static void state_ct23_parse(struct xt_option_call *cb) { struct xt_conntrack_mtinfo3 *sinfo = cb->data; xtables_option_parse(cb); sinfo->match_flags = XT_CONNTRACK_STATE; sinfo->state_mask = state_parse_states(cb->arg); if (cb->invert) sinfo->invert_flags |= XT_CONNTRACK_STATE; }
static void ah_parse(struct xt_option_call *cb) { struct ipt_ah *ahinfo = cb->data; xtables_option_parse(cb); if (cb->nvals == 1) ahinfo->spis[1] = ahinfo->spis[0]; if (cb->invert) ahinfo->invflags |= IPT_AH_INV_SPI; }
static void connmark_mt_parse(struct xt_option_call *cb) { struct xt_connmark_mtinfo1 *info = cb->data; xtables_option_parse(cb); if (cb->invert) info->invert = true; info->mark = cb->val.mark; info->mask = cb->val.mask; }
static void connmark_parse(struct xt_option_call *cb) { struct xt_connmark_info *markinfo = cb->data; xtables_option_parse(cb); markinfo->mark = cb->val.mark; markinfo->mask = cb->val.mask; if (cb->invert) markinfo->invert = 1; }
static void NETMAP_parse(struct xt_option_call *cb) { struct nf_nat_ipv4_multi_range_compat *mr = cb->data; struct nf_nat_ipv4_range *range = &mr->range[0]; xtables_option_parse(cb); range->flags |= NF_NAT_RANGE_MAP_IPS; range->min_ip = cb->val.haddr.ip & cb->val.hmask.ip; range->max_ip = range->min_ip | ~cb->val.hmask.ip; }
static void DSCP_parse(struct xt_option_call *cb) { struct xt_DSCP_info *dinfo = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_SET_DSCP_CLASS: dinfo->dscp = class_to_dscp(cb->arg); break; } }
static void bpf_parse(struct xt_option_call *cb) { xtables_option_parse(cb); switch (cb->entry->id) { case O_BCODE_STDIN: bpf_parse_string(cb, cb->arg, ','); break; default: xtables_error(PARAMETER_PROBLEM, "bpf: unknown option"); } }
static void length_parse(struct xt_option_call *cb) { struct xt_length_info *info = cb->data; xtables_option_parse(cb); info->min = cb->val.u16_range[0]; info->max = cb->val.u16_range[0]; if (cb->nvals >= 2) info->max = cb->val.u16_range[1]; if (cb->invert) info->invert = 1; }
static void ratelimit_parse(struct xt_option_call *cb) { struct xt_ratelimit_mtinfo *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_MODE: if (parse_mode(&info->mode, cb->arg) < 0) xtables_param_act(XTF_BAD_VALUE, "ratelimit", "--ratelimit-mode", cb->arg); break; } }
static void audit_parse(struct xt_option_call *cb) { struct xt_audit_info *einfo = cb->data; xtables_option_parse(cb); if (strcasecmp(cb->arg, "accept") == 0) einfo->type = XT_AUDIT_TYPE_ACCEPT; else if (strcasecmp(cb->arg, "drop") == 0) einfo->type = XT_AUDIT_TYPE_DROP; else if (strcasecmp(cb->arg, "reject") == 0) einfo->type = XT_AUDIT_TYPE_REJECT; else xtables_error(PARAMETER_PROBLEM, "Bad action type value \"%s\"", cb->arg); }
static void udp_parse(struct xt_option_call *cb) { struct xt_udp *udpinfo = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_SOURCE_PORT: if (cb->invert) udpinfo->invflags |= XT_UDP_INV_SRCPT; break; case O_DEST_PORT: if (cb->invert) udpinfo->invflags |= XT_UDP_INV_DSTPT; break; } }
static void hbh_parse(struct xt_option_call *cb) { struct ip6t_opts *optinfo = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_HBH_LEN: if (cb->invert) optinfo->invflags |= IP6T_OPTS_INV_LEN; break; case O_HBH_OPTS: optinfo->optsnr = parse_options(cb->arg, optinfo->opts); optinfo->flags |= IP6T_OPTS_OPTS; break; } }
