general cleanup + add -C and -c
diff --git a/extensions/ebt_802_3.c b/extensions/ebt_802_3.c
index e0b65ee..a43d060 100644
--- a/extensions/ebt_802_3.c
+++ b/extensions/ebt_802_3.c
@@ -1,3 +1,11 @@
+/* 802_3
+ *
+ * Author:
+ * Chris Vitale <csv@bluetail.com>
+ *
+ * May 2003
+ */
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -43,28 +51,23 @@
switch (c) {
case _802_3_SAP:
- ebt_check_option(flags, _802_3_SAP);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, _802_3_SAP);
+ if (ebt_check_inverse2(optarg))
info->invflags |= EBT_802_3_SAP;
-
- if (optind > argc)
- ebt_print_error("Missing 802.3-sap argument");
- i = strtoul(argv[optind - 1], &end, 16);
+ i = strtoul(optarg, &end, 16);
if (i > 255 || *end != '\0')
- ebt_print_error("Problem with specified "
+ ebt_print_error2("Problem with specified "
"sap hex value, %x",i);
info->sap = i; /* one byte, so no byte order worries */
info->bitmask |= EBT_802_3_SAP;
break;
case _802_3_TYPE:
- ebt_check_option(flags, _802_3_TYPE);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, _802_3_TYPE);
+ if (ebt_check_inverse2(optarg))
info->invflags |= EBT_802_3_TYPE;
- if (optind > argc)
- ebt_print_error("Missing 802.3-type argument");
- i = strtoul(argv[optind - 1], &end, 16);
+ i = strtoul(optarg, &end, 16);
if (i > 65535 || *end != '\0') {
- ebt_print_error("Problem with the specified "
+ ebt_print_error2("Problem with the specified "
"type hex value, %x",i);
}
info->type = htons(i);
diff --git a/extensions/ebt_among.c b/extensions/ebt_among.c
index 1756e44..65ce481 100644
--- a/extensions/ebt_among.c
+++ b/extensions/ebt_among.c
@@ -1,3 +1,11 @@
+/* ebt_among
+ *
+ * Authors:
+ * Grzegorz Borowiak <grzes@gnu.univ.gda.pl>
+ *
+ * August, 2003
+ */
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -9,8 +17,6 @@
#include <linux/if_ether.h>
#include <linux/netfilter_bridge/ebt_among.h>
-#define NODEBUG
-
#define AMONG_DST '1'
#define AMONG_SRC '2'
@@ -69,6 +75,8 @@
struct ebt_mac_wormhash *result =
(struct ebt_mac_wormhash *) malloc(size);
+ if (!result)
+ ebt_print_memory();
memset(result, 0, size);
result->poolsize = n;
return result;
@@ -181,54 +189,53 @@
for (i = 0; i < 5; i++) {
if (read_until(&pc, ":", token, 2) < 0
|| token[0] == 0) {
- ebt_print_error("MAC parse error: %.20s",
- anchor);
+ ebt_print_error("MAC parse error: %.20s", anchor);
+ return NULL;
}
mac[i] = strtol(token, &endptr, 16);
if (*endptr) {
- ebt_print_error("MAC parse error: %.20s",
- anchor);
+ ebt_print_error("MAC parse error: %.20s", anchor);
+ return NULL;
}
pc++;
}
if (read_until(&pc, "=,", token, 2) == -2 || token[0] == 0) {
ebt_print_error("MAC parse error: %.20s", anchor);
+ return NULL;
}
mac[i] = strtol(token, &endptr, 16);
if (*endptr) {
ebt_print_error("MAC parse error: %.20s", anchor);
+ return NULL;
}
if (*pc == '=') {
/* an IP follows the MAC; collect similarly to MAC */
pc++;
anchor = pc;
for (i = 0; i < 3; i++) {
- if (read_until(&pc, ".", token, 3) < 0
- || token[0] == 0) {
- ebt_print_error
- ("IP parse error: %.20s",
- anchor);
+ if (read_until(&pc, ".", token, 3) < 0 || token[0] == 0) {
+ ebt_print_error("IP parse error: %.20s", anchor);
+ return NULL;
}
ip[i] = strtol(token, &endptr, 10);
if (*endptr) {
- ebt_print_error
- ("IP parse error: %.20s",
- anchor);
+ ebt_print_error("IP parse error: %.20s", anchor);
+ return NULL;
}
pc++;
}
- if (read_until(&pc, ",", token, 3) == -2
- || token[0] == 0) {
- ebt_print_error("IP parse error: %.20s",
- anchor);
+ if (read_until(&pc, ",", token, 3) == -2 || token[0] == 0) {
+ ebt_print_error("IP parse error: %.20s", anchor);
+ return NULL;
}
ip[3] = strtol(token, &endptr, 10);
if (*endptr) {
- ebt_print_error("IP parse error: %.20s",
- anchor);
+ ebt_print_error("IP parse error: %.20s", anchor);
+ return NULL;
}
if (*(uint32_t*)ip == 0) {
ebt_print_error("Illegal IP 0.0.0.0");
+ return NULL;
}
} else {
/* no IP, we set it to 0.0.0.0 */
@@ -260,6 +267,7 @@
/* but first assert :-> */
if (*pc != ',') {
ebt_print_error("Something went wrong; no comma...\n");
+ return NULL;
}
pc++;
@@ -295,30 +303,33 @@
switch (c) {
case AMONG_DST:
case AMONG_SRC:
- if (ebt_check_inverse(optarg)) {
+ if (c == AMONG_DST) {
+ ebt_check_option2(flags, OPT_DST);
+ } else {
+ ebt_check_option2(flags, OPT_SRC);
+ }
+ if (ebt_check_inverse2(optarg)) {
if (c == AMONG_DST)
info->bitmask |= EBT_AMONG_DST_NEG;
else
info->bitmask |= EBT_AMONG_SRC_NEG;
}
- if (optind > argc)
- ebt_print_error("No MAC list specified\n");
- wh = create_wormhash(argv[optind - 1]);
- old_size = sizeof(struct ebt_entry_match) +
- (**match).match_size;
- h = malloc((new_size =
- old_size + ebt_mac_wormhash_size(wh)));
+ wh = create_wormhash(optarg);
+ if (ebt_errormsg[0] != '\0')
+ break;
+
+ old_size = sizeof(struct ebt_entry_match) + (**match).match_size;
+ h = malloc((new_size = old_size + ebt_mac_wormhash_size(wh)));
+ if (!h)
+ ebt_print_memory();
memcpy(h, *match, old_size);
- memcpy((char *) h + old_size, wh,
- ebt_mac_wormhash_size(wh));
+ memcpy((char *) h + old_size, wh, ebt_mac_wormhash_size(wh));
h->match_size = new_size - sizeof(struct ebt_entry_match);
info = (struct ebt_among_info *) h->data;
if (c == AMONG_DST) {
- ebt_check_option(flags, OPT_DST);
info->wh_dst_ofs =
old_size - sizeof(struct ebt_entry_match);
} else {
- ebt_check_option(flags, OPT_SRC);
info->wh_src_ofs =
old_size - sizeof(struct ebt_entry_match);
}
diff --git a/extensions/ebt_arp.c b/extensions/ebt_arp.c
index c38eec6..9eed645 100644
--- a/extensions/ebt_arp.c
+++ b/extensions/ebt_arp.c
@@ -1,3 +1,12 @@
+/* ebt_arp
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ * Tim Gardner <timg@tpi.com>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -92,20 +101,16 @@
switch (c) {
case ARP_OPCODE:
- ebt_check_option(flags, OPT_OPCODE);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, OPT_OPCODE);
