static struct in6_addr * ip6parse_hostnetwork(const char *name, unsigned int *naddrs) { struct in6_addr *addrp, *addrptmp; if ((addrptmp = xtables_numeric_to_ip6addr(name)) != NULL || (addrptmp = network_to_ip6addr(name)) != NULL) { addrp = xtables_malloc(sizeof(struct in6_addr)); memcpy(addrp, addrptmp, sizeof(*addrp)); *naddrs = 1; return addrp; } if ((addrp = host_to_ip6addr(name, naddrs)) != NULL) return addrp; xt_params->exit_err(PARAMETER_PROBLEM, "host/network `%s' not found", name); }
static struct in_addr *parse_hostnetwork(const char *name, unsigned int *naddrs) { struct in_addr *addrp, *addrptmp; if ((addrptmp = dotted_to_addr(name)) != NULL || (addrptmp = network_to_addr(name)) != NULL) { addrp = xtables_malloc(sizeof(struct in_addr)); inaddrcpy(addrp, addrptmp); *naddrs = 1; return addrp; } if ((addrp = host_to_addr(name, naddrs)) != NULL) return addrp; xtables_error(PARAMETER_PROBLEM, "host/network `%s' not found", name); }
struct ipt_entry * py_ipt_entry_generate (PyObject *obj) { PyIPTEntryObject *self; struct ipt_entry *entry; PyIPTMatchObject *match; unsigned int size; int i; self = (PyIPTEntryObject *) obj; size = sizeof(struct ipt_entry); for (i = 0; i < PySequence_Length (self->matches); ++i) { match = (PyIPTMatchObject *) PySequence_GetItem (self->matches, i); size += match->match->match->m->u.match_size; } entry = xtables_malloc(size + self->target->target->t->u.target_size); memset(entry, 0, size + self->target->target->t->u.target_size); *entry = self->entry; entry->ip.invflags = 0; entry->ip.src = *self->source; entry->ip.dst = *self->destination; /* FIXME: make this an argument to __init__ */ entry->ip.proto = IPPROTO_TCP; entry->target_offset = size; entry->next_offset = size + self->target->target->t->u.target_size; size = 0; for (i = 0; i < PySequence_Length (self->matches); ++i) { match = (PyIPTMatchObject *) PySequence_GetItem (self->matches, i); memcpy (entry->elems + size, match->match->match->m, match->match->match->m->u.match_size); size += match->match->match->m->u.match_size; } memcpy(entry->elems + size, self->target->target->t, self->target->target->t->u.target_size); return entry; }
struct xtables_match * xtables_find_match(const char *name, enum xtables_tryload tryload, struct xtables_rule_match **matches) { struct xtables_match **dptr; struct xtables_match *ptr; const char *icmp6 = "icmp6"; if (strlen(name) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, "Invalid match name \"%s\" (%u chars max)", name, XT_EXTENSION_MAXNAMELEN - 1); /* This is ugly as hell. Nonetheless, there is no way of changing * this without hurting backwards compatibility */ if ( (strcmp(name,"icmpv6") == 0) || (strcmp(name,"ipv6-icmp") == 0) || (strcmp(name,"icmp6") == 0) ) name = icmp6; /* Trigger delayed initialization */ for (dptr = &xtables_pending_matches; *dptr; ) { if (strcmp(name, (*dptr)->name) == 0) { ptr = *dptr; *dptr = (*dptr)->next; ptr->next = NULL; xtables_fully_register_pending_match(ptr); } else { dptr = &((*dptr)->next); } } for (ptr = xtables_matches; ptr; ptr = ptr->next) { if (strcmp(name, ptr->name) == 0) { struct xtables_match *clone; /* First match of this type: */ if (ptr->m == NULL) break; /* Second and subsequent clones */ clone = xtables_malloc(sizeof(struct xtables_match)); memcpy(clone, ptr, sizeof(struct xtables_match)); clone->udata = NULL; clone->mflags = 0; /* This is a clone: */ clone->next = clone; ptr = clone; break; } } #ifndef NO_SHARED_LIBS if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) { ptr = load_extension(xtables_libdir, afinfo->libprefix, name, false); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) xt_params->exit_err(PARAMETER_PROBLEM, "Couldn't load match `%s':%s\n", name, strerror(errno)); } #else if (ptr && !ptr->loaded) { if (tryload != XTF_DONT_LOAD) ptr->loaded = 1; else ptr = NULL; } if(!ptr && (tryload == XTF_LOAD_MUST_SUCCEED)) { xt_params->exit_err(PARAMETER_PROBLEM, "Couldn't find match `%s'\n", name); } #endif if (ptr && matches) { struct xtables_rule_match **i; struct xtables_rule_match *newentry; newentry = xtables_malloc(sizeof(struct xtables_rule_match)); for (i = matches; *i; i = &(*i)->next) { if (strcmp(name, (*i)->match->name) == 0) (*i)->completed = true; } newentry->match = ptr; newentry->completed = false; newentry->next = NULL; *i = newentry; } return ptr; }
void xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, struct in6_addr **maskpp, unsigned int *naddrs) { static const struct in6_addr zero_addr; struct in6_addr *addrp; char buf[256], *p, *next; unsigned int len, i, j, n, count = 1; const char *loop = name; while ((loop = strchr(loop, ',')) != NULL) { ++count; ++loop; /* skip ',' */ } *addrpp = xtables_malloc(sizeof(struct in6_addr) * count); *maskpp = xtables_malloc(sizeof(struct in6_addr) * count); loop = name; for (i = 0; i < count /*NB: count can grow*/; ++i) { while (isspace(*loop)) ++loop; next = strchr(loop, ','); if (next != NULL) len = next - loop; else len = strlen(loop); if (len > sizeof(buf) - 1) xt_params->exit_err(PARAMETER_PROBLEM, "Hostname too long"); strncpy(buf, loop, len); buf[len] = '\0'; if ((p = strrchr(buf, '/')) != NULL) { *p = '\0'; addrp = parse_ip6mask(p + 1); } else { addrp = parse_ip6mask(NULL); } memcpy(*maskpp + i, addrp, sizeof(*addrp)); /* if a null mask is given, the name is ignored, like in "any/0" */ if (memcmp(*maskpp + i, &zero_addr, sizeof(zero_addr)) == 0) strcpy(buf, "::"); addrp = ip6parse_hostnetwork(buf, &n); if (n > 1) { count += n - 1; *addrpp = xtables_realloc(*addrpp, sizeof(struct in6_addr) * count); *maskpp = xtables_realloc(*maskpp, sizeof(struct in6_addr) * count); for (j = 0; j < n; ++j) /* for each new addr */ memcpy(*addrpp + i + j, addrp + j, sizeof(*addrp)); for (j = 1; j < n; ++j) /* for each new mask */ memcpy(*maskpp + i + j, *maskpp + i, sizeof(*addrp)); i += n - 1; } else { memcpy(*addrpp + i, addrp, sizeof(*addrp)); } /* free what ip6parse_hostnetwork had allocated: */ free(addrp); if (next == NULL) break; loop = next + 1; } *naddrs = count; for (i = 0; i < count; ++i) for (j = 0; j < 4; ++j) (*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j]; }