* iptables: guided option parser, run 4
@ 2011-05-01 11:50 Jan Engelhardt
2011-05-01 11:50 ` [PATCH 1/9] build: bump libxtables ABI version Jan Engelhardt
` (9 more replies)
0 siblings, 10 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
The following changes since commit 26ed9ea93564bb5ffdb5238eaa202cd9bcf6d6d1:
combine ip6?tables-multi into xtables-multi (2011-04-19 18:22:11 -0700)
are available in the git repository at:
git://dev.medozas.de/iptables opts
Jan Engelhardt (9):
build: bump libxtables ABI version
libxt_TEE: use guided option parser
xtoptions: respect return value in xtables_getportbyname
libxt_TOS: use guided option parser
libxt_tos: use guided option parser
extensions: remove unused TOS code
libxtables: XTTYPE_PORTRC support
libxt_udp: use guided option parser
libxt_dccp: use guided option parser
configure.ac | 2 +-
extensions/libxt_TEE.c | 103 +++++-----------------------------
extensions/libxt_TOS.c | 137 +++++++++++++++++++--------------------------
extensions/libxt_dccp.c | 134 +++++++++++++-------------------------------
extensions/libxt_tos.c | 88 +++++++++++------------------
extensions/libxt_udp.c | 95 ++++++++++---------------------
extensions/tos_values.c | 58 -------------------
include/xtables.h.in | 11 +++-
xtoptions.c | 142 +++++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 327 insertions(+), 443 deletions(-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/9] build: bump libxtables ABI version
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 2/9] libxt_TEE: use guided option parser Jan Engelhardt
` (8 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Adding the x6_* members to struct xtables_{match,target} caused a
change requiring a bump.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/configure.ac b/configure.ac
index eb447e0..38b7b79 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
AC_INIT([iptables], [1.4.10])
# See libtool.info "Libtool's versioning system"
-libxtables_vcurrent=5
+libxtables_vcurrent=6
libxtables_vage=0
AC_CONFIG_HEADERS([config.h])
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/9] libxt_TEE: use guided option parser
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
2011-05-01 11:50 ` [PATCH 1/9] build: bump libxtables ABI version Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 3/9] xtoptions: respect return value in xtables_getportbyname Jan Engelhardt
` (7 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_TEE.c | 103 ++++++-----------------------------------------
1 files changed, 14 insertions(+), 89 deletions(-)
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index 00a4de6..fd9a1b2 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -25,15 +25,19 @@
#include <linux/netfilter/xt_TEE.h>
enum {
- FLAG_GATEWAY = 1 << 0,
- FLAG_OIF = 1 << 1,
+ O_GATEWAY = 0,
+ O_OIF,
};
-static const struct option tee_tg_opts[] = {
- {.name = "gateway", .has_arg = true, .val = 'g'},
- {.name = "oif", .has_arg = true, .val = 'o'},
- {NULL},
+#define s struct xt_tee_tginfo
+static const struct xt_option_entry tee_tg_opts[] = {
+ {.name = "gateway", .id = O_GATEWAY, .type = XTTYPE_ONEHOST,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, gw)},
+ {.name = "oif", .id = O_OIF, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, oif)},
+ XTOPT_TABLEEND,
};
+#undef s
static void tee_tg_help(void)
{
@@ -44,83 +48,6 @@ static void tee_tg_help(void)
"\n");
}
-static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct xt_tee_tginfo *info = (void *)(*target)->data;
- const struct in_addr *ia;
-
- switch (c) {
- case 'g':
- if (*flags & FLAG_GATEWAY)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --gateway more than once");
-
- ia = xtables_numeric_to_ipaddr(optarg);
- if (ia == NULL)
- xtables_error(PARAMETER_PROBLEM,
- "Invalid IP address %s", optarg);
-
- memcpy(&info->gw, ia, sizeof(*ia));
- *flags |= FLAG_GATEWAY;
- return true;
- case 'o':
- if (*flags & FLAG_OIF)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --oif more than once");
- if (strlen(optarg) >= sizeof(info->oif))
- xtables_error(PARAMETER_PROBLEM,
- "oif name too long");
- strcpy(info->oif, optarg);
- *flags |= FLAG_OIF;
- return true;
- }
-
- return false;
-}
-
-static int tee_tg6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct xt_tee_tginfo *info = (void *)(*target)->data;
- const struct in6_addr *ia;
-
- switch (c) {
- case 'g':
- if (*flags & FLAG_GATEWAY)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --gateway more than once");
-
- ia = xtables_numeric_to_ip6addr(optarg);
- if (ia == NULL)
- xtables_error(PARAMETER_PROBLEM,
- "Invalid IP address %s", optarg);
-
- memcpy(&info->gw, ia, sizeof(*ia));
- *flags |= FLAG_GATEWAY;
- return true;
- case 'o':
- if (*flags & FLAG_OIF)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --oif more than once");
- if (strlen(optarg) >= sizeof(info->oif))
- xtables_error(PARAMETER_PROBLEM,
- "oif name too long");
- strcpy(info->oif, optarg);
- *flags |= FLAG_OIF;
- return true;
- }
-
- return false;
-}
-
-static void tee_tg_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM, "TEE target: "
- "--gateway parameter required");
-}
-
static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
