summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libip6t_policy.c4
-rw-r--r--extensions/libipt_LOG.c2
-rw-r--r--extensions/libipt_ULOG.c2
-rw-r--r--extensions/libipt_policy.c4
-rw-r--r--extensions/libxt_NFLOG.c2
-rw-r--r--extensions/libxt_conntrack.c24
-rw-r--r--extensions/libxt_helper.c2
-rw-r--r--include/xtables.h.in6
-rw-r--r--ip6tables.c4
-rw-r--r--iptables.c4
-rw-r--r--xtables.c17
11 files changed, 39 insertions, 32 deletions
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 357cbea1..fa855c12 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -214,7 +214,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
- ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
@@ -229,7 +229,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
- ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index aefb54a6..23790a0d 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -235,7 +235,7 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
if (strcmp(loginfo->prefix, "") != 0) {
printf("--log-prefix ");
- save_string(loginfo->prefix);
+ xtables_save_string(loginfo->prefix);
}
if (loginfo->level != LOG_DEFAULT_LEVEL)
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index d73a3f65..6e346d81 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -151,7 +151,7 @@ static void ULOG_save(const void *ip, const struct xt_entry_target *target)
if (strcmp(loginfo->prefix, "") != 0) {
fputs("--ulog-prefix ", stdout);
- save_string(loginfo->prefix);
+ xtables_save_string(loginfo->prefix);
}
if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 6b044d87..c9ce850c 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -182,7 +182,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
- ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
@@ -197,7 +197,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
- ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr);
+ xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
exit_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index fe22e981..bedfbe90 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -113,7 +113,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
{
if (info->prefix[0] != '\0') {
printf("%snflog-prefix ", prefix);
- save_string(info->prefix);
+ xtables_save_string(info->prefix);
}
if (info->group)
printf("%snflog-group %u ", prefix, info->group);
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index ffa279ca..958f842f 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -333,7 +333,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGSRC;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->sipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
@@ -353,7 +353,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGDST;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->dipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
@@ -373,7 +373,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLSRC;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->sipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
@@ -393,7 +393,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLDST;
- ipparse_hostnetworkmask(argv[optind-1], &addrs,
+ xtables_ipparse_any(argv[optind-1], &addrs,
&sinfo->dipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
@@ -551,7 +551,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '3': /* --ctorigsrc */
- ipparse_hostnetworkmask(optarg, &addr, &info->origsrc_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -564,7 +564,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4': /* --ctorigdst */
- ipparse_hostnetworkmask(optarg, &addr, &info->origdst_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -577,7 +577,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '5': /* --ctreplsrc */
- ipparse_hostnetworkmask(optarg, &addr, &info->replsrc_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -590,7 +590,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '6': /* --ctrepldst */
- ipparse_hostnetworkmask(optarg, &addr, &info->repldst_mask.in,
+ xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in,
&naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -621,7 +621,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '3': /* --ctorigsrc */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->origsrc_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -634,7 +634,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4': /* --ctorigdst */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->origdst_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -647,7 +647,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '5': /* --ctreplsrc */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->replsrc_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
@@ -660,7 +660,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '6': /* --ctrepldst */
- ip6parse_hostnetworkmask(optarg, &addr,
+ xtables_ip6parse_any(optarg, &addr,
&info->repldst_mask.in6, &naddrs);
if (naddrs > 1)
exit_error(PARAMETER_PROBLEM,
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index b60c9826..23025cd4 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -65,7 +65,7 @@ static void helper_save(const void *ip, const struct xt_entry_match *match)
struct xt_helper_info *info = (struct xt_helper_info *)match->data;
printf("%s--helper ",info->invert ? "! " : "");
- save_string(info->name);
+ xtables_save_string(info->name);
}
static struct xtables_match helper_match = {
diff --git a/include/xtables.h.in b/include/xtables.h.in
index abde4d86..c3c960b1 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -212,21 +212,21 @@ extern const char *xtables_ipaddr_to_anyname(const struct in_addr *);
extern const char *xtables_ipmask_to_numeric(const struct in_addr *);
extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
extern struct in_addr *xtables_numeric_to_ipmask(const char *);
-extern void ipparse_hostnetworkmask(const char *, struct in_addr **,
+extern void xtables_ipparse_any(const char *, struct in_addr **,
struct in_addr *, unsigned int *);
extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
-extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **,
+extern void xtables_ip6parse_any(const char *, struct in6_addr **,
struct in6_addr *, unsigned int *);
/**
* Print the specified value to standard output, quoting dangerous
* characters if required.
*/
-extern void save_string(const char *value);
+extern void xtables_save_string(const char *value);
#ifdef NO_SHARED_LIBS
# ifdef _INIT
diff --git a/ip6tables.c b/ip6tables.c
index fd732763..48a6bec4 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1945,11 +1945,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
}
if (shostnetworkmask)
- ip6parse_hostnetworkmask(shostnetworkmask, &saddrs,
+ xtables_ip6parse_any(shostnetworkmask, &saddrs,
&fw.ipv6.smsk, &nsaddrs);
if (dhostnetworkmask)
- ip6parse_hostnetworkmask(dhostnetworkmask, &daddrs,
+ xtables_ip6parse_any(dhostnetworkmask, &daddrs,
&fw.ipv6.dmsk, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
diff --git a/iptables.c b/iptables.c
index aeb40d8a..925464c0 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1974,11 +1974,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
}
if (shostnetworkmask)
- ipparse_hostnetworkmask(shostnetworkmask, &saddrs,
+ xtables_ipparse_any(shostnetworkmask, &saddrs,
&fw.ip.smsk, &nsaddrs);
if (dhostnetworkmask)
- ipparse_hostnetworkmask(dhostnetworkmask, &daddrs,
+ xtables_ipparse_any(dhostnetworkmask, &daddrs,
&fw.ip.dmsk, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
diff --git a/xtables.c b/xtables.c
index a387ae0a..8a79c5b1 100644
--- a/xtables.c
+++ b/xtables.c
@@ -954,8 +954,15 @@ static struct in_addr *parse_ipmask(const char *mask)
return &maskaddr;
}
-void ipparse_hostnetworkmask(const char *name, struct in_addr **addrpp,
- struct in_addr *maskp, unsigned int *naddrs)
+/**
+ * xtables_ipparse_any - transform arbitrary name to in_addr
+ *
+ * Possible inputs (pseudo regex):
+ * m{^($hostname|$networkname|$ipaddr)(/$mask)?}
+ * "1.2.3.4/5", "1.2.3.4", "hostname", "networkname"
+ */
+void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
+ struct in_addr *maskp, unsigned int *naddrs)
{
unsigned int i, j, k, n;
struct in_addr *addrp;
@@ -1178,8 +1185,8 @@ static struct in6_addr *parse_ip6mask(char *mask)
return &maskaddr;
}
-void ip6parse_hostnetworkmask(const char *name, struct in6_addr **addrpp,
- struct in6_addr *maskp, unsigned int *naddrs)
+void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
+ struct in6_addr *maskp, unsigned int *naddrs)
{
struct in6_addr *addrp;
unsigned int i, j, k, n;
@@ -1214,7 +1221,7 @@ void ip6parse_hostnetworkmask(const char *name, struct in6_addr **addrpp,
}
}
-void save_string(const char *value)
+void xtables_save_string(const char *value)
{
static const char no_quote_chars[] = "_-0123456789"
"abcdefghijklmnopqrstuvwxyz"