| /* |
| * Argument parser |
| * Copyright © Jan Engelhardt, 2011 |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License as |
| * published by the Free Software Foundation; either version 2 of |
| * the License, or (at your option) any later version. |
| */ |
| #include <ctype.h> |
| #include <errno.h> |
| #include <getopt.h> |
| #include <limits.h> |
| #include <netdb.h> |
| #include <stdbool.h> |
| #include <stdint.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <syslog.h> |
| #include <arpa/inet.h> |
| #include <netinet/ip.h> |
| #include "xtables.h" |
| #include "xshared.h" |
| #ifndef IPTOS_NORMALSVC |
| # define IPTOS_NORMALSVC 0 |
| #endif |
| |
| #define XTOPT_MKPTR(cb) \ |
| ((void *)((char *)(cb)->data + (cb)->entry->ptroff)) |
| |
| /** |
| * Simple key-value pairs for syslog levels |
| */ |
| struct syslog_level { |
| char name[8]; |
| uint8_t level; |
| }; |
| |
| struct tos_value_mask { |
| uint8_t value, mask; |
| }; |
| |
| /** |
| * Creates getopt options from the x6-style option map, and assigns each a |
| * getopt id. |
| */ |
| struct option * |
| xtables_options_xfrm(struct option *orig_opts, struct option *oldopts, |
| const struct xt_option_entry *entry, unsigned int *offset) |
| { |
| unsigned int num_orig, num_old = 0, num_new, i; |
| struct option *merge, *mp; |
| |
| if (entry == NULL) |
| return oldopts; |
| for (num_orig = 0; orig_opts[num_orig].name != NULL; ++num_orig) |
| ; |
| if (oldopts != NULL) |
| for (num_old = 0; oldopts[num_old].name != NULL; ++num_old) |
| ; |
| for (num_new = 0; entry[num_new].name != NULL; ++num_new) |
| ; |
| |
| /* |
| * Since @oldopts also has @orig_opts already (and does so at the |
| * start), skip these entries. |
| */ |
| oldopts += num_orig; |
| num_old -= num_orig; |
| |
| merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1)); |
| if (merge == NULL) |
| return NULL; |
| |
| /* Let the base options -[ADI...] have precedence over everything */ |
| memcpy(merge, orig_opts, sizeof(*mp) * num_orig); |
| mp = merge + num_orig; |
| |
| /* Second, the new options */ |
| xt_params->option_offset += XT_OPTION_OFFSET_SCALE; |
| *offset = xt_params->option_offset; |
| |
| for (i = 0; i < num_new; ++i, ++mp, ++entry) { |
| mp->name = entry->name; |
| mp->has_arg = entry->type != XTTYPE_NONE; |
| mp->flag = NULL; |
| mp->val = entry->id + *offset; |
| } |
| |
| /* Third, the old options */ |
| memcpy(mp, oldopts, sizeof(*mp) * num_old); |
| mp += num_old; |
| xtables_free_opts(0); |
| |
| /* Clear trailing entry */ |
| memset(mp, 0, sizeof(*mp)); |
| return merge; |
| } |
| |
| /** |
| * Require a simple integer. |
| */ |
| static void xtopt_parse_int(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| unsigned long long lmin = 0, lmax = UINT32_MAX; |
| unsigned int value; |
| |
| if (entry->type == XTTYPE_UINT8) |
| lmax = UINT8_MAX; |
| else if (entry->type == XTTYPE_UINT16) |
| lmax = UINT16_MAX; |
| else if (entry->type == XTTYPE_UINT64) |
| lmax = UINT64_MAX; |
| if (cb->entry->min != 0) |
| lmin = cb->entry->min; |
| if (cb->entry->max != 0) |
| lmax = cb->entry->max; |
| |
| if (!xtables_strtoui(cb->arg, NULL, &value, lmin, lmax)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: bad value for option \"--%s\", " |
| "or out of range (%llu-%llu).\n", |
| cb->ext_name, entry->name, lmin, lmax); |
| |
| if (entry->type == XTTYPE_UINT8) { |
| cb->val.u8 = value; |
| if (entry->flags & XTOPT_PUT) |
| *(uint8_t *)XTOPT_MKPTR(cb) = cb->val.u8; |
| } else if (entry->type == XTTYPE_UINT16) { |
| cb->val.u16 = value; |
| if (entry->flags & XTOPT_PUT) |
| *(uint16_t *)XTOPT_MKPTR(cb) = cb->val.u16; |
| } else if (entry->type == XTTYPE_UINT32) { |
| cb->val.u32 = value; |
| if (entry->flags & XTOPT_PUT) |
| *(uint32_t *)XTOPT_MKPTR(cb) = cb->val.u32; |
| } else if (entry->type == XTTYPE_UINT64) { |
| cb->val.u64 = value; |
| if (entry->flags & XTOPT_PUT) |
| *(uint64_t *)XTOPT_MKPTR(cb) = cb->val.u64; |
| } |
| } |
| |
| /** |
| * Require a simple floating point number. |
| */ |
| static void xtopt_parse_float(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| double value; |
