xtoptions.c revision 0787a82873fe9db5dea478942b183e6ff2a8500d
1/* 2 * Argument parser 3 * Copyright © Jan Engelhardt, 2011 4 * 5 * This program is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU General Public License as 7 * published by the Free Software Foundation; either version 2 of 8 * the License, or (at your option) any later version. 9 */ 10#include <ctype.h> 11#include <errno.h> 12#include <getopt.h> 13#include <limits.h> 14#include <netdb.h> 15#include <stdbool.h> 16#include <stdint.h> 17#include <stdio.h> 18#include <stdlib.h> 19#include <string.h> 20#include <syslog.h> 21#include <arpa/inet.h> 22#include <netinet/ip.h> 23#include "xtables.h" 24#include "xshared.h" 25#ifndef IPTOS_NORMALSVC 26# define IPTOS_NORMALSVC 0 27#endif 28 29#define XTOPT_MKPTR(cb) \ 30 ((void *)((char *)(cb)->data + (cb)->entry->ptroff)) 31 32/** 33 * Simple key-value pairs for syslog levels 34 */ 35struct syslog_level { 36 char name[8]; 37 uint8_t level; 38}; 39 40struct tos_value_mask { 41 uint8_t value, mask; 42}; 43 44/** 45 * Creates getopt options from the x6-style option map, and assigns each a 46 * getopt id. 47 */ 48struct option * 49xtables_options_xfrm(struct option *orig_opts, struct option *oldopts, 50 const struct xt_option_entry *entry, unsigned int *offset) 51{ 52 unsigned int num_orig, num_old = 0, num_new, i; 53 struct option *merge, *mp; 54 55 if (entry == NULL) 56 return oldopts; 57 for (num_orig = 0; orig_opts[num_orig].name != NULL; ++num_orig) 58 ; 59 if (oldopts != NULL) 60 for (num_old = 0; oldopts[num_old].name != NULL; ++num_old) 61 ; 62 for (num_new = 0; entry[num_new].name != NULL; ++num_new) 63 ; 64 65 /* 66 * Since @oldopts also has @orig_opts already (and does so at the 67 * start), skip these entries. 68 */ 69 oldopts += num_orig; 70 num_old -= num_orig; 71 72 merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1)); 73 if (merge == NULL) 74 return NULL; 75 76 /* Let the base options -[ADI...] have precedence over everything */ 77 memcpy(merge, orig_opts, sizeof(*mp) * num_orig); 78 mp = merge + num_orig; 79 80 /* Second, the new options */ 81 xt_params->option_offset += XT_OPTION_OFFSET_SCALE; 82 *offset = xt_params->option_offset; 83 84 for (i = 0; i < num_new; ++i, ++mp, ++entry) { 85 mp->name = entry->name; 86 mp->has_arg = entry->type != XTTYPE_NONE; 87 mp->flag = NULL; 88 mp->val = entry->id + *offset; 89 } 90 91 /* Third, the old options */ 92 memcpy(mp, oldopts, sizeof(*mp) * num_old); 93 mp += num_old; 94 xtables_free_opts(0); 95 96 /* Clear trailing entry */ 97 memset(mp, 0, sizeof(*mp)); 98 return merge; 99} 100 101/** 102 * Require a simple integer. 103 */ 104static void xtopt_parse_int(struct xt_option_call *cb) 105{ 106 const struct xt_option_entry *entry = cb->entry; 107 unsigned long long lmin = 0, lmax = UINT32_MAX; 108 unsigned int value; 109 110 if (entry->type == XTTYPE_UINT8) 111 lmax = UINT8_MAX; 112 else if (entry->type == XTTYPE_UINT16) 113 lmax = UINT16_MAX; 114 else if (entry->type == XTTYPE_UINT64) 115 lmax = UINT64_MAX; 116 if (cb->entry->min != 0) 117 lmin = cb->entry->min; 118 if (cb->entry->max != 0) 119 lmax = cb->entry->max; 120 121 if (!xtables_strtoui(cb->arg, NULL, &value, lmin, lmax)) 122 xt_params->exit_err(PARAMETER_PROBLEM, 123 "%s: bad value for option \"--%s\", " 124 "or out of range (%llu-%llu).