From 825c317eedc12e1c8c93e22a96bc423d27b3c1f4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 17:16:26 +0100 Subject: src: remove redundant returns at end of void-returning functions Signed-off-by: Jan Engelhardt --- extensions/libip6t_ipv6header.c | 4 ---- extensions/libxt_DSCP.c | 1 - extensions/libxt_NFQUEUE.c | 1 - extensions/libxt_dscp.c | 1 - extensions/libxt_u32.c | 2 -- iptables-xml.c | 2 -- 6 files changed, 11 deletions(-) diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index 30061244..1fc9b7e9 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -262,8 +262,6 @@ static void ipv6header_print(const void *ip, if (info->modeflag) printf("soft "); - - return; } static void ipv6header_save(const void *ip, const struct xt_entry_match *match) @@ -276,8 +274,6 @@ static void ipv6header_save(const void *ip, const struct xt_entry_match *match) printf(" "); if (info->modeflag) printf("--soft "); - - return; } static struct xtables_match ipv6header_mt6_reg = { diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index 6625db11..c9b03272 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -57,7 +57,6 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo) "DSCP `%d` out of range\n", dscp); dinfo->dscp = (u_int8_t )dscp; - return; } diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c index 7daed18e..58807853 100644 --- a/extensions/libxt_NFQUEUE.c +++ b/extensions/libxt_NFQUEUE.c @@ -38,7 +38,6 @@ parse_num(const char *s, struct xt_NFQ_info *tinfo) "Invalid queue number `%s'\n", s); tinfo->queuenum = num & 0xffff; - return; } static int diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index eefb186b..bb794f50 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -57,7 +57,6 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo) "DSCP `%d` out of range\n", dscp); dinfo->dscp = (u_int8_t )dscp; - return; } diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c index 256d15fc..f0bb61a3 100644 --- a/extensions/libxt_u32.c +++ b/extensions/libxt_u32.c @@ -254,7 +254,6 @@ static void u32_print(const void *ip, const struct xt_entry_match *match, if (data->invert) printf("! "); u32_dump(data); - return; } static void u32_save(const void *ip, const struct xt_entry_match *match) @@ -264,7 +263,6 @@ static void u32_save(const void *ip, const struct xt_entry_match *match) printf("! "); printf("--u32 "); u32_dump(data); - return; } static struct xtables_match u32_match = { diff --git a/iptables-xml.c b/iptables-xml.c index 8aee5c24..6481b8e0 100644 --- a/iptables-xml.c +++ b/iptables-xml.c @@ -531,8 +531,6 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc, if (level1) printf("%s", leveli1); CLOSE_LEVEL(1); - - return; } static int -- cgit v1.2.3 From 213e185afbb298e6708881e4c2adffdc47a8b6da Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 17:24:34 +0100 Subject: src: remove redundant casts All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt --- extensions/libip6t_LOG.c | 2 +- extensions/libip6t_ah.c | 2 +- extensions/libip6t_dst.c | 7 +++---- extensions/libip6t_frag.c | 2 +- extensions/libip6t_hbh.c | 7 +++---- extensions/libip6t_ipv6header.c | 2 +- extensions/libip6t_rt.c | 2 +- extensions/libipt_CLUSTERIP.c | 4 ++-- extensions/libipt_LOG.c | 2 +- extensions/libipt_ah.c | 2 +- extensions/libipt_realm.c | 2 +- extensions/libxt_DSCP.c | 4 ++-- extensions/libxt_dccp.c | 2 +- extensions/libxt_dscp.c | 4 ++-- extensions/libxt_esp.c | 2 +- extensions/libxt_length.c | 2 +- extensions/libxt_tcp.c | 2 +- extensions/libxt_tcpmss.c | 2 +- xtables.c | 2 +- 19 files changed, 26 insertions(+), 28 deletions(-) diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index 40a551f4..1b21d5dd 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -91,7 +91,7 @@ parse_level(const char *level) "log-level `%s' unknown", level); } - return (u_int8_t)lev; + return lev; } #define IP6T_LOG_OPT_LEVEL 0x01 diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c index 0bbd4754..63d15734 100644 --- a/extensions/libip6t_ah.c +++ b/extensions/libip6t_ah.c @@ -45,7 +45,7 @@ parse_ah_spi(const char *spistr, const char *typestr) exit_error(PARAMETER_PROBLEM, "AH error parsing %s `%s'", typestr, spistr); - return (u_int32_t) spi; + return spi; } static void diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c index 215e2d95..43562c17 100644 --- a/extensions/libip6t_dst.c +++ b/extensions/libip6t_dst.c @@ -49,7 +49,7 @@ parse_opts_num(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "dst: error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static int @@ -78,13 +78,12 @@ parse_options(const char *optsstr, u_int16_t *opts) *range++ = '\0'; } - opts[i] = (u_int16_t)((parse_opts_num(cp,"opt") & 0x000000FF)<<8); + opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8; if (range) { if (opts[i] == 0) exit_error(PARAMETER_PROBLEM, "PAD0 hasn't got length"); - opts[i] |= (u_int16_t)(parse_opts_num(range,"length") & - 0x000000FF); + opts[i] |= parse_opts_num(range, "length") & 0xFF; } else opts[i] |= (0x00FF); diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 5ded1c65..7c22429e 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -51,7 +51,7 @@ parse_frag_id(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "FRAG error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static void diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c index 419c2506..6c7458d8 100644 --- a/extensions/libip6t_hbh.c +++ b/extensions/libip6t_hbh.c @@ -52,7 +52,7 @@ parse_opts_num(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "hbh: error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static int @@ -75,12 +75,11 @@ parse_options(const char *optsstr, u_int16_t *opts) "too many ports specified"); *range++ = '\0'; } - opts[i] = (u_int16_t)((parse_opts_num(cp,"opt") & 0x000000FF)<<8); + opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8; if (range) { if (opts[i] == 0) exit_error(PARAMETER_PROBLEM, "PAD0 hasn't got length"); - opts[i] |= (u_int16_t)(parse_opts_num(range,"length") & - 0x000000FF); + opts[i] |= parse_opts_num(range, "length") & 0xFF; } else { opts[i] |= (0x00FF); } diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index 1fc9b7e9..ea8870a5 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -110,7 +110,7 @@ name_to_proto(const char *s) s); } - return (u_int16_t)proto; + return proto; } static unsigned int diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c index 9468da18..49d86fa3 100644 --- a/extensions/libip6t_rt.c +++ b/extensions/libip6t_rt.c @@ -58,7 +58,7 @@ parse_rt_num(const char *idstr, const char *typestr) exit_error(PARAMETER_PROBLEM, "RT error parsing %s `%s'", typestr, idstr); } - return (u_int32_t) id; + return id; } static void diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c index 47184965..e93290ac 100644 --- a/extensions/libipt_CLUSTERIP.c +++ b/extensions/libipt_CLUSTERIP.c @@ -122,7 +122,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify total node number once\n"); if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); - cipinfo->num_total_nodes = (u_int16_t)num; + cipinfo->num_total_nodes = num; *flags |= PARAM_TOTALNODE; break; case '5': @@ -133,7 +133,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); cipinfo->num_local_nodes = 1; - cipinfo->local_nodes[0] = (u_int16_t)num; + cipinfo->local_nodes[0] = num; *flags |= PARAM_LOCALNODE; break; case '6': diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 668b5654..2aee910f 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -91,7 +91,7 @@ parse_level(const char *level) "log-level `%s' unknown", level); } - return (u_int8_t)lev; + return lev; } #define IPT_LOG_OPT_LEVEL 0x01 diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index fec87a74..10998d8b 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -41,7 +41,7 @@ parse_ah_spi(const char *spistr) exit_error(PARAMETER_PROBLEM, "AH error parsing spi `%s'", spistr); } - return (u_int32_t) spi; + return spi; } static void diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c index 5af2fd41..22cbe276 100644 --- a/extensions/libipt_realm.c +++ b/extensions/libipt_realm.c @@ -173,7 +173,7 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags, if (id == -1) exit_error(PARAMETER_PROBLEM, "Realm `%s' not found", optarg); - realminfo->id = (u_int32_t)id; + realminfo->id = id; realminfo->mask = 0xffffffff; } if (invert) diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index c9b03272..409fa196 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -56,7 +56,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo) exit_error(PARAMETER_PROBLEM, "DSCP `%d` out of range\n", dscp); - dinfo->dscp = (u_int8_t )dscp; + dinfo->dscp = dscp; } @@ -66,7 +66,7 @@ parse_class(const char *s, struct xt_DSCP_info *dinfo) unsigned int dscp = class_to_dscp(s); /* Assign the value */ - dinfo->dscp = (u_int8_t)dscp; + dinfo->dscp = dscp; } diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index 24bf6f7f..b1ae62ee 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -125,7 +125,7 @@ static u_int8_t parse_dccp_option(char *optstring) exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'", optstring); - return (u_int8_t)ret; + return ret; } static int diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index bb794f50..315e219a 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -56,7 +56,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo) exit_error(PARAMETER_PROBLEM, "DSCP `%d` out of range\n", dscp); - dinfo->dscp = (u_int8_t )dscp; + dinfo->dscp = dscp; } @@ -66,7 +66,7 @@ parse_class(const char *s, struct xt_dscp_info *dinfo) unsigned int dscp = class_to_dscp(s); /* Assign the value */ - dinfo->dscp = (u_int8_t)dscp; + dinfo->dscp = dscp; } diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c index 999733c3..34df876d 100644 --- a/extensions/libxt_esp.c +++ b/extensions/libxt_esp.c @@ -43,7 +43,7 @@ parse_esp_spi(const char *spistr) exit_error(PARAMETER_PROBLEM, "ESP error parsing spi `%s'", spistr); } - return (u_int32_t) spi; + return spi; } static void diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index 98e81673..e350431c 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -29,7 +29,7 @@ parse_length(const char *s) if (string_to_number(s, 0, 0xFFFF, &len) == -1) exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s); else - return (u_int16_t )len; + return len; } /* If a single value is provided, min and max are both set to the value */ diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index 14d8c186..a9039f0b 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -124,7 +124,7 @@ parse_tcp_option(const char *option, u_int8_t *result) if (string_to_number(option, 1, 255, &ret) == -1) exit_error(PARAMETER_PROBLEM, "Bad TCP option `%s'", option); - *result = (u_int8_t)ret; + *result = ret; } static void tcp_init(struct xt_entry_match *m) diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index 000d85a6..a720c425 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -27,7 +27,7 @@ parse_tcp_mssvalue(const char *mssvalue) unsigned int mssvaluenum; if (string_to_number(mssvalue, 0, 65535, &mssvaluenum) != -1) - return (u_int16_t)mssvaluenum; + return mssvaluenum; exit_error(PARAMETER_PROBLEM, "Invalid mss `%s' specified", mssvalue); diff --git a/xtables.c b/xtables.c index abdd283b..ecfbccf3 100644 --- a/xtables.c +++ b/xtables.c @@ -262,7 +262,7 @@ u_int16_t parse_port(const char *port, const char *proto) if ((string_to_number(port, 0, 65535, &portnum)) != -1 || (portnum = service_to_port(port, proto)) != (unsigned)-1) - return (u_int16_t)portnum; + return portnum; exit_error(PARAMETER_PROBLEM, "invalid port/service `%s' specified", port); -- cgit v1.2.3 From 7a63ca74dbcd323217cab7296e68a19b8c9ea6c4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 17:34:58 +0100 Subject: libxt_owner: use correct UID/GID boundaries -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt --- extensions/libxt_owner.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index 4cd173e3..c8677a8c 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -110,7 +110,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; @@ -123,7 +123,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; @@ -190,7 +190,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; @@ -204,7 +204,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; @@ -245,12 +245,12 @@ static void owner_parse_range(const char *s, unsigned int *from, { char *end; - /* 4294967295 is reserved, so subtract one from ~0 */ - if (!strtonum(s, &end, from, 0, (~(uid_t)0) - 1)) + /* -1 is reversed, so the max is one less than that. */ + if (!strtonum(s, &end, from, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') - if (!strtonum(end + 1, &end, to, 0, (~(uid_t)0) - 1)) + if (!strtonum(end + 1, &end, to, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); if (*end != '\0') param_act(P_BAD_VALUE, "owner", opt, s); -- cgit v1.2.3 From a80975497968e69b23f56bf15d346c65bec381f2 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 17:39:01 +0100 Subject: extensions: use UINT_MAX constants over open-coded bits (1/2) ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt --- extensions/libxt_CONNMARK.c | 26 +++++++++++++------------- extensions/libxt_MARK.c | 12 ++++++------ extensions/libxt_TPROXY.c | 2 +- extensions/libxt_connmark.c | 6 +++--- extensions/libxt_conntrack.c | 10 +++++----- extensions/libxt_mark.c | 6 +++--- extensions/libxt_quota.c | 2 +- extensions/libxt_string.c | 2 +- 8 files changed, 33 insertions(+), 33 deletions(-) diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index 2ad27591..d5d963d4 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -90,8 +90,8 @@ static void connmark_tg_init(struct xt_entry_target *target) * Need these defaults for --save-mark/--restore-mark if no * --ctmark or --nfmask is given. */ - info->ctmask = ~0U; - info->nfmask = ~0U; + info->ctmask = UINT32_MAX; + info->nfmask = UINT32_MAX; } static int @@ -152,17 +152,17 @@ static int connmark_tg_parse(int c, char **argv, int invert, struct xt_entry_target **target) { struct xt_connmark_tginfo1 *info = (void *)(*target)->data; - unsigned int value, mask = ~0U; + unsigned int value, mask = UINT32_MAX; char *end; switch (c) { case '=': /* --set-xmark */ case '-': /* --set-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, &end, &value, 0, ~0U)) + if (!strtonum(optarg, &end, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) + if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); @@ -176,7 +176,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '&': /* --and-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &mask, 0, ~0U)) + if (!strtonum(optarg, NULL, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--and-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = 0; @@ -186,7 +186,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '|': /* --or-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--or-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; @@ -196,7 +196,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '^': /* --xor-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--xor-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; @@ -221,7 +221,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--nfmask"); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--nfmask", optarg); info->nfmask = value; return true; @@ -231,7 +231,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--ctmask"); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--ctmask", optarg); info->ctmask = value; return true; @@ -241,7 +241,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--mask"); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--mask", optarg); info->nfmask = info->ctmask = value; return true; @@ -317,7 +317,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target, info->ctmark, info->ctmask); break; case XT_CONNMARK_SAVE: - if (info->nfmask == ~0U && info->ctmask == ~0U) + if (info->nfmask == UINT32_MAX && info->ctmask == UINT32_MAX) printf("CONNMARK save "); else if (info->nfmask == info->ctmask) printf("CONNMARK save mask 0x%x ", info->nfmask); @@ -326,7 +326,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target, info->nfmask, info->ctmask); break; case XT_CONNMARK_RESTORE: - if (info->ctmask == ~0U && info->nfmask == ~0U) + if (info->ctmask == UINT32_MAX && info->nfmask == UINT32_MAX) printf("CONNMARK restore "); else if (info->ctmask == info->nfmask) printf("CONNMARK restore mask 0x%x ", info->ctmask); diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index 95bce89a..b02322b9 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -126,7 +126,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_target **target) { struct xt_mark_tginfo2 *info = (void *)(*target)->data; - unsigned int value, mask = ~0U; + unsigned int value, mask = UINT32_MAX; char *end; switch (c) { @@ -134,10 +134,10 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '=': /* --set-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert); - if (!strtonum(optarg, &end, &value, 0, ~0U)) + if (!strtonum(optarg, &end, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) + if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); @@ -151,7 +151,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '&': /* --and-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--and-mark", invert); - if (!strtonum(optarg, NULL, &mask, 0, ~0U)) + if (!strtonum(optarg, NULL, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--and-mark", optarg); info->mark = 0; info->mask = ~mask; @@ -160,7 +160,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '|': /* --or-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--or-mark", invert); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--or-mark", optarg); info->mark = value; info->mask = value; @@ -169,7 +169,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '^': /* --xor-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--xor-mark", invert); - if (!strtonum(optarg, NULL, &value, 0, ~0U)) + if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--xor-mark", optarg); info->mark = value; info->mask = 0; diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index deb214f8..e9a41a15 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -58,7 +58,7 @@ static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info static void parse_tproxy_mark(char *s, struct xt_tproxy_target_info *info) { - unsigned int value, mask = ~0U; + unsigned int value, mask = UINT32_MAX; char *end; if (!strtonum(s, &end, &value, 0, UINT_MAX)) diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index bc7ef45b..fbd3e62c 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -49,16 +49,16 @@ connmark_mt_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_connmark_mtinfo1 *info = (void *)(*match)->data; - unsigned int mark, mask = ~0U; + unsigned int mark, mask = UINT32_MAX; char *end; switch (c) { case '1': /* --mark */ param_act(P_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK); - if (!strtonum(optarg, &end, &mark, 0, ~0U)) + if (!strtonum(optarg, &end, &mark, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "connmark", "--mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) + if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "connmark", "--mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "connmark", "--mark", optarg); diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index d5dee7e6..532f5eee 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -272,7 +272,7 @@ conntrack_ps_expires(struct xt_conntrack_mtinfo1 *info, const char *s) param_act(P_BAD_VALUE, "conntrack", "--expires", s); max = min; if (*end == ':') - if (!strtonum(s, &end, &max, 0, ~0U)) + if (!strtonum(s, &end, &max, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "conntrack", "--expires", s); if (*end != '\0') param_act(P_BAD_VALUE, "conntrack", "--expires", s); @@ -481,7 +481,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'a': /* --ctorigsrcport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) + if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctorigsrcport", optarg); info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT; @@ -491,7 +491,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'b': /* --ctorigdstport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) + if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctorigdstport", optarg); info->match_flags |= XT_CONNTRACK_ORIGDST_PORT; @@ -501,7 +501,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'c': /* --ctreplsrcport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) + if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctreplsrcport", optarg); info->match_flags |= XT_CONNTRACK_REPLSRC_PORT; @@ -511,7 +511,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'd': /* --ctrepldstport */ - if (!strtonum(optarg, NULL, &port, 0, ~(u_int16_t)0)) + if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctrepldstport", optarg); info->match_flags |= XT_CONNTRACK_REPLDST_PORT; diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c index 811cc77e..5a95d519 100644 --- a/extensions/libxt_mark.c +++ b/extensions/libxt_mark.c @@ -29,16 +29,16 @@ static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_mark_mtinfo1 *info = (void *)(*match)->data; - unsigned int mark, mask = ~0U; + unsigned int mark, mask = UINT32_MAX; char *end; switch (c) { case '1': /* --mark */ param_act(P_ONLY_ONCE, "mark", "--mark", *flags & F_MARK); - if (!strtonum(optarg, &end, &mark, 0, ~0U)) + if (!strtonum(optarg, &end, &mark, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "mark", "--mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, ~0U)) + if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "mark", "--mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "mark", "--mark", optarg); diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c index 5007f7cb..90da1cd4 100644 --- a/extensions/libxt_quota.c +++ b/extensions/libxt_quota.c @@ -46,7 +46,7 @@ parse_quota(const char *s, u_int64_t * quota) printf("Quota: %llu\n", *quota); #endif - if (*quota == (u_int64_t)-1) + if (*quota == UINT64_MAX) exit_error(PARAMETER_PROBLEM, "quota invalid: '%s'\n", s); else return 1; diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c index b440fc92..0408c230 100644 --- a/extensions/libxt_string.c +++ b/extensions/libxt_string.c @@ -57,7 +57,7 @@ static void string_init(struct xt_entry_match *m) struct xt_string_info *i = (struct xt_string_info *) m->data; if (i->to_offset == 0) - i->to_offset = (u_int16_t) ~0UL; + i->to_offset = UINT16_MAX; } static void -- cgit v1.2.3 From e917bca09924435f3fca23c01042543b1826c81e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 18:14:21 +0100 Subject: extensions: use UINT_MAX constants over open-coded numbers (2/2) Use the handy constants for ranges. Signed-off-by: Jan Engelhardt --- extensions/libip6t_HL.c | 2 +- extensions/libip6t_icmp6.c | 4 ++-- extensions/libip6t_mh.c | 2 +- extensions/libipt_TTL.c | 2 +- extensions/libipt_icmp.c | 4 ++-- extensions/libipt_ttl.c | 6 +++--- extensions/libxt_DSCP.c | 2 +- extensions/libxt_NFQUEUE.c | 2 +- extensions/libxt_TCPMSS.c | 2 +- extensions/libxt_TCPOPTSTRIP.c | 2 +- extensions/libxt_TOS.c | 6 +++--- extensions/libxt_TPROXY.c | 2 +- extensions/libxt_dccp.c | 2 +- extensions/libxt_dscp.c | 2 +- extensions/libxt_hashlimit.c | 16 ++++++++-------- extensions/libxt_length.c | 2 +- extensions/libxt_statistic.c | 4 ++-- extensions/libxt_tcp.c | 2 +- extensions/libxt_tcpmss.c | 2 +- extensions/tos_values.c | 2 +- ip6tables.c | 4 ++-- iptables.c | 4 ++-- xtables.c | 8 ++++---- 23 files changed, 42 insertions(+), 42 deletions(-) diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c index 92266e49..8f555722 100644 --- a/extensions/libip6t_HL.c +++ b/extensions/libip6t_HL.c @@ -44,7 +44,7 @@ static int HL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "HL: unexpected `!'"); - if (string_to_number(optarg, 0, 255, &value) == -1) + if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) exit_error(PARAMETER_PROBLEM, "HL: Expected value between 0 and 255"); diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index b87538f9..17567dfb 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -123,12 +123,12 @@ parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[]) if (slash) *slash = '\0'; - if (string_to_number(buffer, 0, 255, &number) == -1) + if (string_to_number(buffer, 0, UINT8_MAX, &number) == -1) exit_error(PARAMETER_PROBLEM, "Invalid ICMPv6 type `%s'\n", buffer); *type = number; if (slash) { - if (string_to_number(slash+1, 0, 255, &number) == -1) + if (string_to_number(slash+1, 0, UINT8_MAX, &number) == -1) exit_error(PARAMETER_PROBLEM, "Invalid ICMPv6 code `%s'\n", slash+1); diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c index e76d7c36..8b58bcdf 100644 --- a/extensions/libip6t_mh.c +++ b/extensions/libip6t_mh.c @@ -93,7 +93,7 @@ static unsigned int name_to_type(const char *name) } else { unsigned int number; - if (string_to_number(name, 0, 255, &number) == -1) + if (string_to_number(name, 0, UINT8_MAX, &number) == -1) exit_error(PARAMETER_PROBLEM, "Invalid MH type `%s'\n", name); return number; diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index 7647f2f7..e124381e 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -44,7 +44,7 @@ static int TTL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "TTL: unexpected `!'"); - if (string_to_number(optarg, 0, 255, &value) == -1) + if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) exit_error(PARAMETER_PROBLEM, "TTL: Expected value between 0 and 255"); diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index fa5a5409..7aff9caa 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -147,12 +147,12 @@ parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[]) if (slash) *slash = '\0'; - if (string_to_number(buffer, 0, 255, &number) == -1) + if (string_to_number(buffer, 0, UINT8_MAX, &number) == -1) exit_error(PARAMETER_PROBLEM, "Invalid ICMP type `%s'\n", buffer); *type = number; if (slash) { - if (string_to_number(slash+1, 0, 255, &number) == -1) + if (string_to_number(slash+1, 0, UINT8_MAX, &number) == -1) exit_error(PARAMETER_PROBLEM, "Invalid ICMP code `%s'\n", slash+1); diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index 055c92ee..a8455e1d 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -33,7 +33,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '2': - if (string_to_number(optarg, 0, 255, &value) == -1) + if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); @@ -46,7 +46,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, info->ttl = value; break; case '3': - if (string_to_number(optarg, 0, 255, &value) == -1) + if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); @@ -58,7 +58,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, info->ttl = value; break; case '4': - if (string_to_number(optarg, 0, 255, &value) == -1) + if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index 409fa196..92a6de5b 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo) { unsigned int dscp; - if (string_to_number(s, 0, 255, &dscp) == -1) + if (string_to_number(s, 0, UINT8_MAX, &dscp) == -1) exit_error(PARAMETER_PROBLEM, "Invalid dscp `%s'\n", s); diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c index 58807853..1a58760b 100644 --- a/extensions/libxt_NFQUEUE.c +++ b/extensions/libxt_NFQUEUE.c @@ -33,7 +33,7 @@ parse_num(const char *s, struct xt_NFQ_info *tinfo) { unsigned int num; - if (string_to_number(s, 0, 65535, &num) == -1) + if (string_to_number(s, 0, UINT16_MAX, &num) == -1) exit_error(PARAMETER_PROBLEM, "Invalid queue number `%s'\n", s); diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c index 2227eb48..9b62a56b 100644 --- a/extensions/libxt_TCPMSS.c +++ b/extensions/libxt_TCPMSS.c @@ -55,7 +55,7 @@ static int __TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "TCPMSS target: Only one option may be specified"); - if (string_to_number(optarg, 0, 65535 - hdrsize, &mssval) == -1) + if (string_to_number(optarg, 0, UINT16_MAX - hdrsize, &mssval) == -1) exit_error(PARAMETER_PROBLEM, "Bad TCPMSS value `%s'", optarg); mssinfo->mss = mssval; diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c index 758f8476..7211288e 100644 --- a/extensions/libxt_TCPOPTSTRIP.c +++ b/extensions/libxt_TCPOPTSTRIP.c @@ -82,7 +82,7 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg) break; } - if (option == 0 && string_to_number(arg, 0, 255, &option) == -1) + if (option == 0 && string_to_number(arg, 0, UINT8_MAX, &option) == -1) exit_error(PARAMETER_PROBLEM, "Bad TCP option value \"%s\"", arg); diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index c1856817..a04f7414 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -118,7 +118,7 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '&': /* --and-tos */ param_act(P_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); param_act(P_NO_INVERT, "TOS", "--and-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, 0xFF)) + if (!strtonum(optarg, NULL, &bits, 0, UINT8_MAX)) param_act(P_BAD_VALUE, "TOS", "--and-tos", optarg); info->tos_value = 0; info->tos_mask = ~bits; @@ -127,7 +127,7 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '|': /* --or-tos */ param_act(P_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); param_act(P_NO_INVERT, "TOS", "--or-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, 0xFF)) + if (!strtonum(optarg, NULL, &bits, 0, UINT8_MAX)) param_act(P_BAD_VALUE, "TOS", "--or-tos", optarg); info->tos_value = bits; info->tos_mask = bits; @@ -136,7 +136,7 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '^': /* --xor-tos */ param_act(P_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); param_act(P_NO_INVERT, "TOS", "--xor-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, 0xFF)) + if (!strtonum(optarg, NULL, &bits, 0, UINT8_MAX)) param_act(P_BAD_VALUE, "TOS", "--xor-tos", optarg); info->tos_value = bits; info->tos_mask = 0; diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index e9a41a15..41ca2436 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -40,7 +40,7 @@ static void parse_tproxy_lport(const char *s, struct xt_tproxy_target_info *info { unsigned int lport; - if (string_to_number(s, 0, 65535, &lport) != -1) + if (string_to_number(s, 0, UINT16_MAX, &lport) != -1) info->lport = htons(lport); else param_act(P_BAD_VALUE, "TPROXY", "--on-port", s); diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index b1ae62ee..0eb95cef 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -121,7 +121,7 @@ static u_int8_t parse_dccp_option(char *optstring) { unsigned int ret; - if (string_to_number(optstring, 1, 255, &ret) == -1) + if (string_to_number(optstring, 1, UINT8_MAX, &ret) == -1) exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'", optstring); diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index 315e219a..ae5a6248 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo) { unsigned int dscp; - if (string_to_number(s, 0, 255, &dscp) == -1) + if (string_to_number(s, 0, UINT8_MAX, &dscp) == -1) exit_error(PARAMETER_PROBLEM, "Invalid dscp `%s'\n", s); diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 1c506852..278e098e 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -240,7 +240,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-size: `%s'", optarg); r->cfg.size = num; @@ -250,7 +250,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-max: `%s'", optarg); r->cfg.max = num; @@ -261,7 +261,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-gcinterval: `%s'", optarg); @@ -273,7 +273,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) + if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-expire: `%s'", optarg); /* FIXME: not HZ dependent */ @@ -351,7 +351,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '&': /* --hashlimit-htable-size */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) + if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-size", optarg); info->cfg.size = num; @@ -361,7 +361,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '*': /* --hashlimit-htable-max */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) + if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-max", optarg); info->cfg.max = num; @@ -372,7 +372,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) + if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-gcinterval", optarg); /* FIXME: not HZ dependent!! */ @@ -383,7 +383,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case ')': /* --hashlimit-htable-expire */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); - if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) + if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-expire", optarg); /* FIXME: not HZ dependent */ diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index e350431c..0e196d78 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -26,7 +26,7 @@ parse_length(const char *s) { unsigned int len; - if (string_to_number(s, 0, 0xFFFF, &len) == -1) + if (string_to_number(s, 0, UINT16_MAX, &len) == -1) exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s); else return len; diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c index d85aacbd..e43de7d2 100644 --- a/extensions/libxt_statistic.c +++ b/extensions/libxt_statistic.c @@ -70,7 +70,7 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '3': if (*flags & 0x4) exit_error(PARAMETER_PROBLEM, "double --every"); - if (string_to_number(optarg, 0, 0xFFFFFFFF, + if (string_to_number(optarg, 0, UINT32_MAX, &info->u.nth.every) == -1) exit_error(PARAMETER_PROBLEM, "cannot parse --every `%s'", optarg); @@ -82,7 +82,7 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '4': if (*flags & 0x8) exit_error(PARAMETER_PROBLEM, "double --packet"); - if (string_to_number(optarg, 0, 0xFFFFFFFF, + if (string_to_number(optarg, 0, UINT32_MAX, &info->u.nth.packet) == -1) exit_error(PARAMETER_PROBLEM, "cannot parse --packet `%s'", optarg); diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index a9039f0b..82954a4e 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -121,7 +121,7 @@ parse_tcp_option(const char *option, u_int8_t *result) { unsigned int ret; - if (string_to_number(option, 1, 255, &ret) == -1) + if (string_to_number(option, 1, UINT8_MAX, &ret) == -1) exit_error(PARAMETER_PROBLEM, "Bad TCP option `%s'", option); *result = ret; diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index a720c425..e64a1b33 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -26,7 +26,7 @@ parse_tcp_mssvalue(const char *mssvalue) { unsigned int mssvaluenum; - if (string_to_number(mssvalue, 0, 65535, &mssvaluenum) != -1) + if (string_to_number(mssvalue, 0, UINT16_MAX, &mssvaluenum) != -1) return mssvaluenum; exit_error(PARAMETER_PROBLEM, diff --git a/extensions/tos_values.c b/extensions/tos_values.c index 0ab784da..2d5b4312 100644 --- a/extensions/tos_values.c +++ b/extensions/tos_values.c @@ -55,7 +55,7 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm, static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm, unsigned int def_mask) { - const unsigned int max = 255; + const unsigned int max = UINT8_MAX; const struct tos_symbol_info *symbol; char *tmp; diff --git a/ip6tables.c b/ip6tables.c index 3c45c072..a30cb7be 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -484,7 +484,7 @@ find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip { unsigned int proto; - if (string_to_number(pname, 0, 255, &proto) != -1) { + if (string_to_number(pname, 0, UINT8_MAX, &proto) != -1) { char *protoname = proto_to_name(proto, nolookup); if (protoname) @@ -500,7 +500,7 @@ parse_protocol(const char *s) { unsigned int proto; - if (string_to_number(s, 0, 255, &proto) == -1) { + if (string_to_number(s, 0, UINT8_MAX, &proto) == -1) { struct protoent *pent; /* first deal with the special case of 'all' to prevent diff --git a/iptables.c b/iptables.c index b75df871..2b5a82ee 100644 --- a/iptables.c +++ b/iptables.c @@ -486,7 +486,7 @@ find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct ipt { unsigned int proto; - if (string_to_number(pname, 0, 255, &proto) != -1) { + if (string_to_number(pname, 0, UINT8_MAX, &proto) != -1) { char *protoname = proto_to_name(proto, nolookup); if (protoname) @@ -502,7 +502,7 @@ parse_protocol(const char *s) { unsigned int proto; - if (string_to_number(s, 0, 255, &proto) == -1) { + if (string_to_number(s, 0, UINT8_MAX, &proto) == -1) { struct protoent *pent; /* first deal with the special case of 'all' to prevent diff --git a/xtables.c b/xtables.c index ecfbccf3..67196593 100644 --- a/xtables.c +++ b/xtables.c @@ -260,7 +260,7 @@ u_int16_t parse_port(const char *port, const char *proto) { unsigned int portnum; - if ((string_to_number(port, 0, 65535, &portnum)) != -1 || + if (string_to_number(port, 0, UINT16_MAX, &portnum) != -1 || (portnum = service_to_port(port, proto)) != (unsigned)-1) return portnum; @@ -811,7 +811,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) return NULL; /* autocomplete, this is a network address */ - if (!strtonum(p, NULL, &onebyte, 0, 255)) + if (!strtonum(p, NULL, &onebyte, 0, UINT8_MAX)) return NULL; addrp[i] = onebyte; @@ -822,7 +822,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) } *q = '\0'; - if (!strtonum(p, NULL, &onebyte, 0, 255)) + if (!strtonum(p, NULL, &onebyte, 0, UINT8_MAX)) return NULL; addrp[i] = onebyte; @@ -830,7 +830,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) } /* we have checked 3 bytes, now we check the last one */ - if (!strtonum(p, NULL, &onebyte, 0, 255)) + if (!strtonum(p, NULL, &onebyte, 0, UINT8_MAX)) return NULL; addrp[3] = onebyte; -- cgit v1.2.3 From 630ef48037f3602333addfdb53789c9c6a4bb4c8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 14:58:41 +0100 Subject: libxtables: prefix/order - fw_xalloc It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt --- Makefile.am | 2 +- include/xtables.h.in | 3 +++ include/xtables/internal.h | 3 --- ip6tables.c | 14 +++++++------- iptables.c | 14 +++++++------- xtables.c | 19 +++++++++++-------- 6 files changed, 29 insertions(+), 26 deletions(-) diff --git a/Makefile.am b/Makefile.am index 4852d2a1..83ab3bba 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,7 +14,7 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c lib_LTLIBRARIES = libxtables.la libxtables_la_SOURCES = xtables.c -libxtables_la_LDFLAGS = -version 0:0:0 +libxtables_la_LDFLAGS = -version-info 1:0:0 # iptables, dynamic iptables_SOURCES = iptables-standalone.c iptables.c diff --git a/include/xtables.h.in b/include/xtables.h.in index 8327c426..e63d171e 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -140,6 +140,9 @@ struct xtables_target #endif }; +extern void *xtables_calloc(size_t, size_t); +extern void *xtables_malloc(size_t); + /* Your shared library should call one of these. */ extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); diff --git a/include/xtables/internal.h b/include/xtables/internal.h index 24a5078b..6b78d3a8 100644 --- a/include/xtables/internal.h +++ b/include/xtables/internal.h @@ -43,9 +43,6 @@ struct xtables_rule_match { extern char *lib_dir; -extern void *fw_calloc(size_t count, size_t size); -extern void *fw_malloc(size_t size); - extern const char *modprobe_program; extern int xtables_insmod(const char *modname, const char *modprobe, int quiet); extern int load_xtables_ko(const char *modprobe, int quiet); diff --git a/ip6tables.c b/ip6tables.c index a30cb7be..a3b84bdd 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -939,7 +939,7 @@ make_delete_mask(struct ip6t_entry *fw, struct ip6tables_rule_match *matches) for (matchp = matches; matchp; matchp = matchp->next) size += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size; - mask = fw_calloc(1, size + mask = xtables_calloc(1, size + IP6T_ALIGN(sizeof(struct ip6t_entry_target)) + xtables_targets->size); @@ -1005,7 +1005,7 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), chain = ip6tc_next_chain(handle); } - chains = fw_malloc(sizeof(ip6t_chainlabel) * chaincount); + chains = xtables_malloc(sizeof(ip6t_chainlabel) * chaincount); i = 0; chain = ip6tc_first_chain(handle); while (chain) { @@ -1371,7 +1371,7 @@ generate_entry(const struct ip6t_entry *fw, for (matchp = matches; matchp; matchp = matchp->next) size += matchp->match->m->u.match_size; - e = fw_malloc(size + target->u.target_size); + e = xtables_malloc(size + target->u.target_size); *e = *fw; e->target_offset = size; e->next_offset = size + target->u.target_size; @@ -1674,7 +1674,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand size = IP6T_ALIGN(sizeof(struct ip6t_entry_target)) + target->size; - target->t = fw_calloc(1, size); + target->t = xtables_calloc(1, size); target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); set_revision(target->t->u.user.name, @@ -1726,7 +1726,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand m = find_match(optarg, LOAD_MUST_SUCCEED, &matches); size = IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + m->size; - m->m = fw_calloc(1, size); + m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, m->revision); @@ -1873,7 +1873,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand size = IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + m->size; - m->m = fw_calloc(1, size); + m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, @@ -2022,7 +2022,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand size = sizeof(struct ip6t_entry_target) + target->size; - target->t = fw_calloc(1, size); + target->t = xtables_calloc(1, size); target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); if (target->init != NULL) diff --git a/iptables.c b/iptables.c index 2b5a82ee..8068cc80 100644 --- a/iptables.c +++ b/iptables.c @@ -932,7 +932,7 @@ make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches) for (matchp = matches; matchp; matchp = matchp->next) size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; - mask = fw_calloc(1, size + mask = xtables_calloc(1, size + IPT_ALIGN(sizeof(struct ipt_entry_target)) + xtables_targets->size); @@ -998,7 +998,7 @@ for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), chain = iptc_next_chain(handle); } - chains = fw_malloc(sizeof(ipt_chainlabel) * chaincount); + chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount); i = 0; chain = iptc_first_chain(handle); while (chain) { @@ -1370,7 +1370,7 @@ generate_entry(const struct ipt_entry *fw, for (matchp = matches; matchp; matchp = matchp->next) size += matchp->match->m->u.match_size; - e = fw_malloc(size + target->u.target_size); + e = xtables_malloc(size + target->u.target_size); *e = *fw; e->target_offset = size; e->next_offset = size + target->u.target_size; @@ -1679,7 +1679,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + target->size; - target->t = fw_calloc(1, size); + target->t = xtables_calloc(1, size); target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); set_revision(target->t->u.user.name, @@ -1737,7 +1737,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle m = find_match(optarg, LOAD_MUST_SUCCEED, &matches); size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; - m->m = fw_calloc(1, size); + m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, m->revision); @@ -1891,7 +1891,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; - m->m = fw_calloc(1, size); + m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, @@ -2051,7 +2051,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle size = sizeof(struct ipt_entry_target) + target->size; - target->t = fw_calloc(1, size); + target->t = xtables_calloc(1, size); target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); if (!iptc_is_chain(jumpto, *handle)) diff --git a/xtables.c b/xtables.c index 67196593..564b27e9 100644 --- a/xtables.c +++ b/xtables.c @@ -53,7 +53,10 @@ const char *modprobe_program = NULL; struct xtables_match *xtables_matches; struct xtables_target *xtables_targets; -void *fw_calloc(size_t count, size_t size) +/** + * xtables_*alloc - wrappers that exit on failure + */ +void *xtables_calloc(size_t count, size_t size) { void *p; @@ -65,7 +68,7 @@ void *fw_calloc(size_t count, size_t size) return p; } -void *fw_malloc(size_t size) +void *xtables_malloc(size_t size) { void *p; @@ -379,7 +382,7 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload, break; /* Second and subsequent clones */ - clone = fw_malloc(sizeof(struct xtables_match)); + clone = xtables_malloc(sizeof(struct xtables_match)); memcpy(clone, ptr, sizeof(struct xtables_match)); clone->mflags = 0; /* This is a clone: */ @@ -416,7 +419,7 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload, struct xtables_rule_match **i; struct xtables_rule_match *newentry; - newentry = fw_malloc(sizeof(struct xtables_rule_match)); + newentry = xtables_malloc(sizeof(struct xtables_rule_match)); for (i = matches; *i; i = &(*i)->next) { if (strcmp(name, (*i)->match->name) == 0) @@ -876,7 +879,7 @@ static struct in_addr *host_to_ipaddr(const char *name, unsigned int *naddr) while (host->h_addr_list[*naddr] != NULL) ++*naddr; - addr = fw_calloc(*naddr, sizeof(struct in_addr) * *naddr); + addr = xtables_calloc(*naddr, sizeof(struct in_addr) * *naddr); for (i = 0; i < *naddr; i++) memcpy(&addr[i], host->h_addr_list[i], sizeof(struct in_addr)); @@ -893,7 +896,7 @@ ipparse_hostnetwork(const char *name, unsigned int *naddrs) if ((addrptmp = numeric_to_ipaddr(name)) != NULL || (addrptmp = network_to_ipaddr(name)) != NULL) { - addrp = fw_malloc(sizeof(struct in_addr)); + addrp = xtables_malloc(sizeof(struct in_addr)); memcpy(addrp, addrptmp, sizeof(*addrp)); *naddrs = 1; return addrp; @@ -1089,7 +1092,7 @@ host_to_ip6addr(const char *name, unsigned int *naddr) ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr)); #endif /* Get the first element of the address-chain */ - addr = fw_malloc(sizeof(struct in6_addr)); + addr = xtables_malloc(sizeof(struct in6_addr)); memcpy(addr, &((const struct sockaddr_in6 *)res->ai_addr)->sin6_addr, sizeof(struct in6_addr)); freeaddrinfo(res); @@ -1115,7 +1118,7 @@ ip6parse_hostnetwork(const char *name, unsigned int *naddrs) if ((addrptmp = numeric_to_ip6addr(name)) != NULL || (addrptmp = network_to_ip6addr(name)) != NULL) { - addrp = fw_malloc(sizeof(struct in6_addr)); + addrp = xtables_malloc(sizeof(struct in6_addr)); memcpy(addrp, addrptmp, sizeof(*addrp)); *naddrs = 1; return addrp; -- cgit v1.2.3 From c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaa Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:10:05 +0100 Subject: libxtables: prefix/order - modprobe and xtables.ko loading This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 5 +++++ include/xtables/internal.h | 4 ---- ip6tables-restore.c | 5 +++-- ip6tables.c | 5 +++-- iptables-restore.c | 5 +++-- iptables.c | 5 +++-- xtables.c | 10 +++++----- 7 files changed, 22 insertions(+), 17 deletions(-) diff --git a/include/xtables.h.in b/include/xtables.h.in index e63d171e..2512d79f 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -140,9 +140,14 @@ struct xtables_target #endif }; +extern const char *xtables_modprobe_program; + extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); +extern int xtables_insmod(const char *, const char *, bool); +extern int xtables_load_ko(const char *, bool); + /* Your shared library should call one of these. */ extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); diff --git a/include/xtables/internal.h b/include/xtables/internal.h index 6b78d3a8..62fe2edb 100644 --- a/include/xtables/internal.h +++ b/include/xtables/internal.h @@ -43,10 +43,6 @@ struct xtables_rule_match { extern char *lib_dir; -extern const char *modprobe_program; -extern int xtables_insmod(const char *modname, const char *modprobe, int quiet); -extern int load_xtables_ko(const char *modprobe, int quiet); - /* This is decleared in ip[6]tables.c */ extern struct afinfo afinfo; diff --git a/ip6tables-restore.c b/ip6tables-restore.c index a84c2e3e..097711f3 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -12,6 +12,7 @@ #include #include +#include #include #include #include @@ -64,7 +65,7 @@ static struct ip6tc_handle *create_handle(const char *tablename) if (!handle) { /* try to insmod the module if iptc_init failed */ - load_xtables_ko(modprobe_program, 0); + xtables_load_ko(xtables_modprobe_program, false); handle = ip6tc_init(tablename); } @@ -165,7 +166,7 @@ int main(int argc, char *argv[]) noflush = 1; break; case 'M': - modprobe_program = optarg; + xtables_modprobe_program = optarg; break; } } diff --git a/ip6tables.c b/ip6tables.c index a3b84bdd..ea8d80d1 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1769,7 +1770,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'M': - modprobe_program = optarg; + xtables_modprobe_program = optarg; break; case 'c': @@ -1967,7 +1968,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand *handle = ip6tc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && load_xtables_ko(modprobe_program, 0) != -1) + if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1) *handle = ip6tc_init(*table); if (!*handle) diff --git a/iptables-restore.c b/iptables-restore.c index 7cc6d6dc..3fbc9087 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -63,7 +64,7 @@ static struct iptc_handle *create_handle(const char *tablename) if (!handle) { /* try to insmod the module if iptc_init failed */ - load_xtables_ko(modprobe_program, 0); + xtables_load_ko(xtables_modprobe_program, false); handle = iptc_init(tablename); } @@ -167,7 +168,7 @@ main(int argc, char *argv[]) noflush = 1; break; case 'M': - modprobe_program = optarg; + xtables_modprobe_program = optarg; break; case 'T': tablename = optarg; diff --git a/iptables.c b/iptables.c index 8068cc80..75fe5831 100644 --- a/iptables.c +++ b/iptables.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -1786,7 +1787,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'M': - modprobe_program = optarg; + xtables_modprobe_program = optarg; break; case 'c': @@ -1996,7 +1997,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle *handle = iptc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && load_xtables_ko(modprobe_program, 0) != -1) + if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1) *handle = iptc_init(*table); if (!*handle) diff --git a/xtables.c b/xtables.c index 564b27e9..c9721b63 100644 --- a/xtables.c +++ b/xtables.c @@ -47,7 +47,7 @@ char *lib_dir; /* the path to command to load kernel module */ -const char *modprobe_program = NULL; +const char *xtables_modprobe_program; /* Keeping track of external matches and targets: linked lists. */ struct xtables_match *xtables_matches; @@ -108,7 +108,7 @@ static char *get_modprobe(void) return NULL; } -int xtables_insmod(const char *modname, const char *modprobe, int quiet) +int xtables_insmod(const char *modname, const char *modprobe, bool quiet) { char *buf = NULL; char *argv[4]; @@ -150,9 +150,9 @@ int xtables_insmod(const char *modname, const char *modprobe, int quiet) return -1; } -int load_xtables_ko(const char *modprobe, int quiet) +int xtables_load_ko(const char *modprobe, bool quiet) { - static int loaded = 0; + static bool loaded = false; static int ret = -1; if (!loaded) { @@ -502,7 +502,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) exit(1); } - load_xtables_ko(modprobe_program, 1); + xtables_load_ko(xtables_modprobe_program, true); strcpy(rev.name, name); rev.revision = revision; -- cgit v1.2.3 From 2338efd8f799d8373dc196c797bda9690283b698 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:23:01 +0100 Subject: libxtables: prefix/order - match/target loading This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 22 ++++++++++++++++++++++ include/xtables/internal.h | 23 ----------------------- ip6tables.c | 45 +++++++++++++++++++++++++-------------------- iptables.c | 45 +++++++++++++++++++++++++-------------------- xtables.c | 41 ++++++++++++++++++++++------------------- 5 files changed, 94 insertions(+), 82 deletions(-) diff --git a/include/xtables.h.in b/include/xtables.h.in index 2512d79f..02a832db 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -140,7 +140,24 @@ struct xtables_target #endif }; +struct xtables_rule_match { + struct xtables_rule_match *next; + struct xtables_match *match; + /* Multiple matches of the same type: the ones before + the current one are completed from parsing point of view */ + bool completed; +}; + +enum xtables_tryload { + XTF_DONT_LOAD, + XTF_DURING_LOAD, + XTF_TRY_LOAD, + XTF_LOAD_MUST_SUCCEED, +}; + extern const char *xtables_modprobe_program; +extern struct xtables_match *xtables_matches; +extern struct xtables_target *xtables_targets; extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); @@ -148,6 +165,11 @@ extern void *xtables_malloc(size_t); extern int xtables_insmod(const char *, const char *, bool); extern int xtables_load_ko(const char *, bool); +extern struct xtables_match *xtables_find_match(const char *name, + enum xtables_tryload, struct xtables_rule_match **match); +extern struct xtables_target *xtables_find_target(const char *name, + enum xtables_tryload); + /* Your shared library should call one of these. */ extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); diff --git a/include/xtables/internal.h b/include/xtables/internal.h index 62fe2edb..60375cd1 100644 --- a/include/xtables/internal.h +++ b/include/xtables/internal.h @@ -26,34 +26,11 @@ struct afinfo { int so_rev_target; }; -enum xt_tryload { - DONT_LOAD, - DURING_LOAD, - TRY_LOAD, - LOAD_MUST_SUCCEED -}; - -struct xtables_rule_match { - struct xtables_rule_match *next; - struct xtables_match *match; - /* Multiple matches of the same type: the ones before - the current one are completed from parsing point of view */ - unsigned int completed; -}; - extern char *lib_dir; /* This is decleared in ip[6]tables.c */ extern struct afinfo afinfo; -/* Keeping track of external matches and targets: linked lists. */ -extern struct xtables_match *xtables_matches; -extern struct xtables_target *xtables_targets; - -extern struct xtables_match *find_match(const char *name, enum xt_tryload, - struct xtables_rule_match **match); -extern struct xtables_target *find_target(const char *name, enum xt_tryload); - extern void _init(void); #endif /* _XTABLES_INTERNAL_H */ diff --git a/ip6tables.c b/ip6tables.c index ea8d80d1..6d1277bd 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -481,7 +481,8 @@ check_inverse(const char option[], int *invert, int *my_optind, int argc) /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * -find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches) +find_proto(const char *pname, enum xtables_tryload tryload, + int nolookup, struct ip6tables_rule_match **matches) { unsigned int proto; @@ -489,9 +490,9 @@ find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip char *protoname = proto_to_name(proto, nolookup); if (protoname) - return find_match(protoname, tryload, matches); + return xtables_find_match(protoname, tryload, matches); } else - return find_match(pname, tryload, matches); + return xtables_find_match(pname, tryload, matches); return NULL; } @@ -706,7 +707,8 @@ print_match(const struct ip6t_entry_match *m, const struct ip6t_ip6 *ip, int numeric) { - struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL); + struct xtables_match *match = + xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL); if (match) { if (match->print) @@ -735,9 +737,10 @@ print_firewall(const struct ip6t_entry *fw, char buf[BUFSIZ]; if (!ip6tc_is_chain(targname, handle)) - target = find_target(targname, TRY_LOAD); + target = xtables_find_target(targname, XTF_TRY_LOAD); else - target = find_target(IP6T_STANDARD_TARGET, LOAD_MUST_SUCCEED); + target = xtables_find_target(IP6T_STANDARD_TARGET, + XTF_LOAD_MUST_SUCCEED); t = ip6t_get_target((struct ip6t_entry *)fw); flags = fw->ipv6.flags; @@ -1175,8 +1178,8 @@ static void print_proto(u_int16_t proto, int invert) static int print_match_save(const struct ip6t_entry_match *e, const struct ip6t_ip6 *ip) { - struct xtables_match *match - = find_match(e->u.user.name, TRY_LOAD, NULL); + struct xtables_match *match = + xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL); if (match) { printf("-m %s ", e->u.user.name); @@ -1279,8 +1282,8 @@ void print_rule(const struct ip6t_entry *e, /* Print targinfo part */ t = ip6t_get_target((struct ip6t_entry *)e); if (t->u.user.name[0]) { - struct xtables_target *target - = find_target(t->u.user.name, TRY_LOAD); + struct xtables_target *target = + xtables_find_target(t->u.user.name, XTF_TRY_LOAD); if (!target) { fprintf(stderr, "Can't find library for target `%s'\n", @@ -1555,7 +1558,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand exit_error(PARAMETER_PROBLEM, "chain name not allowed to start " "with `%c'\n", *optarg); - if (find_target(optarg, TRY_LOAD)) + if (xtables_find_target(optarg, XTF_TRY_LOAD)) exit_error(PARAMETER_PROBLEM, "chain name may not clash " "with target name\n"); @@ -1606,7 +1609,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand /* ip6tables -p icmp -h */ if (!matches && protocol) - find_match(protocol, TRY_LOAD, &matches); + xtables_find_match(protocol, XTF_TRY_LOAD, + &matches); exit_printhelp(matches); @@ -1667,7 +1671,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand invert); jumpto = parse_target(optarg); /* TRY_LOAD (may be chain name) */ - target = find_target(jumpto, TRY_LOAD); + target = xtables_find_target(jumpto, XTF_TRY_LOAD); if (target) { size_t size; @@ -1724,7 +1728,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand exit_error(PARAMETER_PROBLEM, "unexpected ! flag before --match"); - m = find_match(optarg, LOAD_MUST_SUCCEED, &matches); + m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, + &matches); size = IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + m->size; m->m = xtables_calloc(1, size); @@ -1858,13 +1863,13 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand */ if (m == NULL && protocol - && (!find_proto(protocol, DONT_LOAD, + && (!find_proto(protocol, XTF_DONT_LOAD, options&OPT_NUMERIC, NULL) - || (find_proto(protocol, DONT_LOAD, + || (find_proto(protocol, XTF_DONT_LOAD, options&OPT_NUMERIC, NULL) && (proto_used == 0)) ) - && (m = find_proto(protocol, TRY_LOAD, + && (m = find_proto(protocol, XTF_TRY_LOAD, options&OPT_NUMERIC, &matches))) { /* Try loading protocol */ size_t size; @@ -2018,8 +2023,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand || ip6tc_is_chain(jumpto, *handle))) { size_t size; - target = find_target(IP6T_STANDARD_TARGET, - LOAD_MUST_SUCCEED); + target = xtables_find_target(IP6T_STANDARD_TARGET, + XTF_LOAD_MUST_SUCCEED); size = sizeof(struct ip6t_entry_target) + target->size; @@ -2040,7 +2045,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand exit_error(PARAMETER_PROBLEM, "goto '%s' is not a chain\n", jumpto); #endif - find_target(jumpto, LOAD_MUST_SUCCEED); + xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED); } else { e = generate_entry(&fw, matches, target->t); free(target->t); diff --git a/iptables.c b/iptables.c index 75fe5831..07ace197 100644 --- a/iptables.c +++ b/iptables.c @@ -483,7 +483,8 @@ check_inverse(const char option[], int *invert, int *my_optind, int argc) /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * -find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches) +find_proto(const char *pname, enum xtables_tryload tryload, + int nolookup, struct iptables_rule_match **matches) { unsigned int proto; @@ -491,9 +492,9 @@ find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct ipt char *protoname = proto_to_name(proto, nolookup); if (protoname) - return find_match(protoname, tryload, matches); + return xtables_find_match(protoname, tryload, matches); } else - return find_match(pname, tryload, matches); + return xtables_find_match(pname, tryload, matches); return NULL; } @@ -701,7 +702,8 @@ print_match(const struct ipt_entry_match *m, const struct ipt_ip *ip, int numeric) { - struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL); + struct xtables_match *match = + xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL); if (match) { if (match->print) @@ -730,9 +732,10 @@ print_firewall(const struct ipt_entry *fw, char buf[BUFSIZ]; if (!iptc_is_chain(targname, handle)) - target = find_target(targname, TRY_LOAD); + target = xtables_find_target(targname, XTF_TRY_LOAD); else - target = find_target(IPT_STANDARD_TARGET, LOAD_MUST_SUCCEED); + target = xtables_find_target(IPT_STANDARD_TARGET, + XTF_LOAD_MUST_SUCCEED); t = ipt_get_target((struct ipt_entry *)fw); flags = fw->ip.flags; @@ -1174,8 +1177,8 @@ print_iface(char letter, const char *iface, const unsigned char *mask, static int print_match_save(const struct ipt_entry_match *e, const struct ipt_ip *ip) { - struct xtables_match *match - = find_match(e->u.user.name, TRY_LOAD, NULL); + struct xtables_match *match = + xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL); if (match) { printf("-m %s ", e->u.user.name); @@ -1278,8 +1281,8 @@ void print_rule(const struct ipt_entry *e, /* Print targinfo part */ t = ipt_get_target((struct ipt_entry *)e); if (t->u.user.name[0]) { - struct xtables_target *target - = find_target(t->u.user.name, TRY_LOAD); + struct xtables_target *target = + xtables_find_target(t->u.user.name, XTF_TRY_LOAD); if (!target) { fprintf(stderr, "Can't find library for target `%s'\n", @@ -1568,7 +1571,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle exit_error(PARAMETER_PROBLEM, "chain name not allowed to start " "with `%c'\n", *optarg); - if (find_target(optarg, TRY_LOAD)) + if (xtables_find_target(optarg, XTF_TRY_LOAD)) exit_error(PARAMETER_PROBLEM, "chain name may not clash " "with target name\n"); @@ -1619,7 +1622,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle /* iptables -p icmp -h */ if (!matches && protocol) - find_match(protocol, TRY_LOAD, &matches); + xtables_find_match(protocol, + XTF_TRY_LOAD, &matches); exit_printhelp(matches); @@ -1672,7 +1676,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle invert); jumpto = parse_target(optarg); /* TRY_LOAD (may be chain name) */ - target = find_target(jumpto, TRY_LOAD); + target = xtables_find_target(jumpto, XTF_TRY_LOAD); if (target) { size_t size; @@ -1735,7 +1739,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle exit_error(PARAMETER_PROBLEM, "unexpected ! flag before --match"); - m = find_match(optarg, LOAD_MUST_SUCCEED, &matches); + m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, + &matches); size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; m->m = xtables_calloc(1, size); @@ -1876,13 +1881,13 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle */ if (m == NULL && protocol - && (!find_proto(protocol, DONT_LOAD, + && (!find_proto(protocol, XTF_DONT_LOAD, options&OPT_NUMERIC, NULL) - || (find_proto(protocol, DONT_LOAD, + || (find_proto(protocol, XTF_DONT_LOAD, options&OPT_NUMERIC, NULL) && (proto_used == 0)) ) - && (m = find_proto(protocol, TRY_LOAD, + && (m = find_proto(protocol, XTF_TRY_LOAD, options&OPT_NUMERIC, &matches))) { /* Try loading protocol */ size_t size; @@ -2047,8 +2052,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle || iptc_is_chain(jumpto, *handle))) { size_t size; - target = find_target(IPT_STANDARD_TARGET, - LOAD_MUST_SUCCEED); + target = xtables_find_target(IPT_STANDARD_TARGET, + XTF_LOAD_MUST_SUCCEED); size = sizeof(struct ipt_entry_target) + target->size; @@ -2072,7 +2077,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle exit_error(PARAMETER_PROBLEM, "goto '%s' is not a chain\n", jumpto); #endif - find_target(jumpto, LOAD_MUST_SUCCEED); + xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED); } else { e = generate_entry(&fw, matches, target->t); free(target->t); diff --git a/xtables.c b/xtables.c index