| char *end; |
| |
| value = strtod(cb->arg, &end); |
| if (end == cb->arg || *end != '\0' || |
| (entry->min != entry->max && |
| (value < entry->min || value > entry->max))) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: bad value for option \"--%s\", " |
| "or out of range (%u-%u).\n", |
| cb->ext_name, entry->name, entry->min, entry->max); |
| |
| cb->val.dbl = value; |
| if (entry->flags & XTOPT_PUT) |
| *(double *)XTOPT_MKPTR(cb) = cb->val.dbl; |
| } |
| |
| /** |
| * Multiple integer parse routine. |
| * |
| * This function is capable of parsing any number of fields. Only the first |
| * two values from the string will be put into @cb however (and as such, |
| * @cb->val.uXX_range is just that large) to cater for the few extensions that |
| * do not have a range[2] field, but {min, max}, and which cannot use |
| * XTOPT_POINTER. |
| */ |
| static void xtopt_parse_mint(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| const char *arg = cb->arg; |
| size_t esize = sizeof(uint32_t); |
| char *put = XTOPT_MKPTR(cb); |
| unsigned int maxiter, value; |
| char *end = ""; |
| char sep = ':'; |
| |
| if (entry->type == XTTYPE_UINT8RC) |
| esize = sizeof(uint8_t); |
| else if (entry->type == XTTYPE_UINT16RC) |
| esize = sizeof(uint16_t); |
| else if (entry->type == XTTYPE_UINT64RC) |
| esize = sizeof(uint64_t); |
| maxiter = entry->size / esize; |
| if (maxiter == 0) |
| maxiter = 2; /* ARRAY_SIZE(cb->val.uXX_range) */ |
| if (entry->size % esize != 0) |
| xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does " |
| "not have proper size\n", __func__); |
| |
| cb->nvals = 0; |
| for (arg = cb->arg; ; arg = end + 1) { |
| if (cb->nvals == maxiter) |
| xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many " |
| "components for option \"--%s\" (max: %u)\n", |
| cb->ext_name, entry->name, maxiter); |
| if (!xtables_strtoui(arg, &end, &value, 0, UINT32_MAX)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: bad value for option \"--%s\", " |
| "or out of range (0-%u).\n", |
| cb->ext_name, entry->name, UINT32_MAX); |
| if (*end != '\0' && *end != sep) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: Argument to \"--%s\" has unexpected " |
| "characters.\n", cb->ext_name, entry->name); |
| if (cb->nvals < ARRAY_SIZE(cb->val.u32_range)) { |
| if (entry->type == XTTYPE_UINT8RC) |
| cb->val.u8_range[cb->nvals] = value; |
| else if (entry->type == XTTYPE_UINT16RC) |
| cb->val.u16_range[cb->nvals] = value; |
| else if (entry->type == XTTYPE_UINT32RC) |
| cb->val.u32_range[cb->nvals] = value; |
| else if (entry->type == XTTYPE_UINT64RC) |
| cb->val.u64_range[cb->nvals] = value; |
| } |
| ++cb->nvals; |
| if (entry->flags & XTOPT_PUT) { |
| if (entry->type == XTTYPE_UINT8RC) |
| *(uint8_t *)put = value; |
| else if (entry->type == XTTYPE_UINT16RC) |
| *(uint16_t *)put = value; |
| else if (entry->type == XTTYPE_UINT32RC) |
| *(uint32_t *)put = value; |
| else if (entry->type == XTTYPE_UINT64RC) |
| *(uint64_t *)put = value; |
| put += esize; |
| } |
| if (*end == '\0') |
| break; |
| } |
| } |
| |
| static void xtopt_parse_string(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| size_t z = strlen(cb->arg); |
| char *p; |
| |
| if (entry->min != 0 && z < entry->min) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "Argument must have a minimum length of " |
| "%u characters\n", entry->min); |
| if (entry->max != 0 && z > entry->max) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "Argument must have a maximum length of " |
| "%u characters\n", entry->max); |
| if (!(entry->flags & XTOPT_PUT)) |
| return; |
| if (z >= entry->size) |
| z = entry->size - 1; |
| p = XTOPT_MKPTR(cb); |
| strncpy(p, cb->arg, z); |
| p[z] = '\0'; |
| } |
| |
| static const struct tos_symbol_info { |
| unsigned char value; |
| const char *name; |
| } tos_symbol_names[] = { |
| {IPTOS_LOWDELAY, "Minimize-Delay"}, |
| {IPTOS_THROUGHPUT, "Maximize-Throughput"}, |
| {IPTOS_RELIABILITY, "Maximize-Reliability"}, |
| {IPTOS_MINCOST, "Minimize-Cost"}, |
| {IPTOS_NORMALSVC, "Normal-Service"}, |
| {}, |
| }; |
| |
| /* |
| * tos_parse_numeric - parse a string like "15/255" |
