int main (void) { debug_flag = 1; securenetsfile = "securenets.test"; if (load_securenets () != 0) return 1; /* dump_securenets (); */ /* success */ if (check_entry (AF_INET, "127.0.0.1") != 0) return 1; /* success */ if (check_entry (AF_INET6, "::1") != 0) return 1; /* success */ if (check_entry (AF_INET6, "fe80::202:b3ff:ad:245") != 0) return 1; /* fail */ if (check_entry (AF_INET, "10.10.0.87") != 1) return 1; /* fail */ if (check_entry (AF_INET6, "fe80::202:b3fe:ff:ff") != 1) return 1; return 0; }
void jag_store::load_data_binary(int data_id, int tid) { const int file_idx = m_sample_map[data_id].first; // std::string fn = m_binary_filenames[file_idx]; const int sample_idx = m_sample_map[data_id].second; // std::ifstream in(fn.c_str(), std::ios::out | std::ios::binary); /* if (!in.good()) { throw lbann_exception(std::string{} + __FILE__ + " " + std::to_string(__LINE__) + " :: failed to open: " + fn + " for reading; data_id: " + std::to_string(data_id) + " tid: " + std::to_string(tid)); } */ // in.seekg(sample_idx*m_sample_len); m_streams[tid][file_idx]->seekg(sample_idx*m_sample_len); m_streams[tid][file_idx]->read((char*)m_scratch[tid].data(), m_sample_len); //in.read((char*)m_scratch[tid].data(), m_sample_len); // in.close(); // size_t offset = sample_idx * m_sample_len; // in.seekg(offset); // in.read((char*)m_scratch[tid].data(), m_sample_len); for (size_t j=0; j<m_inputs_to_use.size(); j++) { check_entry(m_inputs_to_use[j]); memcpy((void*)(m_data_inputs[tid].data()+j), (void*)(m_scratch[tid].data()+m_key_map[m_inputs_to_use[j]]), 8); } for (size_t j=0; j<m_data_inputs[tid].size(); j++) { m_data_inputs[tid][j] = m_data_inputs[tid][j]*m_normalize_inputs[j].first - m_normalize_inputs[j].second; } for (size_t j=0; j<m_scalars_to_use.size(); j++) { check_entry(m_scalars_to_use[j]); memcpy((void*)(m_data_scalars[tid].data()+j), (void*)(m_scratch[tid].data()+m_key_map[m_scalars_to_use[j]]), 8); } for (size_t j=0; j<m_data_scalars[tid].size(); j++) { m_data_scalars[tid][j] = m_data_scalars[tid][j]*m_normalize_scalars[j].first - m_normalize_scalars[j].second; } size_t y = 0; for (size_t view=0; view<m_image_views_to_use.size(); view++) { check_entry(m_image_views_to_use[view]); for (size_t k=0; k<m_image_channels_to_use.size(); k++) { int channel = m_image_channels_to_use[k]; memcpy((void*)m_data_images[tid][y].data(), (void*)(m_scratch[tid].data()+m_key_map[m_image_views_to_use[view]] + channel*get_linearized_channel_size()*sizeof(data_reader_jag_conduit_hdf5::ch_t)), get_linearized_channel_size()); for (size_t x=0; x<m_data_images[tid][y].size(); x++) { m_data_images[tid][y][x] = m_data_images[tid][y][x]*m_normalize_views[channel].first - m_normalize_views[channel].second; } ++y; } } }
void init_dialog(void *btn, t_cnt *cnt) { debug("init_dialog()"); (void)btn; if (check_entry(cnt->xml, LOGIN_CHAN, BCHAN) < 0 || check_entry(cnt->xml, LOGIN_CHAN, EMPTY) < 0) error_login(cnt->xml, ERR_CHAN); else if (check_entry(cnt->xml, LOGIN_NICK, EMPTY) < 0) error_login(cnt->xml, ERR_NICK); else if (connect_to_server(cnt) < 0) error_login(cnt->xml, ERR_SIGNIN); else ok_connection(cnt); }
static void mark_correct_entries(struct xmllog_root *root) { int ientry; struct xmllog_entry *pentry; for (ientry = 0; ientry < root->e.u; ientry++) { pentry = root->e.v[ientry]; pentry->good_msg = check_entry(pentry->msg); split_to_lines(pentry->msg, &pentry->msgl); } }
