diff options
author | Patrick McHardy <kaber@trash.net> | 2011-04-12 16:05:39 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2011-04-12 16:05:39 +0200 |
commit | cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a (patch) | |
tree | ecd79b89cc099c7ca1726df0417328cc822a9e69 /extensions | |
parent | 884d2675f1a880ffcc072da69ab8c9aaea2a3bce (diff) | |
parent | b18ffe3636b07cd817628de81643136e4755a944 (diff) |
Merge branch 'opts' of git://dev.medozas.de/iptables
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libip6t_ipv6header.c | 4 | ||||
-rw-r--r-- | extensions/libxt_CHECKSUM.c | 46 | ||||
-rw-r--r-- | extensions/libxt_CONNSECMARK.c | 59 | ||||
-rw-r--r-- | extensions/libxt_cluster.c | 187 | ||||
-rw-r--r-- | extensions/libxt_cpu.c | 65 | ||||
-rw-r--r-- | extensions/libxt_socket.c | 29 |
6 files changed, 119 insertions, 271 deletions
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index 187e0a43..c05cedbb 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -202,7 +202,9 @@ ipv6header_parse(int c, char **argv, int invert, unsigned int *flags, static void ipv6header_check(unsigned int flags) { - if (!flags) xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: no options specified"); + if (!(flags & IPV6_HDR_HEADER)) + xtables_error(PARAMETER_PROBLEM, + "ip6t_ipv6header: no options specified"); } static void diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c index 83b3d699..df9f9b3c 100644 --- a/extensions/libxt_CHECKSUM.c +++ b/extensions/libxt_CHECKSUM.c @@ -8,15 +8,14 @@ * * libxt_CHECKSUM.c borrowed some bits from libipt_ECN.c */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> - #include <xtables.h> #include <linux/netfilter/xt_CHECKSUM.h> +enum { + O_CHECKSUM_FILL = 0, +}; + static void CHECKSUM_help(void) { printf( @@ -24,34 +23,18 @@ static void CHECKSUM_help(void) " --checksum-fill Fill in packet checksum.\n"); } -static const struct option CHECKSUM_opts[] = { - {.name = "checksum-fill", .has_arg = false, .val = 'F'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry CHECKSUM_opts[] = { + {.name = "checksum-fill", .id = O_CHECKSUM_FILL, + .flags = XTOPT_MAND, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; -static int CHECKSUM_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void CHECKSUM_parse(struct xt_option_call *cb) { - struct xt_CHECKSUM_info *einfo - = (struct xt_CHECKSUM_info *)(*target)->data; - - switch (c) { - case 'F': - xtables_param_act(XTF_ONLY_ONCE, "CHECKSUM", "--checksum-fill", - *flags & XT_CHECKSUM_OP_FILL); - einfo->operation = XT_CHECKSUM_OP_FILL; - *flags |= XT_CHECKSUM_OP_FILL; - break; - } + struct xt_CHECKSUM_info *einfo = cb->data; - return 1; -} - -static void CHECKSUM_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "CHECKSUM target: Parameter --checksum-fill is required"); + xtables_option_parse(cb); + einfo->operation = XT_CHECKSUM_OP_FILL; } static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target, @@ -82,11 +65,10 @@ static struct xtables_target checksum_tg_reg = { .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), .help = CHECKSUM_help, - .parse = CHECKSUM_parse, - .final_check = CHECKSUM_check, .print = CHECKSUM_print, .save = CHECKSUM_save, - .extra_opts = CHECKSUM_opts, + .x6_parse = CHECKSUM_parse, + .x6_options = CHECKSUM_opts, }; void _init(void) diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c index 6b161f3b..df2e6b82 100644 --- a/extensions/libxt_CONNSECMARK.c +++ b/extensions/libxt_CONNSECMARK.c @@ -5,16 +5,19 @@ * * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter/xt_CONNSECMARK.h> #define PFX "CONNSECMARK target: " +enum { + O_SAVE = 0, + O_RESTORE, + F_SAVE = 1 << O_SAVE, + F_RESTORE = 1 << O_RESTORE, +}; + static void CONNSECMARK_help(void) { printf( @@ -23,48 +26,32 @@ static void CONNSECMARK_help(void) " --restore Copy security mark from connection to packet\n"); } -static const struct option CONNSECMARK_opts[] = { - {.name = "save", .has_arg = false, .val = '1'}, - {.name = "restore", .has_arg = false, .val = '2'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry CONNSECMARK_opts[] = { + {.