| * |
| * @str: input string |
| * @tvm: (value/mask) tuple |
| * @max: maximum allowed value (must be pow(2,some_int)-1) |
| */ |
| static bool tos_parse_numeric(const char *str, struct xt_option_call *cb, |
| unsigned int max) |
| { |
| unsigned int value; |
| char *end; |
| |
| xtables_strtoui(str, &end, &value, 0, max); |
| cb->val.tos_value = value; |
| cb->val.tos_mask = max; |
| |
| if (*end == '/') { |
| const char *p = end + 1; |
| |
| if (!xtables_strtoui(p, &end, &value, 0, max)) |
| xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", |
| str); |
| cb->val.tos_mask = value; |
| } |
| |
| if (*end != '\0') |
| xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str); |
| return true; |
| } |
| |
| /** |
| * @str: input string |
| * @tvm: (value/mask) tuple |
| * @def_mask: mask to force when a symbolic name is used |
| */ |
| static void xtopt_parse_tosmask(struct xt_option_call *cb) |
| { |
| const struct tos_symbol_info *symbol; |
| char *tmp; |
| |
| if (xtables_strtoui(cb->arg, &tmp, NULL, 0, UINT8_MAX)) { |
| tos_parse_numeric(cb->arg, cb, UINT8_MAX); |
| return; |
| } |
| /* |
| * This is our way we deal with different defaults |
| * for different revisions. |
| */ |
| cb->val.tos_mask = cb->entry->max; |
| for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol) |
| if (strcasecmp(cb->arg, symbol->name) == 0) { |
| cb->val.tos_value = symbol->value; |
| return; |
| } |
| |
| xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", |
| cb->arg); |
| } |
| |
| /** |
| * Validate the input for being conformant to "mark[/mask]". |
| */ |
| static void xtopt_parse_markmask(struct xt_option_call *cb) |
| { |
| unsigned int mark = 0, mask = ~0U; |
| char *end; |
| |
| if (!xtables_strtoui(cb->arg, &end, &mark, 0, UINT32_MAX)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: bad mark value for option \"--%s\", " |
| "or out of range.\n", |
| cb->ext_name, cb->entry->name); |
| if (*end == '/' && |
| !xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: bad mask value for option \"--%s\", " |
| "or out of range.\n", |
| cb->ext_name, cb->entry->name); |
| if (*end != '\0') |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: trailing garbage after value " |
| "for option \"--%s\".\n", |
| cb->ext_name, cb->entry->name); |
| cb->val.mark = mark; |
| cb->val.mask = mask; |
| } |
| |
| static int xtopt_sysloglvl_compare(const void *a, const void *b) |
| { |
| const char *name = a; |
| const struct syslog_level *entry = b; |
| |
| return strcmp(name, entry->name); |
| } |
| |
| static void xtopt_parse_sysloglevel(struct xt_option_call *cb) |
| { |
| static const struct syslog_level log_names[] = { /* must be sorted */ |
| {"alert", LOG_ALERT}, |
| {"crit", LOG_CRIT}, |
| {"debug", LOG_DEBUG}, |
| {"emerg", LOG_EMERG}, |
| {"error", LOG_ERR}, /* deprecated */ |
| {"info", LOG_INFO}, |
| {"notice", LOG_NOTICE}, |
| {"panic", LOG_EMERG}, /* deprecated */ |
| {"warning", LOG_WARNING}, |
| }; |
| const struct syslog_level *e; |
| unsigned int num = 0; |
| |
| if (!xtables_strtoui(cb->arg, NULL, &num, 0, 7)) { |
| e = bsearch(cb->arg, log_names, ARRAY_SIZE(log_names), |
| sizeof(*log_names), xtopt_sysloglvl_compare); |
| if (e == NULL) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "log level \"%s\" unknown\n", cb->arg); |
| num = e->level; |
| } |
| cb->val.syslog_level = num; |
| if (cb->entry->flags & XTOPT_PUT) |
| *(uint8_t *)XTOPT_MKPTR(cb) = num; |
| } |
| |
| static void *xtables_sa_host(const void *sa, unsigned int afproto) |
| { |
| if (afproto == AF_INET6) |
| return &((struct sockaddr_in6 *)sa)->sin6_addr; |
| else if (afproto == AF_INET) |
| return &((struct sockaddr_in *)sa)->sin_addr; |
| return (void *)sa; |
| } |
| |
| static socklen_t xtables_sa_hostlen(unsigned int afproto) |
| { |
| if (afproto == AF_INET6) |
| return sizeof(struct in6_addr); |
| else if (afproto == AF_INET) |
| return sizeof(struct in_addr); |
| return 0; |
| } |
| |
| /** |
| * Accepts: a hostname (DNS), or a single inetaddr - without any mask. The |
| * result is stored in @cb->val.haddr. Additionally, @cb->val.hmask and |
