diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libxt_LED.c | 7 | ||||
-rw-r--r-- | extensions/libxt_SET.man | 12 | ||||
-rw-r--r-- | extensions/libxt_devgroup.c | 72 | ||||
-rw-r--r-- | extensions/libxt_hashlimit.c | 17 | ||||
-rw-r--r-- | extensions/libxt_limit.c | 17 | ||||
-rw-r--r-- | extensions/libxt_u32.c | 12 |
6 files changed, 71 insertions, 66 deletions
diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c index 9d68fa27..e6cf8497 100644 --- a/extensions/libxt_LED.c +++ b/extensions/libxt_LED.c @@ -49,6 +49,7 @@ static void LED_help(void) static void LED_parse(struct xt_option_call *cb) { struct xt_led_info *led = cb->data; + unsigned int delay; xtables_option_parse(cb); switch (cb->entry->id) { @@ -59,8 +60,10 @@ static void LED_parse(struct xt_option_call *cb) case O_LED_DELAY: if (strncasecmp(cb->arg, "inf", 3) == 0) led->delay = -1; - else - led->delay = strtoul(cb->arg, NULL, 0); + else if (!xtables_strtoui(cb->arg, NULL, &delay, 0, UINT32_MAX)) + xtables_error(PARAMETER_PROBLEM, + "Delay value must be within range 0..%u", + UINT32_MAX); break; case O_LED_ALWAYS_BLINK: led->always_blink = 1; diff --git a/extensions/libxt_SET.man b/extensions/libxt_SET.man index 63eb3831..c35ba93d 100644 --- a/extensions/libxt_SET.man +++ b/extensions/libxt_SET.man @@ -1,24 +1,24 @@ -This modules adds and/or deletes entries from IP sets which can be defined +This module adds and/or deletes entries from IP sets which can be defined by ipset(8). .TP \fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] -add the address(es)/port(s) of the packet to the sets +add the address(es)/port(s) of the packet to the set .TP \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] -delete the address(es)/port(s) of the packet from the sets +delete the address(es)/port(s) of the packet from the set .IP -where flags are +where \fIflag\fP(s) are .BR "src" and/or .BR "dst" specifications and there can be no more than six of them. .TP \fB\-\-timeout\fP \fIvalue\fP -when adding entry, the timeout value to use instead of the default +when adding an entry, the timeout value to use instead of the default one from the set definition .TP \fB\-\-exist\fP -when adding entry if it already exists, reset the timeout value +when adding an entry if it already exists, reset the timeout value to the specified one or to the default from the set definition .PP Use of -j SET requires that ipset kernel support is provided, which, for diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c index 4487c833..4a69c822 100644 --- a/extensions/libxt_devgroup.c +++ b/extensions/libxt_devgroup.c @@ -42,58 +42,50 @@ static void devgroup_init(struct xt_entry_match *match) fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno)); } +static void devgroup_parse_groupspec(const char *arg, unsigned int *group, + unsigned int *mask) +{ + char *end; + bool ok; + + ok = xtables_strtoui(arg, &end, group, 0, UINT32_MAX); + if (ok && (*end == '/' || *end == '\0')) { + if (*end == '/') + ok = xtables_strtoui(end + 1, NULL, mask, + 0, UINT32_MAX); + else + *mask = ~0U; + if (!ok) + xtables_error(PARAMETER_PROBLEM, + "Bad group value \"%s\"", arg); + } else { + *group = xtables_lmap_name2id(devgroups, arg); + if (*group == -1) + xtables_error(PARAMETER_PROBLEM, + "Device group \"%s\" not found", arg); + *mask = ~0U; + } +} + static void devgroup_parse(struct xt_option_call *cb) { struct xt_devgroup_info *info = cb->data; - unsigned int id; - char *end; + unsigned int id, mask; xtables_option_parse(cb); switch (cb->entry->id) { case O_SRC_GROUP: - info->src_group = strtoul(cb->arg, &end, 0); - if (end != cb->arg && (*end == '/' || *end == '\0')) { - if (*end == '/') - info->src_mask = strtoul(end+1, &end, 0); - else - info->src_mask = 0xffffffff; - if (*end != '\0' || end == cb->arg) - xtables_error(PARAMETER_PROBLEM, - "Bad src-group value `%s'", - cb->arg); - } else { - id = xtables_lmap_name2id(devgroups, cb->arg); - if (id == -1) - xtables_error(PARAMETER_PROBLEM, - "Device group `%s' not