[netfilter-cvslog] r7458 - in trunk/conntrack-tools: . extensions src
pablo at netfilter.org
pablo at netfilter.org
Sat Apr 12 06:21:34 CEST 2008
Author: pablo at netfilter.org
Date: 2008-04-12 06:21:33 +0200 (Sat, 12 Apr 2008)
New Revision: 7458
Modified:
trunk/conntrack-tools/ChangeLog
trunk/conntrack-tools/extensions/libct_proto_tcp.c
trunk/conntrack-tools/extensions/libct_proto_udp.c
trunk/conntrack-tools/src/conntrack.c
Log:
o simplify parameter-handling code
o check for missing source/address IP/ports
o minor cleanups
Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog 2008-04-09 15:34:55 UTC (rev 7457)
+++ trunk/conntrack-tools/ChangeLog 2008-04-12 04:21:33 UTC (rev 7458)
@@ -7,6 +7,9 @@
o fix asymmetric path support (reported by Gary Richards)
o improve netlink overrun handling
o update manpages with the new URL: http://conntrack-tools.netfilter.org
+o simplify parameter-handling code
+o check for missing source/address IP/ports
+o minor cleanups
Krzysztof Oledzki <ole at ans.pl>:
o fix minor compilation warning
Modified: trunk/conntrack-tools/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_tcp.c 2008-04-09 15:34:55 UTC (rev 7457)
+++ trunk/conntrack-tools/extensions/libct_proto_tcp.c 2008-04-12 04:21:33 UTC (rev 7458)
@@ -44,10 +44,10 @@
{
/* 1 2 3 4 5 6 7 8 9 */
/*CT_LIST*/ {2,2,2,2,0,0,2,0,0},
-/*CT_CREATE*/ {1,1,1,1,0,0,1,0,0},
-/*CT_UPDATE*/ {1,1,1,1,0,0,2,0,0},
-/*CT_DELETE*/ {1,1,1,1,0,0,0,0,0},
-/*CT_GET*/ {1,1,1,1,0,0,2,0,0},
+/*CT_CREATE*/ {2,2,2,2,0,0,1,0,0},
+/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0},
+/*CT_DELETE*/ {2,2,2,2,0,0,0,0,0},
+/*CT_GET*/ {2,2,2,2,0,0,2,0,0},
/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0},
/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0},
/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0},
@@ -200,27 +200,10 @@
unsigned int cmd,
struct nf_conntrack *ct)
{
- if ((flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
- && !(flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) {
- nfct_set_attr_u16(ct,
- ATTR_REPL_PORT_SRC,
- nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST));
- nfct_set_attr_u16(ct,
- ATTR_REPL_PORT_DST,
- nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC));
- flags |= TCP_REPL_SPORT;
- flags |= TCP_REPL_DPORT;
- } else if (!(flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
- && (flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) {
- nfct_set_attr_u16(ct,
- ATTR_ORIG_PORT_SRC,
- nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST));
- nfct_set_attr_u16(ct,
- ATTR_ORIG_PORT_DST,
- nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC));
- flags |= TCP_ORIG_SPORT;
- flags |= TCP_ORIG_DPORT;
- }
+ if ((1 << cmd) & (CT_CREATE|CT_UPDATE|CT_DELETE|CT_GET) &&
+ !((flags & TCP_ORIG_SPORT && flags & TCP_ORIG_DPORT) ||
+ (flags & TCP_REPL_SPORT && flags & TCP_REPL_DPORT)))
+ exit_error(PARAMETER_PROBLEM, "missing ports");
generic_opt_check(flags,
TCP_NUMBER_OF_OPT,
