static void
parse_iprange(char *arg, struct ipt_iprange *range)
{
char *dash;
const struct in_addr *ip;
dash = strchr(arg, '-');
if (dash != NULL)
*dash = '\0';
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
arg);
range->min_ip = ip->s_addr;
if (dash != NULL) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
dash+1);
range->max_ip = ip->s_addr;
} else {
range->max_ip = range->min_ip;
}
}
/* Parses range of IPs */
static void parse_to(const char *orig_arg, struct nf_nat_range *range)
{
char *dash, *arg;
const struct in_addr *ip;
arg = strdup(orig_arg);
if (arg == NULL)
xtables_error(RESOURCE_PROBLEM, "strdup");
range->flags |= IP_NAT_RANGE_MAP_IPS;
dash = strchr(arg, '-');
if (dash)
*dash = '\0';
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range->min_ip = ip->s_addr;
if (dash) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
dash+1);
}
range->max_ip = ip->s_addr;
if (dash)
if (range->min_ip > range->max_ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP range \"%s-%s\"\n",
arg, dash+1);
free(arg);
}
static int
iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_iprange_mtinfo *info = (void *)(*match)->data;
const struct in_addr *ia;
char *end;
switch (c) {
case '1': /* --src-range */
end = strchr(optarg, '-');
if (end == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
*end = '\0';
ia = xtables_numeric_to_ipaddr(optarg);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
memcpy(&info->src_min.in, ia, sizeof(*ia));
ia = xtables_numeric_to_ipaddr(end+1);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
memcpy(&info->src_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_SRC;
if (invert)
info->flags |= IPRANGE_SRC_INV;
*flags |= F_SRCIP;
return true;
case '2': /* --dst-range */
end = strchr(optarg, '-');
if (end == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
*end = '\0';
ia = xtables_numeric_to_ipaddr(optarg);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
memcpy(&info->dst_min.in, ia, sizeof(*ia));
ia = xtables_numeric_to_ipaddr(end + 1);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
memcpy(&info->dst_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_DST;
if (invert)
info->flags |= IPRANGE_DST_INV;
*flags |= F_DSTIP;
return true;
}
return false;
}
static void
iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range,
uint8_t family, const char *optname)
{
const char *spec[2] = {from, to};
struct in6_addr *ia6;
struct in_addr *ia4;
unsigned int i;
memset(range, 0, sizeof(union nf_inet_addr) * 2);
if (family == NFPROTO_IPV6) {
for (i = 0; i < ARRAY_SIZE(spec); ++i) {
ia6 = xtables_numeric_to_ip6addr(spec[i]);
if (ia6 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
optname, spec[i]);
range[i].in6 = *ia6;
}
} else {
for (i = 0; i < ARRAY_SIZE(spec); ++i) {
ia4 = xtables_numeric_to_ipaddr(spec[i]);
if (ia4 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
optname, spec[i]);
range[i].in = *ia4;
}
}
}
static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info)
{
struct in_addr *laddr;
if ((laddr = xtables_numeric_to_ipaddr(s)) == NULL)
xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s);
info->laddr = laddr->s_addr;
}
/* Parses network address */
static void
parse_to(char *arg, struct nf_nat_range *range)
{
char *slash;
const struct in_addr *ip;
u_int32_t netmask;
unsigned int bits;
range->flags |= IP_NAT_RANGE_MAP_IPS;
slash = strchr(arg, '/');
if (slash)
*slash = '\0';
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range->min_ip = ip->s_addr;
if (slash) {
if (strchr(slash+1, '.')) {
ip = xtables_numeric_to_ipmask(slash+1);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
slash+1);
netmask = ip->s_addr;
}
else {
if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32))
xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
slash+1);
netmask = bits2netmask(bits);
}
/* Don't allow /0 (/1 is probably insane, too) */
if (netmask == 0)
xtables_error(PARAMETER_PROBLEM, "Netmask needed\n");
}
else
netmask = ~0;
if (range->min_ip & ~netmask) {
if (slash)
*slash = '/';
xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
arg);
}
range->max_ip = range->min_ip | ~netmask;
}
static struct in_addr *
ipparse_hostnetwork(const char *name, unsigned int *naddrs)
{
struct in_addr *addrptmp, *addrp;
if ((addrptmp = xtables_numeric_to_ipaddr(name)) != NULL ||
(addrptmp = network_to_ipaddr(name)) != NULL) {
addrp = xtables_malloc(sizeof(struct in_addr));
memcpy(addrp, addrptmp, sizeof(*addrp));
*naddrs = 1;
return addrp;
}
if ((addrptmp = host_to_ipaddr(name, naddrs)) != NULL)
return addrptmp;
xt_params->exit_err(PARAMETER_PROBLEM, "host/network `%s' not found", name);
}
static void parse_tproxy_laddr(const char *s, union nf_inet_addr *addrp,
unsigned int nfproto)
{
struct in6_addr *laddr6 = NULL;
struct in_addr *laddr4 = NULL;
if (nfproto == NFPROTO_IPV6) {
laddr6 = xtables_numeric_to_ip6addr(s);
if (laddr6 == NULL)
goto out;
addrp->in6 = *laddr6;
} else if (nfproto == NFPROTO_IPV4) {
laddr4 = xtables_numeric_to_ipaddr(s);
if (laddr4 == NULL)
goto out;
addrp->in = *laddr4;
}
return;
out:
xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s);
}
/* Ranges expected in network order. */
static struct xt_entry_target *
parse_to(char *arg, int portok, struct ipt_natinfo *info)
{
struct nf_nat_range range;
char *colon, *dash, *error;
const struct in_addr *ip;
memset(&range, 0, sizeof(range));
colon = strchr(arg, ':');
if (colon) {
int port;
if (!portok)
xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
if (port <= 0 || port > 65535)
xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", colon+1);
error = strchr(colon+1, ':');
if (error)
xtables_error(PARAMETER_PROBLEM,
"Invalid port:port syntax - use dash\n");
dash = strchr(colon, '-');
if (!dash) {
range.min.tcp.port
= range.max.tcp.port
= htons(port);
} else {
int maxport;
maxport = atoi(dash + 1);
if (maxport <= 0 || maxport > 65535)
xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
/* People are stupid. */
xtables_error(PARAMETER_PROBLEM,
"Port range `%s' funky\n", colon+1);
range.min.tcp.port = htons(port);
range.max.tcp.port = htons(maxport);
}
/* Starts with a colon? No IP info...*/
if (colon == arg)
return &(append_range(info, &range)->t);
*colon = '\0';
}
range.flags |= IP_NAT_RANGE_MAP_IPS;
dash = strchr(arg, '-');
if (colon && dash && dash > colon)
dash = NULL;
if (dash)
*dash = '\0';
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range.min_ip = ip->s_addr;
if (dash) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
dash+1);
range.max_ip = ip->s_addr;
} else
range.max_ip = range.min_ip;
return &(append_range(info, &range)->t);
}