| * @cb->val.hlen are set for completeness to the appropriate values. |
| */ |
| static void xtopt_parse_host(struct xt_option_call *cb) |
| { |
| struct addrinfo hints = {.ai_family = afinfo->family}; |
| unsigned int adcount = 0; |
| struct addrinfo *res, *p; |
| int ret; |
| |
| ret = getaddrinfo(cb->arg, NULL, &hints, &res); |
| if (ret < 0) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "getaddrinfo: %s\n", gai_strerror(ret)); |
| |
| memset(&cb->val.hmask, 0xFF, sizeof(cb->val.hmask)); |
| cb->val.hlen = (afinfo->family == NFPROTO_IPV4) ? 32 : 128; |
| |
| for (p = res; p != NULL; p = p->ai_next) { |
| if (adcount == 0) { |
| memset(&cb->val.haddr, 0, sizeof(cb->val.haddr)); |
| memcpy(&cb->val.haddr, |
| xtables_sa_host(p->ai_addr, p->ai_family), |
| xtables_sa_hostlen(p->ai_family)); |
| ++adcount; |
| continue; |
| } |
| if (memcmp(&cb->val.haddr, |
| xtables_sa_host(p->ai_addr, p->ai_family), |
| xtables_sa_hostlen(p->ai_family)) != 0) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s resolves to more than one address\n", |
| cb->arg); |
| } |
| |
| freeaddrinfo(res); |
| if (cb->entry->flags & XTOPT_PUT) |
| /* Validation in xtables_option_metavalidate */ |
| memcpy(XTOPT_MKPTR(cb), &cb->val.haddr, |
| sizeof(cb->val.haddr)); |
| } |
| |
| /** |
| * @name: port name, or number as a string (e.g. "http" or "80") |
| * |
| * Resolve a port name to a number. Returns the port number in integral |
| * form on success, or <0 on error. (errno will not be set.) |
| */ |
| static int xtables_getportbyname(const char *name) |
| { |
| struct addrinfo *res = NULL, *p; |
| int ret; |
| |
| ret = getaddrinfo(NULL, name, NULL, &res); |
| if (ret < 0) |
| return -1; |
| ret = -1; |
| for (p = res; p != NULL; p = p->ai_next) { |
| if (p->ai_family == AF_INET6) { |
| ret = ((struct sockaddr_in6 *)p->ai_addr)->sin6_port; |
| break; |
| } else if (p->ai_family == AF_INET) { |
| ret = ((struct sockaddr_in *)p->ai_addr)->sin_port; |
| break; |
| } |
| } |
| freeaddrinfo(res); |
| if (ret < 0) |
| return ret; |
| return ntohs(ret); |
| } |
| |
| /** |
| * Validate and parse a protocol specification (number or name) by use of |
| * /etc/protocols and put the result into @cb->val.protocol. |
| */ |
| static void xtopt_parse_protocol(struct xt_option_call *cb) |
| { |
| const struct protoent *entry; |
| unsigned int value = -1; |
| |
| if (xtables_strtoui(cb->arg, NULL, &value, 0, UINT8_MAX)) { |
| cb->val.protocol = value; |
| return; |
| } |
| entry = getprotobyname(cb->arg); |
| if (entry == NULL) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "Protocol \"%s\" does not resolve to anything.\n", |
| cb->arg); |
| cb->val.protocol = entry->p_proto; |
| if (cb->entry->flags & XTOPT_PUT) |
| *(uint8_t *)XTOPT_MKPTR(cb) = cb->val.protocol; |
| } |
| |
| /** |
| * Validate and parse a port specification and put the result into |
| * @cb->val.port. |
| */ |
| static void xtopt_parse_port(struct xt_option_call *cb) |
| { |
| int ret; |
| |
| ret = xtables_getportbyname(cb->arg); |
| if (ret < 0) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "Port \"%s\" does not resolve to anything.\n", |
| cb->arg); |
| cb->val.port = ret; |
| if (cb->entry->type == XTTYPE_PORT_NE) |
| cb->val.port = htons(cb->val.port); |
| if (cb->entry->flags & XTOPT_PUT) |
| *(uint16_t *)XTOPT_MKPTR(cb) = cb->val.port; |
| } |
| |
| static void xtopt_parse_mport(struct xt_option_call *cb) |
| { |
| static const size_t esize = sizeof(uint16_t); |
| const struct xt_option_entry *entry = cb->entry; |
| char *lo_arg, *wp_arg, *arg; |
| unsigned int maxiter; |
| int value; |
| |
| wp_arg = lo_arg = strdup(cb->arg); |
| if (lo_arg == NULL) |
| xt_params->exit_err(RESOURCE_PROBLEM, "strdup"); |
| |
| maxiter = entry->size / esize; |
| if (maxiter == 0) |
| maxiter = 2; /* ARRAY_SIZE(cb->val.port_range) */ |
| if (entry->size % esize != 0) |
| xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does " |
| "not have proper size\n", __func__); |
| |
| cb->val.port_range[0] = 0; |
| cb->val.port_range[1] = UINT16_MAX; |
| cb->nvals = 0; |
| |
| while ((arg = strsep(&wp_arg, ":")) != NULL) { |
