diff options
Diffstat (limited to 'extensions')
76 files changed, 511 insertions, 509 deletions
diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c index 92266e49..0a987139 100644 --- a/extensions/libip6t_HL.c +++ b/extensions/libip6t_HL.c @@ -40,11 +40,11 @@ static int HL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "HL: You must specify a value"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "HL: unexpected `!'"); - if (string_to_number(optarg, 0, 255, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "HL: Expected value between 0 and 255"); diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index 40a551f4..79877350 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -70,7 +70,7 @@ parse_level(const char *level) unsigned int lev = -1; unsigned int set = 0; - if (string_to_number(level, 0, 7, &lev) == -1) { + if (!xtables_strtoui(level, NULL, &lev, 0, 7)) { unsigned int i = 0; for (i = 0; @@ -91,7 +91,7 @@ parse_level(const char *level) "log-level `%s' unknown", level); } - return (u_int8_t)lev; + return lev; } #define IP6T_LOG_OPT_LEVEL 0x01 @@ -112,7 +112,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-level twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-level"); @@ -125,7 +125,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-prefix"); diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c index 0e212021..1c2be686 100644 --- a/extensions/libip6t_REJECT.c +++ b/extensions/libip6t_REJECT.c @@ -85,7 +85,7 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --reject-with"); for (i = 0; i < limit; i++) { diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c index 0bbd4754..83ed4514 100644 --- a/extensions/libip6t_ah.c +++ b/extensions/libip6t_ah.c @@ -45,7 +45,7 @@ parse_ah_spi(const char *spistr, const char *typestr) exit_error(PARAMETER_PROBLEM, "AH error parsing %s `%s'", typestr, spistr); - return (u_int32_t) spi; + return spi; } static void @@ -86,7 +86,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_AH_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--ahspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_ah_spis(argv[optind-1], ahinfo->spis); if (invert) ahinfo->invflags |= IP6T_AH_INV_SPI; @@ -96,7 +96,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_AH_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--ahlen' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length"); if (invert) ahinfo->invflags |= IP6T_AH_INV_LEN; diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c index 215e2d95..e19abc4b 100644 --- a/extensions/libip6t_dst.c +++ b/extensions/libip6t_dst.c @@ -49,7 +49,7 @@ parse_opts_num(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "dst: error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static int @@ -78,13 +78,12 @@ parse_options(const char *optsstr, u_int16_t *opts) *range++ = '\0'; } - opts[i] = (u_int16_t)((parse_opts_num(cp,"opt") & 0x000000FF)<<8); + opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8; if (range) { if (opts[i] == 0) exit_error(PARAMETER_PROBLEM, "PAD0 hasn't got length"); - opts[i] |= (u_int16_t)(parse_opts_num(range,"length") & - 0x000000FF); + opts[i] |= parse_opts_num(range, "length") & 0xFF; } else opts[i] |= (0x00FF); @@ -126,7 +125,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--dst-len' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); optinfo->hdrlen = parse_opts_num(argv[optind-1], "length"); if (invert) optinfo->invflags |= IP6T_OPTS_INV_LEN; @@ -137,7 +136,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_OPTS) exit_error(PARAMETER_PROBLEM, "Only one `--dst-opts' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, " '!' not allowed with `--dst-opts'"); diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 5ded1c65..b55ef26f 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -51,7 +51,7 @@ parse_frag_id(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "FRAG error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static void @@ -94,7 +94,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_FRAG_IDS) exit_error(PARAMETER_PROBLEM, "Only one `--fragid' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_frag_ids(argv[optind-1], fraginfo->ids); if (invert) fraginfo->invflags |= IP6T_FRAG_INV_IDS; @@ -105,7 +105,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_FRAG_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--fraglen' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); fraginfo->hdrlen = parse_frag_id(argv[optind-1], "length"); if (invert) fraginfo->invflags |= IP6T_FRAG_INV_LEN; diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c index 419c2506..3354eae4 100644 --- a/extensions/libip6t_hbh.c +++ b/extensions/libip6t_hbh.c @@ -52,7 +52,7 @@ parse_opts_num(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "hbh: error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static int @@ -75,12 +75,11 @@ parse_options(const char *optsstr, u_int16_t *opts) "too many ports specified"); *range++ = '\0'; } - opts[i] = (u_int16_t)((parse_opts_num(cp,"opt") & 0x000000FF)<<8); + opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8; if (range) { if (opts[i] == 0) exit_error(PARAMETER_PROBLEM, "PAD0 hasn't got length"); - opts[i] |= (u_int16_t)(parse_opts_num(range,"length") & - 0x000000FF); + opts[i] |= parse_opts_num(range, "length") & 0xFF; } else { opts[i] |= (0x00FF); } @@ -121,7 +120,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--hbh-len' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); optinfo->hdrlen = parse_opts_num(argv[optind-1], "length"); if (invert) optinfo->invflags |= IP6T_OPTS_INV_LEN; @@ -132,7 +131,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_OPTS) exit_error(PARAMETER_PROBLEM, "Only one `--hbh-opts' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, " '!' not allowed with `--hbh-opts'"); diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c index 77275812..286f4324 100644 --- a/extensions/libip6t_hl.c +++ b/extensions/libip6t_hl.c @@ -30,7 +30,7 @@ static int hl_parse(int c, char **argv, int invert, unsigned int *flags, struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data; u_int8_t value; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); value = atoi(argv[optind-1]); if (*flags) diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index b87538f9..5af9b02e 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -123,12 +123,12 @@ parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[]) if (slash) *slash = '\0'; - if (string_to_number(buffer, 0, 255, &number) == -1) + if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMPv6 type `%s'\n", buffer); *type = number; if (slash) { - if (string_to_number(slash+1, 0, 255, &number) == -1) + if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMPv6 code `%s'\n", slash+1); @@ -157,7 +157,7 @@ static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags == 1) exit_error(PARAMETER_PROBLEM, "icmpv6 match: only use --icmpv6-type once!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_icmpv6(argv[optind-1], &icmpv6info->type, icmpv6info->code); if (invert) diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index 30061244..982e6a7b 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -110,7 +110,7 @@ name_to_proto(const char *s) s); } - return (u_int16_t)proto; + return proto; } static unsigned int @@ -192,7 +192,7 @@ ipv6header_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--header' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (! (info->matchflags = parse_header(argv[optind-1])) ) exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names"); @@ -262,8 +262,6 @@ static void ipv6header_print(const void *ip, if (info->modeflag) printf("soft "); - - return; } static void ipv6header_save(const void *ip, const struct xt_entry_match *match) @@ -276,8 +274,6 @@ static void ipv6header_save(const void *ip, const struct xt_entry_match *match) printf(" "); if (info->modeflag) printf("--soft "); - - return; } static struct xtables_match ipv6header_mt6_reg = { diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c index e76d7c36..78fc804a 100644 --- a/extensions/libip6t_mh.c +++ b/extensions/libip6t_mh.c @@ -93,7 +93,7 @@ static unsigned int name_to_type(const char *name) } else { unsigned int number; - if (string_to_number(name, 0, 255, &number) == -1) + if (!xtables_strtoui(name, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid MH type `%s'\n", name); return number; @@ -134,7 +134,7 @@ static int mh_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & MH_TYPES) exit_error(PARAMETER_PROBLEM, "Only one `--mh-type' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_mh_types(argv[optind-1], mhinfo->types); if (invert) mhinfo->invflags |= IP6T_MH_INV_TYPE; diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c index 357cbea1..7c1a1e71 100644 --- a/extensions/libip6t_policy.c +++ b/extensions/libip6t_policy.c @@ -160,7 +160,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, unsigned int naddr = 0; int mode; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); switch (c) { case '1': @@ -214,7 +214,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-src option"); - ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); @@ -229,7 +229,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-dst option"); - ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); @@ -244,7 +244,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --proto option"); - e->proto = parse_protocol(argv[optind-1]); + e->proto = xtables_parse_protocol(argv[optind-1]); if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP && e->proto != IPPROTO_COMP) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c index 9468da18..64c98efc 100644 --- a/extensions/libip6t_rt.c +++ b/extensions/libip6t_rt.c @@ -58,7 +58,7 @@ parse_rt_num(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "RT error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static void @@ -158,7 +158,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_RT_TYP) exit_error(PARAMETER_PROBLEM, "Only one `--rt-type' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); rtinfo->rt_type = parse_rt_num(argv[optind-1], "type"); if (invert) rtinfo->invflags |= IP6T_RT_INV_TYP; @@ -169,7 +169,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_RT_SGS) exit_error(PARAMETER_PROBLEM, "Only one `--rt-segsleft' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_rt_segsleft(argv[optind-1], rtinfo->segsleft); if (invert) rtinfo->invflags |= IP6T_RT_INV_SGS; @@ -180,7 +180,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_RT_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--rt-len' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); rtinfo->hdrlen = parse_rt_num(argv[optind-1], "length"); if (invert) rtinfo->invflags |= IP6T_RT_INV_LEN; @@ -204,7 +204,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) ) exit_error(PARAMETER_PROBLEM, "`--rt-type 0' required before `--rt-0-addrs'"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, " '!' not allowed with `--rt-0-addrs'"); diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c index 47184965..38909ea4 100644 --- a/extensions/libipt_CLUSTERIP.c +++ b/extensions/libipt_CLUSTERIP.c @@ -120,9 +120,9 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n"); if (*flags & PARAM_TOTALNODE) exit_error(PARAMETER_PROBLEM, "Can only specify total node number