+ if (ebt_check_inverse2(optarg))
arpinfo->invflags |= EBT_ARP_OPCODE;
-
- if (optind > argc)
- ebt_print_error("Missing ARP opcode argument");
- i = strtol(argv[optind - 1], &end, 10);
+ i = strtol(optarg, &end, 10);
if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
for (i = 0; i < NUMOPCODES; i++)
if (!strcasecmp(opcodes[i], optarg))
break;
if (i == NUMOPCODES)
- ebt_print_error("Problem with specified "
- "ARP opcode");
+ ebt_print_error2("Problem with specified ARP opcode");
i++;
}
arpinfo->opcode = htons(i);
@@ -113,19 +118,15 @@
break;
case ARP_HTYPE:
- ebt_check_option(flags, OPT_HTYPE);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, OPT_HTYPE);
+ if (ebt_check_inverse2(optarg))
arpinfo->invflags |= EBT_ARP_HTYPE;
-
- if (optind > argc)
- ebt_print_error("Missing ARP hardware type argument");
- i = strtol(argv[optind - 1], &end, 10);
+ i = strtol(optarg, &end, 10);
if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
if (!strcasecmp("Ethernet", argv[optind - 1]))
i = 1;
else
- ebt_print_error("Problem with specified ARP "
- "hardware type");
+ ebt_print_error2("Problem with specified ARP hardware type");
}
arpinfo->htype = htons(i);
arpinfo->bitmask |= EBT_ARP_HTYPE;
@@ -135,19 +136,17 @@
{
uint16_t proto;
- ebt_check_option(flags, OPT_PTYPE);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, OPT_PTYPE);
+ if (ebt_check_inverse2(optarg))
arpinfo->invflags |= EBT_ARP_PTYPE;
- if (optind > argc)
- ebt_print_error("Missing ARP protocol type argument");
- i = strtol(argv[optind - 1], &end, 16);
+ i = strtol(optarg, &end, 16);
if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
struct ethertypeent *ent;
ent = getethertypebyname(argv[optind - 1]);
if (!ent)
- ebt_print_error("Problem with specified ARP "
+ ebt_print_error2("Problem with specified ARP "
"protocol type");
proto = ent->e_ethertype;
@@ -161,51 +160,46 @@
case ARP_IP_S:
case ARP_IP_D:
if (c == ARP_IP_S) {
- ebt_check_option(flags, OPT_IP_S);
+ ebt_check_option2(flags, OPT_IP_S);
addr = &arpinfo->saddr;
mask = &arpinfo->smsk;
arpinfo->bitmask |= EBT_ARP_SRC_IP;
} else {
- ebt_check_option(flags, OPT_IP_D);
+ ebt_check_option2(flags, OPT_IP_D);
addr = &arpinfo->daddr;
mask = &arpinfo->dmsk;
arpinfo->bitmask |= EBT_ARP_DST_IP;
}
- if (ebt_check_inverse(optarg)) {
+ if (ebt_check_inverse2(optarg)) {
if (c == ARP_IP_S)
arpinfo->invflags |= EBT_ARP_SRC_IP;
else
arpinfo->invflags |= EBT_ARP_DST_IP;
}
- if (optind > argc)
- ebt_print_error("Missing ARP IP address argument");
- ebt_parse_ip_address(argv[optind - 1], addr, mask);
+ ebt_parse_ip_address(optarg, addr, mask);
break;
case ARP_MAC_S:
case ARP_MAC_D:
if (c == ARP_MAC_S) {
- ebt_check_option(flags, OPT_MAC_S);
+ ebt_check_option2(flags, OPT_MAC_S);
maddr = arpinfo->smaddr;
mmask = arpinfo->smmsk;
arpinfo->bitmask |= EBT_ARP_SRC_MAC;
} else {
- ebt_check_option(flags, OPT_MAC_D);
+ ebt_check_option2(flags, OPT_MAC_D);
maddr = arpinfo->dmaddr;
mmask = arpinfo->dmmsk;
arpinfo->bitmask |= EBT_ARP_DST_MAC;
}
- if (ebt_check_inverse(optarg)) {
+ if (ebt_check_inverse2(optarg)) {
if (c == ARP_MAC_S)
arpinfo->invflags |= EBT_ARP_SRC_MAC;
else
arpinfo->invflags |= EBT_ARP_DST_MAC;
}
- if (optind > argc)
- ebt_print_error("Missing ARP MAC address argument");
- if (ebt_get_mac_and_mask(argv[optind - 1], maddr, mmask))
- ebt_print_error("Problem with ARP MAC address "
- "argument");
+ if (ebt_get_mac_and_mask(optarg, maddr, mmask))
+ ebt_print_error2("Problem with ARP MAC address argument");
break;
default:
@@ -220,8 +214,7 @@
{
if ((entry->ethproto != ETH_P_ARP && entry->ethproto != ETH_P_RARP) ||
entry->invflags & EBT_IPROTO)
- ebt_print_error("For (R)ARP filtering the protocol must be "
- "specified as ARP or RARP");
+ ebt_print_error("For (R)ARP filtering the protocol must be specified as ARP or RARP");
}
static void print(const struct ebt_u_entry *entry,
diff --git a/extensions/ebt_arpreply.c b/extensions/ebt_arpreply.c
index 9c50519..32e50b4 100644
--- a/extensions/ebt_arpreply.c
+++ b/extensions/ebt_arpreply.c
@@ -1,3 +1,12 @@
+/* ebt_arpreply
+ *
+ * Authors:
+ * Grzegorz Borowiak <grzes@gnu.univ.gda.pl>
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * August, 2003
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -48,17 +57,16 @@
switch (c) {
case REPLY_MAC:
- ebt_check_option(flags, OPT_REPLY_MAC);
+ ebt_check_option2(flags, OPT_REPLY_MAC);
if (!(addr = ether_aton(optarg)))
- ebt_print_error("Problem with specified "
- "--arpreply-mac mac");
+ ebt_print_error2("Problem with specified --arpreply-mac mac");
memcpy(replyinfo->mac, addr, ETH_ALEN);
mac_supplied = 1;
break;
case REPLY_TARGET:
- ebt_check_option(flags, OPT_REPLY_TARGET);
+ ebt_check_option2(flags, OPT_REPLY_TARGET);
if (FILL_TARGET(optarg, replyinfo->target))
- ebt_print_error("Illegal --arpreply-target target");
+ ebt_print_error2("Illegal --arpreply-target target");
break;
default:
@@ -74,17 +82,17 @@
struct ebt_arpreply_info *replyinfo =
(struct ebt_arpreply_info *)target->data;
- if (entry->ethproto != ETH_P_ARP || entry->invflags & EBT_IPROTO)
- ebt_print_error("For ARP replying the protocol must be "
- "specified as ARP");
- if (time == 0 && mac_supplied == 0)
+ if (entry->ethproto != ETH_P_ARP || entry->invflags & EBT_IPROTO) {
+ ebt_print_error("For ARP replying the protocol must be specified as ARP");
+ } else if (time == 0 && mac_supplied == 0) {
ebt_print_error("No arpreply mac supplied");
- if (BASE_CHAIN && replyinfo->target == EBT_RETURN)
- ebt_print_error("--arpreply-target RETURN not allowed on "
- "base chain");
- CLEAR_BASE_CHAIN_BIT;
- if (strcmp(name, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
- ebt_print_error("arpreply only allowed in PREROUTING");
+ } else if (BASE_CHAIN && replyinfo->target == EBT_RETURN) {
+ ebt_print_error("--arpreply-target RETURN not allowed on base chain");