@@ -173,11 +100,10 @@ static struct xtables_target tee_tg_reg = {
.size = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
.help = tee_tg_help,
- .parse = tee_tg_parse,
- .final_check = tee_tg_check,
.print = tee_tg_print,
.save = tee_tg_save,
- .extra_opts = tee_tg_opts,
+ .x6_parse = xtables_option_parse,
+ .x6_options = tee_tg_opts,
};
static struct xtables_target tee_tg6_reg = {
@@ -188,11 +114,10 @@ static struct xtables_target tee_tg6_reg = {
.size = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
.help = tee_tg_help,
- .parse = tee_tg6_parse,
- .final_check = tee_tg_check,
.print = tee_tg6_print,
.save = tee_tg6_save,
- .extra_opts = tee_tg_opts,
+ .x6_parse = xtables_option_parse,
+ .x6_options = tee_tg_opts,
};
void _init(void)
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 3/9] xtoptions: respect return value in xtables_getportbyname
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
2011-05-01 11:50 ` [PATCH 1/9] build: bump libxtables ABI version Jan Engelhardt
2011-05-01 11:50 ` [PATCH 2/9] libxt_TEE: use guided option parser Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 4/9] libxt_TOS: use guided option parser Jan Engelhardt
` (6 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
If ret was negative, ntohs may make it positive, which is undesired.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtoptions.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/xtoptions.c b/xtoptions.c
index c3cc40e..8478d26 100644
--- a/xtoptions.c
+++ b/xtoptions.c
@@ -379,6 +379,8 @@ static int xtables_getportbyname(const char *name)
}
}
freeaddrinfo(res);
+ if (ret < 0)
+ return ret;
return ntohs(ret);
}
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 4/9] libxt_TOS: use guided option parser
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (2 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 3/9] xtoptions: respect return value in xtables_getportbyname Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 5/9] libxt_tos: " Jan Engelhardt
` (5 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_TOS.c | 137 ++++++++++++++++++++----------------------------
include/xtables.h.in | 5 ++
xtoptions.c | 81 ++++++++++++++++++++++++++++
3 files changed, 143 insertions(+), 80 deletions(-)
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index 58ff2fc..cef5876 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -2,7 +2,7 @@
* Shared library add-on to iptables to add TOS target support
*
* Copyright © CC Computer Consultants GmbH, 2007
- * Contact: Jan Engelhardt <jengelh@computergmbh.de>
+ * Contact: Jan Engelhardt <jengelh@medozas.de>
*/
#include <getopt.h>
#include <stdbool.h>
@@ -20,20 +20,33 @@ struct ipt_tos_target_info {
};
enum {
- FLAG_TOS = 1 << 0,
+ O_SET_TOS = 0,
+ O_AND_TOS,
+ O_OR_TOS,
+ O_XOR_TOS,
+ F_SET_TOS = 1 << O_SET_TOS,
+ F_AND_TOS = 1 << O_AND_TOS,
+ F_OR_TOS = 1 << O_OR_TOS,
+ F_XOR_TOS = 1 << O_XOR_TOS,
+ F_ANY = F_SET_TOS | F_AND_TOS | F_OR_TOS | F_XOR_TOS,
};
-static const struct option tos_tg_opts_v0[] = {
- {.name = "set-tos", .has_arg = true, .val = '='},
- XT_GETOPT_TABLEEND,
+static const struct xt_option_entry tos_tg_opts_v0[] = {
+ {.name = "set-tos", .id = O_SET_TOS, .type = XTTYPE_TOSMASK,
+ .excl = F_ANY, .max = 0xFF},
+ XTOPT_TABLEEND,
};
-static const struct option tos_tg_opts[] = {
- {.name = "set-tos", .has_arg = true, .val = '='},
- {.name = "and-tos", .has_arg = true, .val = '&'},
- {.name = "or-tos", .has_arg = true, .val = '|'},
- {.name = "xor-tos", .has_arg = true, .val = '^'},
- XT_GETOPT_TABLEEND,
+static const struct xt_option_entry tos_tg_opts[] = {
+ {.name = "set-tos", .id = O_SET_TOS, .type = XTTYPE_TOSMASK,
+ .excl = F_ANY, .max = 0x3F},
+ {.name = "and-tos", .id = O_AND_TOS, .type = XTTYPE_UINT8,
+ .excl = F_ANY},
+ {.name = "or-tos", .id = O_OR_TOS, .type = XTTYPE_UINT8,
+ .excl = F_ANY},
+ {.name = "xor-tos", .id = O_XOR_TOS, .type = XTTYPE_UINT8,
+ .excl = F_ANY},
+ XTOPT_TABLEEND,
};
static void tos_tg_help_v0(void)
@@ -78,84 +91,48 @@ XTABLES_VERSION);
);
}
-static int tos_tg_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void tos_tg_parse_v0(struct xt_option_call *cb)
{
- struct ipt_tos_target_info *info = (void *)(*target)->data;
- struct tos_value_mask tvm;
-
- switch (c) {
- case '=':
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert);
- if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
- if (tvm.mask != 0xFF)
- xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel "
- "is too old to support anything besides "
- "/0xFF as a mask.");
- info->tos = tvm.value;
- *flags |= FLAG_TOS;
- return true;
- }
-
- return false;
+ struct ipt_tos_target_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->val.tos_mask != 0xFF)
+ xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel "
+ "is too old to support anything besides "
+ "/0xFF as a mask.");
+ info->tos = cb->val.tos_value;
}
-static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void tos_tg_parse(struct xt_option_call *cb)
{
- struct xt_tos_target_info *info = (void *)(*target)->data;
- struct tos_value_mask tvm;
- unsigned int bits;
-
- switch (c) {
- case '=': /* --set-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert);
- if (!tos_parse_symbolic(optarg, &tvm, 0x3F))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
