int
main (void)
{
debug_flag = 1;
securenetsfile = "securenets.test";
if (load_securenets () != 0)
return 1;
/* dump_securenets (); */
/* success */
if (check_entry (AF_INET, "127.0.0.1") != 0)
return 1;
/* success */
if (check_entry (AF_INET6, "::1") != 0)
return 1;
/* success */
if (check_entry (AF_INET6, "fe80::202:b3ff:ad:245") != 0)
return 1;
/* fail */
if (check_entry (AF_INET, "10.10.0.87") != 1)
return 1;
/* fail */
if (check_entry (AF_INET6, "fe80::202:b3fe:ff:ff") != 1)
return 1;
return 0;
}
void jag_store::load_data_binary(int data_id, int tid) {
const int file_idx = m_sample_map[data_id].first;
// std::string fn = m_binary_filenames[file_idx];
const int sample_idx = m_sample_map[data_id].second;
// std::ifstream in(fn.c_str(), std::ios::out | std::ios::binary);
/*
if (!in.good()) {
throw lbann_exception(std::string{} + __FILE__ + " " + std::to_string(__LINE__) + " :: failed to open: " + fn + " for reading; data_id: " + std::to_string(data_id) + " tid: " + std::to_string(tid));
}
*/
// in.seekg(sample_idx*m_sample_len);
m_streams[tid][file_idx]->seekg(sample_idx*m_sample_len);
m_streams[tid][file_idx]->read((char*)m_scratch[tid].data(), m_sample_len);
//in.read((char*)m_scratch[tid].data(), m_sample_len);
// in.close();
// size_t offset = sample_idx * m_sample_len;
// in.seekg(offset);
// in.read((char*)m_scratch[tid].data(), m_sample_len);
for (size_t j=0; j<m_inputs_to_use.size(); j++) {
check_entry(m_inputs_to_use[j]);
memcpy((void*)(m_data_inputs[tid].data()+j), (void*)(m_scratch[tid].data()+m_key_map[m_inputs_to_use[j]]), 8);
}
for (size_t j=0; j<m_data_inputs[tid].size(); j++) {
m_data_inputs[tid][j] = m_data_inputs[tid][j]*m_normalize_inputs[j].first - m_normalize_inputs[j].second;
}
for (size_t j=0; j<m_scalars_to_use.size(); j++) {
check_entry(m_scalars_to_use[j]);
memcpy((void*)(m_data_scalars[tid].data()+j), (void*)(m_scratch[tid].data()+m_key_map[m_scalars_to_use[j]]), 8);
}
for (size_t j=0; j<m_data_scalars[tid].size(); j++) {
m_data_scalars[tid][j] = m_data_scalars[tid][j]*m_normalize_scalars[j].first - m_normalize_scalars[j].second;
}
size_t y = 0;
for (size_t view=0; view<m_image_views_to_use.size(); view++) {
check_entry(m_image_views_to_use[view]);
for (size_t k=0; k<m_image_channels_to_use.size(); k++) {
int channel = m_image_channels_to_use[k];
memcpy((void*)m_data_images[tid][y].data(),
(void*)(m_scratch[tid].data()+m_key_map[m_image_views_to_use[view]] + channel*get_linearized_channel_size()*sizeof(data_reader_jag_conduit_hdf5::ch_t)), get_linearized_channel_size());
for (size_t x=0; x<m_data_images[tid][y].size(); x++) {
m_data_images[tid][y][x] = m_data_images[tid][y][x]*m_normalize_views[channel].first - m_normalize_views[channel].second;
}
++y;
}
}
}
void init_dialog(void *btn, t_cnt *cnt)
{
debug("init_dialog()");
(void)btn;
if (check_entry(cnt->xml, LOGIN_CHAN, BCHAN) < 0 ||
check_entry(cnt->xml, LOGIN_CHAN, EMPTY) < 0)
error_login(cnt->xml, ERR_CHAN);
else if (check_entry(cnt->xml, LOGIN_NICK, EMPTY) < 0)
error_login(cnt->xml, ERR_NICK);
else if (connect_to_server(cnt) < 0)
error_login(cnt->xml, ERR_SIGNIN);
else
ok_connection(cnt);
}
static void
mark_correct_entries(struct xmllog_root *root)
{
int ientry;
struct xmllog_entry *pentry;
for (ientry = 0; ientry < root->e.u; ientry++) {
pentry = root->e.v[ientry];
pentry->good_msg = check_entry(pentry->msg);
split_to_lines(pentry->msg, &pentry->msgl);
}
}
int
main (int argc, char **argv)
{
int c, i;
nagstatus status = STATE_OK;
set_program_name (argv[0]);
while ((c = getopt_long (argc, argv, GETOPT_HELP_VERSION_STRING, longopts,
NULL)) != -1)
{
switch (c)
{
default:
usage (stderr);