| if (cb->nvals == maxiter) |
| xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many " |
| "components for option \"--%s\" (max: %u)\n", |
| cb->ext_name, entry->name, maxiter); |
| if (*arg == '\0') { |
| ++cb->nvals; |
| continue; |
| } |
| |
| value = xtables_getportbyname(arg); |
| if (value < 0) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "Port \"%s\" does not resolve to " |
| "anything.\n", arg); |
| if (entry->type == XTTYPE_PORTRC_NE) |
| value = htons(value); |
| if (cb->nvals < ARRAY_SIZE(cb->val.port_range)) |
| cb->val.port_range[cb->nvals] = value; |
| ++cb->nvals; |
| } |
| |
| if (cb->nvals == 1) { |
| cb->val.port_range[1] = cb->val.port_range[0]; |
| ++cb->nvals; |
| } |
| if (entry->flags & XTOPT_PUT) |
| memcpy(XTOPT_MKPTR(cb), cb->val.port_range, sizeof(uint16_t) * |
| (cb->nvals <= maxiter ? cb->nvals : maxiter)); |
| free(lo_arg); |
| } |
| |
| /** |
| * Parse an integer and ensure it is within the address family's prefix length |
| * limits. The result is stored in @cb->val.hlen. |
| */ |
| static void xtopt_parse_plen(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| unsigned int prefix_len = 128; /* happiness is a warm gcc */ |
| |
| cb->val.hlen = (afinfo->family == NFPROTO_IPV4) ? 32 : 128; |
| if (!xtables_strtoui(cb->arg, NULL, &prefix_len, 0, cb->val.hlen)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: bad value for option \"--%s\", " |
| "or out of range (%u-%u).\n", |
| cb->ext_name, entry->name, 0, cb->val.hlen); |
| |
| cb->val.hlen = prefix_len; |
| } |
| |
| /** |
| * Reuse xtopt_parse_plen for testing the integer. Afterwards convert this to |
| * a bitmask, and make it available through @cb->val.hmask (hlen remains |
| * valid). If %XTOPT_PUT is used, hmask will be copied to the target area. |
| */ |
| static void xtopt_parse_plenmask(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| uint32_t *mask = cb->val.hmask.all; |
| |
| xtopt_parse_plen(cb); |
| |
| memset(mask, 0xFF, sizeof(union nf_inet_addr)); |
| /* This shifting is AF-independent. */ |
| if (cb->val.hlen == 0) { |
| mask[0] = mask[1] = mask[2] = mask[3] = 0; |
| } else if (cb->val.hlen <= 32) { |
| mask[0] <<= 32 - cb->val.hlen; |
| mask[1] = mask[2] = mask[3] = 0; |
| } else if (cb->val.hlen <= 64) { |
| mask[1] <<= 32 - (cb->val.hlen - 32); |
| mask[2] = mask[3] = 0; |
| } else if (cb->val.hlen <= 96) { |
| mask[2] <<= 32 - (cb->val.hlen - 64); |
| mask[3] = 0; |
| } else if (cb->val.hlen <= 128) { |
| mask[3] <<= 32 - (cb->val.hlen - 96); |
| } |
| mask[0] = htonl(mask[0]); |
| mask[1] = htonl(mask[1]); |
| mask[2] = htonl(mask[2]); |
| mask[3] = htonl(mask[3]); |
| if (entry->flags & XTOPT_PUT) |
| memcpy(XTOPT_MKPTR(cb), mask, sizeof(union nf_inet_addr)); |
| } |
| |
| static void xtopt_parse_hostmask(struct xt_option_call *cb) |
| { |
| const char *orig_arg = cb->arg; |
| char *work, *p; |
| |
| if (strchr(cb->arg, '/') == NULL) { |
| xtopt_parse_host(cb); |
| return; |
| } |
| work = strdup(orig_arg); |
| if (work == NULL) |
| xt_params->exit_err(PARAMETER_PROBLEM, "strdup"); |
| p = strchr(work, '/'); /* by def this can't be NULL now */ |
| *p++ = '\0'; |
| /* |
| * Because xtopt_parse_host and xtopt_parse_plenmask would store |
| * different things in the same target area, XTTYPE_HOSTMASK must |
| * disallow XTOPT_PUT, which it does by forcing its absence, |
| * cf. not being listed in xtopt_psize. |
| */ |
| cb->arg = work; |
| xtopt_parse_host(cb); |
| cb->arg = p; |
| xtopt_parse_plenmask(cb); |
| cb->arg = orig_arg; |
| } |
| |
| static void xtopt_parse_ethermac(struct xt_option_call *cb) |
| { |
| const char *arg = cb->arg; |
| unsigned int i; |
| char *end; |
| |
| for (i = 0; i < ARRAY_SIZE(cb->val.ethermac) - 1; ++i) { |
| cb->val.ethermac[i] = strtoul(arg, &end, 16); |
| if (cb->val.ethermac[i] > UINT8_MAX || *end != ':') |
| goto out; |
| arg = end + 1; |
| } |
| i = ARRAY_SIZE(cb->val.ethermac) - 1; |
| cb->val.ethermac[i] = strtoul(arg, &end, 16); |
| if (cb->val.ethermac[i] > UINT8_MAX || *end != '\0') |
| goto out; |
| if (cb->entry->flags & XTOPT_PUT) |
| memcpy(XTOPT_MKPTR(cb), cb->val.ethermac, |