Modified: trunk/conntrack-tools/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_udp.c 2008-04-09 15:34:55 UTC (rev 7457)
+++ trunk/conntrack-tools/extensions/libct_proto_udp.c 2008-04-12 04:21:33 UTC (rev 7458)
@@ -54,10 +54,10 @@
{
/* 1 2 3 4 5 6 7 8 */
/*CT_LIST*/ {2,2,2,2,0,0,0,0},
-/*CT_CREATE*/ {1,1,1,1,0,0,0,0},
-/*CT_UPDATE*/ {1,1,1,1,0,0,0,0},
-/*CT_DELETE*/ {1,1,1,1,0,0,0,0},
-/*CT_GET*/ {1,1,1,1,0,0,0,0},
+/*CT_CREATE*/ {2,2,2,2,0,0,0,0},
+/*CT_UPDATE*/ {2,2,2,2,0,0,0,0},
+/*CT_DELETE*/ {2,2,2,2,0,0,0,0},
+/*CT_GET*/ {2,2,2,2,0,0,0,0},
/*CT_FLUSH*/ {0,0,0,0,0,0,0,0},
/*CT_EVENT*/ {2,2,2,2,0,0,0,0},
/*CT_VERSION*/ {0,0,0,0,0,0,0,0},
@@ -165,27 +165,10 @@
unsigned int cmd,
struct nf_conntrack *ct)
{
- if ((flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT))
- && !(flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))) {
- nfct_set_attr_u16(ct,
- ATTR_REPL_PORT_SRC,
- nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST));
- nfct_set_attr_u16(ct,
- ATTR_REPL_PORT_DST,
- nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC));
- flags |= UDP_REPL_SPORT;
- flags |= UDP_REPL_DPORT;
- } else if (!(flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT))
- && (flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))) {
- nfct_set_attr_u16(ct,
- ATTR_ORIG_PORT_SRC,
- nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST));
- nfct_set_attr_u16(ct,
- ATTR_ORIG_PORT_DST,
- nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC));
- flags |= UDP_ORIG_SPORT;
- flags |= UDP_ORIG_DPORT;
- }
+ if ((1 << cmd) & (CT_CREATE|CT_UPDATE|CT_DELETE|CT_GET) &&
+ !((flags & UDP_ORIG_SPORT && flags & UDP_ORIG_DPORT) ||
+ (flags & UDP_REPL_SPORT && flags & UDP_REPL_DPORT)))
+ exit_error(PARAMETER_PROBLEM, "missing ports");
generic_opt_check(flags,
UDP_NUMBER_OF_OPT,
Modified: trunk/conntrack-tools/src/conntrack.c
===================================================================
--- trunk/conntrack-tools/src/conntrack.c 2008-04-09 15:34:55 UTC (rev 7457)
+++ trunk/conntrack-tools/src/conntrack.c 2008-04-12 04:21:33 UTC (rev 7458)
@@ -200,6 +200,7 @@
va_start(args, msg);
fprintf(stderr,"%s v%s: ", PROGNAME, VERSION);
vfprintf(stderr, msg, args);
+ fprintf(stderr, "\n");
va_end(args);
if (status == PARAMETER_PROBLEM)
exit_tryhelp(status);
@@ -211,7 +212,7 @@
{
if (cmd_need_param[command] == 0 && !local_options)
exit_error(PARAMETER_PROBLEM,
- "You need to supply parameters to `-%c'\n",
+ "You need to supply parameters to `-%c'",
cmdflags[command]);
}
@@ -239,12 +240,12 @@
exit_error(PARAMETER_PROBLEM,
"You need to supply the "
"`--%s' option for this "
- "command\n", optflg[i]);
+ "command", optflg[i]);
} else {
if (optset[i] == 0)
exit_error(PARAMETER_PROBLEM, "Illegal "
"option `--%s' with this "
- "command\n", optflg[i]);
+ "command", optflg[i]);
}
}
}
@@ -377,9 +378,9 @@
}
static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds)
+add_command(unsigned int *cmd, const int newcmd)
{
- if (*cmd & (~othercmds))
+ if (*cmd)
exit_error(PARAMETER_PROBLEM, "Invalid commands combination\n");