case_GETOPT_HELP_CHAR
case_GETOPT_VERSION_CHAR
}
}
if (argc <= optind)
usage (stderr);
mount_list = read_file_system_list (false);
if (NULL == mount_list)
/* Couldn't read the table of mounted file systems. */
plugin_error (STATE_UNKNOWN, 0,
"cannot read table of mounted file systems");
for (i = optind; i < argc; ++i)
if (STATE_CRITICAL == check_entry (argv[i]))
status = STATE_CRITICAL;
else
/* This is allowed. See:
* http://www.open-std.org/JTC1/sc22/wg14/www/docs/n1256.pdf */
argv[i] = NULL;
printf ("filesystems %s", state_text (status));
for (i = optind; i < argc; ++i)
if (argv[i])
printf (" %s", argv[i]);
if (STATE_CRITICAL == status)
printf (" unmounted!");
putchar ('\n');
return status;
}
void action_r(char *cdname)
{
char *filename=NULL;
fprintf(stderr, "%s", cdname);
filename=check_entry(cdname);
fprintf(stderr, "%s", filename);
if (filename==NULL)
{
fprintf(stderr, "No such CD record present");
}
else
{
convert_filename_to_read(filename);
read_from_file(filename);
}
}
int
main (int argc, char **argv)
{
int c, status = STATE_OK;
while ((c = getopt_long (argc, argv, "hv", longopts, NULL)) != -1)
{
switch (c)
{
default:
usage (stderr);
break;
case_GETOPT_HELP_CHAR
case_GETOPT_VERSION_CHAR
}
}
mount_list = read_file_system_list (false);
if (NULL == mount_list)
/* Couldn't read the table of mounted file systems. */
error (STATE_UNKNOWN, 0, "cannot read table of mounted file systems\n");
if (optind < argc)
{
int i;
for (i = optind; i < argc; ++i)
if (check_entry (argv[i]) == STATE_CRITICAL)
{
printf ("FILESYSTEM CRITICAL: `%s' not mounted\n", argv[i]);
status = STATE_CRITICAL;
}
}
else
usage (stderr);
if (status == STATE_OK)
printf ("FILESYSTEMS OK\n");
return status;
}
int ebtc_append_entry (const char *chainname, const struct ebt_entry *entry,
ebtc_handle_t *handle)
{
chain_list_t *chain = (*handle)->chains.first;
rule_list_t *rule;
unsigned int size;
if (check_entry(entry)) {
(*handle)->error_no = ERR_BADENTRY;
return -1;
}
while (chain) {
if (!strcmp(chain->entries.name, chainname))
break;
chain = chain->next;
}
if (!chain) {
(*handle)->error_no = ERR_CHAINNOTFOUND;
return -1;
}
size = sizeof(rule_list_t) + entry->next_offset;
rule = (rule_list_t *)malloc(size);
if (!rule) {
(*handle)->error_no = ERR_ALLOCATEMEM;
return -1;
}
memset(rule, 0, size);
rule->entry = (ebt_entry_t *)(rule + 1);
memcpy(rule->entry, entry, entry->next_offset);
if (chain->rules.last) {
chain->rules.last->next = rule;
chain->rules.last = rule;
} else
chain->rules.first = chain->rules.last = rule;
chain->rules.count++;
chain->rules.size += entry->next_offset;
(*handle)->changed = EBTC_TRUE;
(*handle)->error_no = SUCCESS;
return 0;
}
int ebtc_replace_entry (const char *chainname, const struct ebt_entry *entry,
unsigned int rulenum, ebtc_handle_t *handle)
{
chain_list_t *chain;
rule_list_t *rule_last = NULL;
rule_list_t *rule_old;
rule_list_t *rule_new;
unsigned int size;
if (check_entry(entry)) {
(*handle)->error_no = ERR_BADENTRY;
return -1;
}
chain = find_chain(chainname, *handle);
if (!chain) {
(*handle)->error_no = ERR_CHAINNOTFOUND;
return -1;
}
size = sizeof(rule_list_t) + entry->next_offset;
rule_new = (rule_list_t *)malloc(size);
if (!rule_new) {
(*handle)->error_no = ERR_ALLOCATEMEM;
return -1;
}
memset(rule_new, 0, size);
rule_new->entry = (ebt_entry_t *)(rule_new + 1);
memcpy(rule_new->entry, entry, entry->next_offset);
rule_old = chain->rules.first;
if (!rule_old) {
(*handle)->error_no = ERR_RULENUM;
return -1;
}
for (; rulenum > 0 && rule_old; rulenum--) {
rule_last = rule_old;
rule_old = rule_old->next;
}
if (rulenum || !rule_old) {
(*handle)->error_no = ERR_RULENUM;