static void DNPT_parse(struct xt_option_call *cb) { struct ip6t_npt_tginfo *npt = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_SRC_PFX: npt->src_pfx = cb->val.haddr; npt->src_pfx_len = cb->val.hlen; break; case O_DST_PFX: npt->dst_pfx = cb->val.haddr; npt->dst_pfx_len = cb->val.hlen; break; } }
static void limit_parse(struct xt_option_call *cb) { struct xt_rateinfo *r = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_LIMIT: if (!parse_rate(cb->arg, &r->avg)) xtables_error(PARAMETER_PROBLEM, "bad rate \"%s\"'", cb->arg); break; } if (cb->invert) xtables_error(PARAMETER_PROBLEM, "limit does not support invert"); }
static void ipv6header_parse(struct xt_option_call *cb) { struct ip6t_ipv6header_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_HEADER: if (!(info->matchflags = parse_header(cb->arg))) xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names"); if (cb->invert) info->invflags |= 0xFF; break; case O_SOFT: info->modeflag |= 0xFF; break; } }
static void ENCRYPT_parse(struct xt_option_call *cb) { struct xt_encrypt_info *encrypt = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_ENCRYPT_DECRYPT: encrypt->decrypt = 1; break; case O_ENCRYPT_ALGORITHM: strcpy(encrypt->alg_name, cb->arg); break; case O_ENCRYPT_PASSPHRASE: strcpy(encrypt->passphrase, cb->arg); break; } }
static void rt_parse(struct xt_option_call *cb) { struct ip6t_rt *rtinfo = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_RT_TYPE: if (cb->invert) rtinfo->invflags |= IP6T_RT_INV_TYP; rtinfo->flags |= IP6T_RT_TYP; break; case O_RT_SEGSLEFT: if (cb->nvals == 1) rtinfo->segsleft[1] = rtinfo->segsleft[0]; if (cb->invert) rtinfo->invflags |= IP6T_RT_INV_SGS; rtinfo->flags |= IP6T_RT_SGS; break; case O_RT_LEN: if (cb->invert) rtinfo->invflags |= IP6T_RT_INV_LEN; rtinfo->flags |= IP6T_RT_LEN; break; case O_RT0RES: if (!(cb->xflags & F_RT_TYPE) || rtinfo->rt_type != 0 || rtinfo->invflags & IP6T_RT_INV_TYP) xtables_error(PARAMETER_PROBLEM, "`--rt-type 0' required before `--rt-0-res'"); rtinfo->flags |= IP6T_RT_RES; break; case O_RT0ADDRS: if (!(cb->xflags & F_RT_TYPE) || rtinfo->rt_type != 0 || rtinfo->invflags & IP6T_RT_INV_TYP) xtables_error(PARAMETER_PROBLEM, "`--rt-type 0' required before `--rt-0-addrs'"); rtinfo->addrnr = parse_addresses(cb->arg, rtinfo->addrs); rtinfo->flags |= IP6T_RT_FST; break; case O_RT0NSTRICT: if (!(cb->xflags & F_RT0ADDRS)) xtables_error(PARAMETER_PROBLEM, "`--rt-0-addr ...' required before `--rt-0-not-strict'"); rtinfo->flags |= IP6T_RT_FST_NSTRICT; break; } }
static void HL_parse(struct xt_option_call *cb) { struct ip6t_HL_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_HL_SET: info->mode = IP6T_HL_SET; break; case O_HL_INC: info->mode = IP6T_HL_INC; break; case O_HL_DEC: info->mode = IP6T_HL_DEC; break; } }
static void ct_parse(struct xt_option_call *cb) { struct xt_ct_target_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_NOTRACK: info->flags |= XT_CT_NOTRACK; break; case O_CTEVENTS: info->ct_events = ct_parse_events(ct_event_tbl, ARRAY_SIZE(ct_event_tbl), cb->arg); break; case O_EXPEVENTS: info->exp_events = ct_parse_events(exp_event_tbl, ARRAY_SIZE(exp_event_tbl), cb->arg); break; } }