*cmd |= newcmd;
}
@@ -406,7 +407,7 @@
else if (strncmp("conntrack", table, 9) == 0)
return 0;
else
- exit_error(PARAMETER_PROBLEM, "unknown type `%s'\n", table);
+ exit_error(PARAMETER_PROBLEM, "unknown type `%s'", table);
return 0;
}
@@ -416,7 +417,7 @@
if (*family == AF_UNSPEC)
*family = new;
else if (*family != new)
- exit_error(PARAMETER_PROBLEM, "mismatched address family\n");
+ exit_error(PARAMETER_PROBLEM, "mismatched address family");
}
struct addr_parse {
@@ -435,7 +436,7 @@
return AF_INET6;
#endif
- exit_error(PARAMETER_PROBLEM, "Invalid IP address `%s'.", cp);
+ exit_error(PARAMETER_PROBLEM, "Invalid IP address `%s'", cp);
}
union ct_address {
@@ -476,12 +477,12 @@
port = (uint16_t)atoi(colon+1);
if (port == 0)
exit_error(PARAMETER_PROBLEM,
- "Port `%s' not valid\n", colon+1);
+ "Port `%s' not valid", colon+1);
error = strchr(colon+1, ':');
if (error)
exit_error(PARAMETER_PROBLEM,
- "Invalid port:port syntax\n");
+ "Invalid port:port syntax");
if (type == CT_OPT_SRC_NAT)
nfct_set_attr_u16(obj, ATTR_SNAT_PORT, port);
@@ -658,6 +659,51 @@
static struct ctproto_handler *h;
+static const int cmd2type[][2] = {
+ ['L'] = { CT_LIST, EXP_LIST },
+ ['I'] = { CT_CREATE, EXP_CREATE },
+ ['D'] = { CT_DELETE, EXP_DELETE },
+ ['G'] = { CT_GET, EXP_GET },
+ ['F'] = { CT_FLUSH, EXP_FLUSH },
+ ['V'] = { CT_VERSION, CT_VERSION },
+ ['h'] = { CT_HELP, CT_HELP },
+};
+
+static const int opt2type[] = {
+ ['s'] = CT_OPT_ORIG_SRC,
+ ['d'] = CT_OPT_ORIG_DST,
+ ['r'] = CT_OPT_REPL_SRC,
+ ['q'] = CT_OPT_REPL_DST,
+ ['{'] = CT_OPT_MASK_SRC,
+ ['}'] = CT_OPT_MASK_DST,
+ ['['] = CT_OPT_EXP_SRC,
+ [']'] = CT_OPT_EXP_DST,
+ ['n'] = CT_OPT_SRC_NAT,
+ ['g'] = CT_OPT_DST_NAT,
+ ['m'] = CT_OPT_MARK,
+ ['c'] = CT_OPT_SECMARK,
+};
+
+static const int opt2family_attr[][2] = {
+ ['s'] = { ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_SRC },
+ ['d'] = { ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV6_DST },
+ ['r'] = { ATTR_REPL_IPV4_SRC, ATTR_REPL_IPV6_SRC },
+ ['q'] = { ATTR_REPL_IPV4_DST, ATTR_REPL_IPV6_DST },
+ ['{'] = { ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_SRC },
+ ['}'] = { ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV6_DST },
+ ['['] = { ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_SRC },
+ [']'] = { ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV6_DST },
+};
+
+static const int opt2attr[] = {
+ ['s'] = ATTR_ORIG_L3PROTO,
+ ['d'] = ATTR_ORIG_L3PROTO,
+ ['r'] = ATTR_REPL_L3PROTO,
+ ['q'] = ATTR_REPL_L3PROTO,
+ ['m'] = ATTR_MARK,
+ ['c'] = ATTR_SECMARK,
+};
+
int main(int argc, char *argv[])
{
int c, cmd;
@@ -691,142 +737,83 @@
"g::c:",
opts, NULL)) != -1) {
switch(c) {
+ /* commands */
case 'L':
- type = check_type(argc, argv);
- if (type == 0)
- add_command(&command, CT_LIST, CT_NONE);
- else if (type == 1)
- add_command(&command, EXP_LIST, CT_NONE);
- break;
case 'I':
- type = check_type(argc, argv);
- if (type == 0)
- add_command(&command, CT_CREATE, CT_NONE);
- else if (type == 1)