\n", 125 cb->ext_name, entry->name, lmin, lmax); 126 127 if (entry->type == XTTYPE_UINT8) { 128 cb->val.u8 = value; 129 if (entry->flags & XTOPT_PUT) 130 *(uint8_t *)XTOPT_MKPTR(cb) = cb->val.u8; 131 } else if (entry->type == XTTYPE_UINT16) { 132 cb->val.u16 = value; 133 if (entry->flags & XTOPT_PUT) 134 *(uint16_t *)XTOPT_MKPTR(cb) = cb->val.u16; 135 } else if (entry->type == XTTYPE_UINT32) { 136 cb->val.u32 = value; 137 if (entry->flags & XTOPT_PUT) 138 *(uint32_t *)XTOPT_MKPTR(cb) = cb->val.u32; 139 } else if (entry->type == XTTYPE_UINT64) { 140 cb->val.u64 = value; 141 if (entry->flags & XTOPT_PUT) 142 *(uint64_t *)XTOPT_MKPTR(cb) = cb->val.u64; 143 } 144} 145 146/** 147 * Multiple integer parse routine. 148 * 149 * This function is capable of parsing any number of fields. Only the first 150 * two values from the string will be put into @cb however (and as such, 151 * @cb->val.uXX_range is just that large) to cater for the few extensions that 152 * do not have a range[2] field, but {min, max}, and which cannot use 153 * XTOPT_POINTER. 154 */ 155static void xtopt_parse_mint(struct xt_option_call *cb) 156{ 157 const struct xt_option_entry *entry = cb->entry; 158 const char *arg = cb->arg; 159 size_t esize = sizeof(uint32_t); 160 char *put = XTOPT_MKPTR(cb); 161 unsigned int maxiter, value; 162 char *end = ""; 163 char sep = ':'; 164 165 if (entry->type == XTTYPE_UINT8RC) 166 esize = sizeof(uint8_t); 167 else if (entry->type == XTTYPE_UINT16RC) 168 esize = sizeof(uint16_t); 169 else if (entry->type == XTTYPE_UINT64RC) 170 esize = sizeof(uint64_t); 171 maxiter = entry->size / esize; 172 if (maxiter == 0) 173 maxiter = 2; /* ARRAY_SIZE(cb->val.uXX_range) */ 174 if (entry->size % esize != 0) 175 xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does " 176 "not have proper size\n", __func__); 177 178 cb->nvals = 0; 179 for (arg = cb->arg; ; arg = end + 1) { 180 if (cb->nvals == maxiter) 181 xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many " 182 "components for option \"--%s\" (max: %u)\n", 183 cb->ext_name, entry->name, maxiter); 184 if (!xtables_strtoui(arg, &end, &value, 0, UINT32_MAX)) 185 xt_params->exit_err(PARAMETER_PROBLEM, 186 "%s: bad value for option \"--%s\", " 187 "or out of range (0-%u).\n", 188 cb->ext_name, entry->name, UINT32_MAX); 189 if (*end != '\0' && *end != sep) 190 xt_params->exit_err(PARAMETER_PROBLEM, 191 "%s: Argument to \"--%s\" has unexpected " 192 "characters.\n", cb->ext_name, entry->name); 193 if (cb->nvals < ARRAY_SIZE(cb->val.u32_range)) { 194 if (entry->type == XTTYPE_UINT8RC) 195 cb->val.u8_range[cb->nvals] = value; 196 else if (entry->type == XTTYPE_UINT16RC) 197 cb->val.u16_range[cb->nvals] = value; 198 else if (entry->type == XTTYPE_UINT32RC) 199 cb->val.u32_range[cb->nvals] = value; 200 else if (entry->type == XTTYPE_UINT64RC) 201 cb->val.u64_range[cb->nvals] = value; 202 } 203 ++cb->nvals; 204 if (entry->flags & XTOPT_PUT) { 205 if (entry->type == XTTYPE_UINT8RC) 206 *(uint8_t *)put = value; 207 else if (entry->type == XTTYPE_UINT16RC) 208 *(uint16_t *)put = value; 209 else if (entry->type == XTTYPE_UINT32RC) 210 *(uint32_t *)put = value; 211 else if (entry->type == XTTYPE_UINT64RC) 212 *(uint64_t *)put = value; 213 put += esize; 214 } 215 if (*end == '\0') 216 break; 217 } 218} 219 220static void xtopt_parse_string(struct xt_option_call *cb) 221{ 222 const struct xt_option_entry *entry = cb->entry; 223 size_t z = strlen(cb->arg); 224 char *p; 225 226 if (entry->min != 0 && z < entry->min) 227 xt_params->exit_err(PARAMETER_PROBLEM, 228 "Argument must have a minimum length of " 229 "%u characters\n", entry->min); 230 if (entry->max != 0 && z > entry->max) 231 xt_params->exit_err(PARAMETER_PROBLEM, 232 "Argument must have a maximum length of " 233 "%u characters\n", entry->max); 234 if (!