return -1;
}
if (rule_last)
rule_last->next = rule_new;
else
chain->rules.first = rule_new;
rule_new->next = rule_old->next;
if (!rule_new->next)
chain->rules.last = rule_new;
chain->rules.size -= rule_old->entry->next_offset;
chain->rules.size += entry->next_offset;
(*handle)->changed = EBTC_TRUE;
free(rule_old);
(*handle)->error_no = SUCCESS;
return 0;
}
int ebtc_insert_entry (const char *chainname, const struct ebt_entry *entry,
unsigned int rulenum, ebtc_handle_t *handle)
{
chain_list_t *chain;
rule_list_t *rule_last = NULL;
rule_list_t *rule_cur;
rule_list_t *rule;
unsigned int size;
if (check_entry(entry)) {
(*handle)->error_no = ERR_BADENTRY;
return -1;
}
chain = find_chain(chainname, *handle);
if (!chain) {
(*handle)->error_no = ERR_CHAINNOTFOUND;
return -1;
}
size = sizeof(rule_list_t) + entry->next_offset;
rule = (rule_list_t *)malloc(size);
if (!rule) {
(*handle)->error_no = ERR_ALLOCATEMEM;
return -1;
}
memset(rule, 0, size);
rule->entry = (ebt_entry_t *)(rule + 1);
memcpy(rule->entry, entry, entry->next_offset);
rule_cur = chain->rules.first;
if (rule_cur) {
for (; rulenum > 0 && rule_cur; rulenum--) {
rule_last = rule_cur;
rule_cur = rule_cur->next;
}
if (rulenum || !rule_cur) {
(*handle)->error_no = ERR_RULENUM;
return -1;
}
if (rule_last)
rule_last->next = rule;
else
chain->rules.first = rule;
rule->next = rule_cur;
} else {
if (rulenum != 0) {
(*handle)->error_no = ERR_RULENUM;
return -1;
}
chain->rules.first = chain->rules.last = rule;
}
chain->rules.count++;
chain->rules.size += entry->next_offset;
(*handle)->changed = EBTC_TRUE;
(*handle)->error_no = SUCCESS;
return 0;
}
int
main()
{
krb5_db_entry *ent;
osa_policy_ent_t pol;
krb5_pa_data **e_data;
const char *status;
char *defrealm;
int count;
CHECK(krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx));
/* Currently necessary for krb5_db_open to work. */
CHECK(krb5_get_default_realm(ctx, &defrealm));
/* If we can, revert to requiring all entries match sample_princ in
* iter_princ_handler */
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK(krb5_db_create(ctx, NULL));
CHECK(krb5_db_inited(ctx));
CHECK(krb5_db_fini(ctx));
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK(krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN));
CHECK(krb5_db_inited(ctx));
/* Manipulate a policy, leaving it in place at the end. */
CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
CHECK(krb5_db_create_policy(ctx, &sample_policy));
CHECK_COND(krb5_db_create_policy(ctx, &sample_policy) != 0);
CHECK(krb5_db_get_policy(ctx, polname, &pol));
check_policy(pol);
pol->pw_min_length--;
CHECK(krb5_db_put_policy(ctx, pol));
krb5_db_free_policy(ctx, pol);
CHECK(krb5_db_get_policy(ctx, polname, &pol));
CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length - 1);
krb5_db_free_policy(ctx, pol);
CHECK(krb5_db_delete_policy(ctx, polname));
CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
CHECK(krb5_db_create_policy(ctx, &sample_policy));
count = 0;
CHECK(krb5_db_iter_policy(ctx, NULL, iter_pol_handler, &count));
CHECK_COND(count == 1);
/* Create a principal. */
CHECK_COND(krb5_db_delete_principal(ctx, &sample_princ) ==
KRB5_KDB_NOENTRY);
CHECK_COND(krb5_db_get_principal(ctx, &xrealm_princ, 0, &ent) ==
KRB5_KDB_NOENTRY);
CHECK(krb5_db_put_principal(ctx, &sample_entry));
/* Putting again will fail with LDAP (due to KADM5_PRINCIPAL in mask)
* but succeed with DB2, so don't check the result. */
(void)krb5_db_put_principal(ctx, &sample_entry);
/* But it should succeed in both back ends with KADM5_LOAD in mask. */
sample_entry.mask |= KADM5_LOAD;
CHECK(krb5_db_put_principal(ctx, &sample_entry));
