return ds_classes[i].dscp;
}
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid DSCP value `%s'\n", name);
}
}
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid DSCP value `%d'\n", dscp);
}
#endif
unsigned int value;
if (*flags & IP6T_HL_USED) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify HL option twice");
}
if (!optarg)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL: You must specify a value");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL: unexpected `!'");
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL: Expected value between 0 and 255");
switch (c) {
case '2':
if (value == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL: decreasing by 0?");
}
case '3':
if (value == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL: increasing by 0?");
}
static void HL_check(unsigned int flags)
{
if (!(flags & IP6T_HL_USED))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL: You must specify an action");
}
if (strncasecmp(level, ip6t_log_names[i].name,
strlen(level)) == 0) {
if (set++)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"log-level `%s' ambiguous",
level);
lev = ip6t_log_names[i].level;
}
if (!set)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"log-level `%s' unknown", level);
}
switch (c) {
case '!':
if (*flags & IP6T_LOG_OPT_LEVEL)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
loginfo->level = parse_level(optarg);
case '#':
if (*flags & IP6T_LOG_OPT_PREFIX)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Maximum prefix length %u for --log-prefix",
(unsigned int)sizeof(loginfo->prefix) - 1);
if (strlen(optarg) == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"No prefix specified for --log-prefix");
if (strlen(optarg) != strlen(strtok(optarg, "\n")))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Newlines not allowed in --log-prefix");
strcpy(loginfo->prefix, optarg);
case '1':
if (*flags & IP6T_LOG_OPT_TCPSEQ)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-tcp-sequence "
"twice");
case '2':
if (*flags & IP6T_LOG_OPT_TCPOPT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-tcp-options twice");
loginfo->logflags |= IP6T_LOG_TCPOPT;
case '3':
if (*flags & IP6T_LOG_OPT_IPOPT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-ip-options twice");
loginfo->logflags |= IP6T_LOG_IPOPT;
case '4':
if (*flags & IP6T_LOG_OPT_UID)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-uid twice");
loginfo->logflags |= IP6T_LOG_UID;
switch(c) {
case '1':
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
return 1;
}
}
- exit_error(PARAMETER_PROBLEM, "unknown reject type `%s'",optarg);
+ xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
default:
/* Fall through */
break;
spi = strtoul(spistr, &ep, 0);
if ( spistr == ep )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"AH no valid digits in %s `%s'", typestr, spistr);
if ( spi == ULONG_MAX && errno == ERANGE )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s `%s' specified too big: would overflow",
typestr, spistr);
if ( *spistr != '\0' && *ep != '\0' )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"AH error parsing %s `%s'", typestr, spistr);
return spi;
switch (c) {
case '1':
if (*flags & IP6T_AH_SPI)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
break;
case '2':
if (*flags & IP6T_AH_LEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--ahlen' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length");
break;
case '3':
if (*flags & IP6T_AH_RES)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--ahres' allowed");
ahinfo->hdrres = 1;
*flags |= IP6T_AH_RES;
id = strtoul(idstr, &ep, 0);
if ( idstr == ep ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"dst: no valid digits in %s `%s'", typestr, idstr);
}
if ( id == ULONG_MAX && errno == ERANGE ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s `%s' specified too big: would overflow",
typestr, idstr);
}
if ( *idstr != '\0' && *ep != '\0' ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"dst: error parsing %s `%s'", typestr, idstr);
}
return id;
buffer = strdup(optsstr);
if (!buffer)
- exit_error(OTHER_PROBLEM, "strdup failed");
+ xtables_error(OTHER_PROBLEM, "strdup failed");
for (cp = buffer, i = 0; cp && i < IP6T_OPTS_OPTSNR; cp = next, i++)
{
if (range) {
if (i == IP6T_OPTS_OPTSNR-1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"too many ports specified");
*range++ = '\0';
}
opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8;
if (range) {
if (opts[i] == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"PAD0 hasn't got length");
opts[i] |= parse_opts_num(range, "length") & 0xFF;
} else
}
if (cp)
- exit_error(PARAMETER_PROBLEM, "too many addresses specified");
+ xtables_error(PARAMETER_PROBLEM, "too many addresses specified");
free(buffer);
switch (c) {
case '1':
if (*flags & IP6T_OPTS_LEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--dst-len' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
break;
case '2':
if (*flags & IP6T_OPTS_OPTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--dst-opts' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
" '!' not allowed with `--dst-opts'");
optinfo->optsnr = parse_options(argv[optind-1], optinfo->opts);
optinfo->flags |= IP6T_OPTS_OPTS;
break;
case '3':
if (*flags & IP6T_OPTS_NSTRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--dst-not-strict' allowed");
if ( !(*flags & IP6T_OPTS_OPTS) )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"`--dst-opts ...' required before "
"`--dst-not-strict'");
optinfo->flags |= IP6T_OPTS_NSTRICT;
id = strtoul(idstr, &ep, 0);
if ( idstr == ep ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"FRAG no valid digits in %s `%s'", typestr, idstr);
}
