static struct in6_addr *
ip6parse_hostnetwork(const char *name, unsigned int *naddrs)
{
struct in6_addr *addrp, *addrptmp;
if ((addrptmp = xtables_numeric_to_ip6addr(name)) != NULL ||
(addrptmp = network_to_ip6addr(name)) != NULL) {
addrp = xtables_malloc(sizeof(struct in6_addr));
memcpy(addrp, addrptmp, sizeof(*addrp));
*naddrs = 1;
return addrp;
}
if ((addrp = host_to_ip6addr(name, naddrs)) != NULL)
return addrp;
xt_params->exit_err(PARAMETER_PROBLEM, "host/network `%s' not found", name);
}
static struct in_addr *parse_hostnetwork(const char *name,
unsigned int *naddrs)
{
struct in_addr *addrp, *addrptmp;
if ((addrptmp = dotted_to_addr(name)) != NULL ||
(addrptmp = network_to_addr(name)) != NULL) {
addrp = xtables_malloc(sizeof(struct in_addr));
inaddrcpy(addrp, addrptmp);
*naddrs = 1;
return addrp;
}
if ((addrp = host_to_addr(name, naddrs)) != NULL)
return addrp;
xtables_error(PARAMETER_PROBLEM, "host/network `%s' not found", name);
}
struct ipt_entry *
py_ipt_entry_generate (PyObject *obj)
{
PyIPTEntryObject *self;
struct ipt_entry *entry;
PyIPTMatchObject *match;
unsigned int size;
int i;
self = (PyIPTEntryObject *) obj;
size = sizeof(struct ipt_entry);
for (i = 0; i < PySequence_Length (self->matches); ++i) {
match = (PyIPTMatchObject *) PySequence_GetItem (self->matches, i);
size += match->match->match->m->u.match_size;
}
entry = xtables_malloc(size + self->target->target->t->u.target_size);
memset(entry, 0, size + self->target->target->t->u.target_size);
*entry = self->entry;
entry->ip.invflags = 0;
entry->ip.src = *self->source;
entry->ip.dst = *self->destination;
/* FIXME: make this an argument to __init__ */
entry->ip.proto = IPPROTO_TCP;
entry->target_offset = size;
entry->next_offset = size + self->target->target->t->u.target_size;
size = 0;
for (i = 0; i < PySequence_Length (self->matches); ++i) {
match = (PyIPTMatchObject *) PySequence_GetItem (self->matches, i);
memcpy (entry->elems + size, match->match->match->m,
match->match->match->m->u.match_size);
size += match->match->match->m->u.match_size;
}
memcpy(entry->elems + size, self->target->target->t,
self->target->target->t->u.target_size);
return entry;
}
struct xtables_match *
xtables_find_match(const char *name, enum xtables_tryload tryload,
struct xtables_rule_match **matches)
{
struct xtables_match **dptr;
struct xtables_match *ptr;
const char *icmp6 = "icmp6";
if (strlen(name) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
"Invalid match name \"%s\" (%u chars max)",
name, XT_EXTENSION_MAXNAMELEN - 1);
/* This is ugly as hell. Nonetheless, there is no way of changing
* this without hurting backwards compatibility */
if ( (strcmp(name,"icmpv6") == 0) ||
(strcmp(name,"ipv6-icmp") == 0) ||
(strcmp(name,"icmp6") == 0) )
name = icmp6;
/* Trigger delayed initialization */
for (dptr = &xtables_pending_matches; *dptr; ) {
if (strcmp(name, (*dptr)->name) == 0) {
ptr = *dptr;
*dptr = (*dptr)->next;
ptr->next = NULL;
xtables_fully_register_pending_match(ptr);
} else {
dptr = &((*dptr)->next);
}
}
for (ptr = xtables_matches; ptr; ptr = ptr->next) {
if (strcmp(name, ptr->name) == 0) {
struct xtables_match *clone;
/* First match of this type: */
if (ptr->m == NULL)
break;
/* Second and subsequent clones */
clone = xtables_malloc(sizeof(struct xtables_match));
memcpy(clone, ptr, sizeof(struct xtables_match));
clone->udata = NULL;
clone->mflags = 0;
/* This is a clone: */
clone->next = clone;
ptr = clone;
break;
}
}
#ifndef NO_SHARED_LIBS
if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
ptr = load_extension(xtables_libdir, afinfo->libprefix,
name, false);
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
xt_params->exit_err(PARAMETER_PROBLEM,
"Couldn't load match `%s':%s\n",
name, strerror(errno));
}
#else
if (ptr && !ptr->loaded) {
if (tryload != XTF_DONT_LOAD)
ptr->loaded = 1;
else
ptr = NULL;
}
if(!ptr && (tryload == XTF_LOAD_MUST_SUCCEED)) {
xt_params->exit_err(PARAMETER_PROBLEM,
"Couldn't find match `%s'\n", name);
}
#endif
if (ptr && matches) {
struct xtables_rule_match **i;
struct xtables_rule_match *newentry;
newentry = xtables_malloc(sizeof(struct xtables_rule_match));
for (i = matches; *i; i = &(*i)->next) {
if (strcmp(name, (*i)->match->name) == 0)
(*i)->completed = true;
}
newentry->match = ptr;
newentry->completed = false;
newentry->next = NULL;
*i = newentry;
}
return ptr;
}
void
xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
struct in6_addr **maskpp, unsigned int *naddrs)
{
static const struct in6_addr zero_addr;
struct in6_addr *addrp;
char buf[256], *p, *next;
unsigned int len, i, j, n, count = 1;
const char *loop = name;
while ((loop = strchr(loop, ',')) != NULL) {
++count;
++loop; /* skip ',' */
}
*addrpp = xtables_malloc(sizeof(struct in6_addr) * count);
*maskpp = xtables_malloc(sizeof(struct in6_addr) * count);
loop = name;
for (i = 0; i < count /*NB: count can grow*/; ++i) {
while (isspace(*loop))
++loop;
next = strchr(loop, ',');
if (next != NULL)
len = next - loop;
else
len = strlen(loop);
if (len > sizeof(buf) - 1)
xt_params->exit_err(PARAMETER_PROBLEM,
"Hostname too long");
strncpy(buf, loop, len);
buf[len] = '\0';
if ((p = strrchr(buf, '/')) != NULL) {
*p = '\0';
addrp = parse_ip6mask(p + 1);
} else {
addrp = parse_ip6mask(NULL);
}
memcpy(*maskpp + i, addrp, sizeof(*addrp));
/* if a null mask is given, the name is ignored, like in "any/0" */
if (memcmp(*maskpp + i, &zero_addr, sizeof(zero_addr)) == 0)
strcpy(buf, "::");
addrp = ip6parse_hostnetwork(buf, &n);
if (n > 1) {
count += n - 1;
*addrpp = xtables_realloc(*addrpp,
sizeof(struct in6_addr) * count);
*maskpp = xtables_realloc(*maskpp,
sizeof(struct in6_addr) * count);
for (j = 0; j < n; ++j)
/* for each new addr */
memcpy(*addrpp + i + j, addrp + j,
sizeof(*addrp));
for (j = 1; j < n; ++j)
/* for each new mask */
memcpy(*maskpp + i + j, *maskpp + i,
sizeof(*addrp));
i += n - 1;
} else {
memcpy(*addrpp + i, addrp, sizeof(*addrp));
}
/* free what ip6parse_hostnetwork had allocated: */
free(addrp);
if (next == NULL)
break;
loop = next + 1;
}
*naddrs = count;
for (i = 0; i < count; ++i)
for (j = 0; j < 4; ++j)
(*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j];
}