| sizeof(cb->val.ethermac)); |
| return; |
| out: |
| xt_params->exit_err(PARAMETER_PROBLEM, "ether"); |
| } |
| |
| static void (*const xtopt_subparse[])(struct xt_option_call *) = { |
| [XTTYPE_UINT8] = xtopt_parse_int, |
| [XTTYPE_UINT16] = xtopt_parse_int, |
| [XTTYPE_UINT32] = xtopt_parse_int, |
| [XTTYPE_UINT64] = xtopt_parse_int, |
| [XTTYPE_UINT8RC] = xtopt_parse_mint, |
| [XTTYPE_UINT16RC] = xtopt_parse_mint, |
| [XTTYPE_UINT32RC] = xtopt_parse_mint, |
| [XTTYPE_UINT64RC] = xtopt_parse_mint, |
| [XTTYPE_DOUBLE] = xtopt_parse_float, |
| [XTTYPE_STRING] = xtopt_parse_string, |
| [XTTYPE_TOSMASK] = xtopt_parse_tosmask, |
| [XTTYPE_MARKMASK32] = xtopt_parse_markmask, |
| [XTTYPE_SYSLOGLEVEL] = xtopt_parse_sysloglevel, |
| [XTTYPE_HOST] = xtopt_parse_host, |
| [XTTYPE_HOSTMASK] = xtopt_parse_hostmask, |
| [XTTYPE_PROTOCOL] = xtopt_parse_protocol, |
| [XTTYPE_PORT] = xtopt_parse_port, |
| [XTTYPE_PORT_NE] = xtopt_parse_port, |
| [XTTYPE_PORTRC] = xtopt_parse_mport, |
| [XTTYPE_PORTRC_NE] = xtopt_parse_mport, |
| [XTTYPE_PLEN] = xtopt_parse_plen, |
| [XTTYPE_PLENMASK] = xtopt_parse_plenmask, |
| [XTTYPE_ETHERMAC] = xtopt_parse_ethermac, |
| }; |
| |
| static const size_t xtopt_psize[] = { |
| /* |
| * All types not listed here, and thus essentially being initialized to |
| * zero have zero on purpose. |
| */ |
| [XTTYPE_UINT8] = sizeof(uint8_t), |
| [XTTYPE_UINT16] = sizeof(uint16_t), |
| [XTTYPE_UINT32] = sizeof(uint32_t), |
| [XTTYPE_UINT64] = sizeof(uint64_t), |
| [XTTYPE_UINT8RC] = sizeof(uint8_t[2]), |
| [XTTYPE_UINT16RC] = sizeof(uint16_t[2]), |
| [XTTYPE_UINT32RC] = sizeof(uint32_t[2]), |
| [XTTYPE_UINT64RC] = sizeof(uint64_t[2]), |
| [XTTYPE_DOUBLE] = sizeof(double), |
| [XTTYPE_STRING] = -1, |
| [XTTYPE_SYSLOGLEVEL] = sizeof(uint8_t), |
| [XTTYPE_HOST] = sizeof(union nf_inet_addr), |
| [XTTYPE_HOSTMASK] = sizeof(union nf_inet_addr), |
| [XTTYPE_PROTOCOL] = sizeof(uint8_t), |
| [XTTYPE_PORT] = sizeof(uint16_t), |
| [XTTYPE_PORT_NE] = sizeof(uint16_t), |
| [XTTYPE_PORTRC] = sizeof(uint16_t[2]), |
| [XTTYPE_PORTRC_NE] = sizeof(uint16_t[2]), |
| [XTTYPE_PLENMASK] = sizeof(union nf_inet_addr), |
| [XTTYPE_ETHERMAC] = sizeof(uint8_t[6]), |
| }; |
| |
| /** |
| * The master option parsing routine. May be used for the ".x6_parse" |
| * function pointer in extensions if fully automatic parsing is desired. |
| * It may be also called manually from a custom x6_parse function. |
| */ |
| void xtables_option_parse(struct xt_option_call *cb) |
| { |
| const struct xt_option_entry *entry = cb->entry; |
| unsigned int eflag = 1 << cb->entry->id; |
| |
| /* |
| * With {.id = P_FOO, .excl = P_FOO} we can have simple double-use |
| * prevention. Though it turned out that this is too much typing (most |
| * of the options are one-time use only), so now we also have |
| * %XTOPT_MULTI. |
| */ |
| if ((!(entry->flags & XTOPT_MULTI) || (entry->excl & eflag)) && |
| cb->xflags & eflag) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: option \"--%s\" can only be used once.\n", |
| cb->ext_name, cb->entry->name); |
| if (cb->invert && !(entry->flags & XTOPT_INVERT)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: option \"--%s\" cannot be inverted.\n", |
| cb->ext_name, entry->name); |
| if (entry->type != XTTYPE_NONE && optarg == NULL) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: option \"--%s\" requires an argument.\n", |
| cb->ext_name, entry->name); |
| if (entry->type <= ARRAY_SIZE(xtopt_subparse) && |
| xtopt_subparse[entry->type] != NULL) |
| xtopt_subparse[entry->type](cb); |
| /* Exclusion with other flags tested later in finalize. */ |
| cb->xflags |= 1 << entry->id; |
| } |
| |
| /** |
| * Verifies that an extension's option map descriptor is valid, and ought to |
| * be called right after the extension has been loaded, and before option |
| * merging/xfrm. |
| */ |
| void xtables_option_metavalidate(const char *name, |
| const struct xt_option_entry *entry) |
| { |
| for (; entry->name != NULL; ++entry) { |
| if (entry->id >= CHAR_BIT * sizeof(unsigned int) || |
| entry->id >= XT_OPTION_OFFSET_SCALE) |
