summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--Makefile.am2
-rw-r--r--configure.ac26
-rw-r--r--extensions/libip6t_HL.c4
-rw-r--r--extensions/libip6t_LOG.c8
-rw-r--r--extensions/libip6t_REJECT.c2
-rw-r--r--extensions/libip6t_ah.c6
-rw-r--r--extensions/libip6t_dst.c11
-rw-r--r--extensions/libip6t_frag.c6
-rw-r--r--extensions/libip6t_hbh.c11
-rw-r--r--extensions/libip6t_hl.c2
-rw-r--r--extensions/libip6t_icmp6.c6
-rw-r--r--extensions/libip6t_ipv6header.c8
-rw-r--r--extensions/libip6t_mh.c4
-rw-r--r--extensions/libip6t_policy.c8
-rw-r--r--extensions/libip6t_rt.c10
-rw-r--r--extensions/libipt_CLUSTERIP.c10
-rw-r--r--extensions/libipt_DNAT.c10
-rw-r--r--extensions/libipt_ECN.c6
-rw-r--r--extensions/libipt_LOG.c10
-rw-r--r--extensions/libipt_MASQUERADE.c2
-rw-r--r--extensions/libipt_NETMAP.c12
-rw-r--r--extensions/libipt_REDIRECT.c4
-rw-r--r--extensions/libipt_REJECT.c2
-rw-r--r--extensions/libipt_SAME.c14
-rw-r--r--extensions/libipt_SET.c2
-rw-r--r--extensions/libipt_SNAT.c10
-rw-r--r--extensions/libipt_TTL.c4
-rw-r--r--extensions/libipt_ULOG.c6
-rw-r--r--extensions/libipt_addrtype.c8
-rw-r--r--extensions/libipt_ah.c4
-rw-r--r--extensions/libipt_ecn.c8
-rw-r--r--extensions/libipt_icmp.c6
-rw-r--r--extensions/libipt_policy.c16
-rw-r--r--extensions/libipt_realm.c4
-rw-r--r--extensions/libipt_set.c2
-rw-r--r--extensions/libipt_ttl.c8
-rw-r--r--extensions/libxt_CONNMARK.c56
-rw-r--r--extensions/libxt_DSCP.c7
-rw-r--r--extensions/libxt_MARK.c50
-rw-r--r--extensions/libxt_NFLOG.c6
-rw-r--r--extensions/libxt_NFQUEUE.c3
-rw-r--r--extensions/libxt_TCPMSS.c3
-rw-r--r--extensions/libxt_TCPOPTSTRIP.c3
-rw-r--r--extensions/libxt_TOS.c36
-rw-r--r--extensions/libxt_TPROXY.c36
-rw-r--r--extensions/libxt_comment.c2
-rw-r--r--extensions/libxt_connbytes.c2
-rw-r--r--extensions/libxt_connlimit.c2
-rw-r--r--extensions/libxt_connmark.c16
-rw-r--r--extensions/libxt_conntrack.c91
-rw-r--r--extensions/libxt_dccp.c18
-rw-r--r--extensions/libxt_dscp.c11
-rw-r--r--extensions/libxt_esp.c4
-rw-r--r--extensions/libxt_hashlimit.c98
-rw-r--r--extensions/libxt_helper.c4
-rw-r--r--extensions/libxt_iprange.c80
-rw-r--r--extensions/libxt_length.c6
-rw-r--r--extensions/libxt_limit.c6
-rw-r--r--extensions/libxt_mac.c2
-rw-r--r--extensions/libxt_mark.c16
-rw-r--r--extensions/libxt_multiport.c18
-rw-r--r--extensions/libxt_owner.c73
-rw-r--r--extensions/libxt_physdev.c14
-rw-r--r--extensions/libxt_pkttype.c2
-rw-r--r--extensions/libxt_quota.c4
-rw-r--r--extensions/libxt_rateest.c27
-rw-r--r--extensions/libxt_recent.c8
-rw-r--r--extensions/libxt_sctp.c12
-rw-r--r--extensions/libxt_state.c2
-rw-r--r--extensions/libxt_statistic.c9
-rw-r--r--extensions/libxt_string.c6
-rw-r--r--extensions/libxt_tcp.c18
-rw-r--r--extensions/libxt_tcpmss.c6
-rw-r--r--extensions/libxt_time.c1
-rw-r--r--extensions/libxt_tos.c8
-rw-r--r--extensions/libxt_u32.c2
-rw-r--r--extensions/libxt_udp.c10
-rw-r--r--extensions/tos_values.c8
-rw-r--r--include/xtables.h.in115
-rw-r--r--include/xtables/internal.h36
-rw-r--r--include/xtables/internal.h.in17
-rw-r--r--ip6tables-restore.c17
-rw-r--r--ip6tables-save.c17
-rw-r--r--ip6tables-standalone.c15
-rw-r--r--ip6tables.c149
-rw-r--r--iptables-restore.c17
-rw-r--r--iptables-save.c17
-rw-r--r--iptables-standalone.c15
-rw-r--r--iptables-xml.c8
-rw-r--r--iptables.c140
-rw-r--r--xtables.c387
92 files changed, 963 insertions, 1036 deletions
diff --git a/.gitignore b/.gitignore
index 741f9729..116de2c3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,7 @@ Makefile.in
/extensions/targets?.man
/include/xtables.h
+/include/xtables/internal.h
/aclocal.m4
/autom4te*.cache
diff --git a/Makefile.am b/Makefile.am
index 83ab3bba..0ffb9785 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,7 +14,7 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c
lib_LTLIBRARIES = libxtables.la
libxtables_la_SOURCES = xtables.c
-libxtables_la_LDFLAGS = -version-info 1:0:0
+libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
# iptables, dynamic
iptables_SOURCES = iptables-standalone.c iptables.c
diff --git a/configure.ac b/configure.ac
index 8c9c30de..bb32130c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,11 +1,10 @@
-define([_XTABLES_VERSION_MAJOR], 1)
-define([_XTABLES_VERSION_MINOR], 4)
-define([_XTABLES_VERSION_PATCH], 3)
-define([_XTABLES_VERSION_EXTRA], -rc1)
-define([_XTABLES_VERSION],_XTABLES_VERSION_MAJOR._XTABLES_VERSION_MINOR._XTABLES_VERSION_PATCH[]_XTABLES_VERSION_EXTRA)
+AC_INIT([iptables], [1.4.3-rc1])
+
+# See libtool.info "Libtool's versioning system"
+libxtables_vcurrent=1
+libxtables_vage=0
-AC_INIT([iptables], _XTABLES_VERSION)
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_INSTALL
@@ -74,16 +73,11 @@ AC_SUBST([kbuilddir])
AC_SUBST([ksourcedir])
AC_SUBST([xtlibdir])
AC_SUBST([pkgconfigdir])
-
-XTABLES_VERSION_MAJOR=_XTABLES_VERSION_MAJOR
-XTABLES_VERSION_MINOR=_XTABLES_VERSION_MINOR
-XTABLES_VERSION_PATCH=_XTABLES_VERSION_PATCH
-XTABLES_VERSION_EXTRA=_XTABLES_VERSION_EXTRA
-AC_SUBST([XTABLES_VERSION_MAJOR])
-AC_SUBST([XTABLES_VERSION_MINOR])
-AC_SUBST([XTABLES_VERSION_PATCH])
-AC_SUBST([XTABLES_VERSION_EXTRA])
+AC_SUBST([libxtables_vcurrent])
+AC_SUBST([libxtables_vage])
+libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage));
+AC_SUBST([libxtables_vmajor])
AC_CONFIG_FILES([Makefile extensions/GNUmakefile libipq/Makefile
- include/xtables.h xtables.pc])
+ include/xtables.h include/xtables/internal.h xtables.pc])
AC_OUTPUT
diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c
index 92266e49..0a987139 100644
--- a/extensions/libip6t_HL.c
+++ b/extensions/libip6t_HL.c
@@ -40,11 +40,11 @@ static int HL_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"HL: You must specify a value");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"HL: unexpected `!'");
- if (string_to_number(optarg, 0, 255, &value) == -1)
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"HL: Expected value between 0 and 255");
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 40a551f4..79877350 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -70,7 +70,7 @@ parse_level(const char *level)
unsigned int lev = -1;
unsigned int set = 0;
- if (string_to_number(level, 0, 7, &lev) == -1) {
+ if (!xtables_strtoui(level, NULL, &lev, 0, 7)) {
unsigned int i = 0;
for (i = 0;
@@ -91,7 +91,7 @@ parse_level(const char *level)
"log-level `%s' unknown", level);
}
- return (u_int8_t)lev;
+ return lev;
}
#define IP6T_LOG_OPT_LEVEL 0x01
@@ -112,7 +112,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
@@ -125,7 +125,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index 0e212021..1c2be686 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -85,7 +85,7 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index 0bbd4754..83ed4514 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -45,7 +45,7 @@ parse_ah_spi(const char *spistr, const char *typestr)
exit_error(PARAMETER_PROBLEM,
"AH error parsing %s `%s'", typestr, spistr);
- return (u_int32_t) spi;
+ return spi;
}
static void
@@ -86,7 +86,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_AH_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
if (invert)
ahinfo->invflags |= IP6T_AH_INV_SPI;
@@ -96,7 +96,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_AH_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--ahlen' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length");
if (invert)
ahinfo->invflags |= IP6T_AH_INV_LEN;
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index 215e2d95..e19abc4b 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -49,7 +49,7 @@ parse_opts_num(const char *idstr, const char *typestr)
exit_error(PARAMETER_PROBLEM,
"dst: error parsing %s `%s'", typestr, idstr);
}
- return (u_int32_t) id;
+ return id;
}
static int
@@ -78,13 +78,12 @@ parse_options(const char *optsstr, u_int16_t *opts)
*range++ = '\0';
}
- opts[i] = (u_int16_t)((parse_opts_num(cp,"opt") & 0x000000FF)<<8);
+ opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8;
if (range) {
if (opts[i] == 0)
exit_error(PARAMETER_PROBLEM,
"PAD0 hasn't got length");
- opts[i] |= (u_int16_t)(parse_opts_num(range,"length") &
- 0x000000FF);
+ opts[i] |= parse_opts_num(range, "length") & 0xFF;
} else
opts[i] |= (0x00FF);
@@ -126,7 +125,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_OPTS_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--dst-len' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
if (invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
@@ -137,7 +136,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_OPTS_OPTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--dst-opts' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
" '!' not allowed with `--dst-opts'");
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 5ded1c65..b55ef26f 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -51,7 +51,7 @@ parse_frag_id(const char *idstr, const char *typestr)
exit_error(PARAMETER_PROBLEM,
"FRAG error parsing %s `%s'", typestr, idstr);
}
- return (u_int32_t) id;
+ return id;
}
static void
@@ -94,7 +94,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_FRAG_IDS)
exit_error(PARAMETER_PROBLEM,
"Only one `--fragid' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_frag_ids(argv[optind-1], fraginfo->ids);
if (invert)
fraginfo->invflags |= IP6T_FRAG_INV_IDS;
@@ -105,7 +105,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_FRAG_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--fraglen' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
fraginfo->hdrlen = parse_frag_id(argv[optind-1], "length");
if (invert)
fraginfo->invflags |= IP6T_FRAG_INV_LEN;
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index 419c2506..3354eae4 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -52,7 +52,7 @@ parse_opts_num(const char *idstr, const char *typestr)
exit_error(PARAMETER_PROBLEM,
"hbh: error parsing %s `%s'", typestr, idstr);
}
- return (u_int32_t) id;
+ return id;
}
static int
@@ -75,12 +75,11 @@ parse_options(const char *optsstr, u_int16_t *opts)
"too many ports specified");
*range++ = '\0';
}
- opts[i] = (u_int16_t)((parse_opts_num(cp,"opt") & 0x000000FF)<<8);
+ opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8;
if (range) {
if (opts[i] == 0)
exit_error(PARAMETER_PROBLEM, "PAD0 hasn't got length");
- opts[i] |= (u_int16_t)(parse_opts_num(range,"length") &
- 0x000000FF);
+ opts[i] |= parse_opts_num(range, "length") & 0xFF;
} else {
opts[i] |= (0x00FF);
}
@@ -121,7 +120,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_OPTS_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--hbh-len' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
if (invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
@@ -132,7 +131,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_OPTS_OPTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--hbh-opts' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
" '!' not allowed with `--hbh-opts'");
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index 77275812..286f4324 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -30,7 +30,7 @@ static int hl_parse(int c, char **argv, int invert, unsigned int *flags,
struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data;
u_int8_t value;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
value = atoi(argv[optind-1]);
if (*flags)
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index b87538f9..5af9b02e 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -123,12 +123,12 @@ parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[])
if (slash)
*slash = '\0';
- if (string_to_number(buffer, 0, 255, &number) == -1)
+ if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid ICMPv6 type `%s'\n", buffer);
*type = number;
if (slash) {
- if (string_to_number(slash+1, 0, 255, &number) == -1)
+ if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid ICMPv6 code `%s'\n",
slash+1);
@@ -157,7 +157,7 @@ static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags == 1)
exit_error(PARAMETER_PROBLEM,
"icmpv6 match: only use --icmpv6-type once!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_icmpv6(argv[optind-1], &icmpv6info->type,
icmpv6info->code);
if (invert)
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index 30061244..982e6a7b 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -110,7 +110,7 @@ name_to_proto(const char *s)
s);
}
- return (u_int16_t)proto;
+ return proto;
}
static unsigned int
@@ -192,7 +192,7 @@ ipv6header_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--header' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (! (info->matchflags = parse_header(argv[optind-1])) )
exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
@@ -262,8 +262,6 @@ static void ipv6header_print(const void *ip,
if (info->modeflag)
printf("soft ");
-
- return;
}
static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
@@ -276,8 +274,6 @@ static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
printf(" ");
if (info->modeflag)
printf("--soft ");
-
- return;
}
static struct xtables_match ipv6header_mt6_reg = {
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index e76d7c36..78fc804a 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -93,7 +93,7 @@ static unsigned int name_to_type(const char *name)
} else {
unsigned int number;
- if (string_to_number(name, 0, 255, &number) == -1)
+ if (!xtables_strtoui(name, NULL, &number, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid MH type `%s'\n", name);
return number;
@@ -134,7 +134,7 @@ static int mh_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & MH_TYPES)
exit_error(PARAMETER_PROBLEM,
"Only one `--mh-type' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_mh_types(argv[optind-1], mhinfo->types);
if (invert)
mhinfo->invflags |= IP6T_MH_INV_TYPE;
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 357cbea1..7c1a1e71 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -160,7 +160,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
unsigned int naddr = 0;
int mode;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
switch (c) {
case '1':
@@ -214,7 +214,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
- ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
@@ -229,7 +229,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
- ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
@@ -244,7 +244,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
- e->proto = parse_protocol(argv[optind-1]);
+ e->proto = xtables_parse_protocol(argv[optind-1]);
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
exit_error(PARAMETER_PROBLEM,
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index 9468da18..64c98efc 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -58,7 +58,7 @@ parse_rt_num(const char *idstr, const char *typestr)
exit_error(PARAMETER_PROBLEM,
"RT error parsing %s `%s'", typestr, idstr);
}
- return (u_int32_t) id;
+ return id;
}
static void
@@ -158,7 +158,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_RT_TYP)
exit_error(PARAMETER_PROBLEM,
"Only one `--rt-type' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
rtinfo->rt_type = parse_rt_num(argv[optind-1], "type");
if (invert)
rtinfo->invflags |= IP6T_RT_INV_TYP;
@@ -169,7 +169,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_RT_SGS)
exit_error(PARAMETER_PROBLEM,
"Only one `--rt-segsleft' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_rt_segsleft(argv[optind-1], rtinfo->segsleft);
if (invert)
rtinfo->invflags |= IP6T_RT_INV_SGS;
@@ -180,7 +180,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IP6T_RT_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--rt-len' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
rtinfo->hdrlen = parse_rt_num(argv[optind-1], "length");
if (invert)
rtinfo->invflags |= IP6T_RT_INV_LEN;
@@ -204,7 +204,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) )
exit_error(PARAMETER_PROBLEM,
"`--rt-type 0' required before `--rt-0-addrs'");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
" '!' not allowed with `--rt-0-addrs'");
diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c
index 47184965..38909ea4 100644
--- a/extensions/libipt_CLUSTERIP.c
+++ b/extensions/libipt_CLUSTERIP.c
@@ -120,9 +120,9 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n");
if (*flags & PARAM_TOTALNODE)
exit_error(PARAMETER_PROBLEM, "Can only specify total node number once\n");
- if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0)
+ if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES))
exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg);
- cipinfo->num_total_nodes = (u_int16_t)num;
