[iptables] iprange: roll address parsing into a loop
Harald Welte
netfilter-cvslog-bounces at lists.netfilter.org
Sun Oct 25 11:08:52 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=7fa7329fc972513021131416dbd9d535141bd2ea
commit 7fa7329fc972513021131416dbd9d535141bd2ea
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Sep 18 13:07:09 2009 +0200
Commit: Harald Welte <laforge at gnumonks.org>
CommitDate: Sun Oct 25 11:08:56 2009 +0100
iprange: roll address parsing into a loop
commit 648a7bafa7acc33d986f113275a20199a6ad2aaa
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Sep 18 13:01:05 2009 +0200
Commit: Harald Welte <laforge at gnumonks.org>
CommitDate: Sun Oct 25 11:07:35 2009 +0100
iprange: warn on reverse range
commit a10a12afee2083d240a304ceac7f3d9902a6f60a
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Sep 18 09:59:26 2009 +0200
Commit: Harald Welte <laforge at gnumonks.org>
CommitDate: Sun Oct 25 11:07:26 2009 +0100
iprange: do accept non-ranges for xt_iprange v1
[fill in details]
via 7fa7329fc972513021131416dbd9d535141bd2ea (commit)
via 648a7bafa7acc33d986f113275a20199a6ad2aaa (commit)
via a10a12afee2083d240a304ceac7f3d9902a6f60a (commit)
from 51651b64fffc58d4f58d005fa7dc0d9669147c57 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7fa7329fc972513021131416dbd9d535141bd2ea
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Sep 18 13:07:09 2009 +0200
iprange: roll address parsing into a loop
commit 648a7bafa7acc33d986f113275a20199a6ad2aaa
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Sep 18 13:01:05 2009 +0200
iprange: warn on reverse range
commit a10a12afee2083d240a304ceac7f3d9902a6f60a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Sep 18 09:59:26 2009 +0200
iprange: do accept non-ranges for xt_iprange v1
[fill in details]
-----------------------------------------------------------------------
extensions/libxt_iprange.c | 128 ++++++++++++++++++--------------------------
1 files changed, 53 insertions(+), 75 deletions(-)
[fill in details]
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 7b3ccc2..fc9abbb 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -20,8 +20,8 @@ static void iprange_mt_help(void)
{
printf(
"iprange match options:\n"
-"[!] --src-range ip-ip Match source IP in the specified range\n"
-"[!] --dst-range ip-ip Match destination IP in the specified range\n");
+"[!] --src-range ip[-ip] Match source IP in the specified range\n"
+"[!] --dst-range ip[-ip] Match destination IP in the specified range\n");
}
static const struct option iprange_mt_opts[] = {
@@ -30,30 +30,48 @@ static const struct option iprange_mt_opts[] = {
{ .name = NULL }
};
-static void
-parse_iprange(char *arg, struct ipt_iprange *range)
+static void iprange_parse_range(char *arg, union nf_inet_addr *range,
+ u_int8_t family, const char *optname)
{
+ struct in6_addr *ia6;
+ struct in_addr *ia4;
char *dash;
- const struct in_addr *ip;
+ memset(range, 0, sizeof(union nf_inet_addr) * 2);
dash = strchr(arg, '-');
if (dash != NULL)
*dash = '\0';
- ip = xtables_numeric_to_ipaddr(arg);
- if (!ip)
- xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
- arg);
- range->min_ip = ip->s_addr;
-
- if (dash != NULL) {
- ip = xtables_numeric_to_ipaddr(dash+1);
- if (!ip)
- xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
- dash+1);
- range->max_ip = ip->s_addr;
+ if (family == NFPROTO_IPV6) {
+ ia6 = xtables_numeric_to_ip6addr(arg);
+ if (ia6 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, arg);
+ range[0].in6 = *ia6;
+ if (dash == NULL) {
+ range[1] = range[0];
+ return;
+ }
+ ia6 = xtables_numeric_to_ip6addr(dash + 1);
+ if (ia6 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, dash + 1);
+ range[1].in6 = *ia6;
} else {
- range->max_ip = range->min_ip;
+ ia4 = xtables_numeric_to_ipaddr(arg);
+ if (ia4 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, arg);
+ range[0].in = *ia4;
+ if (dash == NULL) {
+ range[1] = range[0];
+ return;
+ }
+ ia4 = xtables_numeric_to_ipaddr(dash + 1);
+ if (ia4 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, dash + 1);
+ range[1].in = *ia4;
}
}
@@ -61,6 +79,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+ union nf_inet_addr range[2];
switch (c) {
case '1':
@@ -73,7 +92,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags |= IPRANGE_SRC_INV;
- parse_iprange(optarg, &info->src);
+ iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
break;
@@ -88,7 +107,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
info->flags |= IPRANGE_DST_INV;
- parse_iprange(optarg, &info->dst);
+ iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
break;
@@ -103,23 +122,11 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_iprange_mtinfo *info = (void *)(*match)->data;
- const struct in_addr *ia;
- char *end;
switch (c) {
case '1': /* --src-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ipaddr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- memcpy(&info->src_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ipaddr(end+1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
- memcpy(&info->src_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV4,
+ "--src-range");
info->flags |= IPRANGE_SRC;
if (invert)
info->flags |= IPRANGE_SRC_INV;
@@ -127,18 +134,8 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
return true;
case '2': /* --dst-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ipaddr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- memcpy(&info->dst_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ipaddr(end + 1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
- memcpy(&info->dst_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV4,
+ "--dst-range");
info->flags |= IPRANGE_DST;
if (invert)
info->flags |= IPRANGE_DST_INV;
@@ -153,23 +150,11 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_iprange_mtinfo *info = (void *)(*match)->data;
- const struct in6_addr *ia;
- char *end;
switch (c) {
case '1': /* --src-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ip6addr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- memcpy(&info->src_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ip6addr(end+1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
- memcpy(&info->src_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV6,
+ "--src-range");
info->flags |= IPRANGE_SRC;
if (invert)
info->flags |= IPRANGE_SRC_INV;
@@ -177,18 +162,8 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
return true;
case '2': /* --dst-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ip6addr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- memcpy(&info->dst_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ip6addr(end + 1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
- memcpy(&info->dst_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV6,
+ "--dst-range");
info->flags |= IPRANGE_DST;
if (invert)
info->flags |= IPRANGE_DST_INV;
More information about the netfilter-cvslog
mailing list