c9721b63..fb5cc628 100644 --- a/xtables.c +++ b/xtables.c @@ -329,9 +329,10 @@ static void *load_extension(const char *search_path, const char *prefix, /* Found library. If it didn't register itself, maybe they specified target as match. */ if (is_target) - ptr = find_target(name, DONT_LOAD); + ptr = xtables_find_target(name, XTF_DONT_LOAD); else - ptr = find_match(name, DONT_LOAD, NULL); + ptr = xtables_find_match(name, + XTF_DONT_LOAD, NULL); } else if (stat(path, &sb) == 0) { fprintf(stderr, "%s: %s\n", path, dlerror()); } @@ -343,9 +344,10 @@ static void *load_extension(const char *search_path, const char *prefix, (unsigned int)(next - dir), dir, prefix, name); if (dlopen(path, RTLD_NOW) != NULL) { if (is_target) - ptr = find_target(name, DONT_LOAD); + ptr = xtables_find_target(name, XTF_DONT_LOAD); else - ptr = find_match(name, DONT_LOAD, NULL); + ptr = xtables_find_match(name, + XTF_DONT_LOAD, NULL); } else if (stat(path, &sb) == 0) { fprintf(stderr, "%s: %s\n", path, dlerror()); } @@ -360,8 +362,9 @@ static void *load_extension(const char *search_path, const char *prefix, } #endif -struct xtables_match *find_match(const char *name, enum xt_tryload tryload, - struct xtables_rule_match **matches) +struct xtables_match * +xtables_find_match(const char *name, enum xtables_tryload tryload, + struct xtables_rule_match **matches) { struct xtables_match *ptr; const char *icmp6 = "icmp6"; @@ -394,22 +397,22 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload, } #ifndef NO_SHARED_LIBS - if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { + if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { ptr = load_extension(lib_dir, afinfo.libprefix, name, false); - if (ptr == NULL && tryload == LOAD_MUST_SUCCEED) + if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) exit_error(PARAMETER_PROBLEM, "Couldn't load match `%s':%s\n", name, dlerror()); } #else if (ptr && !ptr->loaded) { - if (tryload != DONT_LOAD) + if (tryload != XTF_DONT_LOAD) ptr->loaded = 1; else ptr = NULL; } - if(!ptr && (tryload == LOAD_MUST_SUCCEED)) { + if(!ptr && (tryload == XTF_LOAD_MUST_SUCCEED)) { exit_error(PARAMETER_PROBLEM, "Couldn't find match `%s'\n", name); } @@ -423,10 +426,10 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload, for (i = matches; *i; i = &(*i)->next) { if (strcmp(name, (*i)->match->name) == 0) - (*i)->completed = 1; + (*i)->completed = true; } newentry->match = ptr; - newentry->completed = 0; + newentry->completed = false; newentry->next = NULL; *i = newentry; } @@ -434,8 +437,8 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload, return ptr; } - -struct xtables_target *find_target(const char *name, enum xt_tryload tryload) +struct xtables_target * +xtables_find_target(const char *name, enum xtables_tryload tryload) { struct xtables_target *ptr; @@ -453,17 +456,17 @@ struct xtables_target *find_target(const char *name, enum xt_tryload tryload) } #ifndef NO_SHARED_LIBS - if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { + if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { ptr = load_extension(lib_dir, afinfo.libprefix, name, true); - if (ptr == NULL && tryload == LOAD_MUST_SUCCEED) + if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) exit_error(PARAMETER_PROBLEM, "Couldn't load target `%s':%s\n", name, dlerror()); } #else if (ptr && !ptr->loaded) { - if (tryload != DONT_LOAD) + if (tryload != XTF_DONT_LOAD) ptr->loaded = 1; else ptr = NULL; @@ -566,7 +569,7 @@ void xtables_register_match(struct xtables_match *me) if (me->family != afinfo.family && me->family != AF_UNSPEC) return; - old = find_match(me->name, DURING_LOAD, NULL); + old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL); if (old) { if (old->revision == me->revision && old->family == me->family) { @@ -637,7 +640,7 @@ void xtables_register_target(struct xtables_target *me) if (me->family != afinfo.family && me->family != AF_UNSPEC) return; - old = find_target(me->name, DURING_LOAD); + old = xtables_find_target(me->name, XTF_DURING_LOAD); if (old) { struct xtables_target **i; -- cgit v1.2.3 From 39bf9c8214d3073a496a8a1eff91046a8d6fbbdf Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:59:06 +0100 Subject: libxtables: prefix/order - libdir Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 1 + include/xtables/internal.h | 2 -- ip6tables-restore.c | 11 +---------- ip6tables-save.c | 11 +---------- ip6tables-standalone.c | 11 +---------- iptables-restore.c | 11 +---------- iptables-save.c | 11 +---------- iptables-standalone.c | 11 +---------- xtables.c | 23 ++++++++++++++++++++--- 9 files changed, 27 insertions(+), 65 deletions(-) diff --git a/include/xtables.h.in b/include/xtables.h.in index 02a832db..268c42e4 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -159,6 +159,7 @@ extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; +extern void xtables_init(void); extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); diff --git a/include/xtables/internal.h b/include/xtables/internal.h index 60375cd1..21c4401f 100644 --- a/include/xtables/internal.h +++ b/include/xtables/internal.h @@ -26,8 +26,6 @@ struct afinfo { int so_rev_target; }; -extern char *lib_dir; - /* This is decleared in ip[6]tables.c */ extern struct afinfo afinfo; diff --git a/ip6tables-restore.c b/ip6tables-restore.c index 097711f3..6be1a36c 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -130,16 +130,7 @@ int main(int argc, char *argv[]) program_version = XTABLES_VERSION; line = 0; - lib_dir = getenv("XTABLES_LIBDIR"); - if (lib_dir == NULL) { - lib_dir = getenv("IP6TABLES_LIB_DIR"); - if (lib_dir != NULL) - fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, " - "use XTABLES_LIBDIR.\n"); - } - if (lib_dir == NULL) - lib_dir = XTABLES_LIBDIR; - + xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/ip6tables-save.c b/ip6tables-save.c index 11ef8c48..1b9d00ae 100644 --- a/ip6tables-save.c +++ b/ip6tables-save.c @@ -139,16 +139,7 @@ int main(int argc, char *argv[]) program_name = "ip6tables-save"; program_version = XTABLES_VERSION; - lib_dir = getenv("XTABLES_LIBDIR"); - if (lib_dir == NULL) { - lib_dir = getenv("IP6TABLES_LIB_DIR"); - if (lib_dir != NULL) - fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, " - "use XTABLES_LIBDIR.\n"); - } - if (lib_dir == NULL) - lib_dir = XTABLES_LIBDIR; - + xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index f4b1f18f..95435576 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -52,16 +52,7 @@ main(int argc, char *argv[]) program_name = "ip6tables"; program_version = XTABLES_VERSION; - lib_dir = getenv("XTABLES_LIBDIR"); - if (lib_dir == NULL) { - lib_dir = getenv("IP6TABLES_LIB_DIR"); - if (lib_dir != NULL) - fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, " - "use XTABLES_LIBDIR.\n"); - } - if (lib_dir == NULL) - lib_dir = XTABLES_LIBDIR; - + xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/iptables-restore.c b/iptables-restore.c index 3fbc9087..d982fca1 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -132,16 +132,7 @@ main(int argc, char *argv[]) program_version = XTABLES_VERSION; line = 0; - lib_dir = getenv("XTABLES_LIBDIR"); - if (lib_dir == NULL) { - lib_dir = getenv("IPTABLES_LIB_DIR"); - if (lib_dir != NULL) - fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, " - "use XTABLES_LIBDIR.\n"); - } - if (lib_dir == NULL) - lib_dir = XTABLES_LIBDIR; - + xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/iptables-save.c b/iptables-save.c index 7118d1f2..e615de99 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -139,16 +139,7 @@ main(int argc, char *argv[]) program_name = "iptables-save"; program_version = XTABLES_VERSION; - lib_dir = getenv("XTABLES_LIBDIR"); - if (lib_dir == NULL) { - lib_dir = getenv("IPTABLES_LIB_DIR"); - if (lib_dir != NULL) - fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, " - "use XTABLES_LIBDIR.\n"); - } - if (lib_dir == NULL) - lib_dir = XTABLES_LIBDIR; - + xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/iptables-standalone.c b/iptables-standalone.c index 3f2432fe..c06b2862 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -53,16 +53,7 @@ main(int argc, char *argv[]) program_name = "iptables"; program_version = XTABLES_VERSION; - lib_dir = getenv("XTABLES_LIBDIR"); - if (lib_dir == NULL) { - lib_dir = getenv("IPTABLES_LIB_DIR"); - if (lib_dir != NULL) - fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, " - "use XTABLES_LIBDIR.\n"); - } - if (lib_dir == NULL) - lib_dir = XTABLES_LIBDIR; - + xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/xtables.c b/xtables.c index fb5cc628..85bd76c0 100644 --- a/xtables.c +++ b/xtables.c @@ -44,7 +44,8 @@ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" #endif -char *lib_dir; +/* Search path for Xtables .so files */ +static const char *xtables_libdir; /* the path to command to load kernel module */ const char *xtables_modprobe_program; @@ -53,6 +54,20 @@ const char *xtables_modprobe_program; struct xtables_match *xtables_matches; struct xtables_target *xtables_targets; +void xtables_init(void) +{ + xtables_libdir = getenv("XTABLES_LIBDIR"); + if (xtables_libdir != NULL) + return; + xtables_libdir = getenv("IPTABLES_LIB_DIR"); + if (xtables_libdir != NULL) { + fprintf(stderr, "IPTABLES_LIB_DIR is deprecated, " + "use XTABLES_LIBDIR.\n"); + return; + } + xtables_libdir = XTABLES_LIBDIR; +} + /** * xtables_*alloc - wrappers that exit on failure */ @@ -398,7 +413,8 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, #ifndef NO_SHARED_LIBS if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { - ptr = load_extension(lib_dir, afinfo.libprefix, name, false); + ptr = load_extension(xtables_libdir, afinfo.libprefix, + name, false); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) exit_error(PARAMETER_PROBLEM, @@ -457,7 +473,8 @@ xtables_find_target(const char *name, enum xtables_tryload tryload) #ifndef NO_SHARED_LIBS if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { - ptr = load_extension(lib_dir, afinfo.libprefix, name, true); + ptr = load_extension(xtables_libdir, afinfo.libprefix, + name, true); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) exit_error(PARAMETER_PROBLEM, -- cgit v1.2.3 From 5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 18:43:01 +0100 Subject: libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt --- extensions/libip6t_HL.c | 2 +- extensions/libip6t_LOG.c | 2 +- extensions/libip6t_icmp6.c | 4 +- extensions/libip6t_mh.c | 2 +- extensions/libipt_CLUSTERIP.c | 6 +-- extensions/libipt_ECN.c | 6 +-- extensions/libipt_LOG.c | 2 +- extensions/libipt_NETMAP.c | 2 +- extensions/libipt_TTL.c | 2 +- extensions/libipt_ecn.c | 2 +- extensions/libipt_icmp.c | 4 +- extensions/libipt_ttl.c | 6 +-- extensions/libxt_CONNMARK.c | 16 ++++---- extensions/libxt_DSCP.c | 2 +- extensions/libxt_MARK.c | 20 +++++----- extensions/libxt_NFQUEUE.c | 2 +- extensions/libxt_TCPMSS.c | 3 +- extensions/libxt_TCPOPTSTRIP.c | 3 +- extensions/libxt_TOS.c | 6 +-- extensions/libxt_TPROXY.c | 6 +-- extensions/libxt_connmark.c | 4 +- extensions/libxt_conntrack.c | 14 +++---- extensions/libxt_dccp.c | 2 +- extensions/libxt_dscp.c | 2 +- extensions/libxt_hashlimit.c | 24 ++++++------ extensions/libxt_length.c | 2 +- extensions/libxt_limit.c | 2 +- extensions/libxt_mark.c | 4 +- extensions/libxt_owner.c | 25 ++++++++----- extensions/libxt_rateest.c | 7 +++- extensions/libxt_statistic.c | 9 +++-- extensions/libxt_tcp.c | 2 +- extensions/libxt_tcpmss.c | 2 +- extensions/tos_values.c | 6 +-- include/xtables.h.in | 16 +------- ip6tables.c | 6 +-- iptables.c | 6 +-- xtables.c | 83 +++++++++++++----------------------------- 38 files changed, 141 insertions(+), 173 deletions(-) diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c index 8f555722..4aed4fd8 100644 --- a/extensions/libip6t_HL.c +++ b/extensions/libip6t_HL.c @@ -44,7 +44,7 @@ static int HL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "HL: unexpected `!'"); - if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "HL: Expected value between 0 and 255"); diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index 1b21d5dd..a8ac1359 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -70,7 +70,7 @@ parse_level(const char *level) unsigned int lev = -1; unsigned int set = 0; - if (string_to_number(level, 0, 7, &lev) == -1) { + if (!xtables_strtoui(level, NULL, &lev, 0, 7)) { unsigned int i = 0; for (i = 0; diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index 17567dfb..401c2780 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -123,12 +123,12 @@ parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[]) if (slash) *slash = '\0'; - if (string_to_number(buffer, 0, UINT8_MAX, &number) == -1) + if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMPv6 type `%s'\n", buffer); *type = number; if (slash) { - if (string_to_number(slash+1, 0, UINT8_MAX, &number) == -1) + if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMPv6 code `%s'\n", slash+1); diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c index 8b58bcdf..f8c4e247 100644 --- a/extensions/libip6t_mh.c +++ b/extensions/libip6t_mh.c @@ -93,7 +93,7 @@ static unsigned int name_to_type(const char *name) } else { unsigned int number; - if (string_to_number(name, 0, UINT8_MAX, &number) == -1) + if (!xtables_strtoui(name, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid MH type `%s'\n", name); return number; diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c index e93290ac..38909ea4 100644 --- a/extensions/libipt_CLUSTERIP.c +++ b/extensions/libipt_CLUSTERIP.c @@ -120,7 +120,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n"); if (*flags & PARAM_TOTALNODE) exit_error(PARAMETER_PROBLEM, "Can only specify total node number once\n"); - if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0) + if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES)) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); cipinfo->num_total_nodes = num; *flags |= PARAM_TOTALNODE; @@ -130,7 +130,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n"); if (*flags & PARAM_LOCALNODE) exit_error(PARAMETER_PROBLEM, "Can only specify local node number once\n"); - if (string_to_number(optarg, 1, CLUSTERIP_MAX_NODES, &num) < 0) + if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES)) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); cipinfo->num_local_nodes = 1; cipinfo->local_nodes[0] = num; @@ -141,7 +141,7 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with `--new'\n"); if (*flags & PARAM_HASHINIT) exit_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n"); - if (string_to_number(optarg, 0, UINT_MAX, &num) < 0) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT_MAX)) exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg); cipinfo->hash_initval = num; *flags |= PARAM_HASHINIT; diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c index e9312f06..c4e8e34f 100644 --- a/extensions/libipt_ECN.c +++ b/extensions/libipt_ECN.c @@ -61,7 +61,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_SET_CWR) exit_error(PARAMETER_PROBLEM, "ECN target: Only use --ecn-tcp-cwr ONCE!"); - if (string_to_number(optarg, 0, 1, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 1)) exit_error(PARAMETER_PROBLEM, "ECN target: Value out of range"); einfo->operation |= IPT_ECN_OP_SET_CWR; @@ -72,7 +72,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_SET_ECE) exit_error(PARAMETER_PROBLEM, "ECN target: Only use --ecn-tcp-ece ONCE!"); - if (string_to_number(optarg, 0, 1, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 1)) exit_error(PARAMETER_PROBLEM, "ECN target: Value out of range"); einfo->operation |= IPT_ECN_OP_SET_ECE; @@ -83,7 +83,7 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_SET_IP) exit_error(PARAMETER_PROBLEM, "ECN target: Only use --ecn-ip-ect ONCE!"); - if (string_to_number(optarg, 0, 3, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 3)) exit_error(PARAMETER_PROBLEM, "ECN target: Value out of range"); einfo->operation |= IPT_ECN_OP_SET_IP; diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 2aee910f..aefb54a6 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -70,7 +70,7 @@ parse_level(const char *level) unsigned int lev = -1; unsigned int set = 0; - if (string_to_number(level, 0, 7, &lev) == -1) { + if (!xtables_strtoui(level, NULL, &lev, 0, 7)) { unsigned int i = 0; for (i = 0; diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index f6c688df..d8f34ccd 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -89,7 +89,7 @@ parse_to(char *arg, struct ip_nat_range *range) netmask = ip->s_addr; } else { - if (string_to_number(slash+1, 0, 32, &bits) == -1) + if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32)) exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n", slash+1); netmask = bits2netmask(bits); diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index e124381e..6036161d 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -44,7 +44,7 @@ static int TTL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "TTL: unexpected `!'"); - if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "TTL: Expected value between 0 and 255"); diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c index 72353d5f..c2276e96 100644 --- a/extensions/libipt_ecn.c +++ b/extensions/libipt_ecn.c @@ -71,7 +71,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, einfo->invert |= IPT_ECN_OP_MATCH_IP; *flags |= IPT_ECN_OP_MATCH_IP; einfo->operation |= IPT_ECN_OP_MATCH_IP; - if (string_to_number(optarg, 0, 3, &result)) + if (!xtables_strtoui(optarg, NULL, &result, 0, 3)) exit_error(PARAMETER_PROBLEM, "ECN match: Value out of range"); einfo->ip_ect = result; diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 7aff9caa..de4c3387 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -147,12 +147,12 @@ parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[]) if (slash) *slash = '\0'; - if (string_to_number(buffer, 0, UINT8_MAX, &number) == -1) + if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMP type `%s'\n", buffer); *type = number; if (slash) { - if (string_to_number(slash+1, 0, UINT8_MAX, &number) == -1) + if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid ICMP code `%s'\n", slash+1); diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index a8455e1d..1fa7bd31 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -33,7 +33,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '2': - if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); @@ -46,7 +46,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, info->ttl = value; break; case '3': - if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); @@ -58,7 +58,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, info->ttl = value; break; case '4': - if (string_to_number(optarg, 0, UINT8_MAX, &value) == -1) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "ttl: Expected value between 0 and 255"); diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index d5d963d4..f979f282 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -159,10 +159,10 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '=': /* --set-xmark */ case '-': /* --set-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, &end, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); @@ -176,7 +176,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '&': /* --and-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &mask, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--and-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = 0; @@ -186,7 +186,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '|': /* --or-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--or-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; @@ -196,7 +196,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, case '^': /* --xor-mark */ param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--xor-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; @@ -221,7 +221,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--nfmask"); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--nfmask", optarg); info->nfmask = value; return true; @@ -231,7 +231,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--ctmask"); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--ctmask", optarg); info->ctmask = value; return true; @@ -241,7 +241,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark " "or --restore-mark is required for " "--mask"); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "CONNMARK", "--mask", optarg); info->nfmask = info->ctmask = value; return true; diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index 92a6de5b..aac8f9b0 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_DSCP_info *dinfo) { unsigned int dscp; - if (string_to_number(s, 0, UINT8_MAX, &dscp) == -1) + if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid dscp `%s'\n", s); diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index b02322b9..fd28196e 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -58,12 +58,13 @@ MARK_parse_v0(int c, char **argv, int invert, unsigned int *flags, { struct xt_mark_target_info *markinfo = (struct xt_mark_target_info *)(*target)->data; + unsigned int mark = 0; switch (c) { case '1': - if (string_to_number_l(optarg, 0, 0, - &markinfo->mark)) + if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg); + markinfo->mark = mark; if (*flags) exit_error(PARAMETER_PROBLEM, "MARK target: Can't specify --set-mark twice"); @@ -96,6 +97,7 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags, { struct xt_mark_target_info_v1 *markinfo = (struct xt_mark_target_info_v1 *)(*target)->data; + unsigned int mark = 0; switch (c) { case '1': @@ -111,9 +113,9 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags, return 0; } - if (string_to_number_l(optarg, 0, 0, &markinfo->mark)) + if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg); - + markinfo->mark = mark; if (*flags) exit_error(PARAMETER_PROBLEM, "MARK target: Can't specify --set-mark twice"); @@ -134,10 +136,10 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '=': /* --set-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert); - if (!strtonum(optarg, &end, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); @@ -151,7 +153,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '&': /* --and-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--and-mark", invert); - if (!strtonum(optarg, NULL, &mask, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--and-mark", optarg); info->mark = 0; info->mask = ~mask; @@ -160,7 +162,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '|': /* --or-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--or-mark", invert); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--or-mark", optarg); info->mark = value; info->mask = value; @@ -169,7 +171,7 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '^': /* --xor-mark */ param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); param_act(P_NO_INVERT, "MARK", "--xor-mark", invert); - if (!strtonum(optarg, NULL, &value, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "MARK", "--xor-mark", optarg); info->mark = value; info->mask = 0; diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c index 1a58760b..1c0c23d8 100644 --- a/extensions/libxt_NFQUEUE.c +++ b/extensions/libxt_NFQUEUE.c @@ -33,7 +33,7 @@ parse_num(const char *s, struct xt_NFQ_info *tinfo) { unsigned int num; - if (string_to_number(s, 0, UINT16_MAX, &num) == -1) + if (!xtables_strtoui(s, NULL, &num, 0, UINT16_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid queue number `%s'\n", s); diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c index 9b62a56b..33fc71cd 100644 --- a/extensions/libxt_TCPMSS.c +++ b/extensions/libxt_TCPMSS.c @@ -55,7 +55,8 @@ static int __TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "TCPMSS target: Only one option may be specified"); - if (string_to_number(optarg, 0, UINT16_MAX - hdrsize, &mssval) == -1) + if (!xtables_strtoui(optarg, NULL, &mssval, + 0, UINT16_MAX - hdrsize)) exit_error(PARAMETER_PROBLEM, "Bad TCPMSS value `%s'", optarg); mssinfo->mss = mssval; diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c index 7211288e..c053a8b1 100644 --- a/extensions/libxt_TCPOPTSTRIP.c +++ b/extensions/libxt_TCPOPTSTRIP.c @@ -82,7 +82,8 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg) break; } - if (option == 0 && string_to_number(arg, 0, UINT8_MAX, &option) == -1) + if (option == 0 && + !xtables_strtoui(arg, NULL, &option, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Bad TCP option value \"%s\"", arg); diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index a04f7414..96eb4201 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -118,7 +118,7 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '&': /* --and-tos */ param_act(P_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); param_act(P_NO_INVERT, "TOS", "--and-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, UINT8_MAX)) + if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) param_act(P_BAD_VALUE, "TOS", "--and-tos", optarg); info->tos_value = 0; info->tos_mask = ~bits; @@ -127,7 +127,7 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '|': /* --or-tos */ param_act(P_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); param_act(P_NO_INVERT, "TOS", "--or-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, UINT8_MAX)) + if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) param_act(P_BAD_VALUE, "TOS", "--or-tos", optarg); info->tos_value = bits; info->tos_mask = bits; @@ -136,7 +136,7 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, case '^': /* --xor-tos */ param_act(P_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); param_act(P_NO_INVERT, "TOS", "--xor-tos", invert); - if (!strtonum(optarg, NULL, &bits, 0, UINT8_MAX)) + if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) param_act(P_BAD_VALUE, "TOS", "--xor-tos", optarg); info->tos_value = bits; info->tos_mask = 0; diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index 41ca2436..6c5c6b7d 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -40,7 +40,7 @@ static void parse_tproxy_lport(const char *s, struct xt_tproxy_target_info *info { unsigned int lport; - if (string_to_number(s, 0, UINT16_MAX, &lport) != -1) + if (xtables_strtoui(s, NULL, &lport, 0, UINT16_MAX)) info->lport = htons(lport); else param_act(P_BAD_VALUE, "TPROXY", "--on-port", s); @@ -61,10 +61,10 @@ static void parse_tproxy_mark(char *s, struct xt_tproxy_target_info *info) unsigned int value, mask = UINT32_MAX; char *end; - if (!strtonum(s, &end, &value, 0, UINT_MAX)) + if (!xtables_strtoui(s, &end, &value, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, UINT_MAX)) + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); if (*end != '\0') param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index fbd3e62c..afa63e39 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -55,10 +55,10 @@ connmark_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': /* --mark */ param_act(P_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK); - if (!strtonum(optarg, &end, &mark, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "connmark", "--mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "connmark", "--mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "connmark", "--mark", optarg); diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 532f5eee..2b98ab02 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -228,7 +228,7 @@ parse_expire(const char *s) { unsigned int len; - if (string_to_number(s, 0, 0, &len) == -1) + if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s); else return len; @@ -268,11 +268,11 @@ conntrack_ps_expires(struct xt_conntrack_mtinfo1 *info, const char *s) unsigned int min, max; char *end; - if (!strtonum(s, &end, &min, 0, ~0)) + if (!xtables_strtoui(s, &end, &min, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "conntrack", "--expires", s); max = min; if (*end == ':') - if (!strtonum(s, &end, &max, 0, UINT32_MAX)) + if (!xtables_strtoui(s, &end, &max, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "conntrack", "--expires", s); if (*end != '\0') param_act(P_BAD_VALUE, "conntrack", "--expires", s); @@ -481,7 +481,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'a': /* --ctorigsrcport */ - if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctorigsrcport", optarg); info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT; @@ -491,7 +491,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'b': /* --ctorigdstport */ - if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctorigdstport", optarg); info->match_flags |= XT_CONNTRACK_ORIGDST_PORT; @@ -501,7 +501,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'c': /* --ctreplsrcport */ - if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctreplsrcport", optarg); info->match_flags |= XT_CONNTRACK_REPLSRC_PORT; @@ -511,7 +511,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'd': /* --ctrepldstport */ - if (!strtonum(optarg, NULL, &port, 0, UINT16_MAX)) + if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) param_act(P_BAD_VALUE, "conntrack", "--ctrepldstport", optarg); info->match_flags |= XT_CONNTRACK_REPLDST_PORT; diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index 0eb95cef..b7b55e27 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -121,7 +121,7 @@ static u_int8_t parse_dccp_option(char *optstring) { unsigned int ret; - if (string_to_number(optstring, 1, UINT8_MAX, &ret) == -1) + if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'", optstring); diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index ae5a6248..fce14c26 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -48,7 +48,7 @@ parse_dscp(const char *s, struct xt_dscp_info *dinfo) { unsigned int dscp; - if (string_to_number(s, 0, UINT8_MAX, &dscp) == -1) + if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid dscp `%s'\n", s); diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 278e098e..06d026a2 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -230,7 +230,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 10000, &num) == -1) + if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-burst `%s'", optarg); r->cfg.burst = num; @@ -240,7 +240,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-size: `%s'", optarg); r->cfg.size = num; @@ -250,7 +250,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-max: `%s'", optarg); r->cfg.max = num; @@ -261,7 +261,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-gcinterval: `%s'", optarg); @@ -273,7 +273,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, UINT32_MAX, &num) == -1) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-expire: `%s'", optarg); /* FIXME: not HZ dependent */ @@ -341,7 +341,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '$': /* --hashlimit-burst */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); - if (!strtonum(optarg, NULL, &num, 0, 10000)) + if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-burst", optarg); info->cfg.burst = num; @@ -351,7 +351,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '&': /* --hashlimit-htable-size */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); - if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-size", optarg); info->cfg.size = num; @@ -361,7 +361,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '*': /* --hashlimit-htable-max */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); - if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-max", optarg); info->cfg.max = num; @@ -372,7 +372,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); - if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-gcinterval", optarg); /* FIXME: not HZ dependent!! */ @@ -383,7 +383,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case ')': /* --hashlimit-htable-expire */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); - if (!strtonum(optarg, NULL, &num, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-expire", optarg); /* FIXME: not HZ dependent */ @@ -413,7 +413,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '<': /* --hashlimit-srcmask */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask", *flags & PARAM_SRCMASK); - if (!strtonum(optarg, NULL, &num, 0, maxmask)) + if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-srcmask", optarg); info->cfg.srcmask = num; @@ -423,7 +423,7 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, case '>': /* --hashlimit-dstmask */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask", *flags & PARAM_DSTMASK); - if (!strtonum(optarg, NULL, &num, 0, maxmask)) + if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-dstmask", optarg); info->cfg.dstmask = num; diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index 0e196d78..d039904b 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -26,7 +26,7 @@ parse_length(const char *s) { unsigned int len; - if (string_to_number(s, 0, UINT16_MAX, &len) == -1) + if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s); else return len; diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c index 3ed7b965..1df9114e 100644 --- a/extensions/libxt_limit.c +++ b/extensions/libxt_limit.c @@ -102,7 +102,7 @@ limit_parse(int c, char **argv, int invert, unsigned int *flags, case '$': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; - if (string_to_number(optarg, 0, 10000, &num) == -1) + if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) exit_error(PARAMETER_PROBLEM, "bad --limit-burst `%s'", optarg); r->burst = num; diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c index 5a95d519..31957e7d 100644 --- a/extensions/libxt_mark.c +++ b/extensions/libxt_mark.c @@ -35,10 +35,10 @@ static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': /* --mark */ param_act(P_ONLY_ONCE, "mark", "--mark", *flags & F_MARK); - if (!strtonum(optarg, &end, &mark, 0, UINT32_MAX)) + if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "mark", "--mark", optarg); if (*end == '/') - if (!strtonum(end + 1, &end, &mask, 0, UINT32_MAX)) + if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) param_act(P_BAD_VALUE, "mark", "--mark", optarg); if (*end != '\0') param_act(P_BAD_VALUE, "mark", "--mark", optarg); diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index c8677a8c..54d841c6 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -19,6 +19,11 @@ #include #include +/* + * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved + * UID/GID value anyway. + */ + enum { FLAG_UID_OWNER = 1 << 0, FLAG_GID_OWNER = 1 << 1, @@ -110,7 +115,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; @@ -123,7 +128,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; @@ -134,7 +139,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 'p': param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IPT_OWNER_PID; @@ -145,7 +150,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 's': param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--sid-value", optarg); if (invert) info->invert |= IPT_OWNER_SID; @@ -190,7 +195,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; @@ -204,7 +209,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; @@ -216,7 +221,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 'p': param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_PID; @@ -228,7 +233,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 's': param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_SID; @@ -246,11 +251,11 @@ static void owner_parse_range(const char *s, unsigned int *from, char *end; /* -1 is reversed, so the max is one less than that. */ - if (!strtonum(s, &end, from, 0, UINT32_MAX - 1)) + if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') - if (!strtonum(end + 1, &end, to, 0, UINT32_MAX - 1)) + if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); if (*end != '\0') param_act(P_BAD_VALUE, "owner", opt, s); diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c index 333239d9..285b7ba3 100644 --- a/extensions/libxt_rateest.c +++ b/extensions/libxt_rateest.c @@ -112,6 +112,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_rateest_match_info *info = (void *)(*match)->data; + unsigned int val; rateest_info = info; @@ -186,10 +187,11 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, if (!argv[optind] || *argv[optind] == '-' || *argv[optind] == '!') break; - if (string_to_number(argv[optind], 0, 0, &info->pps1) < 0) + if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "rateest: could not parse pps `%s'", argv[optind]); + info->pps1 = val; optind++; break; @@ -234,10 +236,11 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, if (!argv[optind] || *argv[optind] == '-' || *argv[optind] == '!') break; - if (string_to_number(argv[optind], 0, 0, &info->pps2) < 0) + if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "rateest: could not parse pps `%s'", argv[optind]); + info->pps2 = val; optind++; break; diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c index e43de7d2..574f8f7d 100644 --- a/extensions/libxt_statistic.c +++ b/extensions/libxt_statistic.c @@ -40,6 +40,7 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_statistic_info *info = (void *)(*match)->data; + unsigned int val; double prob; if (invert) @@ -70,10 +71,10 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '3': if (*flags & 0x4) exit_error(PARAMETER_PROBLEM, "double --every"); - if (string_to_number(optarg, 0, UINT32_MAX, - &info->u.nth.every) == -1) + if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "cannot parse --every `%s'", optarg); + info->u.nth.every = val; if (info->u.nth.every == 0) exit_error(PARAMETER_PROBLEM, "--every cannot be 0"); info->u.nth.every--; @@ -82,10 +83,10 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '4': if (*flags & 0x8) exit_error(PARAMETER_PROBLEM, "double --packet"); - if (string_to_number(optarg, 0, UINT32_MAX, - &info->u.nth.packet) == -1) + if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "cannot parse --packet `%s'", optarg); + info->u.nth.packet = val; *flags |= 0x8; break; default: diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index 82954a4e..56bdba5d 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -121,7 +121,7 @@ parse_tcp_option(const char *option, u_int8_t *result) { unsigned int ret; - if (string_to_number(option, 1, UINT8_MAX, &ret) == -1) + if (!xtables_strtoui(option, NULL, &ret, 1, UINT8_MAX)) exit_error(PARAMETER_PROBLEM, "Bad TCP option `%s'", option); *result = ret; diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index e64a1b33..d30aa249 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -26,7 +26,7 @@ parse_tcp_mssvalue(const char *mssvalue) { unsigned int mssvaluenum; - if (string_to_number(mssvalue, 0, UINT16_MAX, &mssvaluenum) != -1) + if (!xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX)) return mssvaluenum; exit_error(PARAMETER_PROBLEM, diff --git a/extensions/tos_values.c b/extensions/tos_values.c index 2d5b4312..81f6de1c 100644 --- a/extensions/tos_values.c +++ b/extensions/tos_values.c @@ -34,14 +34,14 @@ static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm, unsigned int value; char *end; - strtonum(str, &end, &value, 0, max); + xtables_strtoui(str, &end, &value, 0, max); tvm->value = value; tvm->mask = max; if (*end == '/') { const char *p = end + 1; - if (!strtonum(p, &end, &value, 0, max)) + if (!xtables_strtoui(p, &end, &value, 0, max)) exit_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str); tvm->mask = value; @@ -59,7 +59,7 @@ static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm, const struct tos_symbol_info *symbol; char *tmp; - if (strtonum(str, &tmp, NULL, 0, max)) + if (xtables_strtoui(str, &tmp, NULL, 0, max)) return tos_parse_numeric(str, tvm, max); /* Do not consider ECN bits */ diff --git a/include/xtables.h.in b/include/xtables.h.in index 268c42e4..f372d334 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -175,21 +175,9 @@ extern struct xtables_target *xtables_find_target(const char *name, extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); -extern int string_to_number_ll(const char *s, - unsigned long long min, - unsigned long long max, - unsigned long long *ret); -extern int string_to_number_l(const char *s, - unsigned long min, - unsigned long max, - unsigned long *ret); -extern int string_to_number(const char *s, - unsigned int min, - unsigned int max, - unsigned int *ret); -extern bool strtonuml(const char *, char **, unsigned long *, +extern bool xtables_strtoul(const char *, char **, unsigned long *, unsigned long, unsigned long); -extern bool strtonum(const char *, char **, unsigned int *, +extern bool xtables_strtoui(const char *, char **, unsigned int *, unsigned int, unsigned int); extern int service_to_port(const char *name, const char *proto); extern u_int16_t parse_port(const char *port, const char *proto); diff --git a/ip6tables.c b/ip6tables.c index 6d1277bd..0464185a 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -486,7 +486,7 @@ find_proto(const char *pname, enum xtables_tryload tryload, { unsigned int proto; - if (string_to_number(pname, 0, UINT8_MAX, &proto) != -1) { + if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { char *protoname = proto_to_name(proto, nolookup); if (protoname) @@ -502,7 +502,7 @@ parse_protocol(const char *s) { unsigned int proto; - if (string_to_number(s, 0, UINT8_MAX, &proto) == -1) { + if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { struct protoent *pent; /* first deal with the special case of 'all' to prevent @@ -549,7 +549,7 @@ parse_rulenumber(const char *rule) { unsigned int rulenum; - if (string_to_number(rule, 1, INT_MAX, &rulenum) == -1) + if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid rule number `%s'", rule); diff --git a/iptables.c b/iptables.c index 07ace197..15b5b6f4 100644 --- a/iptables.c +++ b/iptables.c @@ -488,7 +488,7 @@ find_proto(const char *pname, enum xtables_tryload tryload, { unsigned int proto; - if (string_to_number(pname, 0, UINT8_MAX, &proto) != -1) { + if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { char *protoname = proto_to_name(proto, nolookup); if (protoname) @@ -504,7 +504,7 @@ parse_protocol(const char *s) { unsigned int proto; - if (string_to_number(s, 0, UINT8_MAX, &proto) == -1) { + if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { struct protoent *pent; /* first deal with the special case of 'all' to prevent @@ -542,7 +542,7 @@ parse_rulenumber(const char *rule) { unsigned int rulenum; - if (string_to_number(rule, 1, INT_MAX, &rulenum) == -1) + if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid rule number `%s'", rule); diff --git a/xtables.c b/xtables.c index 85bd76c0..9e576794 100644 --- a/xtables.c +++ b/xtables.c @@ -178,57 +178,24 @@ int xtables_load_ko(const char *modprobe, bool quiet) return ret; } -int string_to_number_ll(const char *s, unsigned long long min, - unsigned long long max, unsigned long long *ret) -{ - unsigned long long number; - char *end; - - /* Handle hex, octal, etc. */ - errno = 0; - number = strtoull(s, &end, 0); - if (*end == '\0' && end != s) { - /* we parsed a number, let's see if we want this */ - if (errno != ERANGE && min <= number && (!max || number <= max)) { - *ret = number; - return 0; - } - } - return -1; -} - -int string_to_number_l(const char *s, unsigned long min, unsigned long max, - unsigned long *ret) -{ - int result; - unsigned long long number; - - result = string_to_number_ll(s, min, max, &number); - *ret = (unsigned long)number; - - return result; -} - -int string_to_number(const char *s, unsigned int min, unsigned int max, - unsigned int *ret) -{ - int result; - unsigned long number; - - result = string_to_number_l(s, min, max, &number); - *ret = (unsigned int)number; - - return result; -} - -/* - * strtonum{,l} - string to number conversion +/** + * xtables_strtou{i,l} - string to number conversion + * @s: input string + * @end: like strtoul's "end" pointer + * @value: pointer for result + * @min: minimum accepted value + * @max: maximum accepted value + * + * If @end is NULL, we assume the caller wants a "strict strtoul", and hence + * "15a" is rejected. + * In either case, the value obtained is compared for min-max compliance. + * Base is always 0, i.e. autodetect depending on @s. * - * If @end is NULL, we assume the caller does not want - * a case like "15a", so reject it. + * Returns true/false whether number was accepted. On failure, *value has + * undefined contents. */ -bool strtonuml(const char *s, char **end, unsigned long *value, - unsigned long min, unsigned long max) +bool xtables_strtoul(const char *s, char **end, unsigned long *value, + unsigned long min, unsigned long max) { unsigned long v; char *my_end; @@ -252,13 +219,13 @@ bool strtonuml(const char *s, char **end, unsigned long *value, return false; } -bool strtonum(const char *s, char **end, unsigned int *value, - unsigned int min, unsigned int max) +bool xtables_strtoui(const char *s, char **end, unsigned int *value, + unsigned int min, unsigned int max) { unsigned long v; bool ret; - ret = strtonuml(s, end, &v, min, max); + ret = xtables_strtoul(s, end, &v, min, max); if (value != NULL) *value = v; return ret; @@ -278,7 +245,7 @@ u_int16_t parse_port(const char *port, const char *proto) { unsigned int portnum; - if (string_to_number(port, 0, UINT16_MAX, &portnum) != -1 || + if (xtables_strtoui(port, NULL, &portnum, 0, UINT16_MAX) || (portnum = service_to_port(port, proto)) != (unsigned)-1) return portnum; @@ -834,7 +801,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) return NULL; /* autocomplete, this is a network address */ - if (!strtonum(p, NULL, &onebyte, 0, UINT8_MAX)) + if (!xtables_strtoui(p, NULL, &onebyte, 0, UINT8_MAX)) return NULL; addrp[i] = onebyte; @@ -845,7 +812,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) } *q = '\0'; - if (!strtonum(p, NULL, &onebyte, 0, UINT8_MAX)) + if (!xtables_strtoui(p, NULL, &onebyte, 0, UINT8_MAX)) return NULL; addrp[i] = onebyte; @@ -853,7 +820,7 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) } /* we have checked 3 bytes, now we check the last one */ - if (!strtonum(p, NULL, &onebyte, 0, UINT8_MAX)) + if (!xtables_strtoui(p, NULL, &onebyte, 0, UINT8_MAX)) return NULL; addrp[3] = onebyte; @@ -941,7 +908,7 @@ static struct in_addr *parse_ipmask(const char *mask) if ((addrp = numeric_to_ipmask(mask)) != NULL) /* dotted_to_addr already returns a network byte order addr */ return addrp; - if (string_to_number(mask, 0, 32, &bits) == -1) + if (!xtables_strtoui(mask, NULL, &bits, 0, 32)) exit_error(PARAMETER_PROBLEM, "invalid mask `%s' specified", mask); if (bits != 0) { @@ -1162,7 +1129,7 @@ static struct in6_addr *parse_ip6mask(char *mask) } if ((addrp = numeric_to_ip6addr(mask)) != NULL) return addrp; - if (string_to_number(mask, 0, 128, &bits) == -1) + if (!xtables_strtoui(mask, NULL, &bits, 0, 128)) exit_error(PARAMETER_PROBLEM, "invalid mask `%s' specified", mask); if (bits != 0) { -- cgit v1.2.3 From dacafa55379fd98212031d8c559096c91d7ce93b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 20:56:23 +0100 Subject: libxtables: prefix/order - program_name Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt --- .gitignore | 1 + Makefile.am | 2 +- configure.ac | 26 ++++++++++---------------- include/xtables.h.in | 13 ++++++++----- include/xtables/internal.h | 34 ---------------------------------- include/xtables/internal.h.in | 41 +++++++++++++++++++++++++++++++++++++++++ ip6tables-restore.c | 5 +++-- ip6tables-save.c | 5 +++-- ip6tables-standalone.c | 3 ++- iptables-restore.c | 5 +++-- iptables-save.c | 5 +++-- iptables-standalone.c | 3 ++- iptables-xml.c | 4 ++-- xtables.c | 37 +++++++++++++++++++++++-------------- 14 files changed, 102 insertions(+), 82 deletions(-) delete mode 100644 include/xtables/internal.h create mode 100644 include/xtables/internal.h.in diff --git a/.gitignore b/.gitignore index 741f9729..116de2c3 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,7 @@ Makefile.in /extensions/targets?.man /include/xtables.h +/include/xtables/internal.h /aclocal.m4 /autom4te*.cache diff --git a/Makefile.am b/Makefile.am index 83ab3bba..0ffb9785 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,7 +14,7 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c lib_LTLIBRARIES = libxtables.la libxtables_la_SOURCES = xtables.c -libxtables_la_LDFLAGS = -version-info 1:0:0 +libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage} # iptables, dynamic iptables_SOURCES = iptables-standalone.c iptables.c diff --git a/configure.ac b/configure.ac index 8c9c30de..bb32130c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,11 +1,10 @@ -define([_XTABLES_VERSION_MAJOR], 1) -define([_XTABLES_VERSION_MINOR], 4) -define([_XTABLES_VERSION_PATCH], 3) -define([_XTABLES_VERSION_EXTRA], -rc1) -define([_XTABLES_VERSION],_XTABLES_VERSION_MAJOR._XTABLES_VERSION_MINOR._XTABLES_VERSION_PATCH[]_XTABLES_VERSION_EXTRA) +AC_INIT([iptables], [1.4.3-rc1]) + +# See libtool.info "Libtool's versioning system" +libxtables_vcurrent=1 +libxtables_vage=0 -AC_INIT([iptables], _XTABLES_VERSION) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) AC_PROG_INSTALL @@ -74,16 +73,11 @@ AC_SUBST([kbuilddir]) AC_SUBST([ksourcedir]) AC_SUBST([xtlibdir]) AC_SUBST([pkgconfigdir]) - -XTABLES_VERSION_MAJOR=_XTABLES_VERSION_MAJOR -XTABLES_VERSION_MINOR=_XTABLES_VERSION_MINOR -XTABLES_VERSION_PATCH=_XTABLES_VERSION_PATCH -XTABLES_VERSION_EXTRA=_XTABLES_VERSION_EXTRA -AC_SUBST([XTABLES_VERSION_MAJOR]) -AC_SUBST([XTABLES_VERSION_MINOR]) -AC_SUBST([XTABLES_VERSION_PATCH]) -AC_SUBST([XTABLES_VERSION_EXTRA]) +AC_SUBST([libxtables_vcurrent]) +AC_SUBST([libxtables_vage]) +libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage)); +AC_SUBST([libxtables_vmajor]) AC_CONFIG_FILES([Makefile extensions/GNUmakefile libipq/Makefile - include/xtables.h xtables.pc]) + include/xtables.h include/xtables/internal.h xtables.pc]) AC_OUTPUT diff --git a/include/xtables.h.in b/include/xtables.h.in index f372d334..e1f9c926 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -1,6 +1,11 @@ #ifndef _XTABLES_H #define _XTABLES_H +/* + * Changing any structs/functions may incur a needed change + * in libxtables_vcurrent/vage too. + */ + #include /* PF_* */ #include #include @@ -20,10 +25,8 @@ #define IPPROTO_UDPLITE 136 #endif -#define XTABLES_VERSION "@PACKAGE_VERSION@" -#define XTABLES_VERSION_CODE (0x10000 * @XTABLES_VERSION_MAJOR@ + 0x100 * @XTABLES_VERSION_MINOR@ + @XTABLES_VERSION_PATCH@) - -#define XTABLES_API_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) +#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@" +#define XTABLES_VERSION_CODE @libxtables_vmajor@ struct in_addr; @@ -155,6 +158,7 @@ enum xtables_tryload { XTF_LOAD_MUST_SUCCEED, }; +extern const char *xtables_program_name; extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; @@ -202,7 +206,6 @@ int check_inverse(const char option[], int *invert, int *my_optind, int argc); void exit_error(enum exittype, const char *, ...)__attribute__((noreturn, format(printf,2,3))); extern void param_act(unsigned int, const char *, ...); -extern const char *program_name, *program_version; extern const char *ipaddr_to_numeric(const struct in_addr *); extern const char *ipaddr_to_anyname(const struct in_addr *); diff --git a/include/xtables/internal.h b/include/xtables/internal.h deleted file mode 100644 index 21c4401f..00000000 --- a/include/xtables/internal.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef _XTABLES_INTERNAL_H -#define _XTABLES_INTERNAL_H 1 - -#ifndef XT_LIB_DIR -# define XT_LIB_DIR "/usr/local/lib/iptables" -#endif - -/* protocol family dependent informations */ -struct afinfo { - /* protocol family */ - int family; - - /* prefix of library name (ex "libipt_" */ - char *libprefix; - - /* used by setsockopt (ex IPPROTO_IP */ - int ipproto; - - /* kernel module (ex "ip_tables" */ - char *kmod; - - /* optname to check revision support of match */ - int so_rev_match; - - /* optname to check revision support of match */ - int so_rev_target; -}; - -/* This is decleared in ip[6]tables.c */ -extern struct afinfo afinfo; - -extern void _init(void); - -#endif /* _XTABLES_INTERNAL_H */ diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in new file mode 100644 index 00000000..21438290 --- /dev/null +++ b/include/xtables/internal.h.in @@ -0,0 +1,41 @@ +#ifndef _XTABLES_INTERNAL_H +#define _XTABLES_INTERNAL_H 1 + +#define IPTABLES_VERSION "@PACKAGE_VERSION@" + +#ifndef XT_LIB_DIR +# define XT_LIB_DIR "/usr/local/lib/iptables" +#endif + +/* protocol family dependent informations */ +struct afinfo { + /* protocol family */ + int family; + + /* prefix of library name (ex "libipt_" */ + char *libprefix; + + /* used by setsockopt (ex IPPROTO_IP */ + int ipproto; + + /* kernel module (ex "ip_tables" */ + char *kmod; + + /* optname to check revision support of match */ + int so_rev_match; + + /* optname to check revision support of match */ + int so_rev_target; +}; + +/* This is decleared in ip[6]tables.c */ +extern struct afinfo afinfo; + +/** + * Program's own name and version. + */ +extern const char *program_name, *program_version; + +extern void _init(void); + +#endif /* _XTABLES_INTERNAL_H */ diff --git a/ip6tables-restore.c b/ip6tables-restore.c index 6be1a36c..beb640b2 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -127,9 +127,10 @@ int main(int argc, char *argv[]) int in_table = 0, testing = 0; program_name = "ip6tables-restore"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; line = 0; + xtables_program_name = program_name; xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); @@ -151,7 +152,7 @@ int main(int argc, char *argv[]) break; case 'h': print_usage("ip6tables-restore", - XTABLES_VERSION); + IPTABLES_VERSION); break; case 'n': noflush = 1; diff --git a/ip6tables-save.c b/ip6tables-save.c index 1b9d00ae..86ec6b26 100644 --- a/ip6tables-save.c +++ b/ip6tables-save.c @@ -76,7 +76,7 @@ static int do_output(const char *tablename) time_t now = time(NULL); printf("# Generated by ip6tables-save v%s on %s", - XTABLES_VERSION, ctime(&now)); + IPTABLES_VERSION, ctime(&now)); printf("*%s\n", tablename); /* Dump out chain names first, @@ -137,8 +137,9 @@ int main(int argc, char *argv[]) int c; program_name = "ip6tables-save"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; + xtables_program_name = program_name; xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index 95435576..3ab114ea 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -50,8 +50,9 @@ main(int argc, char *argv[]) struct ip6tc_handle *handle = NULL; program_name = "ip6tables"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; + xtables_program_name = program_name; xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); diff --git a/iptables-restore.c b/iptables-restore.c index d982fca1..56812ee9 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -129,9 +129,10 @@ main(int argc, char *argv[]) const char *tablename = NULL; program_name = "iptables-restore"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; line = 0; + xtables_program_name = program_name; xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); @@ -153,7 +154,7 @@ main(int argc, char *argv[]) break; case 'h': print_usage("iptables-restore", - XTABLES_VERSION); + IPTABLES_VERSION); break; case 'n': noflush = 1; diff --git a/iptables-save.c b/iptables-save.c index e615de99..d08ec4b2 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -74,7 +74,7 @@ static int do_output(const char *tablename) time_t now = time(NULL); printf("# Generated by iptables-save v%s on %s", - XTABLES_VERSION, ctime(&now)); + IPTABLES_VERSION, ctime(&now)); printf("*%s\n", tablename); /* Dump out chain names first, @@ -137,8 +137,9 @@ main(int argc, char *argv[]) int c; program_name = "iptables-save"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; + xtables_program_name = program_name; xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); diff --git a/iptables-standalone.c b/iptables-standalone.c index c06b2862..91908732 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -51,8 +51,9 @@ main(int argc, char *argv[]) struct iptc_handle *handle = NULL; program_name = "iptables"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; + xtables_program_name = program_name; xtables_init(); #ifdef NO_SHARED_LIBS init_extensions(); diff --git a/iptables-xml.c b/iptables-xml.c index 6481b8e0..a3f69872 100644 --- a/iptables-xml.c +++ b/iptables-xml.c @@ -643,7 +643,7 @@ main(int argc, char *argv[]) FILE *in; program_name = "iptables-xml"; - program_version = XTABLES_VERSION; + program_version = IPTABLES_VERSION; line = 0; while ((c = getopt_long(argc, argv, "cvh", options, NULL)) != -1) { @@ -656,7 +656,7 @@ main(int argc, char *argv[]) verbose = 1; break; case 'h': - print_usage("iptables-xml", XTABLES_VERSION); + print_usage("iptables-xml", IPTABLES_VERSION); break; } } diff --git a/xtables.c b/xtables.c index 9e576794..642c04bb 100644 --- a/xtables.c +++ b/xtables.c @@ -44,6 +44,11 @@ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" #endif +/** + * Program will set this to its own name. + */ +const char *xtables_program_name; + /* Search path for Xtables .so files */ static const char *xtables_libdir; @@ -529,23 +534,25 @@ void xtables_register_match(struct xtables_match *me) { struct xtables_match **i, *old; - if (strcmp(me->version, program_version) != 0) { - fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n", - program_name, me->name, me->version, program_version); + if (strcmp(me->version, XTABLES_VERSION) != 0) { + fprintf(stderr, "%s: match \"%s\" has version \"%s\", " + "but \"%s\" is required.\n", + xtables_program_name, me->name, + me->version, XTABLES_VERSION); exit(1); } /* Revision field stole a char from name. */ if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) { fprintf(stderr, "%s: target `%s' has invalid name\n", - program_name, me->name); + xtables_program_name, me->name); exit(1); } if (me->family >= NPROTO) { fprintf(stderr, "%s: BUG: match %s has invalid protocol family\n", - program_name, me->name); + xtables_program_name, me->name); exit(1); } @@ -559,7 +566,7 @@ void xtables_register_match(struct xtables_match *me) old->family == me->family) { fprintf(stderr, "%s: match `%s' already registered.\n", - program_name, me->name); + xtables_program_name, me->name); exit(1); } @@ -583,7 +590,7 @@ void xtables_register_match(struct xtables_match *me) if (me->size != XT_ALIGN(me->size)) { fprintf(stderr, "%s: match `%s' has invalid size %u.\n", - program_name, me->name, (unsigned int)me->size); + xtables_program_name, me->name, (unsigned int)me->size); exit(1); } @@ -600,23 +607,25 @@ void xtables_register_target(struct xtables_target *me) { struct xtables_target *old; - if (strcmp(me->version, program_version) != 0) { - fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n", - program_name, me->name, me->version, program_version); + if (strcmp(me->version, XTABLES_VERSION) != 0) { + fprintf(stderr, "%s: target \"%s\" has version \"%s\", " + "but \"%s\" is required.\n", + xtables_program_name, me->name, + me->version, XTABLES_VERSION); exit(1); } /* Revision field stole a char from name. */ if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) { fprintf(stderr, "%s: target `%s' has invalid name\n", - program_name, me->name); + xtables_program_name, me->name); exit(1); } if (me->family >= NPROTO) { fprintf(stderr, "%s: BUG: target %s has invalid protocol family\n", - program_name, me->name); + xtables_program_name, me->name); exit(1); } @@ -632,7 +641,7 @@ void xtables_register_target(struct xtables_target *me) old->family == me->family) { fprintf(stderr, "%s: target `%s' already registered.\n", - program_name, me->name); + xtables_program_name, me->name); exit(1); } @@ -656,7 +665,7 @@ void xtables_register_target(struct xtables_target *me) if (me->size != XT_ALIGN(me->size)) { fprintf(stderr, "%s: target `%s' has invalid size %u.