(entry->flags & XTOPT_PUT)) 235 return; 236 if (z >= entry->size) 237 z = entry->size - 1; 238 p = XTOPT_MKPTR(cb); 239 strncpy(p, cb->arg, z); 240 p[z] = '\0'; 241} 242 243static const struct tos_symbol_info { 244 unsigned char value; 245 const char *name; 246} tos_symbol_names[] = { 247 {IPTOS_LOWDELAY, "Minimize-Delay"}, 248 {IPTOS_THROUGHPUT, "Maximize-Throughput"}, 249 {IPTOS_RELIABILITY, "Maximize-Reliability"}, 250 {IPTOS_MINCOST, "Minimize-Cost"}, 251 {IPTOS_NORMALSVC, "Normal-Service"}, 252 {}, 253}; 254 255/* 256 * tos_parse_numeric - parse a string like "15/255" 257 * 258 * @str: input string 259 * @tvm: (value/mask) tuple 260 * @max: maximum allowed value (must be pow(2,some_int)-1) 261 */ 262static bool tos_parse_numeric(const char *str, struct xt_option_call *cb, 263 unsigned int max) 264{ 265 unsigned int value; 266 char *end; 267 268 xtables_strtoui(str, &end, &value, 0, max); 269 cb->val.tos_value = value; 270 cb->val.tos_mask = max; 271 272 if (*end == '/') { 273 const char *p = end + 1; 274 275 if (!xtables_strtoui(p, &end, &value, 0, max)) 276 xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", 277 str); 278 cb->val.tos_mask = value; 279 } 280 281 if (*end != '\0') 282 xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str); 283 return true; 284} 285 286/** 287 * @str: input string 288 * @tvm: (value/mask) tuple 289 * @def_mask: mask to force when a symbolic name is used 290 */ 291static void xtopt_parse_tosmask(struct xt_option_call *cb) 292{ 293 const struct tos_symbol_info *symbol; 294 char *tmp; 295 296 if (xtables_strtoui(cb->arg, &tmp, NULL, 0, UINT8_MAX)) { 297 tos_parse_numeric(cb->arg, cb, UINT8_MAX); 298 return; 299 } 300 /* 301 * This is our way we deal with different defaults 302 * for different revisions. 303 */ 304 cb->val.tos_mask = cb->entry->max; 305 for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol) 306 if (strcasecmp(cb->arg, symbol->name) == 0) { 307 cb->val.tos_value = symbol->value; 308 return; 309 } 310 311 xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", 312 cb->arg); 313} 314 315/** 316 * Validate the input for being conformant to "mark[/mask]". 317 */ 318static void xtopt_parse_markmask(struct xt_option_call *cb) 319{ 320 unsigned int mark = 0, mask = ~0U; 321 char *end; 322 323 if (!xtables_strtoui(cb->arg, &end, &mark, 0, UINT32_MAX)) 324 xt_params->exit_err(PARAMETER_PROBLEM, 325 "%s: bad mark value for option \"--%s\", " 326 "or out of range.\n", 327 cb->ext_name, cb->entry->name); 328 if (*end == '/' && 329 !xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX)) 330 xt_params->exit_err(PARAMETER_PROBLEM, 331 "%s: bad mask value for option \"--%s\", " 332 "or out of range.\n", 333 cb->ext_name, cb->entry->name); 334 if (*end != '\0') 335 xt_params->exit_err(PARAMETER_PROBLEM, 336 "%s: trailing garbage after value " 337 "for option \"--%s\".