summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_LED.c7
-rw-r--r--extensions/libxt_SET.man12
-rw-r--r--extensions/libxt_devgroup.c72
-rw-r--r--extensions/libxt_hashlimit.c17
-rw-r--r--extensions/libxt_limit.c17
-rw-r--r--extensions/libxt_u32.c12
6 files changed, 71 insertions, 66 deletions
diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c
index 9d68fa27..e6cf8497 100644
--- a/extensions/libxt_LED.c
+++ b/extensions/libxt_LED.c
@@ -49,6 +49,7 @@ static void LED_help(void)
static void LED_parse(struct xt_option_call *cb)
{
struct xt_led_info *led = cb->data;
+ unsigned int delay;
xtables_option_parse(cb);
switch (cb->entry->id) {
@@ -59,8 +60,10 @@ static void LED_parse(struct xt_option_call *cb)
case O_LED_DELAY:
if (strncasecmp(cb->arg, "inf", 3) == 0)
led->delay = -1;
- else
- led->delay = strtoul(cb->arg, NULL, 0);
+ else if (!xtables_strtoui(cb->arg, NULL, &delay, 0, UINT32_MAX))
+ xtables_error(PARAMETER_PROBLEM,
+ "Delay value must be within range 0..%u",
+ UINT32_MAX);
break;
case O_LED_ALWAYS_BLINK:
led->always_blink = 1;
diff --git a/extensions/libxt_SET.man b/extensions/libxt_SET.man
index 63eb3831..c35ba93d 100644
--- a/extensions/libxt_SET.man
+++ b/extensions/libxt_SET.man
@@ -1,24 +1,24 @@
-This modules adds and/or deletes entries from IP sets which can be defined
+This module adds and/or deletes entries from IP sets which can be defined
by ipset(8).
.TP
\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
-add the address(es)/port(s) of the packet to the sets
+add the address(es)/port(s) of the packet to the set
.TP
\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
-delete the address(es)/port(s) of the packet from the sets
+delete the address(es)/port(s) of the packet from the set
.IP
-where flags are
+where \fIflag\fP(s) are
.BR "src"
and/or
.BR "dst"
specifications and there can be no more than six of them.
.TP
\fB\-\-timeout\fP \fIvalue\fP
-when adding entry, the timeout value to use instead of the default
+when adding an entry, the timeout value to use instead of the default
one from the set definition
.TP
\fB\-\-exist\fP
-when adding entry if it already exists, reset the timeout value
+when adding an entry if it already exists, reset the timeout value
to the specified one or to the default from the set definition
.PP
Use of -j SET requires that ipset kernel support is provided, which, for
diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c
index 4487c833..4a69c822 100644
--- a/extensions/libxt_devgroup.c
+++ b/extensions/libxt_devgroup.c
@@ -42,58 +42,50 @@ static void devgroup_init(struct xt_entry_match *match)
fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno));
}
+static void devgroup_parse_groupspec(const char *arg, unsigned int *group,
+ unsigned int *mask)
+{
+ char *end;
+ bool ok;
+
+ ok = xtables_strtoui(arg, &end, group, 0, UINT32_MAX);
+ if (ok && (*end == '/' || *end == '\0')) {
+ if (*end == '/')
+ ok = xtables_strtoui(end + 1, NULL, mask,
+ 0, UINT32_MAX);
+ else
+ *mask = ~0U;
+ if (!ok)
+ xtables_error(PARAMETER_PROBLEM,
+ "Bad group value \"%s\"", arg);
+ } else {
+ *group = xtables_lmap_name2id(devgroups, arg);
+ if (*group == -1)
+ xtables_error(PARAMETER_PROBLEM,
+ "Device group \"%s\" not found", arg);
+ *mask = ~0U;
+ }
+}
+
static void devgroup_parse(struct xt_option_call *cb)
{
struct xt_devgroup_info *info = cb->data;
- unsigned int id;
- char *end;
+ unsigned int id, mask;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_SRC_GROUP:
- info->src_group = strtoul(cb->arg, &end, 0);
- if (end != cb->arg && (*end == '/' || *end == '\0')) {
- if (*end == '/')
- info->src_mask = strtoul(end+1, &end, 0);
- else
- info->src_mask = 0xffffffff;
- if (*end != '\0' || end == cb->arg)
- xtables_error(PARAMETER_PROBLEM,
- "Bad src-group value `%s'",
- cb->arg);
- } else {
- id = xtables_lmap_name2id(devgroups, cb->arg);
- if (id == -1)
- xtables_error(PARAMETER_PROBLEM,
- "Device group `%s' not found",