- info->tos_value = tvm.value;
- info->tos_mask = tvm.mask;
- break;
+ struct xt_tos_target_info *info = cb->data;
- case '&': /* --and-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--and-tos", invert);
- if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--and-tos", optarg);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_TOS:
+ info->tos_value = cb->val.tos_value;
+ info->tos_mask = cb->val.tos_mask;
+ break;
+ case O_AND_TOS:
info->tos_value = 0;
- info->tos_mask = ~bits;
+ info->tos_mask = ~cb->val.u8;
break;
-
- case '|': /* --or-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--or-tos", invert);
- if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--or-tos", optarg);
- info->tos_value = bits;
- info->tos_mask = bits;
+ case O_OR_TOS:
+ info->tos_value = cb->val.u8;
+ info->tos_mask = cb->val.u8;
break;
-
- case '^': /* --xor-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--xor-tos", invert);
- if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--xor-tos", optarg);
- info->tos_value = bits;
+ case O_XOR_TOS:
+ info->tos_value = cb->val.u8;
info->tos_mask = 0;
break;
}
-
- *flags |= FLAG_TOS;
- return true;
}
-static void tos_tg_check(unsigned int flags)
+static void tos_tg_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
- "TOS: The --set-tos parameter is required");
+ "TOS: An action is required");
}
static void tos_tg_print_v0(const void *ip,
@@ -215,11 +192,11 @@ static struct xtables_target tos_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.help = tos_tg_help_v0,
- .parse = tos_tg_parse_v0,
- .final_check = tos_tg_check,
.print = tos_tg_print_v0,
.save = tos_tg_save_v0,
- .extra_opts = tos_tg_opts_v0,
+ .x6_parse = tos_tg_parse_v0,
+ .x6_fcheck = tos_tg_check,
+ .x6_options = tos_tg_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -229,11 +206,11 @@ static struct xtables_target tos_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.help = tos_tg_help,
- .parse = tos_tg_parse,
- .final_check = tos_tg_check,
.print = tos_tg_print,
.save = tos_tg_save,
- .extra_opts = tos_tg_opts,
+ .x6_parse = tos_tg_parse,
+ .x6_fcheck = tos_tg_check,
+ .x6_options = tos_tg_opts,
},
};
diff --git a/include/xtables.h.in b/include/xtables.h.in
index a9a9ffa..b06ab61 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -50,6 +50,7 @@ struct in_addr;
* %XTTYPE_UINT*: standard integer
* %XTTYPE_UINT*RC: colon-separated range of standard integers
* %XTTYPE_STRING: arbitrary string
+ * %XTTYPE_TOSMASK: 8-bit TOS value with optional mask
* %XTTYPE_MARKMASK32: 32-bit mark with optional mask
* %XTTYPE_SYSLOGLEVEL: syslog level by name or number
* %XTTYPE_ONEHOST: one host or address (union nf_inet_addr)
@@ -67,6 +68,7 @@ enum xt_option_type {
XTTYPE_UINT32RC,
XTTYPE_UINT64RC,
XTTYPE_STRING,
+ XTTYPE_TOSMASK,
XTTYPE_MARKMASK32,
XTTYPE_SYSLOGLEVEL,
XTTYPE_ONEHOST,
@@ -132,6 +134,9 @@ struct xt_option_call {
uint64_t u64, u64_range[2];
union nf_inet_addr inetaddr;
struct {
+ uint8_t tos_value, tos_mask;
+ };
+ struct {
uint32_t mark, mask;
};
} val;
diff --git a/xtoptions.c b/xtoptions.c
index 8478d26..69e43e9 100644
--- a/xtoptions.c
+++ b/xtoptions.c
@@ -19,8 +19,12 @@
#include <string.h>
#include <syslog.h>
#include <arpa/inet.h>
+#include <netinet/ip.h>
#include "xtables.h"
#include "xshared.h"
+#ifndef IPTOS_NORMALSVC
+# define IPTOS_NORMALSVC 0
+#endif
#define XTOPT_MKPTR(cb) \
((void *)((char *)(cb)->data + (cb)->entry->ptroff))
@@ -33,6 +37,10 @@ struct syslog_level {
uint8_t level;
};
+struct tos_value_mask {
+ uint8_t value, mask;
+};
+
/**
* Creates getopt options from the x6-style option map, and assigns each a
* getopt id.
@@ -232,6 +240,78 @@ static void xtopt_parse_string(struct xt_option_call *cb)
p[z] = '\0';
}
+static const struct tos_symbol_info {
+ unsigned char value;
+ const char *name;
+} tos_symbol_names[] = {
+ {IPTOS_LOWDELAY, "Minimize-Delay"},
+ {IPTOS_THROUGHPUT, "Maximize-Throughput"},
+ {IPTOS_RELIABILITY, "Maximize-Reliability"},
+ {IPTOS_MINCOST, "Minimize-Cost"},
+ {IPTOS_NORMALSVC, "Normal-Service"},
+ {},
+};
+
+/*
+ * tos_parse_numeric - parse a string like "15/255"
+ *
+ * @str: input string
+ * @tvm: (value/mask) tuple
+ * @max: maximum allowed value (must be pow(2,some_int)-1)
+ */
+static bool tos_parse_numeric(const char *str, struct xt_option_call *cb,
+ unsigned int max)
+{
+ unsigned int value;
+ char *end;
+
+ xtables_strtoui(str, &end, &value, 0, max);
+ cb->val.tos_value = value;
+ cb->val.tos_mask = max;
+
+ if (*end == '/') {
+ const char *p = end + 1;
+
+ if (!xtables_strtoui(p, &end, &value, 0, max))
+ xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
+ str);
+ cb->val.tos_mask = value;
+ }
+
+ if (*end != '\0')
+ xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str);
+ return true;
+}
+
+/**
+ * @str: input string
+ * @tvm: (value/mask) tuple
+ * @def_mask: mask to force when a symbolic name is used
+ */
+static void xtopt_parse_tosmask(struct xt_option_call *cb)
+{
+ const struct tos_symbol_info *symbol;
+ char *tmp;
+
+ if (xtables_strtoui(cb->arg, &tmp, NULL, 0, UINT8_MAX)) {
+ tos_parse_numeric(cb->arg, cb, UINT8_MAX);
+ return;
+ }
+ /*
+ * This is our way we deal with different defaults
+ * for different revisions.