int main (int argc, char **argv) { int c, i; nagstatus status = STATE_OK; set_program_name (argv[0]); while ((c = getopt_long (argc, argv, GETOPT_HELP_VERSION_STRING, longopts, NULL)) != -1) { switch (c) { default: usage (stderr); case_GETOPT_HELP_CHAR case_GETOPT_VERSION_CHAR } } if (argc <= optind) usage (stderr); mount_list = read_file_system_list (false); if (NULL == mount_list) /* Couldn't read the table of mounted file systems. */ plugin_error (STATE_UNKNOWN, 0, "cannot read table of mounted file systems"); for (i = optind; i < argc; ++i) if (STATE_CRITICAL == check_entry (argv[i])) status = STATE_CRITICAL; else /* This is allowed. See: * http://www.open-std.org/JTC1/sc22/wg14/www/docs/n1256.pdf */ argv[i] = NULL; printf ("filesystems %s", state_text (status)); for (i = optind; i < argc; ++i) if (argv[i]) printf (" %s", argv[i]); if (STATE_CRITICAL == status) printf (" unmounted!"); putchar ('\n'); return status; }
void action_r(char *cdname) { char *filename=NULL; fprintf(stderr, "%s", cdname); filename=check_entry(cdname); fprintf(stderr, "%s", filename); if (filename==NULL) { fprintf(stderr, "No such CD record present"); } else { convert_filename_to_read(filename); read_from_file(filename); } }
int main (int argc, char **argv) { int c, status = STATE_OK; while ((c = getopt_long (argc, argv, "hv", longopts, NULL)) != -1) { switch (c) { default: usage (stderr); break; case_GETOPT_HELP_CHAR case_GETOPT_VERSION_CHAR } } mount_list = read_file_system_list (false); if (NULL == mount_list) /* Couldn't read the table of mounted file systems. */ error (STATE_UNKNOWN, 0, "cannot read table of mounted file systems\n"); if (optind < argc) { int i; for (i = optind; i < argc; ++i) if (check_entry (argv[i]) == STATE_CRITICAL) { printf ("FILESYSTEM CRITICAL: `%s' not mounted\n", argv[i]); status = STATE_CRITICAL; } } else usage (stderr); if (status == STATE_OK) printf ("FILESYSTEMS OK\n"); return status; }
int ebtc_append_entry (const char *chainname, const struct ebt_entry *entry, ebtc_handle_t *handle) { chain_list_t *chain = (*handle)->chains.first; rule_list_t *rule; unsigned int size; if (check_entry(entry)) { (*handle)->error_no = ERR_BADENTRY; return -1; } while (chain) { if (!strcmp(chain->entries.name, chainname)) break; chain = chain->next; } if (!chain) { (*handle)->error_no = ERR_CHAINNOTFOUND; return -1; } size = sizeof(rule_list_t) + entry->next_offset; rule = (rule_list_t *)malloc(size); if (!rule) { (*handle)->error_no = ERR_ALLOCATEMEM; return -1; } memset(rule, 0, size); rule->entry = (ebt_entry_t *)(rule + 1); memcpy(rule->entry, entry, entry->next_offset); if (chain->rules.last) { chain->rules.last->next = rule; chain->rules.last = rule; } else chain->rules.first = chain->rules.last = rule; chain->rules.count++; chain->rules.size += entry->next_offset; (*handle)->changed = EBTC_TRUE; (*handle)->error_no = SUCCESS; return 0; }
int ebtc_replace_entry (const char *chainname, const struct ebt_entry *entry, unsigned int rulenum, ebtc_handle_t *handle) { chain_list_t *chain; rule_list_t *rule_last = NULL; rule_list_t *rule_old; rule_list_t *rule_new; unsigned int size; if (check_entry(entry)) { (*handle)->error_no = ERR_BADENTRY; return -1; } chain = find_chain(chainname, *handle); if (!chain) { (*handle)->error_no = ERR_CHAINNOTFOUND; return -1; } size = sizeof(rule_list_t) + entry->next_offset; rule_new = (rule_list_t *)malloc(size); if (!rule_new) { (*handle)->error_no = ERR_ALLOCATEMEM; return -1; } memset(rule_new, 0, size); rule_new->entry = (ebt_entry_t *)(rule_new + 1); memcpy(rule_new->entry, entry, entry->next_offset); rule_old = chain->rules.first; if (!rule_old) { (*handle)->error_no = ERR_RULENUM; return -1; } for (; rulenum > 0 && rule_old; rulenum--) { rule_last = rule_old; rule_old = rule_old->next; } if (rulenum || !rule_old) { (*handle)->error_no = ERR_RULENUM; return -1; } if (rule_last) rule_last->next = rule_new; else chain->rules.first = rule_new; rule_new->next = rule_old->next; if (!rule_new->next) chain->rules.last = rule_new; chain->rules.size -= rule_old->entry->next_offset; chain->rules.size += entry->next_offset; (*handle)->changed = EBTC_TRUE; free(rule_old); (*handle)->error_no = SUCCESS; return 0; }