+ } else {
+ CLEAR_BASE_CHAIN_BIT;
+ if (strcmp(name, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
+ ebt_print_error("arpreply only allowed in PREROUTING");
+ }
}
static void print(const struct ebt_u_entry *entry,
diff --git a/extensions/ebt_inat.c b/extensions/ebt_inat.c
index aae5cab..1aa9435 100644
--- a/extensions/ebt_inat.c
+++ b/extensions/ebt_inat.c
@@ -1,3 +1,11 @@
+/* ebt_inat
+ *
+ * Authors:
+ * Grzegorz Borowiak <grzes@gnu.univ.gda.pl>
+ *
+ * August, 2003
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/extensions/ebt_ip.c b/extensions/ebt_ip.c
index c81e687..8e45171 100644
--- a/extensions/ebt_ip.c
+++ b/extensions/ebt_ip.c
@@ -1,29 +1,13 @@
-/*
- * ebtables ebt_ip: IP extension module for userspace
+/* ebt_ip
*
- * Authors:
- * Bart De Schuymer <bdschuym@pandora.be>
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
*
- * Changes:
+ * Changes:
* added ip-sport and ip-dport; parsing of port arguments is
* based on code from iptables-1.2.7a
* Innominate Security Technologies AG <mhopf@innominate.com>
* September, 2002
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
*/
#include <stdio.h>
@@ -76,7 +60,7 @@
}
ebt_print_error("Problem with specified %s port '%s'",
protocol?protocol:"", name);
- return 0; /* never reached */
+ return 0;
}
static void
@@ -92,7 +76,11 @@
*cp = '\0';
cp++;
ports[0] = buffer[0] ? parse_port(protocol, buffer) : 0;
+ if (ebt_errormsg[0] != '\0')
+ return;
ports[1] = cp[0] ? parse_port(protocol, cp) : 0xFFFF;
+ if (ebt_errormsg[0] != '\0')
+ return;
if (ports[0] > ports[1])
ebt_print_error("Invalid portrange (min > max)");
@@ -143,81 +131,67 @@
switch (c) {
case IP_SOURCE:
- ebt_check_option(flags, OPT_SOURCE);
+ ebt_check_option2(flags, OPT_SOURCE);
ipinfo->bitmask |= EBT_IP_SOURCE;
case IP_DEST:
if (c == IP_DEST) {
- ebt_check_option(flags, OPT_DEST);
+ ebt_check_option2(flags, OPT_DEST);
ipinfo->bitmask |= EBT_IP_DEST;
}
- if (ebt_check_inverse(optarg)) {
+ if (ebt_check_inverse2(optarg)) {
if (c == IP_SOURCE)
ipinfo->invflags |= EBT_IP_SOURCE;
else
ipinfo->invflags |= EBT_IP_DEST;
}
-
- if (optind > argc)
- ebt_print_error("Missing IP address argument");
if (c == IP_SOURCE)
- ebt_parse_ip_address(argv[optind - 1], &ipinfo->saddr,
- &ipinfo->smsk);
+ ebt_parse_ip_address(optarg, &ipinfo->saddr, &ipinfo->smsk);
else
- ebt_parse_ip_address(argv[optind - 1], &ipinfo->daddr,
- &ipinfo->dmsk);
+ ebt_parse_ip_address(optarg, &ipinfo->daddr, &ipinfo->dmsk);
break;
case IP_SPORT:
case IP_DPORT:
if (c == IP_SPORT) {
- ebt_check_option(flags, OPT_SPORT);
+ ebt_check_option2(flags, OPT_SPORT);
ipinfo->bitmask |= EBT_IP_SPORT;
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
ipinfo->invflags |= EBT_IP_SPORT;
} else {
- ebt_check_option(flags, OPT_DPORT);
+ ebt_check_option2(flags, OPT_DPORT);
ipinfo->bitmask |= EBT_IP_DPORT;
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
ipinfo->invflags |= EBT_IP_DPORT;
}
- if (optind > argc)
- ebt_print_error("Missing port argument");
if (c == IP_SPORT)
- parse_port_range(NULL, argv[optind - 1], ipinfo->sport);
+ parse_port_range(NULL, optarg, ipinfo->sport);
else
- parse_port_range(NULL, argv[optind - 1], ipinfo->dport);
+ parse_port_range(NULL, optarg, ipinfo->dport);
break;
case IP_myTOS:
- ebt_check_option(flags, OPT_TOS);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, OPT_TOS);
+ if (ebt_check_inverse2(optarg))
ipinfo->invflags |= EBT_IP_TOS;
-
- if (optind > argc)
- ebt_print_error("Missing IP tos argument");
- i = strtol(argv[optind - 1], &end, 16);
+ i = strtol(optarg, &end, 16);
if (i < 0 || i > 255 || *end != '\0')
- ebt_print_error("Problem with specified IP tos");
+ ebt_print_error2("Problem with specified IP tos");
ipinfo->tos = i;
ipinfo->bitmask |= EBT_IP_TOS;
break;
case IP_PROTO:
- ebt_check_option(flags, OPT_PROTO);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, OPT_PROTO);
+ if (ebt_check_inverse2(optarg))
ipinfo->invflags |= EBT_IP_PROTO;
- if (optind > argc)
- ebt_print_error("Missing IP protocol argument");
- i = strtoul(argv[optind - 1], &end, 10);
+ i = strtoul(optarg, &end, 10);
if (*end != '\0') {
struct protoent *pe;
- pe = getprotobyname(argv[optind - 1]);
+ pe = getprotobyname(optarg);
if (pe == NULL)
- ebt_print_error
- ("Unknown specified IP protocol - %s",
- argv[optind - 1]);
+ ebt_print_error("Unknown specified IP protocol - %s", argv[optind - 1]);
ipinfo->protocol = pe->p_proto;
} else {
ipinfo->protocol = (unsigned char) i;
@@ -236,11 +210,10 @@
{
struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)match->data;
- if (entry->ethproto != ETH_P_IP || entry->invflags & EBT_IPROTO)
+ if (entry->ethproto != ETH_P_IP || entry->invflags & EBT_IPROTO) {
ebt_print_error("For IP filtering the protocol must be "
"specified as IPv4");
-
- if (ipinfo->bitmask & (EBT_IP_SPORT|EBT_IP_DPORT) &&
+ } else if (ipinfo->bitmask & (EBT_IP_SPORT|EBT_IP_DPORT) &&
(!(ipinfo->bitmask & EBT_IP_PROTO) ||
ipinfo->invflags & EBT_IP_PROTO ||
(ipinfo->protocol!=IPPROTO_TCP &&
@@ -294,16 +267,14 @@
}
if (ipinfo->bitmask & EBT_IP_SPORT) {
printf("--ip-sport ");
- if (ipinfo->invflags & EBT_IP_SPORT) {
+ if (ipinfo->invflags & EBT_IP_SPORT)
printf("! ");
- }
print_port_range(ipinfo->sport);
}
if (ipinfo->bitmask & EBT_IP_DPORT) {
printf("--ip-dport ");
- if (ipinfo->invflags & EBT_IP_DPORT) {
+ if (ipinfo->invflags & EBT_IP_DPORT)
printf("! ");
- }
print_port_range(ipinfo->dport);
}
}
diff --git a/extensions/ebt_limit.c b/extensions/ebt_limit.c
index 6dcd50d..5655b59 100644
--- a/extensions/ebt_limit.c
+++ b/extensions/ebt_limit.c
@@ -1,32 +1,33 @@
-/* Shared library add-on to ebtables to add limit support.
+/* ebt_limit
*
- * Swipted from iptables' limit match.
+ * Authors:
+ * Tom Marshall <tommy@home.tig-grr.com>
+ *
+ * Mostly copied from iptables' limit match.
