[iptables] iprange: roll address parsing into a loop

Harald Welte netfilter-cvslog-bounces at lists.netfilter.org
Sun Oct 25 11:08:52 CET 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=7fa7329fc972513021131416dbd9d535141bd2ea
commit 7fa7329fc972513021131416dbd9d535141bd2ea
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Sep 18 13:07:09 2009 +0200
Commit:     Harald Welte <laforge at gnumonks.org>
CommitDate: Sun Oct 25 11:08:56 2009 +0100

    iprange: roll address parsing into a loop

commit 648a7bafa7acc33d986f113275a20199a6ad2aaa
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Sep 18 13:01:05 2009 +0200
Commit:     Harald Welte <laforge at gnumonks.org>
CommitDate: Sun Oct 25 11:07:35 2009 +0100

    iprange: warn on reverse range

commit a10a12afee2083d240a304ceac7f3d9902a6f60a
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Sep 18 09:59:26 2009 +0200
Commit:     Harald Welte <laforge at gnumonks.org>
CommitDate: Sun Oct 25 11:07:26 2009 +0100

    iprange: do accept non-ranges for xt_iprange v1
    
    [fill in details]
       via  7fa7329fc972513021131416dbd9d535141bd2ea (commit)
       via  648a7bafa7acc33d986f113275a20199a6ad2aaa (commit)
       via  a10a12afee2083d240a304ceac7f3d9902a6f60a (commit)
      from  51651b64fffc58d4f58d005fa7dc0d9669147c57 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7fa7329fc972513021131416dbd9d535141bd2ea
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Fri Sep 18 13:07:09 2009 +0200

    iprange: roll address parsing into a loop

commit 648a7bafa7acc33d986f113275a20199a6ad2aaa
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Fri Sep 18 13:01:05 2009 +0200

    iprange: warn on reverse range

commit a10a12afee2083d240a304ceac7f3d9902a6f60a
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Fri Sep 18 09:59:26 2009 +0200

    iprange: do accept non-ranges for xt_iprange v1
    
    [fill in details]

-----------------------------------------------------------------------

 extensions/libxt_iprange.c |  128 ++++++++++++++++++--------------------------
 1 files changed, 53 insertions(+), 75 deletions(-)
[fill in details]

diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 7b3ccc2..fc9abbb 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -20,8 +20,8 @@ static void iprange_mt_help(void)
 {
 	printf(
 "iprange match options:\n"
-"[!] --src-range ip-ip        Match source IP in the specified range\n"
-"[!] --dst-range ip-ip        Match destination IP in the specified range\n");
+"[!] --src-range ip[-ip]    Match source IP in the specified range\n"
+"[!] --dst-range ip[-ip]    Match destination IP in the specified range\n");
 }
 
 static const struct option iprange_mt_opts[] = {
@@ -30,30 +30,48 @@ static const struct option iprange_mt_opts[] = {
 	{ .name = NULL }
 };
 
-static void
-parse_iprange(char *arg, struct ipt_iprange *range)
+static void iprange_parse_range(char *arg, union nf_inet_addr *range,
+				u_int8_t family, const char *optname)
 {
+	struct in6_addr *ia6;
+	struct in_addr *ia4;
 	char *dash;
-	const struct in_addr *ip;
 
+	memset(range, 0, sizeof(union nf_inet_addr) * 2);
 	dash = strchr(arg, '-');
 	if (dash != NULL)
 		*dash = '\0';
 
-	ip = xtables_numeric_to_ipaddr(arg);
-	if (!ip)
-		xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
-			   arg);
-	range->min_ip = ip->s_addr;
-
-	if (dash != NULL) {
-		ip = xtables_numeric_to_ipaddr(dash+1);
-		if (!ip)
-			xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
-				   dash+1);
-		range->max_ip = ip->s_addr;
+	if (family == NFPROTO_IPV6) {
+		ia6 = xtables_numeric_to_ip6addr(arg);
+		if (ia6 == NULL)
+			xtables_param_act(XTF_BAD_VALUE, "iprange",
+				optname, arg);
+		range[0].in6 = *ia6;
+		if (dash == NULL) {
+			range[1] = range[0];
+			return;
+		}
+		ia6 = xtables_numeric_to_ip6addr(dash + 1);
+		if (ia6 == NULL)
+			xtables_param_act(XTF_BAD_VALUE, "iprange",
+				optname, dash + 1);
+		range[1].in6 = *ia6;
 	} else {
-		range->max_ip = range->min_ip;
+		ia4 = xtables_numeric_to_ipaddr(arg);
+		if (ia4 == NULL)
+			xtables_param_act(XTF_BAD_VALUE, "iprange",
+				optname, arg);
+		range[0].in = *ia4;
+		if (dash == NULL) {
+			range[1] = range[0];
+			return;
+		}
+		ia4 = xtables_numeric_to_ipaddr(dash + 1);
+		if (ia4 == NULL)
+			xtables_param_act(XTF_BAD_VALUE, "iprange",
+				optname, dash + 1);
+		range[1].in = *ia4;
 	}
 }
 