int ebtc_insert_entry (const char *chainname, const struct ebt_entry *entry, unsigned int rulenum, ebtc_handle_t *handle) { chain_list_t *chain; rule_list_t *rule_last = NULL; rule_list_t *rule_cur; rule_list_t *rule; unsigned int size; if (check_entry(entry)) { (*handle)->error_no = ERR_BADENTRY; return -1; } chain = find_chain(chainname, *handle); if (!chain) { (*handle)->error_no = ERR_CHAINNOTFOUND; return -1; } size = sizeof(rule_list_t) + entry->next_offset; rule = (rule_list_t *)malloc(size); if (!rule) { (*handle)->error_no = ERR_ALLOCATEMEM; return -1; } memset(rule, 0, size); rule->entry = (ebt_entry_t *)(rule + 1); memcpy(rule->entry, entry, entry->next_offset); rule_cur = chain->rules.first; if (rule_cur) { for (; rulenum > 0 && rule_cur; rulenum--) { rule_last = rule_cur; rule_cur = rule_cur->next; } if (rulenum || !rule_cur) { (*handle)->error_no = ERR_RULENUM; return -1; } if (rule_last) rule_last->next = rule; else chain->rules.first = rule; rule->next = rule_cur; } else { if (rulenum != 0) { (*handle)->error_no = ERR_RULENUM; return -1; } chain->rules.first = chain->rules.last = rule; } chain->rules.count++; chain->rules.size += entry->next_offset; (*handle)->changed = EBTC_TRUE; (*handle)->error_no = SUCCESS; return 0; }
int main() { krb5_db_entry *ent; osa_policy_ent_t pol; krb5_pa_data **e_data; const char *status; char *defrealm; int count; CHECK(krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx)); /* Currently necessary for krb5_db_open to work. */ CHECK(krb5_get_default_realm(ctx, &defrealm)); /* If we can, revert to requiring all entries match sample_princ in * iter_princ_handler */ CHECK_COND(krb5_db_inited(ctx) != 0); CHECK(krb5_db_create(ctx, NULL)); CHECK(krb5_db_inited(ctx)); CHECK(krb5_db_fini(ctx)); CHECK_COND(krb5_db_inited(ctx) != 0); CHECK_COND(krb5_db_inited(ctx) != 0); CHECK(krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)); CHECK(krb5_db_inited(ctx)); /* Manipulate a policy, leaving it in place at the end. */ CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0); CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0); CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY); CHECK(krb5_db_create_policy(ctx, &sample_policy)); CHECK_COND(krb5_db_create_policy(ctx, &sample_policy) != 0); CHECK(krb5_db_get_policy(ctx, polname, &pol)); check_policy(pol); pol->pw_min_length--; CHECK(krb5_db_put_policy(ctx, pol)); krb5_db_free_policy(ctx, pol); CHECK(krb5_db_get_policy(ctx, polname, &pol)); CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length - 1); krb5_db_free_policy(ctx, pol); CHECK(krb5_db_delete_policy(ctx, polname)); CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0); CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0); CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY); CHECK(krb5_db_create_policy(ctx, &sample_policy)); count = 0; CHECK(krb5_db_iter_policy(ctx, NULL, iter_pol_handler, &count)); CHECK_COND(count == 1); /* Create a principal. */ CHECK_COND(krb5_db_delete_principal(ctx, &sample_princ) == KRB5_KDB_NOENTRY); CHECK_COND(krb5_db_get_principal(ctx, &xrealm_princ, 0, &ent) == KRB5_KDB_NOENTRY); CHECK(krb5_db_put_principal(ctx, &sample_entry)); /* Putting