if ( id == ULONG_MAX && errno == ERANGE ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s `%s' specified too big: would overflow",
typestr, idstr);
}
if ( *idstr != '\0' && *ep != '\0' ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"FRAG error parsing %s `%s'", typestr, idstr);
}
return id;
switch (c) {
case '1':
if (*flags & IP6T_FRAG_IDS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--fragid' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_frag_ids(argv[optind-1], fraginfo->ids);
break;
case '2':
if (*flags & IP6T_FRAG_LEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--fraglen' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
fraginfo->hdrlen = parse_frag_id(argv[optind-1], "length");
break;
case '3':
if (*flags & IP6T_FRAG_RES)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--fragres' allowed");
fraginfo->flags |= IP6T_FRAG_RES;
*flags |= IP6T_FRAG_RES;
break;
case '4':
if (*flags & IP6T_FRAG_FST)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--fragfirst' allowed");
fraginfo->flags |= IP6T_FRAG_FST;
*flags |= IP6T_FRAG_FST;
break;
case '5':
if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--fragmore' or `--fraglast' allowed");
fraginfo->flags |= IP6T_FRAG_MF;
*flags |= IP6T_FRAG_MF;
break;
case '6':
if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--fragmore' or `--fraglast' allowed");
fraginfo->flags |= IP6T_FRAG_NMF;
*flags |= IP6T_FRAG_NMF;
id = strtoul(idstr,&ep,0) ;
if ( idstr == ep ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"hbh: no valid digits in %s `%s'", typestr, idstr);
}
if ( id == ULONG_MAX && errno == ERANGE ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s `%s' specified too big: would overflow",
typestr, idstr);
}
if ( *idstr != '\0' && *ep != '\0' ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"hbh: error parsing %s `%s'", typestr, idstr);
}
return id;
unsigned int i;
buffer = strdup(optsstr);
- if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
+ if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
for (cp=buffer, i=0; cp && i<IP6T_OPTS_OPTSNR; cp=next,i++)
{
range = strchr(cp, ':');
if (range) {
if (i == IP6T_OPTS_OPTSNR-1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"too many ports specified");
*range++ = '\0';
}
opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8;
if (range) {
if (opts[i] == 0)
- exit_error(PARAMETER_PROBLEM, "PAD0 hasn't got length");
+ xtables_error(PARAMETER_PROBLEM, "PAD0 has not got length");
opts[i] |= parse_opts_num(range, "length") & 0xFF;
} else {
opts[i] |= (0x00FF);
printf("opts opt: %04X\n", opts[i]);
#endif
}
- if (cp) exit_error(PARAMETER_PROBLEM, "too many addresses specified");
+ if (cp) xtables_error(PARAMETER_PROBLEM, "too many addresses specified");
free(buffer);
switch (c) {
case '1':
if (*flags & IP6T_OPTS_LEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--hbh-len' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
break;
case '2':
if (*flags & IP6T_OPTS_OPTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--hbh-opts' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
" '!' not allowed with `--hbh-opts'");
optinfo->optsnr = parse_options(argv[optind-1], optinfo->opts);
optinfo->flags |= IP6T_OPTS_OPTS;
break;
case '3':
if (*flags & IP6T_OPTS_NSTRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--hbh-not-strict' allowed");
if ( !(*flags & IP6T_OPTS_OPTS) )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"`--hbh-opts ...' required before `--hbh-not-strict'");
optinfo->flags |= IP6T_OPTS_NSTRICT;
*flags |= IP6T_OPTS_NSTRICT;
value = atoi(argv[optind-1]);
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify HL option twice");
if (!optarg)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"hl: You must specify a value");
switch (c) {
case '2':
break;
case '3':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"hl: unexpected `!'");
info->mode = IP6T_HL_LT;
break;
case '4':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"hl: unexpected `!'");
info->mode = IP6T_HL_GT;
static void hl_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"HL match: You must specify one of "
"`--hl-eq', `--hl-lt', `--hl-gt'");
}
if (strncasecmp(icmpv6_codes[i].name, icmpv6type, strlen(icmpv6type))
== 0) {
if (match != limit)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Ambiguous ICMPv6 type `%s':"
" `%s' or `%s'?",
icmpv6type,
*slash = '\0';
if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid ICMPv6 type `%s'\n", buffer);
*type = number;
if (slash) {
if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid ICMPv6 code `%s'\n",
slash+1);
code[0] = code[1] = number;
switch (c) {
case '1':
if (*flags == 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"icmpv6 match: only use --icmpv6-type once!");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_icmpv6(argv[optind-1], &icmpv6info->type,
static void icmp6_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"icmpv6 match: You must specify `--icmpv6-type'");
}
}
if (i == sizeof(chain_protos)/sizeof(struct pprot))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unknown header `%s' specified",
s);
}
}
if (i == sizeof(chain_flags)/sizeof(struct numflag))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unknown header `%d' specified",
proto);
case '1' :
/* Parse the provided header names */
if (*flags & IPV6_HDR_HEADER)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--header' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (! (info->matchflags = parse_header(argv[optind-1])) )
- exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
+ xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
if (invert)
info->invflags |= 0xFF;
case '2' :
/* Soft-mode requested? */
if (*flags & IPV6_HDR_SOFT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--soft' allowed");
info->modeflag |= 0xFF;