| xt_params->exit_err(OTHER_PROBLEM, |
| "Extension %s uses invalid ID %u\n", |
| name, entry->id); |
| if (!(entry->flags & XTOPT_PUT)) |
| continue; |
| if (entry->type >= ARRAY_SIZE(xtopt_psize) || |
| xtopt_psize[entry->type] == 0) |
| xt_params->exit_err(OTHER_PROBLEM, |
| "%s: entry type of option \"--%s\" cannot be " |
| "combined with XTOPT_PUT\n", |
| name, entry->name); |
| if (xtopt_psize[entry->type] != -1 && |
| xtopt_psize[entry->type] != entry->size) |
| xt_params->exit_err(OTHER_PROBLEM, |
| "%s: option \"--%s\" points to a memory block " |
| "of wrong size (expected %zu, got %zu)\n", |
| name, entry->name, |
| xtopt_psize[entry->type], entry->size); |
| } |
| } |
| |
| /** |
| * Find an option entry by its id. |
| */ |
| static const struct xt_option_entry * |
| xtables_option_lookup(const struct xt_option_entry *entry, unsigned int id) |
| { |
| for (; entry->name != NULL; ++entry) |
| if (entry->id == id) |
| return entry; |
| return NULL; |
| } |
| |
| /** |
| * @c: getopt id (i.e. with offset) |
| * @fw: struct ipt_entry or ip6t_entry |
| * |
| * Dispatch arguments to the appropriate parse function, based upon the |
| * extension's choice of API. |
| */ |
| void xtables_option_tpcall(unsigned int c, char **argv, bool invert, |
| struct xtables_target *t, void *fw) |
| { |
| struct xt_option_call cb; |
| |
| if (t->x6_parse == NULL) { |
| if (t->parse != NULL) |
| t->parse(c - t->option_offset, argv, invert, |
| &t->tflags, fw, &t->t); |
| return; |
| } |
| |
| c -= t->option_offset; |
| cb.entry = xtables_option_lookup(t->x6_options, c); |
| if (cb.entry == NULL) |
| xtables_error(OTHER_PROBLEM, |
| "Extension does not know id %u\n", c); |
| cb.arg = optarg; |
| cb.invert = invert; |
| cb.ext_name = t->name; |
| cb.data = t->t->data; |
| cb.xflags = t->tflags; |
| cb.target = &t->t; |
| cb.xt_entry = fw; |
| t->x6_parse(&cb); |
| t->tflags = cb.xflags; |
| } |
| |
| /** |
| * @c: getopt id (i.e. with offset) |
| * @fw: struct ipt_entry or ip6t_entry |
| * |
| * Dispatch arguments to the appropriate parse function, based upon the |
| * extension's choice of API. |
| */ |
| void xtables_option_mpcall(unsigned int c, char **argv, bool invert, |
| struct xtables_match *m, void *fw) |
| { |
| struct xt_option_call cb; |
| |
| if (m->x6_parse == NULL) { |
| if (m->parse != NULL) |
| m->parse(c - m->option_offset, argv, invert, |
| &m->mflags, fw, &m->m); |
| return; |
| } |
| |
| c -= m->option_offset; |
| cb.entry = xtables_option_lookup(m->x6_options, c); |
| if (cb.entry == NULL) |
| xtables_error(OTHER_PROBLEM, |
| "Extension does not know id %u\n", c); |
| cb.arg = optarg; |
| cb.invert = invert; |
| cb.ext_name = m->name; |
| cb.data = m->m->data; |
| cb.xflags = m->mflags; |
| cb.match = &m->m; |
| cb.xt_entry = fw; |
| m->x6_parse(&cb); |
| m->mflags = cb.xflags; |
| } |
| |
| /** |
| * @name: name of extension |
| * @entry: current option (from all ext's entries) being validated |
| * @xflags: flags the extension has collected |
| * @i: conflicting option (id) to test for |
| */ |
| static void |
| xtables_option_fcheck2(const char *name, const struct xt_option_entry *entry, |
| const struct xt_option_entry *other, |
| unsigned int xflags) |
| { |
| unsigned int ef = 1 << entry->id, of = 1 << other->id; |
| |
| if (entry->also & of && !(xflags & of)) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: option \"--%s\" also requires \"--%s\".\n", |
| name, entry->name, other->name); |
| |
| if (!(entry->excl & of)) |
| /* Use of entry does not collide with other option, good. */ |
| return; |
| if ((xflags & (ef | of)) != (ef | of)) |
| /* Conflicting options were not used. */ |
| return; |
| |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: option \"--%s\" cannot be used together with \"--%s\".\n", |
| name, entry->name, other->name); |
| } |
| |
| /** |
| * @name: name of extension |
| * @xflags: accumulated flags |
| * @entry: extension's option table |
| * |
| * Check that all option constraints have been met. This effectively replaces |
| * ->final_check of the older API. |
| */ |
| void xtables_options_fcheck(const char *name, unsigned int xflags, |