+ */
+ cb->val.tos_mask = cb->entry->max;
+ for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
+ if (strcasecmp(cb->arg, symbol->name) == 0) {
+ cb->val.tos_value = symbol->value;
+ return;
+ }
+
+ xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown",
+ cb->arg);
+}
+
/**
* Validate the input for being conformant to "mark[/mask]".
*/
@@ -413,6 +493,7 @@ static void (*const xtopt_subparse[])(struct xt_option_call *) = {
[XTTYPE_UINT32RC] = xtopt_parse_mint,
[XTTYPE_UINT64RC] = xtopt_parse_mint,
[XTTYPE_STRING] = xtopt_parse_string,
+ [XTTYPE_TOSMASK] = xtopt_parse_tosmask,
[XTTYPE_MARKMASK32] = xtopt_parse_markmask,
[XTTYPE_SYSLOGLEVEL] = xtopt_parse_sysloglevel,
[XTTYPE_ONEHOST] = xtopt_parse_onehost,
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 5/9] libxt_tos: use guided option parser
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (3 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 4/9] libxt_TOS: use guided option parser Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 6/9] extensions: remove unused TOS code Jan Engelhardt
` (4 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_tos.c | 88 ++++++++++++++++++------------------------------
1 files changed, 33 insertions(+), 55 deletions(-)
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 8b83e18..7646a4f 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -21,12 +21,19 @@ struct ipt_tos_info {
};
enum {
- FLAG_TOS = 1 << 0,
+ O_TOS = 1 << 0,
};
-static const struct option tos_mt_opts[] = {
- {.name = "tos", .has_arg = true, .val = 't'},
- XT_GETOPT_TABLEEND,
+static const struct xt_option_entry tos_mt_opts_v0[] = {
+ {.name = "tos", .id = O_TOS, .type = XTTYPE_TOSMASK,
+ .flags = XTOPT_MAND, .max = 0xFF},
+ XTOPT_TABLEEND,
+};
+
+static const struct xt_option_entry tos_mt_opts[] = {
+ {.name = "tos", .id = O_TOS, .type = XTTYPE_TOSMASK,
+ .flags = XTOPT_MAND, .max = 0x3F},
+ XTOPT_TABLEEND,
};
static void tos_mt_help(void)
@@ -46,56 +53,29 @@ static void tos_mt_help(void)
printf("\n");
}
-static int tos_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void tos_mt_parse_v0(struct xt_option_call *cb)
{
- struct ipt_tos_info *info = (void *)(*match)->data;
- struct tos_value_mask tvm;
-
- switch (c) {
- case 't':
- xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
- if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
- xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
- if (tvm.mask != 0xFF)
- xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is "
- "too old to support anything besides /0xFF "
- "as a mask.");
- info->tos = tvm.value;
- if (invert)
- info->invert = true;
- *flags |= FLAG_TOS;
- return true;
- }
- return false;
+ struct ipt_tos_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->val.tos_mask != 0xFF)
+ xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is "
+ "too old to support anything besides /0xFF "
+ "as a mask.");
+ info->tos = cb->val.tos_value;
+ if (cb->invert)
+ info->invert = true;
}
-static int tos_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void tos_mt_parse(struct xt_option_call *cb)
{
- struct xt_tos_match_info *info = (void *)(*match)->data;
- struct tos_value_mask tvm = {.mask = 0xFF};
-
- switch (c) {
- case 't':
- xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
- if (!tos_parse_symbolic(optarg, &tvm, 0x3F))
- xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
- info->tos_value = tvm.value;
- info->tos_mask = tvm.mask;
- if (invert)
- info->invert = true;
- *flags |= FLAG_TOS;
- return true;
- }
- return false;
-}
+ struct xt_tos_match_info *info = cb->data;
-static void tos_mt_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM,
- "tos: --tos parameter required");
+ xtables_option_parse(cb);
+ info->tos_value = cb->val.tos_value;
+ info->tos_mask = cb->val.tos_mask;
+ if (cb->invert)
+ info->invert = true;
}
static void tos_mt_print_v0(const void *ip, const struct xt_entry_match *match,
@@ -150,11 +130,10 @@ static struct xtables_match tos_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct ipt_tos_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
.help = tos_mt_help,
- .parse = tos_mt_parse_v0,
- .final_check = tos_mt_check,
.print = tos_mt_print_v0,
.save = tos_mt_save_v0,
- .extra_opts = tos_mt_opts,
+ .x6_parse = tos_mt_parse_v0,
+ .x6_options = tos_mt_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -164,11 +143,10 @@ static struct xtables_match tos_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
.help = tos_mt_help,
- .parse = tos_mt_parse,
- .final_check = tos_mt_check,
.print = tos_mt_print,
.save = tos_mt_save,
- .extra_opts = tos_mt_opts,
+ .x6_parse = tos_mt_parse,
+ .x6_options = tos_mt_opts,
},
};