sample_entry.mask &= ~KADM5_LOAD;
/* Fetch and compare the added principal. */
CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, &ent));
check_entry(ent);
/* We can't set up a successful allowed-to-delegate check through existing
* APIs yet, but we can make a failed check. */
CHECK_COND(krb5_db_check_allowed_to_delegate(ctx, &sample_princ, ent,
&sample_princ) != 0);
/* Exercise lockout code. */
/* Policy params: max_fail 2, failcnt_interval 60, lockout_duration 120 */
/* Initial state: last_success 1, last_failed 5, fail_auth_count 2,
* last admin unlock 6 */
/* Check succeeds due to last admin unlock. */
CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 7, &status, &e_data));
/* Failure count resets to 1 due to last admin unlock. */
sim_preauth(8, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 8);
/* Failure count resets to 1 due to failcnt_interval */
sim_preauth(70, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 70);
/* Failure count resets to 0 due to successful preauth. */
sim_preauth(75, TRUE, &ent);
CHECK_COND(ent->fail_auth_count == 0 && ent->last_success == 75);
/* Failure count increments to 2 and stops incrementing. */
sim_preauth(80, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 80);
sim_preauth(100, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
sim_preauth(110, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
/* Check fails due to reaching maximum failure count. */
CHECK_COND(krb5_db_check_policy_as(ctx, NULL, ent, ent, 170, &status,
&e_data) == KRB5KDC_ERR_CLIENT_REVOKED);
/* Check succeeds after lockout_duration has passed. */
CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 230, &status, &e_data));
/* Failure count resets to 1 on next failure. */
sim_preauth(240, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 240);
/* Exercise LDAP code to clear a policy reference and to set the key
* data on an existing principal. */
CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy));
ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA;
CHECK(krb5_db_put_principal(ctx, ent));
CHECK(krb5_db_delete_policy(ctx, polname));
/* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as
* from a load operation. */
ent->mask = (sample_entry.mask & ~KADM5_POLICY) | KADM5_LOAD;
CHECK(krb5_db_put_principal(ctx, ent));
/* Exercise LDAP code to create a new principal at a DN from
* KDB_TL_USER_INFO tl-data. */
CHECK(krb5_db_delete_principal(ctx, &sample_princ));
CHECK(krb5_db_put_principal(ctx, ent));
krb5_db_free_principal(ctx, ent);
/* Exercise principal iteration code. */
count = 0;
CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count));
CHECK_COND(count == 1);
CHECK(krb5_db_fini(ctx));
CHECK_COND(krb5_db_inited(ctx) != 0);
/* It might be nice to exercise krb5_db_destroy here, but the LDAP module
* doesn't support it. */
krb5_free_default_realm(ctx, defrealm);
krb5_free_context(ctx);
return 0;
}
void
on_cvs_import_response(GtkDialog* dialog, gint response, CVSData* data)
{
gchar* dirname = NULL;
if (is_busy(data->plugin, dialog))
return;
switch (response)
{
case GTK_RESPONSE_OK:
{
GtkWidget* username;
GtkWidget* password;
GtkWidget* cvsroot_entry;
GtkWidget* module_entry;
GtkWidget* vendortag;
GtkWidget* releasetag;
GtkWidget* logtext;
GtkWidget* typecombo;
GtkFileChooser* dir;
gchar* log;
username = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_username"));
password = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_password"));
cvsroot_entry = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_cvsroot"));
if (!check_entry(dialog, cvsroot_entry, _("CVSROOT")))
break;