+ *
+ * September, 2003
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <getopt.h>
+#include <errno.h>
#include "../include/ebtables_u.h"
#include <linux/netfilter_bridge/ebt_limit.h>
#define EBT_LIMIT_AVG "3/hour"
#define EBT_LIMIT_BURST 5
-/* from iptables.c */
-#include <errno.h>
-int
-string_to_number(const char *s, unsigned int min, unsigned int max,
- unsigned int *ret)
+int string_to_number(const char *s, unsigned int min, unsigned int max,
+ unsigned int *ret)
{
long number;
char *end;
- /* Handle hex, octal, etc. */
errno = 0;
number = strtol(s, &end, 0);
if (*end == '\0' && end != s) {
- /* we parsed a number, let's see if we want this */
if (errno != ERANGE && min <= number && number <= max) {
*ret = number;
return 0;
@@ -37,7 +38,6 @@
#define FLAG_LIMIT 0x01
#define FLAG_LIMIT_BURST 0x02
-
#define ARG_LIMIT '1'
#define ARG_LIMIT_BURST '2'
@@ -52,12 +52,11 @@
{
printf(
"limit options:\n"
-"--limit avg max average match rate: default "EBT_LIMIT_AVG"\n"
+"--limit avg : max average match rate: default "EBT_LIMIT_AVG"\n"
" [Packets per second unless followed by \n"
" /sec /minute /hour /day postfixes]\n"
-"--limit-burst number number to match in a burst, -1 < number < 10001,\n"
-" default %u\n"
-"\n", EBT_LIMIT_BURST);
+"--limit-burst number : number to match in a burst, -1 < number < 10001,\n"
+" default %u\n", EBT_LIMIT_BURST);
}
static int parse_rate(const char *rate, u_int32_t *val)
@@ -120,20 +119,19 @@
switch(c) {
case ARG_LIMIT:
- ebt_check_option(flags, FLAG_LIMIT);
- if (ebt_check_inverse(optarg))
- ebt_print_error("Unexpected `!' after --limit");
+ ebt_check_option2(flags, FLAG_LIMIT);
+ if (ebt_check_inverse2(optarg))
+ ebt_print_error2("Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
- ebt_print_error("bad rate `%s'", optarg);
+ ebt_print_error2("bad rate `%s'", optarg);
break;
case ARG_LIMIT_BURST:
- ebt_check_option(flags, FLAG_LIMIT_BURST);
- if (ebt_check_inverse(optarg))
- ebt_print_error("Unexpected `!' after --limit-burst");
-
+ ebt_check_option2(flags, FLAG_LIMIT_BURST);
+ if (ebt_check_inverse2(optarg))
+ ebt_print_error2("Unexpected `!' after --limit-burst");
if (string_to_number(optarg, 0, 10000, &num) == -1)
- ebt_print_error("bad --limit-burst `%s'", optarg);
+ ebt_print_error2("bad --limit-burst `%s'", optarg);
r->burst = num;
break;
@@ -148,7 +146,6 @@
const struct ebt_entry_match *match, const char *name,
unsigned int hookmask, unsigned int time)
{
- /* empty */
}
struct rates
@@ -177,17 +174,18 @@
printf("%u/%s ", g_rates[i-1].mult / period, g_rates[i-1].name);
}
-/* Prints out the matchinfo. */
-static void
-print(const struct ebt_u_entry *entry, const struct ebt_entry_match *match)
+static void print(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match)
{
struct ebt_limit_info *r = (struct ebt_limit_info *)match->data;
- printf("limit: avg "); print_rate(r->avg);
- printf("burst %u ", r->burst);
+ printf("--limit ");
+ print_rate(r->avg);
+ printf("--limit-burst %u ", r->burst);
}
-static int compare(const struct ebt_entry_match* m1, const struct ebt_entry_match *m2)
+static int compare(const struct ebt_entry_match* m1,
+ const struct ebt_entry_match *m2)
{
struct ebt_limit_info* li1 = (struct ebt_limit_info*)m1->data;
struct ebt_limit_info* li2 = (struct ebt_limit_info*)m2->data;
diff --git a/extensions/ebt_log.c b/extensions/ebt_log.c
index f455f9f..07a5fe9 100644
--- a/extensions/ebt_log.c
+++ b/extensions/ebt_log.c
@@ -1,3 +1,11 @@
+/* ebt_log
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -103,35 +111,43 @@
switch (c) {
case LOG_PREFIX:
- ebt_check_option(flags, OPT_PREFIX);
+ ebt_check_option2(flags, OPT_PREFIX);
+ if (ebt_check_inverse(optarg))
+ ebt_print_error2("Unexpected `!' after --log-prefix");
if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- ebt_print_error("Prefix too long");
+ ebt_print_error2("Prefix too long");
strcpy(loginfo->prefix, optarg);
break;
case LOG_LEVEL:
- ebt_check_option(flags, OPT_LEVEL);
+ ebt_check_option2(flags, OPT_LEVEL);
i = strtol(optarg, &end, 16);
if (*end != '\0' || i < 0 || i > 7)
loginfo->loglevel = name_to_loglevel(optarg);
else
loginfo->loglevel = i;
if (loginfo->loglevel == 9)
- ebt_print_error("Problem with the log-level");
+ ebt_print_error2("Problem with the log-level");
break;
case LOG_IP:
- ebt_check_option(flags, OPT_IP);
+ ebt_check_option2(flags, OPT_IP);
+ if (ebt_check_inverse(optarg))
+ ebt_print_error2("Unexpected `!' after --log-ip");
loginfo->bitmask |= EBT_LOG_IP;
break;
case LOG_ARP:
- ebt_check_option(flags, OPT_ARP);
+ ebt_check_option2(flags, OPT_ARP);
+ if (ebt_check_inverse(optarg))
+ ebt_print_error2("Unexpected `!' after --log-arp");
loginfo->bitmask |= EBT_LOG_ARP;
break;
case LOG_LOG:
- ebt_check_option(flags, OPT_LOG);
+ ebt_check_option2(flags, OPT_LOG);
+ if (ebt_check_inverse(optarg))
+ ebt_print_error2("Unexpected `!' after --log");
break;
default:
return 0;
@@ -143,7 +159,6 @@
const struct ebt_entry_watcher *watcher, const char *name,
unsigned int hookmask, unsigned int time)
{
- return;
}
static void print(const struct ebt_u_entry *entry,
diff --git a/extensions/ebt_mark.c b/extensions/ebt_mark.c
index 11bcc12..c7c79aa 100644
--- a/extensions/ebt_mark.c
+++ b/extensions/ebt_mark.c
@@ -1,3 +1,11 @@
+/* ebt_mark
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * July, 2002
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -49,15 +57,15 @@
switch (c) {
case MARK_TARGET:
- ebt_check_option(flags, OPT_MARK_TARGET);
+ ebt_check_option2(flags, OPT_MARK_TARGET);
if (FILL_TARGET(optarg, markinfo->target))
- ebt_print_error("Illegal --mark-target target");
+ ebt_print_error2("Illegal --mark-target target");
break;
case MARK_SETMARK:
- ebt_check_option(flags, OPT_MARK_SETMARK);
+ ebt_check_option2(flags, OPT_MARK_SETMARK);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
- ebt_print_error("Bad MARK value '%s'", optarg);
+ ebt_print_error2("Bad MARK value '%s'", optarg);
mark_supplied = 1;
break;
default:
@@ -73,11 +81,10 @@
struct ebt_mark_t_info *markinfo =
(struct ebt_mark_t_info *)target->data;
- if (time == 0 && mark_supplied == 0)
+ if (time == 0 && mark_supplied == 0) {