@@ -61,6 +79,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
                          const void *entry, struct xt_entry_match **match)
 {
 	struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+	union nf_inet_addr range[2];
 
 	switch (c) {
 	case '1':
@@ -73,7 +92,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
 		xtables_check_inverse(optarg, &invert, &optind, 0);
 		if (invert)
 			info->flags |= IPRANGE_SRC_INV;
-		parse_iprange(optarg, &info->src);
+		iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
 
 		break;
 
@@ -88,7 +107,7 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
 		if (invert)
 			info->flags |= IPRANGE_DST_INV;
 
-		parse_iprange(optarg, &info->dst);
+		iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
 
 		break;
 
@@ -103,23 +122,11 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
                   const void *entry, struct xt_entry_match **match)
 {
 	struct xt_iprange_mtinfo *info = (void *)(*match)->data;
-	const struct in_addr *ia;
-	char *end;
 
 	switch (c) {
 	case '1': /* --src-range */
-		end = strchr(optarg, '-');
-		if (end == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
-		*end = '\0';
-		ia = xtables_numeric_to_ipaddr(optarg);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
-		memcpy(&info->src_min.in, ia, sizeof(*ia));
-		ia = xtables_numeric_to_ipaddr(end+1);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
-		memcpy(&info->src_max.in, ia, sizeof(*ia));
+		iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV4,
+			"--src-range");
 		info->flags |= IPRANGE_SRC;
 		if (invert)
 			info->flags |= IPRANGE_SRC_INV;
@@ -127,18 +134,8 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
 		return true;
 
 	case '2': /* --dst-range */
-		end = strchr(optarg, '-');
-		if (end == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
-		*end = '\0';
-		ia = xtables_numeric_to_ipaddr(optarg);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
-		memcpy(&info->dst_min.in, ia, sizeof(*ia));
-		ia = xtables_numeric_to_ipaddr(end + 1);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
-		memcpy(&info->dst_max.in, ia, sizeof(*ia));
+		iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV4,
+			"--dst-range");
 		info->flags |= IPRANGE_DST;
 		if (invert)
 			info->flags |= IPRANGE_DST_INV;
@@ -153,23 +150,11 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
                   const void *entry, struct xt_entry_match **match)
 {
 	struct xt_iprange_mtinfo *info = (void *)(*match)->data;
-	const struct in6_addr *ia;
-	char *end;
 
 	switch (c) {
 	case '1': /* --src-range */
-		end = strchr(optarg, '-');
-		if (end == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
-		*end = '\0';
-		ia = xtables_numeric_to_ip6addr(optarg);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
-		memcpy(&info->src_min.in, ia, sizeof(*ia));
-		ia = xtables_numeric_to_ip6addr(end+1);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
-		memcpy(&info->src_max.in, ia, sizeof(*ia));
+		iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV6,
+			"--src-range");
 		info->flags |= IPRANGE_SRC;
 		if (invert)
 			info->flags |= IPRANGE_SRC_INV;
@@ -177,18 +162,8 @@ iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
 		return true;
 
 	case '2': /* --dst-range */
-		end = strchr(optarg, '-');
-		if (end == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
-		*end = '\0';
-		ia = xtables_numeric_to_ip6addr(optarg);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
-		memcpy(&info->dst_min.in, ia, sizeof(*ia));
-		ia = xtables_numeric_to_ip6addr(end + 1);
-		if (ia == NULL)
-			xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
-		memcpy(&info->dst_max.in, ia, sizeof(*ia));
+		iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV6,
+			"--dst-range");
 		info->flags |= IPRANGE_DST;
 		if (invert)
 			info->flags |= IPRANGE_DST_INV;



More information about the netfilter-cvslog mailing list