\n", 338 cb->ext_name, cb->entry->name); 339 cb->val.mark = mark; 340 cb->val.mask = mask; 341} 342 343static int xtopt_sysloglvl_compare(const void *a, const void *b) 344{ 345 const char *name = a; 346 const struct syslog_level *entry = b; 347 348 return strcmp(name, entry->name); 349} 350 351static void xtopt_parse_sysloglevel(struct xt_option_call *cb) 352{ 353 static const struct syslog_level log_names[] = { /* must be sorted */ 354 {"alert", LOG_ALERT}, 355 {"crit", LOG_CRIT}, 356 {"debug", LOG_DEBUG}, 357 {"emerg", LOG_EMERG}, 358 {"error", LOG_ERR}, /* deprecated */ 359 {"info", LOG_INFO}, 360 {"notice", LOG_NOTICE}, 361 {"panic", LOG_EMERG}, /* deprecated */ 362 {"warning", LOG_WARNING}, 363 }; 364 const struct syslog_level *e; 365 unsigned int num = 0; 366 367 if (!xtables_strtoui(cb->arg, NULL, &num, 0, 7)) { 368 e = bsearch(cb->arg, log_names, ARRAY_SIZE(log_names), 369 sizeof(*log_names), xtopt_sysloglvl_compare); 370 if (e == NULL) 371 xt_params->exit_err(PARAMETER_PROBLEM, 372 "log level \"%s\" unknown\n", cb->arg); 373 num = e->level; 374 } 375 cb->val.syslog_level = num; 376 if (cb->entry->flags & XTOPT_PUT) 377 *(uint8_t *)XTOPT_MKPTR(cb) = num; 378} 379 380static void *xtables_sa_host(const void *sa, unsigned int afproto) 381{ 382 if (afproto == AF_INET6) 383 return &((struct sockaddr_in6 *)sa)->sin6_addr; 384 else if (afproto == AF_INET) 385 return &((struct sockaddr_in *)sa)->sin_addr; 386 return (void *)sa; 387} 388 389static socklen_t xtables_sa_hostlen(unsigned int afproto) 390{ 391 if (afproto == AF_INET6) 392 return sizeof(struct in6_addr); 393 else if (afproto == AF_INET) 394 return sizeof(struct in_addr); 395 return 0; 396} 397 398/** 399 * Accepts: a hostname (DNS), or a single inetaddr. 400 */ 401static void xtopt_parse_onehost(struct xt_option_call *cb) 402{ 403 struct addrinfo hints = {.ai_family = afinfo->family}; 404 unsigned int adcount = 0; 405 struct addrinfo *res, *p; 406 int ret; 407 408 ret = getaddrinfo(cb->arg, NULL, &hints, &res); 409 if (ret < 0) 410 xt_params->exit_err(PARAMETER_PROBLEM, 411 "getaddrinfo: %s\n", gai_strerror(ret)); 412 413 for (p = res; p != NULL; p = p->ai_next) { 414 if (adcount == 0) { 415 memset(&cb->val.inetaddr, 0, sizeof(cb->val.inetaddr)); 416 memcpy(&cb->val.inetaddr, 417 xtables_sa_host(p->ai_addr, p->ai_family), 418 xtables_sa_hostlen(p->ai_family)); 419 ++adcount; 420 continue; 421 } 422 if (memcmp(&cb->val.inetaddr, 423 xtables_sa_host(p->ai_addr, p->ai_family), 424 xtables_sa_hostlen(p->ai_family)) != 0) 425 xt_params->exit_err(PARAMETER_PROBLEM, 426 "%s resolves to more than one address\n", 427 cb->arg); 428 } 429 430 freeaddrinfo(res); 431 if (cb->entry->flags & XTOPT_PUT) 432 /* Validation in xtables_option_metavalidate */ 433 memcpy(XTOPT_MKPTR(cb), &cb->val.inetaddr, 434 sizeof(cb->val.inetaddr)); 435} 436 437/** 438 * @name: port name, or number as a string (e.g. "http" or "80") 439 * 440 * Resolve a port name to a number. Returns the port number in integral 441 * form on success, or <0 on error. (errno will not be set.) 442 */ 443static int xtables_getportbyname(const char *name) 444{ 445 struct addrinfo *res = NULL, *p; 446 int ret; 447 448 ret = getaddrinfo(NULL, name, NULL, &res); 449 if (ret < 0) 450 return -1; 451 ret = -1; 452 for (p = res; p != NULL; p = p->ai_next) { 453 if (p->ai_family == AF_INET6) { 454 ret = ((struct sockaddr_in6 *)p->ai_addr)->sin6_port; 455 break; 456 } else if (p->ai_family == AF_INET) { 457 ret = ((struct sockaddr_in *)p->ai_addr)->sin_port; 458 break; 459 } 460 } 461 freeaddrinfo(res); 462 if (ret < 0) 463 return ret; 464 return ntohs(ret); 465} 466 467/** 468 * Validate and parse a port specification and put the result into @cb. 469 */ 470static void xtopt_parse_port(struct xt_option_call *cb) 471{ 472 int ret; 473 474 ret = xtables_getportbyname(cb->arg); 475 if (ret < 0) 476 xt_params->exit_err(PARAMETER_PROBLEM, 477 "Port \"%s\" does not resolve to anything.