found", - cb->arg); - info->src_group = id; - info->src_mask = 0xffffffff; - } + devgroup_parse_groupspec(cb->arg, &id, &mask); + info->src_group = id; + info->src_mask = mask; info->flags |= XT_DEVGROUP_MATCH_SRC; if (cb->invert) info->flags |= XT_DEVGROUP_INVERT_SRC; break; case O_DST_GROUP: - info->dst_group = strtoul(cb->arg, &end, 0); - if (end != cb->arg && (*end == '/' || *end == '\0')) { - if (*end == '/') - info->dst_mask = strtoul(end+1, &end, 0); - else - info->dst_mask = 0xffffffff; - if (*end != '\0' || end == cb->arg) - xtables_error(PARAMETER_PROBLEM, - "Bad dst-group value `%s'", - cb->arg); - } else { - id = xtables_lmap_name2id(devgroups, cb->arg); - if (id == -1) - xtables_error(PARAMETER_PROBLEM, - "Device group `%s' not found", - cb->arg); - info->dst_group = id; - info->dst_mask = 0xffffffff; - } + devgroup_parse_groupspec(cb->arg, &id, &mask); + info->dst_group = id; + info->dst_mask = mask; info->flags |= XT_DEVGROUP_MATCH_DST; if (cb->invert) info->flags |= XT_DEVGROUP_INVERT_DST; diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 37a31489..831345b7 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -10,6 +10,7 @@ * * Error corections by nmalykh@bilim.com (22.01.2005) */ +#include <math.h> #include <stdbool.h> #include <stdint.h> #include <stdio.h> @@ -250,12 +251,13 @@ int parse_rate(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud) if (!r) return 0; - /* This would get mapped to infinite (1/day is minimum they - can specify, so we're ok at that end). */ - if (r / ud->mult > XT_HASHLIMIT_SCALE) - xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); - *val = XT_HASHLIMIT_SCALE * ud->mult / r; + if (*val == 0) + /* + * The rate maps to infinity. (1/day is the minimum they can + * specify, so we are ok at that end). + */ + xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); return 1; } @@ -434,6 +436,11 @@ static uint32_t print_rate(uint32_t period) { unsigned int i; + if (period == 0) { + printf(" %f", INFINITY); + return 0; + } + for (i = 1; i < ARRAY_SIZE(rates); ++i) if (period > rates[i].mult || rates[i].mult/period < rates[i].mult%period) diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c index b15b02f2..023500cf 100644 --- a/extensions/libxt_limit.c +++ b/extensions/libxt_limit.c @@ -3,6 +3,7 @@ * Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr> * Hervé Eychenne <rv@wallfire.org> */ +#include <math.h> #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -64,12 +65,13 @@ int parse_rate(const char *rate, uint32_t *val) if (!r) return 0; - /* This would get mapped to infinite (1/day is minimum they - can specify, so we're ok at that end). */ - if (r / mult > XT_LIMIT_SCALE) - xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); - *val = XT_LIMIT_SCALE * mult / r; + if (*val == 0) + /* + * The rate maps to infinity. (1/day is the minimum they can + * specify, so we are ok at that end). + */ + xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); return 1; } @@ -118,6 +120,11 @@ static void print_rate(uint32_t period) { unsigned int i; + if (period == 0) { + printf(" %f", INFINITY); + return; + } + for (i = 1; i < ARRAY_SIZE(rates); ++i) if (period > rates[i].mult || rates[i].mult/period < rates[i].mult%period) diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c index 6d024fb6..2a7f5d80 100644 --- a/extensions/libxt_u32.c +++ b/extensions/libxt_u32.c @@ -88,17 +88,13 @@ static void u32_dump(const struct xt_u32 *data) /* string_to_number() is not quite what we need here ... */ static uint32_t parse_number(const char **s, int pos) { - uint32_t number; + unsigned int number; char *end; - errno = 0; - number = strtoul(*s, &end, 0); - if (end == *s) + if (!xtables_strtoui(*s, &end, &number, 0, UINT32_MAX) || + end == *s) xtables_error(PARAMETER_PROBLEM, - "u32: at char %d: expected number", pos); - if (errno != 0) - xtables_error(PARAMETER_PROBLEM, - "u32: at char %d: error reading number", pos); + "u32: at char %d: not a number or out of range", pos); *s = end; return number; } |