ebt_print_error("No mark value supplied");
- if (BASE_CHAIN && markinfo->target == EBT_RETURN)
- ebt_print_error("--mark-target RETURN not allowed on base "
- "chain");
+ } else if (BASE_CHAIN && markinfo->target == EBT_RETURN)
+ ebt_print_error("--mark-target RETURN not allowed on base chain");
}
static void print(const struct ebt_u_entry *entry,
diff --git a/extensions/ebt_mark_m.c b/extensions/ebt_mark_m.c
index 2cc371a..8c5913e 100644
--- a/extensions/ebt_mark_m.c
+++ b/extensions/ebt_mark_m.c
@@ -1,3 +1,11 @@
+/* ebt_mark_m
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * July, 2002
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -40,22 +48,19 @@
switch (c) {
case MARK:
- ebt_check_option(flags, MARK);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, MARK);
+ if (ebt_check_inverse2(optarg))
markinfo->invert = 1;
- if (optind > argc)
- ebt_print_error("No mark specified");
- markinfo->mark = strtoul(argv[optind - 1], &end, 0);
+ markinfo->mark = strtoul(optarg, &end, 0);
markinfo->bitmask = EBT_MARK_AND;
if (*end == '/') {
- if (end == argv[optind - 1])
+ if (end == optarg)
markinfo->bitmask = EBT_MARK_OR;
markinfo->mask = strtoul(end+1, &end, 0);
} else
markinfo->mask = 0xffffffff;
- if ( *end != '\0' || end == argv[optind - 1])
- ebt_print_error("Bad mark value '%s'",
- argv[optind - 1]);
+ if ( *end != '\0' || end == optarg)
+ ebt_print_error2("Bad mark value '%s'", optarg);
break;
default:
return 0;
diff --git a/extensions/ebt_nat.c b/extensions/ebt_nat.c
index f2e79ca..5906ac4 100644
--- a/extensions/ebt_nat.c
+++ b/extensions/ebt_nat.c
@@ -1,3 +1,11 @@
+/* ebt_nat
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * June, 2002
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -73,17 +81,16 @@
switch (c) {
case NAT_S:
- ebt_check_option(flags, OPT_SNAT);
+ ebt_check_option2(flags, OPT_SNAT);
to_source_supplied = 1;
if (!(addr = ether_aton(optarg)))
- ebt_print_error("Problem with specified --to-source "
- "mac");
+ ebt_print_error2("Problem with specified --to-source mac");
memcpy(natinfo->mac, addr, ETH_ALEN);
break;
case NAT_S_TARGET:
- ebt_check_option(flags, OPT_SNAT_TARGET);
+ ebt_check_option2(flags, OPT_SNAT_TARGET);
if (FILL_TARGET(optarg, natinfo->target))
- ebt_print_error("Illegal --snat-target target");
+ ebt_print_error2("Illegal --snat-target target");
break;
default:
return 0;
@@ -102,17 +109,16 @@
switch (c) {
case NAT_D:
- ebt_check_option(flags, OPT_DNAT);
+ ebt_check_option2(flags, OPT_DNAT);
to_dest_supplied = 1;
if (!(addr = ether_aton(optarg)))
- ebt_print_error("Problem with specified "
- "--to-destination mac");
+ ebt_print_error2("Problem with specified --to-destination mac");
memcpy(natinfo->mac, addr, ETH_ALEN);
break;
case NAT_D_TARGET:
- ebt_check_option(flags, OPT_DNAT_TARGET);
+ ebt_check_option2(flags, OPT_DNAT_TARGET);
if (FILL_TARGET(optarg, natinfo->target))
- ebt_print_error("Illegal --dnat-target target");
+ ebt_print_error2("Illegal --dnat-target target");
break;
default:
return 0;
@@ -126,13 +132,14 @@
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
- if (BASE_CHAIN && natinfo->target == EBT_RETURN)
- ebt_print_error("--snat-target RETURN not allowed on base "
- "chain");
+ if (BASE_CHAIN && natinfo->target == EBT_RETURN) {
+ ebt_print_error("--snat-target RETURN not allowed on base chain");
+ return;
+ }
CLEAR_BASE_CHAIN_BIT;
- if ((hookmask & ~(1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat"))
+ if ((hookmask & ~(1 << NF_BR_POST_ROUTING)) || strcmp(name, "nat")) {
ebt_print_error("Wrong chain for snat");
- if (time == 0 && to_source_supplied == 0)
+ } else if (time == 0 && to_source_supplied == 0)
ebt_print_error("No snat address supplied");
}
@@ -142,15 +149,16 @@
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
- if (BASE_CHAIN && natinfo->target == EBT_RETURN)
- ebt_print_error("--dnat-target RETURN not allowed on base "
- "chain");
+ if (BASE_CHAIN && natinfo->target == EBT_RETURN) {
+ ebt_print_error("--dnat-target RETURN not allowed on base chain");
+ return;
+ }
CLEAR_BASE_CHAIN_BIT;
if (((hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))
|| strcmp(name, "nat")) &&
- ((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")))
+ ((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute"))) {
ebt_print_error("Wrong chain for dnat");
- if (time == 0 && to_dest_supplied == 0)
+ } if (time == 0 && to_dest_supplied == 0)
ebt_print_error("No dnat address supplied");
}
diff --git a/extensions/ebt_pkttype.c b/extensions/ebt_pkttype.c
index f7893bb..7894d0d 100644
--- a/extensions/ebt_pkttype.c
+++ b/extensions/ebt_pkttype.c
@@ -1,9 +1,9 @@
-/*
- * ebtables ebt_pkttype
+/* ebt_pkttype
*
- * Authors:
- * Bart De Schuymer <bdschuym@pandora.be>
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
*
+ * April, 2003
*/
#include <stdio.h>
@@ -38,7 +38,7 @@
printf(
"pkttype options:\n"
"--pkttype-type [!] type: class the packet belongs to\n"
-"Possible values: broadcast, multicast, host, otherhost any byte value.\n");
+"Possible values: broadcast, multicast, host, otherhost, or any other byte value (which would be pretty useless).\n");
}
static void init(struct ebt_entry_match *match)
@@ -58,25 +58,21 @@
switch (c) {
case '1':
ebt_check_option(flags, 1);
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
ptinfo->invert = 1;
- if (optind > argc)
- ebt_print_error("Missing pkttype class specification");
-
- i = strtol(argv[optind - 1], &end, 16);
+ i = strtol(optarg, &end, 16);
if (*end != '\0') {
int j = 0;
i = -1;
while (classes[j][0])
- if (!strcasecmp(argv[optind - 1], classes[j++])) {
+ if (!strcasecmp(optarg, classes[j++])) {
i = j - 1;
break;
}
}
if (i < 0 || i > 255)
- ebt_print_error("Problem with specified pkttype class");
+ ebt_print_error2("Problem with specified pkttype class");
ptinfo->pkt_type = (uint8_t)i;
-
break;
default:
return 0;
diff --git a/extensions/ebt_redirect.c b/extensions/ebt_redirect.c
index ba7f6b1..8630254 100644
--- a/extensions/ebt_redirect.c
+++ b/extensions/ebt_redirect.c
@@ -1,3 +1,11 @@
+/* ebt_redirect
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -38,9 +46,9 @@
switch (c) {