module_entry = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_module"));
if (!check_entry(dialog, module_entry, _("Module")))
break;
vendortag = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_vendor"));
if (!check_entry(dialog, vendortag, _("Vendor")))
break;
releasetag = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_release"));
if (!check_entry(dialog, releasetag, _("Release")))
break;
typecombo = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_server_type"));
dir = GTK_FILE_CHOOSER(gtk_builder_get_object(data->bxml, "cvs_rootdir"));
dirname = gtk_file_chooser_get_filename (dir);
if (!dirname)
break;
logtext = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_import_log"));
log = get_log_from_textview(logtext);
if (!strlen(log))
{
gint result;
GtkWidget* dlg = gtk_message_dialog_new(GTK_WINDOW(dialog),
GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_INFO,
GTK_BUTTONS_YES_NO,
_("Are you sure that you do not want a log message?"));
result = gtk_dialog_run(GTK_DIALOG(dlg));
gtk_widget_destroy(dlg);
if (result == GTK_RESPONSE_NO)
break;
}
anjuta_cvs_import(ANJUTA_PLUGIN(data->plugin),
dirname,
gtk_entry_get_text(GTK_ENTRY(cvsroot_entry)),
gtk_entry_get_text(GTK_ENTRY(module_entry)),
gtk_entry_get_text(GTK_ENTRY(vendortag)),
gtk_entry_get_text(GTK_ENTRY(releasetag)),
log,
gtk_combo_box_get_active(GTK_COMBO_BOX(typecombo)),
gtk_entry_get_text(GTK_ENTRY(username)),
gtk_entry_get_text(GTK_ENTRY(password)), NULL);
cvs_data_free(data);
gtk_widget_destroy(GTK_WIDGET(dialog));
break;
}
default:
cvs_data_free(data);
gtk_widget_destroy(GTK_WIDGET(dialog));
break;
}
g_free(dirname);
}
int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
bool restore)
{
struct iptables_command_state cs;
int verbose = 0;
const char *chain = NULL;
const char *policy = NULL, *newname = NULL;
unsigned int rulenum = 0, command = 0;
int ret = 1;
struct xtables_match *m;
struct xtables_rule_match *matchp;
struct xtables_target *t;
struct xtables_args args = {
.family = h->family,
};
memset(&cs, 0, sizeof(cs));
cs.jumpto = "";
cs.argv = argv;
/* re-set optind to 0 in case do_command4 gets called
* a second time */
optind = 0;
/* clear mflags in case do_command4 gets called a second time
* (we clear the global list of all matches for security)*/
for (m = xtables_matches; m; m = m->next)
m->mflags = 0;
for (t = xtables_targets; t; t = t->next) {
t->tflags = 0;
t->used = 0;
}
/* Suppress error messages: we may add new options if we
demand-load a protocol. */
opterr = 0;
h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
opts = xt_params->orig_opts;
while ((cs.c = getopt_long(argc, argv,
"-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:46",
opts, NULL)) != -1) {
switch (cs.c) {
/*
* Command selection
*/
case 'A':
add_command(&command, CMD_APPEND, CMD_NONE,
cs.invert);
chain = optarg;
break;
case 'C':
add_command(&command, CMD_CHECK, CMD_NONE,
cs.invert);
chain = optarg;
break;
case 'D':
add_command(&command, CMD_DELETE, CMD_NONE,
cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!') {
rulenum = parse_rulenumber(argv[optind++]);
command = CMD_DELETE_NUM;
}
break;
case 'R':
add_command(&command, CMD_REPLACE, CMD_NONE,
cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
rulenum = parse_rulenumber(argv[optind++]);
else
xtables_error(PARAMETER_PROBLEM,
"-%c requires a rule number",
cmd2char(CMD_REPLACE));
break;
case 'I':
add_command(&command, CMD_INSERT, CMD_NONE,
cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
rulenum = parse_rulenumber(argv[optind++]);
else rulenum = 1;
break;
case 'L':
add_command(&command, CMD_LIST,
CMD_ZERO | CMD_ZERO_NUM, cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