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 6/9] extensions: remove unused TOS code
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (4 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 5/9] libxt_tos: " Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 7/9] libxtables: XTTYPE_PORTRC support Jan Engelhardt
` (3 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/tos_values.c | 58 -----------------------------------------------
1 files changed, 0 insertions(+), 58 deletions(-)
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index c5efd9d..6dc4743 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -23,64 +23,6 @@ static const struct tos_symbol_info {
{},
};
-/*
- * tos_parse_numeric - parse sth. like "15/255"
- *
- * @str: input string
- * @tvm: (value/mask) tuple
- * @max: maximum allowed value (must be pow(2,some_int)-1)
- */
-static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
- unsigned int max)
-{
- unsigned int value;
- char *end;
-
- xtables_strtoui(str, &end, &value, 0, max);
- tvm->value = value;
- tvm->mask = max;
-
- if (*end == '/') {
- const char *p = end + 1;
-
- if (!xtables_strtoui(p, &end, &value, 0, max))
- xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
- str);
- tvm->mask = value;
- }
-
- if (*end != '\0')
- xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str);
- return true;
-}
-
-/**
- * @str: input string
- * @tvm: (value/mask) tuple
- * @def_mask: mask to force when a symbolic name is used
- */
-static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
- unsigned int def_mask)
-{
- static const unsigned int max = UINT8_MAX;
- const struct tos_symbol_info *symbol;
- char *tmp;
-
- if (xtables_strtoui(str, &tmp, NULL, 0, max))
- return tos_parse_numeric(str, tvm, max);
-
- /* Do not consider ECN bits when using preset names */
- tvm->mask = def_mask;
- for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
- if (strcasecmp(str, symbol->name) == 0) {
- tvm->value = symbol->value;
- return true;
- }
-
- xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", str);
- return false;
-}
-
static bool tos_try_print_symbolic(const char *prefix,
uint8_t value, uint8_t mask)
{
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 7/9] libxtables: XTTYPE_PORTRC support
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (5 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 6/9] extensions: remove unused TOS code Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 8/9] libxt_udp: use guided option parser Jan Engelhardt
` (2 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/xtables.h.in | 6 ++++-
xtoptions.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 1 deletions(-)
diff --git a/include/xtables.h.in b/include/xtables.h.in
index b06ab61..0cd9f9f 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -56,6 +56,8 @@ struct in_addr;
* %XTTYPE_ONEHOST: one host or address (union nf_inet_addr)
* %XTTYPE_PORT: 16-bit port name or number
* %XTTYPE_PORT_NE: 16-bit port name or number, stored as network-endian
+ * %XTTYPE_PORTRC: colon-separated port range (names acceptable)
+ * %XTTYPE_PORTRC_NE: same as %XTTYPE_PORTRC, stored in network-endian
*/
enum xt_option_type {
XTTYPE_NONE,
@@ -74,6 +76,8 @@ enum xt_option_type {
XTTYPE_ONEHOST,
XTTYPE_PORT,
XTTYPE_PORT_NE,
+ XTTYPE_PORTRC,
+ XTTYPE_PORTRC_NE,
};
/**
@@ -129,7 +133,7 @@ struct xt_option_call {
uint8_t nvals;
union {
uint8_t u8, u8_range[2], syslog_level;
- uint16_t u16, u16_range[2], port;
+ uint16_t u16, u16_range[2], port, port_range[2];
uint32_t u32, u32_range[2];
uint64_t u64, u64_range[2];
union nf_inet_addr inetaddr;
diff --git a/xtoptions.c b/xtoptions.c
index 69e43e9..7a7d706 100644
--- a/xtoptions.c
+++ b/xtoptions.c
@@ -483,6 +483,61 @@ static void xtopt_parse_port(struct xt_option_call *cb)
*(uint16_t *)XTOPT_MKPTR(cb) = cb->val.port;
}
+static void xtopt_parse_mport(struct xt_option_call *cb)
+{
+ static const size_t esize = sizeof(uint16_t);
+ const struct xt_option_entry *entry = cb->entry;
+ char *arg, *lo_arg = strdup(cb->arg);
+ char *put = XTOPT_MKPTR(cb);
+ unsigned int maxiter;
+ char *end = "";
+ char sep = ':';
+ int value;
+
+ if (lo_arg == NULL)
+ xt_params->exit_err(RESOURCE_PROBLEM, "strdup");
+
+ maxiter = entry->size / esize;
+ if (maxiter == 0)
+ maxiter = 2; /* ARRAY_SIZE(cb->val.port_range) */
+ if (entry->size % esize != 0)
+ xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does "
+ "not have proper size\n", __func__);
+
+ cb->nvals = 0;
+ for (arg = lo_arg; ; arg = end + 1) {
+ if (cb->nvals == maxiter)
+ xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many "
+ "components for option \"--%s\" (max: %u)\n",
+ cb->ext_name, entry->name, maxiter);
+ //arg contains :??