case REDIRECT_TARGET:
- ebt_check_option(flags, OPT_REDIRECT_TARGET);
+ ebt_check_option2(flags, OPT_REDIRECT_TARGET);
if (FILL_TARGET(optarg, redirectinfo->target))
- ebt_print_error("Illegal --redirect-target target");
+ ebt_print_error2("Illegal --redirect-target target");
break;
default:
return 0;
@@ -55,9 +63,10 @@
struct ebt_redirect_info *redirectinfo =
(struct ebt_redirect_info *)target->data;
- if (BASE_CHAIN && redirectinfo->target == EBT_RETURN)
- ebt_print_error("--redirect-target RETURN not allowed on "
- "base chain");
+ if (BASE_CHAIN && redirectinfo->target == EBT_RETURN) {
+ ebt_print_error("--redirect-target RETURN not allowed on base chain");
+ return;
+ }
CLEAR_BASE_CHAIN_BIT;
if ( ((hookmask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) &&
((hookmask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) )
diff --git a/extensions/ebt_standard.c b/extensions/ebt_standard.c
index 4ac3dc0..1420d1d 100644
--- a/extensions/ebt_standard.c
+++ b/extensions/ebt_standard.c
@@ -1,3 +1,11 @@
+/* ebt_standard
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <getopt.h>
diff --git a/extensions/ebt_stp.c b/extensions/ebt_stp.c
index 8ed4c47..307131f 100644
--- a/extensions/ebt_stp.c
+++ b/extensions/ebt_stp.c
@@ -1,3 +1,11 @@
+/* ebt_stp
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * July, 2003
+ */
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -157,38 +165,32 @@
if (c < 'a' || c > ('a' + STP_NUMOPS - 1))
return 0;
flag = 1 << (c - 'a');
- ebt_check_option(flags, flag);
- if (ebt_check_inverse(optarg))
+ ebt_check_option2(flags, flag);
+ if (ebt_check_inverse2(optarg))
stpinfo->invflags |= flag;
- if (optind > argc)
- ebt_print_error("Missing argument for --%s", opts[c-'a'].name);
stpinfo->bitmask |= flag;
switch (flag) {
case EBT_STP_TYPE:
- i = strtol(argv[optind - 1], &end, 0);
+ i = strtol(optarg, &end, 0);
if (i < 0 || i > 255 || *end != '\0') {
- if (!strcasecmp(argv[optind - 1],
- BPDU_TYPE_CONFIG_STRING))
+ if (!strcasecmp(optarg, BPDU_TYPE_CONFIG_STRING))
stpinfo->type = BPDU_TYPE_CONFIG;
- else if (!strcasecmp(argv[optind - 1],
- BPDU_TYPE_TCN_STRING))
+ else if (!strcasecmp(optarg, BPDU_TYPE_TCN_STRING))
stpinfo->type = BPDU_TYPE_TCN;
else
- ebt_print_error("Bad --stp-type argument");
+ ebt_print_error2("Bad --stp-type argument");
} else
stpinfo->type = i;
break;
case EBT_STP_FLAGS:
- i = strtol(argv[optind - 1], &end, 0);
+ i = strtol(optarg, &end, 0);
if (i < 0 || i > 255 || *end != '\0') {
- if (!strcasecmp(argv[optind - 1],
- FLAG_TC_STRING))
+ if (!strcasecmp(optarg, FLAG_TC_STRING))
stpinfo->config.flags = FLAG_TC;
- else if (!strcasecmp(argv[optind - 1],
- FLAG_TC_ACK_STRING))
+ else if (!strcasecmp(optarg, FLAG_TC_ACK_STRING))
stpinfo->config.flags = FLAG_TC_ACK;
else
- ebt_print_error("Bad --stp-flags argument");
+ ebt_print_error2("Bad --stp-flags argument");
} else
stpinfo->config.flags = i;
break;
diff --git a/extensions/ebt_ulog.c b/extensions/ebt_ulog.c
index 4af42e2..5c762b2 100644
--- a/extensions/ebt_ulog.c
+++ b/extensions/ebt_ulog.c
@@ -1,3 +1,11 @@
+/* ebt_ulog
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * November, 2004
+ */
+
#define __need_time_t
#define __need_suseconds_t
#include <stdio.h>
@@ -65,59 +73,54 @@
uloginfo = (struct ebt_ulog_info *)(*watcher)->data;
switch (c) {
case ULOG_PREFIX:
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
goto inverse_invalid;
- ebt_check_option(flags, OPT_PREFIX);
+ ebt_check_option2(flags, OPT_PREFIX);
if (strlen(optarg) > EBT_ULOG_PREFIX_LEN - 1)
ebt_print_error("Prefix too long for ulog-prefix");
strcpy(uloginfo->prefix, optarg);
break;
case ULOG_NLGROUP:
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
goto inverse_invalid;
- ebt_check_option(flags, OPT_NLGROUP);
+ ebt_check_option2(flags, OPT_NLGROUP);
i = strtoul(optarg, &end, 10);
if (*end != '\0')
- ebt_print_error("Problem with ulog-nlgroup: %s", optarg);
+ ebt_print_error2("Problem with ulog-nlgroup: %s", optarg);
if (i < 1 || i > EBT_ULOG_MAXNLGROUPS)
- ebt_print_error("the ulog-nlgroup number must be "
- "between 1 and 32");
+ ebt_print_error2("the ulog-nlgroup number must be between 1 and 32");
uloginfo->nlgroup = i - 1;
break;
case ULOG_CPRANGE:
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
goto inverse_invalid;
- ebt_check_option(flags, OPT_CPRANGE);
+ ebt_check_option2(flags, OPT_CPRANGE);
i = strtoul(optarg, &end, 10);
if (*end != '\0') {
if (strcasecmp(optarg, CP_NO_LIMIT_S))
- ebt_print_error("Problem with ulog-cprange: "
- "%s", optarg);
+ ebt_print_error2("Problem with ulog-cprange: %s", optarg);
i = CP_NO_LIMIT_N;
}
uloginfo->cprange = i;
break;
case ULOG_QTHRESHOLD:
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
goto inverse_invalid;
- ebt_check_option(flags, OPT_QTHRESHOLD);
+ ebt_check_option2(flags, OPT_QTHRESHOLD);
i = strtoul(optarg, &end, 10);
if (*end != '\0')
- ebt_print_error("Problem with ulog-qthreshold: %s",
- optarg);
+ ebt_print_error2("Problem with ulog-qthreshold: %s", optarg);
if (i > EBT_ULOG_MAX_QLEN)
- ebt_print_error("ulog-qthreshold argument %d exceeds "
- "the maximum of %d", i,
- EBT_ULOG_MAX_QLEN);
+ ebt_print_error2("ulog-qthreshold argument %d exceeds the maximum of %d", i, EBT_ULOG_MAX_QLEN);
uloginfo->qthreshold = i;
break;
case ULOG_ULOG:
- if (ebt_check_inverse(optarg))
+ if (ebt_check_inverse2(optarg))
goto inverse_invalid;
- ebt_check_option(flags, OPT_ULOG);
+ ebt_check_option2(flags, OPT_ULOG);
break;
default:
@@ -127,14 +130,13 @@
inverse_invalid:
ebt_print_error("The use of '!' makes no sense for the ulog watcher");
- return 0;
+ return 1;
}
static void final_check(const struct ebt_u_entry *entry,
const struct ebt_entry_watcher *watcher, const char *name,
unsigned int hookmask, unsigned int time)
{
- return;
}
static void print(const struct ebt_u_entry *entry,
diff --git a/extensions/ebt_vlan.c b/extensions/ebt_vlan.c
index 0c94a66..21f2e22 100644
--- a/extensions/ebt_vlan.c
+++ b/extensions/ebt_vlan.c
@@ -1,33 +1,10 @@
-/*
- * Summary: ebt_vlan - IEEE 802.1Q extension module for userspace
- *
- * Description: 802.1Q Virtual LAN match support module for ebtables project.
