static int
iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_iprange_mtinfo *info = (void *)(*match)->data;
const struct in6_addr *ia;
char *end;
switch (c) {
case '1': /* --src-range */
end = strchr(optarg, '-');
if (end == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
*end = '\0';
ia = xtables_numeric_to_ip6addr(optarg);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
memcpy(&info->src_min.in, ia, sizeof(*ia));
ia = xtables_numeric_to_ip6addr(end+1);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
memcpy(&info->src_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_SRC;
if (invert)
info->flags |= IPRANGE_SRC_INV;
*flags |= F_SRCIP;
return true;
case '2': /* --dst-range */
end = strchr(optarg, '-');
if (end == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
*end = '\0';
ia = xtables_numeric_to_ip6addr(optarg);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
memcpy(&info->dst_min.in, ia, sizeof(*ia));
ia = xtables_numeric_to_ip6addr(end + 1);
if (ia == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
memcpy(&info->dst_max.in, ia, sizeof(*ia));
info->flags |= IPRANGE_DST;
if (invert)
info->flags |= IPRANGE_DST_INV;
*flags |= F_DSTIP;
return true;
}
return false;
}
static struct in6_addr *parse_ip6mask(char *mask)
{
static struct in6_addr maskaddr;
struct in6_addr *addrp;
unsigned int bits;
if (mask == NULL) {
/* no mask at all defaults to 128 bits */
memset(&maskaddr, 0xff, sizeof maskaddr);
return &maskaddr;
}
if ((addrp = xtables_numeric_to_ip6addr(mask)) != NULL)
return addrp;
if (!xtables_strtoui(mask, NULL, &bits, 0, 128))
xt_params->exit_err(PARAMETER_PROBLEM,
"invalid mask `%s' specified", mask);
if (bits != 0) {
char *p = (void *)&maskaddr;
memset(p, 0xff, bits / 8);
memset(p + (bits / 8) + 1, 0, (128 - bits) / 8);
p[bits/8] = 0xff << (8 - (bits & 7));
return &maskaddr;
}
memset(&maskaddr, 0, sizeof(maskaddr));
return &maskaddr;
}
static void
iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range,
uint8_t family, const char *optname)
{
const char *spec[2] = {from, to};
struct in6_addr *ia6;
struct in_addr *ia4;
unsigned int i;
memset(range, 0, sizeof(union nf_inet_addr) * 2);
if (family == NFPROTO_IPV6) {
for (i = 0; i < ARRAY_SIZE(spec); ++i) {
ia6 = xtables_numeric_to_ip6addr(spec[i]);
if (ia6 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
optname, spec[i]);
range[i].in6 = *ia6;
}
} else {
for (i = 0; i < ARRAY_SIZE(spec); ++i) {
ia4 = xtables_numeric_to_ipaddr(spec[i]);
if (ia4 == NULL)
xtables_param_act(XTF_BAD_VALUE, "iprange",
optname, spec[i]);
range[i].in = *ia4;
}
}
}
static struct in6_addr *
ip6parse_hostnetwork(const char *name, unsigned int *naddrs)
{
struct in6_addr *addrp, *addrptmp;
if ((addrptmp = xtables_numeric_to_ip6addr(name)) != NULL ||
(addrptmp = network_to_ip6addr(name)) != NULL) {
addrp = xtables_malloc(sizeof(struct in6_addr));
memcpy(addrp, addrptmp, sizeof(*addrp));
*naddrs = 1;
return addrp;
}
if ((addrp = host_to_ip6addr(name, naddrs)) != NULL)
return addrp;
xt_params->exit_err(PARAMETER_PROBLEM, "host/network `%s' not found", name);
}
static void parse_tproxy_laddr(const char *s, union nf_inet_addr *addrp,
unsigned int nfproto)
{
struct in6_addr *laddr6 = NULL;
struct in_addr *laddr4 = NULL;
if (nfproto == NFPROTO_IPV6) {
laddr6 = xtables_numeric_to_ip6addr(s);
if (laddr6 == NULL)
goto out;
addrp->in6 = *laddr6;
} else if (nfproto == NFPROTO_IPV4) {
laddr4 = xtables_numeric_to_ipaddr(s);
if (laddr4 == NULL)
goto out;
addrp->in = *laddr4;
}
return;
out:
xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s);
}
/* Ranges expected in network order. */
static void
parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
{
char *arg, *start, *end = NULL, *colon = NULL, *dash, *error;
const struct in6_addr *ip;
arg = strdup(orig_arg);
if (arg == NULL)
xtables_error(RESOURCE_PROBLEM, "strdup");
start = strchr(arg, '[');
if (start == NULL)
start = arg;
else {
start++;
end = strchr(start, ']');
if (end == NULL)
xtables_error(PARAMETER_PROBLEM,
"Invalid address format");
*end = '\0';
colon = strchr(end + 1, ':');
}
if (colon) {
int port;
if (!portok)
xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
if (port <= 0 || port > 65535)
xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", colon+1);
error = strchr(colon+1, ':');
if (error)
xtables_error(PARAMETER_PROBLEM,
"Invalid port:port syntax - use dash\n");
dash = strchr(colon, '-');
if (!dash) {
range->min_proto.tcp.port
= range->max_proto.tcp.port
= htons(port);
} else {
int maxport;
maxport = atoi(dash + 1);
if (maxport <= 0 || maxport > 65535)
xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
/* People are stupid. */
xtables_error(PARAMETER_PROBLEM,
"Port range `%s' funky\n", colon+1);
range->min_proto.tcp.port = htons(port);
range->max_proto.tcp.port = htons(maxport);
}
/* Starts with a colon? No IP info...*/
if (colon == arg) {
free(arg);
return;
}
*colon = '\0';
}
range->flags |= NF_NAT_RANGE_MAP_IPS;
dash = strchr(start, '-');
if (colon && dash && dash > colon)
dash = NULL;
if (dash)
*dash = '\0';
ip = xtables_numeric_to_ip6addr(start);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
start);
range->min_addr.in6 = *ip;
if (dash) {
ip = xtables_numeric_to_ip6addr(dash + 1);
if (!ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
dash+1);
range->max_addr.in6 = *ip;
} else
range->max_addr = range->min_addr;
free(arg);
return;
}