rulenum = parse_rulenumber(argv[optind++]);
break;
case 'S':
add_command(&command, CMD_LIST_RULES,
CMD_ZERO|CMD_ZERO_NUM, cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
rulenum = parse_rulenumber(argv[optind++]);
break;
case 'F':
add_command(&command, CMD_FLUSH, CMD_NONE,
cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
break;
case 'Z':
add_command(&command, CMD_ZERO, CMD_LIST|CMD_LIST_RULES,
cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!') {
rulenum = parse_rulenumber(argv[optind++]);
command = CMD_ZERO_NUM;
}
break;
case 'N':
if (optarg && (*optarg == '-' || *optarg == '!'))
xtables_error(PARAMETER_PROBLEM,
"chain name not allowed to start "
"with `%c'\n", *optarg);
if (xtables_find_target(optarg, XTF_TRY_LOAD))
xtables_error(PARAMETER_PROBLEM,
"chain name may not clash "
"with target name\n");
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
cs.invert);
chain = optarg;
break;
case 'X':
add_command(&command, CMD_DELETE_CHAIN, CMD_NONE,
cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
break;
case 'E':
add_command(&command, CMD_RENAME_CHAIN, CMD_NONE,
cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
newname = argv[optind++];
else
xtables_error(PARAMETER_PROBLEM,
"-%c requires old-chain-name and "
"new-chain-name",
cmd2char(CMD_RENAME_CHAIN));
break;
case 'P':
add_command(&command, CMD_SET_POLICY, CMD_NONE,
cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
policy = argv[optind++];
else
xtables_error(PARAMETER_PROBLEM,
"-%c requires a chain and a policy",
cmd2char(CMD_SET_POLICY));
break;
case 'h':
if (!optarg)
optarg = argv[optind];
/* iptables -p icmp -h */
if (!cs.matches && cs.protocol)
xtables_find_match(cs.protocol,
XTF_TRY_LOAD, &cs.matches);
exit_printhelp(cs.matches);
/*
* Option selection
*/
case 'p':
set_option(&cs.options, OPT_PROTOCOL, &args.invflags,
cs.invert);
/* Canonicalize into lower case */
for (cs.protocol = optarg; *cs.protocol; cs.protocol++)
*cs.protocol = tolower(*cs.protocol);
cs.protocol = optarg;
args.proto = xtables_parse_protocol(cs.protocol);
if (args.proto == 0 && (args.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
/* This needs to happen here to parse extensions */
h->ops->proto_parse(&cs, &args);
break;
case 's':
set_option(&cs.options, OPT_SOURCE, &args.invflags,
cs.invert);
args.shostnetworkmask = optarg;
break;
case 'd':
set_option(&cs.options, OPT_DESTINATION,
&args.invflags, cs.invert);
args.dhostnetworkmask = optarg;
break;
#ifdef IPT_F_GOTO
case 'g':
set_option(&cs.options, OPT_JUMP, &args.invflags,
cs.invert);
args.goto_set = true;
cs.jumpto = parse_target(optarg);
break;
#endif
case 'j':
command_jump(&cs);
break;
case 'i':
if (*optarg == '\0')
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
set_option(&cs.options, OPT_VIANAMEIN, &args.invflags,
cs.invert);
xtables_parse_interface(optarg,
args.iniface,
args.iniface_mask);
break;
case 'o':
if (*optarg == '\0')
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
set_option(&cs.options, OPT_VIANAMEOUT, &args.invflags,
cs.invert);
xtables_parse_interface(optarg,
args.outiface,
args.outiface_mask);
break;
case 'f':
if (args.family == AF_INET6) {
xtables_error(PARAMETER_PROBLEM,
"`-f' is not supported in IPv6, "
"use -m frag instead");
}
set_option(&cs.options, OPT_FRAGMENT, &args.invflags,
cs.invert);
args.flags |= IPT_F_FRAG;
break;
case 'v':
if (!verbose)
set_option(&cs.options, OPT_VERBOSE,
&args.invflags, cs.invert);
verbose++;
break;
case 'm':
command_match(&cs);
break;
case 'n':
set_option(&cs.options, OPT_NUMERIC, &args.invflags,
cs.invert);
break;
case 't':