- * Enables to match 802.1Q:
- * 1) VLAN-tagged frames by VLAN numeric identifier (12 - bits field)
- * 2) Priority-tagged frames by user_priority (3 bits field)
- * 3) Encapsulated Frame by ethernet protocol type/length
+/* ebt_vlan
*
* Authors:
- * Bart De Schuymer <bart.de.schuymer@pandora.be>
+ * Bart De Schuymer <bdschuym@pandora.be>
* Nick Fedchik <nick@fedchik.org.ua>
+ *
* June, 2002
- *
- * License: GNU GPL
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
*/
#include <stdio.h>
@@ -40,30 +17,19 @@
#include <linux/netfilter_bridge/ebt_vlan.h>
#include <linux/if_ether.h>
-
-#define GET_BITMASK(_MASK_) vlaninfo->bitmask & _MASK_
-#define SET_BITMASK(_MASK_) vlaninfo->bitmask |= _MASK_
-#define INV_FLAG(_inv_flag_) (vlaninfo->invflags & _inv_flag_) ? "! " : ""
-#define CHECK_IF_MISSING_VALUE if (optind > argc) ebt_print_error ("Missing %s value", opts[c].name);
-#define CHECK_INV_FLAG(_INDEX_) if (ebt_check_inverse (optarg)) vlaninfo->invflags |= _INDEX_;
-#define CHECK_RANGE(_RANGE_) if (_RANGE_) ebt_print_error ("Invalid %s range", opts[c].name);
-
#define NAME_VLAN_ID "id"
#define NAME_VLAN_PRIO "prio"
#define NAME_VLAN_ENCAP "encap"
-#define VLAN_ID 0
-#define VLAN_PRIO 1
-#define VLAN_ENCAP 2
+#define VLAN_ID '1'
+#define VLAN_PRIO '2'
+#define VLAN_ENCAP '3'
static struct option opts[] = {
- {EBT_VLAN_MATCH "-" NAME_VLAN_ID, required_argument, NULL,
- VLAN_ID},
- {EBT_VLAN_MATCH "-" NAME_VLAN_PRIO, required_argument, NULL,
- VLAN_PRIO},
- {EBT_VLAN_MATCH "-" NAME_VLAN_ENCAP, required_argument, NULL,
- VLAN_ENCAP},
- {NULL}
+ {"vlan-id" , required_argument, NULL, VLAN_ID},
+ {"vlan-prio" , required_argument, NULL, VLAN_PRIO},
+ {"vlan-encap", required_argument, NULL, VLAN_ENCAP},
+ { 0 }
};
/*
@@ -76,104 +42,67 @@
struct ethertypeent *ethent;
-/*
- * Print out local help by "ebtables -h <match name>"
- */
-
static void print_help()
{
-#define HELP_TITLE "802.1Q VLAN extension"
-
- printf(HELP_TITLE " options:\n");
- printf("--" EBT_VLAN_MATCH "-" NAME_VLAN_ID " %s" NAME_VLAN_ID
- " : VLAN-tagged frame identifier, 0,1-4096 (integer), default 1\n",
- OPT_VLAN_FLAGS & OPT_VLAN_ID ? "[!] " : "");
- printf("--" EBT_VLAN_MATCH "-" NAME_VLAN_PRIO " %s" NAME_VLAN_PRIO
- " : Priority-tagged frame user_priority, 0-7 (integer), default 0\n",
- OPT_VLAN_FLAGS & OPT_VLAN_PRIO ? "[!] " : "");
- printf("--" EBT_VLAN_MATCH "-" NAME_VLAN_ENCAP " %s"
- NAME_VLAN_ENCAP
- " : Encapsulated frame type (hexadecimal), default IP (0800)\n",
- OPT_VLAN_FLAGS & OPT_VLAN_ENCAP ? "[!] " : "");
+ printf(
+"vlan options:\n"
+"--vlan-id [!] id : vlan-tagged frame identifier, 0,1-4096 (integer)\n"
+"--vlan-prio [!] prio : Priority-tagged frame's user priority, 0-7 (integer)\n"
+"--vlan-encap [!] encap : Encapsulated frame protocol (hexadecimal or name)\n");
}
-/*
- * Initialization function
- */
static void init(struct ebt_entry_match *match)
{
- struct ebt_vlan_info *vlaninfo =
- (struct ebt_vlan_info *) match->data;
- /*
- * Set initial values
- */
- vlaninfo->id = 1; /* Default VID for VLAN-tagged 802.1Q frames */
- vlaninfo->prio = 0;
- vlaninfo->encap = 0;
+ struct ebt_vlan_info *vlaninfo = (struct ebt_vlan_info *) match->data;
vlaninfo->invflags = 0;
vlaninfo->bitmask = 0;
}
-/*
- * Parse passed arguments values (ranges, flags, etc...)
- * int c - parameter number from static struct option opts[]
- * int argc - total amout of arguments (std argc value)
- * int argv - arguments (std argv value)
- * const struct ebt_u_entry *entry - default ebtables entry set
- * unsigned int *flags -
- * struct ebt_entry_match **match -
- */
-static int
-parse(int c,
- char **argv,
- int argc,
- const struct ebt_u_entry *entry,
- unsigned int *flags, struct ebt_entry_match **match)
+static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry,
+ unsigned int *flags, struct ebt_entry_match **match)
{
- struct ebt_vlan_info *vlaninfo =
- (struct ebt_vlan_info *) (*match)->data;
+ struct ebt_vlan_info *vlaninfo = (struct ebt_vlan_info *) (*match)->data;
char *end;
struct ebt_vlan_info local;
switch (c) {
case VLAN_ID:
- ebt_check_option(flags, OPT_VLAN_ID);
- CHECK_INV_FLAG(EBT_VLAN_ID);
- CHECK_IF_MISSING_VALUE;
- local.id = strtoul(argv[optind - 1], &end, 10);
- CHECK_RANGE(local.id > 4094 || *end != '\0');
+ ebt_check_option2(flags, OPT_VLAN_ID);
+ if (ebt_check_inverse2(optarg))
+ vlaninfo->invflags |= EBT_VLAN_ID;
+ local.id = strtoul(optarg, &end, 10);
+ if (local.id > 4094 || *end != '\0')
+ ebt_print_error2("Invalid --vlan-id range ('%s')", optarg);
vlaninfo->id = local.id;
- SET_BITMASK(EBT_VLAN_ID);
+ vlaninfo->bitmask |= EBT_VLAN_ID;
break;
-
case VLAN_PRIO:
- ebt_check_option(flags, OPT_VLAN_PRIO);
- CHECK_INV_FLAG(EBT_VLAN_PRIO);
- CHECK_IF_MISSING_VALUE;
- local.prio = strtoul(argv[optind - 1], &end, 10);
- CHECK_RANGE(local.prio >= 8 || *end != '\0');
+ ebt_check_option2(flags, OPT_VLAN_PRIO);
+ if (ebt_check_inverse2(optarg))
+ vlaninfo->invflags |= EBT_VLAN_PRIO;
+ local.prio = strtoul(optarg, &end, 10);
+ if (local.prio >= 8 || *end != '\0')
+ ebt_print_error2("Invalid --vlan-prio range ('%s')", optarg);
vlaninfo->prio = local.prio;
- SET_BITMASK(EBT_VLAN_PRIO);
+ vlaninfo->bitmask |= EBT_VLAN_PRIO;
break;
-
case VLAN_ENCAP:
- ebt_check_option(flags, OPT_VLAN_ENCAP);
- CHECK_INV_FLAG(EBT_VLAN_ENCAP);
- CHECK_IF_MISSING_VALUE;
- local.encap = strtoul(argv[optind - 1], &end, 16);
+ ebt_check_option2(flags, OPT_VLAN_ENCAP);
+ if (ebt_check_inverse2(optarg))
+ vlaninfo->invflags |= EBT_VLAN_ENCAP;
+ local.encap = strtoul(optarg, &end, 16);
if (*end != '\0') {
- ethent = getethertypebyname(argv[optind - 1]);
+ ethent = getethertypebyname(optarg);
if (ethent == NULL)
- ebt_print_error("Unknown %s encap",
- opts[c].name);
+ ebt_print_error("Unknown --vlan-encap value ('%s')", optarg);
local.encap = ethent->e_ethertype;
}
- CHECK_RANGE(local.encap < ETH_ZLEN);
+ if (local.encap < ETH_ZLEN)
+ ebt_print_error2("Invalid --vlan-encap range ('%s')", optarg);
vlaninfo->encap = htons(local.encap);
- SET_BITMASK(EBT_VLAN_ENCAP);
+ vlaninfo->bitmask |= EBT_VLAN_ENCAP;
break;
-
default:
return 0;
@@ -181,75 +110,34 @@
return 1;
}
-/*
- * Final check - logical conditions
- */
-static void
-final_check(const struct ebt_u_entry *entry,
- const struct ebt_entry_match *match,
- const char *name, unsigned int hookmask, unsigned int time)
+static void final_check(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match,
+ const char *name, unsigned int hookmask, unsigned int time)
{
-
- struct ebt_vlan_info *vlaninfo =
- (struct ebt_vlan_info *) match->data;
- /*
- * Specified proto isn't 802.1Q?