\n", 478 cb->arg); 479 cb->val.port = ret; 480 if (cb->entry->type == XTTYPE_PORT_NE) 481 cb->val.port = htons(cb->val.port); 482 if (cb->entry->flags & XTOPT_PUT) 483 *(uint16_t *)XTOPT_MKPTR(cb) = cb->val.port; 484} 485 486static void xtopt_parse_mport(struct xt_option_call *cb) 487{ 488 static const size_t esize = sizeof(uint16_t); 489 const struct xt_option_entry *entry = cb->entry; 490 char *lo_arg, *wp_arg, *arg; 491 unsigned int maxiter; 492 int value; 493 494 wp_arg = lo_arg = strdup(cb->arg); 495 if (lo_arg == NULL) 496 xt_params->exit_err(RESOURCE_PROBLEM, "strdup"); 497 498 maxiter = entry->size / esize; 499 if (maxiter == 0) 500 maxiter = 2; /* ARRAY_SIZE(cb->val.port_range) */ 501 if (entry->size % esize != 0) 502 xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does " 503 "not have proper size\n", __func__); 504 505 cb->val.port_range[0] = 0; 506 cb->val.port_range[1] = UINT16_MAX; 507 cb->nvals = 0; 508 509 while ((arg = strsep(&wp_arg, ":")) != NULL) { 510 if (cb->nvals == maxiter) 511 xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many " 512 "components for option \"--%s\" (max: %u)\n", 513 cb->ext_name, entry->name, maxiter); 514 if (*arg == '\0') { 515 ++cb->nvals; 516 continue; 517 } 518 519 value = xtables_getportbyname(arg); 520 if (value < 0) 521 xt_params->exit_err(PARAMETER_PROBLEM, 522 "Port \"%s\" does not resolve to " 523 "anything.\n", arg); 524 if (entry->type == XTTYPE_PORTRC_NE) 525 value = htons(value); 526 if (cb->nvals < ARRAY_SIZE(cb->val.port_range)) 527 cb->val.port_range[cb->nvals] = value; 528 ++cb->nvals; 529 } 530 531 if (cb->nvals == 1) { 532 cb->val.port_range[1] = cb->val.port_range[0]; 533 ++cb->nvals; 534 } 535 if (entry->flags & XTOPT_PUT) 536 memcpy(XTOPT_MKPTR(cb), cb->val.port_range, sizeof(uint16_t) * 537 (cb->nvals <= maxiter ? cb->nvals : maxiter)); 538 free(lo_arg); 539} 540 541static void (*const xtopt_subparse[])(struct xt_option_call *) = { 542 [XTTYPE_UINT8] = xtopt_parse_int, 543 [XTTYPE_UINT16] = xtopt_parse_int, 544 [XTTYPE_UINT32] = xtopt_parse_int, 545 [XTTYPE_UINT64] = xtopt_parse_int, 546 [XTTYPE_UINT8RC] = xtopt_parse_mint, 547 [XTTYPE_UINT16RC] = xtopt_parse_mint, 548 [XTTYPE_UINT32RC] = xtopt_parse_mint, 549 [XTTYPE_UINT64RC] = xtopt_parse_mint, 550 [XTTYPE_STRING] = xtopt_parse_string, 551 [XTTYPE_TOSMASK] = xtopt_parse_tosmask, 552 [XTTYPE_MARKMASK32] = xtopt_parse_markmask, 553 [XTTYPE_SYSLOGLEVEL] = xtopt_parse_sysloglevel, 554 [XTTYPE_ONEHOST] = xtopt_parse_onehost, 555 [XTTYPE_PORT] = xtopt_parse_port, 556 [XTTYPE_PORT_NE] = xtopt_parse_port, 557 [XTTYPE_PORTRC] = xtopt_parse_mport, 558 [XTTYPE_PORTRC_NE] = xtopt_parse_mport, 559}; 560 561static const size_t xtopt_psize[] = { 562 [XTTYPE_UINT8] = sizeof(uint8_t), 563 [XTTYPE_UINT16] = sizeof(uint16_t), 564 [XTTYPE_UINT32] = sizeof(uint32_t), 565 [XTTYPE_UINT64] = sizeof(uint64_t), 566 [XTTYPE_UINT8RC] = sizeof(uint8_t[2]), 567 [XTTYPE_UINT16RC] = sizeof(uint16_t[2]), 568 [XTTYPE_UINT32RC] = sizeof(uint32_t[2]), 569 [XTTYPE_UINT64RC] = sizeof(uint64_t[2]), 570 [XTTYPE_STRING] = -1, 571 [XTTYPE_SYSLOGLEVEL] = sizeof(uint8_t), 572 [XTTYPE_ONEHOST] = sizeof(union nf_inet_addr), 573 [XTTYPE_PORT] = sizeof(uint16_t), 574 [XTTYPE_PORT_NE] = sizeof(uint16_t), 575 [XTTYPE_PORTRC] = sizeof(uint16_t[2]), 576 [XTTYPE_PORTRC_NE] = sizeof(uint16_t[2]), 577}; 578 579/** 580 * The master option parsing routine. May be used for the ".x6_parse" 581 * function pointer in extensions if fully automatic parsing is desired. 