again will fail with LDAP (due to KADM5_PRINCIPAL in mask) * but succeed with DB2, so don't check the result. */ (void)krb5_db_put_principal(ctx, &sample_entry); /* But it should succeed in both back ends with KADM5_LOAD in mask. */ sample_entry.mask |= KADM5_LOAD; CHECK(krb5_db_put_principal(ctx, &sample_entry)); sample_entry.mask &= ~KADM5_LOAD; /* Fetch and compare the added principal. */ CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, &ent)); check_entry(ent); /* We can't set up a successful allowed-to-delegate check through existing * APIs yet, but we can make a failed check. */ CHECK_COND(krb5_db_check_allowed_to_delegate(ctx, &sample_princ, ent, &sample_princ) != 0); /* Exercise lockout code. */ /* Policy params: max_fail 2, failcnt_interval 60, lockout_duration 120 */ /* Initial state: last_success 1, last_failed 5, fail_auth_count 2, * last admin unlock 6 */ /* Check succeeds due to last admin unlock. */ CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 7, &status, &e_data)); /* Failure count resets to 1 due to last admin unlock. */ sim_preauth(8, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 8); /* Failure count resets to 1 due to failcnt_interval */ sim_preauth(70, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 70); /* Failure count resets to 0 due to successful preauth. */ sim_preauth(75, TRUE, &ent); CHECK_COND(ent->fail_auth_count == 0 && ent->last_success == 75); /* Failure count increments to 2 and stops incrementing. */ sim_preauth(80, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 80); sim_preauth(100, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100); sim_preauth(110, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100); /* Check fails due to reaching maximum failure count. */ CHECK_COND(krb5_db_check_policy_as(ctx, NULL, ent, ent, 170, &status, &e_data) == KRB5KDC_ERR_CLIENT_REVOKED); /* Check succeeds after lockout_duration has passed. */ CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 230, &status, &e_data)); /* Failure count resets to 1 on next failure. */ sim_preauth(240, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 240); /* Exercise LDAP code to clear a policy reference and to set the key * data on an existing principal. */ CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy)); ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA; CHECK(krb5_db_put_principal(ctx, ent)); CHECK(krb5_db_delete_policy(ctx, polname)); /* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as * from a load operation. */ ent->mask = (sample_entry.mask & ~KADM5_POLICY) | KADM5_LOAD; CHECK(krb5_db_put_principal(ctx, ent)); /* Exercise LDAP code to create a new principal at a DN from * KDB_TL_USER_INFO tl-data. */ CHECK(krb5_db_delete_principal(ctx, &sample_princ)); CHECK(krb5_db_put_principal(ctx, ent)); krb5_db_free_principal(ctx, ent); /* Exercise principal iteration code. */ count = 0; CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count)); CHECK_COND(count == 1); CHECK(krb5_db_fini(ctx)); CHECK_COND(krb5_db_inited(ctx) != 0); /* It might be nice to exercise krb5_db_destroy here, but the LDAP module * doesn't support it. */ krb5_free_default_realm(ctx, defrealm); krb5_free_context(ctx); return 0; }