+ cipinfo->num_total_nodes = num;
*flags |= PARAM_TOTALNODE;
break;
case '5':
@@ -130,10 +130,10 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n");
if (*flags & PARAM_LOCALNODE)
exit_error(PARAMETER_PROBLEM, "Can only specify local node number once\n");
- if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0)
+ if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES))
exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg);
cipinfo->num_local_nodes = 1;
- cipinfo->local_nodes[0] = (u_int16_t)num;
+ cipinfo->local_nodes[0] = num;
*flags |= PARAM_LOCALNODE;
break;
case '6':
@@ -141,7 +141,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with `--new'\n");
if (*flags & PARAM_HASHINIT)
exit_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n");
- if (string_to_number(optarg, 0, UINT_MAX, &num) < 0)
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT_MAX))
exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg);
cipinfo->hash_initval = num;
*flags |= PARAM_HASHINIT;
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index e884b03e..371ec79a 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -117,13 +117,13 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
if (dash)
*dash = '\0';
- ip = numeric_to_ipaddr(arg);
+ ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
arg);
range.min_ip = ip->s_addr;
if (dash) {
- ip = numeric_to_ipaddr(dash+1);
+ ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
dash+1);
@@ -152,7 +152,7 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
@@ -195,10 +195,10 @@ static void print_range(const struct ip_nat_range *r)
struct in_addr a;
a.s_addr = r->min_ip;
- printf("%s", ipaddr_to_numeric(&a));
+ printf("%s", xtables_ipaddr_to_numeric(&a));
if (r->max_ip != r->min_ip) {
a.s_addr = r->max_ip;
- printf("-%s", ipaddr_to_numeric(&a));
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
}
}
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c
index e9312f06..c4e8e34f 100644
--- a/extensions/libipt_ECN.c
+++ b/extensions/libipt_ECN.c
@@ -61,7 +61,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ECN_OP_SET_CWR)
exit_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-tcp-cwr ONCE!");
- if (string_to_number(optarg, 0, 1, &result))
+ if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
exit_error(PARAMETER_PROBLEM,
"ECN target: Value out of range");
einfo->operation |= IPT_ECN_OP_SET_CWR;
@@ -72,7 +72,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ECN_OP_SET_ECE)
exit_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-tcp-ece ONCE!");
- if (string_to_number(optarg, 0, 1, &result))
+ if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
exit_error(PARAMETER_PROBLEM,
"ECN target: Value out of range");
einfo->operation |= IPT_ECN_OP_SET_ECE;
@@ -83,7 +83,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ECN_OP_SET_IP)
exit_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-ip-ect ONCE!");
- if (string_to_number(optarg, 0, 3, &result))
+ if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
exit_error(PARAMETER_PROBLEM,
"ECN target: Value out of range");
einfo->operation |= IPT_ECN_OP_SET_IP;
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 668b5654..bc7e8a4e 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -70,7 +70,7 @@ parse_level(const char *level)
unsigned int lev = -1;
unsigned int set = 0;
- if (string_to_number(level, 0, 7, &lev) == -1) {
+ if (!xtables_strtoui(level, NULL, &lev, 0, 7)) {
unsigned int i = 0;
for (i = 0;
@@ -91,7 +91,7 @@ parse_level(const char *level)
"log-level `%s' unknown", level);
}
- return (u_int8_t)lev;
+ return lev;
}
#define IPT_LOG_OPT_LEVEL 0x01
@@ -112,7 +112,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
@@ -125,7 +125,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
@@ -235,7 +235,7 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
if (strcmp(loginfo->prefix, "") != 0) {
printf("--log-prefix ");
- save_string(loginfo->prefix);
+ xtables_save_string(loginfo->prefix);
}
if (loginfo->level != LOG_DEFAULT_LEVEL)
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 1f932949..0ee155c2 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -90,7 +90,7 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index f6c688df..9949c99b 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -75,21 +75,21 @@ parse_to(char *arg, struct ip_nat_range *range)
if (slash)
*slash = '\0';
- ip = numeric_to_ipaddr(arg);
+ ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
arg);
range->min_ip = ip->s_addr;
if (slash) {
if (strchr(slash+1, '.')) {
- ip = numeric_to_ipmask(slash+1);
+ ip = xtables_numeric_to_ipmask(slash+1);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n",
slash+1);
netmask = ip->s_addr;
}
else {
- if (string_to_number(slash+1, 0, 32, &bits) == -1)
+ if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32))
exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n",
slash+1);
netmask = bits2netmask(bits);
@@ -118,7 +118,7 @@ static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", NETMAP_opts[0].name);
@@ -148,11 +148,11 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
int bits;
a.s_addr = r->min_ip;
- printf("%s", ipaddr_to_numeric(&a));
+ printf("%s", xtables_ipaddr_to_numeric(&a));
a.s_addr = ~(r->min_ip ^ r->max_ip);
bits = netmask2bits(a.s_addr);
if (bits < 0)
- printf("/%s", ipaddr_to_numeric(&a));
+ printf("/%s", xtables_ipaddr_to_numeric(&a));
else
printf("/%d", bits);
}
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 64ab737b..c6afbdcc 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -48,7 +48,7 @@ parse_ports(const char *arg, struct ip_nat_multi_range *mr)
port = atoi(arg);
if (port == 0)
- port = service_to_port(arg, NULL);
+ port = xtables_service_to_port(arg, NULL);
if (port == 0 || port > 65535)
exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg);
@@ -97,7 +97,7 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index ef404e67..db94306e 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -99,7 +99,7 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 6cb09afc..007ebc35 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -56,14 +56,14 @@ parse_to(char *arg, struct ip_nat_range *range)
if (dash)
*dash = '\0';
- ip = numeric_to_ipaddr(arg);
+ ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
arg);
range->min_ip = ip->s_addr;
if (dash) {
- ip = numeric_to_ipaddr(dash+1);
+ ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
dash+1);
@@ -93,7 +93,7 @@ static int SAME_parse(int c, char **argv, int invert, unsigned int *flags,
"Too many ranges specified, maximum "
"is %i ranges.\n",
IPT_SAME_MAX_RANGE);
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
@@ -151,13 +151,13 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
a.s_addr = r->min_ip;
- printf("%s", ipaddr_to_numeric(&a));
+ printf("%s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
if (r->min_ip == r->max_ip)
printf(" ");
else
- printf("-%s ", ipaddr_to_numeric(&a));
+ printf("-%s ", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
@@ -181,13 +181,13 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target)
struct in_addr a;
a.s_addr = r->min_ip;
- printf("--to %s", ipaddr_to_numeric(&a));
+ printf("--to %s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
if (r->min_ip == r->max_ip)
printf(" ");
else
- printf("-%s ", ipaddr_to_numeric(&a));
+ printf("-%s ", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
diff --git a/extensions/libipt_SET.c b/extensions/libipt_SET.c
index 7ec0c31c..45967be2 100644
--- a/extensions/libipt_SET.c
+++ b/extensions/libipt_SET.c
@@ -57,7 +57,7 @@ parse_target(char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"--%s can be specified only once", what);
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", what);
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 8c28c0ee..96ef56e4 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -117,13 +117,13 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
if (dash)
*dash = '\0';
- ip = numeric_to_ipaddr(arg);
+ ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
arg);
range.min_ip = ip->s_addr;
if (dash) {
- ip = numeric_to_ipaddr(dash+1);
+ ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
dash+1);
@@ -152,7 +152,7 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-source");
@@ -196,10 +196,10 @@ static void print_range(const struct ip_nat_range *r)
struct in_addr a;
a.s_addr = r->min_ip;
- printf("%s", ipaddr_to_numeric(&a));
+ printf("%s", xtables_ipaddr_to_numeric(&a));
if (r->max_ip != r->min_ip) {
a.s_addr = r->max_ip;
- printf("-%s", ipaddr_to_numeric(&a));
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
}
}
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index 7647f2f7..15d23ba2 100644
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -40,11 +40,11 @@ static int TTL_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"TTL: You must specify a value");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"TTL: unexpected `!'");
- if (string_to_number(optarg, 0, 255, &value) == -1)
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"TTL: Expected value between 0 and 255");
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index d73a3f65..89d09409 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -77,7 +77,7 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-nlgroup twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-nlgroup");
group_d = atoi(optarg);
@@ -95,7 +95,7 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-prefix");
@@ -151,7 +151,7 @@ static void ULOG_save(const void *ip, const struct xt_entry_target *target)
if (strcmp(loginfo->prefix, "") != 0) {
fputs("--ulog-prefix ", stdout);
- save_string(loginfo->prefix);
+ xtables_save_string(loginfo->prefix);
}
if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index dc43a3f5..446cf0f3 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -107,7 +107,7 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags,
if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->source);
if (invert)
info->invert_source = 1;
@@ -117,7 +117,7 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags,
if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->dest);
if (invert)
info->invert_dest = 1;
@@ -142,7 +142,7 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->source);
if (invert)
info->flags |= IPT_ADDRTYPE_INVERT_SOURCE;
@@ -152,7 +152,7 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->dest);
if (invert)
info->flags |= IPT_ADDRTYPE_INVERT_DEST;
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index fec87a74..31977dd6 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -41,7 +41,7 @@ parse_ah_spi(const char *spistr)
exit_error(PARAMETER_PROBLEM,
"AH error parsing spi `%s'", spistr);
}
- return (u_int32_t) spi;
+ return spi;
}
static void
@@ -82,7 +82,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & AH_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
if (invert)
ahinfo->invflags |= IPT_AH_INV_SPI;
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
index 72353d5f..3b9da71a 100644
--- a/extensions/libipt_ecn.c
+++ b/extensions/libipt_ecn.c
@@ -44,7 +44,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ECN_OP_MATCH_CWR)
exit_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->operation |= IPT_ECN_OP_MATCH_CWR;
if (invert)
einfo->invert |= IPT_ECN_OP_MATCH_CWR;
@@ -55,7 +55,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ECN_OP_MATCH_ECE)
exit_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->operation |= IPT_ECN_OP_MATCH_ECE;
if (invert)
einfo->invert |= IPT_ECN_OP_MATCH_ECE;
@@ -66,12 +66,12 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & IPT_ECN_OP_MATCH_IP)
exit_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
einfo->invert |= IPT_ECN_OP_MATCH_IP;
*flags |= IPT_ECN_OP_MATCH_IP;
einfo->operation |= IPT_ECN_OP_MATCH_IP;
- if (string_to_number(optarg, 0, 3, &result))
+ if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
exit_error(PARAMETER_PROBLEM,
"ECN match: Value out of range");
einfo->ip_ect = result;
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index fa5a5409..0fd132be 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -147,12 +147,12 @@ parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[])
if (slash)
*slash = '\0';
- if (string_to_number(buffer, 0, 255, &number) == -1)
+ if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid ICMP type `%s'\n", buffer);
*type = number;
if (slash) {
- if (string_to_number(slash+1, 0, 255, &number) == -1)
+ if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid ICMP code `%s'\n",
slash+1);
@@ -182,7 +182,7 @@ static int icmp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags == 1)
exit_error(PARAMETER_PROBLEM,
"icmp match: only use --icmp-type once!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_icmp(argv[optind-1], &icmpinfo->type,
icmpinfo->code);
if (invert)
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 9c701820..6ae51e7c 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -128,7 +128,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
unsigned int naddr = 0;
int mode;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
switch (c) {
case '1':
@@ -182,7 +182,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
- ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
@@ -197,7 +197,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
- ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
@@ -212,7 +212,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
- e->proto = parse_protocol(argv[optind-1]);
+ e->proto = xtables_parse_protocol(argv[optind-1]);
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
exit_error(PARAMETER_PROBLEM,
@@ -352,14 +352,14 @@ static void print_entry(char *prefix, const struct ipt_policy_elem *e,
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
printf("%stunnel-dst %s%s ", prefix,
- ipaddr_to_numeric((const void *)&e->daddr),
- ipmask_to_numeric((const void *)&e->dmask));
+ xtables_ipaddr_to_numeric((const void *)&e->daddr),
+ xtables_ipmask_to_numeric((const void *)&e->dmask));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
printf("%stunnel-src %s%s ", prefix,
- ipaddr_to_numeric((const void *)&e->saddr),
- ipmask_to_numeric((const void *)&e->smask));
+ xtables_ipaddr_to_numeric((const void *)&e->saddr),
+ xtables_ipmask_to_numeric((const void *)&e->smask));
}
}
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index 5af2fd41..e602dad1 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -157,7 +157,7 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
end = optarg = argv[optind-1];
realminfo->id = strtoul(optarg, &end, 0);
if (end != optarg && (*end == '/' || *end == '\0')) {
@@ -173,7 +173,7 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags,
if (id == -1)
exit_error(PARAMETER_PROBLEM,
"Realm `%s' not found", optarg);
- realminfo->id = (u_int32_t)id;
+ realminfo->id = id;
realminfo->mask = 0xffffffff;
}
if (invert)
diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c
index 9bdb007d..5b9e1fdc 100644
--- a/extensions/libipt_set.c
+++ b/extensions/libipt_set.c
@@ -58,7 +58,7 @@ static int set_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"--set can be specified only once");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags[0] |= IPSET_MATCH_INV;
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 055c92ee..3387e924 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -29,11 +29,11 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
unsigned int value;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
switch (c) {
case '2':
- if (string_to_number(optarg, 0, 255, &value) == -1)
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"ttl: Expected value between 0 and 255");
@@ -46,7 +46,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
info->ttl = value;
break;
case '3':
- if (string_to_number(optarg, 0, 255, &value) == -1)
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"ttl: Expected value between 0 and 255");
@@ -58,7 +58,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
info->ttl = value;
break;
case '4':
- if (string_to_number(optarg, 0, 255, &value) == -1)
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"ttl: Expected value between 0 and 255");
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 2ad27591..e426e4f1 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -90,8 +90,8 @@ static void connmark_tg_init(struct xt_entry_target *target)
* Need these defaults for --save-mark/--restore-mark if no
* --ctmark or --nfmask is given.