582 * It may be also called manually from a custom x6_parse function. 583 */ 584void xtables_option_parse(struct xt_option_call *cb) 585{ 586 const struct xt_option_entry *entry = cb->entry; 587 unsigned int eflag = 1 << cb->entry->id; 588 589 /* 590 * With {.id = P_FOO, .excl = P_FOO} we can have simple double-use 591 * prevention. Though it turned out that this is too much typing (most 592 * of the options are one-time use only), so now we also have 593 * %XTOPT_MULTI. 594 */ 595 if ((!(entry->flags & XTOPT_MULTI) || (entry->excl & eflag)) && 596 cb->xflags & eflag) 597 xt_params->exit_err(PARAMETER_PROBLEM, 598 "%s: option \"--%s\" can only be used once.\n", 599 cb->ext_name, cb->entry->name); 600 if (cb->invert && !(entry->flags & XTOPT_INVERT)) 601 xt_params->exit_err(PARAMETER_PROBLEM, 602 "%s: option \"--%s\" cannot be inverted.\n", 603 cb->ext_name, entry->name); 604 if (entry->type != XTTYPE_NONE && optarg == NULL) 605 xt_params->exit_err(PARAMETER_PROBLEM, 606 "%s: option \"--%s\" requires an argument.\n", 607 cb->ext_name, entry->name); 608 if (entry->type <= ARRAY_SIZE(xtopt_subparse) && 609 xtopt_subparse[entry->type] != NULL) 610 xtopt_subparse[entry->type](cb); 611 /* Exclusion with other flags tested later in finalize. */ 612 cb->xflags |= 1 << entry->id; 613} 614 615/** 616 * Verifies that an extension's option map descriptor is valid, and ought to 617 * be called right after the extension has been loaded, and before option 618 * merging/xfrm. 619 */ 620void xtables_option_metavalidate(const char *name, 621 const struct xt_option_entry *entry) 622{ 623 for (; entry->name != NULL; ++entry) { 624 if (entry->id >= CHAR_BIT * sizeof(unsigned int) || 625 entry->id >= XT_OPTION_OFFSET_SCALE) 626 xt_params->exit_err(OTHER_PROBLEM, 627 "Extension %s uses invalid ID %u\n", 628 name, entry->id); 629 if (!(entry->flags & XTOPT_PUT)) 630 continue; 631 if (entry->type >= ARRAY_SIZE(xtopt_psize)) 632 xt_params->exit_err(OTHER_PROBLEM, 633 "%s: entry type of option \"--%s\" cannot be " 634 "combined with XTOPT_PUT\n", 635 name, entry->name); 636 if (xtopt_psize[entry->type] != -1 && 637 xtopt_psize[entry->type] != entry->size) 638 xt_params->exit_err(OTHER_PROBLEM, 639 "%s: option \"--%s\" points to a memory block " 640 "of wrong size (expected %zu, got %zu)\n", 641 name, entry->name, 642 xtopt_psize[entry->type], entry->size); 643 } 644} 645 646/** 647 * Find an option entry by its id. 648 */ 649static const struct xt_option_entry * 650xtables_option_lookup(const struct xt_option_entry *entry, unsigned int id) 651{ 652 for (; entry->name != NULL; ++entry) 653 if (entry->id == id) 654 return entry; 655 return NULL; 656} 657 658/** 659 * @c: getopt id (i.e. with offset) 660 * @fw: struct ipt_entry or ip6t_entry 661 * 662 * Dispatch arguments to the appropriate parse function, based upon the 663 * extension's choice of API. 664 */ 665void xtables_option_tpcall(unsigned int c, char **argv, bool invert, 