if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table");
*table = optarg;
break;
case 'x':
set_option(&cs.options, OPT_EXPANDED, &args.invflags,
cs.invert);
break;
case 'V':
if (cs.invert)
printf("Not %s ;-)\n", prog_vers);
else
printf("%s v%s\n",
prog_name, prog_vers);
exit(0);
case 'w':
if (restore) {
xtables_error(PARAMETER_PROBLEM,
"You cannot use `-w' from "
"iptables-restore");
}
break;
case '0':
set_option(&cs.options, OPT_LINENUMBERS,
&args.invflags, cs.invert);
break;
case 'M':
xtables_modprobe_program = optarg;
break;
case 'c':
set_option(&cs.options, OPT_COUNTERS, &args.invflags,
cs.invert);
args.pcnt = optarg;
args.bcnt = strchr(args.pcnt + 1, ',');
if (args.bcnt)
args.bcnt++;
if (!args.bcnt && optind < argc &&
argv[optind][0] != '-' &&
argv[optind][0] != '!')
args.bcnt = argv[optind++];
if (!args.bcnt)
xtables_error(PARAMETER_PROBLEM,
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
if (sscanf(args.pcnt, "%llu", &args.pcnt_cnt) != 1)
xtables_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
if (sscanf(args.bcnt, "%llu", &args.bcnt_cnt) != 1)
xtables_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
break;
case '4':
if (args.family != AF_INET)
exit_tryhelp(2);
h->ops = nft_family_ops_lookup(args.family);
break;
case '6':
args.family = AF_INET6;
xtables_set_nfproto(AF_INET6);
h->ops = nft_family_ops_lookup(args.family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM,
"Unknown family");
break;
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not"
" allowed");
cs.invert = TRUE;
optarg[0] = '\0';
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
exit_tryhelp(2);
default:
if (command_default(&cs, &xtables_globals) == 1)
/* cf. ip6tables.c */
continue;
break;
}
cs.invert = FALSE;
}
if (strcmp(*table, "nat") == 0 &&
((policy != NULL && strcmp(policy, "DROP") == 0) ||
(cs.jumpto != NULL && strcmp(cs.jumpto, "DROP") == 0)))
xtables_error(PARAMETER_PROBLEM,
"\nThe \"nat\" table is not intended for filtering, "
"the use of DROP is therefore inhibited.\n\n");
for (matchp = cs.matches; matchp; matchp = matchp->next)
xtables_option_mfcall(matchp->match);
if (cs.target != NULL)
xtables_option_tfcall(cs.target);
/* Fix me: must put inverse options checking here --MN */
if (optind < argc)
xtables_error(PARAMETER_PROBLEM,
"unknown arguments found on commandline");
if (!command)
xtables_error(PARAMETER_PROBLEM, "no command specified");
if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
/* Set only if required, needed by xtables-restore */
if (h->family == AF_UNSPEC)
h->family = args.family;
h->ops->post_parse(command, &cs, &args);
if (command == CMD_REPLACE &&
(args.s.naddrs != 1 || args.d.naddrs != 1))
xtables_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
generic_opt_check(command, cs.options);
if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
"chain name `%s' too long (must be under %u chars)",
chain, XT_EXTENSION_MAXNAMELEN);
if (command == CMD_APPEND
|| command == CMD_DELETE
|| command == CMD_CHECK
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
if (strcmp(chain, "PREROUTING") == 0
|| strcmp(chain, "INPUT") == 0) {
/* -o not valid with incoming packets. */
if (cs.options & OPT_VIANAMEOUT)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
chain);
}
if (strcmp(chain, "POSTROUTING") == 0
|| strcmp(chain, "OUTPUT") == 0) {
/* -i not valid with outgoing packets */
if (cs.options & OPT_VIANAMEIN)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
}
/*
* Contrary to what iptables does, we assume that any jumpto
* is a custom chain jumps (if no target is found). Later on,
* nf_table will spot the error if the chain does not exists.