*/
- info->ctmask = ~0U;
- info->nfmask = ~0U;
+ info->ctmask = UINT32_MAX;
+ info->nfmask = UINT32_MAX;
}
static int
@@ -152,20 +152,20 @@ static int connmark_tg_parse(int c, char **argv, int invert,
struct xt_entry_target **target)
{
struct xt_connmark_tginfo1 *info = (void *)(*target)->data;
- unsigned int value, mask = ~0U;
+ unsigned int value, mask = UINT32_MAX;
char *end;
switch (c) {
case '=': /* --set-xmark */
case '-': /* --set-mark */
- param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!strtonum(optarg, &end, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
if (*end == '/')
- if (!strtonum(end + 1, &end, &mask, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
+ if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
if (*end != '\0')
- param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
info->mode = XT_CONNMARK_SET;
info->ctmark = value;
info->ctmask = mask;
@@ -175,9 +175,9 @@ static int connmark_tg_parse(int c, char **argv, int invert,
return true;
case '&': /* --and-mark */
- param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!strtonum(optarg, NULL, &mask, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--and-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--and-mark", optarg);
info->mode = XT_CONNMARK_SET;
info->ctmark = 0;
info->ctmask = ~mask;
@@ -185,9 +185,9 @@ static int connmark_tg_parse(int c, char **argv, int invert,
return true;
case '|': /* --or-mark */
- param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--or-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--or-mark", optarg);
info->mode = XT_CONNMARK_SET;
info->ctmark = value;
info->ctmask = value;
@@ -195,9 +195,9 @@ static int connmark_tg_parse(int c, char **argv, int invert,
return true;
case '^': /* --xor-mark */
- param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--xor-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--xor-mark", optarg);
info->mode = XT_CONNMARK_SET;
info->ctmark = value;
info->ctmask = 0;
@@ -205,13 +205,13 @@ static int connmark_tg_parse(int c, char **argv, int invert,
return true;
case 'S': /* --save-mark */
- param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
info->mode = XT_CONNMARK_SAVE;
*flags |= F_MARK | F_SR_MARK;
return true;
case 'R': /* --restore-mark */
- param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
info->mode = XT_CONNMARK_RESTORE;
*flags |= F_MARK | F_SR_MARK;
return true;
@@ -221,8 +221,8 @@ static int connmark_tg_parse(int c, char **argv, int invert,
exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
"or --restore-mark is required for "
"--nfmask");
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--nfmask", optarg);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--nfmask", optarg);
info->nfmask = value;
return true;
@@ -231,8 +231,8 @@ static int connmark_tg_parse(int c, char **argv, int invert,
exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
"or --restore-mark is required for "
"--ctmask");
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--ctmask", optarg);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--ctmask", optarg);
info->ctmask = value;
return true;
@@ -241,8 +241,8 @@ static int connmark_tg_parse(int c, char **argv, int invert,
exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
"or --restore-mark is required for "
"--mask");
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "CONNMARK", "--mask", optarg);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--mask", optarg);
info->nfmask = info->ctmask = value;
return true;
}
@@ -317,7 +317,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target,
info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
- if (info->nfmask == ~0U && info->ctmask == ~0U)
+ if (info->nfmask == UINT32_MAX && info->ctmask == UINT32_MAX)
printf("CONNMARK save ");
else if (info->nfmask == info->ctmask)
printf("CONNMARK save mask 0x%x ", info->nfmask);
@@ -326,7 +326,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target,
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
- if (info->ctmask == ~0U && info->nfmask == ~0U)
+ if (info->ctmask == UINT32_MAX && info->nfmask == UINT32_MAX)
printf("CONNMARK restore ");
else if (info->ctmask == info->nfmask)
printf("CONNMARK restore mask 0x%x ", info->ctmask);
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index 6625db11..aac8f9b0 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo)
{
unsigned int dscp;
- if (string_to_number(s, 0, 255, &dscp) == -1)
+ if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid dscp `%s'\n", s);
@@ -56,8 +56,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo)
exit_error(PARAMETER_PROBLEM,
"DSCP `%d` out of range\n", dscp);
- dinfo->dscp = (u_int8_t )dscp;
- return;
+ dinfo->dscp = dscp;
}
@@ -67,7 +66,7 @@ parse_class(const char *s, struct xt_DSCP_info *dinfo)
unsigned int dscp = class_to_dscp(s);
/* Assign the value */
- dinfo->dscp = (u_int8_t)dscp;
+ dinfo->dscp = dscp;
}
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index 95bce89a..8f04e8e7 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -58,12 +58,13 @@ MARK_parse_v0(int c, char **argv, int invert, unsigned int *flags,
{
struct xt_mark_target_info *markinfo
= (struct xt_mark_target_info *)(*target)->data;
+ unsigned int mark = 0;
switch (c) {
case '1':
- if (string_to_number_l(optarg, 0, 0,
- &markinfo->mark))
+ if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ markinfo->mark = mark;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"MARK target: Can't specify --set-mark twice");
@@ -96,6 +97,7 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags,
{
struct xt_mark_target_info_v1 *markinfo
= (struct xt_mark_target_info_v1 *)(*target)->data;
+ unsigned int mark = 0;
switch (c) {
case '1':
@@ -111,9 +113,9 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags,
return 0;
}
- if (string_to_number_l(optarg, 0, 0, &markinfo->mark))
+ if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
-
+ markinfo->mark = mark;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"MARK target: Can't specify --set-mark twice");
@@ -126,21 +128,21 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_target **target)
{
struct xt_mark_tginfo2 *info = (void *)(*target)->data;
- unsigned int value, mask = ~0U;
+ unsigned int value, mask = UINT32_MAX;
char *end;
switch (c) {
case 'X': /* --set-xmark */
case '=': /* --set-mark */
- param_act(P_ONE_ACTION, "MARK", *flags & F_MARK);
- param_act(P_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert);
- if (!strtonum(optarg, &end, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
+ xtables_param_act(XTF_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert);
+ if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
if (*end == '/')
- if (!strtonum(end + 1, &end, &mask, 0, ~0U))
- param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
+ if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
if (*end != '\0')
- param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
info->mark = value;
info->mask = mask;
@@ -149,28 +151,28 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '&': /* --and-mark */
- param_act(P_ONE_ACTION, "MARK", *flags & F_MARK);
- param_act(P_NO_INVERT, "MARK", "--and-mark", invert);
- if (!strtonum(optarg, NULL, &mask, 0, ~0U))
- param_act(P_BAD_VALUE, "MARK", "--and-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
+ xtables_param_act(XTF_NO_INVERT, "MARK", "--and-mark", invert);
+ if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "MARK", "--and-mark", optarg);
info->mark = 0;
info->mask = ~mask;
break;
case '|': /* --or-mark */
- param_act(P_ONE_ACTION, "MARK", *flags & F_MARK);
- param_act(P_NO_INVERT, "MARK", "--or-mark", invert);
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "MARK", "--or-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
+ xtables_param_act(XTF_NO_INVERT, "MARK", "--or-mark", invert);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "MARK", "--or-mark", optarg);
info->mark = value;
info->mask = value;
break;
case '^': /* --xor-mark */
- param_act(P_ONE_ACTION, "MARK", *flags & F_MARK);
- param_act(P_NO_INVERT, "MARK", "--xor-mark", invert);
- if (!strtonum(optarg, NULL, &value, 0, ~0U))
- param_act(P_BAD_VALUE, "MARK", "--xor-mark", optarg);
+ xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
+ xtables_param_act(XTF_NO_INVERT, "MARK", "--xor-mark", invert);
+ if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "MARK", "--xor-mark", optarg);
info->mark = value;
info->mask = 0;
break;
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index fe22e981..6d8c9dc6 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -51,7 +51,7 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & NFLOG_GROUP)
exit_error(PARAMETER_PROBLEM,
"Can't specify --nflog-group twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --nflog-group");
@@ -65,7 +65,7 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & NFLOG_PREFIX)
exit_error(PARAMETER_PROBLEM,
"Can't specify --nflog-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --nflog-prefix");
@@ -113,7 +113,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
{
if (info->prefix[0] != '\0') {
printf("%snflog-prefix ", prefix);
- save_string(info->prefix);
+ xtables_save_string(info->prefix);
}
if (info->group)
printf("%snflog-group %u ", prefix, info->group);
diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index 7daed18e..1c0c23d8 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -33,12 +33,11 @@ parse_num(const char *s, struct xt_NFQ_info *tinfo)
{
unsigned int num;
- if (string_to_number(s, 0, 65535, &num) == -1)
+ if (!xtables_strtoui(s, NULL, &num, 0, UINT16_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid queue number `%s'\n", s);
tinfo->queuenum = num & 0xffff;
- return;
}
static int
diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c
index 2227eb48..33fc71cd 100644
--- a/extensions/libxt_TCPMSS.c
+++ b/extensions/libxt_TCPMSS.c
@@ -55,7 +55,8 @@ static int __TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags)
exit_error(PARAMETER_PROBLEM,
"TCPMSS target: Only one option may be specified");
- if (string_to_number(optarg, 0, 65535 - hdrsize, &mssval) == -1)
+ if (!xtables_strtoui(optarg, NULL, &mssval,
+ 0, UINT16_MAX - hdrsize))
exit_error(PARAMETER_PROBLEM, "Bad TCPMSS value `%s'", optarg);
mssinfo->mss = mssval;
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index 758f8476..c053a8b1 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -82,7 +82,8 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg)
break;
}
- if (option == 0 && string_to_number(arg, 0, 255, &option) == -1)
+ if (option == 0 &&
+ !xtables_strtoui(arg, NULL, &option, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Bad TCP option value \"%s\"", arg);
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index c1856817..7b1f7f83 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -82,10 +82,10 @@ static int tos_tg_parse_v0(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '=':
- param_act(P_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
- param_act(P_NO_INVERT, "TOS", "--set-tos", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert);
if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
- param_act(P_BAD_VALUE, "TOS", "--set-tos", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
if (tvm.mask != 0xFF)
exit_error(PARAMETER_PROBLEM, "tos match: Your kernel "
"is too old to support anything besides "
@@ -107,37 +107,37 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '=': /* --set-tos */
- param_act(P_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
- param_act(P_NO_INVERT, "TOS", "--set-tos", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert);
if (!tos_parse_symbolic(optarg, &tvm, 0x3F))
- param_act(P_BAD_VALUE, "TOS", "--set-tos", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
info->tos_value = tvm.value;
info->tos_mask = tvm.mask;
break;
case '&': /* --and-tos */
- param_act(P_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS);
- param_act(P_NO_INVERT, "TOS", "--and-tos", invert);
- if (!strtonum(optarg, NULL, &bits, 0, 0xFF))
- param_act(P_BAD_VALUE, "TOS", "--and-tos", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_NO_INVERT, "TOS", "--and-tos", invert);
+ if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "TOS", "--and-tos", optarg);
info->tos_value = 0;
info->tos_mask = ~bits;
break;
case '|': /* --or-tos */
- param_act(P_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS);
- param_act(P_NO_INVERT, "TOS", "--or-tos", invert);
- if (!strtonum(optarg, NULL, &bits, 0, 0xFF))
- param_act(P_BAD_VALUE, "TOS", "--or-tos", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_NO_INVERT, "TOS", "--or-tos", invert);
+ if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "TOS", "--or-tos", optarg);
info->tos_value = bits;
info->tos_mask = bits;
break;
case '^': /* --xor-tos */
- param_act(P_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS);
- param_act(P_NO_INVERT, "TOS", "--xor-tos", invert);
- if (!strtonum(optarg, NULL, &bits, 0, 0xFF))
- param_act(P_BAD_VALUE, "TOS", "--xor-tos", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_NO_INVERT, "TOS", "--xor-tos", invert);
+ if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "TOS", "--xor-tos", optarg);
info->tos_value = bits;
info->tos_mask = 0;
break;
diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c
index deb214f8..54ae96d2 100644
--- a/extensions/libxt_TPROXY.c
+++ b/extensions/libxt_TPROXY.c
@@ -40,34 +40,34 @@ static void parse_tproxy_lport(const char *s, struct xt_tproxy_target_info *info
{
unsigned int lport;
- if (string_to_number(s, 0, 65535, &lport) != -1)
+ if (xtables_strtoui(s, NULL, &lport, 0, UINT16_MAX))
info->lport = htons(lport);
else
- param_act(P_BAD_VALUE, "TPROXY", "--on-port", s);
+ xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-port", s);
}
static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info)
{
struct in_addr *laddr;
- if ((laddr = numeric_to_ipaddr(s)) == NULL)
- param_act(P_BAD_VALUE, "TPROXY", "--on-ip", s);
+ if ((laddr = xtables_numeric_to_ipaddr(s)) == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s);
info->laddr = laddr->s_addr;
}
static void parse_tproxy_mark(char *s, struct xt_tproxy_target_info *info)
{
- unsigned int value, mask = ~0U;
+ unsigned int value, mask = UINT32_MAX;
char *end;
- if (!strtonum(s, &end, &value, 0, UINT_MAX))
- param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
+ if (!xtables_strtoui(s, &end, &value, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
if (*end == '/')
- if (!strtonum(end + 1, &end, &mask, 0, UINT_MAX))
- param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
+ if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
if (*end != '\0')
- param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
+ xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
info->mark_mask = mask;
info->mark_value = value;
@@ -80,20 +80,20 @@ static int tproxy_tg_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- param_act(P_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT);
- param_act(P_NO_INVERT, "TPROXY", "--on-port", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT);
+ xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-port", invert);
parse_tproxy_lport(optarg, tproxyinfo);
*flags |= PARAM_ONPORT;
return 1;
case '2':
- param_act(P_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP);
- param_act(P_NO_INVERT, "TPROXY", "--on-ip", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP);
+ xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-ip", invert);
parse_tproxy_laddr(optarg, tproxyinfo);
*flags |= PARAM_ONIP;
return 1;
case '3':
- param_act(P_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK);
- param_act(P_NO_INVERT, "TPROXY", "--tproxy-mark", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK);
+ xtables_param_act(XTF_NO_INVERT, "TPROXY", "--tproxy-mark", invert);
parse_tproxy_mark(optarg, tproxyinfo);
*flags |= PARAM_MARK;
return 1;
@@ -114,7 +114,7 @@ static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target
{
const struct xt_tproxy_target_info *info = (const void *)target->data;
printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
- ipaddr_to_numeric((const struct in_addr *)&info->laddr),
+ xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
}
@@ -125,7 +125,7 @@ static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target)
printf("--on-port %u ", ntohs(info->lport));
printf("--on-ip %s ",
- ipaddr_to_numeric((const struct in_addr *)&info->laddr));
+ xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr));
printf("--tproxy-mark 0x%x/0x%x ",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index a7f96d4f..9bad1256 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -46,7 +46,7 @@ comment_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (invert) {
exit_error(PARAMETER_PROBLEM,
"Sorry, you can't have an inverted comment");
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index b77ba38b..5fc0f2a6 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -52,7 +52,7 @@ connbytes_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, &optind, 0))
+ if (xtables_check_inverse(optarg, &invert, &optind, 0))
optind++;
parse_range(argv[optind-1], sinfo);
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index 117222a7..f43eada1 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -63,7 +63,7 @@ static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"--connlimit-above may be given only once");
*flags |= 0x1;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->limit = strtoul(argv[optind-1], NULL, 0);
info->inverse = invert;
break;
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index bc7ef45b..d5ca4e0b 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -49,19 +49,19 @@ connmark_mt_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_connmark_mtinfo1 *info = (void *)(*match)->data;
- unsigned int mark, mask = ~0U;
+ unsigned int mark, mask = UINT32_MAX;
char *end;
switch (c) {
case '1': /* --mark */
- param_act(P_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK);
- if (!strtonum(optarg, &end, &mark, 0, ~0U))
- param_act(P_BAD_VALUE, "connmark", "--mark", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK);
+ if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg);
if (*end == '/')
- if (!strtonum(end + 1, &end, &mask, 0, ~0U))
- param_act(P_BAD_VALUE, "connmark", "--mark", optarg);
+ if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg);
if (*end != '\0')
- param_act(P_BAD_VALUE, "connmark", "--mark", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg);
if (invert)
info->invert = true;
@@ -82,7 +82,7 @@ connmark_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
markinfo->mask = 0xffffffffUL;
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index d5dee7e6..45783f4d 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -228,7 +228,7 @@ parse_expire(const char *s)
{
unsigned int len;
- if (string_to_number(s, 0, 0, &len) == -1)
+ if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s);
else
return len;
@@ -268,14 +268,14 @@ conntrack_ps_expires(struct xt_conntrack_mtinfo1 *info, const char *s)
unsigned int min, max;
char *end;
- if (!strtonum(s, &end, &min, 0, ~0))
- param_act(P_BAD_VALUE, "conntrack", "--expires", s);
+ if (!xtables_strtoui(s, &end, &min, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
max = min;
if (*end == ':')
- if (!strtonum(s, &end, &max, 0, ~0U))
- param_act(P_BAD_VALUE, "conntrack", "--expires", s);
+ if (!xtables_strtoui(s, &end, &max, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
if (*end != '\0')
- param_act(P_BAD_VALUE, "conntrack", "--expires", s);
+ xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
if (min > max)
exit_error(PARAMETER_PROBLEM,
@@ -297,7 +297,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert) {
@@ -307,7 +307,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '2':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if(invert)
sinfo->invflags |= XT_CONNTRACK_PROTO;
@@ -317,7 +317,8 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
*protocol = tolower(*protocol);
protocol = argv[optind-1];
- sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = parse_protocol(protocol);
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum =
+ xtables_parse_protocol(protocol);
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & XT_INV_PROTO))
@@ -328,12 +329,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '3':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGSRC;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->sipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
@@ -348,12 +349,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGDST;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->dipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
@@ -368,12 +369,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '5':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLSRC;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->sipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
@@ -388,12 +389,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '6':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLDST;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->dipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
@@ -408,7 +409,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '7':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_statuses(argv[optind-1], sinfo);
if (invert) {
@@ -418,7 +419,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '8':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_expires(argv[optind-1], sinfo);
if (invert) {
@@ -455,7 +456,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
/* Canonicalize into lower case */
for (p = optarg; *p != '\0'; ++p)
*p = tolower(*p);
- info->l4proto = parse_protocol(optarg);
+ info->l4proto = xtables_parse_protocol(optarg);
if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO))
exit_error(PARAMETER_PROBLEM, "conntrack: rule would "
@@ -481,8 +482,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case 'a': /* --ctorigsrcport */
- if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0))
- param_act(P_BAD_VALUE, "conntrack",
+ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "conntrack",
"--ctorigsrcport", optarg);
info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT;
info->origsrc_port = htons(port);
@@ -491,8 +492,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case 'b': /* --ctorigdstport */
- if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0))
- param_act(P_BAD_VALUE, "conntrack",
+ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "conntrack",
"--ctorigdstport", optarg);
info->match_flags |= XT_CONNTRACK_ORIGDST_PORT;
info->origdst_port = htons(port);
@@ -501,8 +502,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case 'c': /* --ctreplsrcport */
- if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0))
- param_act(P_BAD_VALUE, "conntrack",
+ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "conntrack",
"--ctreplsrcport", optarg);
info->match_flags |= XT_CONNTRACK_REPLSRC_PORT;
info->replsrc_port = htons(port);
@@ -511,8 +512,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case 'd': /* --ctrepldstport */
- if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0))
- param_act(P_BAD_VALUE, "conntrack",
+ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "conntrack",
"--ctrepldstport", optarg);
info->match_flags |= XT_CONNTRACK_REPLDST_PORT;
info->repldst_port = htons(port);
@@ -521,7 +522,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case 'e': /* --ctdir */
- param_act(P_NO_INVERT, "conntrack", "--ctdir", invert);