+ end = strchr(arg, ':');
+ if (end != NULL)
+ *end = '\0';
+ value = xtables_getportbyname(arg);
+ if (value < 0)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Port \"%s\" does not resolve to anything.\n",
+ arg);
+ if (entry->type == XTTYPE_PORTRC_NE)
+ value = htons(value);
+ if (end != NULL && *end != '\0' && *end != sep)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: Argument to \"--%s\" has unexpected "
+ "characters.\n", cb->ext_name, entry->name);
+ ++cb->nvals;
+ if (cb->nvals < ARRAY_SIZE(cb->val.u32_range))
+ cb->val.port_range[cb->nvals] = value;
+ if (entry->flags & XTOPT_PUT) {
+ *(uint16_t *)put = value;
+ put += esize;
+ }
+ if (end == NULL || *end == '\0')
+ break;
+ }
+ free(lo_arg);
+}
+
static void (*const xtopt_subparse[])(struct xt_option_call *) = {
[XTTYPE_UINT8] = xtopt_parse_int,
[XTTYPE_UINT16] = xtopt_parse_int,
@@ -499,6 +554,8 @@ static void (*const xtopt_subparse[])(struct xt_option_call *) = {
[XTTYPE_ONEHOST] = xtopt_parse_onehost,
[XTTYPE_PORT] = xtopt_parse_port,
[XTTYPE_PORT_NE] = xtopt_parse_port,
+ [XTTYPE_PORTRC] = xtopt_parse_mport,
+ [XTTYPE_PORTRC_NE] = xtopt_parse_mport,
};
static const size_t xtopt_psize[] = {
@@ -515,6 +572,8 @@ static const size_t xtopt_psize[] = {
[XTTYPE_ONEHOST] = sizeof(union nf_inet_addr),
[XTTYPE_PORT] = sizeof(uint16_t),
[XTTYPE_PORT_NE] = sizeof(uint16_t),
+ [XTTYPE_PORTRC] = sizeof(uint16_t[2]),
+ [XTTYPE_PORTRC_NE] = sizeof(uint16_t[2]),
};
/**
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 8/9] libxt_udp: use guided option parser
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (6 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 7/9] libxtables: XTTYPE_PORTRC support Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-18 12:49 ` Lutz Jaenicke
2011-05-01 11:50 ` [PATCH 9/9] libxt_dccp: " Jan Engelhardt
2011-05-09 9:26 ` iptables: guided option parser, run 4 Patrick McHardy
9 siblings, 1 reply; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_udp.c | 95 +++++++++++++++---------------------------------
1 files changed, 30 insertions(+), 65 deletions(-)
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 505b3c8..a539edd 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -1,14 +1,15 @@
-/* Shared library add-on to iptables to add UDP support. */
-#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <netinet/in.h>
+#include <arpa/inet.h>
#include <xtables.h>
#include <linux/netfilter/xt_tcpudp.h>
+enum {
+ O_SOURCE_PORT = 0,
+ O_DEST_PORT,
+};
+
static void udp_help(void)
{
printf(
@@ -21,36 +22,19 @@ static void udp_help(void)
" match destination port(s)\n");
}
-static const struct option udp_opts[] = {
- {.name = "source-port", .has_arg = true, .val = '1'},
- {.name = "sport", .has_arg = true, .val = '1'}, /* synonym */
- {.name = "destination-port", .has_arg = true, .val = '2'},
- {.name = "dport", .has_arg = true, .val = '2'}, /* synonym */
- XT_GETOPT_TABLEEND,
+#define s struct xt_udp
+static const struct xt_option_entry udp_opts[] = {
+ {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ XTOPT_TABLEEND,
};
-
-static void
-parse_udp_ports(const char *portstring, uint16_t *ports)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(portstring);
- if ((cp = strchr(buffer, ':')) == NULL)
- ports[0] = ports[1] = xtables_parse_port(buffer, "udp");
- else {
- *cp = '\0';
- cp++;
-
- ports[0] = buffer[0] ? xtables_parse_port(buffer, "udp") : 0;
- ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF;
-
- if (ports[0] > ports[1])
- xtables_error(PARAMETER_PROBLEM,
- "invalid portrange (min > max)");
- }
- free(buffer);
-}
+#undef s
static void udp_init(struct xt_entry_match *m)
{
@@ -59,40 +43,21 @@ static void udp_init(struct xt_entry_match *m)
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
}
-#define UDP_SRC_PORTS 0x01
-#define UDP_DST_PORTS 0x02
-
-static int
-udp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void udp_parse(struct xt_option_call *cb)
{
- struct xt_udp *udpinfo = (struct xt_udp *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & UDP_SRC_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--source-port' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_udp_ports(optarg, udpinfo->spts);
- if (invert)
+ struct xt_udp *udpinfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SOURCE_PORT:
+ if (cb->invert)
udpinfo->invflags |= XT_UDP_INV_SRCPT;
- *flags |= UDP_SRC_PORTS;
break;
-
- case '2':
- if (*flags & UDP_DST_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--destination-port' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_udp_ports(optarg, udpinfo->dpts);
- if (invert)
+ case O_DEST_PORT:
+ if (cb->invert)
udpinfo->invflags |= XT_UDP_INV_DSTPT;
- *flags |= UDP_DST_PORTS;
break;
}
-
- return 1;
}
static char *
@@ -195,10 +160,10 @@ static struct xtables_match udp_match = {
.userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
.help = udp_help,
.init = udp_init,
- .parse = udp_parse,
.print = udp_print,
.save = udp_save,
- .extra_opts = udp_opts,
+ .x6_parse = udp_parse,
+ .x6_options = udp_opts,
};
void
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 9/9] libxt_dccp: use guided option parser
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (7 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 8/9] libxt_udp: use guided option parser Jan Engelhardt
@ 2011-05-01 11:50 ` Jan Engelhardt
2011-05-09 9:26 ` iptables: guided option parser, run 4 Patrick McHardy
9 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-01 11:50 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_dccp.c | 134 ++++++++++++++---------------------------------
1 files changed, 40 insertions(+), 94 deletions(-)
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index ee8e009..3eff177 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -5,15 +5,12 @@
* This program is distributed under the terms of GNU GPL v2, 1991
*
*/
-#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <netdb.h>
-#include <ctype.h>
-
-#include <netinet/in.h>
+#include <arpa/inet.h>
#include <xtables.h>
#include <linux/dccp.h>
#include <linux/netfilter/x_tables.h>
@@ -26,6 +23,13 @@
#define DEBUGP(format, fist...)