*/
}
switch (command) {
case CMD_APPEND:
ret = add_entry(chain, *table, &cs, 0, h->family,
args.s, args.d, cs.options&OPT_VERBOSE,
h, true);
break;
case CMD_DELETE:
ret = delete_entry(chain, *table, &cs, h->family,
args.s, args.d, cs.options&OPT_VERBOSE, h);
break;
case CMD_DELETE_NUM:
ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
break;
case CMD_CHECK:
ret = check_entry(chain, *table, &cs, h->family,
args.s, args.d, cs.options&OPT_VERBOSE, h);
break;
case CMD_REPLACE:
ret = replace_entry(chain, *table, &cs, rulenum - 1,
h->family, args.s, args.d,
cs.options&OPT_VERBOSE, h);
break;
case CMD_INSERT:
ret = add_entry(chain, *table, &cs, rulenum - 1, h->family,
args.s, args.d, cs.options&OPT_VERBOSE, h,
false);
break;
case CMD_FLUSH:
ret = nft_rule_flush(h, chain, *table);
break;
case CMD_ZERO:
ret = nft_chain_zero_counters(h, chain, *table);
break;
case CMD_ZERO_NUM:
ret = nft_rule_zero_counters(h, chain, *table, rulenum - 1);
break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(h, chain, *table,
rulenum,
cs.options&OPT_VERBOSE,
cs.options&OPT_NUMERIC,
cs.options&OPT_EXPANDED,
cs.options&OPT_LINENUMBERS);
if (ret && (command & CMD_ZERO))
ret = nft_chain_zero_counters(h, chain, *table);
if (ret && (command & CMD_ZERO_NUM))
ret = nft_rule_zero_counters(h, chain, *table,
rulenum - 1);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(h, chain, *table, rulenum, cs.options&OPT_VERBOSE);
if (ret && (command & CMD_ZERO))
ret = nft_chain_zero_counters(h, chain, *table);
if (ret && (command & CMD_ZERO_NUM))
ret = nft_rule_zero_counters(h, chain, *table,
rulenum - 1);
break;
case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, chain, *table);
break;
case CMD_DELETE_CHAIN:
ret = nft_chain_user_del(h, chain, *table);
break;
case CMD_RENAME_CHAIN:
ret = nft_chain_user_rename(h, chain, *table, newname);
break;
case CMD_SET_POLICY:
ret = nft_chain_set(h, *table, chain, policy, NULL);
if (ret < 0)
xtables_error(PARAMETER_PROBLEM, "Wrong policy `%s'\n",
policy);
break;
default:
/* We should never reach this... */
exit_tryhelp(2);
}
/* if (verbose > 1)
dump_entries(*handle); */
xtables_rule_matches_free(&cs.matches);
if (h->family == AF_INET) {
free(args.s.addr.v4);
free(args.s.mask.v4);
free(args.d.addr.v4);
free(args.d.mask.v4);
} else if (h->family == AF_INET6) {
free(args.s.addr.v6);
free(args.s.mask.v6);
free(args.d.addr.v6);
free(args.d.mask.v6);
}
xtables_free_opts(1);
return ret;
}