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE}, + {.name = "restore", .id = O_RESTORE, .excl = F_SAVE, + .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; -static int -CONNSECMARK_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void CONNSECMARK_parse(struct xt_option_call *cb) { - struct xt_connsecmark_target_info *info = - (struct xt_connsecmark_target_info*)(*target)->data; + struct xt_connsecmark_target_info *info = cb->data; - switch (c) { - case '1': - if (*flags & CONNSECMARK_SAVE) - xtables_error(PARAMETER_PROBLEM, PFX - "Can't specify --save twice"); + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_SAVE: info->mode = CONNSECMARK_SAVE; - *flags |= CONNSECMARK_SAVE; break; - - case '2': - if (*flags & CONNSECMARK_RESTORE) - xtables_error(PARAMETER_PROBLEM, PFX - "Can't specify --restore twice"); + case O_RESTORE: info->mode = CONNSECMARK_RESTORE; - *flags |= CONNSECMARK_RESTORE; break; } - - return 1; } -static void CONNSECMARK_check(unsigned int flags) +static void CONNSECMARK_check(struct xt_fcheck_call *cb) { - if (!flags) + if (cb->xflags == 0) xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); - - if (flags == (CONNSECMARK_SAVE|CONNSECMARK_RESTORE)) - xtables_error(PARAMETER_PROBLEM, PFX "only one flag of --save " - "or --restore is allowed"); } static void print_connsecmark(const struct xt_connsecmark_target_info *info) @@ -111,12 +98,12 @@ static struct xtables_target connsecmark_target = { .revision = 0, .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)), - .parse = CONNSECMARK_parse, .help = CONNSECMARK_help, - .final_check = CONNSECMARK_check, .print = CONNSECMARK_print, .save = CONNSECMARK_save, - .extra_opts = CONNSECMARK_opts, + .x6_parse = CONNSECMARK_parse, + .x6_fcheck = CONNSECMARK_check, + .x6_options = CONNSECMARK_opts, }; void _init(void) diff --git a/extensions/libxt_cluster.c b/extensions/libxt_cluster.c index e1607d04..3adff12c 100644 --- a/extensions/libxt_cluster.c +++ b/extensions/libxt_cluster.c @@ -5,21 +5,10 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ -#include <stdbool.h> #include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> -#include <stddef.h> - #include <xtables.h> -#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_cluster.h> -/* hack to keep for check */ -static unsigned int total_nodes; -static unsigned int node_mask; - static void cluster_help(void) { @@ -32,160 +21,80 @@ cluster_help(void) } enum { - CLUSTER_OPT_TOTAL_NODES, - CLUSTER_OPT_LOCAL_NODE, - CLUSTER_OPT_NODE_MASK, - CLUSTER_OPT_HASH_SEED, + O_CL_TOTAL_NODES = 0, + O_CL_LOCAL_NODE, + O_CL_LOCAL_NODEMASK, + O_CL_HASH_SEED, + F_CL_TOTAL_NODES = 1 << O_CL_TOTAL_NODES, + F_CL_LOCAL_NODE = 1 << O_CL_LOCAL_NODE, + F_CL_LOCAL_NODEMASK = 1 << O_CL_LOCAL_NODEMASK, + F_CL_HASH_SEED = 1 << O_CL_HASH_SEED, }; -static const struct option cluster_opts[] = { - {.name = "cluster-total-nodes", .has_arg = true, .val = CLUSTER_OPT_TOTAL_NODES}, - {.name = "cluster-local-node", .has_arg = true, .val = CLUSTER_OPT_LOCAL_NODE}, - {.name = "cluster-local-nodemask", .has_arg = true, .val = CLUSTER_OPT_NODE_MASK}, - {.name = "cluster-hash-seed", .has_arg = true, .val = CLUSTER_OPT_HASH_SEED}, - XT_GETOPT_TABLEEND, +#define s struct xt_cluster_match_info +static const struct xt_option_entry cluster_opts[] = { + {.name = "cluster-total-nodes", .id = O_CL_TOTAL_NODES, + .type = XTTYPE_UINT32, .min = 1, .max = XT_CLUSTER_NODES_MAX, + .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, total_nodes)}, + {.name = "cluster-local-node", .id = O_CL_LOCAL_NODE, + .excl = F_CL_LOCAL_NODEMASK, .flags = XTOPT_INVERT, + .type = XTTYPE_UINT32, .min = 1, .max = XT_CLUSTER_NODES_MAX}, + {.name = "cluster-local-nodemask", .id = O_CL_LOCAL_NODEMASK, + .excl = F_CL_LOCAL_NODE, .type = XTTYPE_UINT32, + .min = 1, .max = XT_CLUSTER_NODES_MAX, + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, node_mask)}, + {.name = "cluster-hash-seed", .id = O_CL_HASH_SEED, + .type = XTTYPE_UINT32, .flags = XTOPT_MAND | XTOPT_PUT, + XTOPT_POINTER(s, hash_seed)}, + XTOPT_TABLEEND, }; -static int -cluster_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void cluster_parse(struct