static void owner_mt_parse_v0(struct xt_option_call *cb) { struct ipt_owner_info *info = cb->data; struct passwd *pwd; struct group *grp; unsigned int id; xtables_option_parse(cb); switch (cb->entry->id) { case O_USER: if ((pwd = getpwnam(cb->arg)) != NULL) id = pwd->pw_uid; else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg); if (cb->invert) info->invert |= IPT_OWNER_UID; info->match |= IPT_OWNER_UID; info->uid = id; break; case O_GROUP: if ((grp = getgrnam(cb->arg)) != NULL) id = grp->gr_gid; else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg); if (cb->invert) info->invert |= IPT_OWNER_GID; info->match |= IPT_OWNER_GID; info->gid = id; break; case O_PROCESS: if (cb->invert) info->invert |= IPT_OWNER_PID; info->match |= IPT_OWNER_PID; break; case O_SESSION: if (cb->invert) info->invert |= IPT_OWNER_SID; info->match |= IPT_OWNER_SID; break; case O_COMM: if (cb->invert) info->invert |= IPT_OWNER_COMM; info->match |= IPT_OWNER_COMM; break; } }
static void ttl_parse(struct xt_option_call *cb) { struct ipt_ttl_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_TTL_EQ: info->mode = cb->invert ? IPT_TTL_NE : IPT_TTL_EQ; break; case O_TTL_LT: info->mode = IPT_TTL_LT; break; case O_TTL_GT: info->mode = IPT_TTL_GT; break; } }
static void addrtype_parse_v0(struct xt_option_call *cb) { struct ipt_addrtype_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_SRC_TYPE: parse_types(cb->arg, &info->source); if (cb->invert) info->invert_source = 1; break; case O_DST_TYPE: parse_types(cb->arg, &info->dest); if (cb->invert) info->invert_dest = 1; break; } }
static void cgroup_parse_v1(struct xt_option_call *cb) { struct xt_cgroup_info_v1 *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_PATH: info->has_path = true; if (cb->invert) info->invert_path = true; break; case O_CLASSID: info->has_classid = true; if (cb->invert) info->invert_classid = true; break; } }
static void NFQUEUE_parse_v1(struct xt_option_call *cb) { struct xt_NFQ_info_v1 *info = cb->data; const uint16_t *r = cb->val.u16_range; xtables_option_parse(cb); switch (cb->entry->id) { case O_QUEUE_BALANCE: if (cb->nvals != 2) xtables_error(PARAMETER_PROBLEM, "Bad range \"%s\"", cb->arg); if (r[0] >= r[1]) xtables_error(PARAMETER_PROBLEM, "%u should be less than %u", r[0], r[1]); info->queuenum = r[0]; info->queues_total = r[1] - r[0] + 1; break; } }
static void osf_parse(struct xt_option_call *cb) { struct xt_osf_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_GENRE: if (cb->invert) info->flags |= XT_OSF_INVERT; info->len = strlen(info->genre); break; case O_TTL: info->flags |= XT_OSF_TTL; break; case O_LOGLEVEL: info->flags |= XT_OSF_LOG; break; } }
static void connmark_tg_parse(struct xt_option_call *cb) { struct xt_connmark_tginfo1 *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_SET_XMARK: info->mode = XT_CONNMARK_SET; info->ctmark = cb->val.mark; info->ctmask = cb->val.mask; break; case O_SET_MARK: info->mode = XT_CONNMARK_SET; info->ctmark = cb->val.mark; info->ctmask = cb->val.mark | cb->val.mask; break; case O_AND_MARK: info->mode = XT_CONNMARK_SET; info->ctmark = 0; info->ctmask = ~cb->val.u32; break; case O_OR_MARK: info->mode = XT_CONNMARK_SET; info->ctmark = cb->val.u32; info->ctmask = cb->val.u32; break; case O_XOR_MARK: info->mode = XT_CONNMARK_SET; info->ctmark = cb->val.u32; info->ctmask = 0; break; case O_SAVE_MARK: info->mode = XT_CONNMARK_SAVE; break; case O_RESTORE_MARK: info->mode = XT_CONNMARK_RESTORE; break; case O_MASK: info->nfmask = info->ctmask = cb->val.u32; break; } }