+ xtables_param_act(XTF_NO_INVERT, "conntrack", "--ctdir", invert);
if (strcasecmp(optarg, "ORIGINAL") == 0) {
info->match_flags |= XT_CONNTRACK_DIRECTION;
info->invert_flags &= ~XT_CONNTRACK_DIRECTION;
@@ -529,7 +530,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags,
info->match_flags |= XT_CONNTRACK_DIRECTION;
info->invert_flags |= XT_CONNTRACK_DIRECTION;
} else {
- param_act(P_BAD_VALUE, "conntrack", "--ctdir", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctdir", optarg);
}
break;
@@ -551,7 +552,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '3': /* --ctorigsrc */
- ipparse_hostnetworkmask(optarg, &addr, &info->origsrc_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -564,7 +565,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4': /* --ctorigdst */
- ipparse_hostnetworkmask(optarg, &addr, &info->origdst_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -577,7 +578,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '5': /* --ctreplsrc */
- ipparse_hostnetworkmask(optarg, &addr, &info->replsrc_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -590,7 +591,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '6': /* --ctrepldst */
- ipparse_hostnetworkmask(optarg, &addr, &info->repldst_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -621,7 +622,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '3': /* --ctorigsrc */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->origsrc_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -634,7 +635,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4': /* --ctorigdst */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->origdst_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -647,7 +648,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '5': /* --ctreplsrc */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->replsrc_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -660,7 +661,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '6': /* --ctrepldst */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->repldst_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -761,9 +762,9 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
return;
}
if (numeric)
- printf("%s ", ipaddr_to_numeric(&addr->in));
+ printf("%s ", xtables_ipaddr_to_numeric(&addr->in));
else
- printf("%s ", ipaddr_to_anyname(&addr->in));
+ printf("%s ", xtables_ipaddr_to_anyname(&addr->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
@@ -771,9 +772,9 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
return;
}
if (numeric)
- printf("%s ", ip6addr_to_numeric(&addr->in6));
+ printf("%s ", xtables_ip6addr_to_numeric(&addr->in6));
else
- printf("%s ", ip6addr_to_anyname(&addr->in6));
+ printf("%s ", xtables_ip6addr_to_anyname(&addr->in6));
}
}
@@ -789,10 +790,10 @@ print_addr(struct in_addr *addr, struct in_addr *mask, int inv, int numeric)
printf("%s ", "anywhere");
else {
if (numeric)
- sprintf(buf, "%s", ipaddr_to_numeric(addr));
+ strcpy(buf, xtables_ipaddr_to_numeric(addr));
else
- sprintf(buf, "%s", ipaddr_to_anyname(addr));
- strcat(buf, ipmask_to_numeric(mask));
+ strcpy(buf, xtables_ipaddr_to_anyname(addr));
+ strcat(buf, xtables_ipmask_to_numeric(mask));
printf("%s ", buf);
}
}
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 24bf6f7f..dbf6223c 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -62,14 +62,14 @@ parse_dccp_ports(const char *portstring,
buffer = strdup(portstring);
DEBUGP("%s\n", portstring);
if ((cp = strchr(buffer, ':')) == NULL) {
- ports[0] = ports[1] = parse_port(buffer, "dccp");
+ ports[0] = ports[1] = xtables_parse_port(buffer, "dccp");
}
else {
*cp = '\0';
cp++;
- ports[0] = buffer[0] ? parse_port(buffer, "dccp") : 0;
- ports[1] = cp[0] ? parse_port(cp, "dccp") : 0xFFFF;
+ ports[0] = buffer[0] ? xtables_parse_port(buffer, "dccp") : 0;
+ ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF;
if (ports[0] > ports[1])
exit_error(PARAMETER_PROBLEM,
@@ -121,11 +121,11 @@ static u_int8_t parse_dccp_option(char *optstring)
{
unsigned int ret;
- if (string_to_number(optstring, 1, 255, &ret) == -1)
+ if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX))
exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'",
optstring);
- return (u_int8_t)ret;
+ return ret;
}
static int
@@ -141,7 +141,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_DCCP_SRC_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dccp_ports(argv[optind-1], einfo->spts);
if (invert)
einfo->invflags |= XT_DCCP_SRC_PORTS;
@@ -153,7 +153,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_DCCP_DEST_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dccp_ports(argv[optind-1], einfo->dpts);
if (invert)
einfo->invflags |= XT_DCCP_DEST_PORTS;
@@ -165,7 +165,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--dccp-types' allowed");
einfo->flags |= XT_DCCP_TYPE;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->typemask = parse_dccp_types(argv[optind-1]);
if (invert)
einfo->invflags |= XT_DCCP_TYPE;
@@ -177,7 +177,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--dccp-option' allowed");
einfo->flags |= XT_DCCP_OPTION;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->option = parse_dccp_option(argv[optind-1]);
if (invert)
einfo->invflags |= XT_DCCP_OPTION;
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index eefb186b..e57c2673 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo)
{
unsigned int dscp;
- if (string_to_number(s, 0, 255, &dscp) == -1)
+ if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid dscp `%s'\n", s);
@@ -56,8 +56,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo)
exit_error(PARAMETER_PROBLEM,
"DSCP `%d` out of range\n", dscp);
- dinfo->dscp = (u_int8_t )dscp;
- return;
+ dinfo->dscp = dscp;
}
@@ -67,7 +66,7 @@ parse_class(const char *s, struct xt_dscp_info *dinfo)
unsigned int dscp = class_to_dscp(s);
/* Assign the value */
- dinfo->dscp = (u_int8_t)dscp;
+ dinfo->dscp = dscp;
}
@@ -83,7 +82,7 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags)
exit_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dscp(argv[optind-1], dinfo);
if (invert)
dinfo->invert = 1;
@@ -94,7 +93,7 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags)
exit_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp-class ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_class(argv[optind - 1], dinfo);
if (invert)
dinfo->invert = 1;
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 999733c3..2cc6b60f 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -43,7 +43,7 @@ parse_esp_spi(const char *spistr)
exit_error(PARAMETER_PROBLEM,
"ESP error parsing spi `%s'", spistr);
}
- return (u_int32_t) spi;
+ return spi;
}
static void
@@ -88,7 +88,7 @@ esp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & ESP_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--espspi' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_esp_spis(argv[optind-1], espinfo->spis);
if (invert)
espinfo->invflags |= XT_ESP_INV_SPI;
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 1c506852..b05e8c8c 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -217,9 +217,9 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '%':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit",
*flags & PARAM_LIMIT);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->cfg.avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
@@ -227,41 +227,41 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '$':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
*flags & PARAM_BURST);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
- if (string_to_number(optarg, 0, 10000, &num) == -1)
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-burst `%s'", optarg);
r->cfg.burst = num;
*flags |= PARAM_BURST;
break;
case '&':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
*flags & PARAM_SIZE);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
- if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-size: `%s'", optarg);
r->cfg.size = num;
*flags |= PARAM_SIZE;
break;
case '*':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
*flags & PARAM_MAX);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
- if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-max: `%s'", optarg);
r->cfg.max = num;
*flags |= PARAM_MAX;
break;
case '(':
- param_act(P_ONLY_ONCE, "hashlimit",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-gcinterval",
*flags & PARAM_GCINTERVAL);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
- if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-gcinterval: `%s'",
optarg);
@@ -270,10 +270,10 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= PARAM_GCINTERVAL;
break;
case ')':
- param_act(P_ONLY_ONCE, "hashlimit",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
- if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-expire: `%s'", optarg);
/* FIXME: not HZ dependent */
@@ -281,18 +281,18 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= PARAM_EXPIRE;
break;
case '_':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
*flags & PARAM_MODE);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (parse_mode(&r->cfg.mode, optarg) < 0)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-mode: `%s'\n", optarg);
*flags |= PARAM_MODE;
break;
case '"':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (strlen(optarg) == 0)
exit_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(r->name, optarg, sizeof(r->name));
@@ -317,63 +317,63 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags,
switch(c) {
case '%': /* --hashlimit / --hashlimit-below */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-upto",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-upto",
*flags & PARAM_LIMIT);
if (invert)
info->cfg.mode |= XT_HASHLIMIT_INVERT;
if (!parse_rate(optarg, &info->cfg.avg))
- param_act(P_BAD_VALUE, "hashlimit",
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-upto", optarg);
*flags |= PARAM_LIMIT;
return true;
case '^': /* --hashlimit-above == !--hashlimit-below */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-above",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-above",
*flags & PARAM_LIMIT);
if (!invert)
info->cfg.mode |= XT_HASHLIMIT_INVERT;
if (!parse_rate(optarg, &info->cfg.avg))
- param_act(P_BAD_VALUE, "hashlimit",
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-above", optarg);
*flags |= PARAM_LIMIT;
return true;
case '$': /* --hashlimit-burst */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
*flags & PARAM_BURST);
- if (!strtonum(optarg, NULL, &num, 0, 10000))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-burst", optarg);
info->cfg.burst = num;
*flags |= PARAM_BURST;
return true;
case '&': /* --hashlimit-htable-size */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
*flags & PARAM_SIZE);
- if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-htable-size", optarg);
info->cfg.size = num;
*flags |= PARAM_SIZE;
return true;
case '*': /* --hashlimit-htable-max */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
*flags & PARAM_MAX);
- if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-htable-max", optarg);
info->cfg.max = num;
*flags |= PARAM_MAX;
return true;
case '(': /* --hashlimit-htable-gcinterval */
- param_act(P_ONLY_ONCE, "hashlimit",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-gcinterval",
*flags & PARAM_GCINTERVAL);
- if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-htable-gcinterval", optarg);
/* FIXME: not HZ dependent!! */
info->cfg.gc_interval = num;
@@ -381,10 +381,10 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags,
return true;
case ')': /* --hashlimit-htable-expire */
- param_act(P_ONLY_ONCE, "hashlimit",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
- if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-htable-expire", optarg);
/* FIXME: not HZ dependent */
info->cfg.expire = num;
@@ -392,16 +392,16 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags,
return true;
case '_':
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
*flags & PARAM_MODE);
if (parse_mode(&info->cfg.mode, optarg) < 0)
- param_act(P_BAD_VALUE, "hashlimit",
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-mode", optarg);
*flags |= PARAM_MODE;
return true;
case '"': /* --hashlimit-name */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
if (strlen(optarg) == 0)
exit_error(PARAMETER_PROBLEM, "Zero-length name?");
@@ -411,20 +411,20 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags,
return true;
case '<': /* --hashlimit-srcmask */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask",
*flags & PARAM_SRCMASK);
- if (!strtonum(optarg, NULL, &num, 0, maxmask))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-srcmask", optarg);
info->cfg.srcmask = num;
*flags |= PARAM_SRCMASK;
return true;
case '>': /* --hashlimit-dstmask */
- param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask",
+ xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask",
*flags & PARAM_DSTMASK);
- if (!strtonum(optarg, NULL, &num, 0, maxmask))
- param_act(P_BAD_VALUE, "hashlimit",
+ if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
"--hashlimit-dstmask", optarg);
info->cfg.dstmask = num;
*flags |= PARAM_DSTMASK;
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index b60c9826..569ad69e 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -31,7 +31,7 @@ helper_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags)
exit_error(PARAMETER_PROBLEM,
"helper match: Only use --helper ONCE!");
- check_inverse(optarg, &invert, &invert, 0);
+ xtables_check_inverse(optarg, &invert, &invert, 0);
strncpy(info->name, optarg, 29);
info->name[29] = '\0';
if (invert)
@@ -65,7 +65,7 @@ static void helper_save(const void *ip, const struct xt_entry_match *match)
struct xt_helper_info *info = (struct xt_helper_info *)match->data;
printf("%s--helper ",info->invert ? "! " : "");
- save_string(info->name);
+ xtables_save_string(info->name);
}
static struct xtables_match helper_match = {
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 09e9fb7f..df6be14f 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -40,14 +40,14 @@ parse_iprange(char *arg, struct ipt_iprange *range)
if (dash != NULL)
*dash = '\0';
- ip = numeric_to_ipaddr(arg);
+ ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
arg);
range->min_ip = ip->s_addr;
if (dash != NULL) {
- ip = numeric_to_ipaddr(dash+1);
+ ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
dash+1);
@@ -70,7 +70,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= IPRANGE_SRC;
info->flags |= IPRANGE_SRC;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags |= IPRANGE_SRC_INV;
parse_iprange(optarg, &info->src);
@@ -84,7 +84,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= IPRANGE_DST;
info->flags |= IPRANGE_DST;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags |= IPRANGE_DST_INV;
@@ -110,15 +110,15 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
case '1': /* --src-range */
end = strchr(optarg, '-');
if (end == NULL)
- param_act(P_BAD_VALUE, "iprange", "--src-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
*end = '\0';
- ia = numeric_to_ipaddr(optarg);
+ ia = xtables_numeric_to_ipaddr(optarg);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--src-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
memcpy(&info->src_min.in, ia, sizeof(*ia));
- ia = numeric_to_ipaddr(end+1);
+ ia = xtables_numeric_to_ipaddr(end+1);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--src-range", end + 1);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
memcpy(&info->src_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_SRC;
if (invert)
@@ -129,15 +129,15 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
case '2': /* --dst-range */
end = strchr(optarg, '-');
if (end == NULL)
- param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
*end = '\0';
- ia = numeric_to_ipaddr(optarg);
+ ia = xtables_numeric_to_ipaddr(optarg);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
memcpy(&info->dst_min.in, ia, sizeof(*ia));
- ia = numeric_to_ipaddr(end + 1);
+ ia = xtables_numeric_to_ipaddr(end + 1);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--dst-range", end + 1);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
memcpy(&info->dst_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_DST;
if (invert)
@@ -160,15 +160,15 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
case '1': /* --src-range */
end = strchr(optarg, '-');
if (end == NULL)
- param_act(P_BAD_VALUE, "iprange", "--src-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
*end = '\0';
- ia = numeric_to_ip6addr(optarg);
+ ia = xtables_numeric_to_ip6addr(optarg);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--src-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
memcpy(&info->src_min.in, ia, sizeof(*ia));
- ia = numeric_to_ip6addr(end+1);
+ ia = xtables_numeric_to_ip6addr(end+1);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--src-range", end + 1);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
memcpy(&info->src_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_SRC;
if (invert)
@@ -179,15 +179,15 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
case '2': /* --dst-range */
end = strchr(optarg, '-');
if (end == NULL)
- param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
*end = '\0';
- ia = numeric_to_ip6addr(optarg);
+ ia = xtables_numeric_to_ip6addr(optarg);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
memcpy(&info->dst_min.in, ia, sizeof(*ia));
- ia = numeric_to_ip6addr(end + 1);
+ ia = xtables_numeric_to_ip6addr(end + 1);
if (ia == NULL)
- param_act(P_BAD_VALUE, "iprange", "--dst-range", end + 1);
+ xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
memcpy(&info->dst_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_DST;
if (invert)
@@ -250,15 +250,15 @@ iprange_mt4_print(const void *ip, const struct xt_entry_match *match,
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", ipaddr_to_numeric(&info->src_max.in));
+ printf("%s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
printf("destination IP range ");
if (info->flags & IPRANGE_DST_INV)
printf("! ");
- printf("%s", ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", ipaddr_to_numeric(&info->dst_max.in));
+ printf("%s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
@@ -276,15 +276,15 @@ iprange_mt6_print(const void *ip, const struct xt_entry_match *match,
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", ip6addr_to_numeric(&info->src_max.in6));
+ printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
printf("destination IP range ");
if (info->flags & IPRANGE_DST_INV)
printf("! ");
- printf("%s", ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", ip6addr_to_numeric(&info->dst_max.in6));
+ printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
@@ -315,14 +315,14 @@ static void iprange_mt4_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
printf("! ");
- printf("--src-range %s", ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", ipaddr_to_numeric(&info->src_max.in));
+ printf("--src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
printf("! ");
- printf("--dst-range %s", ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", ipaddr_to_numeric(&info->dst_max.in));
+ printf("--dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
@@ -333,14 +333,14 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
printf("! ");
- printf("--src-range %s", ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", ip6addr_to_numeric(&info->src_max.in6));
+ printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
printf("! ");
- printf("--dst-range %s", ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", ip6addr_to_numeric(&info->dst_max.in6));
+ printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index 98e81673..cf944e2d 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -26,10 +26,10 @@ parse_length(const char *s)
{
unsigned int len;
- if (string_to_number(s, 0, 0xFFFF, &len) == -1)
+ if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s);
else
- return (u_int16_t )len;
+ return len;
}
/* If a single value is provided, min and max are both set to the value */
@@ -70,7 +70,7 @@ length_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_lengths(argv[optind-1], info);
if (invert)
info->invert = 1;
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index 3ed7b965..7edfa3db 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -94,15 +94,15 @@ limit_parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '%':
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
- if (string_to_number(optarg, 0, 10000, &num) == -1)
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
exit_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
r->burst = num;
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index f4128c01..b516d80f 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -57,7 +57,7 @@ mac_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_mac(argv[optind-1], macinfo);
if (invert)
macinfo->invert = 1;
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 811cc77e..1143ba98 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -29,19 +29,19 @@ static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_mark_mtinfo1 *info = (void *)(*match)->data;
- unsigned int mark, mask = ~0U;
+ unsigned int mark, mask = UINT32_MAX;
char *end;
switch (c) {
case '1': /* --mark */
- param_act(P_ONLY_ONCE, "mark", "--mark", *flags & F_MARK);
- if (!strtonum(optarg, &end, &mark, 0, ~0U))
- param_act(P_BAD_VALUE, "mark", "--mark", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "mark", "--mark", *flags & F_MARK);
+ if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
if (*end == '/')
- if (!strtonum(end + 1, &end, &mask, 0, ~0U))
- param_act(P_BAD_VALUE, "mark", "--mark", optarg);
+ if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
if (*end != '\0')
- param_act(P_BAD_VALUE, "mark", "--mark", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
if (invert)
info->invert = true;
@@ -62,7 +62,7 @@ mark_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index dae6e335..d0e830df 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -81,7 +81,7 @@ parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
{
next=strchr(cp, ',');
if (next) *next++='\0';
- ports[i] = parse_port(cp, proto);
+ ports[i] = xtables_parse_port(cp, proto);
}
if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified");
free(buffer);
@@ -113,10 +113,10 @@ parse_multi_ports_v1(const char *portstring,
"too many ports specified");
*range++ = '\0';
}
- multiinfo->ports[i] = parse_port(cp, proto);
+ multiinfo->ports[i] = xtables_parse_port(cp, proto);
if (range) {
multiinfo->pflags[i] = 1;
- multiinfo->ports[++i] = parse_port(range, proto);
+ multiinfo->ports[++i] = xtables_parse_port(range, proto);
if (multiinfo->ports[i-1] >= multiinfo->ports[i])
exit_error(PARAMETER_PROBLEM,
"invalid portrange specified");
@@ -161,7 +161,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
@@ -169,7 +169,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '2':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
@@ -177,7 +177,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '3':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
@@ -228,21 +228,21 @@ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_SOURCE;
break;
case '2':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_DESTINATION;
break;
case '3':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index 4cd173e3..bf26f35c 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -19,6 +19,11 @@
#include <linux/netfilter_ipv4/ipt_owner.h>
#include <linux/netfilter_ipv6/ip6t_owner.h>
+/*
+ * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved
+ * UID/GID value anyway.