void on_cvs_import_response(GtkDialog* dialog, gint response, CVSData* data) { gchar* dirname = NULL; if (is_busy(data->plugin, dialog)) return; switch (response) { case GTK_RESPONSE_OK: { GtkWidget* username; GtkWidget* password; GtkWidget* cvsroot_entry; GtkWidget* module_entry; GtkWidget* vendortag; GtkWidget* releasetag; GtkWidget* logtext; GtkWidget* typecombo; GtkFileChooser* dir; gchar* log; username = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_username")); password = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_password")); cvsroot_entry = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_cvsroot")); if (!check_entry(dialog, cvsroot_entry, _("CVSROOT"))) break; module_entry = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_module")); if (!check_entry(dialog, module_entry, _("Module"))) break; vendortag = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_vendor")); if (!check_entry(dialog, vendortag, _("Vendor"))) break; releasetag = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_release")); if (!check_entry(dialog, releasetag, _("Release"))) break; typecombo = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_server_type")); dir = GTK_FILE_CHOOSER(gtk_builder_get_object(data->bxml, "cvs_rootdir")); dirname = gtk_file_chooser_get_filename (dir); if (!dirname) break; logtext = GTK_WIDGET(gtk_builder_get_object(data->bxml, "cvs_import_log")); log = get_log_from_textview(logtext); if (!strlen(log)) { gint result; GtkWidget* dlg = gtk_message_dialog_new(GTK_WINDOW(dialog), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_INFO, GTK_BUTTONS_YES_NO, _("Are you sure that you do not want a log message?")); result = gtk_dialog_run(GTK_DIALOG(dlg)); gtk_widget_destroy(dlg); if (result == GTK_RESPONSE_NO) break; } anjuta_cvs_import(ANJUTA_PLUGIN(data->plugin), dirname, gtk_entry_get_text(GTK_ENTRY(cvsroot_entry)), gtk_entry_get_text(GTK_ENTRY(module_entry)), gtk_entry_get_text(GTK_ENTRY(vendortag)), gtk_entry_get_text(GTK_ENTRY(releasetag)), log, gtk_combo_box_get_active(GTK_COMBO_BOX(typecombo)), gtk_entry_get_text(GTK_ENTRY(username)), gtk_entry_get_text(GTK_ENTRY(password)), NULL); cvs_data_free(data); gtk_widget_destroy(GTK_WIDGET(dialog)); break; } default: cvs_data_free(data); gtk_widget_destroy(GTK_WIDGET(dialog)); break; } g_free(dirname); }
int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool restore) { struct iptables_command_state cs; int verbose = 0; const char *chain = NULL; const char *policy = NULL, *newname = NULL; unsigned int rulenum = 0, command = 0; int ret = 1; struct xtables_match *m; struct xtables_rule_match *matchp; struct xtables_target *t; struct xtables_args args = { .family = h->family, }; memset(&cs, 0, sizeof(cs)); cs.jumpto = ""; cs.argv = argv; /* re-set optind to 0 in case do_command4 gets called * a second time */ optind = 0; /* clear mflags in case do_command4 gets called a second time * (we clear the global list of all matches for security)*/ for (m = xtables_matches; m; m = m->next) m->mflags = 0; for (t = xtables_targets; t; t = t->next) { t->tflags = 0; t->used = 0; } /* Suppress error messages: we may add new options if we demand-load a protocol. */ opterr = 0; h->ops = nft_family_ops_lookup(h->family); if (h->ops == NULL) xtables_error(PARAMETER_PROBLEM, "Unknown family"); opts = xt_params->orig_opts; while ((cs.c = getopt_long(argc, argv, "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:46", opts, NULL)) != -1) { switch (cs.c) { /* * Command selection */ case 'A': add_command(&command, CMD_APPEND, CMD_NONE, cs.invert); chain = optarg; break; case 'C': add_command(&command, CMD_CHECK, CMD_NONE, cs.invert); chain = optarg; break; case 'D': add_command(&command, CMD_DELETE, CMD_NONE, cs.invert); chain = optarg; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') { rulenum = parse_rulenumber(argv[optind++]); command = CMD_DELETE_NUM; } break; case 'R': add_command(&command, CMD_REPLACE, CMD_NONE, cs.invert); chain = optarg; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') rulenum = parse_rulenumber(argv[optind++]); else xtables_error(PARAMETER_PROBLEM, "-%c requires a rule number", cmd2char(CMD_REPLACE)); break; case 'I': add_command(&command, CMD_INSERT, CMD_NONE, cs.invert); chain = optarg; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') rulenum = parse_rulenumber(argv[optind++]); else rulenum = 1; break; case 'L': add_command(&command, CMD_LIST, CMD_ZERO | CMD_ZERO_NUM, cs.invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') rulenum = parse_rulenumber(argv[optind++]); break; case 'S': add_command(&command, CMD_LIST_RULES, CMD_ZERO|CMD_ZERO_NUM, cs.invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') rulenum = parse_rulenumber(argv[optind++]); break; case 'F': add_command(&command, CMD_FLUSH, CMD_NONE, cs.invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; break; case 'Z': add_command(&command, CMD_ZERO, CMD_LIST|CMD_LIST_RULES, cs.invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') { rulenum = parse_rulenumber(argv[optind++]); command = CMD_ZERO_NUM; } break; case 'N': if (optarg && (*optarg == '-' || *optarg == '!')) xtables_error(PARAMETER_PROBLEM, "chain name not allowed to start " "with `%c'\n", *optarg); if (xtables_find_target(optarg, XTF_TRY_LOAD)) xtables_error(PARAMETER_PROBLEM, "chain name may not clash " "with target name\n"); add_command(&command, CMD_NEW_CHAIN, CMD_NONE, cs.invert); chain = optarg; break; case 'X': add_command(&command, CMD_DELETE_CHAIN, CMD_NONE, cs.invert); if (optarg) chain = optarg; else if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') chain = argv[optind++]; break; case 'E': add_command(&command, CMD_RENAME_CHAIN, CMD_NONE, cs.invert); chain = optarg; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') newname = argv[optind++]; else xtables_error(PARAMETER_PROBLEM, "-%c requires old-chain-name and " "new-chain-name", cmd2char(CMD_RENAME_CHAIN)); break; case 'P': add_command(&command, CMD_SET_POLICY, CMD_NONE, cs.invert); chain = optarg; if (optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') policy = argv[optind++]; else xtables_error(PARAMETER_PROBLEM, "-%c requires a chain and a policy", cmd2char(CMD_SET_POLICY)); break; case 'h': if (!optarg) optarg = argv[optind]; /* iptables -p icmp -h */ if (!cs.matches && cs.protocol) xtables_find_match(cs.protocol, XTF_TRY_LOAD, &cs.matches); exit_printhelp(cs.matches); /* * Option selection */ case 'p': set_option(&cs.options, OPT_PROTOCOL, &args.invflags, cs.invert); /* Canonicalize into lower case */ for (cs.protocol = optarg; *cs.protocol; cs.protocol++) *cs.protocol = tolower(*cs.protocol); cs.protocol = optarg; args.proto = xtables_parse_protocol(cs.protocol); if (args.proto == 0 && (args.invflags & XT_INV_PROTO)) xtables_error(PARAMETER_PROBLEM, "rule would never match protocol"); /* This needs to happen here to parse extensions */ h->ops->proto_parse(&cs, &args); break; case 's': set_option(&cs.options, OPT_SOURCE, &args.invflags, cs.invert); args.shostnetworkmask = optarg; break; case 'd': set_option(&cs.options, OPT_DESTINATION, &args.invflags, cs.invert); args.dhostnetworkmask = optarg; break; #ifdef IPT_F_GOTO case 'g': set_option(&cs.options, OPT_JUMP, &args.invflags, cs.invert); args.goto_set = true; cs.jumpto = parse_target(optarg); break; #endif case 'j': command_jump(&cs); break; case 'i': if (*optarg == '\0') xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); set_option(&cs.options, OPT_VIANAMEIN, &args.invflags, cs.invert); xtables_parse_interface(optarg, args.iniface, args.iniface_mask); break; case 