static void time_parse(struct xt_option_call *cb) { struct xt_time_info *info = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_DATE_START: info->date_start = time_parse_date(cb->arg, false); break; case O_DATE_STOP: info->date_stop = time_parse_date(cb->arg, true); break; case O_TIME_START: info->daytime_start = time_parse_minutes(cb->arg); break; case O_TIME_STOP: info->daytime_stop = time_parse_minutes(cb->arg); break; case O_TIME_CONTIGUOUS: info->flags |= XT_TIME_CONTIGUOUS; break; case O_LOCAL_TZ: fprintf(stderr, "WARNING: --localtz is being replaced by " "--kerneltz, since \"local\" is ambiguous. Note the " "kernel timezone has caveats - " "see manpage for details.\n"); /* fallthrough */ case O_KERNEL_TZ: info->flags |= XT_TIME_LOCAL_TZ; break; case O_MONTHDAYS: info->monthdays_match = time_parse_monthdays(cb->arg); if (cb->invert) info->monthdays_match ^= XT_TIME_ALL_MONTHDAYS; break; case O_WEEKDAYS: info->weekdays_match = time_parse_weekdays(cb->arg); if (cb->invert) info->weekdays_match ^= XT_TIME_ALL_WEEKDAYS; break; } }
static void SAME_parse(struct xt_option_call *cb) { struct ipt_same_info *mr = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_TO_ADDR: if (mr->rangesize == IPT_SAME_MAX_RANGE) xtables_error(PARAMETER_PROBLEM, "Too many ranges specified, maximum " "is %i ranges.\n", IPT_SAME_MAX_RANGE); parse_to(cb->arg, &mr->range[mr->rangesize]); mr->rangesize++; break; case O_NODST: mr->info |= IPT_SAME_NODST; break; } }
static void rpfilter_parse(struct xt_option_call *cb) { struct xt_rpfilter_info *rpfinfo = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_RPF_LOOSE: rpfinfo->flags |= XT_RPFILTER_LOOSE; break; case O_RPF_VMARK: rpfinfo->flags |= XT_RPFILTER_VALID_MARK; break; case O_RPF_ACCEPT_LOCAL: rpfinfo->flags |= XT_RPFILTER_ACCEPT_LOCAL; break; case O_RPF_INVERT: rpfinfo->flags |= XT_RPFILTER_INVERT; break; } }
static void ipvs_mt_parse(struct xt_option_call *cb) { struct xt_ipvs_mtinfo *data = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_VPROTO: data->l4proto = cb->val.protocol; break; case O_VADDR: memcpy(&data->vaddr, &cb->val.haddr, sizeof(cb->val.haddr)); memcpy(&data->vmask, &cb->val.hmask, sizeof(cb->val.hmask)); break; case O_VDIR: if (strcasecmp(cb->arg, "ORIGINAL") == 0) { data->bitmask |= XT_IPVS_DIR; data->invert &= ~XT_IPVS_DIR; } else if (strcasecmp(cb->arg, "REPLY") == 0) { data->bitmask |= XT_IPVS_DIR; data->invert |= XT_IPVS_DIR; } else { xtables_param_act(XTF_BAD_VALUE, "ipvs", "--vdir", cb->arg); } break; case O_VMETHOD: if (strcasecmp(cb->arg, "GATE") == 0) data->fwd_method = IP_VS_CONN_F_DROUTE; else if (strcasecmp(cb->arg, "IPIP") == 0) data->fwd_method = IP_VS_CONN_F_TUNNEL; else if (strcasecmp(cb->arg, "MASQ") == 0) data->fwd_method = IP_VS_CONN_F_MASQ; else xtables_param_act(XTF_BAD_VALUE, "ipvs", "--vmethod", cb->arg); break; } data->bitmask |= 1 << cb->entry->id; if (cb->invert) data->invert |= 1 << cb->entry->id; }