xt_option_call *cb) { - struct xt_cluster_match_info *info = (void *)(*match)->data; - unsigned int num; + struct xt_cluster_match_info *info = cb->data; - switch (c) { - case CLUSTER_OPT_TOTAL_NODES: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-total-nodes' once"); - } - if (!xtables_strtoui(optarg, NULL, &num, 1, - XT_CLUSTER_NODES_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s' in " - "`--cluster-total-nodes'", optarg); - } - total_nodes = num; - info->total_nodes = total_nodes = num; - *flags |= 1 << c; - break; - case CLUSTER_OPT_LOCAL_NODE: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-local-node' once"); - } - if (*flags & (1 << CLUSTER_OPT_NODE_MASK)) { - xtables_error(PARAMETER_PROBLEM, "You cannot use " - "`--cluster-local-nodemask' and " - "`--cluster-local-node'"); - } - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - if (!xtables_strtoui(optarg, NULL, &num, 1, - XT_CLUSTER_NODES_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s' in " - "`--cluster-local-node'", optarg); - } - if (invert) + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_CL_LOCAL_NODE: + if (cb->invert) info->flags |= XT_CLUSTER_F_INV; - - info->node_mask = node_mask = (1 << (num - 1)); - *flags |= 1 << c; + info->node_mask = 1 << (cb->val.u32 - 1); break; - case CLUSTER_OPT_NODE_MASK: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-local-node' once"); - } - if (*flags & (1 << CLUSTER_OPT_LOCAL_NODE)) { - xtables_error(PARAMETER_PROBLEM, "You cannot use " - "`--cluster-local-nodemask' and " - "`--cluster-local-node'"); - } - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - - if (!xtables_strtoui(optarg, NULL, &num, 1, - XT_CLUSTER_NODES_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s' in " - "`--cluster-local-node'", optarg); - } - if (invert) + case O_CL_LOCAL_NODEMASK: + if (cb->invert) info->flags |= XT_CLUSTER_F_INV; - - info->node_mask = node_mask = num; - *flags |= 1 << c; - break; - - case CLUSTER_OPT_HASH_SEED: - if (*flags & (1 << c)) { - xtables_error(PARAMETER_PROBLEM, - "Can only specify " - "`--cluster-hash-seed' once"); - } - if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) { - xtables_error(PARAMETER_PROBLEM, - "Unable to parse `%s'", optarg); - } - info->hash_seed = num; - *flags |= 1 << c; break; } - - return 1; } -static void -cluster_check(unsigned int flags) +static void cluster_check(struct xt_fcheck_call *cb) { - if ((flags & ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_LOCAL_NODE) | - (1 << CLUSTER_OPT_HASH_SEED))) - == ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_LOCAL_NODE) | - (1 << CLUSTER_OPT_HASH_SEED))) { - if (node_mask >= (1ULL << total_nodes)) { + const struct xt_cluster_match_info *info = cb->data; + unsigned int test; + + test = F_CL_TOTAL_NODES | F_CL_LOCAL_NODE | F_CL_HASH_SEED; + if ((cb->xflags & test) == test) { + if (info->node_mask >= (1ULL << info->total_nodes)) xtables_error(PARAMETER_PROBLEM, "cluster match: " "`--cluster-local-node' " "must be <= `--cluster-total-nodes'"); - } return; } - if ((flags & ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_NODE_MASK) | - (1 << CLUSTER_OPT_HASH_SEED))) - == ((1 << CLUSTER_OPT_TOTAL_NODES) | - (1 << CLUSTER_OPT_NODE_MASK) | - (1 << CLUSTER_OPT_HASH_SEED))) { - if (node_mask >= (1ULL << total_nodes)) { + + test = F_CL_TOTAL_NODES | F_CL_LOCAL_NODEMASK | F_CL_HASH_SEED; + if ((cb->xflags & test) == test) { + if (info->node_mask >= (1ULL << info->total_nodes)) xtables_error(PARAMETER_PROBLEM, "cluster match: " "`--cluster-local-nodemask' too big " "for `--cluster-total-nodes'"); - } return; } - if (!(flags & (1 << CLUSTER_OPT_TOTAL_NODES))) { - xtables_error(PARAMETER_PROBLEM, - "cluster match: `--cluster-total-nodes' " - "is missing"); - } - if (!(flags & (1 << CLUSTER_OPT_HASH_SEED))) { - xtables_error(PARAMETER_PROBLEM, - "cluster match: `--cluster-hash-seed' " - "is missing"); - } - if (!(flags & ((1 << (CLUSTER_OPT_LOCAL_NODE) | - (1 << (CLUSTER_OPT_NODE_MASK)))))) { + if (!