| const struct xt_option_entry *table) |
| { |
| const struct xt_option_entry *entry, *other; |
| unsigned int i; |
| |
| for (entry = table; entry->name != NULL; ++entry) { |
| if (entry->flags & XTOPT_MAND && |
| !(xflags & (1 << entry->id))) |
| xt_params->exit_err(PARAMETER_PROBLEM, |
| "%s: option \"--%s\" must be specified\n", |
| name, entry->name); |
| if (!(xflags & (1 << entry->id))) |
| /* Not required, not specified, thus skip. */ |
| continue; |
| |
| for (i = 0; i < CHAR_BIT * sizeof(entry->id); ++i) { |
| if (entry->id == i) |
| /* |
| * Avoid conflict with self. Multi-use check |
| * was done earlier in xtables_option_parse. |
| */ |
| continue; |
| other = xtables_option_lookup(table, i); |
| if (other == NULL) |
| continue; |
| xtables_option_fcheck2(name, entry, other, xflags); |
| } |
| } |
| } |
| |
| /** |
| * Dispatch arguments to the appropriate final_check function, based upon the |
| * extension's choice of API. |
| */ |
| void xtables_option_tfcall(struct xtables_target *t) |
| { |
| if (t->x6_fcheck != NULL) { |
| struct xt_fcheck_call cb; |
| |
| cb.ext_name = t->name; |
| cb.data = t->t->data; |
| cb.xflags = t->tflags; |
| t->x6_fcheck(&cb); |
| } else if (t->final_check != NULL) { |
| t->final_check(t->tflags); |
| } |
| if (t->x6_options != NULL) |
| xtables_options_fcheck(t->name, t->tflags, t->x6_options); |
| } |
| |
| /** |
| * Dispatch arguments to the appropriate final_check function, based upon the |
| * extension's choice of API. |
| */ |
| void xtables_option_mfcall(struct xtables_match *m) |
| { |
| if (m->x6_fcheck != NULL) { |
| struct xt_fcheck_call cb; |
| |
| cb.ext_name = m->name; |
| cb.data = m->m->data; |
| cb.xflags = m->mflags; |
| m->x6_fcheck(&cb); |
| } else if (m->final_check != NULL) { |
| m->final_check(m->mflags); |
| } |
| if (m->x6_options != NULL) |
| xtables_options_fcheck(m->name, m->mflags, m->x6_options); |
| } |
| |
| struct xtables_lmap *xtables_lmap_init(const char *file) |
| { |
| struct xtables_lmap *lmap_head = NULL, *lmap_prev = NULL, *lmap_this; |
| char buf[512]; |
| FILE *fp; |
| char *cur, *nxt; |
| int id; |
| |
| fp = fopen(file, "re"); |
| if (fp == NULL) |
| return NULL; |
| |
| while (fgets(buf, sizeof(buf), fp) != NULL) { |
| cur = buf; |
| while (isspace(*cur)) |
| ++cur; |
| if (*cur == '#' || *cur == '\n' || *cur == '\0') |
| continue; |
| |
| /* iproute2 allows hex and dec format */ |
| errno = 0; |
| id = strtoul(cur, &nxt, strncmp(cur, "0x", 2) == 0 ? 16 : 10); |
| if (nxt == cur || errno != 0) |
| continue; |
| |
| /* same boundaries as in iproute2 */ |
| if (id < 0 || id > 255) |
| continue; |
| cur = nxt; |
| |
| if (!isspace(*cur)) |
| continue; |
| while (isspace(*cur)) |
| ++cur; |
| if (*cur == '#' || *cur == '\n' || *cur == '\0') |
| continue; |
| nxt = cur; |
| while (*nxt != '\0' && !isspace(*nxt)) |
| ++nxt; |
| if (nxt == cur) |
| continue; |
| *nxt = '\0'; |
| |
| /* found valid data */ |
| lmap_this = malloc(sizeof(*lmap_this)); |
| if (lmap_this == NULL) { |
| perror("malloc"); |
| goto out; |
| } |
| lmap_this->id = id; |
| lmap_this->name = strdup(cur); |
| if (lmap_this->name == NULL) { |
| free(lmap_this); |
| goto out; |
| } |
| lmap_this->next = NULL; |
| |
| if (lmap_prev != NULL) |
| lmap_prev->next = lmap_this; |
| else |
| lmap_head = lmap_this; |
| lmap_prev = lmap_this; |
| } |
| |
| fclose(fp); |
| return lmap_head; |
| out: |
| xtables_lmap_free(lmap_head); |
| return NULL; |
| } |
| |
| void xtables_lmap_free(struct xtables_lmap *head) |
| { |
| struct xtables_lmap *next; |
| |
| for (; head != NULL; head = next) { |
| next = head->next; |
| free(head->name); |
| free(head); |
| } |
| } |
| |
| int xtables_lmap_name2id(const struct xtables_lmap *head, const char *name) |
| { |
| for (; head != NULL; head = head->next) |
| if (strcmp(head->name, name) == 0) |
| return head->id; |
| return -1; |
| } |
| |
| const char *xtables_lmap_id2name(const struct xtables_lmap *head, int id) |
| { |
| for (; head != NULL; head = head->next) |
| if (head->id == id) |
| return head->name; |
| return NULL; |
| } |