666 struct xtables_target *t, void *fw) 667{ 668 struct xt_option_call cb; 669 670 if (t->x6_parse == NULL) { 671 if (t->parse != NULL) 672 t->parse(c - t->option_offset, argv, invert, 673 &t->tflags, fw, &t->t); 674 return; 675 } 676 677 c -= t->option_offset; 678 cb.entry = xtables_option_lookup(t->x6_options, c); 679 if (cb.entry == NULL) 680 xtables_error(OTHER_PROBLEM, 681 "Extension does not know id %u\n", c); 682 cb.arg = optarg; 683 cb.invert = invert; 684 cb.ext_name = t->name; 685 cb.data = t->t->data; 686 cb.xflags = t->tflags; 687 cb.target = &t->t; 688 t->x6_parse(&cb); 689 t->tflags = cb.xflags; 690} 691 692/** 693 * @c: getopt id (i.e. with offset) 694 * @fw: struct ipt_entry or ip6t_entry 695 * 696 * Dispatch arguments to the appropriate parse function, based upon the 697 * extension's choice of API. 698 */ 699void xtables_option_mpcall(unsigned int c, char **argv, bool invert, 700 struct xtables_match *m, void *fw) 701{ 702 struct xt_option_call cb; 703 704 if (m->x6_parse == NULL) { 705 if (m->parse != NULL) 706 m->parse(c - m->option_offset, argv, invert, 707 &m->mflags, fw, &m->m); 708 return; 709 } 710 711 c -= m->option_offset; 712 cb.entry = xtables_option_lookup(m->x6_options, c); 713 if (cb.entry == NULL) 714 xtables_error(OTHER_PROBLEM, 715 "Extension does not know id %u\n", c); 716 cb.arg = optarg; 717 cb.invert = invert; 718 cb.ext_name = m->name; 719 cb.data = m->m->data; 720 cb.xflags = m->mflags; 721 cb.match = &m->m; 722 m->x6_parse(&cb); 723 m->mflags = cb.xflags; 724} 725 726/** 727 * @name: name of extension 728 * @entry: current option (from all ext's entries) being validated 729 * @xflags: flags the extension has collected 730 * @i: conflicting option (id) to test for 731 */ 732static void 733xtables_option_fcheck2(const char *name, const struct xt_option_entry *entry, 734 const struct xt_option_entry *other, 735 unsigned int xflags) 736{ 737 unsigned int ef = 1 << entry->id, of = 1 << other->id; 738 739 if (entry->also & of && !(xflags & of)) 740 xt_params->exit_err(PARAMETER_PROBLEM, 741 "%s: option \"--%s\" also requires \"--%s\".\n", 742 name, entry->name, other->name); 743 744 if (!(entry->excl & of)) 745 /* Use of entry does not collide with other option, good. */ 746 return; 747 if ((xflags & (ef | of)) != (ef | of)) 748 /* Conflicting options were not used. */ 749 return; 750 751 xt_params->exit_err(PARAMETER_PROBLEM, 752 "%s: option \"--%s\" cannot be used together with \"--%s\".\n", 753 name, entry->name, other->name); 754} 755 756/** 757 * @name: name of extension 758 * @xflags: accumulated flags 759 * @entry: extension's option table 760 * 761 * Check that all option constraints have been met. This effectively replaces 762 * ->final_check of the older API. 763 */ 764void xtables_options_fcheck(const char *name, unsigned int xflags, 765 const struct xt_option_entry *table) 766{ 767 const struct xt_option_entry *entry, *other; 768 unsigned int i; 769 770 for (entry = table; entry->name != NULL; ++entry) { 771 if (entry->flags & XTOPT_MAND && 772 !(xflags & (1 << entry->id))) 773 xt_params->exit_err(PARAMETER_PROBLEM, 774 "%s: option \"--%s\" must be specified\n", 775 name, entry->name); 776 777 for (i = 0; i < CHAR_BIT * sizeof(entry->id); ++i) { 778 if (entry->id == i) 779 /* 780 * Avoid conflict with self. Multi-use check 781 * was done earlier in xtables_option_parse. 