once\n"); - if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0) + if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES)) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); - cipinfo->num_total_nodes = (u_int16_t)num; + cipinfo->num_total_nodes = num; *flags |= PARAM_TOTALNODE; break; case '5': @@ -130,10 +130,10 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n"); if (*flags & PARAM_LOCALNODE) exit_error(PARAMETER_PROBLEM, "Can only specify local node number once\n"); - if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0) + if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES)) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); cipinfo->num_local_nodes = 1; - cipinfo->local_nodes[0] = (u_int16_t)num; + cipinfo->local_nodes[0] = num; *flags |= PARAM_LOCALNODE; break; case '6': @@ -141,7 +141,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with `--new'\n"); if (*flags & PARAM_HASHINIT) exit_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n"); - if (string_to_number(optarg, 0, UINT_MAX, &num) < 0) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT_MAX)) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); cipinfo->hash_initval = num; *flags |= PARAM_HASHINIT; diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index e884b03e..371ec79a 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -117,13 +117,13 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) if (dash) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range.min_ip = ip->s_addr; if (dash) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", dash+1); @@ -152,7 +152,7 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-destination"); @@ -195,10 +195,10 @@ static void print_range(const struct ip_nat_range *r) struct in_addr a; a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); if (r->max_ip != r->min_ip) { a.s_addr = r->max_ip; - printf("-%s", ipaddr_to_numeric(&a)); + printf("-%s", xtables_ipaddr_to_numeric(&a)); } } if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c index e9312f06..c4e8e34f 100644 --- a/extensions/libipt_ECN.c +++ b/extensions/libipt_ECN.c @@ -61,7 +61,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_SET_CWR) exit_error(PARAMETER_PROBLEM, "ECN target: Only use --ecn-tcp-cwr ONCE!"); - if (string_to_number(optarg, 0, 1, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 1)) exit_error(PARAMETER_PROBLEM, "ECN target: Value out of range"); einfo->operation |= IPT_ECN_OP_SET_CWR; @@ -72,7 +72,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_SET_ECE) exit_error(PARAMETER_PROBLEM, "ECN target: Only use --ecn-tcp-ece ONCE!"); - if (string_to_number(optarg, 0, 1, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 1)) exit_error(PARAMETER_PROBLEM, "ECN target: Value out of range"); einfo->operation |= IPT_ECN_OP_SET_ECE; @@ -83,7 +83,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_SET_IP) exit_error(PARAMETER_PROBLEM, "ECN target: Only use --ecn-ip-ect ONCE!"); - if (string_to_number(optarg, 0, 3, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 3)) exit_error(PARAMETER_PROBLEM, "ECN target: Value out of range"); einfo->operation |= IPT_ECN_OP_SET_IP; diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 668b5654..bc7e8a4e 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -70,7 +70,7 @@ parse_level(const char *level) unsigned int lev = -1; unsigned int set = 0; - if (string_to_number(level, 0, 7, &lev) == -1) { + if (!xtables_strtoui(level, NULL, &lev, 0, 7)) { unsigned int i = 0; for (i = 0; @@ -91,7 +91,7 @@ parse_level(const char *level) "log-level `%s' unknown", level); } - return (u_int8_t)lev; + return lev; } #define IPT_LOG_OPT_LEVEL 0x01 @@ -112,7 +112,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-level twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-level"); @@ -125,7 +125,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-prefix"); @@ -235,7 +235,7 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target) if (strcmp(loginfo->prefix, "") != 0) { printf("--log-prefix "); - save_string(loginfo->prefix); + xtables_save_string(loginfo->prefix); } if (loginfo->level != LOG_DEFAULT_LEVEL) diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 1f932949..0ee155c2 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -90,7 +90,7 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-ports"); diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index f6c688df..9949c99b 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -75,21 +75,21 @@ parse_to(char *arg, struct ip_nat_range *range) if (slash) *slash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range->min_ip = ip->s_addr; if (slash) { if (strchr(slash+1, '.')) { - ip = numeric_to_ipmask(slash+1); + ip = xtables_numeric_to_ipmask(slash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n", slash+1); netmask = ip->s_addr; } else { - if (string_to_number(slash+1, 0, 32, &bits) == -1) + if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32)) exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n", slash+1); netmask = bits2netmask(bits); @@ -118,7 +118,7 @@ static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s", NETMAP_opts[0].name); @@ -148,11 +148,11 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, int bits; a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); a.s_addr = ~(r->min_ip ^ r->max_ip); bits = netmask2bits(a.s_addr); if (bits < 0) - printf("/%s", ipaddr_to_numeric(&a)); + printf("/%s", xtables_ipaddr_to_numeric(&a)); else printf("/%d", bits); } diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 64ab737b..c6afbdcc 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -48,7 +48,7 @@ parse_ports(const char *arg, struct ip_nat_multi_range *mr) port = atoi(arg); if (port == 0) - port = service_to_port(arg, NULL); + port = xtables_service_to_port(arg, NULL); if (port == 0 || port > 65535) exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg); @@ -97,7 +97,7 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-ports"); diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index ef404e67..db94306e 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -99,7 +99,7 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --reject-with"); for (i = 0; i < limit; i++) { diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 6cb09afc..007ebc35 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -56,14 +56,14 @@ parse_to(char *arg, struct ip_nat_range *range) if (dash) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range->min_ip = ip->s_addr; if (dash) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", dash+1); @@ -93,7 +93,7 @@ static int SAME_parse(int c, char **argv, int invert, unsigned int *flags, "Too many ranges specified, maximum " "is %i ranges.\n", IPT_SAME_MAX_RANGE); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to"); @@ -151,13 +151,13 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target, a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); a.s_addr = r->max_ip; if (r->min_ip == r->max_ip) printf(" "); else - printf("-%s ", ipaddr_to_numeric(&a)); + printf("-%s ", xtables_ipaddr_to_numeric(&a)); if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) random_selection = 1; } @@ -181,13 +181,13 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target) struct in_addr a; a.s_addr = r->min_ip; - printf("--to %s", ipaddr_to_numeric(&a)); + printf("--to %s", xtables_ipaddr_to_numeric(&a)); a.s_addr = r->max_ip; if (r->min_ip == r->max_ip) printf(" "); else - printf("-%s ", ipaddr_to_numeric(&a)); + printf("-%s ", xtables_ipaddr_to_numeric(&a)); if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) random_selection = 1; } diff --git a/extensions/libipt_SET.c b/extensions/libipt_SET.c index 7ec0c31c..45967be2 100644 --- a/extensions/libipt_SET.c +++ b/extensions/libipt_SET.c @@ -57,7 +57,7 @@ parse_target(char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "--%s can be specified only once", what); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s", what); diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 8c28c0ee..96ef56e4 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -117,13 +117,13 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) if (dash) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range.min_ip = ip->s_addr; if (dash) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", dash+1); @@ -152,7 +152,7 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-source"); @@ -196,10 +196,10 @@ static void print_range(const struct ip_nat_range *r) struct in_addr a; a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); if (r->max_ip != r->min_ip) { a.s_addr = r->max_ip; - printf("-%s", ipaddr_to_numeric(&a)); + printf("-%s", xtables_ipaddr_to_numeric(&a)); } } if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index 7647f2f7..15d23ba2 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -40,11 +40,11 @@ static int TTL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "TTL: You must specify a value"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "TTL: unexpected `!'"); - if (string_to_number(optarg, 0, 255, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "TTL: Expected value between 0 and 255"); diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c index d73a3f65..89d09409 100644 --- a/extensions/libipt_ULOG.c +++ b/extensions/libipt_ULOG.c @@ -77,7 +77,7 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --ulog-nlgroup twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --ulog-nlgroup"); group_d = atoi(optarg); @@ -95,7 +95,7 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --ulog-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --ulog-prefix"); @@ -151,7 +151,7 @@ static void ULOG_save(const void *ip, const struct xt_entry_target *target) if (strcmp(loginfo->prefix, "") != 0) { fputs("--ulog-prefix ", stdout); - save_string(loginfo->prefix); + xtables_save_string(loginfo->prefix); } if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) { diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c index dc43a3f5..446cf0f3 100644 --- a/extensions/libipt_addrtype.c +++ b/extensions/libipt_addrtype.c @@ -107,7 +107,7 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags, if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify src-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->source); if (invert) info->invert_source = 1; @@ -117,7 +117,7 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags, if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify dst-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->dest); if (invert) info->invert_dest = 1; @@ -142,7 +142,7 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify src-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->source); if (invert) info->flags |= IPT_ADDRTYPE_INVERT_SOURCE; @@ -152,7 +152,7 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify dst-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->dest); if (invert) info->flags |= IPT_ADDRTYPE_INVERT_DEST; diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index fec87a74..31977dd6 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -41,7 +41,7 @@ parse_ah_spi(const char *spistr) exit_error(PARAMETER_PROBLEM, "AH error parsing spi `%s'", spistr); } - return (u_int32_t) spi; + return spi; } static void @@ -82,7 +82,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & AH_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--ahspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_ah_spis(argv[optind-1], ahinfo->spis); if (invert) ahinfo->invflags |= IPT_AH_INV_SPI; diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c index 72353d5f..3b9da71a 100644 --- a/extensions/libipt_ecn.c +++ b/extensions/libipt_ecn.c @@ -44,7 +44,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_MATCH_CWR) exit_error(PARAMETER_PROBLEM, "ECN match: can only use parameter ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->operation |= IPT_ECN_OP_MATCH_CWR; if (invert) einfo->invert |= IPT_ECN_OP_MATCH_CWR; @@ -55,7 +55,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_MATCH_ECE) exit_error(PARAMETER_PROBLEM, "ECN match: can only use parameter ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->operation |= IPT_ECN_OP_MATCH_ECE; if (invert) einfo->invert |= IPT_ECN_OP_MATCH_ECE; @@ -66,12 +66,12 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_MATCH_IP) exit_error(PARAMETER_PROBLEM, "ECN match: can only use parameter ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) einfo->invert |= IPT_ECN_OP_MATCH_IP; *flags |= IPT_ECN_OP_MATCH_IP; einfo->operation |= IPT_ECN_OP_MATCH_IP; - if (string_to_number(optarg, 0, 3, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 3)) exit_error(PARAMETER_PROBLEM, "ECN match: Value out of range"); einfo->ip_ect = result; diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index fa5a5409..0fd132be 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -147,12 +147,12 @@ parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[]) if (slash) *slash = '\0'; - if (string_to_number(buffer, 0, 255, &number) == -1) + if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMP type `%s'\n", buffer); *type = number; if (slash) { - if (string_to_number(slash+1, 0, 255, &number) == -1) + if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMP code `%s'\n", slash+1); @@ -182,7 +182,7 @@ static int icmp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags == 1) exit_error(PARAMETER_PROBLEM, "icmp match: only use --icmp-type once!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_icmp(argv[optind-1], &icmpinfo->type, icmpinfo->code); if (invert) diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index 9c701820..6ae51e7c 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -128,7 +128,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, unsigned int naddr = 0; int mode; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); switch (c) { case '1': @@ -182,7 +182,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-src option"); - ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); @@ -197,7 +197,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-dst option"); - ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); @@ -212,7 +212,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --proto option"); - e->proto = parse_protocol(argv[optind-1]); + e->proto = xtables_parse_protocol(argv[optind-1]); if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP && e->proto != IPPROTO_COMP) exit_error(PARAMETER_PROBLEM, @@ -352,14 +352,14 @@ static void print_entry(char *prefix, const struct ipt_policy_elem *e, if (e->match.daddr) { PRINT_INVERT(e->invert.daddr); printf("%stunnel-dst %s%s ", prefix, - ipaddr_to_numeric((const void *)&e->daddr), - ipmask_to_numeric((const void *)&e->dmask)); + xtables_ipaddr_to_numeric((const void *)&e->daddr), + xtables_ipmask_to_numeric((const void *)&e->dmask)); } if (e->match.saddr) { PRINT_INVERT(e->invert.saddr); printf("%stunnel-src %s%s ", prefix, - ipaddr_to_numeric((const void *)&e->saddr), - ipmask_to_numeric((const void *)&e->smask)); + xtables_ipaddr_to_numeric((const void *)&e->saddr), + xtables_ipmask_to_numeric((const void *)&e->smask)); } } diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c index 5af2fd41..e602dad1 100644 --- a/extensions/libipt_realm.c +++ b/extensions/libipt_realm.c @@ -157,7 +157,7 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); end = optarg = argv[optind-1]; realminfo->id = strtoul(optarg, &end, 0); if (end != optarg && (*end == '/' || *end == '\0')) { @@ -173,7 +173,7 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags, if (id == -1) exit_error(PARAMETER_PROBLEM, "Realm `%s' not found", optarg); - realminfo->id = (u_int32_t)id; + realminfo->id = id; realminfo->mask = 0xffffffff; } if (invert) diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c index 9bdb007d..5b9e1fdc 100644 --- a/extensions/libipt_set.c +++ b/extensions/libipt_set.c @@ -58,7 +58,7 @@ static int set_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "--set can be specified only once"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->flags[0] |= IPSET_MATCH_INV; diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index 055c92ee..3387e924 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -29,11 +29,11 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data; unsigned int value; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); switch (c) { case '2': - if (string_to_number(optarg, 0, 255, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); @@ -46,7 +46,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, info->ttl = value; break; case '3': - if (string_to_number(optarg, 0, 255, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); @@ -58,7 +58,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, info->ttl = value; break; case '4': - if (string_to_number(optarg, 0, 255, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index 2ad27591..e426e4f1 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -90,8 +90,8 @@ static void connmark_tg_init(struct xt_entry_target *target) * Need these defaults for --save-mark/--restore-mark if no * --ctmark or --nfmask is given. */ - info->ctmask = ~0U; - info->nfmask = ~0U; + info->ctmask = UINT32_MAX; + info->nfmask = UINT32_MAX; } static int @@ -152,20 +152,20 @@ static int connmark_tg_parse(int c, char **argv, int invert, struct xt_entry_target **target) { struct xt_connmark_tginfo1 *info = (void *)(*target)->data; - unsigned int value, mask = ~0U; + unsigned int value, mask = UINT32_MAX; char *end; switch (c) { case '=': /* --set-xmark */ case '-': /* --set-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, &end, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); + if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; info->ctmask = mask; @@ -175,9 +175,9 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case '&': /* --and-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &mask, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--and-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); + if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--and-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = 0; info->ctmask = ~mask; @@ -185,9 +185,9 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case '|': /* --or-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--or-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--or-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; info->ctmask = value; @@ -195,9 +195,9 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case '^': /* --xor-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--xor-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--xor-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; info->ctmask = 0; @@ -205,13 +205,13 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case 'S': /* --save-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); info->mode = XT_CONNMARK_SAVE; *flags |= F_MARK | F_SR_MARK; return true; case 'R': /* --restore-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); info->mode = XT_CONNMARK_RESTORE; *flags |= F_MARK | F_SR_MARK; return true; @@ -221,8 +221,8 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--nfmask"); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--nfmask", optarg); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--nfmask", optarg); info->nfmask = value; return true; @@ -231,8 +231,8 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--ctmask"); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--ctmask", optarg); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--ctmask", optarg); info->ctmask = value; return true; @@ -241,8 +241,8 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--mask"); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "CONNMARK", "--mask", optarg); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--mask", optarg); info->nfmask = info->ctmask = value; return true; } @@ -317,7 +317,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target, info->ctmark, info->ctmask); break; case XT_CONNMARK_SAVE: - if (info->nfmask == ~0U && info->ctmask == ~0U) + if (info->nfmask == UINT32_MAX && info->ctmask == UINT32_MAX) printf("CONNMARK save "); else if (info->nfmask == info->ctmask) printf("CONNMARK save mask 0x%x ", info->nfmask); @@ -326,7 +326,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target, info->nfmask, info->ctmask); break; case XT_CONNMARK_RESTORE: - if (info->ctmask == ~0U && info->nfmask == ~0U) + if (info->ctmask == UINT32_MAX && info->nfmask == UINT32_MAX) printf("CONNMARK restore "); else if (info->ctmask == info->nfmask) printf("CONNMARK restore mask 0x%x ", info->ctmask); diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index 6625db11..aac8f9b0 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo) { unsigned int dscp; - if (string_to_number(s, 0, 255, &dscp) == -1) + if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid dscp `%s'\n", s); @@ -56,8 +56,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo) exit_error(PARAMETER_PROBLEM, "DSCP `%d` out of range\n", dscp); - dinfo->dscp = (u_int8_t )dscp; - return; + dinfo->dscp = dscp; } @@ -67,7 +66,7 @@ parse_class(const char *s, struct xt_DSCP_info *dinfo) unsigned int dscp = class_to_dscp(s); /* Assign the value */ - dinfo->dscp = (u_int8_t)dscp; + dinfo->dscp = dscp; } diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index 95bce89a..8f04e8e7 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -58,12 +58,13 @@ MARK_parse_v0(int c, char **argv, int invert, unsigned int *flags, { struct xt_mark_target_info *markinfo = (struct xt_mark_target_info *)(*target)->data; + unsigned int mark = 0; switch (c) { case '1': - if (string_to_number_l(optarg, 0, 0, - &markinfo->mark)) + if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg); + markinfo->mark = mark; if (*flags) exit_error(PARAMETER_PROBLEM, "MARK target: Can't specify --set-mark twice"); @@ -96,6 +97,7 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags, { struct xt_mark_target_info_v1 *markinfo = (struct xt_mark_target_info_v1 *)(*target)->data; + unsigned int mark = 0; switch (c) { case '1': @@ -111,9 +113,9 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags, return 0; } - if (string_to_number_l(optarg, 0, 0, &markinfo->mark)) + if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg); - + markinfo->mark = mark; if (*flags) exit_error(PARAMETER_PROBLEM, "MARK target: Can't specify --set-mark twice"); @@ -126,21 +128,21 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_target **target) { struct xt_mark_tginfo2 *info = (void *)(*target)->data; - unsigned int value, mask = ~0U; + unsigned int value, mask = UINT32_MAX; char *end; switch (c) { case 'X': /* --set-xmark */ case '=': /* --set-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert); - if (!strtonum(optarg, &end, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert); + if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) - param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); info->mark = value; info->mask = mask; @@ -149,28 +151,28 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, break; case '&': /* --and-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--and-mark", invert); - if (!strtonum(optarg, NULL, &mask, 0, ~0U)) - param_act(P_BAD_VALUE, "MARK", "--and-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--and-mark", invert); + if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "MARK", "--and-mark", optarg); info->mark = 0; info->mask = ~mask; break; case '|': /* --or-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--or-mark", invert); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "MARK", "--or-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--or-mark", invert); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "MARK", "--or-mark", optarg); info->mark = value; info->mask = value; break; case '^': /* --xor-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--xor-mark", invert); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) - param_act(P_BAD_VALUE, "MARK", "--xor-mark", optarg); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--xor-mark", invert); + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "MARK", "--xor-mark", optarg); info->mark = value; info->mask = 0; break; diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index fe22e981..6d8c9dc6 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -51,7 +51,7 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & NFLOG_GROUP) exit_error(PARAMETER_PROBLEM, "Can't specify --nflog-group twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --nflog-group"); @@ -65,7 +65,7 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & NFLOG_PREFIX) exit_error(PARAMETER_PROBLEM, "Can't specify --nflog-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --nflog-prefix"); @@ -113,7 +113,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix) { if (info->prefix[0] != '\0') { printf("%snflog-prefix ", prefix); - save_string(info->prefix); + xtables_save_string(info->prefix); } if (info->group) printf("%snflog-group %u ", prefix, info->group); diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c index 7daed18e..1c0c23d8 100644 --- a/extensions/libxt_NFQUEUE.c +++ b/extensions/libxt_NFQUEUE.c @@ -33,12 +33,11 @@ parse_num(const char *s, struct xt_NFQ_info *tinfo) { unsigned int num; - if (string_to_number(s, 0, 65535, &num) == -1) + if (!xtables_strtoui(s, NULL, &num, 0, UINT16_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid queue number `%s'\n", s); tinfo->queuenum = num & 0xffff; - return; } static int diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c index 2227eb48..33fc71cd 100644 --- a/extensions/libxt_TCPMSS.c +++ b/extensions/libxt_TCPMSS.c @@ -55,7 +55,8 @@ static int __TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "TCPMSS target: Only one option may be specified"); - if (string_to_number(optarg, 0, 65535 - hdrsize, &mssval) == -1) + if (!xtables_strtoui(optarg, NULL, &mssval, + 0, UINT16_MAX - hdrsize)) exit_error(PARAMETER_PROBLEM, "Bad TCPMSS value `%s'", optarg); mssinfo->mss = mssval; diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c index 758f8476..c053a8b1 100644 --- a/extensions/libxt_TCPOPTSTRIP.c +++ b/extensions/libxt_TCPOPTSTRIP.c @@ -82,7 +82,8 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg) break; } - if (option == 0 && string_to_number(arg, 0, 255, &option) == -1) + if (option == 0 && + !xtables_strtoui(arg, NULL, &option, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Bad TCP option value \"%s\"", arg); diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index c1856817..7b1f7f83 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -82,10 +82,10 @@ static int tos_tg_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '=': - param_act(P_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--set-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert); if (!tos_parse_symbolic(optarg, &tvm, 0xFF)) - param_act(P_BAD_VALUE, "TOS", "--set-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg); if (tvm.mask != 0xFF) exit_error(PARAMETER_PROBLEM, "tos match: Your kernel " "is too old to support anything besides " @@ -107,37 +107,37 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '=': /* --set-tos */ - param_act(P_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--set-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert); if (!tos_parse_symbolic(optarg, &tvm, 0x3F)) - param_act(P_BAD_VALUE, "TOS", "--set-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg); info->tos_value = tvm.value; info->tos_mask = tvm.mask; break; case '&': /* --and-tos */ - param_act(P_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--and-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, 0xFF)) - param_act(P_BAD_VALUE, "TOS", "--and-tos", optarg); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--and-tos", invert); + if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) + xtables_param_act(XTF_BAD_VALUE, "TOS", "--and-tos", optarg); info->tos_value = 0; info->tos_mask = ~bits; break; case '|': /* --or-tos */ - param_act(P_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--or-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, 0xFF)) - param_act(P_BAD_VALUE, "TOS", "--or-tos", optarg); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--or-tos", invert); + if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) + xtables_param_act(XTF_BAD_VALUE, "TOS", "--or-tos", optarg); info->tos_value = bits; info->tos_mask = bits; break; case '^': /* --xor-tos */ - param_act(P_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--xor-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, 0xFF)) - param_act(P_BAD_VALUE, "TOS", "--xor-tos", optarg); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--xor-tos", invert); + if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) + xtables_param_act(XTF_BAD_VALUE, "TOS", "--xor-tos", optarg); info->tos_value = bits; info->tos_mask = 0; break; diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index deb214f8..54ae96d2 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -40,34 +40,34 @@ static void parse_tproxy_lport(const char *s, struct xt_tproxy_target_info *info { unsigned int lport; - if (string_to_number(s, 0, 65535, &lport) != -1) + if (xtables_strtoui(s, NULL, &lport, 0, UINT16_MAX)) info->lport = htons(lport); else - param_act(P_BAD_VALUE, "TPROXY", "--on-port", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-port", s); } static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info) { struct in_addr *laddr; - if ((laddr = numeric_to_ipaddr(s)) == NULL) - param_act(P_BAD_VALUE, "TPROXY", "--on-ip", s); + if ((laddr = xtables_numeric_to_ipaddr(s)) == NULL) + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s); info->laddr = laddr->s_addr; } static void parse_tproxy_mark(char *s, struct xt_tproxy_target_info *info) { - unsigned int value, mask = ~0U; + unsigned int value, mask = UINT32_MAX; char *end; - if (!strtonum(s, &end, &value, 0, UINT_MAX)) - param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); + if (!xtables_strtoui(s, &end, &value, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, UINT_MAX)) - param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s); if (*end != '\0') - param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s); info->mark_mask = mask; info->mark_value = value; @@ -80,20 +80,20 @@ static int tproxy_tg_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - param_act(P_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT); - param_act(P_NO_INVERT, "TPROXY", "--on-port", invert); + xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT); + xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-port", invert); parse_tproxy_lport(optarg, tproxyinfo); *flags |= PARAM_ONPORT; return 1; case '2': - param_act(P_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP); - param_act(P_NO_INVERT, "TPROXY", "--on-ip", invert); + xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP); + xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-ip", invert); parse_tproxy_laddr(optarg, tproxyinfo); *flags |= PARAM_ONIP; return 1; case '3': - param_act(P_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK); - param_act(P_NO_INVERT, "TPROXY", "--tproxy-mark", invert); + xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK); + xtables_param_act(XTF_NO_INVERT, "TPROXY", "--tproxy-mark", invert); parse_tproxy_mark(optarg, tproxyinfo); *flags |= PARAM_MARK; return 1; @@ -114,7 +114,7 @@ static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target { const struct xt_tproxy_target_info *info = (const void *)target->data; printf("TPROXY redirect %s:%u mark 0x%x/0x%x", - ipaddr_to_numeric((const struct in_addr *)&info->laddr), + xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr), ntohs(info->lport), (unsigned int)info->mark_value, (unsigned int)info->mark_mask); } @@ -125,7 +125,7 @@ static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target) printf("--on-port %u ", ntohs(info->lport)); printf("--on-ip %s ", - ipaddr_to_numeric((const struct in_addr *)&info->laddr)); + xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr)); printf("--tproxy-mark 0x%x/0x%x ", (unsigned int)info->mark_value, (unsigned int)info->mark_mask); } diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c index a7f96d4f..9bad1256 100644 --- a/extensions/libxt_comment.c +++ b/extensions/libxt_comment.c @@ -46,7 +46,7 @@ comment_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (invert) { exit_error(PARAMETER_PROBLEM, "Sorry, you can't have an inverted comment"); diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c index b77ba38b..5fc0f2a6 100644 --- a/extensions/libxt_connbytes.c +++ b/extensions/libxt_connbytes.c @@ -52,7 +52,7 @@ connbytes_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, &optind, 0)) + if (xtables_check_inverse(optarg, &invert, &optind, 0)) optind++; parse_range(argv[optind-1], sinfo); diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c index 117222a7..f43eada1 100644 --- a/extensions/libxt_connlimit.c +++ b/extensions/libxt_connlimit.c @@ -63,7 +63,7 @@ static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "--connlimit-above may be given only once"); *flags |= 0x1; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->limit = strtoul(argv[optind-1], NULL, 0); info->inverse = invert; break; diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index bc7ef45b..d5ca4e0b 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -49,19 +49,19 @@ connmark_mt_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_connmark_mtinfo1 *info = (void *)(*match)->data; - unsigned int mark, mask = ~0U; + unsigned int mark, mask = UINT32_MAX; char *end; switch (c) { case '1': /* --mark */ - param_act(P_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK); - if (!strtonum(optarg, &end, &mark, 0, ~0U)) - param_act(P_BAD_VALUE, "connmark", "--mark", optarg); + xtables_param_act(XTF_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK); + if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) - param_act(P_BAD_VALUE, "connmark", "--mark", optarg); + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "connmark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg); if (invert) info->invert = true; @@ -82,7 +82,7 @@ connmark_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); markinfo->mask = 0xffffffffUL; diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index d5dee7e6..45783f4d 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -228,7 +228,7 @@ parse_expire(const char *s) { unsigned int len; - if (string_to_number(s, 0, 0, &len) == -1) + if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s); else return len; @@ -268,14 +268,14 @@ conntrack_ps_expires(struct xt_conntrack_mtinfo1 *info, const char *s) unsigned int min, max; char *end; - if (!strtonum(s, &end, &min, 0, ~0)) - param_act(P_BAD_VALUE, "conntrack", "--expires", s); + if (!xtables_strtoui(s, &end, &min, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s); max = min; if (*end == ':') - if (!strtonum(s, &end, &max, 0, ~0U)) - param_act(P_BAD_VALUE, "conntrack", "--expires", s); + if (!xtables_strtoui(s, &end, &max, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s); if (*end != '\0') - param_act(P_BAD_VALUE, "conntrack", "--expires", s); + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s); if (min > max) exit_error(PARAMETER_PROBLEM, @@ -297,7 +297,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_states(argv[optind-1], sinfo); if (invert) { @@ -307,7 +307,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if(invert) sinfo->invflags |= XT_CONNTRACK_PROTO; @@ -317,7 +317,8 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, *protocol = tolower(*protocol); protocol = argv[optind-1]; - sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = parse_protocol(protocol); + sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = + xtables_parse_protocol(protocol); if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0 && (sinfo->invflags & XT_INV_PROTO)) @@ -328,12 +329,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGSRC; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->sipmsk[IP_CT_DIR_ORIGINAL], &naddrs); if(naddrs > 1) @@ -348,12 +349,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGDST; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->dipmsk[IP_CT_DIR_ORIGINAL], &naddrs); if(naddrs > 1) @@ -368,12 +369,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_REPLSRC; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->sipmsk[IP_CT_DIR_REPLY], &naddrs); if(naddrs > 1) @@ -388,12 +389,12 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_REPLDST; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->dipmsk[IP_CT_DIR_REPLY], &naddrs); if(naddrs > 1) @@ -408,7 +409,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '7': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_statuses(argv[optind-1], sinfo); if (invert) { @@ -418,7 +419,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '8': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_expires(argv[optind-1], sinfo); if (invert) { @@ -455,7 +456,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, /* Canonicalize into lower case */ for (p = optarg; *p != '\0'; ++p) *p = tolower(*p); - info->l4proto = parse_protocol(optarg); + info->l4proto = xtables_parse_protocol(optarg); if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO)) exit_error(PARAMETER_PROBLEM, "conntrack: rule would " @@ -481,8 +482,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'a': /* --ctorigsrcport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) - param_act(P_BAD_VALUE, "conntrack", + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctorigsrcport", optarg); info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT; info->origsrc_port = htons(port); @@ -491,8 +492,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'b': /* --ctorigdstport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) - param_act(P_BAD_VALUE, "conntrack", + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctorigdstport", optarg); info->match_flags |= XT_CONNTRACK_ORIGDST_PORT; info->origdst_port = htons(port); @@ -501,8 +502,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'c': /* --ctreplsrcport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) - param_act(P_BAD_VALUE, "conntrack", + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctreplsrcport", optarg); info->match_flags |= XT_CONNTRACK_REPLSRC_PORT; info->replsrc_port = htons(port); @@ -511,8 +512,8 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'd': /* --ctrepldstport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) - param_act(P_BAD_VALUE, "conntrack", + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctrepldstport", optarg); info->match_flags |= XT_CONNTRACK_REPLDST_PORT; info->repldst_port = htons(port); @@ -521,7 +522,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'e': /* --ctdir */ - param_act(P_NO_INVERT, "conntrack", "--ctdir", invert); + xtables_param_act(XTF_NO_INVERT, "conntrack", "--ctdir", invert); if (strcasecmp(optarg, "ORIGINAL") == 0) { info->match_flags |= XT_CONNTRACK_DIRECTION; info->invert_flags &= ~XT_CONNTRACK_DIRECTION; @@ -529,7 +530,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, info->match_flags |= XT_CONNTRACK_DIRECTION; info->invert_flags |= XT_CONNTRACK_DIRECTION; } else { - param_act(P_BAD_VALUE, "conntrack", "--ctdir", optarg); + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctdir", optarg); } break; @@ -551,7 +552,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '3': /* --ctorigsrc */ - ipparse_hostnetworkmask(optarg, &addr, &info->origsrc_mask.in, + xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -564,7 +565,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': /* --ctorigdst */ - ipparse_hostnetworkmask(optarg, &addr, &info->origdst_mask.in, + xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -577,7 +578,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': /* --ctreplsrc */ - ipparse_hostnetworkmask(optarg, &addr, &info->replsrc_mask.in, + xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -590,7 +591,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': /* --ctrepldst */ - ipparse_hostnetworkmask(optarg, &addr, &info->repldst_mask.in, + xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -621,7 +622,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '3': /* --ctorigsrc */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->origsrc_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -634,7 +635,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': /* --ctorigdst */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->origdst_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -647,7 +648,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': /* --ctreplsrc */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->replsrc_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -660,7 +661,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': /* --ctrepldst */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->repldst_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -761,9 +762,9 @@ conntrack_dump_addr(const union nf_inet_addr *addr, return; } if (numeric) - printf("%s ", ipaddr_to_numeric(&addr->in)); + printf("%s ", xtables_ipaddr_to_numeric(&addr->in)); else - printf("%s ", ipaddr_to_anyname(&addr->in)); + printf("%s ", xtables_ipaddr_to_anyname(&addr->in)); } else if (family == NFPROTO_IPV6) { if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 && addr->ip6[2] == 0 && addr->ip6[3] == 0) { @@ -771,9 +772,9 @@ conntrack_dump_addr(const union nf_inet_addr *addr, return; } if (numeric) - printf("%s ", ip6addr_to_numeric(&addr->in6)); + printf("%s ", xtables_ip6addr_to_numeric(&addr->in6)); else - printf("%s ", ip6addr_to_anyname(&addr->in6)); + printf("%s ", xtables_ip6addr_to_anyname(&addr->in6)); } } @@ -789,10 +790,10 @@ print_addr(struct in_addr *addr, struct in_addr *mask, int inv, int numeric) printf("%s ", "anywhere"); else { if (numeric) - sprintf(buf, "%s", ipaddr_to_numeric(addr)); + strcpy(buf, xtables_ipaddr_to_numeric(addr)); else - sprintf(buf, "%s", ipaddr_to_anyname(addr)); - strcat(buf, ipmask_to_numeric(mask)); + strcpy(buf, xtables_ipaddr_to_anyname(addr)); + strcat(buf, xtables_ipmask_to_numeric(mask)); printf("%s ", buf); } } diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index 24bf6f7f..dbf6223c 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -62,14 +62,14 @@ parse_dccp_ports(const char *portstring, buffer = strdup(portstring); DEBUGP("%s\n", portstring); if ((cp = strchr(buffer, ':')) == NULL) { - ports[0] = ports[1] = parse_port(buffer, "dccp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "dccp"); } else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "dccp") : 0; - ports[1] = cp[0] ? parse_port(cp, "dccp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "dccp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, @@ -121,11 +121,11 @@ static u_int8_t parse_dccp_option(char *optstring) { unsigned int ret; - if (string_to_number(optstring, 1, 255, &ret) == -1) + if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'", optstring); - return (u_int8_t)ret; + return ret; } static int @@ -141,7 +141,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); einfo->flags |= XT_DCCP_SRC_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_dccp_ports(argv[optind-1], einfo->spts); if (invert) einfo->invflags |= XT_DCCP_SRC_PORTS; @@ -153,7 +153,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); einfo->flags |= XT_DCCP_DEST_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_dccp_ports(argv[optind-1], einfo->dpts); if (invert) einfo->invflags |= XT_DCCP_DEST_PORTS; @@ -165,7 +165,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--dccp-types' allowed"); einfo->flags |= XT_DCCP_TYPE; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->typemask = parse_dccp_types(argv[optind-1]); if (invert) einfo->invflags |= XT_DCCP_TYPE; @@ -177,7 +177,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--dccp-option' allowed"); einfo->flags |= XT_DCCP_OPTION; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->option = parse_dccp_option(argv[optind-1]); if (invert) einfo->invflags |= XT_DCCP_OPTION; diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index eefb186b..e57c2673 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo) { unsigned int dscp; - if (string_to_number(s, 0, 255, &dscp) == -1) + if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid dscp `%s'\n", s); @@ -56,8 +56,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo) exit_error(PARAMETER_PROBLEM, "DSCP `%d` out of range\n", dscp); - dinfo->dscp = (u_int8_t )dscp; - return; + dinfo->dscp = dscp; } @@ -67,7 +66,7 @@ parse_class(const char *s, struct xt_dscp_info *dinfo) unsigned int dscp = class_to_dscp(s); /* Assign the value */ - dinfo->dscp = (u_int8_t)dscp; + dinfo->dscp = dscp; } @@ -83,7 +82,7 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "DSCP match: Only use --dscp ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_dscp(argv[optind-1], dinfo); if (invert) dinfo->invert = 1; @@ -94,7 +93,7 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "DSCP match: Only use --dscp-class ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_class(argv[optind - 1], dinfo); if (invert) dinfo->invert = 1; diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c index 999733c3..2cc6b60f 100644 --- a/extensions/libxt_esp.c +++ b/extensions/libxt_esp.c @@ -43,7 +43,7 @@ parse_esp_spi(const char *spistr) exit_error(PARAMETER_PROBLEM, "ESP error parsing spi `%s'", spistr); } - return (u_int32_t) spi; + return spi; } static void @@ -88,7 +88,7 @@ esp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & ESP_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--espspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_esp_spis(argv[optind-1], espinfo->spis); if (invert) espinfo->invflags |= XT_ESP_INV_SPI; diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 1c506852..b05e8c8c 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -217,9 +217,9 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '%': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit", *flags & PARAM_LIMIT); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->cfg.avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); @@ -227,41 +227,41 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, break; case '$': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 10000, &num) == -1) + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-burst `%s'", optarg); r->cfg.burst = num; *flags |= PARAM_BURST; break; case '&': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-size: `%s'", optarg); r->cfg.size = num; *flags |= PARAM_SIZE; break; case '*': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-max: `%s'", optarg); r->cfg.max = num; *flags |= PARAM_MAX; break; case '(': - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-gcinterval: `%s'", optarg); @@ -270,10 +270,10 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_GCINTERVAL; break; case ')': - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-expire: `%s'", optarg); /* FIXME: not HZ dependent */ @@ -281,18 +281,18 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_EXPIRE; break; case '_': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (parse_mode(&r->cfg.mode, optarg) < 0) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-mode: `%s'\n", optarg); *flags |= PARAM_MODE; break; case '"': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); strncpy(r->name, optarg, sizeof(r->name)); @@ -317,63 +317,63 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, switch(c) { case '%': /* --hashlimit / --hashlimit-below */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-upto", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-upto", *flags & PARAM_LIMIT); if (invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; if (!parse_rate(optarg, &info->cfg.avg)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-upto", optarg); *flags |= PARAM_LIMIT; return true; case '^': /* --hashlimit-above == !--hashlimit-below */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-above", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-above", *flags & PARAM_LIMIT); if (!invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; if (!parse_rate(optarg, &info->cfg.avg)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-above", optarg); *flags |= PARAM_LIMIT; return true; case '$': /* --hashlimit-burst */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); - if (!strtonum(optarg, NULL, &num, 0, 10000)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-burst", optarg); info->cfg.burst = num; *flags |= PARAM_BURST; return true; case '&': /* --hashlimit-htable-size */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-size", optarg); info->cfg.size = num; *flags |= PARAM_SIZE; return true; case '*': /* --hashlimit-htable-max */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-max", optarg); info->cfg.max = num; *flags |= PARAM_MAX; return true; case '(': /* --hashlimit-htable-gcinterval */ - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-gcinterval", optarg); /* FIXME: not HZ dependent!! */ info->cfg.gc_interval = num; @@ -381,10 +381,10 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, return true; case ')': /* --hashlimit-htable-expire */ - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-expire", optarg); /* FIXME: not HZ dependent */ info->cfg.expire = num; @@ -392,16 +392,16 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, return true; case '_': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); if (parse_mode(&info->cfg.mode, optarg) < 0) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-mode", optarg); *flags |= PARAM_MODE; return true; case '"': /* --hashlimit-name */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); @@ -411,20 +411,20 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, return true; case '<': /* --hashlimit-srcmask */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask", *flags & PARAM_SRCMASK); - if (!strtonum(optarg, NULL, &num, 0, maxmask)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-srcmask", optarg); info->cfg.srcmask = num; *flags |= PARAM_SRCMASK; return true; case '>': /* --hashlimit-dstmask */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask", *flags & PARAM_DSTMASK); - if (!strtonum(optarg, NULL, &num, 0, maxmask)) - param_act(P_BAD_VALUE, "hashlimit", + if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask)) + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-dstmask", optarg); info->cfg.dstmask = num; *flags |= PARAM_DSTMASK; diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c index b60c9826..569ad69e 100644 --- a/extensions/libxt_helper.c +++ b/extensions/libxt_helper.c @@ -31,7 +31,7 @@ helper_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "helper match: Only use --helper ONCE!"); - check_inverse(optarg, &invert, &invert, 0); + xtables_check_inverse(optarg, &invert, &invert, 0); strncpy(info->name, optarg, 29); info->name[29] = '\0'; if (invert) @@ -65,7 +65,7 @@ static void helper_save(const void *ip, const struct xt_entry_match *match) struct xt_helper_info *info = (struct xt_helper_info *)match->data; printf("%s--helper ",info->invert ? "! " : ""); - save_string(info->name); + xtables_save_string(info->name); } static struct xtables_match helper_match = { diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 09e9fb7f..df6be14f 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -40,14 +40,14 @@ parse_iprange(char *arg, struct ipt_iprange *range) if (dash != NULL) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n", arg); range->min_ip = ip->s_addr; if (dash != NULL) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n", dash+1); @@ -70,7 +70,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= IPRANGE_SRC; info->flags |= IPRANGE_SRC; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->flags |= IPRANGE_SRC_INV; parse_iprange(optarg, &info->src); @@ -84,7 +84,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= IPRANGE_DST; info->flags |= IPRANGE_DST; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->flags |= IPRANGE_DST_INV; @@ -110,15 +110,15 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, case '1': /* --src-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); *end = '\0'; - ia = numeric_to_ipaddr(optarg); + ia = xtables_numeric_to_ipaddr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); memcpy(&info->src_min.in, ia, sizeof(*ia)); - ia = numeric_to_ipaddr(end+1); + ia = xtables_numeric_to_ipaddr(end+1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_SRC; if (invert) @@ -129,15 +129,15 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, case '2': /* --dst-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); *end = '\0'; - ia = numeric_to_ipaddr(optarg); + ia = xtables_numeric_to_ipaddr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); memcpy(&info->dst_min.in, ia, sizeof(*ia)); - ia = numeric_to_ipaddr(end + 1); + ia = xtables_numeric_to_ipaddr(end + 1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_DST; if (invert) @@ -160,15 +160,15 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, case '1': /* --src-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); *end = '\0'; - ia = numeric_to_ip6addr(optarg); + ia = xtables_numeric_to_ip6addr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); memcpy(&info->src_min.in, ia, sizeof(*ia)); - ia = numeric_to_ip6addr(end+1); + ia = xtables_numeric_to_ip6addr(end+1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_SRC; if (invert) @@ -179,15 +179,15 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, case '2': /* --dst-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); *end = '\0'; - ia = numeric_to_ip6addr(optarg); + ia = xtables_numeric_to_ip6addr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); memcpy(&info->dst_min.in, ia, sizeof(*ia)); - ia = numeric_to_ip6addr(end + 1); + ia = xtables_numeric_to_ip6addr(end + 1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_DST; if (invert) @@ -250,15 +250,15 @@ iprange_mt4_print(const void *ip, const struct xt_entry_match *match, * ipaddr_to_numeric() uses a static buffer, so cannot * combine the printf() calls. */ - printf("%s", ipaddr_to_numeric(&info->src_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->src_max.in)); + printf("%s", xtables_ipaddr_to_numeric(&info->src_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in)); } if (info->flags & IPRANGE_DST) { printf("destination IP range "); if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("%s", ipaddr_to_numeric(&info->dst_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->dst_max.in)); + printf("%s", xtables_ipaddr_to_numeric(&info->dst_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in)); } } @@ -276,15 +276,15 @@ iprange_mt6_print(const void *ip, const struct xt_entry_match *match, * ipaddr_to_numeric() uses a static buffer, so cannot * combine the printf() calls. */ - printf("%s", ip6addr_to_numeric(&info->src_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->src_max.in6)); + printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6)); } if (info->flags & IPRANGE_DST) { printf("destination IP range "); if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("%s", ip6addr_to_numeric(&info->dst_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->dst_max.in6)); + printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } } @@ -315,14 +315,14 @@ static void iprange_mt4_save(const void *ip, const struct xt_entry_match *match) if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) printf("! "); - printf("--src-range %s", ipaddr_to_numeric(&info->src_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->src_max.in)); + printf("--src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in)); } if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("--dst-range %s", ipaddr_to_numeric(&info->dst_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->dst_max.in)); + printf("--dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in)); } } @@ -333,14 +333,14 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match) if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) printf("! "); - printf("--src-range %s", ip6addr_to_numeric(&info->src_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->src_max.in6)); + printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6)); } if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("--dst-range %s", ip6addr_to_numeric(&info->dst_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->dst_max.in6)); + printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } } diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index 98e81673..cf944e2d 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -26,10 +26,10 @@ parse_length(const char *s) { unsigned int len; - if (string_to_number(s, 0, 0xFFFF, &len) == -1) + if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s); else - return (u_int16_t )len; + return len; } /* If