+ */
+
enum {
FLAG_UID_OWNER = 1 << 0,
FLAG_GID_OWNER = 1 << 1,
@@ -107,11 +112,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case 'u':
- param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER);
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER);
if ((pwd = getpwnam(optarg)) != NULL)
id = pwd->pw_uid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0))
- param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg);
+ else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg);
if (invert)
info->invert |= IPT_OWNER_UID;
info->match |= IPT_OWNER_UID;
@@ -120,11 +125,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
return true;
case 'g':
- param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER);
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER);
if ((grp = getgrnam(optarg)) != NULL)
id = grp->gr_gid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0))
- param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg);
+ else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg);
if (invert)
info->invert |= IPT_OWNER_GID;
info->match |= IPT_OWNER_GID;
@@ -133,9 +138,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
return true;
case 'p':
- param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER);
- if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
- param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER);
+ if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg);
if (invert)
info->invert |= IPT_OWNER_PID;
info->match |= IPT_OWNER_PID;
@@ -144,9 +149,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
return true;
case 's':
- param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER);
- if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
- param_act(P_BAD_VALUE, "owner", "--sid-value", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER);
+ if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-value", optarg);
if (invert)
info->invert |= IPT_OWNER_SID;
info->match |= IPT_OWNER_SID;
@@ -156,7 +161,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
#ifdef IPT_OWNER_COMM
case 'c':
- param_act(P_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM);
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM);
if (strlen(optarg) > sizeof(info->comm))
exit_error(PARAMETER_PROBLEM, "owner match: command "
"\"%s\" too long, max. %zu characters",
@@ -186,12 +191,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case 'u':
- param_act(P_ONLY_ONCE, "owner", "--uid-owner",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner",
*flags & FLAG_UID_OWNER);
if ((pwd = getpwnam(optarg)) != NULL)
id = pwd->pw_uid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0))
- param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg);
+ else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg);
if (invert)
info->invert |= IP6T_OWNER_UID;
info->match |= IP6T_OWNER_UID;
@@ -200,12 +205,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
return true;
case 'g':
- param_act(P_ONLY_ONCE, "owner", "--gid-owner",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner",
*flags & FLAG_GID_OWNER);
if ((grp = getgrnam(optarg)) != NULL)
id = grp->gr_gid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0))
- param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg);
+ else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg);
if (invert)
info->invert |= IP6T_OWNER_GID;
info->match |= IP6T_OWNER_GID;
@@ -214,10 +219,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
return true;
case 'p':
- param_act(P_ONLY_ONCE, "owner", "--pid-owner",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner",
*flags & FLAG_PID_OWNER);
- if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
- param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg);
+ if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg);
if (invert)
info->invert |= IP6T_OWNER_PID;
info->match |= IP6T_OWNER_PID;
@@ -226,10 +231,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
return true;
case 's':
- param_act(P_ONLY_ONCE, "owner", "--sid-owner",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner",
*flags & FLAG_SID_OWNER);
- if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
- param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg);
+ if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-owner", optarg);
if (invert)
info->invert |= IP6T_OWNER_SID;
info->match |= IP6T_OWNER_SID;
@@ -245,15 +250,15 @@ static void owner_parse_range(const char *s, unsigned int *from,
{
char *end;
- /* 4294967295 is reserved, so subtract one from ~0 */
- if (!strtonum(s, &end, from, 0, (~(uid_t)0) - 1))
- param_act(P_BAD_VALUE, "owner", opt, s);
+ /* -1 is reversed, so the max is one less than that. */
+ if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", opt, s);
*to = *from;
if (*end == '-' || *end == ':')
- if (!strtonum(end + 1, &end, to, 0, (~(uid_t)0) - 1))
- param_act(P_BAD_VALUE, "owner", opt, s);
+ if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", opt, s);
if (*end != '\0')
- param_act(P_BAD_VALUE, "owner", opt, s);
+ xtables_param_act(XTF_BAD_VALUE, "owner", opt, s);
}
static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags,
@@ -266,7 +271,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case 'u':
- param_act(P_ONLY_ONCE, "owner", "--uid-owner",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner",
*flags & FLAG_UID_OWNER);
if ((pwd = getpwnam(optarg)) != NULL)
from = to = pwd->pw_uid;
@@ -281,7 +286,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags,
return true;
case 'g':
- param_act(P_ONLY_ONCE, "owner", "--gid-owner",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner",
*flags & FLAG_GID_OWNER);
if ((grp = getgrnam(optarg)) != NULL)
from = to = grp->gr_gid;
@@ -296,7 +301,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags,
return true;
case 'k':
- param_act(P_ONLY_ONCE, "owner", "--socket-exists",
+ xtables_param_act(XTF_ONLY_ONCE, "owner", "--socket-exists",
*flags & FLAG_SOCKET_EXISTS);
if (invert)
info->invert |= XT_OWNER_SOCKET;
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index 0572aba9..4275a1a4 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -43,8 +43,8 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags,
case '1':
if (*flags & XT_PHYSDEV_OP_IN)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
- parse_interface(argv[optind-1], info->physindev,
+ xtables_check_inverse(optarg, &invert, &optind, 0);
+ xtables_parse_interface(argv[optind-1], info->physindev,
(unsigned char *)info->in_mask);
if (invert)
info->invert |= XT_PHYSDEV_OP_IN;
@@ -55,8 +55,8 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags,
case '2':
if (*flags & XT_PHYSDEV_OP_OUT)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
- parse_interface(argv[optind-1], info->physoutdev,
+ xtables_check_inverse(optarg, &invert, &optind, 0);
+ xtables_parse_interface(argv[optind-1], info->physoutdev,
(unsigned char *)info->out_mask);
if (invert)
info->invert |= XT_PHYSDEV_OP_OUT;
@@ -67,7 +67,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags,
case '3':
if (*flags & XT_PHYSDEV_OP_ISIN)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->bitmask |= XT_PHYSDEV_OP_ISIN;
if (invert)
info->invert |= XT_PHYSDEV_OP_ISIN;
@@ -77,7 +77,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags,
case '4':
if (*flags & XT_PHYSDEV_OP_ISOUT)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->bitmask |= XT_PHYSDEV_OP_ISOUT;
if (invert)
info->invert |= XT_PHYSDEV_OP_ISOUT;
@@ -87,7 +87,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags,
case '5':
if (*flags & XT_PHYSDEV_OP_BRIDGED)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->invert |= XT_PHYSDEV_OP_BRIDGED;
*flags |= XT_PHYSDEV_OP_BRIDGED;
diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index ab2e2259..8caba91e 100644
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -91,7 +91,7 @@ static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags,
switch(c)
{
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_pkttype(argv[optind-1], info);
if(invert)
info->invert=1;
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index 5007f7cb..8c91fb8e 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -46,7 +46,7 @@ parse_quota(const char *s, u_int64_t * quota)
printf("Quota: %llu\n", *quota);
#endif
- if (*quota == (u_int64_t)-1)
+ if (*quota == UINT64_MAX)
exit_error(PARAMETER_PROBLEM, "quota invalid: '%s'\n", s);
else
return 1;
@@ -60,7 +60,7 @@ quota_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
if (!parse_quota(optarg, &info->quota))
exit_error(PARAMETER_PROBLEM,
diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c
index 333239d9..8a8836bf 100644
--- a/extensions/libxt_rateest.c
+++ b/extensions/libxt_rateest.c
@@ -112,12 +112,13 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_rateest_match_info *info = (void *)(*match)->data;
+ unsigned int val;
rateest_info = info;
switch (c) {
case OPT_RATEEST1:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
@@ -131,7 +132,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST2:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
@@ -146,7 +147,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_BPS1:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
@@ -170,7 +171,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_PPS1:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
@@ -186,15 +187,16 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
if (!argv[optind] || *argv[optind] == '-' || *argv[optind] == '!')
break;
- if (string_to_number(argv[optind], 0, 0, &info->pps1) < 0)
+ if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"rateest: could not parse pps `%s'",
argv[optind]);
+ info->pps1 = val;
optind++;
break;
case OPT_RATEEST_BPS2:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
@@ -218,7 +220,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_PPS2:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
@@ -234,15 +236,16 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
if (!argv[optind] || *argv[optind] == '-' || *argv[optind] == '!')
break;
- if (string_to_number(argv[optind], 0, 0, &info->pps2) < 0)
+ if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"rateest: could not parse pps `%s'",
argv[optind]);
+ info->pps2 = val;
optind++;
break;
case OPT_RATEEST_DELTA:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-delta can't be inverted");
@@ -256,7 +259,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_EQ:
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
exit_error(PARAMETER_PROBLEM,
@@ -269,7 +272,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_LT:
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
exit_error(PARAMETER_PROBLEM,
@@ -282,7 +285,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_GT:
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
exit_error(PARAMETER_PROBLEM,
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index 1ae90133..1646705f 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -73,7 +73,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_SET;
if (invert) info->invert = 1;
*flags |= XT_RECENT_SET;
@@ -84,7 +84,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_CHECK;
if(invert) info->invert = 1;
*flags |= XT_RECENT_CHECK;
@@ -95,7 +95,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_UPDATE;
if (invert) info->invert = 1;
*flags |= XT_RECENT_UPDATE;
@@ -106,7 +106,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_REMOVE;
if (invert) info->invert = 1;
*flags |= XT_RECENT_REMOVE;
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index 37a6423e..2ee48610 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -85,14 +85,14 @@ parse_sctp_ports(const char *portstring,
buffer = strdup(portstring);
DEBUGP("%s\n", portstring);
if ((cp = strchr(buffer, ':')) == NULL) {
- ports[0] = ports[1] = parse_port(buffer, "sctp");
+ ports[0] = ports[1] = xtables_parse_port(buffer, "sctp");
}
else {
*cp = '\0';
cp++;
- ports[0] = buffer[0] ? parse_port(buffer, "sctp") : 0;
- ports[1] = cp[0] ? parse_port(cp, "sctp") : 0xFFFF;
+ ports[0] = buffer[0] ? xtables_parse_port(buffer, "sctp") : 0;
+ ports[1] = cp[0] ? xtables_parse_port(cp, "sctp") : 0xFFFF;
if (ports[0] > ports[1])
exit_error(PARAMETER_PROBLEM,
@@ -270,7 +270,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_SCTP_SRC_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_sctp_ports(argv[optind-1], einfo->spts);
if (invert)
einfo->invflags |= XT_SCTP_SRC_PORTS;
@@ -282,7 +282,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_SCTP_DEST_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_sctp_ports(argv[optind-1], einfo->dpts);
if (invert)
einfo->invflags |= XT_SCTP_DEST_PORTS;
@@ -293,7 +293,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & XT_SCTP_CHUNK_TYPES)
exit_error(PARAMETER_PROBLEM,
"Only one `--chunk-types' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index 66af518a..51822303 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -71,7 +71,7 @@ state_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
state_parse_states(argv[optind-1], sinfo);
if (invert)
diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
index d85aacbd..574f8f7d 100644
--- a/extensions/libxt_statistic.c
+++ b/extensions/libxt_statistic.c
@@ -40,6 +40,7 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_statistic_info *info = (void *)(*match)->data;
+ unsigned int val;
double prob;
if (invert)
@@ -70,10 +71,10 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags,
case '3':
if (*flags & 0x4)
exit_error(PARAMETER_PROBLEM, "double --every");
- if (string_to_number(optarg, 0, 0xFFFFFFFF,
- &info->u.nth.every) == -1)
+ if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"cannot parse --every `%s'", optarg);
+ info->u.nth.every = val;
if (info->u.nth.every == 0)
exit_error(PARAMETER_PROBLEM, "--every cannot be 0");
info->u.nth.every--;
@@ -82,10 +83,10 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags,
case '4':
if (*flags & 0x8)
exit_error(PARAMETER_PROBLEM, "double --packet");
- if (string_to_number(optarg, 0, 0xFFFFFFFF,
- &info->u.nth.packet) == -1)
+ if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"cannot parse --packet `%s'", optarg);
+ info->u.nth.packet = val;
*flags |= 0x8;
break;
default:
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index b440fc92..6bd27c0b 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -57,7 +57,7 @@ static void string_init(struct xt_entry_match *m)
struct xt_string_info *i = (struct xt_string_info *) m->data;
if (i->to_offset == 0)
- i->to_offset = (u_int16_t) ~0UL;
+ i->to_offset = UINT16_MAX;
}
static void
@@ -199,7 +199,7 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & STRING)
exit_error(PARAMETER_PROBLEM,
"Can't specify multiple --string");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_string(argv[optind-1], stringinfo);
if (invert) {
if (revision == 0)
@@ -216,7 +216,7 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify multiple --hex-string");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_hex_string(argv[optind-1], stringinfo); /* sets length */
if (invert) {
if (revision == 0)
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 14d8c186..069bb7fa 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -44,13 +44,13 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports)
buffer = strdup(portstring);
if ((cp = strchr(buffer, ':')) == NULL)
- ports[0] = ports[1] = parse_port(buffer, "tcp");
+ ports[0] = ports[1] = xtables_parse_port(buffer, "tcp");
else {
*cp = '\0';
cp++;
- ports[0] = buffer[0] ? parse_port(buffer, "tcp") : 0;
- ports[1] = cp[0] ? parse_port(cp, "tcp") : 0xFFFF;
+ ports[0] = buffer[0] ? xtables_parse_port(buffer, "tcp") : 0;
+ ports[1] = cp[0] ? xtables_parse_port(cp, "tcp") : 0xFFFF;
if (ports[0] > ports[1])
exit_error(PARAMETER_PROBLEM,
@@ -121,10 +121,10 @@ parse_tcp_option(const char *option, u_int8_t *result)
{
unsigned int ret;
- if (string_to_number(option, 1, 255, &ret) == -1)
+ if (!xtables_strtoui(option, NULL, &ret, 1, UINT8_MAX))
exit_error(PARAMETER_PROBLEM, "Bad TCP option `%s'", option);
- *result = (u_int8_t)ret;
+ *result = ret;
}
static void tcp_init(struct xt_entry_match *m)
@@ -150,7 +150,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_SRCPT;
@@ -161,7 +161,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_DSTPT;
@@ -182,7 +182,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
@@ -199,7 +199,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_OPTION)
exit_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_OPTION;
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 000d85a6..5c013a77 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -26,8 +26,8 @@ parse_tcp_mssvalue(const char *mssvalue)
{
unsigned int mssvaluenum;
- if (string_to_number(mssvalue, 0, 65535, &mssvaluenum) != -1)
- return (u_int16_t)mssvaluenum;
+ if (!xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX))
+ return mssvaluenum;
exit_error(PARAMETER_PROBLEM,
"Invalid mss `%s' specified", mssvalue);
@@ -65,7 +65,7 @@ tcpmss_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags)
exit_error(PARAMETER_PROBLEM,
"Only one `--mss' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_mssvalues(argv[optind-1],
&mssinfo->mss_min, &mssinfo->mss_max);
if (invert)
diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c
index 989806de..41aa5c77 100644
--- a/extensions/libxt_time.c
+++ b/extensions/libxt_time.c
@@ -22,7 +22,6 @@
#include <linux/netfilter/xt_time.h>
#include <xtables.h>
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*x))
enum { /* getopt "seen" bits */
F_DATE_START = 1 << 0,
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 9f8d6fa3..a6118400 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -50,9 +50,9 @@ static int tos_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case 't':
- param_act(P_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
- param_act(P_BAD_VALUE, "tos", "--tos", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
if (tvm.mask != 0xFF)
exit_error(PARAMETER_PROBLEM, "tos: Your kernel is "
"too old to support anything besides /0xFF "
@@ -74,9 +74,9 @@ static int tos_mt_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case 't':
- param_act(P_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
+ xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
if (!tos_parse_symbolic(optarg, &tvm, 0x3F))
- param_act(P_BAD_VALUE, "tos", "--tos", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
info->tos_value = tvm.value;
info->tos_mask = tvm.mask;
if (invert)
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 256d15fc..f0bb61a3 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -254,7 +254,6 @@ static void u32_print(const void *ip, const struct xt_entry_match *match,
if (data->invert)
printf("! ");
u32_dump(data);
- return;
}
static void u32_save(const void *ip, const struct xt_entry_match *match)
@@ -264,7 +263,6 @@ static void u32_save(const void *ip, const struct xt_entry_match *match)
printf("! ");
printf("--u32 ");
u32_dump(data);
- return;
}
static struct xtables_match u32_match = {
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index f64fd1cf..8f57f4ec 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -36,13 +36,13 @@ parse_udp_ports(const char *portstring, u_int16_t *ports)
buffer = strdup(portstring);
if ((cp = strchr(buffer, ':')) == NULL)
- ports[0] = ports[1] = parse_port(buffer, "udp");
+ ports[0] = ports[1] = xtables_parse_port(buffer, "udp");
else {
*cp = '\0';
cp++;
- ports[0] = buffer[0] ? parse_port(buffer, "udp") : 0;
- ports[1] = cp[0] ? parse_port(cp, "udp") : 0xFFFF;
+ ports[0] = buffer[0] ? xtables_parse_port(buffer, "udp") : 0;
+ ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF;
if (ports[0] > ports[1])
exit_error(PARAMETER_PROBLEM,
@@ -72,7 +72,7 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & UDP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
udpinfo->invflags |= XT_UDP_INV_SRCPT;
@@ -83,7 +83,7 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & UDP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
udpinfo->invflags |= XT_UDP_INV_DSTPT;
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index 0ab784da..81f6de1c 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -34,14 +34,14 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
unsigned int value;
char *end;
- strtonum(str, &end, &value, 0, max);
+ xtables_strtoui(str, &end, &value, 0, max);
tvm->value = value;
tvm->mask = max;
if (*end == '/') {
const char *p = end + 1;
- if (!strtonum(p, &end, &value, 0, max))
+ if (!xtables_strtoui(p, &end, &value, 0, max))
exit_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
str);
tvm->mask = value;
@@ -55,11 +55,11 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
unsigned int def_mask)
{
- const unsigned int max = 255;
+ const unsigned int max = UINT8_MAX;
const struct tos_symbol_info *symbol;
char *tmp;
- if (strtonum(str, &tmp, NULL, 0, max))
+ if (xtables_strtoui(str, &tmp, NULL, 0, max))
return tos_parse_numeric(str, tvm, max);
/* Do not consider ECN bits */
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 02a832db..02750fb9 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -1,6 +1,11 @@
#ifndef _XTABLES_H
#define _XTABLES_H
+/*
+ * Changing any structs/functions may incur a needed change
+ * in libxtables_vcurrent/vage too.
+ */
+
#include <sys/socket.h> /* PF_* */
#include <sys/types.h>
#include <stdbool.h>
@@ -16,14 +21,15 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_MH
+# define IPPROTO_MH 135
+#endif
#ifndef IPPROTO_UDPLITE
#define IPPROTO_UDPLITE 136
#endif
-#define XTABLES_VERSION "@PACKAGE_VERSION@"
-#define XTABLES_VERSION_CODE (0x10000 * @XTABLES_VERSION_MAJOR@ + 0x100 * @XTABLES_VERSION_MINOR@ + @XTABLES_VERSION_PATCH@)
-
-#define XTABLES_API_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
+#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@"
+#define XTABLES_VERSION_CODE @libxtables_vmajor@
struct in_addr;
@@ -148,6 +154,17 @@ struct xtables_rule_match {
bool completed;
};
+/**
+ * struct xtables_pprot -
+ *
+ * A few hardcoded protocols for 'all' and in case the user has no
+ * /etc/protocols.
