diff options
Diffstat (limited to 'extensions/libipt_icmp.c')
| -rw-r--r-- | extensions/libipt_icmp.c | 84 |
1 files changed, 34 insertions, 50 deletions
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 37b2fdc..666e7da 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -1,11 +1,8 @@ -/* Shared library add-on to iptables to add ICMP support. */ +#include <stdint.h> #include <stdio.h> -#include <netdb.h> #include <string.h> -#include <stdlib.h> -#include <getopt.h> #include <xtables.h> -#include <limits.h> /* INT_MAX in ip_tables.h */ +#include <limits.h> /* INT_MAX in ip6_tables.h */ #include <linux/netfilter_ipv4/ip_tables.h> /* special hack for icmp-type 'any': @@ -16,10 +13,14 @@ * See: https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=37 */ +enum { + O_ICMP_TYPE = 0, +}; + struct icmp_names { const char *name; - u_int8_t type; - u_int8_t code_min, code_max; + uint8_t type; + uint8_t code_min, code_max; }; static const struct icmp_names icmp_codes[] = { @@ -107,13 +108,14 @@ static void icmp_help(void) print_icmptypes(); } -static const struct option icmp_opts[] = { - { "icmp-type", 1, NULL, '1' }, - { .name = NULL } +static const struct xt_option_entry icmp_opts[] = { + {.name = "icmp-type", .id = O_ICMP_TYPE, .type = XTTYPE_STRING, + .flags = XTOPT_MAND | XTOPT_INVERT}, + XTOPT_TABLEEND, }; static void -parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[]) +parse_icmp(const char *icmptype, uint8_t *type, uint8_t code[]) { static const unsigned int limit = ARRAY_SIZE(icmp_codes); unsigned int match = limit; @@ -173,33 +175,18 @@ static void icmp_init(struct xt_entry_match *m) icmpinfo->code[1] = 0xFF; } -static int icmp_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static void icmp_parse(struct xt_option_call *cb) { - struct ipt_icmp *icmpinfo = (struct ipt_icmp *)(*match)->data; - - switch (c) { - case '1': - if (*flags == 1) - xtables_error(PARAMETER_PROBLEM, - "icmp match: only use --icmp-type once!"); - xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_icmp(optarg, &icmpinfo->type, - icmpinfo->code); - if (invert) - icmpinfo->invflags |= IPT_ICMP_INV; - *flags = 1; - break; - - default: - return 0; - } + struct ipt_icmp *icmpinfo = cb->data; - return 1; + xtables_option_parse(cb); + parse_icmp(cb->arg, &icmpinfo->type, icmpinfo->code); + if (cb->invert) + icmpinfo->invflags |= IPT_ICMP_INV; } -static void print_icmptype(u_int8_t type, - u_int8_t code_min, u_int8_t code_max, +static void print_icmptype(uint8_t type, + uint8_t code_min, uint8_t code_max, int invert, int numeric) { @@ -213,7 +200,7 @@ static void print_icmptype(u_int8_t type, break; if (i != ARRAY_SIZE(icmp_codes)) { - printf("%s%s ", + printf(" %s%s", invert ? "!" : "", icmp_codes[i].name); return; @@ -221,15 +208,13 @@ static void print_icmptype(u_int8_t type, } if (invert) - printf("!"); + printf(" !"); printf("type %u", type); - if (code_min == 0 && code_max == 0xFF) - printf(" "); - else if (code_min == code_max) - printf(" code %u ", code_min); - else - printf(" codes %u-%u ", code_min, code_max); + if (code_min == code_max) + printf(" code %u", code_min); + else if (code_min != 0 || code_max != 0xFF) + printf(" codes %u-%u", code_min, code_max); } static void icmp_print(const void *ip, const struct xt_entry_match *match, @@ -237,13 +222,13 @@ static void icmp_print(const void *ip, const struct xt_entry_match *match, { const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data; - printf("icmp "); + printf(" icmp"); print_icmptype(icmp->type, icmp->code[0], icmp->code[1], icmp->invflags & IPT_ICMP_INV, numeric); if (icmp->invflags & ~IPT_ICMP_INV) - printf("Unknown invflags: 0x%X ", + printf(" Unknown invflags: 0x%X", icmp->invflags & ~IPT_ICMP_INV); } @@ -252,16 +237,15 @@ static void icmp_save(const void *ip, const struct xt_entry_match *match) const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data; if (icmp->invflags & IPT_ICMP_INV) - printf("! "); + printf(" !"); /* special hack for 'any' case */ if (icmp->type == 0xFF) { - printf("--icmp-type any "); + printf(" --icmp-type any"); } else { - printf("--icmp-type %u", icmp->type); + printf(" --icmp-type %u", icmp->type); if (icmp->code[0] != 0 || icmp->code[1] != 0xFF) printf("/%u", icmp->code[0]); - printf(" "); } } @@ -273,10 +257,10 @@ static struct xtables_match icmp_mt_reg = { .userspacesize = XT_ALIGN(sizeof(struct ipt_icmp)), .help = icmp_help, .init = icmp_init, - .parse = icmp_parse, .print = icmp_print, .save = icmp_save, - .extra_opts = icmp_opts, + .x6_parse = icmp_parse, + .x6_options = icmp_opts, }; void _init(void) |