static void command_match(struct iptables_command_state *cs) { struct xtables_match *m; size_t size; if (cs->invert) xtables_error(PARAMETER_PROBLEM, "unexpected ! flag before --match"); m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches); size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size; m->m = xtables_calloc(1, size); m->m->u.match_size = size; if (m->real_name == NULL) { strcpy(m->m->u.user.name, m->name); } else { strcpy(m->m->u.user.name, m->real_name); if (!(m->ext_flags & XTABLES_EXT_ALIAS)) fprintf(stderr, "Notice: the %s match is converted into %s match " "in rule listing and saving.\n", m->name, m->real_name); } m->m->u.user.revision = m->revision; xs_init_match(m); if (m == m->next) return; /* Merge options for non-cloned matches */ if (m->x6_options != NULL) opts = xtables_options_xfrm(xtables_globals.orig_opts, opts, m->x6_options, &m->option_offset); else if (m->extra_opts != NULL) opts = xtables_merge_options(xtables_globals.orig_opts, opts, m->extra_opts, &m->option_offset); if (opts == NULL) xtables_error(OTHER_PROBLEM, "can't alloc memory!"); }
static struct xtables_target *command_jump(struct arpt_entry *fw, const char *jumpto) { struct xtables_target *target; size_t size; /* XTF_TRY_LOAD (may be chain name) */ target = xtables_find_target(jumpto, XTF_TRY_LOAD); if (!target) return NULL; size = XT_ALIGN(sizeof(struct xt_entry_target)) + target->size; target->t = xtables_calloc(1, size); target->t->u.target_size = size; strncpy(target->t->u.user.name, jumpto, sizeof(target->t->u.user.name)); target->t->u.user.name[sizeof(target->t->u.user.name)-1] = '\0'; target->t->u.user.revision = target->revision; xs_init_target(target); if (target->x6_options != NULL) opts = xtables_options_xfrm(arptables_globals.orig_opts, opts, target->x6_options, &target->option_offset); else opts = xtables_merge_options(arptables_globals.orig_opts, opts, target->extra_opts, &target->option_offset); return target; }
static void command_jump(struct iptables_command_state *cs) { size_t size; set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags, cs->invert); cs->jumpto = parse_target(optarg); /* TRY_LOAD (may be chain name) */ cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD); if (cs->target == NULL) return; size = XT_ALIGN(sizeof(struct xt_entry_target)) + cs->target->size; cs->target->t = xtables_calloc(1, size); cs->target->t->u.target_size = size; if (cs->target->real_name == NULL) { strcpy(cs->target->t->u.user.name, cs->jumpto); } else { /* Alias support for userspace side */ strcpy(cs->target->t->u.user.name, cs->target->real_name); if (!(cs->target->ext_flags & XTABLES_EXT_ALIAS)) fprintf(stderr, "Notice: The %s target is converted into %s target " "in rule listing and saving.\n", cs->jumpto, cs->target->real_name); } cs->target->t->u.user.revision = cs->target->revision; xs_init_target(cs->target); if (cs->target->x6_options != NULL) opts = xtables_options_xfrm(xtables_globals.orig_opts, opts, cs->target->x6_options, &cs->target->option_offset); else opts = xtables_merge_options(xtables_globals.orig_opts, opts, cs->target->extra_opts, &cs->target->option_offset); if (opts == NULL) xtables_error(OTHER_PROBLEM, "can't alloc memory!"); }