(cb->xflags & (F_CL_LOCAL_NODE | F_CL_LOCAL_NODEMASK))) xtables_error(PARAMETER_PROBLEM, "cluster match: `--cluster-local-node' or" "`--cluster-local-nodemask' is missing"); - } } static void @@ -224,11 +133,11 @@ static struct xtables_match cluster_mt_reg = { .size = XT_ALIGN(sizeof(struct xt_cluster_match_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_cluster_match_info)), .help = cluster_help, - .parse = cluster_parse, - .final_check = cluster_check, .print = cluster_print, .save = cluster_save, - .extra_opts = cluster_opts, + .x6_parse = cluster_parse, + .x6_fcheck = cluster_check, + .x6_options = cluster_opts, }; void _init(void) diff --git a/extensions/libxt_cpu.c b/extensions/libxt_cpu.c index 77efec7f..404a6a66 100644 --- a/extensions/libxt_cpu.c +++ b/extensions/libxt_cpu.c @@ -1,13 +1,11 @@ -/* Shared library add-on to iptables to add CPU match support. */ -#include <stdbool.h> #include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter/xt_cpu.h> +enum { + O_CPU = 0, +}; + static void cpu_help(void) { printf( @@ -15,50 +13,20 @@ static void cpu_help(void) "[!] --cpu number Match CPU number\n"); } -static const struct option cpu_opts[] = { - {.name = "cpu", .has_arg = true, .val = '1'}, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry cpu_opts[] = { + {.name = "cpu", .id = O_CPU, .type = XTTYPE_UINT32, + .flags = XTOPT_INVERT | XTOPT_MAND | XTOPT_PUT, + XTOPT_POINTER(struct xt_cpu_info, cpu)}, + XTOPT_TABLEEND, }; -static void -parse_cpu(const char *s, struct xt_cpu_info *info) +static void cpu_parse(struct xt_option_call *cb) { - unsigned int cpu; - char *end; - - if (!xtables_strtoui(s, &end, &cpu, 0, UINT32_MAX)) - xtables_param_act(XTF_BAD_VALUE, "cpu", "--cpu", s); - - if (*end != '\0') - xtables_param_act(XTF_BAD_VALUE, "cpu", "--cpu", s); - - info->cpu = cpu; -} + struct xt_cpu_info *cpuinfo = cb->data; -static int -cpu_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) -{ - struct xt_cpu_info *cpuinfo = (struct xt_cpu_info *)(*match)->data; - - switch (c) { - case '1': - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_cpu(optarg, cpuinfo); - if (invert) - cpuinfo->invert = 1; - *flags = 1; - break; - } - - return 1; -} - -static void cpu_check(unsigned int flags) -{ - if (!flags) - xtables_error(PARAMETER_PROBLEM, - "You must specify `--cpu'"); + xtables_option_parse(cb); + if (cb->invert) + cpuinfo->invert = true; } static void @@ -83,11 +51,10 @@ static struct xtables_match cpu_match = { .size = XT_ALIGN(sizeof(struct xt_cpu_info)), .userspacesize = XT_ALIGN(sizeof(struct xt_cpu_info)), .help = cpu_help, - .parse = cpu_parse, - .final_check = cpu_check, .print = cpu_print, .save = cpu_save, - .extra_opts = cpu_opts, + .x6_parse = cpu_parse, + .x6_options = cpu_opts, }; void _init(void) diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c index e89d1c56..39016493 100644 --- a/extensions/libxt_socket.c +++ b/extensions/libxt_socket.c @@ -3,15 +3,17 @@ * * Copyright (C) 2007 BalaBit IT Ltd. */ -#include <getopt.h> -#include <stdbool.h> #include <stdio.h> #include <xtables.h> #include <linux/netfilter/xt_socket.h> -static const struct option socket_mt_opts[] = { - {.name = "transparent", .has_arg = false, .val = 't'}, - XT_GETOPT_TABLEEND, +enum { + O_TRANSPARENT = 0, +}; + +static const struct xt_option_entry socket_mt_opts[] = { + {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, }; static void socket_mt_help(void) @@ -21,17 +23,16 @@ static void socket_mt_help(void) " --transparent Ignore non-transparent sockets\n\n"); } -static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void socket_mt_parse(struct xt_option_call *cb) { - struct xt_socket_mtinfo1 *info = (void *)(*match)->data; + struct xt_socket_mtinfo1 *info = cb->data; - switch (c) { - case 't': + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TRANSPARENT: info->flags |= XT_SOCKET_TRANSPARENT; - return true; + break; } - return false; } static void @@ -68,10 +69,10 @@ static struct xtables_match socket_mt_reg[] = { .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), .help = socket_mt_help, - .parse = socket_mt_parse, .print = socket_mt_print, .save = socket_mt_save, - .extra_opts = socket_mt_opts, + .x6_parse = socket_mt_parse, + .x6_options = socket_mt_opts, }, }; |