locind = 0, valind = 0; struct xt_u32_test *ct = &data->tests[testind]; /* current test */ - char *arg = optarg; /* the argument string */ - char *start = arg; + const char *arg = cb->arg; /* the argument string */ + const char *start = cb->arg; int state = 0; - if (c != 'u') - return 0; - - data->invert = invert; + data->invert = cb->invert; /* * states: @@ -145,7 +140,7 @@ static int u32_parse(int c, char **argv, int invert, unsigned int *flags, xtables_error(PARAMETER_PROBLEM, "u32: at char %u: too many \"&&\"s", (unsigned int)(arg - start)); - return 1; + return; } if (state == 0) { @@ -274,10 +269,10 @@ static struct xtables_match u32_match = { .size = XT_ALIGN(sizeof(struct xt_u32)), .userspacesize = XT_ALIGN(sizeof(struct xt_u32)), .help = u32_help, - .parse = u32_parse, .print = u32_print, .save = u32_save, - .extra_opts = u32_opts, + .x6_parse = u32_parse, + .x6_options = u32_opts, }; void _init(void) |