#endif
+enum {
+ O_SOURCE_PORT = 0,
+ O_DEST_PORT,
+ O_DCCP_TYPES,
+ O_DCCP_OPTION,
+};
+
static void dccp_help(void)
{
printf(
@@ -36,41 +40,23 @@ static void dccp_help(void)
" --dport ...\n");
}
-static const struct option dccp_opts[] = {
- {.name = "source-port", .has_arg = true, .val = '1'},
- {.name = "sport", .has_arg = true, .val = '1'},
- {.name = "destination-port", .has_arg = true, .val = '2'},
- {.name = "dport", .has_arg = true, .val = '2'},
- {.name = "dccp-types", .has_arg = true, .val = '3'},
- {.name = "dccp-option", .has_arg = true, .val = '4'},
- XT_GETOPT_TABLEEND,
+#define s struct xt_dccp_info
+static const struct xt_option_entry dccp_opts[] = {
+ {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ {.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING},
+ {.name = "dccp-option", .id = O_DCCP_OPTION, .type = XTTYPE_UINT8,
+ .min = 1, .max = UINT8_MAX, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, option)},
+ XTOPT_TABLEEND,
};
-
-static void
-parse_dccp_ports(const char *portstring,
- uint16_t *ports)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(portstring);
- DEBUGP("%s\n", portstring);
- if ((cp = strchr(buffer, ':')) == NULL) {
- ports[0] = ports[1] = xtables_parse_port(buffer, "dccp");
- }
- else {
- *cp = '\0';
- cp++;
-
- ports[0] = buffer[0] ? xtables_parse_port(buffer, "dccp") : 0;
- ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF;
-
- if (ports[0] > ports[1])
- xtables_error(PARAMETER_PROBLEM,
- "invalid portrange (min > max)");
- }
- free(buffer);
-}
+#undef s
static const char *const dccp_pkt_types[] = {
[DCCP_PKT_REQUEST] = "REQUEST",
@@ -110,74 +96,34 @@ parse_dccp_types(const char *typestring)
return typemask;
}
-static uint8_t parse_dccp_option(char *optstring)
+static void dccp_parse(struct xt_option_call *cb)
{
- unsigned int ret;
-
- if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM, "Bad DCCP option \"%s\"",
- optstring);
-
- return ret;
-}
+ struct xt_dccp_info *einfo = cb->data;
-static int
-dccp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_dccp_info *einfo
- = (struct xt_dccp_info *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & XT_DCCP_SRC_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--source-port' allowed");
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SOURCE_PORT:
einfo->flags |= XT_DCCP_SRC_PORTS;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dccp_ports(optarg, einfo->spts);
- if (invert)
+ if (cb->invert)
einfo->invflags |= XT_DCCP_SRC_PORTS;
- *flags |= XT_DCCP_SRC_PORTS;
break;
-
- case '2':
- if (*flags & XT_DCCP_DEST_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--destination-port' allowed");
+ case O_DEST_PORT:
einfo->flags |= XT_DCCP_DEST_PORTS;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dccp_ports(optarg, einfo->dpts);
- if (invert)
+ if (cb->invert)
einfo->invflags |= XT_DCCP_DEST_PORTS;
- *flags |= XT_DCCP_DEST_PORTS;
break;
-
- case '3':
- if (*flags & XT_DCCP_TYPE)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dccp-types' allowed");
+ case O_DCCP_TYPES:
einfo->flags |= XT_DCCP_TYPE;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->typemask = parse_dccp_types(optarg);
- if (invert)
+ einfo->typemask = parse_dccp_types(cb->arg);
+ if (cb->invert)
einfo->invflags |= XT_DCCP_TYPE;
- *flags |= XT_DCCP_TYPE;
break;
-
- case '4':
- if (*flags & XT_DCCP_OPTION)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dccp-option' allowed");
+ case O_DCCP_OPTION:
einfo->flags |= XT_DCCP_OPTION;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->option = parse_dccp_option(optarg);
- if (invert)
+ if (cb->invert)
einfo->invflags |= XT_DCCP_OPTION;
- *flags |= XT_DCCP_OPTION;
break;
}
- return 1;
}
static char *
@@ -333,10 +279,10 @@ static struct xtables_match dccp_match = {
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
.help = dccp_help,
- .parse = dccp_parse,
.print = dccp_print,
.save = dccp_save,
- .extra_opts = dccp_opts,
+ .x6_parse = dccp_parse,
+ .x6_options = dccp_opts,
};
void _init(void)
--
1.7.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: iptables: guided option parser, run 4
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
` (8 preceding siblings ...)