a single value is provided, min and max are both set to the value */ @@ -70,7 +70,7 @@ length_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "length: `--length' may only be " "specified once"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_lengths(argv[optind-1], info); if (invert) info->invert = 1; diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c index 3ed7b965..7edfa3db 100644 --- a/extensions/libxt_limit.c +++ b/extensions/libxt_limit.c @@ -94,15 +94,15 @@ limit_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '%': - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); break; case '$': - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 10000, &num) == -1) + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) exit_error(PARAMETER_PROBLEM, "bad --limit-burst `%s'", optarg); r->burst = num; diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c index f4128c01..b516d80f 100644 --- a/extensions/libxt_mac.c +++ b/extensions/libxt_mac.c @@ -57,7 +57,7 @@ mac_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_mac(argv[optind-1], macinfo); if (invert) macinfo->invert = 1; diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c index 811cc77e..1143ba98 100644 --- a/extensions/libxt_mark.c +++ b/extensions/libxt_mark.c @@ -29,19 +29,19 @@ static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_mark_mtinfo1 *info = (void *)(*match)->data; - unsigned int mark, mask = ~0U; + unsigned int mark, mask = UINT32_MAX; char *end; switch (c) { case '1': /* --mark */ - param_act(P_ONLY_ONCE, "mark", "--mark", *flags & F_MARK); - if (!strtonum(optarg, &end, &mark, 0, ~0U)) - param_act(P_BAD_VALUE, "mark", "--mark", optarg); + xtables_param_act(XTF_ONLY_ONCE, "mark", "--mark", *flags & F_MARK); + if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) - param_act(P_BAD_VALUE, "mark", "--mark", optarg); + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) + xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "mark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg); if (invert) info->invert = true; @@ -62,7 +62,7 @@ mark_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); if (*end == '/') { markinfo->mask = strtoul(end+1, &end, 0); diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c index dae6e335..d0e830df 100644 --- a/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c @@ -81,7 +81,7 @@ parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto) { next=strchr(cp, ','); if (next) *next++='\0'; - ports[i] = parse_port(cp, proto); + ports[i] = xtables_parse_port(cp, proto); } if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified"); free(buffer); @@ -113,10 +113,10 @@ parse_multi_ports_v1(const char *portstring, "too many ports specified"); *range++ = '\0'; } - multiinfo->ports[i] = parse_port(cp, proto); + multiinfo->ports[i] = xtables_parse_port(cp, proto); if (range) { multiinfo->pflags[i] = 1; - multiinfo->ports[++i] = parse_port(range, proto); + multiinfo->ports[++i] = xtables_parse_port(range, proto); if (multiinfo->ports[i-1] >= multiinfo->ports[i]) exit_error(PARAMETER_PROBLEM, "invalid portrange specified"); @@ -161,7 +161,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); @@ -169,7 +169,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); @@ -177,7 +177,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); @@ -228,21 +228,21 @@ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = XT_MULTIPORT_SOURCE; break; case '2': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = XT_MULTIPORT_DESTINATION; break; case '3': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = XT_MULTIPORT_EITHER; diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index 4cd173e3..bf26f35c 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -19,6 +19,11 @@ #include <linux/netfilter_ipv4/ipt_owner.h> #include <linux/netfilter_ipv6/ip6t_owner.h> +/* + * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved + * UID/GID value anyway. + */ + enum { FLAG_UID_OWNER = 1 << 0, FLAG_GID_OWNER = 1 << 1, @@ -107,11 +112,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0)) - param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; info->match |= IPT_OWNER_UID; @@ -120,11 +125,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0)) - param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; info->match |= IPT_OWNER_GID; @@ -133,9 +138,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'p': - param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IPT_OWNER_PID; info->match |= IPT_OWNER_PID; @@ -144,9 +149,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 's': - param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--sid-value", optarg); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-value", optarg); if (invert) info->invert |= IPT_OWNER_SID; info->match |= IPT_OWNER_SID; @@ -156,7 +161,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, #ifdef IPT_OWNER_COMM case 'c': - param_act(P_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM); if (strlen(optarg) > sizeof(info->comm)) exit_error(PARAMETER_PROBLEM, "owner match: command " "\"%s\" too long, max. %zu characters", @@ -186,12 +191,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0)) - param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; info->match |= IP6T_OWNER_UID; @@ -200,12 +205,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0)) - param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; info->match |= IP6T_OWNER_GID; @@ -214,10 +219,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'p': - param_act(P_ONLY_ONCE, "owner", "--pid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_PID; info->match |= IP6T_OWNER_PID; @@ -226,10 +231,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 's': - param_act(P_ONLY_ONCE, "owner", "--sid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg); + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) + xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_SID; info->match |= IP6T_OWNER_SID; @@ -245,15 +250,15 @@ static void owner_parse_range(const char *s, unsigned int *from, { char *end; - /* 4294967295 is reserved, so subtract one from ~0 */ - if (!strtonum(s, &end, from, 0, (~(uid_t)0) - 1)) - param_act(P_BAD_VALUE, "owner", opt, s); + /* -1 is reversed, so the max is one less than that. */ + if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') - if (!strtonum(end + 1, &end, to, 0, (~(uid_t)0) - 1)) - param_act(P_BAD_VALUE, "owner", opt, s); + if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); if (*end != '\0') - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); } static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, @@ -266,7 +271,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) from = to = pwd->pw_uid; @@ -281,7 +286,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) from = to = grp->gr_gid; @@ -296,7 +301,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, return true; case 'k': - param_act(P_ONLY_ONCE, "owner", "--socket-exists", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--socket-exists", *flags & FLAG_SOCKET_EXISTS); if (invert) info->invert |= XT_OWNER_SOCKET; diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c index 0572aba9..4275a1a4 100644 --- a/extensions/libxt_physdev.c +++ b/extensions/libxt_physdev.c @@ -43,8 +43,8 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '1': if (*flags & XT_PHYSDEV_OP_IN) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); - parse_interface(argv[optind-1], info->physindev, + xtables_check_inverse(optarg, &invert, &optind, 0); + xtables_parse_interface(argv[optind-1], info->physindev, (unsigned char *)info->in_mask); if (invert) info->invert |= XT_PHYSDEV_OP_IN; @@ -55,8 +55,8 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '2': if (*flags & XT_PHYSDEV_OP_OUT) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); - parse_interface(argv[optind-1], info->physoutdev, + xtables_check_inverse(optarg, &invert, &optind, 0); + xtables_parse_interface(argv[optind-1], info->physoutdev, (unsigned char *)info->out_mask); if (invert) info->invert |= XT_PHYSDEV_OP_OUT; @@ -67,7 +67,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '3': if (*flags & XT_PHYSDEV_OP_ISIN) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->bitmask |= XT_PHYSDEV_OP_ISIN; if (invert) info->invert |= XT_PHYSDEV_OP_ISIN; @@ -77,7 +77,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '4': if (*flags & XT_PHYSDEV_OP_ISOUT) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->bitmask |= XT_PHYSDEV_OP_ISOUT; if (invert) info->invert |= XT_PHYSDEV_OP_ISOUT; @@ -87,7 +87,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '5': if (*flags & XT_PHYSDEV_OP_BRIDGED) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->invert |= XT_PHYSDEV_OP_BRIDGED; *flags |= XT_PHYSDEV_OP_BRIDGED; diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c index ab2e2259..8caba91e 100644 --- a/extensions/libxt_pkttype.c +++ b/extensions/libxt_pkttype.c @@ -91,7 +91,7 @@ static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_pkttype(argv[optind-1], info); if(invert) info->invert=1; diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c index 5007f7cb..8c91fb8e 100644 --- a/extensions/libxt_quota.c +++ b/extensions/libxt_quota.c @@ -46,7 +46,7 @@ parse_quota(const char *s, u_int64_t * quota) printf("Quota: %llu\n", *quota); #endif - if (*quota == (u_int64_t)-1) + if (*quota == UINT64_MAX) exit_error(PARAMETER_PROBLEM, "quota invalid: '%s'\n", s); else return 1; @@ -60,7 +60,7 @@ quota_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'"); if (!parse_quota(optarg, &info->quota)) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c index 333239d9..8a8836bf 100644 --- a/extensions/libxt_rateest.c +++ b/extensions/libxt_rateest.c @@ -112,12 +112,13 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_rateest_match_info *info = (void *)(*match)->data; + unsigned int val; rateest_info = info; switch (c) { case OPT_RATEEST1: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest can't be inverted"); @@ -131,7 +132,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST2: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest can't be inverted"); @@ -146,7 +147,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_BPS1: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-bps can't be inverted"); @@ -170,7 +171,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_PPS1: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-pps can't be inverted"); @@ -186,15 +187,16 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, if (!argv[optind] || *argv[optind] == '-' || *argv[optind] == '!') break; - if (string_to_number(argv[optind], 0, 0, &info->pps1) < 0) + if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "rateest: could not parse pps `%s'", argv[optind]); + info->pps1 = val; optind++; break; case OPT_RATEEST_BPS2: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-bps can't be inverted"); @@ -218,7 +220,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_PPS2: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-pps can't be inverted"); @@ -234,15 +236,16 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, if (!argv[optind] || *argv[optind] == '-' || *argv[optind] == '!') break; - if (string_to_number(argv[optind], 0, 0, &info->pps2) < 0) + if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "rateest: could not parse pps `%s'", argv[optind]); + info->pps2 = val; optind++; break; case