- add_command(&command, EXP_CREATE, CT_NONE);
- break;
- case 'U':
- type = check_type(argc, argv);
- if (type == 0)
- add_command(&command, CT_UPDATE, CT_NONE);
- else
- exit_error(PARAMETER_PROBLEM, "Can't update "
- "expectations");
- break;
case 'D':
- type = check_type(argc, argv);
- if (type == 0)
- add_command(&command, CT_DELETE, CT_NONE);
- else if (type == 1)
- add_command(&command, EXP_DELETE, CT_NONE);
- break;
case 'G':
- type = check_type(argc, argv);
- if (type == 0)
- add_command(&command, CT_GET, CT_NONE);
- else if (type == 1)
- add_command(&command, EXP_GET, CT_NONE);
- break;
case 'F':
+ case 'E':
+ case 'V':
+ case 'h':
type = check_type(argc, argv);
- if (type == 0)
- add_command(&command, CT_FLUSH, CT_NONE);
- else if (type == 1)
- add_command(&command, EXP_FLUSH, CT_NONE);
+ add_command(&command, cmd2type[c][type]);
break;
- case 'E':
+ case 'U':
type = check_type(argc, argv);
if (type == 0)
- add_command(&command, CT_EVENT, CT_NONE);
- else if (type == 1)
- add_command(&command, EXP_EVENT, CT_NONE);
+ add_command(&command, CT_UPDATE);
+ else
+ exit_error(PARAMETER_PROBLEM,
+ "Can't update expectations");
break;
- case 'V':
- add_command(&command, CT_VERSION, CT_NONE);
- break;
- case 'h':
- add_command(&command, CT_HELP, CT_NONE);
- break;
+ /* options */
case 's':
- options |= CT_OPT_ORIG_SRC;
- if (!optarg)
- break;
-
- l3protonum = parse_addr(optarg, &ad);
- set_family(&family, l3protonum);
- if (l3protonum == AF_INET) {
- nfct_set_attr_u32(obj,
- ATTR_ORIG_IPV4_SRC,
- ad.v4);
- } else if (l3protonum == AF_INET6) {
- nfct_set_attr(obj,
- ATTR_ORIG_IPV6_SRC,
- &ad.v6);
- }
- nfct_set_attr_u8(obj, ATTR_ORIG_L3PROTO, l3protonum);
- break;
case 'd':
- options |= CT_OPT_ORIG_DST;
- if (!optarg)
- break;
-
- l3protonum = parse_addr(optarg, &ad);
- set_family(&family, l3protonum);
- if (l3protonum == AF_INET) {
- nfct_set_attr_u32(obj,
- ATTR_ORIG_IPV4_DST,
- ad.v4);
- } else if (l3protonum == AF_INET6) {
- nfct_set_attr(obj,
- ATTR_ORIG_IPV6_DST,
- &ad.v6);
- }
- nfct_set_attr_u8(obj, ATTR_ORIG_L3PROTO, l3protonum);
- break;
case 'r':
- options |= CT_OPT_REPL_SRC;
+ case 'q':
if (!optarg)
- break;
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires an IP", c);
+ options |= opt2type[c];
+
l3protonum = parse_addr(optarg, &ad);
set_family(&family, l3protonum);
if (l3protonum == AF_INET) {
nfct_set_attr_u32(obj,
- ATTR_REPL_IPV4_SRC,
+ opt2family_attr[c][0],
ad.v4);
} else if (l3protonum == AF_INET6) {
nfct_set_attr(obj,
- ATTR_REPL_IPV6_SRC,
+ opt2family_attr[c][1],
&ad.v6);
}
- nfct_set_attr_u8(obj, ATTR_REPL_L3PROTO, l3protonum);
+ nfct_set_attr_u8(obj, opt2attr[c], l3protonum);
break;
- case 'q':
- options |= CT_OPT_REPL_DST;
+ case '{':
+ case '}':
+ case '[':
+ case ']':
if (!optarg)
- break;
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires an IP", c);
+ options |= opt2type[c];
l3protonum = parse_addr(optarg, &ad);
set_family(&family, l3protonum);
if (l3protonum == AF_INET) {
- nfct_set_attr_u32(obj,
- ATTR_REPL_IPV4_DST,