\n", - program_name, me->name, (unsigned int)me->size); + xtables_program_name, me->name, (unsigned int)me->size); exit(1); } -- cgit v1.2.3 From a41545ca7cde43e0ba53260ba74bd9bf74025a68 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 21:27:19 +0100 Subject: libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt --- extensions/libxt_CONNMARK.c | 30 +++++++++++------------ extensions/libxt_MARK.c | 28 ++++++++++----------- extensions/libxt_TOS.c | 30 +++++++++++------------ extensions/libxt_TPROXY.c | 22 ++++++++--------- extensions/libxt_connmark.c | 8 +++--- extensions/libxt_conntrack.c | 18 +++++++------- extensions/libxt_hashlimit.c | 58 ++++++++++++++++++++++---------------------- extensions/libxt_iprange.c | 24 +++++++++--------- extensions/libxt_mark.c | 8 +++--- extensions/libxt_owner.c | 46 +++++++++++++++++------------------ extensions/libxt_tos.c | 8 +++--- include/xtables.h.in | 28 ++++++++++----------- ip6tables.c | 2 +- iptables-xml.c | 2 +- iptables.c | 2 +- xtables.c | 34 ++++++++++++++++++++++---- 16 files changed, 186 insertions(+), 162 deletions(-) diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index f979f282..e426e4f1 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -158,14 +158,14 @@ static int connmark_tg_parse(int c, char **argv, int invert, switch (c) { case '=': /* --set-xmark */ case '-': /* --set-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end == '/') if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; info->ctmask = mask; @@ -175,9 +175,9 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case '&': /* --and-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--and-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--and-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = 0; info->ctmask = ~mask; @@ -185,9 +185,9 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case '|': /* --or-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--or-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--or-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; info->ctmask = value; @@ -195,9 +195,9 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case '^': /* --xor-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--xor-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--xor-mark", optarg); info->mode = XT_CONNMARK_SET; info->ctmark = value; info->ctmask = 0; @@ -205,13 +205,13 @@ static int connmark_tg_parse(int c, char **argv, int invert, return true; case 'S': /* --save-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); info->mode = XT_CONNMARK_SAVE; *flags |= F_MARK | F_SR_MARK; return true; case 'R': /* --restore-mark */ - param_act(P_ONE_ACTION, "CONNMARK", *flags & F_MARK); + xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK); info->mode = XT_CONNMARK_RESTORE; *flags |= F_MARK | F_SR_MARK; return true; @@ -222,7 +222,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, "or --restore-mark is required for " "--nfmask"); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--nfmask", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--nfmask", optarg); info->nfmask = value; return true; @@ -232,7 +232,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, "or --restore-mark is required for " "--ctmask"); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--ctmask", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--ctmask", optarg); info->ctmask = value; return true; @@ -242,7 +242,7 @@ static int connmark_tg_parse(int c, char **argv, int invert, "or --restore-mark is required for " "--mask"); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "CONNMARK", "--mask", optarg); + xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--mask", optarg); info->nfmask = info->ctmask = value; return true; } diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index fd28196e..8f04e8e7 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -134,15 +134,15 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'X': /* --set-xmark */ case '=': /* --set-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert); if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end == '/') if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg); info->mark = value; info->mask = mask; @@ -151,28 +151,28 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags, break; case '&': /* --and-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--and-mark", invert); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--and-mark", invert); if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "MARK", "--and-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--and-mark", optarg); info->mark = 0; info->mask = ~mask; break; case '|': /* --or-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--or-mark", invert); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--or-mark", invert); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "MARK", "--or-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--or-mark", optarg); info->mark = value; info->mask = value; break; case '^': /* --xor-mark */ - param_act(P_ONE_ACTION, "MARK", *flags & F_MARK); - param_act(P_NO_INVERT, "MARK", "--xor-mark", invert); + xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK); + xtables_param_act(XTF_NO_INVERT, "MARK", "--xor-mark", invert); if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "MARK", "--xor-mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "MARK", "--xor-mark", optarg); info->mark = value; info->mask = 0; break; diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index 96eb4201..7b1f7f83 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -82,10 +82,10 @@ static int tos_tg_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '=': - param_act(P_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--set-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert); if (!tos_parse_symbolic(optarg, &tvm, 0xFF)) - param_act(P_BAD_VALUE, "TOS", "--set-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg); if (tvm.mask != 0xFF) exit_error(PARAMETER_PROBLEM, "tos match: Your kernel " "is too old to support anything besides " @@ -107,37 +107,37 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '=': /* --set-tos */ - param_act(P_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--set-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert); if (!tos_parse_symbolic(optarg, &tvm, 0x3F)) - param_act(P_BAD_VALUE, "TOS", "--set-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg); info->tos_value = tvm.value; info->tos_mask = tvm.mask; break; case '&': /* --and-tos */ - param_act(P_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--and-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--and-tos", invert); if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) - param_act(P_BAD_VALUE, "TOS", "--and-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--and-tos", optarg); info->tos_value = 0; info->tos_mask = ~bits; break; case '|': /* --or-tos */ - param_act(P_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--or-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--or-tos", invert); if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) - param_act(P_BAD_VALUE, "TOS", "--or-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--or-tos", optarg); info->tos_value = bits; info->tos_mask = bits; break; case '^': /* --xor-tos */ - param_act(P_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); - param_act(P_NO_INVERT, "TOS", "--xor-tos", invert); + xtables_param_act(XTF_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS); + xtables_param_act(XTF_NO_INVERT, "TOS", "--xor-tos", invert); if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX)) - param_act(P_BAD_VALUE, "TOS", "--xor-tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "TOS", "--xor-tos", optarg); info->tos_value = bits; info->tos_mask = 0; break; diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index 6c5c6b7d..d0933aef 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -43,7 +43,7 @@ static void parse_tproxy_lport(const char *s, struct xt_tproxy_target_info *info if (xtables_strtoui(s, NULL, &lport, 0, UINT16_MAX)) info->lport = htons(lport); else - param_act(P_BAD_VALUE, "TPROXY", "--on-port", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-port", s); } static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info) @@ -51,7 +51,7 @@ static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info struct in_addr *laddr; if ((laddr = numeric_to_ipaddr(s)) == NULL) - param_act(P_BAD_VALUE, "TPROXY", "--on-ip", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s); info->laddr = laddr->s_addr; } @@ -62,12 +62,12 @@ static void parse_tproxy_mark(char *s, struct xt_tproxy_target_info *info) char *end; if (!xtables_strtoui(s, &end, &value, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s); if (*end == '/') if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s); if (*end != '\0') - param_act(P_BAD_VALUE, "TPROXY", "--tproxy-mark", s); + xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s); info->mark_mask = mask; info->mark_value = value; @@ -80,20 +80,20 @@ static int tproxy_tg_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - param_act(P_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT); - param_act(P_NO_INVERT, "TPROXY", "--on-port", invert); + xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT); + xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-port", invert); parse_tproxy_lport(optarg, tproxyinfo); *flags |= PARAM_ONPORT; return 1; case '2': - param_act(P_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP); - param_act(P_NO_INVERT, "TPROXY", "--on-ip", invert); + xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP); + xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-ip", invert); parse_tproxy_laddr(optarg, tproxyinfo); *flags |= PARAM_ONIP; return 1; case '3': - param_act(P_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK); - param_act(P_NO_INVERT, "TPROXY", "--tproxy-mark", invert); + xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK); + xtables_param_act(XTF_NO_INVERT, "TPROXY", "--tproxy-mark", invert); parse_tproxy_mark(optarg, tproxyinfo); *flags |= PARAM_MARK; return 1; diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index afa63e39..0f47a8f4 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -54,14 +54,14 @@ connmark_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': /* --mark */ - param_act(P_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK); + xtables_param_act(XTF_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK); if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "connmark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg); if (*end == '/') if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "connmark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "connmark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg); if (invert) info->invert = true; diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 2b98ab02..facd0fc2 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -269,13 +269,13 @@ conntrack_ps_expires(struct xt_conntrack_mtinfo1 *info, const char *s) char *end; if (!xtables_strtoui(s, &end, &min, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "conntrack", "--expires", s); + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s); max = min; if (*end == ':') if (!xtables_strtoui(s, &end, &max, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "conntrack", "--expires", s); + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s); if (*end != '\0') - param_act(P_BAD_VALUE, "conntrack", "--expires", s); + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s); if (min > max) exit_error(PARAMETER_PROBLEM, @@ -482,7 +482,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, case 'a': /* --ctorigsrcport */ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) - param_act(P_BAD_VALUE, "conntrack", + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctorigsrcport", optarg); info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT; info->origsrc_port = htons(port); @@ -492,7 +492,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, case 'b': /* --ctorigdstport */ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) - param_act(P_BAD_VALUE, "conntrack", + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctorigdstport", optarg); info->match_flags |= XT_CONNTRACK_ORIGDST_PORT; info->origdst_port = htons(port); @@ -502,7 +502,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, case 'c': /* --ctreplsrcport */ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) - param_act(P_BAD_VALUE, "conntrack", + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctreplsrcport", optarg); info->match_flags |= XT_CONNTRACK_REPLSRC_PORT; info->replsrc_port = htons(port); @@ -512,7 +512,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, case 'd': /* --ctrepldstport */ if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX)) - param_act(P_BAD_VALUE, "conntrack", + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctrepldstport", optarg); info->match_flags |= XT_CONNTRACK_REPLDST_PORT; info->repldst_port = htons(port); @@ -521,7 +521,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, break; case 'e': /* --ctdir */ - param_act(P_NO_INVERT, "conntrack", "--ctdir", invert); + xtables_param_act(XTF_NO_INVERT, "conntrack", "--ctdir", invert); if (strcasecmp(optarg, "ORIGINAL") == 0) { info->match_flags |= XT_CONNTRACK_DIRECTION; info->invert_flags &= ~XT_CONNTRACK_DIRECTION; @@ -529,7 +529,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, info->match_flags |= XT_CONNTRACK_DIRECTION; info->invert_flags |= XT_CONNTRACK_DIRECTION; } else { - param_act(P_BAD_VALUE, "conntrack", "--ctdir", optarg); + xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctdir", optarg); } break; diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 06d026a2..f63db64e 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -217,7 +217,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '%': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit", *flags & PARAM_LIMIT); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->cfg.avg)) @@ -227,7 +227,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, break; case '$': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) @@ -237,7 +237,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_BURST; break; case '&': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) @@ -247,7 +247,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_SIZE; break; case '*': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) @@ -257,7 +257,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_MAX; break; case '(': - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; @@ -270,7 +270,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_GCINTERVAL; break; case ')': - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) @@ -281,7 +281,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_EXPIRE; break; case '_': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (parse_mode(&r->cfg.mode, optarg) < 0) @@ -290,7 +290,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= PARAM_MODE; break; case '"': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (strlen(optarg) == 0) @@ -317,63 +317,63 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, switch(c) { case '%': /* --hashlimit / --hashlimit-below */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-upto", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-upto", *flags & PARAM_LIMIT); if (invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; if (!parse_rate(optarg, &info->cfg.avg)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-upto", optarg); *flags |= PARAM_LIMIT; return true; case '^': /* --hashlimit-above == !--hashlimit-below */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-above", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-above", *flags & PARAM_LIMIT); if (!invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; if (!parse_rate(optarg, &info->cfg.avg)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-above", optarg); *flags |= PARAM_LIMIT; return true; case '$': /* --hashlimit-burst */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-burst", optarg); info->cfg.burst = num; *flags |= PARAM_BURST; return true; case '&': /* --hashlimit-htable-size */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-size", optarg); info->cfg.size = num; *flags |= PARAM_SIZE; return true; case '*': /* --hashlimit-htable-max */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-max", optarg); info->cfg.max = num; *flags |= PARAM_MAX; return true; case '(': /* --hashlimit-htable-gcinterval */ - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-gcinterval", optarg); /* FIXME: not HZ dependent!! */ info->cfg.gc_interval = num; @@ -381,10 +381,10 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, return true; case ')': /* --hashlimit-htable-expire */ - param_act(P_ONLY_ONCE, "hashlimit", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-htable-expire", optarg); /* FIXME: not HZ dependent */ info->cfg.expire = num; @@ -392,16 +392,16 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, return true; case '_': - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); if (parse_mode(&info->cfg.mode, optarg) < 0) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-mode", optarg); *flags |= PARAM_MODE; return true; case '"': /* --hashlimit-name */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); @@ -411,20 +411,20 @@ hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, return true; case '<': /* --hashlimit-srcmask */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask", *flags & PARAM_SRCMASK); if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-srcmask", optarg); info->cfg.srcmask = num; *flags |= PARAM_SRCMASK; return true; case '>': /* --hashlimit-dstmask */ - param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask", + xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask", *flags & PARAM_DSTMASK); if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask)) - param_act(P_BAD_VALUE, "hashlimit", + xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-dstmask", optarg); info->cfg.dstmask = num; *flags |= PARAM_DSTMASK; diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 09e9fb7f..0fe2b4f0 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -110,15 +110,15 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, case '1': /* --src-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); *end = '\0'; ia = numeric_to_ipaddr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); memcpy(&info->src_min.in, ia, sizeof(*ia)); ia = numeric_to_ipaddr(end+1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_SRC; if (invert) @@ -129,15 +129,15 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, case '2': /* --dst-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); *end = '\0'; ia = numeric_to_ipaddr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); memcpy(&info->dst_min.in, ia, sizeof(*ia)); ia = numeric_to_ipaddr(end + 1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_DST; if (invert) @@ -160,15 +160,15 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, case '1': /* --src-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); *end = '\0'; ia = numeric_to_ip6addr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); memcpy(&info->src_min.in, ia, sizeof(*ia)); ia = numeric_to_ip6addr(end+1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--src-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_SRC; if (invert) @@ -179,15 +179,15 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, case '2': /* --dst-range */ end = strchr(optarg, '-'); if (end == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); *end = '\0'; ia = numeric_to_ip6addr(optarg); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", optarg); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); memcpy(&info->dst_min.in, ia, sizeof(*ia)); ia = numeric_to_ip6addr(end + 1); if (ia == NULL) - param_act(P_BAD_VALUE, "iprange", "--dst-range", end + 1); + xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); info->flags |= IPRANGE_DST; if (invert) diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c index 31957e7d..08bc9d95 100644 --- a/extensions/libxt_mark.c +++ b/extensions/libxt_mark.c @@ -34,14 +34,14 @@ static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': /* --mark */ - param_act(P_ONLY_ONCE, "mark", "--mark", *flags & F_MARK); + xtables_param_act(XTF_ONLY_ONCE, "mark", "--mark", *flags & F_MARK); if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "mark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg); if (*end == '/') if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) - param_act(P_BAD_VALUE, "mark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg); if (*end != '\0') - param_act(P_BAD_VALUE, "mark", "--mark", optarg); + xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg); if (invert) info->invert = true; diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index 54d841c6..bf26f35c 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -112,11 +112,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; info->match |= IPT_OWNER_UID; @@ -125,11 +125,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; info->match |= IPT_OWNER_GID; @@ -138,9 +138,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'p': - param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IPT_OWNER_PID; info->match |= IPT_OWNER_PID; @@ -149,9 +149,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 's': - param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--sid-value", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-value", optarg); if (invert) info->invert |= IPT_OWNER_SID; info->match |= IPT_OWNER_SID; @@ -161,7 +161,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, #ifdef IPT_OWNER_COMM case 'c': - param_act(P_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM); if (strlen(optarg) > sizeof(info->comm)) exit_error(PARAMETER_PROBLEM, "owner match: command " "\"%s\" too long, max. %zu characters", @@ -191,12 +191,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; info->match |= IP6T_OWNER_UID; @@ -205,12 +205,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; info->match |= IP6T_OWNER_GID; @@ -219,10 +219,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'p': - param_act(P_ONLY_ONCE, "owner", "--pid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_PID; info->match |= IP6T_OWNER_PID; @@ -231,10 +231,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 's': - param_act(P_ONLY_ONCE, "owner", "--sid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_SID; info->match |= IP6T_OWNER_SID; @@ -252,13 +252,13 @@ static void owner_parse_range(const char *s, unsigned int *from, /* -1 is reversed, so the max is one less than that. */ if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); if (*end != '\0') - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); } static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, @@ -271,7 +271,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) from = to = pwd->pw_uid; @@ -286,7 +286,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) from = to = grp->gr_gid; @@ -301,7 +301,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, return true; case 'k': - param_act(P_ONLY_ONCE, "owner", "--socket-exists", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--socket-exists", *flags & FLAG_SOCKET_EXISTS); if (invert) info->invert |= XT_OWNER_SOCKET; diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c index 9f8d6fa3..a6118400 100644 --- a/extensions/libxt_tos.c +++ b/extensions/libxt_tos.c @@ -50,9 +50,9 @@ static int tos_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 't': - param_act(P_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); + xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); if (!tos_parse_symbolic(optarg, &tvm, 0xFF)) - param_act(P_BAD_VALUE, "tos", "--tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg); if (tvm.mask != 0xFF) exit_error(PARAMETER_PROBLEM, "tos: Your kernel is " "too old to support anything besides /0xFF " @@ -74,9 +74,9 @@ static int tos_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 't': - param_act(P_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); + xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS); if (!tos_parse_symbolic(optarg, &tvm, 0x3F)) - param_act(P_BAD_VALUE, "tos", "--tos", optarg); + xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg); info->tos_value = tvm.value; info->tos_mask = tvm.mask; if (invert) diff --git a/include/xtables.h.in b/include/xtables.h.in index e1f9c926..e5737cb8 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -158,6 +158,17 @@ enum xtables_tryload { XTF_LOAD_MUST_SUCCEED, }; +enum xtables_exittype { + OTHER_PROBLEM = 1, + PARAMETER_PROBLEM, + VERSION_PROBLEM, + RESOURCE_PROBLEM, + XTF_ONLY_ONCE, + XTF_NO_INVERT, + XTF_BAD_VALUE, + XTF_ONE_ACTION, +}; + extern const char *xtables_program_name; extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; @@ -188,24 +199,13 @@ extern u_int16_t parse_port(const char *port, const char *proto); extern void parse_interface(const char *arg, char *vianame, unsigned char *mask); -enum exittype { - OTHER_PROBLEM = 1, - PARAMETER_PROBLEM, - VERSION_PROBLEM, - RESOURCE_PROBLEM, - P_ONLY_ONCE, - P_NO_INVERT, - P_BAD_VALUE, - P_ONE_ACTION, -}; - /* this is a special 64bit data type that is 8-byte aligned */ #define aligned_u64 u_int64_t __attribute__((aligned(8))) int check_inverse(const char option[], int *invert, int *my_optind, int argc); -void exit_error(enum exittype, const char *, ...)__attribute__((noreturn, - format(printf,2,3))); -extern void param_act(unsigned int, const char *, ...); +void exit_error(enum xtables_exittype, const char *, ...) + __attribute__((noreturn, format(printf,2,3))); +extern void xtables_param_act(unsigned int, const char *, ...); extern const char *ipaddr_to_numeric(const struct in_addr *); extern const char *ipaddr_to_anyname(const struct in_addr *); diff --git a/ip6tables.c b/ip6tables.c index 0464185a..cbacd899 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -365,7 +365,7 @@ exit_printhelp(struct ip6tables_rule_match *matches) } void -exit_error(enum exittype status, const char *msg, ...) +exit_error(enum xtables_exittype status, const char *msg, ...) { va_list args; diff --git a/iptables-xml.c b/iptables-xml.c index a3f69872..307845c5 100644 --- a/iptables-xml.c +++ b/iptables-xml.c @@ -30,7 +30,7 @@ const char *program_version; #ifndef IPTABLES_MULTI int line = 0; -void exit_error(enum exittype status, const char *msg, ...) +void exit_error(enum xtables_exittype status, const char *msg, ...) { va_list args; diff --git a/iptables.c b/iptables.c index 15b5b6f4..9adc2093 100644 --- a/iptables.c +++ b/iptables.c @@ -367,7 +367,7 @@ exit_printhelp(struct iptables_rule_match *matches) } void -exit_error(enum exittype status, const char *msg, ...) +exit_error(enum xtables_exittype status, const char *msg, ...) { va_list args; diff --git a/xtables.c b/xtables.c index 642c04bb..3ffefa22 100644 --- a/xtables.c +++ b/xtables.c @@ -676,7 +676,31 @@ void xtables_register_target(struct xtables_target *me) me->tflags = 0; } -void param_act(unsigned int status, const char *p1, ...) +/** + * xtables_param_act - act on condition + * @status: a constant from enum xtables_exittype + * + * %XTF_ONLY_ONCE: print error message that option may only be used once. + * @p1: module name (e.g. "mark") + * @p2(...): option in conflict (e.g. "--mark") + * @p3(...): condition to match on (see extensions/ for examples) + * + * %XTF_NO_INVERT: option does not support inversion + * @p1: module name + * @p2: option in conflict + * @p3: condition to match on + * + * %XTF_BAD_VALUE: bad value for option + * @p1: module name + * @p2: option with which the problem occured (e.g. "--mark") + * @p3: string the user passed in (e.g. "99999999999999") + * + * %XTF_ONE_ACTION: two mutually exclusive actions have been specified + * @p1: module name + * + * Displays an error message and exits the program. + */ +void xtables_param_act(unsigned int status, const char *p1, ...) { const char *p2, *p3; va_list args; @@ -685,7 +709,7 @@ void param_act(unsigned int status, const char *p1, ...) va_start(args, p1); switch (status) { - case P_ONLY_ONCE: + case XTF_ONLY_ONCE: p2 = va_arg(args, const char *); b = va_arg(args, unsigned int); if (!b) @@ -694,7 +718,7 @@ void param_act(unsigned int status, const char *p1, ...) "%s: \"%s\" option may only be specified once", p1, p2); break; - case P_NO_INVERT: + case XTF_NO_INVERT: p2 = va_arg(args, const char *); b = va_arg(args, unsigned int); if (!b) @@ -702,14 +726,14 @@ void param_act(unsigned int status, const char *p1, ...) exit_error(PARAMETER_PROBLEM, "%s: \"%s\" option cannot be inverted", p1, p2); break; - case P_BAD_VALUE: + case XTF_BAD_VALUE: p2 = va_arg(args, const char *); p3 = va_arg(args, const char *); exit_error(PARAMETER_PROBLEM, "%s: Bad value for \"%s\" option: \"%s\"", p1, p2, p3); break; - case P_ONE_ACTION: + case XTF_ONE_ACTION: b = va_arg(args, unsigned int); if (!b) return; -- cgit v1.2.3 From e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 03:55:09 +0100 Subject: libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt --- extensions/libipt_DNAT.c | 4 ++-- extensions/libipt_NETMAP.c | 4 ++-- extensions/libipt_SAME.c | 8 ++++---- extensions/libipt_SNAT.c | 4 ++-- extensions/libipt_policy.c | 8 ++++---- extensions/libxt_TPROXY.c | 4 ++-- extensions/libxt_conntrack.c | 14 +++++++------- extensions/libxt_iprange.c | 32 ++++++++++++++++---------------- include/xtables.h.in | 12 ++++++------ ip6tables.c | 12 ++++++------ iptables.c | 12 ++++++------ xtables.c | 20 ++++++++++---------- 12 files changed, 67 insertions(+), 67 deletions(-) diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index e884b03e..42695bb4 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -195,10 +195,10 @@ static void print_range(const struct ip_nat_range *r) struct in_addr a; a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); if (r->max_ip != r->min_ip) { a.s_addr = r->max_ip; - printf("-%s", ipaddr_to_numeric(&a)); + printf("-%s", xtables_ipaddr_to_numeric(&a)); } } if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index d8f34ccd..33f48c93 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -148,11 +148,11 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, int bits; a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); a.s_addr = ~(r->min_ip ^ r->max_ip); bits = netmask2bits(a.s_addr); if (bits < 0) - printf("/%s", ipaddr_to_numeric(&a)); + printf("/%s", xtables_ipaddr_to_numeric(&a)); else printf("/%d", bits); } diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 6cb09afc..1ca38ff8 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -151,13 +151,13 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target, a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); a.s_addr = r->max_ip; if (r->min_ip == r->max_ip) printf(" "); else - printf("-%s ", ipaddr_to_numeric(&a)); + printf("-%s ", xtables_ipaddr_to_numeric(&a)); if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) random_selection = 1; } @@ -181,13 +181,13 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target) struct in_addr a; a.s_addr = r->min_ip; - printf("--to %s", ipaddr_to_numeric(&a)); + printf("--to %s", xtables_ipaddr_to_numeric(&a)); a.s_addr = r->max_ip; if (r->min_ip == r->max_ip) printf(" "); else - printf("-%s ", ipaddr_to_numeric(&a)); + printf("-%s ", xtables_ipaddr_to_numeric(&a)); if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) random_selection = 1; } diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 8c28c0ee..2afcbb1e 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -196,10 +196,10 @@ static void print_range(const struct ip_nat_range *r) struct in_addr a; a.s_addr = r->min_ip; - printf("%s", ipaddr_to_numeric(&a)); + printf("%s", xtables_ipaddr_to_numeric(&a)); if (r->max_ip != r->min_ip) { a.s_addr = r->max_ip; - printf("-%s", ipaddr_to_numeric(&a)); + printf("-%s", xtables_ipaddr_to_numeric(&a)); } } if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index 9c701820..6b044d87 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -352,14 +352,14 @@ static void print_entry(char *prefix, const struct ipt_policy_elem *e, if (e->match.daddr) { PRINT_INVERT(e->invert.daddr); printf("%stunnel-dst %s%s ", prefix, - ipaddr_to_numeric((const void *)&e->daddr), - ipmask_to_numeric((const void *)&e->dmask)); + xtables_ipaddr_to_numeric((const void *)&e->daddr), + xtables_ipmask_to_numeric((const void *)&e->dmask)); } if (e->match.saddr) { PRINT_INVERT(e->invert.saddr); printf("%stunnel-src %s%s ", prefix, - ipaddr_to_numeric((const void *)&e->saddr), - ipmask_to_numeric((const void *)&e->smask)); + xtables_ipaddr_to_numeric((const void *)&e->saddr), + xtables_ipmask_to_numeric((const void *)&e->smask)); } } diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index d0933aef..2398c849 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -114,7 +114,7 @@ static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target { const struct xt_tproxy_target_info *info = (const void *)target->data; printf("TPROXY redirect %s:%u mark 0x%x/0x%x", - ipaddr_to_numeric((const struct in_addr *)&info->laddr), + xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr), ntohs(info->lport), (unsigned int)info->mark_value, (unsigned int)info->mark_mask); } @@ -125,7 +125,7 @@ static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target) printf("--on-port %u ", ntohs(info->lport)); printf("--on-ip %s ", - ipaddr_to_numeric((const struct in_addr *)&info->laddr)); + xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr)); printf("--tproxy-mark 0x%x/0x%x ", (unsigned int)info->mark_value, (unsigned int)info->mark_mask); } diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index facd0fc2..ffa279ca 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -761,9 +761,9 @@ conntrack_dump_addr(const union nf_inet_addr *addr, return; } if (numeric) - printf("%s ", ipaddr_to_numeric(&addr->in)); + printf("%s ", xtables_ipaddr_to_numeric(&addr->in)); else - printf("%s ", ipaddr_to_anyname(&addr->in)); + printf("%s ", xtables_ipaddr_to_anyname(&addr->in)); } else if (family == NFPROTO_IPV6) { if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 && addr->ip6[2] == 0 && addr->ip6[3] == 0) { @@ -771,9 +771,9 @@ conntrack_dump_addr(const union nf_inet_addr *addr, return; } if (numeric) - printf("%s ", ip6addr_to_numeric(&addr->in6)); + printf("%s ", xtables_ip6addr_to_numeric(&addr->in6)); else - printf("%s ", ip6addr_to_anyname(&addr->in6)); + printf("%s ", xtables_ip6addr_to_anyname(&addr->in6)); } } @@ -789,10 +789,10 @@ print_addr(struct in_addr *addr, struct in_addr *mask, int inv, int numeric) printf("%s ", "anywhere"); else { if (numeric) - sprintf(buf, "%s", ipaddr_to_numeric(addr)); + strcpy(buf, xtables_ipaddr_to_numeric(addr)); else - sprintf(buf, "%s", ipaddr_to_anyname(addr)); - strcat(buf, ipmask_to_numeric(mask)); + strcpy(buf, xtables_ipaddr_to_anyname(addr)); + strcat(buf, xtables_ipmask_to_numeric(mask)); printf("%s ", buf); } } diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 0fe2b4f0..9fdc70a6 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -250,15 +250,15 @@ iprange_mt4_print(const void *ip, const struct xt_entry_match *match, * ipaddr_to_numeric() uses a static buffer, so cannot * combine the printf() calls. */ - printf("%s", ipaddr_to_numeric(&info->src_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->src_max.in)); + printf("%s", xtables_ipaddr_to_numeric(&info->src_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in)); } if (info->flags & IPRANGE_DST) { printf("destination IP range "); if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("%s", ipaddr_to_numeric(&info->dst_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->dst_max.in)); + printf("%s", xtables_ipaddr_to_numeric(&info->dst_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in)); } } @@ -276,15 +276,15 @@ iprange_mt6_print(const void *ip, const struct xt_entry_match *match, * ipaddr_to_numeric() uses a static buffer, so cannot * combine the printf() calls. */ - printf("%s", ip6addr_to_numeric(&info->src_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->src_max.in6)); + printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6)); } if (info->flags & IPRANGE_DST) { printf("destination IP range "); if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("%s", ip6addr_to_numeric(&info->dst_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->dst_max.in6)); + printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } } @@ -315,14 +315,14 @@ static void iprange_mt4_save(const void *ip, const struct xt_entry_match *match) if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) printf("! "); - printf("--src-range %s", ipaddr_to_numeric(&info->src_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->src_max.in)); + printf("--src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in)); } if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("--dst-range %s", ipaddr_to_numeric(&info->dst_min.in)); - printf("-%s ", ipaddr_to_numeric(&info->dst_max.in)); + printf("--dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in)); + printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in)); } } @@ -333,14 +333,14 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match) if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) printf("! "); - printf("--src-range %s", ip6addr_to_numeric(&info->src_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->src_max.in6)); + printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6)); } if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST_INV) printf("! "); - printf("--dst-range %s", ip6addr_to_numeric(&info->dst_min.in6)); - printf("-%s ", ip6addr_to_numeric(&info->dst_max.in6)); + printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6)); + printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } } diff --git a/include/xtables.h.in b/include/xtables.h.in index e5737cb8..3099de8f 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -207,18 +207,18 @@ void exit_error(enum xtables_exittype, const char *, ...) __attribute__((noreturn, format(printf,2,3))); extern void xtables_param_act(unsigned int, const char *, ...); -extern const char *ipaddr_to_numeric(const struct in_addr *); -extern const char *ipaddr_to_anyname(const struct in_addr *); -extern const char *ipmask_to_numeric(const struct in_addr *); +extern const char *xtables_ipaddr_to_numeric(const struct in_addr *); +extern const char *xtables_ipaddr_to_anyname(const struct in_addr *); +extern const char *xtables_ipmask_to_numeric(const struct in_addr *); extern struct in_addr *numeric_to_ipaddr(const char *); extern struct in_addr *numeric_to_ipmask(const char *); extern void ipparse_hostnetworkmask(const char *, struct in_addr **, struct in_addr *, unsigned int *); extern struct in6_addr *numeric_to_ip6addr(const char *); -extern const char *ip6addr_to_numeric(const struct in6_addr *); -extern const char *ip6addr_to_anyname(const struct in6_addr *); -extern const char *ip6mask_to_numeric(const struct in6_addr *); +extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); +extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); +extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **, struct in6_addr *, unsigned int *); diff --git a/ip6tables.c b/ip6tables.c index cbacd899..f741c521 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -809,10 +809,10 @@ print_firewall(const struct ip6t_entry *fw, printf(FMT("%-19s ","%s "), "anywhere"); else { if (format & FMT_NUMERIC) - sprintf(buf, "%s", ip6addr_to_numeric(&fw->ipv6.src)); + strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.src)); else - sprintf(buf, "%s", ip6addr_to_anyname(&fw->ipv6.src)); - strcat(buf, ip6mask_to_numeric(&fw->ipv6.smsk)); + strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.src)); + strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.smsk)); printf(FMT("%-19s ","%s "), buf); } @@ -822,10 +822,10 @@ print_firewall(const struct ip6t_entry *fw, printf(FMT("%-19s ","-> %s"), "anywhere"); else { if (format & FMT_NUMERIC) - sprintf(buf, "%s", ip6addr_to_numeric(&fw->ipv6.dst)); + strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.dst)); else - sprintf(buf, "%s", ip6addr_to_anyname(&fw->ipv6.dst)); - strcat(buf, ip6mask_to_numeric(&fw->ipv6.dmsk)); + strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.dst)); + strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.dmsk)); printf(FMT("%-19s ","-> %s"), buf); } diff --git a/iptables.c b/iptables.c index 9adc2093..d3906fc9 100644 --- a/iptables.c +++ b/iptables.c @@ -803,10 +803,10 @@ print_firewall(const struct ipt_entry *fw, printf(FMT("%-19s ","%s "), "anywhere"); else { if (format & FMT_NUMERIC) - sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.src)); + strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src)); else - sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.src)); - strcat(buf, ipmask_to_numeric(&fw->ip.smsk)); + strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src)); + strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk)); printf(FMT("%-19s ","%s "), buf); } @@ -815,10 +815,10 @@ print_firewall(const struct ipt_entry *fw, printf(FMT("%-19s ","-> %s"), "anywhere"); else { if (format & FMT_NUMERIC) - sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.dst)); + strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst)); else - sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.dst)); - strcat(buf, ipmask_to_numeric(&fw->ip.dmsk)); + strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst)); + strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk)); printf(FMT("%-19s ","-> %s"), buf); } diff --git a/xtables.c b/xtables.c index 3ffefa22..07275f6e 100644 --- a/xtables.c +++ b/xtables.c @@ -748,7 +748,7 @@ void xtables_param_act(unsigned int status, const char *p1, ...) va_end(args); } -const char *ipaddr_to_numeric(const struct in_addr *addrp) +const char *xtables_ipaddr_to_numeric(const struct in_addr *addrp) { static char buf[20]; const unsigned char *bytep = (const void *)&addrp->s_addr; @@ -778,7 +778,7 @@ static const char *ipaddr_to_network(const struct in_addr *addr) return NULL; } -const char *ipaddr_to_anyname(const struct in_addr *addr) +const char *xtables_ipaddr_to_anyname(const struct in_addr *addr) { const char *name; @@ -786,10 +786,10 @@ const char *ipaddr_to_anyname(const struct in_addr *addr) (name = ipaddr_to_network(addr)) != NULL) return name; - return ipaddr_to_numeric(addr); + return xtables_ipaddr_to_numeric(addr); } -const char *ipmask_to_numeric(const struct in_addr *mask) +const char *xtables_ipmask_to_numeric(const struct in_addr *mask) { static char buf[20]; uint32_t maskaddr, bits; @@ -809,7 +809,7 @@ const char *ipmask_to_numeric(const struct in_addr *mask) sprintf(buf, "/%d", i); else /* mask was not a decent combination of 1's and 0's */ - sprintf(buf, "/%s", ipaddr_to_numeric(mask)); + sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask)); return buf; } @@ -987,7 +987,7 @@ void ipparse_hostnetworkmask(const char *name, struct in_addr **addrpp, } } -const char *ip6addr_to_numeric(const struct in6_addr *addrp) +const char *xtables_ip6addr_to_numeric(const struct in6_addr *addrp) { /* 0000:0000:0000:0000:0000:000.000.000.000 * 0000:0000:0000:0000:0000:0000:0000:0000 */ @@ -1020,14 +1020,14 @@ static const char *ip6addr_to_host(const struct in6_addr *addr) return hostname; } -const char *ip6addr_to_anyname(const struct in6_addr *addr) +const char *xtables_ip6addr_to_anyname(const struct in6_addr *addr) { const char *name; if ((name = ip6addr_to_host(addr)) != NULL) return name; - return ip6addr_to_numeric(addr); + return xtables_ip6addr_to_numeric(addr); } static int ip6addr_prefix_length(const struct in6_addr *k) @@ -1054,14 +1054,14 @@ static int ip6addr_prefix_length(const struct in6_addr *k) return bits; } -const char *ip6mask_to_numeric(const struct in6_addr *addrp) +const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) { static char buf[50+2]; int l = ip6addr_prefix_length(addrp); if (l == -1) { strcpy(buf, "/"); - strcat(buf, ip6addr_to_numeric(addrp)); + strcat(buf, xtables_ip6addr_to_numeric(addrp)); return buf; } sprintf(buf, "/%d", l); -- cgit v1.2.3 From 1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:20:32 +0100 Subject: libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt --- extensions/libipt_DNAT.c | 4 ++-- extensions/libipt_NETMAP.c | 4 ++-- extensions/libipt_SAME.c | 4 ++-- extensions/libipt_SNAT.c | 4 ++-- extensions/libxt_TPROXY.c | 2 +- extensions/libxt_iprange.c | 20 ++++++++++---------- include/xtables.h.in | 6 +++--- xtables.c | 14 +++++++------- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 42695bb4..0d355a0d 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -117,13 +117,13 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) if (dash) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range.min_ip = ip->s_addr; if (dash) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", dash+1); diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index 33f48c93..f6c8bfdf 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -75,14 +75,14 @@ parse_to(char *arg, struct ip_nat_range *range) if (slash) *slash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range->min_ip = ip->s_addr; if (slash) { if (strchr(slash+1, '.')) { - ip = numeric_to_ipmask(slash+1); + ip = xtables_numeric_to_ipmask(slash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n", slash+1); diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 1ca38ff8..6882242e 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -56,14 +56,14 @@ parse_to(char *arg, struct ip_nat_range *range) if (dash) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range->min_ip = ip->s_addr; if (dash) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", dash+1); diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 2afcbb1e..0780aa1a 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -117,13 +117,13 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info) if (dash) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", arg); range.min_ip = ip->s_addr; if (dash) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", dash+1); diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c index 2398c849..54ae96d2 100644 --- a/extensions/libxt_TPROXY.c +++ b/extensions/libxt_TPROXY.c @@ -50,7 +50,7 @@ static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info { struct in_addr *laddr; - if ((laddr = numeric_to_ipaddr(s)) == NULL) + if ((laddr = xtables_numeric_to_ipaddr(s)) == NULL) xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s); info->laddr = laddr->s_addr; diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 9fdc70a6..de079cbf 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -40,14 +40,14 @@ parse_iprange(char *arg, struct ipt_iprange *range) if (dash != NULL) *dash = '\0'; - ip = numeric_to_ipaddr(arg); + ip = xtables_numeric_to_ipaddr(arg); if (!ip) exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n", arg); range->min_ip = ip->s_addr; if (dash != NULL) { - ip = numeric_to_ipaddr(dash+1); + ip = xtables_numeric_to_ipaddr(dash+1); if (!ip) exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n", dash+1); @@ -112,11 +112,11 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, if (end == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); *end = '\0'; - ia = numeric_to_ipaddr(optarg); + ia = xtables_numeric_to_ipaddr(optarg); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); memcpy(&info->src_min.in, ia, sizeof(*ia)); - ia = numeric_to_ipaddr(end+1); + ia = xtables_numeric_to_ipaddr(end+1); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); @@ -131,11 +131,11 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, if (end == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); *end = '\0'; - ia = numeric_to_ipaddr(optarg); + ia = xtables_numeric_to_ipaddr(optarg); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); memcpy(&info->dst_min.in, ia, sizeof(*ia)); - ia = numeric_to_ipaddr(end + 1); + ia = xtables_numeric_to_ipaddr(end + 1); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); @@ -162,11 +162,11 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, if (end == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); *end = '\0'; - ia = numeric_to_ip6addr(optarg); + ia = xtables_numeric_to_ip6addr(optarg); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg); memcpy(&info->src_min.in, ia, sizeof(*ia)); - ia = numeric_to_ip6addr(end+1); + ia = xtables_numeric_to_ip6addr(end+1); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); @@ -181,11 +181,11 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags, if (end == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); *end = '\0'; - ia = numeric_to_ip6addr(optarg); + ia = xtables_numeric_to_ip6addr(optarg); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg); memcpy(&info->dst_min.in, ia, sizeof(*ia)); - ia = numeric_to_ip6addr(end + 1); + ia = xtables_numeric_to_ip6addr(end + 1); if (ia == NULL) xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); diff --git a/include/xtables.h.in b/include/xtables.h.in index 3099de8f..936bbcc8 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -210,12 +210,12 @@ extern void xtables_param_act(unsigned int, const char *, ...); extern const char *xtables_ipaddr_to_numeric(const struct in_addr *); extern const char *xtables_ipaddr_to_anyname(const struct in_addr *); extern const char *xtables_ipmask_to_numeric(const struct in_addr *); -extern struct in_addr *numeric_to_ipaddr(const char *); -extern struct in_addr *numeric_to_ipmask(const char *); +extern struct in_addr *xtables_numeric_to_ipaddr(const char *); +extern struct in_addr *xtables_numeric_to_ipmask(const char *); extern void ipparse_hostnetworkmask(const char *, struct in_addr **, struct in_addr *, unsigned int *); -extern struct in6_addr *numeric_to_ip6addr(const char *); +extern struct in6_addr *xtables_numeric_to_ip6addr(const char *); extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); diff --git a/xtables.c b/xtables.c index 07275f6e..859a82a5 100644 --- a/xtables.c +++ b/xtables.c @@ -860,12 +860,12 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask) return &addr; } -struct in_addr *numeric_to_ipaddr(const char *dotted) +struct in_addr *xtables_numeric_to_ipaddr(const char *dotted) { return __numeric_to_ipaddr(dotted, false); } -struct in_addr *numeric_to_ipmask(const char *dotted) +struct in_addr *xtables_numeric_to_ipmask(const char *dotted) { return __numeric_to_ipaddr(dotted, true); } @@ -914,7 +914,7 @@ ipparse_hostnetwork(const char *name, unsigned int *naddrs) { struct in_addr *addrptmp, *addrp; - if ((addrptmp = numeric_to_ipaddr(name)) != NULL || + if ((addrptmp = xtables_numeric_to_ipaddr(name)) != NULL || (addrptmp = network_to_ipaddr(name)) != NULL) { addrp = xtables_malloc(sizeof(struct in_addr)); memcpy(addrp, addrptmp, sizeof(*addrp)); @@ -938,7 +938,7 @@ static struct in_addr *parse_ipmask(const char *mask) maskaddr.s_addr = 0xFFFFFFFF; return &maskaddr; } - if ((addrp = numeric_to_ipmask(mask)) != NULL) + if ((addrp = xtables_numeric_to_ipmask(mask)) != NULL) /* dotted_to_addr already returns a network byte order addr */ return addrp; if (!xtables_strtoui(mask, NULL, &bits, 0, 32)) @@ -1068,7 +1068,7 @@ const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) return buf; } -struct in6_addr *numeric_to_ip6addr(const char *num) +struct in6_addr *xtables_numeric_to_ip6addr(const char *num) { static struct in6_addr ap; int err; @@ -1136,7 +1136,7 @@ ip6parse_hostnetwork(const char *name, unsigned int *naddrs) { struct in6_addr *addrp, *addrptmp; - if ((addrptmp = numeric_to_ip6addr(name)) != NULL || + if ((addrptmp = xtables_numeric_to_ip6addr(name)) != NULL || (addrptmp = network_to_ip6addr(name)) != NULL) { addrp = xtables_malloc(sizeof(struct in6_addr)); memcpy(addrp, addrptmp, sizeof(*addrp)); @@ -1160,7 +1160,7 @@ static struct in6_addr *parse_ip6mask(char *mask) memset(&maskaddr, 0xff, sizeof maskaddr); return &maskaddr; } - if ((addrp = numeric_to_ip6addr(mask)) != NULL) + if ((addrp = xtables_numeric_to_ip6addr(mask)) != NULL) return addrp; if (!xtables_strtoui(mask, NULL, &bits, 0, 128)) exit_error(PARAMETER_PROBLEM, -- cgit v1.2.3 From aae6be9edc99e58164a3592c510fe5488141c698 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:24:47 +0100 Subject: libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt --- extensions/libipt_REDIRECT.c | 2 +- extensions/libxt_dccp.c | 6 +++--- extensions/libxt_multiport.c | 6 +++--- extensions/libxt_physdev.c | 4 ++-- extensions/libxt_sctp.c | 6 +++--- extensions/libxt_tcp.c | 6 +++--- extensions/libxt_udp.c | 6 +++--- include/xtables.h.in | 6 +++--- ip6tables.c | 4 ++-- iptables.c | 4 ++-- xtables.c | 9 +++++---- 11 files changed, 30 insertions(+), 29 deletions(-) diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 64ab737b..1ef2b2ec 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -48,7 +48,7 @@ parse_ports(const char *arg, struct ip_nat_multi_range *mr) port = atoi(arg); if (port == 0) - port = service_to_port(arg, NULL); + port = xtables_service_to_port(arg, NULL); if (port == 0 || port > 65535) exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg); diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index b7b55e27..9be06582 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -62,14 +62,14 @@ parse_dccp_ports(const char *portstring, buffer = strdup(portstring); DEBUGP("%s\n", portstring); if ((cp = strchr(buffer, ':')) == NULL) { - ports[0] = ports[1] = parse_port(buffer, "dccp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "dccp"); } else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "dccp") : 0; - ports[1] = cp[0] ? parse_port(cp, "dccp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "dccp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c index dae6e335..a7db2a83 100644 --- a/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c @@ -81,7 +81,7 @@ parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto) { next=strchr(cp, ','); if (next) *next++='\0'; - ports[i] = parse_port(cp, proto); + ports[i] = xtables_parse_port(cp, proto); } if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified"); free(buffer); @@ -113,10 +113,10 @@ parse_multi_ports_v1(const char *portstring, "too many ports specified"); *range++ = '\0'; } - multiinfo->ports[i] = parse_port(cp, proto); + multiinfo->ports[i] = xtables_parse_port(cp, proto); if (range) { multiinfo->pflags[i] = 1; - multiinfo->ports[++i] = parse_port(range, proto); + multiinfo->ports[++i] = xtables_parse_port(range, proto); if (multiinfo->ports[i-1] >= multiinfo->ports[i]) exit_error(PARAMETER_PROBLEM, "invalid portrange specified"); diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c index 0572aba9..6152cb37 100644 --- a/extensions/libxt_physdev.c +++ b/extensions/libxt_physdev.c @@ -44,7 +44,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & XT_PHYSDEV_OP_IN) goto multiple_use; check_inverse(optarg, &invert, &optind, 0); - parse_interface(argv[optind-1], info->physindev, + xtables_parse_interface(argv[optind-1], info->physindev, (unsigned char *)info->in_mask); if (invert) info->invert |= XT_PHYSDEV_OP_IN; @@ -56,7 +56,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & XT_PHYSDEV_OP_OUT) goto multiple_use; check_inverse(optarg, &invert, &optind, 0); - parse_interface(argv[optind-1], info->physoutdev, + xtables_parse_interface(argv[optind-1], info->physoutdev, (unsigned char *)info->out_mask); if (invert) info->invert |= XT_PHYSDEV_OP_OUT; diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c index 37a6423e..6348a2f9 100644 --- a/extensions/libxt_sctp.c +++ b/extensions/libxt_sctp.c @@ -85,14 +85,14 @@ parse_sctp_ports(const char *portstring, buffer = strdup(portstring); DEBUGP("%s\n", portstring); if ((cp = strchr(buffer, ':')) == NULL) { - ports[0] = ports[1] = parse_port(buffer, "sctp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "sctp"); } else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "sctp") : 0; - ports[1] = cp[0] ? parse_port(cp, "sctp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "sctp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "sctp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index 56bdba5d..bb667478 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -44,13 +44,13 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports) buffer = strdup(portstring); if ((cp = strchr(buffer, ':')) == NULL) - ports[0] = ports[1] = parse_port(buffer, "tcp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "tcp"); else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "tcp") : 0; - ports[1] = cp[0] ? parse_port(cp, "tcp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "tcp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "tcp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c index f64fd1cf..40128411 100644 --- a/extensions/libxt_udp.c +++ b/extensions/libxt_udp.c @@ -36,13 +36,13 @@ parse_udp_ports(const char *portstring, u_int16_t *ports) buffer = strdup(portstring); if ((cp = strchr(buffer, ':')) == NULL) - ports[0] = ports[1] = parse_port(buffer, "udp"); + ports[0] = ports[1] = xtables_parse_port(buffer, "udp"); else { *cp = '\0'; cp++; - ports[0] = buffer[0] ? parse_port(buffer, "udp") : 0; - ports[1] = cp[0] ? parse_port(cp, "udp") : 0xFFFF; + ports[0] = buffer[0] ? xtables_parse_port(buffer, "udp") : 0; + ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF; if (ports[0] > ports[1]) exit_error(PARAMETER_PROBLEM, diff --git a/include/xtables.h.in b/include/xtables.h.in index 936bbcc8..abde4d86 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -194,10 +194,10 @@ extern bool xtables_strtoul(const char *, char **, unsigned long *, unsigned long, unsigned long); extern bool xtables_strtoui(const char *, char **, unsigned int *, unsigned int, unsigned int); -extern int service_to_port(const char *name, const char *proto); -extern u_int16_t parse_port(const char *port, const char *proto); +extern int xtables_service_to_port(const char *name, const char *proto); +extern u_int16_t xtables_parse_port(const char *port, const char *proto); extern void -parse_interface(const char *arg, char *vianame, unsigned char *mask); +xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask); /* this is a special 64bit data type that is 8-byte aligned */ #define aligned_u64 u_int64_t __attribute__((aligned(8))) diff --git a/ip6tables.c b/ip6tables.c index f741c521..fd732763 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1700,7 +1700,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags, invert); - parse_interface(argv[optind-1], + xtables_parse_interface(argv[optind-1], fw.ipv6.iniface, fw.ipv6.iniface_mask); break; @@ -1709,7 +1709,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags, invert); - parse_interface(argv[optind-1], + xtables_parse_interface(argv[optind-1], fw.ipv6.outiface, fw.ipv6.outiface_mask); break; diff --git a/iptables.c b/iptables.c index d3906fc9..aeb40d8a 100644 --- a/iptables.c +++ b/iptables.c @@ -1705,7 +1705,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags, invert); - parse_interface(argv[optind-1], + xtables_parse_interface(argv[optind-1], fw.ip.iniface, fw.ip.iniface_mask); break; @@ -1714,7 +1714,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags, invert); - parse_interface(argv[optind-1], + xtables_parse_interface(argv[optind-1], fw.ip.outiface, fw.ip.outiface_mask); break; diff --git a/xtables.c b/xtables.c index 859a82a5..a387ae0a 100644 --- a/xtables.c +++ b/xtables.c @@ -236,7 +236,7 @@ bool xtables_strtoui(const char *s, char **end, unsigned int *value, return ret; } -int service_to_port(const char *name, const char *proto) +int xtables_service_to_port(const char *name, const char *proto) { struct servent *service; @@ -246,19 +246,20 @@ int service_to_port(const char *name, const char *proto) return -1; } -u_int16_t parse_port(const char *port, const char *proto) +u_int16_t xtables_parse_port(const char *port, const char *proto) { unsigned int portnum; if (xtables_strtoui(port, NULL, &portnum, 0, UINT16_MAX) || - (portnum = service_to_port(port, proto)) != (unsigned)-1) + (portnum = xtables_service_to_port(port, proto)) != (unsigned)-1) return portnum; exit_error(PARAMETER_PROBLEM, "invalid port/service `%s' specified", port); } -void parse_interface(const char *arg, char *vianame, unsigned char *mask) +void xtables_parse_interface(const char *arg, char *vianame, + unsigned char *mask) { int vialen = strlen(arg); unsigned int i; -- cgit v1.2.3 From a0baae85f8159f03d52535934aa9b3a375e0f1f3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:32:50 +0100 Subject: libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt --- extensions/libip6t_policy.c | 4 ++-- extensions/libipt_LOG.c | 2 +- extensions/libipt_ULOG.c | 2 +- extensions/libipt_policy.c | 4 ++-- extensions/libxt_NFLOG.c | 2 +- extensions/libxt_conntrack.c | 24 ++++++++++++------------ extensions/libxt_helper.c | 2 +- include/xtables.h.in | 6 +++--- ip6tables.c | 4 ++-- iptables.c | 4 ++-- xtables.c | 17 ++++++++++++----- 11 files changed, 39 insertions(+), 32 deletions(-) diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c index 357cbea1..fa855c12 100644 --- a/extensions/libip6t_policy.c +++ b/extensions/libip6t_policy.c @@ -214,7 +214,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-src option"); - ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); @@ -229,7 +229,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-dst option"); - ip6parse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index aefb54a6..23790a0d 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -235,7 +235,7 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target) if (strcmp(loginfo->prefix, "") != 0) { printf("--log-prefix "); - save_string(loginfo->prefix); + xtables_save_string(loginfo->prefix); } if (loginfo->level != LOG_DEFAULT_LEVEL) diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c index d73a3f65..6e346d81 100644 --- a/extensions/libipt_ULOG.c +++ b/extensions/libipt_ULOG.c @@ -151,7 +151,7 @@ static void ULOG_save(const void *ip, const struct xt_entry_target *target) if (strcmp(loginfo->prefix, "") != 0) { fputs("--ulog-prefix ", stdout); - save_string(loginfo->prefix); + xtables_save_string(loginfo->prefix); } if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) { diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index 6b044d87..c9ce850c 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -182,7 +182,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-src option"); - ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); @@ -197,7 +197,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --tunnel-dst option"); - ipparse_hostnetworkmask(argv[optind-1], &addr, &mask, &naddr); + xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr); if (naddr > 1) exit_error(PARAMETER_PROBLEM, "policy match: name resolves to multiple IPs"); diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index fe22e981..bedfbe90 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -113,7 +113,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix) { if (info->prefix[0] != '\0') { printf("%snflog-prefix ", prefix); - save_string(info->prefix); + xtables_save_string(info->prefix); } if (info->group) printf("%snflog-group %u ", prefix, info->group); diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index ffa279ca..958f842f 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -333,7 +333,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGSRC; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->sipmsk[IP_CT_DIR_ORIGINAL], &naddrs); if(naddrs > 1) @@ -353,7 +353,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGDST; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->dipmsk[IP_CT_DIR_ORIGINAL], &naddrs); if(naddrs > 1) @@ -373,7 +373,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_REPLSRC; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->sipmsk[IP_CT_DIR_REPLY], &naddrs); if(naddrs > 1) @@ -393,7 +393,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_REPLDST; - ipparse_hostnetworkmask(argv[optind-1], &addrs, + xtables_ipparse_any(argv[optind-1], &addrs, &sinfo->dipmsk[IP_CT_DIR_REPLY], &naddrs); if(naddrs > 1) @@ -551,7 +551,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '3': /* --ctorigsrc */ - ipparse_hostnetworkmask(optarg, &addr, &info->origsrc_mask.in, + xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -564,7 +564,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': /* --ctorigdst */ - ipparse_hostnetworkmask(optarg, &addr, &info->origdst_mask.in, + xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -577,7 +577,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': /* --ctreplsrc */ - ipparse_hostnetworkmask(optarg, &addr, &info->replsrc_mask.in, + xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -590,7 +590,7 @@ conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': /* --ctrepldst */ - ipparse_hostnetworkmask(optarg, &addr, &info->repldst_mask.in, + xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -621,7 +621,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '3': /* --ctorigsrc */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->origsrc_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -634,7 +634,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': /* --ctorigdst */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->origdst_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -647,7 +647,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': /* --ctreplsrc */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->replsrc_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, @@ -660,7 +660,7 @@ conntrack_mt6_parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': /* --ctrepldst */ - ip6parse_hostnetworkmask(optarg, &addr, + xtables_ip6parse_any(optarg, &addr, &info->repldst_mask.in6, &naddrs); if (naddrs > 1) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c index b60c9826..23025cd4 100644 --- a/extensions/libxt_helper.c +++ b/extensions/libxt_helper.c @@ -65,7 +65,7 @@ static void helper_save(const void *ip, const struct xt_entry_match *match) struct xt_helper_info *info = (struct xt_helper_info *)match->data; printf("%s--helper ",info->invert ? "! " : ""); - save_string(info->name); + xtables_save_string(info->name); } static struct xtables_match helper_match = { diff --git a/include/xtables.h.in b/include/xtables.h.in index abde4d86..c3c960b1 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -212,21 +212,21 @@ extern const char *xtables_ipaddr_to_anyname(const struct in_addr *); extern const char *xtables_ipmask_to_numeric(const struct in_addr *); extern struct in_addr *xtables_numeric_to_ipaddr(const char *); extern struct in_addr *xtables_numeric_to_ipmask(const char *); -extern void ipparse_hostnetworkmask(const char *, struct in_addr **, +extern void xtables_ipparse_any(const char *, struct in_addr **, struct in_addr *, unsigned int *); extern struct in6_addr *xtables_numeric_to_ip6addr(const char *); extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); -extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **, +extern void xtables_ip6parse_any(const char *, struct in6_addr **, struct in6_addr *, unsigned int *); /** * Print the specified value to standard output, quoting dangerous * characters if required. */ -extern void save_string(const char *value); +extern void xtables_save_string(const char *value); #ifdef NO_SHARED_LIBS # ifdef _INIT diff --git a/ip6tables.c b/ip6tables.c index fd732763..48a6bec4 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1945,11 +1945,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand } if (shostnetworkmask) - ip6parse_hostnetworkmask(shostnetworkmask, &saddrs, + xtables_ip6parse_any(shostnetworkmask, &saddrs, &fw.ipv6.smsk, &nsaddrs); if (dhostnetworkmask) - ip6parse_hostnetworkmask(dhostnetworkmask, &daddrs, + xtables_ip6parse_any(dhostnetworkmask, &daddrs, &fw.ipv6.dmsk, &ndaddrs); if ((nsaddrs > 1 || ndaddrs > 1) && diff --git a/iptables.c b/iptables.c index aeb40d8a..925464c0 100644 --- a/iptables.c +++ b/iptables.c @@ -1974,11 +1974,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle } if (shostnetworkmask) - ipparse_hostnetworkmask(shostnetworkmask, &saddrs, + xtables_ipparse_any(shostnetworkmask, &saddrs, &fw.ip.smsk, &nsaddrs); if (dhostnetworkmask) - ipparse_hostnetworkmask(dhostnetworkmask, &daddrs, + xtables_ipparse_any(dhostnetworkmask, &daddrs, &fw.ip.dmsk, &ndaddrs); if ((nsaddrs > 1 || ndaddrs > 1) && diff --git a/xtables.c b/xtables.c index a387ae0a..8a79c5b1 100644 --- a/xtables.c +++ b/xtables.c @@ -954,8 +954,15 @@ static struct in_addr *parse_ipmask(const char *mask) return &maskaddr; } -void ipparse_hostnetworkmask(const char *name, struct in_addr **addrpp, - struct in_addr *maskp, unsigned int *naddrs) +/** + * xtables_ipparse_any - transform arbitrary name to in_addr + * + * Possible inputs (pseudo regex): + * m{^($hostname|$networkname|$ipaddr)(/$mask)?