static void conntrack2_mt_parse(struct xt_option_call *cb) { #define cinfo2_transform(r, l) \ memcpy((r), (l), offsetof(typeof(*(l)), sizeof(*info)); struct xt_conntrack_mtinfo2 *info = cb->data; struct xt_conntrack_mtinfo3 up; memset(&up, 0, sizeof(up)); memcpy(&up, info, sizeof(*info)); up.origsrc_port_high = up.origsrc_port; up.origdst_port_high = up.origdst_port; up.replsrc_port_high = up.replsrc_port; up.repldst_port_high = up.repldst_port; cb->data = &up; conntrack_mt_parse(cb, 3); if (up.origsrc_port != up.origsrc_port_high || up.origdst_port != up.origdst_port_high || up.replsrc_port != up.replsrc_port_high || up.repldst_port != up.repldst_port_high) xtables_error(PARAMETER_PROBLEM, "conntrack rev 2 does not support port ranges"); memcpy(info, &up, sizeof(*info)); cb->data = info; #undef cinfo2_transform }
static void conntrack1_mt_parse(struct xt_option_call *cb) { struct xt_conntrack_mtinfo1 *info = cb->data; struct xt_conntrack_mtinfo3 up; memset(&up, 0, sizeof(up)); cinfo_transform(&up, info); up.origsrc_port_high = up.origsrc_port; up.origdst_port_high = up.origdst_port; up.replsrc_port_high = up.replsrc_port; up.repldst_port_high = up.repldst_port; cb->data = &up; conntrack_mt_parse(cb, 3); if (up.origsrc_port != up.origsrc_port_high || up.origdst_port != up.origdst_port_high || up.replsrc_port != up.replsrc_port_high || up.repldst_port != up.repldst_port_high) xtables_error(PARAMETER_PROBLEM, "conntrack rev 1 does not support port ranges"); cinfo_transform(info, &up); cb->data = info; }
static int conntrack_mt6_parse(int c, bool invert, unsigned int *flags, struct xt_conntrack_mtinfo2 *info) { struct in6_addr *addr = NULL; unsigned int naddrs = 0; switch (c) { case '3': /* --ctorigsrc */ xtables_ip6parse_any(optarg, &addr, &info->origsrc_mask.in6, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->origsrc_addr.in6, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_ORIGSRC; if (invert) info->invert_flags |= XT_CONNTRACK_ORIGSRC; break; case '4': /* --ctorigdst */ xtables_ip6parse_any(optarg, &addr, &info->origdst_mask.in6, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->origdst_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_ORIGDST; if (invert) info->invert_flags |= XT_CONNTRACK_ORIGDST; break; case '5': /* --ctreplsrc */ xtables_ip6parse_any(optarg, &addr, &info->replsrc_mask.in6, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->replsrc_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_REPLSRC; if (invert) info->invert_flags |= XT_CONNTRACK_REPLSRC; break; case '6': /* --ctrepldst */ xtables_ip6parse_any(optarg, &addr, &info->repldst_mask.in6, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->repldst_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_REPLDST; if (invert) info->invert_flags |= XT_CONNTRACK_REPLDST; break; default: return conntrack_mt_parse(c, invert, flags, info); } *flags = info->match_flags; return true; }
static int conntrack_mt4_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_conntrack_mtinfo1 *info = (void *)(*match)->data; struct in_addr *addr = NULL; unsigned int naddrs = 0; switch (c) { case '3': /* --ctorigsrc */ xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->origsrc_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_ORIGSRC; if (invert) info->invert_flags |= XT_CONNTRACK_ORIGSRC; break; case '4': /* --ctorigdst */ xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->origdst_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_ORIGDST; if (invert) info->invert_flags |= XT_CONNTRACK_ORIGDST; break; case '5': /* --ctreplsrc */ xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->replsrc_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_REPLSRC; if (invert) info->invert_flags |= XT_CONNTRACK_REPLSRC; break; case '6': /* --ctrepldst */ xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in, &naddrs); if (naddrs > 1) xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed"); if (naddrs == 1) memcpy(&info->repldst_addr.in, addr, sizeof(*addr)); info->match_flags |= XT_CONNTRACK_REPLDST; if (invert) info->invert_flags |= XT_CONNTRACK_REPLDST; break; default: return conntrack_mt_parse(c, argv, invert, flags, match); } *flags = info->match_flags; return true; }
static void conntrack3_mt_parse(struct xt_option_call *cb) { conntrack_mt_parse(cb, 3); }