summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_string.c138
1 files changed, 47 insertions, 91 deletions
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 1030d2e3..eef0b081 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -20,18 +20,25 @@
* updated to work with slightly modified
* ipt_string_info.
*/
-#define _GNU_SOURCE 1
-#include <stdbool.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <ctype.h>
#include <xtables.h>
-#include <stddef.h>
#include <linux/netfilter/xt_string.h>
+enum {
+ O_FROM = 0,
+ O_TO,
+ O_ALGO,
+ O_ICASE,
+ O_STRING,
+ O_HEX_STRING,
+ F_STRING = 1 << O_STRING,
+ F_HEX_STRING = 1 << O_HEX_STRING,
+ F_OP_ANY = F_STRING | F_HEX_STRING,
+};
+
static void string_help(void)
{
printf(
@@ -44,15 +51,22 @@ static void string_help(void)
"[!] --hex-string string Match a hex string in a packet\n");
}
-static const struct option string_opts[] = {
- {.name = "from", .has_arg = true, .val = '1'},
- {.name = "to", .has_arg = true, .val = '2'},
- {.name = "algo", .has_arg = true, .val = '3'},
- {.name = "string", .has_arg = true, .val = '4'},
- {.name = "hex-string", .has_arg = true, .val = '5'},
- {.name = "icase", .has_arg = false, .val = '6'},
- XT_GETOPT_TABLEEND,
+#define s struct xt_string_info
+static const struct xt_option_entry string_opts[] = {
+ {.name = "from", .id = O_FROM, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, from_offset)},
+ {.name = "to", .id = O_TO, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, to_offset)},
+ {.name = "algo", .id = O_ALGO, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, algo)},
+ {.name = "string", .id = O_STRING, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT, .excl = F_HEX_STRING},
+ {.name = "hex-string", .id = O_HEX_STRING, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT, .excl = F_STRING},
+ {.name = "icase", .id = O_ICASE, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
static void string_init(struct xt_entry_match *m)
{
@@ -74,17 +88,6 @@ parse_string(const char *s, struct xt_string_info *info)
}
static void
-parse_algo(const char *s, struct xt_string_info *info)
-{
- /* xt_string needs \0 for algo name */
- if (strlen(s) < XT_STRING_MAX_ALGO_NAME_SIZE) {
- strncpy(info->algo, s, XT_STRING_MAX_ALGO_NAME_SIZE);
- return;
- }
- xtables_error(PARAMETER_PROBLEM, "ALGO too long \"%s\"", s);
-}
-
-static void
parse_hex_string(const char *s, struct xt_string_info *info)
{
int i=0, slen, sindex=0, schar;
@@ -162,94 +165,47 @@ parse_hex_string(const char *s, struct xt_string_info *info)
info->patlen = sindex;
}
-#define STRING 0x1
-#define ALGO 0x2
-#define FROM 0x4
-#define TO 0x8
-#define ICASE 0x10
-
-static int
-string_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void string_parse(struct xt_option_call *cb)
{
- struct xt_string_info *stringinfo =
- (struct xt_string_info *)(*match)->data;
- const int revision = (*match)->u.user.revision;
+ struct xt_string_info *stringinfo = cb->data;
+ const unsigned int revision = (*cb->match)->u.user.revision;
- switch (c) {
- case '1':
- if (*flags & FROM)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --from");
- stringinfo->from_offset = atoi(optarg);
- *flags |= FROM;
- break;
- case '2':
- if (*flags & TO)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --to");
- stringinfo->to_offset = atoi(optarg);
- *flags |= TO;
- break;
- case '3':
- if (*flags & ALGO)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --algo");
- parse_algo(optarg, stringinfo);
- *flags |= ALGO;
- break;
- case '4':
- if (*flags & STRING)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --string");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_string(optarg, stringinfo);
- if (invert) {
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_STRING:
+ parse_string(cb->arg, stringinfo);
+ if (cb->invert) {
if (revision == 0)
stringinfo->u.v0.invert = 1;
else
stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
}
- *flags |= STRING;
break;
-
- case '5':
- if (*flags & STRING)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --hex-string");
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_hex_string(optarg, stringinfo); /* sets length */
- if (invert) {
+ case O_HEX_STRING:
+ parse_hex_string(cb->arg, stringinfo); /* sets length */
+ if (cb->invert) {
if (revision == 0)
stringinfo->u.v0.invert = 1;
else
stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
}
- *flags |= STRING;
break;
-
- case '6':
+ case O_ICASE:
if (revision == 0)
xtables_error(VERSION_PROBLEM,
"Kernel doesn't support --icase");
stringinfo->u.v1.flags |= XT_STRING_FLAG_IGNORECASE;
- *flags |= ICASE;
break;
}
- return 1;
}
-static void string_check(unsigned int flags)
+static void string_check(struct xt_fcheck_call *cb)
{
- if (!(flags & STRING))
+ if (!(cb->xflags & F_OP_ANY))
xtables_error(PARAMETER_PROBLEM,
"STRING match: You must specify `--string' or "
"`--hex-string'");
- if (!(flags & ALGO))
- xtables_error(PARAMETER_PROBLEM,
- "STRING match: You must specify `--algo'");
}
/* Test to see if the string contains non-printable chars or quotes */
@@ -357,11 +313,11 @@ static struct xtables_match string_mt_reg[] = {
.userspacesize = offsetof(struct xt_string_info, config),
.help = string_help,
.init = string_init,
- .parse = string_parse,
- .final_check = string_check,
.print = string_print,
.save = string_save,
- .extra_opts = string_opts,
+ .x6_parse = string_parse,
+ .x6_fcheck = string_check,
+ .x6_options = string_opts,
},
{
.name = "string",
@@ -372,11 +328,11 @@ static struct xtables_match string_mt_reg[] = {
.userspacesize = offsetof(struct xt_string_info, config),
.help = string_help,
.init = string_init,
- .parse = string_parse,
- .final_check = string_check,
.print = string_print,
.save = string_save,
- .extra_opts = string_opts,
+ .x6_parse = string_parse,
+ .x6_fcheck = string_check,
+ .x6_options = string_opts,
},
};