+ */
+struct xtables_pprot {
+ const char *name;
+ u_int8_t num;
+};
+
enum xtables_tryload {
XTF_DONT_LOAD,
XTF_DURING_LOAD,
@@ -155,10 +172,24 @@ enum xtables_tryload {
XTF_LOAD_MUST_SUCCEED,
};
+enum xtables_exittype {
+ OTHER_PROBLEM = 1,
+ PARAMETER_PROBLEM,
+ VERSION_PROBLEM,
+ RESOURCE_PROBLEM,
+ XTF_ONLY_ONCE,
+ XTF_NO_INVERT,
+ XTF_BAD_VALUE,
+ XTF_ONE_ACTION,
+};
+
+extern const char *xtables_program_name;
extern const char *xtables_modprobe_program;
extern struct xtables_match *xtables_matches;
extern struct xtables_target *xtables_targets;
+extern void xtables_init(void);
+extern void xtables_set_nfproto(uint8_t);
extern void *xtables_calloc(size_t, size_t);
extern void *xtables_malloc(size_t);
@@ -174,67 +205,44 @@ extern struct xtables_target *xtables_find_target(const char *name,
extern void xtables_register_match(struct xtables_match *me);
extern void xtables_register_target(struct xtables_target *me);
-extern int string_to_number_ll(const char *s,
- unsigned long long min,
- unsigned long long max,
- unsigned long long *ret);
-extern int string_to_number_l(const char *s,
- unsigned long min,
- unsigned long max,
- unsigned long *ret);
-extern int string_to_number(const char *s,
- unsigned int min,
- unsigned int max,
- unsigned int *ret);
-extern bool strtonuml(const char *, char **, unsigned long *,
+extern bool xtables_strtoul(const char *, char **, unsigned long *,
unsigned long, unsigned long);
-extern bool strtonum(const char *, char **, unsigned int *,
+extern bool xtables_strtoui(const char *, char **, unsigned int *,
unsigned int, unsigned int);
-extern int service_to_port(const char *name, const char *proto);
-extern u_int16_t parse_port(const char *port, const char *proto);
+extern int xtables_service_to_port(const char *name, const char *proto);
+extern u_int16_t xtables_parse_port(const char *port, const char *proto);
extern void
-parse_interface(const char *arg, char *vianame, unsigned char *mask);
-
-enum exittype {
- OTHER_PROBLEM = 1,
- PARAMETER_PROBLEM,
- VERSION_PROBLEM,
- RESOURCE_PROBLEM,
- P_ONLY_ONCE,
- P_NO_INVERT,
- P_BAD_VALUE,
- P_ONE_ACTION,
-};
+xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
/* this is a special 64bit data type that is 8-byte aligned */
#define aligned_u64 u_int64_t __attribute__((aligned(8)))
-int check_inverse(const char option[], int *invert, int *my_optind, int argc);
-void exit_error(enum exittype, const char *, ...)__attribute__((noreturn,
- format(printf,2,3)));
-extern void param_act(unsigned int, const char *, ...);
-extern const char *program_name, *program_version;
-
-extern const char *ipaddr_to_numeric(const struct in_addr *);
-extern const char *ipaddr_to_anyname(const struct in_addr *);
-extern const char *ipmask_to_numeric(const struct in_addr *);
-extern struct in_addr *numeric_to_ipaddr(const char *);
-extern struct in_addr *numeric_to_ipmask(const char *);
-extern void ipparse_hostnetworkmask(const char *, struct in_addr **,
+int xtables_check_inverse(const char option[], int *invert,
+ int *my_optind, int argc);
+void exit_error(enum xtables_exittype, const char *, ...)
+ __attribute__((noreturn, format(printf,2,3)));
+extern void xtables_param_act(unsigned int, const char *, ...);
+
+extern const char *xtables_ipaddr_to_numeric(const struct in_addr *);
+extern const char *xtables_ipaddr_to_anyname(const struct in_addr *);
+extern const char *xtables_ipmask_to_numeric(const struct in_addr *);
+extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
+extern struct in_addr *xtables_numeric_to_ipmask(const char *);
+extern void xtables_ipparse_any(const char *, struct in_addr **,
struct in_addr *, unsigned int *);
-extern struct in6_addr *numeric_to_ip6addr(const char *);
-extern const char *ip6addr_to_numeric(const struct in6_addr *);
-extern const char *ip6addr_to_anyname(const struct in6_addr *);
-extern const char *ip6mask_to_numeric(const struct in6_addr *);
-extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **,
+extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
+extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
+extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
+extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
+extern void xtables_ip6parse_any(const char *, struct in6_addr **,
struct in6_addr *, unsigned int *);
/**
* Print the specified value to standard output, quoting dangerous
* characters if required.
*/
-extern void save_string(const char *value);
+extern void xtables_save_string(const char *value);
#ifdef NO_SHARED_LIBS
# ifdef _INIT
@@ -246,10 +254,13 @@ extern void save_string(const char *value);
# define _init __attribute__((constructor)) _INIT
#endif
-/* Present in both iptables.c and ip6tables.c */
-extern u_int16_t parse_protocol(const char *s);
+extern const struct xtables_pprot xtables_chain_protos[];
+extern u_int16_t xtables_parse_protocol(const char *s);
#ifdef XTABLES_INTERNAL
+# ifndef ARRAY_SIZE
+# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+# endif
# include <xtables/internal.h>
#endif
diff --git a/include/xtables/internal.h b/include/xtables/internal.h
deleted file mode 100644
index 60375cd1..00000000
--- a/include/xtables/internal.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef _XTABLES_INTERNAL_H
-#define _XTABLES_INTERNAL_H 1
-
-#ifndef XT_LIB_DIR
-# define XT_LIB_DIR "/usr/local/lib/iptables"
-#endif
-
-/* protocol family dependent informations */
-struct afinfo {
- /* protocol family */
- int family;
-
- /* prefix of library name (ex "libipt_" */
- char *libprefix;
-
- /* used by setsockopt (ex IPPROTO_IP */
- int ipproto;
-
- /* kernel module (ex "ip_tables" */
- char *kmod;
-
- /* optname to check revision support of match */
- int so_rev_match;
-
- /* optname to check revision support of match */
- int so_rev_target;
-};
-
-extern char *lib_dir;
-
-/* This is decleared in ip[6]tables.c */
-extern struct afinfo afinfo;
-
-extern void _init(void);
-
-#endif /* _XTABLES_INTERNAL_H */
diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in
new file mode 100644
index 00000000..81ddb48a
--- /dev/null
+++ b/include/xtables/internal.h.in
@@ -0,0 +1,17 @@
+#ifndef _XTABLES_INTERNAL_H
+#define _XTABLES_INTERNAL_H 1
+
+#define IPTABLES_VERSION "@PACKAGE_VERSION@"
+
+#ifndef XT_LIB_DIR
+# define XT_LIB_DIR "/usr/local/lib/iptables"
+#endif
+
+/**
+ * Program's own name and version.
+ */
+extern const char *program_name, *program_version;
+
+extern void _init(void);
+
+#endif /* _XTABLES_INTERNAL_H */
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 097711f3..acaf97b4 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -127,19 +127,12 @@ int main(int argc, char *argv[])
int in_table = 0, testing = 0;
program_name = "ip6tables-restore";
- program_version = XTABLES_VERSION;
+ program_version = IPTABLES_VERSION;
line = 0;
- lib_dir = getenv("XTABLES_LIBDIR");
- if (lib_dir == NULL) {
- lib_dir = getenv("IP6TABLES_LIB_DIR");
- if (lib_dir != NULL)
- fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, "
- "use XTABLES_LIBDIR.\n");
- }
- if (lib_dir == NULL)
- lib_dir = XTABLES_LIBDIR;
-
+ xtables_program_name = program_name;
+ xtables_init();
+ xtables_set_nfproto(NFPROTO_IPV6);
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
@@ -160,7 +153,7 @@ int main(int argc, char *argv[])
break;
case 'h':
print_usage("ip6tables-restore",
- XTABLES_VERSION);
+ IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
diff --git a/ip6tables-save.c b/ip6tables-save.c
index 11ef8c48..32b59926 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -76,7 +76,7 @@ static int do_output(const char *tablename)
time_t now = time(NULL);
printf("# Generated by ip6tables-save v%s on %s",
- XTABLES_VERSION, ctime(&now));
+ IPTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
@@ -137,18 +137,11 @@ int main(int argc, char *argv[])
int c;
program_name = "ip6tables-save";
- program_version = XTABLES_VERSION;
-
- lib_dir = getenv("XTABLES_LIBDIR");
- if (lib_dir == NULL) {
- lib_dir = getenv("IP6TABLES_LIB_DIR");
- if (lib_dir != NULL)
- fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, "
- "use XTABLES_LIBDIR.\n");
- }
- if (lib_dir == NULL)
- lib_dir = XTABLES_LIBDIR;
+ program_version = IPTABLES_VERSION;
+ xtables_program_name = program_name;
+ xtables_init();
+ xtables_set_nfproto(NFPROTO_IPV6);
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c
index f4b1f18f..cea48186 100644
--- a/ip6tables-standalone.c
+++ b/ip6tables-standalone.c
@@ -50,18 +50,11 @@ main(int argc, char *argv[])
struct ip6tc_handle *handle = NULL;
program_name = "ip6tables";
- program_version = XTABLES_VERSION;
-
- lib_dir = getenv("XTABLES_LIBDIR");
- if (lib_dir == NULL) {
- lib_dir = getenv("IP6TABLES_LIB_DIR");
- if (lib_dir != NULL)
- fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, "
- "use XTABLES_LIBDIR.\n");
- }
- if (lib_dir == NULL)
- lib_dir = XTABLES_LIBDIR;
+ program_version = IPTABLES_VERSION;
+ xtables_program_name = program_name;
+ xtables_init();
+ xtables_set_nfproto(NFPROTO_IPV6);
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
diff --git a/ip6tables.c b/ip6tables.c
index 0a6f75b7..233974f2 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -199,43 +199,7 @@ struct pprot {
u_int8_t num;
};
-struct afinfo afinfo = {
- .family = NFPROTO_IPV6,
- .libprefix = "libip6t_",
- .ipproto = IPPROTO_IPV6,
- .kmod = "ip6_tables",
- .so_rev_match = IP6T_SO_GET_REVISION_MATCH,
- .so_rev_target = IP6T_SO_GET_REVISION_TARGET,
-};
-
-/* Primitive headers... */
-/* defined in netinet/in.h */
-#if 0
-#ifndef IPPROTO_ESP
-#define IPPROTO_ESP 50
-#endif
-#ifndef IPPROTO_AH
-#define IPPROTO_AH 51
-#endif
-#endif
-#ifndef IPPROTO_MH
-#define IPPROTO_MH 135
-#endif
-
-static const struct pprot chain_protos[] = {
- { "tcp", IPPROTO_TCP },
- { "udp", IPPROTO_UDP },
- { "udplite", IPPROTO_UDPLITE },
- { "icmpv6", IPPROTO_ICMPV6 },
- { "ipv6-icmp", IPPROTO_ICMPV6 },
- { "esp", IPPROTO_ESP },
- { "ah", IPPROTO_AH },
- { "ipv6-mh", IPPROTO_MH },
- { "mh", IPPROTO_MH },
- { "all", 0 },
-};
-
-static char *
+static const char *
proto_to_name(u_int8_t proto, int nolookup)
{
unsigned int i;
@@ -246,9 +210,9 @@ proto_to_name(u_int8_t proto, int nolookup)
return pent->p_name;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto)
- return chain_protos[i].name;
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto)
+ return xtables_chain_protos[i].name;
return NULL;
}
@@ -365,7 +329,7 @@ exit_printhelp(struct ip6tables_rule_match *matches)
}
void
-exit_error(enum exittype status, const char *msg, ...)
+exit_error(enum xtables_exittype status, const char *msg, ...)
{
va_list args;
@@ -450,26 +414,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
*cmd |= newcmd;
}
-int
-check_inverse(const char option[], int *invert, int *my_optind, int argc)
-{
- if (option && strcmp(option, "!") == 0) {
- if (*invert)
- exit_error(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = TRUE;
- if (my_optind != NULL) {
- ++*my_optind;
- if (argc && *my_optind > argc)
- exit_error(PARAMETER_PROBLEM,
- "no argument following `!'");
- }
-
- return TRUE;
- }
- return FALSE;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
@@ -486,8 +430,8 @@ find_proto(const char *pname, enum xtables_tryload tryload,
{
unsigned int proto;
- if (string_to_number(pname, 0, 255, &proto) != -1) {
- char *protoname = proto_to_name(proto, nolookup);
+ if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
+ const char *protoname = proto_to_name(proto, nolookup);
if (protoname)
return xtables_find_match(protoname, tryload, matches);
@@ -497,43 +441,6 @@ find_proto(const char *pname, enum xtables_tryload tryload,
return NULL;
}
-u_int16_t
-parse_protocol(const char *s)
-{
- unsigned int proto;
-
- if (string_to_number(s, 0, 255, &proto) == -1) {
- struct protoent *pent;
-
- /* first deal with the special case of 'all' to prevent
- * people from being able to redefine 'all' in nsswitch
- * and/or provoke expensive [not working] ldap/nis/...
- * lookups */
- if (!strcmp(s, "all"))
- return 0;
-
- if ((pent = getprotobyname(s)))
- proto = pent->p_proto;
- else {
- unsigned int i;
- for (i = 0;
- i < sizeof(chain_protos)/sizeof(struct pprot);
- i++) {
- if (strcmp(s, chain_protos[i].name) == 0) {
- proto = chain_protos[i].num;
- break;
- }
- }
- if (i == sizeof(chain_protos)/sizeof(struct pprot))
- exit_error(PARAMETER_PROBLEM,
- "unknown protocol `%s' specified",
- s);
- }
- }
-
- return (u_int16_t)proto;
-}
-
/* These are invalid numbers as upper layer protocol */
static int is_exthdr(u_int16_t proto)
{
@@ -549,7 +456,7 @@ parse_rulenumber(const char *rule)
{
unsigned int rulenum;
- if (string_to_number(rule, 1, INT_MAX, &rulenum) == -1)
+ if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid rule number `%s'", rule);
@@ -758,7 +665,7 @@ print_firewall(const struct ip6t_entry *fw,
fputc(fw->ipv6.invflags & IP6T_INV_PROTO ? '!' : ' ', stdout);
{
- char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
+ const char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
if (pname)
printf(FMT("%-5s", "%s "), pname);
else
@@ -809,10 +716,10 @@ print_firewall(const struct ip6t_entry *fw,
printf(FMT("%-19s ","%s "), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", ip6addr_to_numeric(&fw->ipv6.src));
+ strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.src));
else
- sprintf(buf, "%s", ip6addr_to_anyname(&fw->ipv6.src));
- strcat(buf, ip6mask_to_numeric(&fw->ipv6.smsk));
+ strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.src));
+ strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.smsk));
printf(FMT("%-19s ","%s "), buf);
}
@@ -822,10 +729,10 @@ print_firewall(const struct ip6t_entry *fw,
printf(FMT("%-19s ","-> %s"), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", ip6addr_to_numeric(&fw->ipv6.dst));
+ strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.dst));
else
- sprintf(buf, "%s", ip6addr_to_anyname(&fw->ipv6.dst));
- strcat(buf, ip6mask_to_numeric(&fw->ipv6.dmsk));
+ strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.dst));
+ strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.dmsk));
printf(FMT("%-19s ","-> %s"), buf);
}
@@ -1164,10 +1071,10 @@ static void print_proto(u_int16_t proto, int invert)
return;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto) {
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto) {
printf("-p %s%s ",
- invertstr, chain_protos[i].name);
+ invertstr, xtables_chain_protos[i].name);
return;
}
@@ -1618,7 +1525,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
* Option selection
*/
case 'p':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_PROTOCOL, &fw.ipv6.invflags,
invert);
@@ -1627,7 +1534,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
*protocol = tolower(*protocol);
protocol = argv[optind-1];
- fw.ipv6.proto = parse_protocol(protocol);
+ fw.ipv6.proto = xtables_parse_protocol(protocol);
fw.ipv6.flags |= IP6T_F_PROTO;
if (fw.ipv6.proto == 0
@@ -1644,14 +1551,14 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case 's':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_SOURCE, &fw.ipv6.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags,
invert);
dhostnetworkmask = argv[optind-1];
@@ -1697,19 +1604,19 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'i':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags,
invert);
- parse_interface(argv[optind-1],
+ xtables_parse_interface(argv[optind-1],
fw.ipv6.iniface,
fw.ipv6.iniface_mask);
break;
case 'o':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags,
invert);
- parse_interface(argv[optind-1],
+ xtables_parse_interface(argv[optind-1],
fw.ipv6.outiface,
fw.ipv6.outiface_mask);
break;
@@ -1945,11 +1852,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
}
if (shostnetworkmask)
- ip6parse_hostnetworkmask(shostnetworkmask, &saddrs,
+ xtables_ip6parse_any(shostnetworkmask, &saddrs,
&fw.ipv6.smsk, &nsaddrs);
if (dhostnetworkmask)
- ip6parse_hostnetworkmask(dhostnetworkmask, &daddrs,
+ xtables_ip6parse_any(dhostnetworkmask, &daddrs,
&fw.ipv6.dmsk, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
diff --git a/iptables-restore.c b/iptables-restore.c
index 3fbc9087..810806f0 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -129,19 +129,12 @@ main(int argc, char *argv[])
const char *tablename = NULL;
program_name = "iptables-restore";
- program_version = XTABLES_VERSION;
+ program_version = IPTABLES_VERSION;
line = 0;
- lib_dir = getenv("XTABLES_LIBDIR");
- if (lib_dir == NULL) {
- lib_dir = getenv("IPTABLES_LIB_DIR");
- if (lib_dir != NULL)
- fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, "
- "use XTABLES_LIBDIR.\n");
- }
- if (lib_dir == NULL)
- lib_dir = XTABLES_LIBDIR;
-
+ xtables_program_name = program_name;
+ xtables_init();
+ xtables_set_nfproto(NFPROTO_IPV4);
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
@@ -162,7 +155,7 @@ main(int argc, char *argv[])
break;
case 'h':
print_usage("iptables-restore",
- XTABLES_VERSION);
+ IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
diff --git a/iptables-save.c b/iptables-save.c
index 7118d1f2..c4306fd1 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -74,7 +74,7 @@ static int do_output(const char *tablename)
time_t now = time(NULL);
printf("# Generated by iptables-save v%s on %s",
- XTABLES_VERSION, ctime(&now));
+ IPTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
@@ -137,18 +137,11 @@ main(int argc, char *argv[])
int c;
program_name = "iptables-save";
- program_version = XTABLES_VERSION;
-
- lib_dir = getenv("XTABLES_LIBDIR");
- if (lib_dir == NULL) {
- lib_dir = getenv("IPTABLES_LIB_DIR");
- if (lib_dir != NULL)
- fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, "
- "use XTABLES_LIBDIR.\n");
- }
- if (lib_dir == NULL)
- lib_dir = XTABLES_LIBDIR;
+ program_version = IPTABLES_VERSION;
+ xtables_program_name = program_name;
+ xtables_init();
+ xtables_set_nfproto(NFPROTO_IPV4);
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
diff --git a/iptables-standalone.c b/iptables-standalone.c
index 3f2432fe..ece7cf42 100644
--- a/iptables-standalone.c
+++ b/iptables-standalone.c
@@ -51,18 +51,11 @@ main(int argc, char *argv[])
struct iptc_handle *handle = NULL;
program_name = "iptables";
- program_version = XTABLES_VERSION;
-
- lib_dir = getenv("XTABLES_LIBDIR");
- if (lib_dir == NULL) {
- lib_dir = getenv("IPTABLES_LIB_DIR");
- if (lib_dir != NULL)
- fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, "
- "use XTABLES_LIBDIR.\n");
- }
- if (lib_dir == NULL)
- lib_dir = XTABLES_LIBDIR;
+ program_version = IPTABLES_VERSION;
+ xtables_program_name = program_name;
+ xtables_init();
+ xtables_set_nfproto(NFPROTO_IPV4);
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
diff --git a/iptables-xml.c b/iptables-xml.c
index 8aee5c24..307845c5 100644
--- a/iptables-xml.c
+++ b/iptables-xml.c
@@ -30,7 +30,7 @@ const char *program_version;
#ifndef IPTABLES_MULTI
int line = 0;
-void exit_error(enum exittype status, const char *msg, ...)