+ nfct_set_attr_u32(mask,
+ opt2family_attr[c][0],
ad.v4);
} else if (l3protonum == AF_INET6) {
- nfct_set_attr(obj,
- ATTR_REPL_IPV6_DST,
+ nfct_set_attr(mask,
+ opt2family_attr[c][1],
&ad.v6);
}
- nfct_set_attr_u8(obj, ATTR_REPL_L3PROTO, l3protonum);
+ nfct_set_attr_u8(mask, ATTR_ORIG_L3PROTO, l3protonum);
break;
case 'p':
if (!optarg || !*optarg)
- exit_error(PARAMETER_PROBLEM, "proto needed\n");
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires a valid protocol", c);
options |= CT_OPT_PROTO;
h = findproto(optarg);
if (!h)
- exit_error(PARAMETER_PROBLEM, "unknown proto\n");
+ exit_error(PARAMETER_PROBLEM,
+ "`%s' unsupported protocol",
+ optarg);
nfct_set_attr_u8(obj, ATTR_ORIG_L4PROTO, h->protonum);
nfct_set_attr_u8(obj, ATTR_REPL_L4PROTO, h->protonum);
@@ -838,140 +825,72 @@
h->protonum);
opts = merge_options(opts, h->opts, &h->option_offset);
if (opts == NULL)
- exit_error(EXIT_FAILURE, "out of memory\n");
+ exit_error(OTHER_PROBLEM, "out of memory");
break;
case 't':
- options |= CT_OPT_TIMEOUT;
if (!optarg)
- continue;
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires value", c);
+ options |= CT_OPT_TIMEOUT;
nfct_set_attr_u32(obj, ATTR_TIMEOUT, atol(optarg));
nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, atol(optarg));
break;
- case 'u': {
+ case 'u':
if (!optarg)
- continue;
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires type", c);
options |= CT_OPT_STATUS;
parse_parameter(optarg, &status, PARSE_STATUS);
nfct_set_attr_u32(obj, ATTR_STATUS, status);
break;
- }
case 'e':
+ if (!optarg)
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires type", c);
+
options |= CT_OPT_EVENT_MASK;
parse_parameter(optarg, &event_mask, PARSE_EVENT);
break;
- case 'z':
- options |= CT_OPT_ZERO;
- break;
- case '{':
- options |= CT_OPT_MASK_SRC;
+ case 'o':
if (!optarg)
- break;
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires type", c);
- l3protonum = parse_addr(optarg, &ad);
- set_family(&family, l3protonum);
- if (l3protonum == AF_INET) {
- nfct_set_attr_u32(mask,
- ATTR_ORIG_IPV4_SRC,
- ad.v4);
- } else if (l3protonum == AF_INET6) {
- nfct_set_attr(mask,
- ATTR_ORIG_IPV6_SRC,
- &ad.v6);
- }
- nfct_set_attr_u8(mask, ATTR_ORIG_L3PROTO, l3protonum);
+ options |= CT_OPT_OUTPUT;
+ parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
break;
- case '}':
- options |= CT_OPT_MASK_DST;
- if (!optarg)
- break;
+ case 'z':
+ if (optarg)
+ exit_error(PARAMETER_PROBLEM,
+ "-%c does not require parameters",c);
- l3protonum = parse_addr(optarg, &ad);
- set_family(&family, l3protonum);
- if (l3protonum == AF_INET) {
- nfct_set_attr_u32(mask,
- ATTR_ORIG_IPV4_DST,
- ad.v4);
- } else if (l3protonum == AF_INET6) {
- nfct_set_attr(mask,
- ATTR_ORIG_IPV6_DST,
- &ad.v6);
- }
- nfct_set_attr_u8(mask, ATTR_ORIG_L3PROTO, l3protonum);
+ options |= CT_OPT_ZERO;
break;
- case '[':
- options |= CT_OPT_EXP_SRC;
- if (!optarg)
- break;
-
- l3protonum = parse_addr(optarg, &ad);
- set_family(&family, l3protonum);
- if (l3protonum == AF_INET) {