static int parse_ipt(struct action_util *a,int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) { struct xtables_target *m = NULL; struct ipt_entry fw; struct rtattr *tail; int c; int rargc = *argc_p; char **argv = *argv_p; int argc = 0, iargc = 0; char k[16]; int size = 0; int iok = 0, ok = 0; __u32 hook = 0, index = 0; struct option *opts = NULL; xtables_init_all(&tcipt_globals, NFPROTO_IPV4); set_lib_dir(); { int i; for (i = 0; i < rargc; i++) { if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) { break; } } iargc = argc = i; } if (argc <= 2) { fprintf(stderr,"bad arguements to ipt %d vs %d \n", argc, rargc); return -1; } while (1) { c = getopt_long(argc, argv, "j:", tcipt_globals.opts, NULL); if (c == -1) break; switch (c) { case 'j': m = xtables_find_target(optarg, XTF_TRY_LOAD); if (NULL != m) { if (0 > build_st(m, NULL)) { printf(" %s error \n", m->name); return -1; } #if (XTABLES_VERSION_CODE >= 6) opts = xtables_options_xfrm(tcipt_globals.orig_opts, tcipt_globals.opts, m->x6_options, &m->option_offset); #else opts = xtables_merge_options(tcipt_globals.orig_opts, tcipt_globals.opts, m->extra_opts, &m->option_offset); #endif if (opts == NULL) { fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg); return -1; } else tcipt_globals.opts = opts; } else { fprintf(stderr," failed to find target %s\n\n", optarg); return -1; } ok++; break; default: memset(&fw, 0, sizeof (fw)); #if (XTABLES_VERSION_CODE >= 6) if (m != NULL && m->x6_parse != NULL ) { xtables_option_tpcall(c, argv, 0 , m, NULL); #else if (m != NULL && m->parse != NULL ) { m->parse(c - m->option_offset, argv, 0, &m->tflags, NULL, &m->t); #endif } else { fprintf(stderr,"failed to find target %s\n\n", optarg); return -1; } ok++; break; } } if (iargc > optind) { if (matches(argv[optind], "index") == 0) { if (get_u32(&index, argv[optind + 1], 10)) { fprintf(stderr, "Illegal \"index\"\n"); xtables_free_opts(1); return -1; } iok++; optind += 2; } } if (!ok && !iok) { fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv); return -1; } /* check that we passed the correct parameters to the target */ #if (XTABLES_VERSION_CODE >= 6) if (m) xtables_option_tfcall(m); #else if (m && m->final_check) m->final_check(m->tflags); #endif { struct tcmsg *t = NLMSG_DATA(n); if (t->tcm_parent != TC_H_ROOT && t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) { hook = NF_IP_PRE_ROUTING; } else { hook = NF_IP_POST_ROUTING; } } tail = NLMSG_TAIL(n); addattr_l(n, MAX_MSG, tca_id, NULL, 0); fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]); fprintf(stdout, "\ttarget: "); if (m) m->print(NULL, m->t, 0); fprintf(stdout, " index %d\n", index); if (strlen(tname) > 16) { size = 16; k[15] = 0; } else { size = 1 + strlen(tname); } strncpy(k, tname, size); addattr_l(n, MAX_MSG, TCA_IPT_TABLE, k, size); addattr_l(n, MAX_MSG, TCA_IPT_HOOK, &hook, 4); addattr_l(n, MAX_MSG, TCA_IPT_INDEX, &index, 4); if (m) addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size); tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; argc -= optind; argv += optind; *argc_p = rargc - iargc; *argv_p = argv; optind = 0; xtables_free_opts(1); if (m) { /* Clear flags if target will be used again */ m->tflags = 0; m->used = 0; /* Free allocated memory */ if (m->t) free(m->t); } return 0; } static int print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) { struct rtattr *tb[TCA_IPT_MAX + 1]; struct xt_entry_target *t = NULL; struct option *opts = NULL; if (arg == NULL) return -1; xtables_init_all(&tcipt_globals, NFPROTO_IPV4); set_lib_dir(); parse_rtattr_nested(tb, TCA_IPT_MAX, arg); if (tb[TCA_IPT_TABLE] == NULL) { fprintf(f, "[NULL ipt table name ] assuming mangle "); } else { fprintf(f, "tablename: %s ", rta_getattr_str(tb[TCA_IPT_TABLE])); } if (tb[TCA_IPT_HOOK] == NULL) { fprintf(f, "[NULL ipt hook name ]\n "); return -1; } else { __u32 hook; hook = rta_getattr_u32(tb[TCA_IPT_HOOK]); fprintf(f, " hook: %s \n", ipthooks[hook]); } if (tb[TCA_IPT_TARG] == NULL) { fprintf(f, "\t[NULL ipt target parameters ] \n"); return -1; } else { struct xtables_target *m = NULL; t = RTA_DATA(tb[TCA_IPT_TARG]); m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD); if (NULL != m) { if (0 > build_st(m, t)) { fprintf(stderr, " %s error \n", m->name); return -1; } #if (XTABLES_VERSION_CODE >= 6) opts = xtables_options_xfrm(tcipt_globals.orig_opts, tcipt_globals.opts, m->x6_options, &m->option_offset); #else opts = xtables_merge_options(tcipt_globals.orig_opts, tcipt_globals.opts, m->extra_opts, &m->option_offset); #endif if (opts == NULL) { fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg); return -1; } else tcipt_globals.opts = opts; } else { fprintf(stderr, " failed to find target %s\n\n", t->u.user.name); return -1; } fprintf(f, "\ttarget "); m->print(NULL, m->t, 0); if (tb[TCA_IPT_INDEX] == NULL) { fprintf(f, " [NULL ipt target index ]\n"); } else { __u32 index; index = rta_getattr_u32(tb[TCA_IPT_INDEX]); fprintf(f, " \n\tindex %d", index); } if (tb[TCA_IPT_CNT]) { struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);; fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt); } if (show_stats) { if (tb[TCA_IPT_TM]) { struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]); print_tm(f,tm); } } fprintf(f, " \n"); } xtables_free_opts(1); return 0; } struct action_util xt_action_util = { .id = "xt", .parse_aopt = parse_ipt, .print_aopt = print_ipt, };
int command_default(struct iptables_command_state *cs, struct xtables_globals *gl) { struct xtables_rule_match *matchp; struct xtables_match *m; if (cs->target != NULL && (cs->target->parse != NULL || cs->target->x6_parse != NULL) && cs->c >= cs->target->option_offset && cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) { xtables_option_tpcall(cs->c, cs->argv, cs->invert, cs->target, &cs->fw); return 0; } for (matchp = cs->matches; matchp; matchp = matchp->next) { m = matchp->match; if (matchp->completed || (m->x6_parse == NULL && m->parse == NULL)) continue; if (cs->c < matchp->match->option_offset || cs->c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE) continue; xtables_option_mpcall(cs->c, cs->argv, cs->invert, m, &cs->fw); return 0; } /* Try loading protocol */ m = load_proto(cs); if (m != NULL) { size_t size; cs->proto_used = 1; size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size; m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); m->m->u.user.revision = m->revision; xs_init_match(m); if (m->x6_options != NULL) gl->opts = xtables_options_xfrm(gl->orig_opts, gl->opts, m->x6_options, &m->option_offset); else gl->opts = xtables_merge_options(gl->orig_opts, gl->opts, m->extra_opts, &m->option_offset); if (gl->opts == NULL) xtables_error(OTHER_PROBLEM, "can't alloc memory!"); optind--; /* Indicate to rerun getopt *immediately* */ return 1; } if (cs->c == ':') xtables_error(PARAMETER_PROBLEM, "option \"%s\" " "requires an argument", cs->argv[optind-1]); if (cs->c == '?') xtables_error(PARAMETER_PROBLEM, "unknown option " "\"%s\"", cs->argv[optind-1]); xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg); return 0; }
static int print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) { struct rtattr *tb[TCA_IPT_MAX + 1]; struct xt_entry_target *t = NULL; if (arg == NULL) return -1; xtables_init_all(&tcipt_globals, NFPROTO_IPV4); set_lib_dir(); parse_rtattr_nested(tb, TCA_IPT_MAX, arg); if (tb[TCA_IPT_TABLE] == NULL) { fprintf(f, "[NULL ipt table name ] assuming mangle "); } else { fprintf(f, "tablename: %s ", rta_getattr_str(tb[TCA_IPT_TABLE])); } if (tb[TCA_IPT_HOOK] == NULL) { fprintf(f, "[NULL ipt hook name ]\n "); return -1; } else { __u32 hook; hook = rta_getattr_u32(tb[TCA_IPT_HOOK]); fprintf(f, " hook: %s \n", ipthooks[hook]); } if (tb[TCA_IPT_TARG] == NULL) { fprintf(f, "\t[NULL ipt target parameters ] \n"); return -1; } else { struct xtables_target *m = NULL; t = RTA_DATA(tb[TCA_IPT_TARG]); m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD); if (NULL != m) { if (0 > build_st(m, t)) { fprintf(stderr, " %s error \n", m->name); return -1; } tcipt_globals.opts = xtables_merge_options( #if (XTABLES_VERSION_CODE >= 6) tcipt_globals.orig_opts, #endif tcipt_globals.opts, m->extra_opts, &m->option_offset); } else { fprintf(stderr, " failed to find target %s\n\n", t->u.user.name); return -1; } fprintf(f, "\ttarget "); m->print(NULL, m->t, 0); if (tb[TCA_IPT_INDEX] == NULL) { fprintf(f, " [NULL ipt target index ]\n"); } else { __u32 index; index = rta_getattr_u32(tb[TCA_IPT_INDEX]); fprintf(f, " \n\tindex %d", index); } if (tb[TCA_IPT_CNT]) { struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);; fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt); } if (show_stats) { if (tb[TCA_IPT_TM]) { struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]); print_tm(f,tm); } } fprintf(f, " \n"); } xtables_free_opts(1); return 0; }
static int parse_ipt(struct action_util *a,int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) { struct xtables_target *m = NULL; struct ipt_entry fw; struct rtattr *tail; int c; int rargc = *argc_p; char **argv = *argv_p; int argc = 0, iargc = 0; char k[16]; int size = 0; int iok = 0, ok = 0; __u32 hook = 0, index = 0; xtables_init_all(&tcipt_globals, NFPROTO_IPV4); set_lib_dir(); { int i; for (i = 0; i < rargc; i++) { if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) { break; } } iargc = argc = i; } if (argc <= 2) { fprintf(stderr,"bad arguements to ipt %d vs %d \n", argc, rargc); return -1; } while (1) { c = getopt_long(argc, argv, "j:", tcipt_globals.opts, NULL); if (c == -1) break; switch (c) { case 'j': m = xtables_find_target(optarg, XTF_TRY_LOAD); if (NULL != m) { if (0 > build_st(m, NULL)) { printf(" %s error \n", m->name); return -1; } tcipt_globals.opts = xtables_merge_options( #if (XTABLES_VERSION_CODE >= 6) tcipt_globals.orig_opts, #endif tcipt_globals.opts, m->extra_opts, &m->option_offset); } else { fprintf(stderr," failed to find target %s\n\n", optarg); return -1; } ok++; break; default: memset(&fw, 0, sizeof (fw)); if (m) { m->parse(c - m->option_offset, argv, 0, &m->tflags, NULL, &m->t); } else { fprintf(stderr," failed to find target %s\n\n", optarg); return -1; } ok++; break; } } if (iargc > optind) { if (matches(argv[optind], "index") == 0) { if (get_u32(&index, argv[optind + 1], 10)) { fprintf(stderr, "Illegal \"index\"\n"); xtables_free_opts(1); return -1; } iok++; optind += 2; } } if (!ok && !iok) { fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv); return -1; } if (m && m->final_check) m->final_check(m->tflags); { struct tcmsg *t = NLMSG_DATA(n); if (t->tcm_parent != TC_H_ROOT && t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) { hook = NF_IP_PRE_ROUTING; } else { hook = NF_IP_POST_ROUTING; } } tail = NLMSG_TAIL(n); addattr_l(n, MAX_MSG, tca_id, NULL, 0); fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]); fprintf(stdout, "\ttarget: "); if (m) m->print(NULL, m->t, 0); fprintf(stdout, " index %d\n", index); if (strlen(tname) > 16) { size = 16; k[15] = 0; } else { size = 1 + strlen(tname); } strncpy(k, tname, size); addattr_l(n, MAX_MSG, TCA_IPT_TABLE, k, size); addattr_l(n, MAX_MSG, TCA_IPT_HOOK, &hook, 4); addattr_l(n, MAX_MSG, TCA_IPT_INDEX, &index, 4); if (m) addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size); tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; argc -= optind; argv += optind; *argc_p = rargc - iargc; *argv_p = argv; optind = 0; xtables_free_opts(1); if (m) { m->tflags = 0; m->used = 0; if (m->t) free(m->t); } return 0; }