- */
if (entry->ethproto != ETH_P_8021Q || entry->invflags & EBT_IPROTO)
- ebt_print_error("For use 802.1Q extension the protocol "
- "must be specified as 802_1Q");
- /*
- * Check if specified vlan-encap=0x8100 (802.1Q Frame)
- * when vlan-encap specified.
- */
- if (GET_BITMASK(EBT_VLAN_ENCAP)) {
- if (vlaninfo->encap == htons(0x8100))
- ebt_print_error("Encapsulated frame type can not be "
- "802.1Q (0x8100)");
- }
+ ebt_print_error("For vlan filtering the protocol must be specified as 802_1Q");
- /*
- * Check if specified vlan-id=0 (priority-tagged frame condition)
- * when vlan-prio was specified.
- */
- if (GET_BITMASK(EBT_VLAN_PRIO)) {
- if (vlaninfo->id && GET_BITMASK(EBT_VLAN_ID))
- ebt_print_error("For use user_priority the specified "
- "vlan-id must be 0");
- }
+ /* Check if specified vlan-id=0 (priority-tagged frame condition)
+ * when vlan-prio was specified. */
+ /* I see no reason why a user should be prohibited to match on a perhaps impossible situation <BDS>
+ if (vlaninfo->bitmask & EBT_VLAN_PRIO &&
+ vlaninfo->id && vlaninfo->bitmask & EBT_VLAN_ID)
+ ebt_print_error("When setting --vlan-prio the specified --vlan-id must be 0");*/
}
-/*
- * Print line when listing rules by ebtables -L
- */
-static void
-print(const struct ebt_u_entry *entry, const struct ebt_entry_match *match)
+static void print(const struct ebt_u_entry *entry,
+ const struct ebt_entry_match *match)
{
- struct ebt_vlan_info *vlaninfo =
- (struct ebt_vlan_info *) match->data;
+ struct ebt_vlan_info *vlaninfo = (struct ebt_vlan_info *) match->data;
- /*
- * Print VLAN ID if they are specified
- */
- if (GET_BITMASK(EBT_VLAN_ID)) {
- printf("--%s %s%d ",
- opts[VLAN_ID].name,
- INV_FLAG(EBT_VLAN_ID), vlaninfo->id);
+ if (vlaninfo->bitmask & EBT_VLAN_ID) {
+ printf("--vlan-id %s%d ", (vlaninfo->invflags & EBT_VLAN_ID) ? "! " : "", vlaninfo->id);
}
- /*
- * Print user priority if they are specified
- */
- if (GET_BITMASK(EBT_VLAN_PRIO)) {
- printf("--%s %s%d ",
- opts[VLAN_PRIO].name,
- INV_FLAG(EBT_VLAN_PRIO), vlaninfo->prio);
+ if (vlaninfo->bitmask & EBT_VLAN_PRIO) {
+ printf("--vlan-prio %s%d ", (vlaninfo->invflags & EBT_VLAN_PRIO) ? "! " : "", vlaninfo->prio);
}
- /*
- * Print encapsulated frame type if they are specified
- */
- if (GET_BITMASK(EBT_VLAN_ENCAP)) {
- printf("--%s %s",
- opts[VLAN_ENCAP].name, INV_FLAG(EBT_VLAN_ENCAP));
+ if (vlaninfo->bitmask & EBT_VLAN_ENCAP) {
+ printf("--vlan-encap %s", (vlaninfo->invflags & EBT_VLAN_ENCAP) ? "! " : "");
ethent = getethertypebynumber(ntohs(vlaninfo->encap));
if (ethent != NULL) {
printf("%s ", ethent->e_name);
@@ -259,47 +147,25 @@
}
}
-
-static int
-compare(const struct ebt_entry_match *vlan1,
- const struct ebt_entry_match *vlan2)
+static int compare(const struct ebt_entry_match *vlan1,
+ const struct ebt_entry_match *vlan2)
{
- struct ebt_vlan_info *vlaninfo1 =
- (struct ebt_vlan_info *) vlan1->data;
- struct ebt_vlan_info *vlaninfo2 =
- (struct ebt_vlan_info *) vlan2->data;
- /*
- * Compare argc
- */
+ struct ebt_vlan_info *vlaninfo1 = (struct ebt_vlan_info *) vlan1->data;
+ struct ebt_vlan_info *vlaninfo2 = (struct ebt_vlan_info *) vlan2->data;
+
if (vlaninfo1->bitmask != vlaninfo2->bitmask)
return 0;
- /*
- * Compare inv flags
- */
if (vlaninfo1->invflags != vlaninfo2->invflags)
return 0;
- /*
- * Compare VLAN ID if they are present
- */
- if (vlaninfo1->bitmask & EBT_VLAN_ID) {
- if (vlaninfo1->id != vlaninfo2->id)
- return 0;
- };
- /*
- * Compare VLAN Prio if they are present
- */
- if (vlaninfo1->bitmask & EBT_VLAN_PRIO) {
- if (vlaninfo1->prio != vlaninfo2->prio)
- return 0;
- };
- /*
- * Compare VLAN Encap if they are present
- */
- if (vlaninfo1->bitmask & EBT_VLAN_ENCAP) {
- if (vlaninfo1->encap != vlaninfo2->encap)
- return 0;
- };
-
+ if (vlaninfo1->bitmask & EBT_VLAN_ID &&
+ vlaninfo1->id != vlaninfo2->id)
+ return 0;
+ if (vlaninfo1->bitmask & EBT_VLAN_PRIO &&
+ vlaninfo1->prio != vlaninfo2->prio)
+ return 0;
+ if (vlaninfo1->bitmask & EBT_VLAN_ENCAP &&
+ vlaninfo1->encap != vlaninfo2->encap)
+ return 0;
return 1;
}
diff --git a/extensions/ebtable_broute.c b/extensions/ebtable_broute.c
index 3c00962..5259355 100644
--- a/extensions/ebtable_broute.c
+++ b/extensions/ebtable_broute.c
@@ -1,3 +1,11 @@
+/* ebtable_broute
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include "../include/ebtables_u.h"
diff --git a/extensions/ebtable_filter.c b/extensions/ebtable_filter.c
index 08f5033..e41fb84 100644
--- a/extensions/ebtable_filter.c
+++ b/extensions/ebtable_filter.c
@@ -1,3 +1,11 @@
+/* ebtable_filter
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include "../include/ebtables_u.h"
diff --git a/extensions/ebtable_nat.c b/extensions/ebtable_nat.c
index d64e21d..b21c9dd 100644
--- a/extensions/ebtable_nat.c
+++ b/extensions/ebtable_nat.c
@@ -1,3 +1,11 @@
+/* ebtable_nat
+ *
+ * Authors:
+ * Bart De Schuymer <bdschuym@pandora.be>
+ *
+ * April, 2002
+ */
+
#include <stdio.h>
#include "../include/ebtables_u.h"