782 */ 783 continue; 784 other = xtables_option_lookup(table, i); 785 if (other == NULL) 786 continue; 787 xtables_option_fcheck2(name, entry, other, xflags); 788 } 789 } 790} 791 792/** 793 * Dispatch arguments to the appropriate final_check function, based upon the 794 * extension's choice of API. 795 */ 796void xtables_option_tfcall(struct xtables_target *t) 797{ 798 if (t->x6_fcheck != NULL) { 799 struct xt_fcheck_call cb; 800 801 cb.ext_name = t->name; 802 cb.data = t->t->data; 803 cb.xflags = t->tflags; 804 t->x6_fcheck(&cb); 805 } else if (t->final_check != NULL) { 806 t->final_check(t->tflags); 807 } 808 if (t->x6_options != NULL) 809 xtables_options_fcheck(t->name, t->tflags, t->x6_options); 810} 811 812/** 813 * Dispatch arguments to the appropriate final_check function, based upon the 814 * extension's choice of API. 815 */ 816void xtables_option_mfcall(struct xtables_match *m) 817{ 818 if (m->x6_fcheck != NULL) { 819 struct xt_fcheck_call cb; 820 821 cb.ext_name = m->name; 822 cb.data = m->m->data; 823 cb.xflags = m->mflags; 824 m->x6_fcheck(&cb); 825 } else if (m->final_check != NULL) { 826 m->final_check(m->mflags); 827 } 828 if (m->x6_options != NULL) 829 xtables_options_fcheck(m->name, m->mflags, m->x6_options); 830} 831 832struct xtables_lmap *xtables_lmap_init(const char *file) 833{ 834 struct xtables_lmap *lmap_head = NULL, *lmap_prev = NULL, *lmap_this; 835 char buf[512]; 836 FILE *fp; 837 char *cur, *nxt; 838 int id; 839 840 fp = fopen(file, "re"); 841 if (fp == NULL) 842 return NULL; 843 844 while (fgets(buf, sizeof(buf), fp) != NULL) { 845 cur = buf; 846 while (isspace(*cur)) 847 ++cur; 848 if (*cur == '#' || *cur == '\n' || *cur == '\0') 849 continue; 850 851 /* iproute2 allows hex and dec format */ 852 errno = 0; 853 id = strtoul(cur, &nxt, strncmp(cur, "0x", 2) == 0 ? 16 : 10); 854 if (nxt == cur || errno != 0) 855 continue; 856 857 /* same boundaries as in iproute2 */ 858 if (id < 0 || id > 255) 859 continue; 860 cur = nxt; 861 862 if (!isspace(*cur)) 863 continue; 864 while (isspace(*cur)) 865 ++cur; 866 if (*cur == '#' || *cur == '\n' || *cur == '\0') 867 continue; 868 nxt = cur; 869 while (*nxt != '\0' && !isspace(*nxt)) 870 ++nxt; 871 if (nxt == cur) 872 continue; 873 *nxt = '\0'; 874 875 /* found valid data */ 876 lmap_this = malloc(sizeof(*lmap_this)); 877 if (lmap_this == NULL) { 878 perror("malloc"); 879 goto out; 880 } 881 lmap_this->id = id; 882 lmap_this->name = strdup(cur); 883 if (lmap_this->name == NULL) { 884 free(lmap_this); 885 goto out; 886 } 887 lmap_this->next = NULL; 888 889 if (lmap_prev != NULL) 890 lmap_prev->next = lmap_this; 891 else 892 lmap_head = lmap_this; 893 lmap_prev = lmap_this; 894 } 895 896 fclose(fp); 897 return lmap_head; 898 out: 899 xtables_lmap_free(lmap_head); 900 return NULL; 901} 902 903void xtables_lmap_free(struct xtables_lmap *head) 904{ 905 struct xtables_lmap *next; 906 907 for (; head != NULL; head = next) { 908 next = head->next; 909 free(head->name); 910 free(head); 911 } 912} 913 914int xtables_lmap_name2id(const struct xtables_lmap *head, const char *name) 915{ 916 for (; head != NULL; head = head->next) 917 if (strcmp(head->name, name) == 0) 918 return head->id; 919 return -1; 920} 921 922const char *xtables_lmap_id2name(const struct xtables_lmap *head, int id) 923{ 924 for (; head != NULL; head = head->next) 925 if (head->id == id) 926 return head->name; 927 return NULL; 928} 929