OPT_RATEEST_DELTA: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-delta can't be inverted"); @@ -256,7 +259,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_EQ: - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (*flags & (1 << c)) exit_error(PARAMETER_PROBLEM, @@ -269,7 +272,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_LT: - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (*flags & (1 << c)) exit_error(PARAMETER_PROBLEM, @@ -282,7 +285,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_GT: - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (*flags & (1 << c)) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c index 1ae90133..1646705f 100644 --- a/extensions/libxt_recent.c +++ b/extensions/libxt_recent.c @@ -73,7 +73,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_SET; if (invert) info->invert = 1; *flags |= XT_RECENT_SET; @@ -84,7 +84,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_CHECK; if(invert) info->invert = 1; *flags |= XT_RECENT_CHECK; @@ -95,7 +95,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_UPDATE; if (invert) info->invert = 1; *flags |= XT_RECENT_UPDATE; @@ -106,7 +106,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_REMOVE; if (invert) info->invert = 1; *flags |= XT_RECENT_REMOVE; diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c index 37a6423e..2ee48610 100644 --- a/extensions/libxt_sctp.c +++ b/extensions/libxt_sctp.c @@ -85,14 +85,14 @@ parse_sctp_ports(const char *portstring, buffer = strdup(portstring); DEBUGP("%s\n", portstring); if ((cp = strchr(buffer, ':')) == NULL) { - ports[0] = ports[1] = parse_port(buffer, "sctp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "sctp"); } else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "sctp") : 0; - ports[1] = cp[0] ? parse_port(cp, "sctp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "sctp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "sctp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, @@ -270,7 +270,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); einfo->flags |= XT_SCTP_SRC_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_sctp_ports(argv[optind-1], einfo->spts); if (invert) einfo->invflags |= XT_SCTP_SRC_PORTS; @@ -282,7 +282,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); einfo->flags |= XT_SCTP_DEST_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_sctp_ports(argv[optind-1], einfo->dpts); if (invert) einfo->invflags |= XT_SCTP_DEST_PORTS; @@ -293,7 +293,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & XT_SCTP_CHUNK_TYPES) exit_error(PARAMETER_PROBLEM, "Only one `--chunk-types' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (!argv[optind] || argv[optind][0] == '-' || argv[optind][0] == '!') diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c index 66af518a..51822303 100644 --- a/extensions/libxt_state.c +++ b/extensions/libxt_state.c @@ -71,7 +71,7 @@ state_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); state_parse_states(argv[optind-1], sinfo); if (invert) diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c index d85aacbd..574f8f7d 100644 --- a/extensions/libxt_statistic.c +++ b/extensions/libxt_statistic.c @@ -40,6 +40,7 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_statistic_info *info = (void *)(*match)->data; + unsigned int val; double prob; if (invert) @@ -70,10 +71,10 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '3': if (*flags & 0x4) exit_error(PARAMETER_PROBLEM, "double --every"); - if (string_to_number(optarg, 0, 0xFFFFFFFF, - &info->u.nth.every) == -1) + if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "cannot parse --every `%s'", optarg); + info->u.nth.every = val; if (info->u.nth.every == 0) exit_error(PARAMETER_PROBLEM, "--every cannot be 0"); info->u.nth.every--; @@ -82,10 +83,10 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '4': if (*flags & 0x8) exit_error(PARAMETER_PROBLEM, "double --packet"); - if (string_to_number(optarg, 0, 0xFFFFFFFF, - &info->u.nth.packet) == -1) + if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "cannot parse --packet `%s'", optarg); + info->u.nth.packet = val; *flags |= 0x8; break; default: diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c index b440fc92..6bd27c0b 100644 --- a/extensions/libxt_string.c +++ b/extensions/libxt_string.c @@ -57,7 +57,7 @@ static void string_init(struct xt_entry_match *m) struct xt_string_info *i = (struct xt_string_info *) m->data; if (i->to_offset == 0) - i->to_offset = (u_int16_t) ~0UL; + i->to_offset = UINT16_MAX; } static void @@ -199,7 +199,7 @@ string_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & STRING) exit_error(PARAMETER_PROBLEM, "Can't specify multiple --string"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_string(argv[optind-1], stringinfo); if (invert) { if (revision == 0) @@ -216,7 +216,7 @@ string_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify multiple --hex-string"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_hex_string(argv[optind-1], stringinfo); /* sets length */ if (invert) { if (revision == 0) diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index 14d8c186..069bb7fa 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -44,13 +44,13 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports) buffer = strdup(portstring); if ((cp = strchr(buffer, ':')) == NULL) - ports[0] = ports[1] = parse_port(buffer, "tcp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "tcp"); else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "tcp") : 0; - ports[1] = cp[0] ? parse_port(cp, "tcp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "tcp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "tcp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, @@ -121,10 +121,10 @@ parse_tcp_option(const char *option, u_int8_t *result) { unsigned int ret; - if (string_to_number(option, 1, 255, &ret) == -1) + if (!xtables_strtoui(option, NULL, &ret, 1, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Bad TCP option `%s'", option); - *result = (u_int8_t)ret; + *result = ret; } static void tcp_init(struct xt_entry_match *m) @@ -150,7 +150,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->spts); if (invert) tcpinfo->invflags |= XT_TCP_INV_SRCPT; @@ -161,7 +161,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->dpts); if (invert) tcpinfo->invflags |= XT_TCP_INV_DSTPT; @@ -182,7 +182,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one of `--syn' or `--tcp-flags' " " allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (!argv[optind] || argv[optind][0] == '-' || argv[optind][0] == '!') @@ -199,7 +199,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_OPTION) exit_error(PARAMETER_PROBLEM, "Only one `--tcp-option' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_option(argv[optind-1], &tcpinfo->option); if (invert) tcpinfo->invflags |= XT_TCP_INV_OPTION; diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index 000d85a6..5c013a77 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -26,8 +26,8 @@ parse_tcp_mssvalue(const char *mssvalue) { unsigned int mssvaluenum; - if (string_to_number(mssvalue, 0, 65535, &mssvaluenum) != -1) - return (u_int16_t)mssvaluenum; + if (!xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX)) + return mssvaluenum; exit_error(PARAMETER_PROBLEM, "Invalid mss `%s' specified", mssvalue); @@ -65,7 +65,7 @@ tcpmss_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "Only one `--mss' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_mssvalues(argv[optind-1], &mssinfo->mss_min, &mssinfo->mss_max); if (invert) diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c index 989806de..41aa5c77 100644 --- a/extensions/libxt_time.c +++ b/extensions/libxt_time.c @@ -22,7 +22,6 @@ #include <linux/netfilter/xt_time.h> #include <xtables.h> -#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*x)) enum { /* getopt "seen" bits */ F_DATE_START = 1 << 0, diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c index 9f8d6fa3..a6118400 100644 --- a/extensions/libxt_tos.c +++ b/extensions/libxt_tos.c @@ -50,9 +50,9 @@ static int tos_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 't': - param_act(P_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); + xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); if (!tos_parse_symbolic(optarg, &tvm, 0xFF)) - param_act(P_BAD_VALUE, "tos", "--tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg); if (tvm.mask != 0xFF) exit_error(PARAMETER_PROBLEM, "tos: Your kernel is " "too old to support anything besides /0xFF " @@ -74,9 +74,9 @@ static int tos_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 't': - param_act(P_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); + xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); if (!tos_parse_symbolic(optarg, &tvm, 0x3F)) - param_act(P_BAD_VALUE, "tos", "--tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg); info->tos_value = tvm.value; info->tos_mask = tvm.mask; if (invert) diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c index 256d15fc..f0bb61a3 100644 --- a/extensions/libxt_u32.c +++ b/extensions/libxt_u32.c @@ -254,7 +254,6 @@ static void u32_print(const void *ip, const struct xt_entry_match *match, if (data->invert) printf("! "); u32_dump(data); - return; } static void u32_save(const void *ip, const struct xt_entry_match *match) @@ -264,7 +263,6 @@ static void u32_save(const void *ip, const struct xt_entry_match *match) printf("! "); printf("--u32 "); u32_dump(data); - return; } static struct xtables_match u32_match = { diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c index f64fd1cf..8f57f4ec 100644 --- a/extensions/libxt_udp.c +++ b/extensions/libxt_udp.c @@ -36,13 +36,13 @@ parse_udp_ports(const char *portstring, u_int16_t *ports) buffer = strdup(portstring); if ((cp = strchr(buffer, ':')) == NULL) - ports[0] = ports[1] = parse_port(buffer, "udp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "udp"); else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "udp") : 0; - ports[1] = cp[0] ? parse_port(cp, "udp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "udp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, @@ -72,7 +72,7 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->spts); if (invert) udpinfo->invflags |= XT_UDP_INV_SRCPT; @@ -83,7 +83,7 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->dpts); if (invert) udpinfo->invflags |= XT_UDP_INV_DSTPT; diff --git a/extensions/tos_values.c b/extensions/tos_values.c index 0ab784da..81f6de1c 100644 --- a/extensions/tos_values.c +++ b/extensions/tos_values.c @@ -34,14 +34,14 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm, unsigned int value; char *end; - strtonum(str, &end, &value, 0, max); + xtables_strtoui(str, &end, &value, 0, max); tvm->value = value; tvm->mask = max; if (*end == '/') { const char *p = end + 1; - if (!strtonum(p, &end, &value, 0, max)) + if (!xtables_strtoui(p, &end, &value, 0, max)) exit_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str); tvm->mask = value; @@ -55,11 +55,11 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm, static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm, unsigned int def_mask) { - const unsigned int max = 255; + const unsigned int max = UINT8_MAX; const struct tos_symbol_info *symbol; char *tmp; - if (strtonum(str, &tmp, NULL, 0, max)) + if (xtables_strtoui(str, &tmp, NULL, 0, max)) return tos_parse_numeric(str, tvm, max); /* Do not consider ECN bits */ |