'o': if (*optarg == '\0') xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); set_option(&cs.options, OPT_VIANAMEOUT, &args.invflags, cs.invert); xtables_parse_interface(optarg, args.outiface, args.outiface_mask); break; case 'f': if (args.family == AF_INET6) { xtables_error(PARAMETER_PROBLEM, "`-f' is not supported in IPv6, " "use -m frag instead"); } set_option(&cs.options, OPT_FRAGMENT, &args.invflags, cs.invert); args.flags |= IPT_F_FRAG; break; case 'v': if (!verbose) set_option(&cs.options, OPT_VERBOSE, &args.invflags, cs.invert); verbose++; break; case 'm': command_match(&cs); break; case 'n': set_option(&cs.options, OPT_NUMERIC, &args.invflags, cs.invert); break; case 't': if (cs.invert) xtables_error(PARAMETER_PROBLEM, "unexpected ! flag before --table"); *table = optarg; break; case 'x': set_option(&cs.options, OPT_EXPANDED, &args.invflags, cs.invert); break; case 'V': if (cs.invert) printf("Not %s ;-)\n", prog_vers); else printf("%s v%s\n", prog_name, prog_vers); exit(0); case 'w': if (restore) { xtables_error(PARAMETER_PROBLEM, "You cannot use `-w' from " "iptables-restore"); } break; case '0': set_option(&cs.options, OPT_LINENUMBERS, &args.invflags, cs.invert); break; case 'M': xtables_modprobe_program = optarg; break; case 'c': set_option(&cs.options, OPT_COUNTERS, &args.invflags, cs.invert); args.pcnt = optarg; args.bcnt = strchr(args.pcnt + 1, ','); if (args.bcnt) args.bcnt++; if (!args.bcnt && optind < argc && argv[optind][0] != '-' && argv[optind][0] != '!') args.bcnt = argv[optind++]; if (!args.bcnt) xtables_error(PARAMETER_PROBLEM, "-%c requires packet and byte counter", opt2char(OPT_COUNTERS)); if (sscanf(args.pcnt, "%llu", &args.pcnt_cnt) != 1) xtables_error(PARAMETER_PROBLEM, "-%c packet counter not numeric", opt2char(OPT_COUNTERS)); if (sscanf(args.bcnt, "%llu", &args.bcnt_cnt) != 1) xtables_error(PARAMETER_PROBLEM, "-%c byte counter not numeric", opt2char(OPT_COUNTERS)); break; case '4': if (args.family != AF_INET) exit_tryhelp(2); h->ops = nft_family_ops_lookup(args.family); break; case '6': args.family = AF_INET6; xtables_set_nfproto(AF_INET6); h->ops = nft_family_ops_lookup(args.family); if (h->ops == NULL) xtables_error(PARAMETER_PROBLEM, "Unknown family"); break; case 1: /* non option */ if (optarg[0] == '!' && optarg[1] == '\0') { if (cs.invert) xtables_error(PARAMETER_PROBLEM, "multiple consecutive ! not" " allowed"); cs.invert = TRUE; optarg[0] = '\0'; continue; } fprintf(stderr, "Bad argument `%s'\n", optarg); exit_tryhelp(2); default: if (command_default(&cs, &xtables_globals) == 1) /* cf. ip6tables.c */ continue; break; } cs.invert = FALSE; } if (strcmp(*table, "nat") == 0 && ((policy != NULL && strcmp(policy, "DROP") == 0) || (cs.jumpto != NULL && strcmp(cs.jumpto, "DROP") == 0))) xtables_error(PARAMETER_PROBLEM, "\nThe \"nat\" table is not intended for filtering, " "the use of DROP is therefore inhibited.\n\n"); for (matchp = cs.matches; matchp; matchp = matchp->next) xtables_option_mfcall(matchp->match); if (cs.target != NULL) xtables_option_tfcall(cs.target); /* Fix me: must put inverse options checking here --MN */ if (optind < argc) xtables_error(PARAMETER_PROBLEM, "unknown arguments found on commandline"); if (!command) xtables_error(PARAMETER_PROBLEM, "no command specified"); if (cs.invert) xtables_error(PARAMETER_PROBLEM, "nothing appropriate following !"); /* Set only if required, needed by xtables-restore */ if (h->family == AF_UNSPEC) h->family = args.family; h->ops->post_parse(command, &cs, &args); if (command == CMD_REPLACE && (args.s.naddrs != 1 || args.d.naddrs != 1)) xtables_error(PARAMETER_PROBLEM, "Replacement rule does not " "specify a unique address"); generic_opt_check(command, cs.options); if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, "chain name `%s' too long (must be under %u chars)", chain, XT_EXTENSION_MAXNAMELEN); if (command == CMD_APPEND || command == CMD_DELETE || command == CMD_CHECK || command == CMD_INSERT || command == CMD_REPLACE) { if (strcmp(chain, "PREROUTING") == 0 || strcmp(chain, "INPUT") == 0) { /* -o not valid with incoming packets. */ if (cs.options & OPT_VIANAMEOUT) xtables_error(PARAMETER_PROBLEM, "Can't use -%c with %s\n", opt2char(OPT_VIANAMEOUT), chain); } if (strcmp(chain, "POSTROUTING") == 0 || strcmp(chain, "OUTPUT") == 0) { /* -i not valid with outgoing packets */ if (cs.options & OPT_VIANAMEIN) xtables_error(PARAMETER_PROBLEM, "Can't use -%c with %s\n", opt2char(OPT_VIANAMEIN), chain); } /* * Contrary to what iptables does, we assume that any jumpto * is a custom chain jumps (if no target is found). Later on, * nf_table will spot the error if the chain does not exists. */ } switch (command) { case CMD_APPEND: ret = add_entry(chain, *table, &cs, 0, h->family, args.s, args.d, cs.options&OPT_VERBOSE, h, true); break; case CMD_DELETE: ret = delete_entry(chain, *table, &cs, h->family, args.s, args.d, cs.options&OPT_VERBOSE, h); break; case CMD_DELETE_NUM: ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose); break; case CMD_CHECK: ret = check_entry(chain, *table, &cs, h->family, args.s, args.d, cs.options&OPT_VERBOSE, h); break; case CMD_REPLACE: ret = replace_entry(chain, *table, &cs, rulenum - 1, h->family, args.s, args.d, cs.options&OPT_VERBOSE, h); break; case CMD_INSERT: ret = add_entry(chain, *table, &cs, rulenum - 1, h->family, args.s, args.d, cs.options&OPT_VERBOSE, h, false); break; case CMD_FLUSH: ret = nft_rule_flush(h, chain, *table); break; case CMD_ZERO: ret = nft_chain_zero_counters(h, chain, *table); break; case CMD_ZERO_NUM: ret = nft_rule_zero_counters(h, chain, *table, rulenum - 1); break; case CMD_LIST: case CMD_LIST|CMD_ZERO: case CMD_LIST|CMD_ZERO_NUM: ret = list_entries(h, chain, *table, rulenum, cs.options&OPT_VERBOSE, cs.options&OPT_NUMERIC, cs.options&OPT_EXPANDED, cs.options&OPT_LINENUMBERS); if (ret && (command & CMD_ZERO)) ret = nft_chain_zero_counters(h, chain, *table); if (ret && (command & CMD_ZERO_NUM)) ret = nft_rule_zero_counters(h, chain, *table, rulenum - 1); break; case CMD_LIST_RULES: case CMD_LIST_RULES|CMD_ZERO: case CMD_LIST_RULES|CMD_ZERO_NUM: ret = list_rules(h, chain, *table, rulenum, cs.options&OPT_VERBOSE); if (ret && (command & CMD_ZERO)) ret = nft_chain_zero_counters(h, chain, *table); if (ret && (command & CMD_ZERO_NUM)) ret = nft_rule_zero_counters(h, chain, *table, rulenum - 1); break; case CMD_NEW_CHAIN: ret = nft_chain_user_add(h, chain, *table); break; case CMD_DELETE_CHAIN: ret = nft_chain_user_del(h, chain, *table); break; case CMD_RENAME_CHAIN: ret = nft_chain_user_rename(h, chain, *table, newname); break; case CMD_SET_POLICY: ret = nft_chain_set(h, *table, chain, policy, NULL); if (ret < 0) xtables_error(PARAMETER_PROBLEM, "Wrong policy `%s'\n", policy); break; default: /* We should never reach this... */ exit_tryhelp(2); } /* if (verbose > 1) dump_entries(*handle); */ xtables_rule_matches_free(&cs.matches); if (h->family == AF_INET) { free(args.s.addr.v4); free(args.s.mask.v4); free(args.d.addr.v4); free(args.d.mask.v4); } else if (h->family == AF_INET6) { free(args.s.addr.v6); free(args.s.mask.v6); free(args.d.addr.v6); free(args.d.mask.v6); } xtables_free_opts(1); return ret; }