- nfct_set_attr_u32(exptuple,
- ATTR_ORIG_IPV4_SRC,
- ad.v4);
- } else if (l3protonum == AF_INET6) {
- nfct_set_attr(exptuple,
- ATTR_ORIG_IPV6_SRC,
- &ad.v6);
- }
- nfct_set_attr_u8(exptuple,
- ATTR_ORIG_L3PROTO,
- l3protonum);
- break;
- case ']':
- options |= CT_OPT_EXP_DST;
- if (!optarg)
- break;
-
- l3protonum = parse_addr(optarg, &ad);
- set_family(&family, l3protonum);
- if (l3protonum == AF_INET) {
- nfct_set_attr_u32(exptuple,
- ATTR_ORIG_IPV4_DST,
- ad.v4);
- } else if (l3protonum == AF_INET6) {
- nfct_set_attr(exptuple,
- ATTR_ORIG_IPV6_DST,
- &ad.v6);
- }
- nfct_set_attr_u8(exptuple,
- ATTR_ORIG_L3PROTO,
- l3protonum);
- break;
- case 'a':
- fprintf(stderr, "warning: ignoring --nat-range, "
- "use --src-nat or --dst-nat instead.\n");
- break;
case 'n':
- options |= CT_OPT_SRC_NAT;
- if (!optarg)
- break;
- set_family(&family, AF_INET);
- nat_parse(optarg, 1, obj, CT_OPT_SRC_NAT);
- break;
case 'g':
- options |= CT_OPT_DST_NAT;
if (!optarg)
- break;
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires an IP", c);
+
+ options |= opt2type[c];
set_family(&family, AF_INET);
- nat_parse(optarg, 1, obj, CT_OPT_DST_NAT);
- case 'm':
- options |= CT_OPT_MARK;
- if (!optarg)
- continue;
- nfct_set_attr_u32(obj, ATTR_MARK, atol(optarg));
+ nat_parse(optarg, 1, obj, opt2type[c]);
break;
+ case 'm':
case 'c':
- options |= CT_OPT_SECMARK;
+ options |= opt2type[c];
if (!optarg)
- continue;
- nfct_set_attr_u32(obj, ATTR_SECMARK, atol(optarg));
+ exit_error(PARAMETER_PROBLEM,
+ "-%c requires value", c);
+
+ nfct_set_attr_u32(obj, opt2attr[c], atol(optarg));
break;
case 'i':
- fprintf(stderr,
- "warning: ignoring --id. deprecated option.\n");
+ case 'a':
+ fprintf(stderr, "WARNING: ignoring -%c, "
+ "deprecated option.\n", c);
break;
case 'f':
options |= CT_OPT_FAMILY;
@@ -980,24 +899,21 @@
else if (strncmp(optarg, "ipv6", strlen("ipv6")) == 0)
set_family(&family, AF_INET6);
else
- exit_error(PARAMETER_PROBLEM, "Unknown "
- "protocol family\n");
+ exit_error(PARAMETER_PROBLEM,
+ "`%s' unsupported protocol",
+ optarg);
break;
- case 'o':
- options |= CT_OPT_OUTPUT;
- parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
- break;
default:
if (h && h->parse_opts
&&!h->parse_opts(c - h->option_offset, obj,
exptuple, mask, &l4flags))
- exit_error(PARAMETER_PROBLEM, "parse error\n");
+ exit_error(PARAMETER_PROBLEM, "parse error");
/* Unknown argument... */
if (!h) {
usage(argv[0]);
- exit_error(PARAMETER_PROBLEM, "Missing "
- "arguments...\n");
+ exit_error(PARAMETER_PROBLEM,
+ "Missing arguments...");
}
break;
}
@@ -1014,6 +930,11 @@
commands_v_options[cmd],
optflags);
+ if (command & (CT_CREATE|CT_UPDATE|CT_DELETE|CT_GET) &&
+ !((options & CT_OPT_ORIG_SRC && options & CT_OPT_ORIG_DST) ||
+ (options & CT_OPT_REPL_SRC && options & CT_OPT_REPL_DST)))
+ exit_error(PARAMETER_PROBLEM, "missing IP address");
+
if (!(command & CT_HELP) && h && h->final_check)
h->final_check(l4flags, cmd, obj);
More information about the netfilter-cvslog
mailing list