+void exit_error(enum xtables_exittype status, const char *msg, ...)
{
va_list args;
@@ -531,8 +531,6 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
if (level1)
printf("%s", leveli1);
CLOSE_LEVEL(1);
-
- return;
}
static int
@@ -645,7 +643,7 @@ main(int argc, char *argv[])
FILE *in;
program_name = "iptables-xml";
- program_version = XTABLES_VERSION;
+ program_version = IPTABLES_VERSION;
line = 0;
while ((c = getopt_long(argc, argv, "cvh", options, NULL)) != -1) {
@@ -658,7 +656,7 @@ main(int argc, char *argv[])
verbose = 1;
break;
case 'h':
- print_usage("iptables-xml", XTABLES_VERSION);
+ print_usage("iptables-xml", IPTABLES_VERSION);
break;
}
}
diff --git a/iptables.c b/iptables.c
index 7b8d2391..f1a5d33e 100644
--- a/iptables.c
+++ b/iptables.c
@@ -194,22 +194,6 @@ const char *program_name;
int kernel_version;
-/* A few hardcoded protocols for 'all' and in case the user has no
- /etc/protocols */
-struct pprot {
- char *name;
- u_int8_t num;
-};
-
-struct afinfo afinfo = {
- .family = NFPROTO_IPV4,
- .libprefix = "libipt_",
- .ipproto = IPPROTO_IP,
- .kmod = "ip_tables",
- .so_rev_match = IPT_SO_GET_REVISION_MATCH,
- .so_rev_target = IPT_SO_GET_REVISION_TARGET,
-};
-
/* Primitive headers... */
/* defined in netinet/in.h */
#if 0
@@ -221,18 +205,7 @@ struct afinfo afinfo = {
#endif
#endif
-static const struct pprot chain_protos[] = {
- { "tcp", IPPROTO_TCP },
- { "udp", IPPROTO_UDP },
- { "udplite", IPPROTO_UDPLITE },
- { "icmp", IPPROTO_ICMP },
- { "esp", IPPROTO_ESP },
- { "ah", IPPROTO_AH },
- { "sctp", IPPROTO_SCTP },
- { "all", 0 },
-};
-
-static char *
+static const char *
proto_to_name(u_int8_t proto, int nolookup)
{
unsigned int i;
@@ -243,9 +216,9 @@ proto_to_name(u_int8_t proto, int nolookup)
return pent->p_name;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto)
- return chain_protos[i].name;
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto)
+ return xtables_chain_protos[i].name;
return NULL;
}
@@ -367,7 +340,7 @@ exit_printhelp(struct iptables_rule_match *matches)
}
void
-exit_error(enum exittype status, const char *msg, ...)
+exit_error(enum xtables_exittype status, const char *msg, ...)
{
va_list args;
@@ -452,26 +425,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
*cmd |= newcmd;
}
-int
-check_inverse(const char option[], int *invert, int *my_optind, int argc)
-{
- if (option && strcmp(option, "!") == 0) {
- if (*invert)
- exit_error(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = TRUE;
- if (my_optind != NULL) {
- ++*my_optind;
- if (argc && *my_optind > argc)
- exit_error(PARAMETER_PROBLEM,
- "no argument following `!'");
- }
-
- return TRUE;
- }
- return FALSE;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
@@ -488,8 +441,8 @@ find_proto(const char *pname, enum xtables_tryload tryload,
{
unsigned int proto;
- if (string_to_number(pname, 0, 255, &proto) != -1) {
- char *protoname = proto_to_name(proto, nolookup);
+ if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
+ const char *protoname = proto_to_name(proto, nolookup);
if (protoname)
return xtables_find_match(protoname, tryload, matches);
@@ -499,50 +452,13 @@ find_proto(const char *pname, enum xtables_tryload tryload,
return NULL;
}
-u_int16_t
-parse_protocol(const char *s)
-{
- unsigned int proto;
-
- if (string_to_number(s, 0, 255, &proto) == -1) {
- struct protoent *pent;
-
- /* first deal with the special case of 'all' to prevent
- * people from being able to redefine 'all' in nsswitch
- * and/or provoke expensive [not working] ldap/nis/...
- * lookups */
- if (!strcmp(s, "all"))
- return 0;
-
- if ((pent = getprotobyname(s)))
- proto = pent->p_proto;
- else {
- unsigned int i;
- for (i = 0;
- i < sizeof(chain_protos)/sizeof(struct pprot);
- i++) {
- if (strcmp(s, chain_protos[i].name) == 0) {
- proto = chain_protos[i].num;
- break;
- }
- }
- if (i == sizeof(chain_protos)/sizeof(struct pprot))
- exit_error(PARAMETER_PROBLEM,
- "unknown protocol `%s' specified",
- s);
- }
- }
-
- return (u_int16_t)proto;
-}
-
/* Can't be zero. */
static int
parse_rulenumber(const char *rule)
{
unsigned int rulenum;
- if (string_to_number(rule, 1, INT_MAX, &rulenum) == -1)
+ if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX))
exit_error(PARAMETER_PROBLEM,
"Invalid rule number `%s'", rule);
@@ -753,7 +669,7 @@ print_firewall(const struct ipt_entry *fw,
fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout);
{
- char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
+ const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
if (pname)
printf(FMT("%-5s", "%s "), pname);
else
@@ -803,10 +719,10 @@ print_firewall(const struct ipt_entry *fw,
printf(FMT("%-19s ","%s "), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.src));
+ strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src));
else
- sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.src));
- strcat(buf, ipmask_to_numeric(&fw->ip.smsk));
+ strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src));
+ strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk));
printf(FMT("%-19s ","%s "), buf);
}
@@ -815,10 +731,10 @@ print_firewall(const struct ipt_entry *fw,
printf(FMT("%-19s ","-> %s"), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.dst));
+ strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst));
else
- sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.dst));
- strcat(buf, ipmask_to_numeric(&fw->ip.dmsk));
+ strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst));
+ strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk));
printf(FMT("%-19s ","-> %s"), buf);
}
@@ -1127,10 +1043,10 @@ static void print_proto(u_int16_t proto, int invert)
return;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto) {
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto) {
printf("-p %s%s ",
- invertstr, chain_protos[i].name);
+ invertstr, xtables_chain_protos[i].name);
return;
}
@@ -1631,7 +1547,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
* Option selection
*/
case 'p':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_PROTOCOL, &fw.ip.invflags,
invert);
@@ -1640,7 +1556,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
*protocol = tolower(*protocol);
protocol = argv[optind-1];
- fw.ip.proto = parse_protocol(protocol);
+ fw.ip.proto = xtables_parse_protocol(protocol);
if (fw.ip.proto == 0
&& (fw.ip.invflags & IPT_INV_PROTO))
@@ -1649,14 +1565,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case 's':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_SOURCE, &fw.ip.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_DESTINATION, &fw.ip.invflags,
invert);
dhostnetworkmask = argv[optind-1];
@@ -1702,19 +1618,19 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'i':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags,
invert);
- parse_interface(argv[optind-1],
+ xtables_parse_interface(argv[optind-1],
fw.ip.iniface,
fw.ip.iniface_mask);
break;
case 'o':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags,
invert);
- parse_interface(argv[optind-1],
+ xtables_parse_interface(argv[optind-1],
fw.ip.outiface,
fw.ip.outiface_mask);
break;
@@ -1974,11 +1890,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
}
if (shostnetworkmask)
- ipparse_hostnetworkmask(shostnetworkmask, &saddrs,
+ xtables_ipparse_any(shostnetworkmask, &saddrs,
&fw.ip.smsk, &nsaddrs);
if (dhostnetworkmask)
- ipparse_hostnetworkmask(dhostnetworkmask, &daddrs,
+ xtables_ipparse_any(dhostnetworkmask, &daddrs,
&fw.ip.dmsk, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
diff --git a/xtables.c b/xtables.c
index 849dc7dc..6c954754 100644
--- a/xtables.c
+++ b/xtables.c
@@ -32,6 +32,8 @@
#include <arpa/inet.h>
#include <xtables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
#include <libiptc/libxtc.h>
#ifndef NO_SHARED_LIBS
@@ -44,7 +46,51 @@
#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
#endif
-char *lib_dir;
+/**
+ * xtables_afinfo - protocol family dependent information
+ * @kmod: kernel module basename (e.g. "ip_tables")
+ * @libprefix: prefix of .so library name (e.g. "libipt_")
+ * @family: nfproto family
+ * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
+ * @so_rev_match: optname to check revision support of match
+ * @so_rev_target: optname to check revision support of target
+ */
+struct xtables_afinfo {
+ const char *kmod;
+ const char *libprefix;
+ uint8_t family;
+ uint8_t ipproto;
+ int so_rev_match;
+ int so_rev_target;
+};
+
+static const struct xtables_afinfo afinfo_ipv4 = {
+ .kmod = "ip_tables",
+ .libprefix = "libipt_",
+ .family = NFPROTO_IPV4,
+ .ipproto = IPPROTO_IP,
+ .so_rev_match = IPT_SO_GET_REVISION_MATCH,
+ .so_rev_target = IPT_SO_GET_REVISION_TARGET,
+};
+
+static const struct xtables_afinfo afinfo_ipv6 = {
+ .kmod = "ip6_tables",
+ .libprefix = "libip6t_",
+ .family = NFPROTO_IPV6,
+ .ipproto = IPPROTO_IPV6,
+ .so_rev_match = IP6T_SO_GET_REVISION_MATCH,
+ .so_rev_target = IP6T_SO_GET_REVISION_TARGET,
+};
+
+static const struct xtables_afinfo *afinfo;
+
+/**
+ * Program will set this to its own name.
+ */
+const char *xtables_program_name;
+
+/* Search path for Xtables .so files */
+static const char *xtables_libdir;
/* the path to command to load kernel module */
const char *xtables_modprobe_program;
@@ -53,6 +99,35 @@ const char *xtables_modprobe_program;
struct xtables_match *xtables_matches;
struct xtables_target *xtables_targets;
+void xtables_init(void)
+{
+ xtables_libdir = getenv("XTABLES_LIBDIR");
+ if (xtables_libdir != NULL)
+ return;
+ xtables_libdir = getenv("IPTABLES_LIB_DIR");
+ if (xtables_libdir != NULL) {
+ fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, "
+ "use XTABLES_LIBDIR.\n");
+ return;
+ }
+ xtables_libdir = XTABLES_LIBDIR;
+}
+
+void xtables_set_nfproto(uint8_t nfproto)
+{
+ switch (nfproto) {
+ case NFPROTO_IPV4:
+ afinfo = &afinfo_ipv4;
+ break;
+ case NFPROTO_IPV6:
+ afinfo = &afinfo_ipv6;
+ break;
+ default:
+ fprintf(stderr, "libxtables: unhandled NFPROTO in %s\n",
+ __func__);
+ }
+}
+
/**
* xtables_*alloc - wrappers that exit on failure
*/
@@ -156,64 +231,31 @@ int xtables_load_ko(const char *modprobe, bool quiet)
static int ret = -1;
if (!loaded) {
- ret = xtables_insmod(afinfo.kmod, modprobe, quiet);
+ ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
loaded = (ret == 0);
}
return ret;
}
-int string_to_number_ll(const char *s, unsigned long long min,
- unsigned long long max, unsigned long long *ret)
-{
- unsigned long long number;
- char *end;
-
- /* Handle hex, octal, etc. */
- errno = 0;
- number = strtoull(s, &end, 0);
- if (*end == '\0' && end != s) {
- /* we parsed a number, let's see if we want this */
- if (errno != ERANGE && min <= number && (!max || number <= max)) {
- *ret = number;
- return 0;
- }
- }
- return -1;
-}
-
-int string_to_number_l(const char *s, unsigned long min, unsigned long max,
- unsigned long *ret)
-{
- int result;
- unsigned long long number;
-
- result = string_to_number_ll(s, min, max, &number);
- *ret = (unsigned long)number;
-
- return result;
-}
-
-int string_to_number(const char *s, unsigned int min, unsigned int max,
- unsigned int *ret)
-{
- int result;
- unsigned long number;
-
- result = string_to_number_l(s, min, max, &number);
- *ret = (unsigned int)number;
-
- return result;
-}
-
-/*
- * strtonum{,l} - string to number conversion
+/**
+ * xtables_strtou{i,l} - string to number conversion
+ * @s: input string
+ * @end: like strtoul's "end" pointer
+ * @value: pointer for result
+ * @min: minimum accepted value
+ * @max: maximum accepted value
*
- * If @end is NULL, we assume the caller does not want
- * a case like "15a", so reject it.
+ * If @end is NULL, we assume the caller wants a "strict strtoul", and hence
+ * "15a" is rejected.
+ * In either case, the value obtained is compared for min-max compliance.
+ * Base is always 0, i.e. autodetect depending on @s.
+ *
+ * Returns true/false whether number was accepted. On failure, *value has
+ * undefined contents.