- cb->arg);
- info->src_group = id;
- info->src_mask = 0xffffffff;
- }
+ devgroup_parse_groupspec(cb->arg, &id, &mask);
+ info->src_group = id;
+ info->src_mask = mask;
info->flags |= XT_DEVGROUP_MATCH_SRC;
if (cb->invert)
info->flags |= XT_DEVGROUP_INVERT_SRC;
break;
case O_DST_GROUP:
- info->dst_group = strtoul(cb->arg, &end, 0);
- if (end != cb->arg && (*end == '/' || *end == '\0')) {
- if (*end == '/')
- info->dst_mask = strtoul(end+1, &end, 0);
- else
- info->dst_mask = 0xffffffff;
- if (*end != '\0' || end == cb->arg)
- xtables_error(PARAMETER_PROBLEM,
- "Bad dst-group value `%s'",
- cb->arg);
- } else {
- id = xtables_lmap_name2id(devgroups, cb->arg);
- if (id == -1)
- xtables_error(PARAMETER_PROBLEM,
- "Device group `%s' not found",
- cb->arg);
- info->dst_group = id;
- info->dst_mask = 0xffffffff;
- }
+ devgroup_parse_groupspec(cb->arg, &id, &mask);
+ info->dst_group = id;
+ info->dst_mask = mask;
info->flags |= XT_DEVGROUP_MATCH_DST;
if (cb->invert)
info->flags |= XT_DEVGROUP_INVERT_DST;
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 37a31489..831345b7 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -10,6 +10,7 @@
*
* Error corections by nmalykh@bilim.com (22.01.2005)
*/
+#include <math.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
@@ -250,12 +251,13 @@ int parse_rate(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud)
if (!r)
return 0;
- /* This would get mapped to infinite (1/day is minimum they
- can specify, so we're ok at that end). */
- if (r / ud->mult > XT_HASHLIMIT_SCALE)
- xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
-
*val = XT_HASHLIMIT_SCALE * ud->mult / r;
+ if (*val == 0)
+ /*
+ * The rate maps to infinity. (1/day is the minimum they can
+ * specify, so we are ok at that end).
+ */
+ xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
return 1;
}
@@ -434,6 +436,11 @@ static uint32_t print_rate(uint32_t period)
{
unsigned int i;
+ if (period == 0) {
+ printf(" %f", INFINITY);
+ return 0;
+ }
+
for (i = 1; i < ARRAY_SIZE(rates); ++i)
if (period > rates[i].mult
|| rates[i].mult/period < rates[i].mult%period)
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index b15b02f2..023500cf 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -3,6 +3,7 @@
* Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
* Hervé Eychenne <rv@wallfire.org>
*/
+#include <math.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -64,12 +65,13 @@ int parse_rate(const char *rate, uint32_t *val)
if (!r)
return 0;
- /* This would get mapped to infinite (1/day is minimum they
- can specify, so we're ok at that end). */
- if (r / mult > XT_LIMIT_SCALE)
- xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
-
*val = XT_LIMIT_SCALE * mult / r;
+ if (*val == 0)
+ /*
+ * The rate maps to infinity. (1/day is the minimum they can
+ * specify, so we are ok at that end).
+ */
+ xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
return 1;
}
@@ -118,6 +120,11 @@ static void print_rate(uint32_t period)
{
unsigned int i;
+ if (period == 0) {
+ printf(" %f", INFINITY);
+ return;
+ }
+
for (i = 1; i < ARRAY_SIZE(rates); ++i)
if (period > rates[i].mult
|| rates[i].mult/period < rates[i].mult%period)
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 6d024fb6..2a7f5d80 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -88,17 +88,13 @@ static void u32_dump(const struct xt_u32 *data)
/* string_to_number() is not quite what we need here ... */
static uint32_t parse_number(const char **s, int pos)
{
- uint32_t number;
+ unsigned int number;
char *end;
- errno = 0;
- number = strtoul(*s, &end, 0);
- if (end == *s)
+ if (!xtables_strtoui(*s, &end, &number, 0, UINT32_MAX) ||
+ end == *s)
xtables_error(PARAMETER_PROBLEM,
- "u32: at char %d: expected number", pos);
- if (errno != 0)
- xtables_error(PARAMETER_PROBLEM,
- "u32: at char %d: error reading number", pos);
+ "u32: at char %d: not a number or out of range", pos);
*s = end;
return number;
}