2011-05-01 11:50 ` [PATCH 9/9] libxt_dccp: " Jan Engelhardt
@ 2011-05-09 9:26 ` Patrick McHardy
9 siblings, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2011-05-09 9:26 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Am 01.05.2011 13:50, schrieb Jan Engelhardt:
> The following changes since commit 26ed9ea93564bb5ffdb5238eaa202cd9bcf6d6d1:
>
> combine ip6?tables-multi into xtables-multi (2011-04-19 18:22:11 -0700)
>
> are available in the git repository at:
> git://dev.medozas.de/iptables opts
>
> Jan Engelhardt (9):
> build: bump libxtables ABI version
> libxt_TEE: use guided option parser
> xtoptions: respect return value in xtables_getportbyname
> libxt_TOS: use guided option parser
> libxt_tos: use guided option parser
> extensions: remove unused TOS code
> libxtables: XTTYPE_PORTRC support
> libxt_udp: use guided option parser
> libxt_dccp: use guided option parser
Pulled, thanks Jan.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 8/9] libxt_udp: use guided option parser
2011-05-01 11:50 ` [PATCH 8/9] libxt_udp: use guided option parser Jan Engelhardt
@ 2011-05-18 12:49 ` Lutz Jaenicke
2011-05-18 13:58 ` Jan Engelhardt
0 siblings, 1 reply; 13+ messages in thread
From: Lutz Jaenicke @ 2011-05-18 12:49 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Hi,
this modification lead to a subtle failure I don't know how to cure yet.
On Sun, May 01, 2011 at 01:50:28PM +0200, Jan Engelhardt wrote:
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> extensions/libxt_udp.c | 95 +++++++++++++++---------------------------------
> 1 files changed, 30 insertions(+), 65 deletions(-)
>
> diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
> index 505b3c8..a539edd 100644
> --- a/extensions/libxt_udp.c
> +++ b/extensions/libxt_udp.c
...
> +#define s struct xt_udp
> +static const struct xt_option_entry udp_opts[] = {
> + {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
> + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
> + {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
> + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
> + {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
> + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
> + {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
> + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
> + XTOPT_TABLEEND,
> };
The port parsing now performed indirectly via xtables_getportbyname() and
then hence getaddrinfo().
At least for uClibc (did not test glibc), getaddrinfo() will complain
when a port is specified by number but no socket type of address family
is set:
...
/*
* Can't specify a numerical socket unless a protocol
* family was given.
*/
if (hints->ai_socktype == 0 && hints->ai_protocol == 0)
return EAI_SERVICE;
...
The straight forward solution would be to add a respective ai_protocol
information (we actually know that it is IPPROTO_UDP). I am currently
however not deep enough into the new parser structure to know where to
add this information to the function calls and or data structures.
Note: the same issue will pop up for not yet converted protocols like UDP.
Best regards,
Lutz
--
Dr.-Ing. Lutz Jänicke
CTO
Innominate Security Technologies AG /protecting industrial networks/
tel: +49.30.921028-200
fax: +49.30.921028-020
Rudower Chaussee 13
D-12489 Berlin, Germany
www.innominate.com
Register Court: AG Charlottenburg, HR B 81603
Management Board: Dirk Seewald
Chairman of the Supervisory Board: Volker Bibelhausen
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 8/9] libxt_udp: use guided option parser
2011-05-18 12:49 ` Lutz Jaenicke
@ 2011-05-18 13:58 ` Jan Engelhardt
0 siblings, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2011-05-18 13:58 UTC (permalink / raw)
To: Lutz Jaenicke; +Cc: netfilter-devel
On Wednesday 2011-05-18 14:49, Lutz Jaenicke wrote:
>
>this modification lead to a subtle failure I don't know how to cure yet.
>
>> + {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
>> + .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
>> + XTOPT_TABLEEND,
>> };
>
>The port parsing now performed indirectly via xtables_getportbyname() and
>then hence getaddrinfo().
>At least for uClibc (did not test glibc), getaddrinfo() will complain
>when a port is specified by number but no socket type of address family
>is set:
>...
> /*
> * Can't specify a numerical socket unless a protocol
> * family was given.
> */
> if (hints->ai_socktype == 0 && hints->ai_protocol == 0)
> return EAI_SERVICE;
>...
That's one of these totally useless comments. I know from the
condition that it disallows them, but it fails to say _why_, and what
makes numerical specs different from name-based ones - in particular
they should ask themselves, why should getaddrinfo special-case it
when getportbyfoo does not?
>The straight forward solution would be to add a respective ai_protocol
>information (we actually know that it is IPPROTO_UDP). I am currently
>however not deep enough into the new parser structure to know where to
>add this information to the function calls and or data structures.
The approach would be to encode the family in xt_option_entry somehow.
Possilibites are a new XTTYPE_UDPPORT (suboptimal because all protos
would need to be specified), or seemingly better, a flag that would
interpret the .max field as a family instead (similar to how
XTTYPE_TOSMASK uses it). Me ponders.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2011-05-18 13:58 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-01 11:50 iptables: guided option parser, run 4 Jan Engelhardt
2011-05-01 11:50 ` [PATCH 1/9] build: bump libxtables ABI version Jan Engelhardt
2011-05-01 11:50 ` [PATCH 2/9] libxt_TEE: use guided option parser Jan Engelhardt
2011-05-01 11:50 ` [PATCH 3/9] xtoptions: respect return value in xtables_getportbyname Jan Engelhardt
2011-05-01 11:50 ` [PATCH 4/9] libxt_TOS: use guided option parser Jan Engelhardt
2011-05-01 11:50 ` [PATCH 5/9] libxt_tos: " Jan Engelhardt
2011-05-01 11:50 ` [PATCH 6/9] extensions: remove unused TOS code Jan Engelhardt
2011-05-01 11:50 ` [PATCH 7/9] libxtables: XTTYPE_PORTRC support Jan Engelhardt
2011-05-01 11:50 ` [PATCH 8/9] libxt_udp: use guided option parser Jan Engelhardt
2011-05-18 12:49 ` Lutz Jaenicke
2011-05-18 13:58 ` Jan Engelhardt
2011-05-01 11:50 ` [PATCH 9/9] libxt_dccp: " Jan Engelhardt
2011-05-09 9:26 ` iptables: guided option parser, run 4 Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.