*/
-bool strtonuml(const char *s, char **end, unsigned long *value,
- unsigned long min, unsigned long max)
+bool xtables_strtoul(const char *s, char **end, unsigned long *value,
+ unsigned long min, unsigned long max)
{
unsigned long v;
char *my_end;
@@ -237,19 +279,19 @@ bool strtonuml(const char *s, char **end, unsigned long *value,
return false;
}
-bool strtonum(const char *s, char **end, unsigned int *value,
- unsigned int min, unsigned int max)
+bool xtables_strtoui(const char *s, char **end, unsigned int *value,
+ unsigned int min, unsigned int max)
{
unsigned long v;
bool ret;
- ret = strtonuml(s, end, &v, min, max);
+ ret = xtables_strtoul(s, end, &v, min, max);
if (value != NULL)
*value = v;
return ret;
}
-int service_to_port(const char *name, const char *proto)
+int xtables_service_to_port(const char *name, const char *proto)
{
struct servent *service;
@@ -259,19 +301,20 @@ int service_to_port(const char *name, const char *proto)
return -1;
}
-u_int16_t parse_port(const char *port, const char *proto)
+u_int16_t xtables_parse_port(const char *port, const char *proto)
{
unsigned int portnum;
- if ((string_to_number(port, 0, 65535, &portnum)) != -1 ||
- (portnum = service_to_port(port, proto)) != (unsigned)-1)
- return (u_int16_t)portnum;
+ if (xtables_strtoui(port, NULL, &portnum, 0, UINT16_MAX) ||
+ (portnum = xtables_service_to_port(port, proto)) != (unsigned)-1)
+ return portnum;
exit_error(PARAMETER_PROBLEM,
"invalid port/service `%s' specified", port);
}
-void parse_interface(const char *arg, char *vianame, unsigned char *mask)
+void xtables_parse_interface(const char *arg, char *vianame,
+ unsigned char *mask)
{
int vialen = strlen(arg);
unsigned int i;
@@ -398,7 +441,8 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
#ifndef NO_SHARED_LIBS
if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
- ptr = load_extension(lib_dir, afinfo.libprefix, name, false);
+ ptr = load_extension(xtables_libdir, afinfo->libprefix,
+ name, false);
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
exit_error(PARAMETER_PROBLEM,
@@ -457,7 +501,8 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
#ifndef NO_SHARED_LIBS
if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
- ptr = load_extension(lib_dir, afinfo.libprefix, name, true);
+ ptr = load_extension(xtables_libdir, afinfo->libprefix,
+ name, true);
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
exit_error(PARAMETER_PROBLEM,
@@ -489,7 +534,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
socklen_t s = sizeof(rev);
int max_rev, sockfd;
- sockfd = socket(afinfo.family, SOCK_RAW, IPPROTO_RAW);
+ sockfd = socket(afinfo->family, SOCK_RAW, IPPROTO_RAW);
if (sockfd < 0) {
if (errno == EPERM) {
/* revision 0 is always supported. */
@@ -510,7 +555,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
strcpy(rev.name, name);
rev.revision = revision;
- max_rev = getsockopt(sockfd, afinfo.ipproto, opt, &rev, &s);
+ max_rev = getsockopt(sockfd, afinfo->ipproto, opt, &rev, &s);
if (max_rev < 0) {
/* Definitely don't support this? */
if (errno == ENOENT || errno == EPROTONOSUPPORT) {
@@ -533,40 +578,42 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
static int compatible_match_revision(const char *name, u_int8_t revision)
{
- return compatible_revision(name, revision, afinfo.so_rev_match);
+ return compatible_revision(name, revision, afinfo->so_rev_match);
}
static int compatible_target_revision(const char *name, u_int8_t revision)
{
- return compatible_revision(name, revision, afinfo.so_rev_target);
+ return compatible_revision(name, revision, afinfo->so_rev_target);
}
void xtables_register_match(struct xtables_match *me)
{
struct xtables_match **i, *old;
- if (strcmp(me->version, program_version) != 0) {
- fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
- program_name, me->name, me->version, program_version);
+ if (strcmp(me->version, XTABLES_VERSION) != 0) {
+ fprintf(stderr, "%s: match \"%s\" has version \"%s\", "
+ "but \"%s\" is required.\n",
+ xtables_program_name, me->name,
+ me->version, XTABLES_VERSION);
exit(1);
}
/* Revision field stole a char from name. */
if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) {
fprintf(stderr, "%s: target `%s' has invalid name\n",
- program_name, me->name);
+ xtables_program_name, me->name);
exit(1);
}
if (me->family >= NPROTO) {
fprintf(stderr,
"%s: BUG: match %s has invalid protocol family\n",
- program_name, me->name);
+ xtables_program_name, me->name);
exit(1);
}
/* ignore not interested match */
- if (me->family != afinfo.family && me->family != AF_UNSPEC)
+ if (me->family != afinfo->family && me->family != AF_UNSPEC)
return;
old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL);
@@ -575,7 +622,7 @@ void xtables_register_match(struct xtables_match *me)
old->family == me->family) {
fprintf(stderr,
"%s: match `%s' already registered.\n",
- program_name, me->name);
+ xtables_program_name, me->name);
exit(1);
}
@@ -599,7 +646,7 @@ void xtables_register_match(struct xtables_match *me)
if (me->size != XT_ALIGN(me->size)) {
fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
- program_name, me->name, (unsigned int)me->size);
+ xtables_program_name, me->name, (unsigned int)me->size);
exit(1);
}
@@ -616,28 +663,30 @@ void xtables_register_target(struct xtables_target *me)
{
struct xtables_target *old;
- if (strcmp(me->version, program_version) != 0) {
- fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n",
- program_name, me->name, me->version, program_version);
+ if (strcmp(me->version, XTABLES_VERSION) != 0) {
+ fprintf(stderr, "%s: target \"%s\" has version \"%s\", "
+ "but \"%s\" is required.\n",
+ xtables_program_name, me->name,
+ me->version, XTABLES_VERSION);
exit(1);
}
/* Revision field stole a char from name. */
if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) {
fprintf(stderr, "%s: target `%s' has invalid name\n",
- program_name, me->name);
+ xtables_program_name, me->name);
exit(1);
}
if (me->family >= NPROTO) {
fprintf(stderr,
"%s: BUG: target %s has invalid protocol family\n",
- program_name, me->name);
+ xtables_program_name, me->name);
exit(1);
}
/* ignore not interested target */
- if (me->family != afinfo.family && me->family != AF_UNSPEC)
+ if (me->family != afinfo->family && me->family != AF_UNSPEC)
return;
old = xtables_find_target(me->name, XTF_DURING_LOAD);
@@ -648,7 +697,7 @@ void xtables_register_target(struct xtables_target *me)
old->family == me->family) {
fprintf(stderr,
"%s: target `%s' already registered.\n",
- program_name, me->name);
+ xtables_program_name, me->name);
exit(1);
}
@@ -672,7 +721,7 @@ void xtables_register_target(struct xtables_target *me)
if (me->size != XT_ALIGN(me->size)) {
fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
- program_name, me->name, (unsigned int)me->size);
+ xtables_program_name, me->name, (unsigned int)me->size);
exit(1);
}
@@ -683,7 +732,31 @@ void xtables_register_target(struct xtables_target *me)
me->tflags = 0;
}
-void param_act(unsigned int status, const char *p1, ...)
+/**
+ * xtables_param_act - act on condition
+ * @status: a constant from enum xtables_exittype
+ *
+ * %XTF_ONLY_ONCE: print error message that option may only be used once.
+ * @p1: module name (e.g. "mark")
+ * @p2(...): option in conflict (e.g. "--mark")
+ * @p3(...): condition to match on (see extensions/ for examples)
+ *
+ * %XTF_NO_INVERT: option does not support inversion
+ * @p1: module name
+ * @p2: option in conflict
+ * @p3: condition to match on
+ *
+ * %XTF_BAD_VALUE: bad value for option
+ * @p1: module name
+ * @p2: option with which the problem occured (e.g. "--mark")
+ * @p3: string the user passed in (e.g. "99999999999999")
+ *
+ * %XTF_ONE_ACTION: two mutually exclusive actions have been specified
+ * @p1: module name
+ *
+ * Displays an error message and exits the program.
+ */
+void xtables_param_act(unsigned int status, const char *p1, ...)
{
const char *p2, *p3;
va_list args;
@@ -692,7 +765,7 @@ void param_act(unsigned int status, const char *p1, ...)
va_start(args, p1);
switch (status) {
- case P_ONLY_ONCE:
+ case XTF_ONLY_ONCE:
p2 = va_arg(args, const char *);
b = va_arg(args, unsigned int);
if (!b)
@@ -701,7 +774,7 @@ void param_act(unsigned int status, const char *p1, ...)
"%s: \"%s\" option may only be specified once",
p1, p2);
break;
- case P_NO_INVERT:
+ case XTF_NO_INVERT:
p2 = va_arg(args, const char *);
b = va_arg(args, unsigned int);
if (!b)
@@ -709,14 +782,14 @@ void param_act(unsigned int status, const char *p1, ...)
exit_error(PARAMETER_PROBLEM,
"%s: \"%s\" option cannot be inverted", p1, p2);
break;
- case P_BAD_VALUE:
+ case XTF_BAD_VALUE:
p2 = va_arg(args, const char *);
p3 = va_arg(args, const char *);
exit_error(PARAMETER_PROBLEM,
"%s: Bad value for \"%s\" option: \"%s\"",
p1, p2, p3);
break;
- case P_ONE_ACTION:
+ case XTF_ONE_ACTION:
b = va_arg(args, unsigned int);
if (!b)
return;
@@ -731,7 +804,7 @@ void param_act(unsigned int status, const char *p1, ...)
va_end(args);
}
-const char *ipaddr_to_numeric(const struct in_addr *addrp)
+const char *xtables_ipaddr_to_numeric(const struct in_addr *addrp)
{
static char buf[20];
const unsigned char *bytep = (const void *)&addrp->s_addr;
@@ -761,7 +834,7 @@ static const char *ipaddr_to_network(const struct in_addr *addr)
return NULL;
}
-const char *ipaddr_to_anyname(const struct in_addr *addr)
+const char *xtables_ipaddr_to_anyname(const struct in_addr *addr)
{
const char *name;
@@ -769,10 +842,10 @@ const char *ipaddr_to_anyname(const struct in_addr *addr)
(name = ipaddr_to_network(addr)) != NULL)
return name;
- return ipaddr_to_numeric(addr);
+ return xtables_ipaddr_to_numeric(addr);
}
-const char *ipmask_to_numeric(const struct in_addr *mask)
+const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
{
static char buf[20];
uint32_t maskaddr, bits;
@@ -792,7 +865,7 @@ const char *ipmask_to_numeric(const struct in_addr *mask)
sprintf(buf, "/%d", i);
else
/* mask was not a decent combination of 1's and 0's */
- sprintf(buf, "/%s", ipaddr_to_numeric(mask));
+ sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask));
return buf;
}
@@ -817,7 +890,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask)
return NULL;
/* autocomplete, this is a network address */
- if (!strtonum(p, NULL, &onebyte, 0, 255))
+ if (!xtables_strtoui(p, NULL, &onebyte, 0, UINT8_MAX))
return NULL;
addrp[i] = onebyte;
@@ -828,7 +901,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask)
}
*q = '\0';
- if (!strtonum(p, NULL, &onebyte, 0, 255))
+ if (!xtables_strtoui(p, NULL, &onebyte, 0, UINT8_MAX))
return NULL;
addrp[i] = onebyte;
@@ -836,19 +909,19 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask)
}
/* we have checked 3 bytes, now we check the last one */
- if (!strtonum(p, NULL, &onebyte, 0, 255))
+ if (!xtables_strtoui(p, NULL, &onebyte, 0, UINT8_MAX))
return NULL;
addrp[3] = onebyte;
return &addr;
}
-struct in_addr *numeric_to_ipaddr(const char *dotted)
+struct in_addr *xtables_numeric_to_ipaddr(const char *dotted)
{
return __numeric_to_ipaddr(dotted, false);
}
-struct in_addr *numeric_to_ipmask(const char *dotted)
+struct in_addr *xtables_numeric_to_ipmask(const char *dotted)
{
return __numeric_to_ipaddr(dotted, true);
}
@@ -897,7 +970,7 @@ ipparse_hostnetwork(const char *name, unsigned int *naddrs)
{
struct in_addr *addrptmp, *addrp;
- if ((addrptmp = numeric_to_ipaddr(name)) != NULL ||
+ if ((addrptmp = xtables_numeric_to_ipaddr(name)) != NULL ||
(addrptmp = network_to_ipaddr(name)) != NULL) {
addrp = xtables_malloc(sizeof(struct in_addr));
memcpy(addrp, addrptmp, sizeof(*addrp));
@@ -921,10 +994,10 @@ static struct in_addr *parse_ipmask(const char *mask)
maskaddr.s_addr = 0xFFFFFFFF;
return &maskaddr;
}
- if ((addrp = numeric_to_ipmask(mask)) != NULL)
+ if ((addrp = xtables_numeric_to_ipmask(mask)) != NULL)
/* dotted_to_addr already returns a network byte order addr */
return addrp;
- if (string_to_number(mask, 0, 32, &bits) == -1)
+ if (!xtables_strtoui(mask, NULL, &bits, 0, 32))
exit_error(PARAMETER_PROBLEM,
"invalid mask `%s' specified", mask);
if (bits != 0) {
@@ -936,8 +1009,15 @@ static struct in_addr *parse_ipmask(const char *mask)
return &maskaddr;
}
-void ipparse_hostnetworkmask(const char *name, struct in_addr **addrpp,
- struct in_addr *maskp, unsigned int *naddrs)
+/**
+ * xtables_ipparse_any - transform arbitrary name to in_addr
+ *
+ * Possible inputs (pseudo regex):
+ * m{^($hostname|$networkname|$ipaddr)(/$mask)?}
+ * "1.2.3.4/5", "1.2.3.4", "hostname", "networkname"
+ */
+void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
+ struct in_addr *maskp, unsigned int *naddrs)
{
unsigned int i, j, k, n;
struct in_addr *addrp;
@@ -970,7 +1050,7 @@ void ipparse_hostnetworkmask(const char *name, struct in_addr **addrpp,
}
}
-const char *ip6addr_to_numeric(const struct in6_addr *addrp)
+const char *xtables_ip6addr_to_numeric(const struct in6_addr *addrp)
{
/* 0000:0000:0000:0000:0000:000.000.000.000
* 0000:0000:0000:0000:0000:0000:0000:0000 */
@@ -1003,14 +1083,14 @@ static const char *ip6addr_to_host(const struct in6_addr *addr)
return hostname;
}
-const char *ip6addr_to_anyname(const struct in6_addr *addr)
+const char *xtables_ip6addr_to_anyname(const struct in6_addr *addr)
{
const char *name;
if ((name = ip6addr_to_host(addr)) != NULL)
return name;
- return ip6addr_to_numeric(addr);
+ return xtables_ip6addr_to_numeric(addr);
}
static int ip6addr_prefix_length(const struct in6_addr *k)
@@ -1037,21 +1117,21 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
return bits;
}
-const char *ip6mask_to_numeric(const struct in6_addr *addrp)
+const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
{
static char buf[50+2];
int l = ip6addr_prefix_length(addrp);
if (l == -1) {
strcpy(buf, "/");
- strcat(buf, ip6addr_to_numeric(addrp));
+ strcat(buf, xtables_ip6addr_to_numeric(addrp));
return buf;
}
sprintf(buf, "/%d", l);
return buf;
}
-struct in6_addr *numeric_to_ip6addr(const char *num)
+struct in6_addr *xtables_numeric_to_ip6addr(const char *num)
{
static struct in6_addr ap;
int err;
@@ -1119,7 +1199,7 @@ ip6parse_hostnetwork(const char *name, unsigned int *naddrs)
{
struct in6_addr *addrp, *addrptmp;
- if ((addrptmp = numeric_to_ip6addr(name)) != NULL ||
+ if ((addrptmp = xtables_numeric_to_ip6addr(name)) != NULL ||
(addrptmp = network_to_ip6addr(name)) != NULL) {
addrp = xtables_malloc(sizeof(struct in6_addr));
memcpy(addrp, addrptmp, sizeof(*addrp));
@@ -1143,9 +1223,9 @@ static struct in6_addr *parse_ip6mask(char *mask)
memset(&maskaddr, 0xff, sizeof maskaddr);
return &maskaddr;
}
- if ((addrp = numeric_to_ip6addr(mask)) != NULL)
+ if ((addrp = xtables_numeric_to_ip6addr(mask)) != NULL)
return addrp;
- if (string_to_number(mask, 0, 128, &bits) == -1)
+ if (!xtables_strtoui(mask, NULL, &bits, 0, 128))
exit_error(PARAMETER_PROBLEM,
"invalid mask `%s' specified", mask);
if (bits != 0) {
@@ -1160,8 +1240,8 @@ static struct in6_addr *parse_ip6mask(char *mask)
return &maskaddr;
}
-void ip6parse_hostnetworkmask(const char *name, struct in6_addr **addrpp,
- struct in6_addr *maskp, unsigned int *naddrs)
+void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
+ struct in6_addr *maskp, unsigned int *naddrs)
{
struct in6_addr *addrp;
unsigned int i, j, k, n;
@@ -1196,7 +1276,7 @@ void ip6parse_hostnetworkmask(const char *name, struct in6_addr **addrpp,
}
}
-void save_string(const char *value)
+void xtables_save_string(const char *value)
{
static const char no_quote_chars[] = "_-0123456789"
"abcdefghijklmnopqrstuvwxyz"
@@ -1232,3 +1312,82 @@ void save_string(const char *value)
printf("\" ");
}
}
+
+/**
+ * Check for option-intrapositional negation.
+ * Do not use in new code.
+ */
+int xtables_check_inverse(const char option[], int *invert,
+ int *my_optind, int argc)
+{
+ if (option && strcmp(option, "!") == 0) {
+ fprintf(stderr, "Using intrapositioned negation "
+ "(`--option ! this`) is deprecated in favor of "
+ "extrapositioned (`! --option this`).\n");
+
+ if (*invert)
+ exit_error(PARAMETER_PROBLEM,
+ "Multiple `!' flags not allowed");
+ *invert = true;
+ if (my_optind != NULL) {
+ ++*my_optind;
+ if (argc && *my_optind > argc)
+ exit_error(PARAMETER_PROBLEM,
+ "no argument following `!'");
+ }
+
+ return true;
+ }
+ return false;
+}
+
+const struct xtables_pprot xtables_chain_protos[] = {
+ {"tcp", IPPROTO_TCP},
+ {"sctp", IPPROTO_SCTP},
+ {"udp", IPPROTO_UDP},
+ {"udplite", IPPROTO_UDPLITE},
+ {"icmp", IPPROTO_ICMP},
+ {"icmpv6", IPPROTO_ICMPV6},
+ {"ipv6-icmp", IPPROTO_ICMPV6},
+ {"esp", IPPROTO_ESP},
+ {"ah", IPPROTO_AH},
+ {"ipv6-mh", IPPROTO_MH},
+ {"mh", IPPROTO_MH},
+ {"all", 0},
+ {NULL},
+};
+
+u_int16_t
+xtables_parse_protocol(const char *s)
+{
+ unsigned int proto;
+
+ if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) {
+ struct protoent *pent;
+
+ /* first deal with the special case of 'all' to prevent
+ * people from being able to redefine 'all' in nsswitch
+ * and/or provoke expensive [not working] ldap/nis/...
+ * lookups */
+ if (!strcmp(s, "all"))
+ return 0;
+
+ if ((pent = getprotobyname(s)))
+ proto = pent->p_proto;
+ else {
+ unsigned int i;
+ for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
+ if (strcmp(s, xtables_chain_protos[i].name) == 0) {
+ proto = xtables_chain_protos[i].num;
+ break;
+ }
+ }
+ if (i == ARRAY_SIZE(xtables_chain_protos))
+ exit_error(PARAMETER_PROBLEM,
+ "unknown protocol `%s' specified",
+ s);
+ }
+ }
+
+ return proto;
+}