} + * "1.2.3.4/5", "1.2.3.4", "hostname", "networkname" + */ +void xtables_ipparse_any(const char *name, struct in_addr **addrpp, + struct in_addr *maskp, unsigned int *naddrs) { unsigned int i, j, k, n; struct in_addr *addrp; @@ -1178,8 +1185,8 @@ static struct in6_addr *parse_ip6mask(char *mask) return &maskaddr; } -void ip6parse_hostnetworkmask(const char *name, struct in6_addr **addrpp, - struct in6_addr *maskp, unsigned int *naddrs) +void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp, + struct in6_addr *maskp, unsigned int *naddrs) { struct in6_addr *addrp; unsigned int i, j, k, n; @@ -1214,7 +1221,7 @@ void ip6parse_hostnetworkmask(const char *name, struct in6_addr **addrpp, } } -void save_string(const char *value) +void xtables_save_string(const char *value) { static const char no_quote_chars[] = "_-0123456789" "abcdefghijklmnopqrstuvwxyz" -- cgit v1.2.3 From 0f16c725aadaac7e670d632ecbaea3661ff00827 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:55:38 +0100 Subject: libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt --- extensions/libip6t_HL.c | 2 +- extensions/libip6t_LOG.c | 4 ++-- extensions/libip6t_REJECT.c | 2 +- extensions/libip6t_ah.c | 4 ++-- extensions/libip6t_dst.c | 4 ++-- extensions/libip6t_frag.c | 4 ++-- extensions/libip6t_hbh.c | 4 ++-- extensions/libip6t_hl.c | 2 +- extensions/libip6t_icmp6.c | 2 +- extensions/libip6t_ipv6header.c | 2 +- extensions/libip6t_mh.c | 2 +- extensions/libip6t_policy.c | 2 +- extensions/libip6t_rt.c | 8 ++++---- extensions/libipt_DNAT.c | 2 +- extensions/libipt_LOG.c | 4 ++-- extensions/libipt_MASQUERADE.c | 2 +- extensions/libipt_NETMAP.c | 2 +- extensions/libipt_REDIRECT.c | 2 +- extensions/libipt_REJECT.c | 2 +- extensions/libipt_SAME.c | 2 +- extensions/libipt_SET.c | 2 +- extensions/libipt_SNAT.c | 2 +- extensions/libipt_TTL.c | 2 +- extensions/libipt_ULOG.c | 4 ++-- extensions/libipt_addrtype.c | 8 ++++---- extensions/libipt_ah.c | 2 +- extensions/libipt_ecn.c | 6 +++--- extensions/libipt_icmp.c | 2 +- extensions/libipt_policy.c | 2 +- extensions/libipt_realm.c | 2 +- extensions/libipt_set.c | 2 +- extensions/libipt_ttl.c | 2 +- extensions/libxt_NFLOG.c | 4 ++-- extensions/libxt_comment.c | 2 +- extensions/libxt_connbytes.c | 2 +- extensions/libxt_connlimit.c | 2 +- extensions/libxt_connmark.c | 2 +- extensions/libxt_conntrack.c | 16 ++++++++-------- extensions/libxt_dccp.c | 8 ++++---- extensions/libxt_dscp.c | 4 ++-- extensions/libxt_esp.c | 2 +- extensions/libxt_hashlimit.c | 16 ++++++++-------- extensions/libxt_helper.c | 2 +- extensions/libxt_iprange.c | 4 ++-- extensions/libxt_length.c | 2 +- extensions/libxt_limit.c | 4 ++-- extensions/libxt_mac.c | 2 +- extensions/libxt_mark.c | 2 +- extensions/libxt_multiport.c | 12 ++++++------ extensions/libxt_physdev.c | 10 +++++----- extensions/libxt_pkttype.c | 2 +- extensions/libxt_quota.c | 2 +- extensions/libxt_rateest.c | 20 ++++++++++---------- extensions/libxt_recent.c | 8 ++++---- extensions/libxt_sctp.c | 6 +++--- extensions/libxt_state.c | 2 +- extensions/libxt_string.c | 4 ++-- extensions/libxt_tcp.c | 8 ++++---- extensions/libxt_tcpmss.c | 2 +- extensions/libxt_udp.c | 4 ++-- include/xtables.h.in | 3 ++- ip6tables.c | 30 +++++------------------------- iptables.c | 30 +++++------------------------- xtables.c | 28 ++++++++++++++++++++++++++++ 64 files changed, 164 insertions(+), 175 deletions(-) diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c index 4aed4fd8..0a987139 100644 --- a/extensions/libip6t_HL.c +++ b/extensions/libip6t_HL.c @@ -40,7 +40,7 @@ static int HL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "HL: You must specify a value"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "HL: unexpected `!'"); diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index a8ac1359..79877350 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -112,7 +112,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-level twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-level"); @@ -125,7 +125,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-prefix"); diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c index 0e212021..1c2be686 100644 --- a/extensions/libip6t_REJECT.c +++ b/extensions/libip6t_REJECT.c @@ -85,7 +85,7 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --reject-with"); for (i = 0; i < limit; i++) { diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c index 63d15734..83ed4514 100644 --- a/extensions/libip6t_ah.c +++ b/extensions/libip6t_ah.c @@ -86,7 +86,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_AH_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--ahspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_ah_spis(argv[optind-1], ahinfo->spis); if (invert) ahinfo->invflags |= IP6T_AH_INV_SPI; @@ -96,7 +96,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_AH_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--ahlen' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length"); if (invert) ahinfo->invflags |= IP6T_AH_INV_LEN; diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c index 43562c17..e19abc4b 100644 --- a/extensions/libip6t_dst.c +++ b/extensions/libip6t_dst.c @@ -125,7 +125,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--dst-len' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); optinfo->hdrlen = parse_opts_num(argv[optind-1], "length"); if (invert) optinfo->invflags |= IP6T_OPTS_INV_LEN; @@ -136,7 +136,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_OPTS) exit_error(PARAMETER_PROBLEM, "Only one `--dst-opts' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, " '!' not allowed with `--dst-opts'"); diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 7c22429e..b55ef26f 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -94,7 +94,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_FRAG_IDS) exit_error(PARAMETER_PROBLEM, "Only one `--fragid' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_frag_ids(argv[optind-1], fraginfo->ids); if (invert) fraginfo->invflags |= IP6T_FRAG_INV_IDS; @@ -105,7 +105,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_FRAG_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--fraglen' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); fraginfo->hdrlen = parse_frag_id(argv[optind-1], "length"); if (invert) fraginfo->invflags |= IP6T_FRAG_INV_LEN; diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c index 6c7458d8..3354eae4 100644 --- a/extensions/libip6t_hbh.c +++ b/extensions/libip6t_hbh.c @@ -120,7 +120,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--hbh-len' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); optinfo->hdrlen = parse_opts_num(argv[optind-1], "length"); if (invert) optinfo->invflags |= IP6T_OPTS_INV_LEN; @@ -131,7 +131,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_OPTS_OPTS) exit_error(PARAMETER_PROBLEM, "Only one `--hbh-opts' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, " '!' not allowed with `--hbh-opts'"); diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c index 77275812..286f4324 100644 --- a/extensions/libip6t_hl.c +++ b/extensions/libip6t_hl.c @@ -30,7 +30,7 @@ static int hl_parse(int c, char **argv, int invert, unsigned int *flags, struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data; u_int8_t value; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); value = atoi(argv[optind-1]); if (*flags) diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index 401c2780..5af9b02e 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -157,7 +157,7 @@ static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags == 1) exit_error(PARAMETER_PROBLEM, "icmpv6 match: only use --icmpv6-type once!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_icmpv6(argv[optind-1], &icmpv6info->type, icmpv6info->code); if (invert) diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index ea8870a5..982e6a7b 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -192,7 +192,7 @@ ipv6header_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--header' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (! (info->matchflags = parse_header(argv[optind-1])) ) exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names"); diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c index f8c4e247..78fc804a 100644 --- a/extensions/libip6t_mh.c +++ b/extensions/libip6t_mh.c @@ -134,7 +134,7 @@ static int mh_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & MH_TYPES) exit_error(PARAMETER_PROBLEM, "Only one `--mh-type' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_mh_types(argv[optind-1], mhinfo->types); if (invert) mhinfo->invflags |= IP6T_MH_INV_TYPE; diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c index fa855c12..83ee48ec 100644 --- a/extensions/libip6t_policy.c +++ b/extensions/libip6t_policy.c @@ -160,7 +160,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, unsigned int naddr = 0; int mode; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); switch (c) { case '1': diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c index 49d86fa3..64c98efc 100644 --- a/extensions/libip6t_rt.c +++ b/extensions/libip6t_rt.c @@ -158,7 +158,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_RT_TYP) exit_error(PARAMETER_PROBLEM, "Only one `--rt-type' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); rtinfo->rt_type = parse_rt_num(argv[optind-1], "type"); if (invert) rtinfo->invflags |= IP6T_RT_INV_TYP; @@ -169,7 +169,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_RT_SGS) exit_error(PARAMETER_PROBLEM, "Only one `--rt-segsleft' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_rt_segsleft(argv[optind-1], rtinfo->segsleft); if (invert) rtinfo->invflags |= IP6T_RT_INV_SGS; @@ -180,7 +180,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IP6T_RT_LEN) exit_error(PARAMETER_PROBLEM, "Only one `--rt-len' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); rtinfo->hdrlen = parse_rt_num(argv[optind-1], "length"); if (invert) rtinfo->invflags |= IP6T_RT_INV_LEN; @@ -204,7 +204,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags, if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) ) exit_error(PARAMETER_PROBLEM, "`--rt-type 0' required before `--rt-0-addrs'"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, " '!' not allowed with `--rt-0-addrs'"); diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 0d355a0d..371ec79a 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -152,7 +152,7 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-destination"); diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 23790a0d..bc7e8a4e 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -112,7 +112,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-level twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-level"); @@ -125,7 +125,7 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-prefix"); diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 1f932949..0ee155c2 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -90,7 +90,7 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-ports"); diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index f6c8bfdf..9949c99b 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -118,7 +118,7 @@ static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s", NETMAP_opts[0].name); diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 1ef2b2ec..c6afbdcc 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -97,7 +97,7 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-ports"); diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index ef404e67..db94306e 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -99,7 +99,7 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --reject-with"); for (i = 0; i < limit; i++) { diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 6882242e..007ebc35 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -93,7 +93,7 @@ static int SAME_parse(int c, char **argv, int invert, unsigned int *flags, "Too many ranges specified, maximum " "is %i ranges.\n", IPT_SAME_MAX_RANGE); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to"); diff --git a/extensions/libipt_SET.c b/extensions/libipt_SET.c index 7ec0c31c..45967be2 100644 --- a/extensions/libipt_SET.c +++ b/extensions/libipt_SET.c @@ -57,7 +57,7 @@ parse_target(char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "--%s can be specified only once", what); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s", what); diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 0780aa1a..96ef56e4 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -152,7 +152,7 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-source"); diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index 6036161d..15d23ba2 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -40,7 +40,7 @@ static int TTL_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "TTL: You must specify a value"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "TTL: unexpected `!'"); diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c index 6e346d81..89d09409 100644 --- a/extensions/libipt_ULOG.c +++ b/extensions/libipt_ULOG.c @@ -77,7 +77,7 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --ulog-nlgroup twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --ulog-nlgroup"); group_d = atoi(optarg); @@ -95,7 +95,7 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --ulog-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --ulog-prefix"); diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c index dc43a3f5..446cf0f3 100644 --- a/extensions/libipt_addrtype.c +++ b/extensions/libipt_addrtype.c @@ -107,7 +107,7 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags, if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify src-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->source); if (invert) info->invert_source = 1; @@ -117,7 +117,7 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags, if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify dst-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->dest); if (invert) info->invert_dest = 1; @@ -142,7 +142,7 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify src-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->source); if (invert) info->flags |= IPT_ADDRTYPE_INVERT_SOURCE; @@ -152,7 +152,7 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE) exit_error(PARAMETER_PROBLEM, "addrtype: can't specify dst-type twice"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_types(argv[optind-1], &info->dest); if (invert) info->flags |= IPT_ADDRTYPE_INVERT_DEST; diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index 10998d8b..31977dd6 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -82,7 +82,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & AH_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--ahspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_ah_spis(argv[optind-1], ahinfo->spis); if (invert) ahinfo->invflags |= IPT_AH_INV_SPI; diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c index c2276e96..3b9da71a 100644 --- a/extensions/libipt_ecn.c +++ b/extensions/libipt_ecn.c @@ -44,7 +44,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_MATCH_CWR) exit_error(PARAMETER_PROBLEM, "ECN match: can only use parameter ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->operation |= IPT_ECN_OP_MATCH_CWR; if (invert) einfo->invert |= IPT_ECN_OP_MATCH_CWR; @@ -55,7 +55,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_MATCH_ECE) exit_error(PARAMETER_PROBLEM, "ECN match: can only use parameter ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->operation |= IPT_ECN_OP_MATCH_ECE; if (invert) einfo->invert |= IPT_ECN_OP_MATCH_ECE; @@ -66,7 +66,7 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ECN_OP_MATCH_IP) exit_error(PARAMETER_PROBLEM, "ECN match: can only use parameter ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) einfo->invert |= IPT_ECN_OP_MATCH_IP; *flags |= IPT_ECN_OP_MATCH_IP; diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index de4c3387..0fd132be 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -182,7 +182,7 @@ static int icmp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags == 1) exit_error(PARAMETER_PROBLEM, "icmp match: only use --icmp-type once!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_icmp(argv[optind-1], &icmpinfo->type, icmpinfo->code); if (invert) diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index c9ce850c..742eeba9 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -128,7 +128,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, unsigned int naddr = 0; int mode; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); switch (c) { case '1': diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c index 22cbe276..e602dad1 100644 --- a/extensions/libipt_realm.c +++ b/extensions/libipt_realm.c @@ -157,7 +157,7 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); end = optarg = argv[optind-1]; realminfo->id = strtoul(optarg, &end, 0); if (end != optarg && (*end == '/' || *end == '\0')) { diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c index 9bdb007d..5b9e1fdc 100644 --- a/extensions/libipt_set.c +++ b/extensions/libipt_set.c @@ -58,7 +58,7 @@ static int set_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "--set can be specified only once"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->flags[0] |= IPSET_MATCH_INV; diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index 1fa7bd31..3387e924 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -29,7 +29,7 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags, struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data; unsigned int value; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); switch (c) { case '2': diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index bedfbe90..6d8c9dc6 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -51,7 +51,7 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & NFLOG_GROUP) exit_error(PARAMETER_PROBLEM, "Can't specify --nflog-group twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --nflog-group"); @@ -65,7 +65,7 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & NFLOG_PREFIX) exit_error(PARAMETER_PROBLEM, "Can't specify --nflog-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --nflog-prefix"); diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c index a7f96d4f..9bad1256 100644 --- a/extensions/libxt_comment.c +++ b/extensions/libxt_comment.c @@ -46,7 +46,7 @@ comment_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (invert) { exit_error(PARAMETER_PROBLEM, "Sorry, you can't have an inverted comment"); diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c index b77ba38b..5fc0f2a6 100644 --- a/extensions/libxt_connbytes.c +++ b/extensions/libxt_connbytes.c @@ -52,7 +52,7 @@ connbytes_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, &optind, 0)) + if (xtables_check_inverse(optarg, &invert, &optind, 0)) optind++; parse_range(argv[optind-1], sinfo); diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c index 117222a7..f43eada1 100644 --- a/extensions/libxt_connlimit.c +++ b/extensions/libxt_connlimit.c @@ -63,7 +63,7 @@ static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "--connlimit-above may be given only once"); *flags |= 0x1; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->limit = strtoul(argv[optind-1], NULL, 0); info->inverse = invert; break; diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index 0f47a8f4..d5ca4e0b 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -82,7 +82,7 @@ connmark_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); markinfo->mask = 0xffffffffUL; diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 958f842f..914b253b 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -297,7 +297,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_states(argv[optind-1], sinfo); if (invert) { @@ -307,7 +307,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if(invert) sinfo->invflags |= XT_CONNTRACK_PROTO; @@ -328,7 +328,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGSRC; @@ -348,7 +348,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGDST; @@ -368,7 +368,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_REPLSRC; @@ -388,7 +388,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= XT_CONNTRACK_REPLDST; @@ -408,7 +408,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '7': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_statuses(argv[optind-1], sinfo); if (invert) { @@ -418,7 +418,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, break; case '8': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_expires(argv[optind-1], sinfo); if (invert) { diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c index 9be06582..dbf6223c 100644 --- a/extensions/libxt_dccp.c +++ b/extensions/libxt_dccp.c @@ -141,7 +141,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); einfo->flags |= XT_DCCP_SRC_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_dccp_ports(argv[optind-1], einfo->spts); if (invert) einfo->invflags |= XT_DCCP_SRC_PORTS; @@ -153,7 +153,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); einfo->flags |= XT_DCCP_DEST_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_dccp_ports(argv[optind-1], einfo->dpts); if (invert) einfo->invflags |= XT_DCCP_DEST_PORTS; @@ -165,7 +165,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--dccp-types' allowed"); einfo->flags |= XT_DCCP_TYPE; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->typemask = parse_dccp_types(argv[optind-1]); if (invert) einfo->invflags |= XT_DCCP_TYPE; @@ -177,7 +177,7 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--dccp-option' allowed"); einfo->flags |= XT_DCCP_OPTION; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); einfo->option = parse_dccp_option(argv[optind-1]); if (invert) einfo->invflags |= XT_DCCP_OPTION; diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c index fce14c26..e57c2673 100644 --- a/extensions/libxt_dscp.c +++ b/extensions/libxt_dscp.c @@ -82,7 +82,7 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "DSCP match: Only use --dscp ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_dscp(argv[optind-1], dinfo); if (invert) dinfo->invert = 1; @@ -93,7 +93,7 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "DSCP match: Only use --dscp-class ONCE!"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_class(argv[optind - 1], dinfo); if (invert) dinfo->invert = 1; diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c index 34df876d..2cc6b60f 100644 --- a/extensions/libxt_esp.c +++ b/extensions/libxt_esp.c @@ -88,7 +88,7 @@ esp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & ESP_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--espspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_esp_spis(argv[optind-1], espinfo->spis); if (invert) espinfo->invflags |= XT_ESP_INV_SPI; diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index f63db64e..b05e8c8c 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -219,7 +219,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case '%': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit", *flags & PARAM_LIMIT); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->cfg.avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); @@ -229,7 +229,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case '$': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-burst `%s'", optarg); @@ -239,7 +239,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case '&': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-size: `%s'", optarg); @@ -249,7 +249,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case '*': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-max: `%s'", optarg); @@ -260,7 +260,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-gcinterval: `%s'", @@ -272,7 +272,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case ')': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-expire: `%s'", optarg); @@ -283,7 +283,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case '_': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (parse_mode(&r->cfg.mode, optarg) < 0) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-mode: `%s'\n", optarg); @@ -292,7 +292,7 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, case '"': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); strncpy(r->name, optarg, sizeof(r->name)); diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c index 23025cd4..569ad69e 100644 --- a/extensions/libxt_helper.c +++ b/extensions/libxt_helper.c @@ -31,7 +31,7 @@ helper_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "helper match: Only use --helper ONCE!"); - check_inverse(optarg, &invert, &invert, 0); + xtables_check_inverse(optarg, &invert, &invert, 0); strncpy(info->name, optarg, 29); info->name[29] = '\0'; if (invert) diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index de079cbf..df6be14f 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -70,7 +70,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= IPRANGE_SRC; info->flags |= IPRANGE_SRC; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->flags |= IPRANGE_SRC_INV; parse_iprange(optarg, &info->src); @@ -84,7 +84,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, *flags |= IPRANGE_DST; info->flags |= IPRANGE_DST; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->flags |= IPRANGE_DST_INV; diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index d039904b..cf944e2d 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -70,7 +70,7 @@ length_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "length: `--length' may only be " "specified once"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_lengths(argv[optind-1], info); if (invert) info->invert = 1; diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c index 1df9114e..7edfa3db 100644 --- a/extensions/libxt_limit.c +++ b/extensions/libxt_limit.c @@ -94,14 +94,14 @@ limit_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '%': - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); break; case '$': - if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; + if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) exit_error(PARAMETER_PROBLEM, "bad --limit-burst `%s'", optarg); diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c index f4128c01..b516d80f 100644 --- a/extensions/libxt_mac.c +++ b/extensions/libxt_mac.c @@ -57,7 +57,7 @@ mac_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_mac(argv[optind-1], macinfo); if (invert) macinfo->invert = 1; diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c index 08bc9d95..1143ba98 100644 --- a/extensions/libxt_mark.c +++ b/extensions/libxt_mark.c @@ -62,7 +62,7 @@ mark_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); if (*end == '/') { markinfo->mask = strtoul(end+1, &end, 0); diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c index a7db2a83..d0e830df 100644 --- a/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c @@ -161,7 +161,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); @@ -169,7 +169,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); @@ -177,7 +177,7 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); @@ -228,21 +228,21 @@ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = XT_MULTIPORT_SOURCE; break; case '2': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = XT_MULTIPORT_DESTINATION; break; case '3': - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); proto = check_proto(pnum, invflags); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = XT_MULTIPORT_EITHER; diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c index 6152cb37..4275a1a4 100644 --- a/extensions/libxt_physdev.c +++ b/extensions/libxt_physdev.c @@ -43,7 +43,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '1': if (*flags & XT_PHYSDEV_OP_IN) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); xtables_parse_interface(argv[optind-1], info->physindev, (unsigned char *)info->in_mask); if (invert) @@ -55,7 +55,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '2': if (*flags & XT_PHYSDEV_OP_OUT) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); xtables_parse_interface(argv[optind-1], info->physoutdev, (unsigned char *)info->out_mask); if (invert) @@ -67,7 +67,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '3': if (*flags & XT_PHYSDEV_OP_ISIN) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->bitmask |= XT_PHYSDEV_OP_ISIN; if (invert) info->invert |= XT_PHYSDEV_OP_ISIN; @@ -77,7 +77,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '4': if (*flags & XT_PHYSDEV_OP_ISOUT) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->bitmask |= XT_PHYSDEV_OP_ISOUT; if (invert) info->invert |= XT_PHYSDEV_OP_ISOUT; @@ -87,7 +87,7 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags, case '5': if (*flags & XT_PHYSDEV_OP_BRIDGED) goto multiple_use; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) info->invert |= XT_PHYSDEV_OP_BRIDGED; *flags |= XT_PHYSDEV_OP_BRIDGED; diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c index ab2e2259..8caba91e 100644 --- a/extensions/libxt_pkttype.c +++ b/extensions/libxt_pkttype.c @@ -91,7 +91,7 @@ static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_pkttype(argv[optind-1], info); if(invert) info->invert=1; diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c index 90da1cd4..8c91fb8e 100644 --- a/extensions/libxt_quota.c +++ b/extensions/libxt_quota.c @@ -60,7 +60,7 @@ quota_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert, NULL, 0)) + if (xtables_check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'"); if (!parse_quota(optarg, &info->quota)) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c index 285b7ba3..8a8836bf 100644 --- a/extensions/libxt_rateest.c +++ b/extensions/libxt_rateest.c @@ -118,7 +118,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case OPT_RATEEST1: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest can't be inverted"); @@ -132,7 +132,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST2: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest can't be inverted"); @@ -147,7 +147,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_BPS1: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-bps can't be inverted"); @@ -171,7 +171,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_PPS1: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-pps can't be inverted"); @@ -196,7 +196,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_BPS2: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-bps can't be inverted"); @@ -220,7 +220,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_PPS2: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-pps can't be inverted"); @@ -245,7 +245,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_DELTA: - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (invert) exit_error(PARAMETER_PROBLEM, "rateest: rateest-delta can't be inverted"); @@ -259,7 +259,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_EQ: - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (*flags & (1 << c)) exit_error(PARAMETER_PROBLEM, @@ -272,7 +272,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_LT: - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (*flags & (1 << c)) exit_error(PARAMETER_PROBLEM, @@ -285,7 +285,7 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags, break; case OPT_RATEEST_GT: - check_inverse(argv[optind-1], &invert, &optind, 0); + xtables_check_inverse(argv[optind-1], &invert, &optind, 0); if (*flags & (1 << c)) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c index 1ae90133..1646705f 100644 --- a/extensions/libxt_recent.c +++ b/extensions/libxt_recent.c @@ -73,7 +73,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_SET; if (invert) info->invert = 1; *flags |= XT_RECENT_SET; @@ -84,7 +84,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_CHECK; if(invert) info->invert = 1; *flags |= XT_RECENT_CHECK; @@ -95,7 +95,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_UPDATE; if (invert) info->invert = 1; *flags |= XT_RECENT_UPDATE; @@ -106,7 +106,7 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--rcheck' " "`--update' or `--remove' may be set"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); info->check_set |= XT_RECENT_REMOVE; if (invert) info->invert = 1; *flags |= XT_RECENT_REMOVE; diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c index 6348a2f9..2ee48610 100644 --- a/extensions/libxt_sctp.c +++ b/extensions/libxt_sctp.c @@ -270,7 +270,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); einfo->flags |= XT_SCTP_SRC_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_sctp_ports(argv[optind-1], einfo->spts); if (invert) einfo->invflags |= XT_SCTP_SRC_PORTS; @@ -282,7 +282,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); einfo->flags |= XT_SCTP_DEST_PORTS; - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_sctp_ports(argv[optind-1], einfo->dpts); if (invert) einfo->invflags |= XT_SCTP_DEST_PORTS; @@ -293,7 +293,7 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & XT_SCTP_CHUNK_TYPES) exit_error(PARAMETER_PROBLEM, "Only one `--chunk-types' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (!argv[optind] || argv[optind][0] == '-' || argv[optind][0] == '!') diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c index 66af518a..51822303 100644 --- a/extensions/libxt_state.c +++ b/extensions/libxt_state.c @@ -71,7 +71,7 @@ state_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); state_parse_states(argv[optind-1], sinfo); if (invert) diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c index 0408c230..6bd27c0b 100644 --- a/extensions/libxt_string.c +++ b/extensions/libxt_string.c @@ -199,7 +199,7 @@ string_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & STRING) exit_error(PARAMETER_PROBLEM, "Can't specify multiple --string"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_string(argv[optind-1], stringinfo); if (invert) { if (revision == 0) @@ -216,7 +216,7 @@ string_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify multiple --hex-string"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_hex_string(argv[optind-1], stringinfo); /* sets length */ if (invert) { if (revision == 0) diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c index bb667478..069bb7fa 100644 --- a/extensions/libxt_tcp.c +++ b/extensions/libxt_tcp.c @@ -150,7 +150,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->spts); if (invert) tcpinfo->invflags |= XT_TCP_INV_SRCPT; @@ -161,7 +161,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->dpts); if (invert) tcpinfo->invflags |= XT_TCP_INV_DSTPT; @@ -182,7 +182,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one of `--syn' or `--tcp-flags' " " allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); if (!argv[optind] || argv[optind][0] == '-' || argv[optind][0] == '!') @@ -199,7 +199,7 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_OPTION) exit_error(PARAMETER_PROBLEM, "Only one `--tcp-option' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_option(argv[optind-1], &tcpinfo->option); if (invert) tcpinfo->invflags |= XT_TCP_INV_OPTION; diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index d30aa249..5c013a77 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -65,7 +65,7 @@ tcpmss_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "Only one `--mss' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_tcp_mssvalues(argv[optind-1], &mssinfo->mss_min, &mssinfo->mss_max); if (invert) diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c index 40128411..8f57f4ec 100644 --- a/extensions/libxt_udp.c +++ b/extensions/libxt_udp.c @@ -72,7 +72,7 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->spts); if (invert) udpinfo->invflags |= XT_UDP_INV_SRCPT; @@ -83,7 +83,7 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - check_inverse(optarg, &invert, &optind, 0); + xtables_check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->dpts); if (invert) udpinfo->invflags |= XT_UDP_INV_DSTPT; diff --git a/include/xtables.h.in b/include/xtables.h.in index c3c960b1..c1bf6d59 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -202,7 +202,8 @@ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask); /* this is a special 64bit data type that is 8-byte aligned */ #define aligned_u64 u_int64_t __attribute__((aligned(8))) -int check_inverse(const char option[], int *invert, int *my_optind, int argc); +int xtables_check_inverse(const char option[], int *invert, + int *my_optind, int argc); void exit_error(enum xtables_exittype, const char *, ...) __attribute__((noreturn, format(printf,2,3))); extern void xtables_param_act(unsigned int, const char *, ...); diff --git a/ip6tables.c b/ip6tables.c index 48a6bec4..903e0055 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -450,26 +450,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, *cmd |= newcmd; } -int -check_inverse(const char option[], int *invert, int *my_optind, int argc) -{ - if (option && strcmp(option, "!") == 0) { - if (*invert) - exit_error(PARAMETER_PROBLEM, - "Multiple `!' flags not allowed"); - *invert = TRUE; - if (my_optind != NULL) { - ++*my_optind; - if (argc && *my_optind > argc) - exit_error(PARAMETER_PROBLEM, - "no argument following `!'"); - } - - return TRUE; - } - return FALSE; -} - /* * All functions starting with "parse" should succeed, otherwise * the program fails. @@ -1618,7 +1598,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand * Option selection */ case 'p': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_PROTOCOL, &fw.ipv6.invflags, invert); @@ -1644,14 +1624,14 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 's': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_SOURCE, &fw.ipv6.invflags, invert); shostnetworkmask = argv[optind-1]; break; case 'd': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags, invert); dhostnetworkmask = argv[optind-1]; @@ -1697,7 +1677,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand case 'i': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags, invert); xtables_parse_interface(argv[optind-1], @@ -1706,7 +1686,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'o': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags, invert); xtables_parse_interface(argv[optind-1], diff --git a/iptables.c b/iptables.c index 925464c0..ea765b0b 100644 --- a/iptables.c +++ b/iptables.c @@ -452,26 +452,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, *cmd |= newcmd; } -int -check_inverse(const char option[], int *invert, int *my_optind, int argc) -{ - if (option && strcmp(option, "!") == 0) { - if (*invert) - exit_error(PARAMETER_PROBLEM, - "Multiple `!' flags not allowed"); - *invert = TRUE; - if (my_optind != NULL) { - ++*my_optind; - if (argc && *my_optind > argc) - exit_error(PARAMETER_PROBLEM, - "no argument following `!'"); - } - - return TRUE; - } - return FALSE; -} - /* * All functions starting with "parse" should succeed, otherwise * the program fails. @@ -1631,7 +1611,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle * Option selection */ case 'p': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_PROTOCOL, &fw.ip.invflags, invert); @@ -1649,14 +1629,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 's': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_SOURCE, &fw.ip.invflags, invert); shostnetworkmask = argv[optind-1]; break; case 'd': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_DESTINATION, &fw.ip.invflags, invert); dhostnetworkmask = argv[optind-1]; @@ -1702,7 +1682,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle case 'i': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags, invert); xtables_parse_interface(argv[optind-1], @@ -1711,7 +1691,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'o': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags, invert); xtables_parse_interface(argv[optind-1], diff --git a/xtables.c b/xtables.c index 8a79c5b1..19e746c3 100644 --- a/xtables.c +++ b/xtables.c @@ -1257,3 +1257,31 @@ void xtables_save_string(const char *value) printf("\" "); } } + +/** + * Check for option-intrapositional negation. + * Do not use in new code. + */ +int xtables_check_inverse(const char option[], int *invert, + int *my_optind, int argc) +{ + if (option && strcmp(option, "!") == 0) { + fprintf(stderr, "Using intrapositioned negation " + "(`--option ! this`) is deprecated in favor of " + "extrapositioned (`! --option this`).\n"); + + if (*invert) + exit_error(PARAMETER_PROBLEM, + "Multiple `!' flags not allowed"); + *invert = true; + if (my_optind != NULL) { + ++*my_optind; + if (argc && *my_optind > argc) + exit_error(PARAMETER_PROBLEM, + "no argument following `!'"); + } + + return true; + } + return false; +} -- cgit v1.2.3 From 1de7edffc9085c0f41c261dca995e28ae4126c29 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 05:38:11 +0100 Subject: libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt --- extensions/libip6t_policy.c | 2 +- extensions/libipt_policy.c | 2 +- extensions/libxt_conntrack.c | 5 +-- extensions/libxt_time.c | 1 - include/xtables.h.in | 21 +++++++++-- ip6tables.c | 84 ++++++-------------------------------------- iptables.c | 75 ++++++--------------------------------- xtables.c | 52 +++++++++++++++++++++++++++ 8 files changed, 96 insertions(+), 146 deletions(-) diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c index 83ee48ec..7c1a1e71 100644 --- a/extensions/libip6t_policy.c +++ b/extensions/libip6t_policy.c @@ -244,7 +244,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --proto option"); - e->proto = parse_protocol(argv[optind-1]); + e->proto = xtables_parse_protocol(argv[optind-1]); if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP && e->proto != IPPROTO_COMP) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index 742eeba9..6ae51e7c 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -212,7 +212,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: double --proto option"); - e->proto = parse_protocol(argv[optind-1]); + e->proto = xtables_parse_protocol(argv[optind-1]); if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP && e->proto != IPPROTO_COMP) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 914b253b..45783f4d 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -317,7 +317,8 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, *protocol = tolower(*protocol); protocol = argv[optind-1]; - sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = parse_protocol(protocol); + sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = + xtables_parse_protocol(protocol); if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0 && (sinfo->invflags & XT_INV_PROTO)) @@ -455,7 +456,7 @@ conntrack_mt_parse(int c, char **argv, int invert, unsigned int *flags, /* Canonicalize into lower case */ for (p = optarg; *p != '\0'; ++p) *p = tolower(*p); - info->l4proto = parse_protocol(optarg); + info->l4proto = xtables_parse_protocol(optarg); if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO)) exit_error(PARAMETER_PROBLEM, "conntrack: rule would " diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c index 989806de..41aa5c77 100644 --- a/extensions/libxt_time.c +++ b/extensions/libxt_time.c @@ -22,7 +22,6 @@ #include #include -#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*x)) enum { /* getopt "seen" bits */ F_DATE_START = 1 << 0, diff --git a/include/xtables.h.in b/include/xtables.h.in index c1bf6d59..07217d6a 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -21,6 +21,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_MH +# define IPPROTO_MH 135 +#endif #ifndef IPPROTO_UDPLITE #define IPPROTO_UDPLITE 136 #endif @@ -151,6 +154,17 @@ struct xtables_rule_match { bool completed; }; +/** + * struct xtables_pprot - + * + * A few hardcoded protocols for 'all' and in case the user has no + * /etc/protocols. + */ +struct xtables_pprot { + const char *name; + u_int8_t num; +}; + enum xtables_tryload { XTF_DONT_LOAD, XTF_DURING_LOAD, @@ -239,10 +253,13 @@ extern void xtables_save_string(const char *value); # define _init __attribute__((constructor)) _INIT #endif -/* Present in both iptables.c and ip6tables.c */ -extern u_int16_t parse_protocol(const char *s); +extern const struct xtables_pprot xtables_chain_protos[]; +extern u_int16_t xtables_parse_protocol(const char *s); #ifdef XTABLES_INTERNAL +# ifndef ARRAY_SIZE +# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) +# endif # include #endif diff --git a/ip6tables.c b/ip6tables.c index 903e0055..53163b7b 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -208,34 +208,7 @@ struct afinfo afinfo = { .so_rev_target = IP6T_SO_GET_REVISION_TARGET, }; -/* Primitive headers... */ -/* defined in netinet/in.h */ -#if 0 -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif -#endif -#ifndef IPPROTO_MH -#define IPPROTO_MH 135 -#endif - -static const struct pprot chain_protos[] = { - { "tcp", IPPROTO_TCP }, - { "udp", IPPROTO_UDP }, - { "udplite", IPPROTO_UDPLITE }, - { "icmpv6", IPPROTO_ICMPV6 }, - { "ipv6-icmp", IPPROTO_ICMPV6 }, - { "esp", IPPROTO_ESP }, - { "ah", IPPROTO_AH }, - { "ipv6-mh", IPPROTO_MH }, - { "mh", IPPROTO_MH }, - { "all", 0 }, -}; - -static char * +static const char * proto_to_name(u_int8_t proto, int nolookup) { unsigned int i; @@ -246,9 +219,9 @@ proto_to_name(u_int8_t proto, int nolookup) return pent->p_name; } - for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) - if (chain_protos[i].num == proto) - return chain_protos[i].name; + for (i = 0; xtables_chain_protos[i].name != NULL; ++i) + if (xtables_chain_protos[i].num == proto) + return xtables_chain_protos[i].name; return NULL; } @@ -467,7 +440,7 @@ find_proto(const char *pname, enum xtables_tryload tryload, unsigned int proto; if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { - char *protoname = proto_to_name(proto, nolookup); + const char *protoname = proto_to_name(proto, nolookup); if (protoname) return xtables_find_match(protoname, tryload, matches); @@ -477,43 +450,6 @@ find_proto(const char *pname, enum xtables_tryload tryload, return NULL; } -u_int16_t -parse_protocol(const char *s) -{ - unsigned int proto; - - if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { - struct protoent *pent; - - /* first deal with the special case of 'all' to prevent - * people from being able to redefine 'all' in nsswitch - * and/or provoke expensive [not working] ldap/nis/... - * lookups */ - if (!strcmp(s, "all")) - return 0; - - if ((pent = getprotobyname(s))) - proto = pent->p_proto; - else { - unsigned int i; - for (i = 0; - i < sizeof(chain_protos)/sizeof(struct pprot); - i++) { - if (strcmp(s, chain_protos[i].name) == 0) { - proto = chain_protos[i].num; - break; - } - } - if (i == sizeof(chain_protos)/sizeof(struct pprot)) - exit_error(PARAMETER_PROBLEM, - "unknown protocol `%s' specified", - s); - } - } - - return (u_int16_t)proto; -} - /* These are invalid numbers as upper layer protocol */ static int is_exthdr(u_int16_t proto) { @@ -738,7 +674,7 @@ print_firewall(const struct ip6t_entry *fw, fputc(fw->ipv6.invflags & IP6T_INV_PROTO ? '!' : ' ', stdout); { - char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC); + const char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC); if (pname) printf(FMT("%-5s", "%s "), pname); else @@ -1144,10 +1080,10 @@ static void print_proto(u_int16_t proto, int invert) return; } - for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) - if (chain_protos[i].num == proto) { + for (i = 0; xtables_chain_protos[i].name != NULL; ++i) + if (xtables_chain_protos[i].num == proto) { printf("-p %s%s ", - invertstr, chain_protos[i].name); + invertstr, xtables_chain_protos[i].name); return; } @@ -1607,7 +1543,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand *protocol = tolower(*protocol); protocol = argv[optind-1]; - fw.ipv6.proto = parse_protocol(protocol); + fw.ipv6.proto = xtables_parse_protocol(protocol); fw.ipv6.flags |= IP6T_F_PROTO; if (fw.ipv6.proto == 0 diff --git a/iptables.c b/iptables.c index ea765b0b..b43aadfd 100644 --- a/iptables.c +++ b/iptables.c @@ -194,13 +194,6 @@ const char *program_name; int kernel_version; -/* A few hardcoded protocols for 'all' and in case the user has no - /etc/protocols */ -struct pprot { - char *name; - u_int8_t num; -}; - struct afinfo afinfo = { .family = NFPROTO_IPV4, .libprefix = "libipt_", @@ -221,18 +214,7 @@ struct afinfo afinfo = { #endif #endif -static const struct pprot chain_protos[] = { - { "tcp", IPPROTO_TCP }, - { "udp", IPPROTO_UDP }, - { "udplite", IPPROTO_UDPLITE }, - { "icmp", IPPROTO_ICMP }, - { "esp", IPPROTO_ESP }, - { "ah", IPPROTO_AH }, - { "sctp", IPPROTO_SCTP }, - { "all", 0 }, -}; - -static char * +static const char * proto_to_name(u_int8_t proto, int nolookup) { unsigned int i; @@ -243,9 +225,9 @@ proto_to_name(u_int8_t proto, int nolookup) return pent->p_name; } - for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) - if (chain_protos[i].num == proto) - return chain_protos[i].name; + for (i = 0; xtables_chain_protos[i].name != NULL; ++i) + if (xtables_chain_protos[i].num == proto) + return xtables_chain_protos[i].name; return NULL; } @@ -469,7 +451,7 @@ find_proto(const char *pname, enum xtables_tryload tryload, unsigned int proto; if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { - char *protoname = proto_to_name(proto, nolookup); + const char *protoname = proto_to_name(proto, nolookup); if (protoname) return xtables_find_match(protoname, tryload, matches); @@ -479,43 +461,6 @@ find_proto(const char *pname, enum xtables_tryload tryload, return NULL; } -u_int16_t -parse_protocol(const char *s) -{ - unsigned int proto; - - if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { - struct protoent *pent; - - /* first deal with the special case of 'all' to prevent - * people from being able to redefine 'all' in nsswitch - * and/or provoke expensive [not working] ldap/nis/... - * lookups */ - if (!strcmp(s, "all")) - return 0; - - if ((pent = getprotobyname(s))) - proto = pent->p_proto; - else { - unsigned int i; - for (i = 0; - i < sizeof(chain_protos)/sizeof(struct pprot); - i++) { - if (strcmp(s, chain_protos[i].name) == 0) { - proto = chain_protos[i].num; - break; - } - } - if (i == sizeof(chain_protos)/sizeof(struct pprot)) - exit_error(PARAMETER_PROBLEM, - "unknown protocol `%s' specified", - s); - } - } - - return (u_int16_t)proto; -} - /* Can't be zero. */ static int parse_rulenumber(const char *rule) @@ -733,7 +678,7 @@ print_firewall(const struct ipt_entry *fw, fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout); { - char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); + const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); if (pname) printf(FMT("%-5s", "%s "), pname); else @@ -1107,10 +1052,10 @@ static void print_proto(u_int16_t proto, int invert) return; } - for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) - if (chain_protos[i].num == proto) { + for (i = 0; xtables_chain_protos[i].name != NULL; ++i) + if (xtables_chain_protos[i].num == proto) { printf("-p %s%s ", - invertstr, chain_protos[i].name); + invertstr, xtables_chain_protos[i].name); return; } @@ -1620,7 +1565,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle *protocol = tolower(*protocol); protocol = argv[optind-1]; - fw.ip.proto = parse_protocol(protocol); + fw.ip.proto = xtables_parse_protocol(protocol); if (fw.ip.proto == 0 && (fw.ip.invflags & IPT_INV_PROTO)) diff --git a/xtables.c b/xtables.c index 19e746c3..cf643521 100644 --- a/xtables.c +++ b/xtables.c @@ -32,6 +32,7 @@ #include #include +#include #include #ifndef NO_SHARED_LIBS @@ -1285,3 +1286,54 @@ int xtables_check_inverse(const char option[], int *invert, } return false; } + +const struct xtables_pprot xtables_chain_protos[] = { + {"tcp", IPPROTO_TCP}, + {"sctp", IPPROTO_SCTP}, + {"udp", IPPROTO_UDP}, + {"udplite", IPPROTO_UDPLITE}, + {"icmp", IPPROTO_ICMP}, + {"icmpv6", IPPROTO_ICMPV6}, + {"ipv6-icmp", IPPROTO_ICMPV6}, + {"esp", IPPROTO_ESP}, + {"ah", IPPROTO_AH}, + {"ipv6-mh", IPPROTO_MH}, + {"mh", IPPROTO_MH}, + {"all", 0}, + {NULL}, +}; + +u_int16_t +xtables_parse_protocol(const char *s) +{ + unsigned int proto; + + if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { + struct protoent *pent; + + /* first deal with the special case of 'all' to prevent + * people from being able to redefine 'all' in nsswitch + * and/or provoke expensive [not working] ldap/nis/... + * lookups */ + if (!strcmp(s, "all")) + return 0; + + if ((pent = getprotobyname(s))) + proto = pent->p_proto; + else { + unsigned int i; + for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) { + if (strcmp(s, xtables_chain_protos[i].name) == 0) { + proto = xtables_chain_protos[i].num; + break; + } + } + if (i == ARRAY_SIZE(xtables_chain_protos)) + exit_error(PARAMETER_PROBLEM, + "unknown protocol `%s' specified", + s); + } + } + + return proto; +} -- cgit v1.2.3 From 77f48c2f1ef21fa43aa68c25a1457db319ca2526 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 7 Feb 2009 19:59:53 +0100 Subject: libxtables: move afinfo around libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 1 + include/xtables/internal.h.in | 24 -------------- ip6tables-restore.c | 1 + ip6tables-save.c | 1 + ip6tables-standalone.c | 1 + ip6tables.c | 9 ------ iptables-restore.c | 1 + iptables-save.c | 1 + iptables-standalone.c | 1 + iptables.c | 9 ------ xtables.c | 74 +++++++++++++++++++++++++++++++++++++------ 11 files changed, 71 insertions(+), 52 deletions(-) diff --git a/include/xtables.h.in b/include/xtables.h.in index 07217d6a..02750fb9 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -189,6 +189,7 @@ extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; extern void xtables_init(void); +extern void xtables_set_nfproto(uint8_t); extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in index 21438290..81ddb48a 100644 --- a/include/xtables/internal.h.in +++ b/include/xtables/internal.h.in @@ -7,30 +7,6 @@ # define XT_LIB_DIR "/usr/local/lib/iptables" #endif -/* protocol family dependent informations */ -struct afinfo { - /* protocol family */ - int family; - - /* prefix of library name (ex "libipt_" */ - char *libprefix; - - /* used by setsockopt (ex IPPROTO_IP */ - int ipproto; - - /* kernel module (ex "ip_tables" */ - char *kmod; - - /* optname to check revision support of match */ - int so_rev_match; - - /* optname to check revision support of match */ - int so_rev_target; -}; - -/* This is decleared in ip[6]tables.c */ -extern struct afinfo afinfo; - /** * Program's own name and version. */ diff --git a/ip6tables-restore.c b/ip6tables-restore.c index beb640b2..acaf97b4 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -132,6 +132,7 @@ int main(int argc, char *argv[]) xtables_program_name = program_name; xtables_init(); + xtables_set_nfproto(NFPROTO_IPV6); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/ip6tables-save.c b/ip6tables-save.c index 86ec6b26..32b59926 100644 --- a/ip6tables-save.c +++ b/ip6tables-save.c @@ -141,6 +141,7 @@ int main(int argc, char *argv[]) xtables_program_name = program_name; xtables_init(); + xtables_set_nfproto(NFPROTO_IPV6); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index 3ab114ea..cea48186 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -54,6 +54,7 @@ main(int argc, char *argv[]) xtables_program_name = program_name; xtables_init(); + xtables_set_nfproto(NFPROTO_IPV6); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/ip6tables.c b/ip6tables.c index 53163b7b..233974f2 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -199,15 +199,6 @@ struct pprot { u_int8_t num; }; -struct afinfo afinfo = { - .family = NFPROTO_IPV6, - .libprefix = "libip6t_", - .ipproto = IPPROTO_IPV6, - .kmod = "ip6_tables", - .so_rev_match = IP6T_SO_GET_REVISION_MATCH, - .so_rev_target = IP6T_SO_GET_REVISION_TARGET, -}; - static const char * proto_to_name(u_int8_t proto, int nolookup) { diff --git a/iptables-restore.c b/iptables-restore.c index 56812ee9..810806f0 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -134,6 +134,7 @@ main(int argc, char *argv[]) xtables_program_name = program_name; xtables_init(); + xtables_set_nfproto(NFPROTO_IPV4); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/iptables-save.c b/iptables-save.c index d08ec4b2..c4306fd1 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -141,6 +141,7 @@ main(int argc, char *argv[]) xtables_program_name = program_name; xtables_init(); + xtables_set_nfproto(NFPROTO_IPV4); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/iptables-standalone.c b/iptables-standalone.c index 91908732..ece7cf42 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -55,6 +55,7 @@ main(int argc, char *argv[]) xtables_program_name = program_name; xtables_init(); + xtables_set_nfproto(NFPROTO_IPV4); #ifdef NO_SHARED_LIBS init_extensions(); #endif diff --git a/iptables.c b/iptables.c index b43aadfd..f1a5d33e 100644 --- a/iptables.c +++ b/iptables.c @@ -194,15 +194,6 @@ const char *program_name; int kernel_version; -struct afinfo afinfo = { - .family = NFPROTO_IPV4, - .libprefix = "libipt_", - .ipproto = IPPROTO_IP, - .kmod = "ip_tables", - .so_rev_match = IPT_SO_GET_REVISION_MATCH, - .so_rev_target = IPT_SO_GET_REVISION_TARGET, -}; - /* Primitive headers... */ /* defined in netinet/in.h */ #if 0 diff --git a/xtables.c b/xtables.c index cf643521..6c954754 100644 --- a/xtables.c +++ b/xtables.c @@ -32,7 +32,8 @@ #include #include -#include +#include +#include #include #ifndef NO_SHARED_LIBS @@ -45,6 +46,44 @@ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" #endif +/** + * xtables_afinfo - protocol family dependent information + * @kmod: kernel module basename (e.g. "ip_tables") + * @libprefix: prefix of .so library name (e.g. "libipt_") + * @family: nfproto family + * @ipproto: used by setsockopt (e.g. IPPROTO_IP) + * @so_rev_match: optname to check revision support of match + * @so_rev_target: optname to check revision support of target + */ +struct xtables_afinfo { + const char *kmod; + const char *libprefix; + uint8_t family; + uint8_t ipproto; + int so_rev_match; + int so_rev_target; +}; + +static const struct xtables_afinfo afinfo_ipv4 = { + .kmod = "ip_tables", + .libprefix = "libipt_", + .family = NFPROTO_IPV4, + .ipproto = IPPROTO_IP, + .so_rev_match = IPT_SO_GET_REVISION_MATCH, + .so_rev_target = IPT_SO_GET_REVISION_TARGET, +}; + +static const struct xtables_afinfo afinfo_ipv6 = { + .kmod = "ip6_tables", + .libprefix = "libip6t_", + .family = NFPROTO_IPV6, + .ipproto = IPPROTO_IPV6, + .so_rev_match = IP6T_SO_GET_REVISION_MATCH, + .so_rev_target = IP6T_SO_GET_REVISION_TARGET, +}; + +static const struct xtables_afinfo *afinfo; + /** * Program will set this to its own name. */ @@ -74,6 +113,21 @@ void xtables_init(void) xtables_libdir = XTABLES_LIBDIR; } +void xtables_set_nfproto(uint8_t nfproto) +{ + switch (nfproto) { + case NFPROTO_IPV4: + afinfo = &afinfo_ipv4; + break; + case NFPROTO_IPV6: + afinfo = &afinfo_ipv6; + break; + default: + fprintf(stderr, "libxtables: unhandled NFPROTO in %s\n", + __func__); + } +} + /** * xtables_*alloc - wrappers that exit on failure */ @@ -177,7 +231,7 @@ int xtables_load_ko(const char *modprobe, bool quiet) static int ret = -1; if (!loaded) { - ret = xtables_insmod(afinfo.kmod, modprobe, quiet); + ret = xtables_insmod(afinfo->kmod, modprobe, quiet); loaded = (ret == 0); } @@ -387,7 +441,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, #ifndef NO_SHARED_LIBS if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { - ptr = load_extension(xtables_libdir, afinfo.libprefix, + ptr = load_extension(xtables_libdir, afinfo->libprefix, name, false); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) @@ -447,7 +501,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload) #ifndef NO_SHARED_LIBS if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { - ptr = load_extension(xtables_libdir, afinfo.libprefix, + ptr = load_extension(xtables_libdir, afinfo->libprefix, name, true); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) @@ -480,7 +534,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) socklen_t s = sizeof(rev); int max_rev, sockfd; - sockfd = socket(afinfo.family, SOCK_RAW, IPPROTO_RAW); + sockfd = socket(afinfo->family, SOCK_RAW, IPPROTO_RAW); if (sockfd < 0) { if (errno == EPERM) { /* revision 0 is always supported. */ @@ -501,7 +555,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) strcpy(rev.name, name); rev.revision = revision; - max_rev = getsockopt(sockfd, afinfo.ipproto, opt, &rev, &s); + max_rev = getsockopt(sockfd, afinfo->ipproto, opt, &rev, &s); if (max_rev < 0) { /* Definitely don't support this? */ if (errno == ENOENT || errno == EPROTONOSUPPORT) { @@ -524,12 +578,12 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) static int compatible_match_revision(const char *name, u_int8_t revision) { - return compatible_revision(name, revision, afinfo.so_rev_match); + return compatible_revision(name, revision, afinfo->so_rev_match); } static int compatible_target_revision(const char *name, u_int8_t revision) { - return compatible_revision(name, revision, afinfo.so_rev_target); + return compatible_revision(name, revision, afinfo->so_rev_target); } void xtables_register_match(struct xtables_match *me) @@ -559,7 +613,7 @@ void xtables_register_match(struct xtables_match *me) } /* ignore not interested match */ - if (me->family != afinfo.family && me->family != AF_UNSPEC) + if (me->family != afinfo->family && me->family != AF_UNSPEC) return; old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL); @@ -632,7 +686,7 @@ void xtables_register_target(struct xtables_target *me) } /* ignore not interested target */ - if (me->family != afinfo.family && me->family != AF_UNSPEC) + if (me->family != afinfo->family && me->family != AF_UNSPEC) return; old = xtables_find_target(me->name, XTF_DURING_LOAD); -- cgit v1.2.3