static void ipv6header_check(unsigned int flags)
{
- if (!flags) exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: no options specified");
+ if (!flags) xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: no options specified");
}
static void
unsigned int number;
if (!xtables_strtoui(name, NULL, &number, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid MH type `%s'\n", name);
return number;
}
types[1] = cp[0] ? name_to_type(cp) : 0xFF;
if (types[0] > types[1])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid MH type range (min > max)");
}
free(buffer);
switch (c) {
case '1':
if (*flags & MH_TYPES)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--mh-type' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_mh_types(argv[optind-1], mhinfo->types);
return IP6T_POLICY_MATCH_IN;
if (strcmp(s, "out") == 0)
return IP6T_POLICY_MATCH_OUT;
- exit_error(PARAMETER_PROBLEM, "policy_match: invalid dir `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "policy_match: invalid dir \"%s\"", s);
}
static int parse_policy(char *s)
return IP6T_POLICY_MATCH_NONE;
if (strcmp(s, "ipsec") == 0)
return 0;
- exit_error(PARAMETER_PROBLEM, "policy match: invalid policy `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "policy match: invalid policy \"%s\"", s);
}
static int parse_mode(char *s)
return IP6T_POLICY_MODE_TRANSPORT;
if (strcmp(s, "tunnel") == 0)
return IP6T_POLICY_MODE_TUNNEL;
- exit_error(PARAMETER_PROBLEM, "policy match: invalid mode `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "policy match: invalid mode \"%s\"", s);
}
static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
if (info->flags & (IP6T_POLICY_MATCH_IN|IP6T_POLICY_MATCH_OUT))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --dir option");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --dir option");
info->flags |= parse_direction(argv[optind-1]);
break;
case '2':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --policy option");
info->flags |= parse_policy(argv[optind-1]);
break;
case '3':
if (info->flags & IP6T_POLICY_MATCH_STRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --strict option");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --strict option");
info->flags |= IP6T_POLICY_MATCH_STRICT;
break;
case '4':
if (e->match.reqid)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --reqid option");
e->match.reqid = 1;
break;
case '5':
if (e->match.spi)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --spi option");
e->match.spi = 1;
break;
case '6':
if (e->match.saddr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
e->match.saddr = 1;
break;
case '7':
if (e->match.daddr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
xtables_ip6parse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
e->match.daddr = 1;
break;
case '8':
if (e->match.proto)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
e->proto = xtables_parse_protocol(argv[optind-1]);
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: protocol must ah/esp/ipcomp");
e->match.proto = 1;
e->invert.proto = invert;
break;
case '9':
if (e->match.mode)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --mode option");
mode = parse_mode(argv[optind-1]);
break;
case 'a':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --next option");
if (++info->len == IP6T_POLICY_MAX_ELEM)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: maximum policy depth reached");
break;
default:
int i;
if (info == NULL)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: no parameters given");
if (!(info->flags & (IP6T_POLICY_MATCH_IN|IP6T_POLICY_MATCH_OUT)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: neither --in nor --out specified");
if (info->flags & IP6T_POLICY_MATCH_NONE) {
if (info->flags & IP6T_POLICY_MATCH_STRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: policy none but --strict given");
if (info->len != 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: policy none but policy given");
} else
info->len++; /* increase len by 1, no --next after last element */
if (!(info->flags & IP6T_POLICY_MATCH_STRICT) && info->len > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: multiple elements but no --strict");
for (i = 0; i < info->len; i++) {
if (info->flags & IP6T_POLICY_MATCH_STRICT &&
!(e->match.reqid || e->match.spi || e->match.saddr ||
e->match.daddr || e->match.proto || e->match.mode))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: empty policy element");
if ((e->match.saddr || e->match.daddr)
&& ((e->mode == IP6T_POLICY_MODE_TUNNEL && e->invert.mode) ||
(e->mode == IP6T_POLICY_MODE_TRANSPORT && !e->invert.mode)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: --tunnel-src/--tunnel-dst "
"is only valid in tunnel mode");
}
id = strtoul(idstr,&ep,0) ;
if ( idstr == ep ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RT no valid digits in %s `%s'", typestr, idstr);
}
if ( id == ULONG_MAX && errno == ERANGE ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s `%s' specified too big: would overflow",
typestr, idstr);
}
if ( *idstr != '\0' && *ep != '\0' ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RT error parsing %s `%s'", typestr, idstr);
}
return id;
#ifdef DEBUG
fprintf(stderr, "\nnumeric2addr: %d\n", err);
#endif
- exit_error(PARAMETER_PROBLEM, "bad address: %s", num);
+ xtables_error(PARAMETER_PROBLEM, "bad address: %s", num);
return (struct in6_addr *)NULL;
}
unsigned int i;
buffer = strdup(addrstr);
- if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
+ if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
for (cp=buffer, i=0; cp && i<IP6T_RT_HOPS; cp=next,i++)
{
printf("addr [%d]: %s\n", i, addr_to_numeric(&(addrp[i])));
#endif
}
- if (cp) exit_error(PARAMETER_PROBLEM, "too many addresses specified");
+ if (cp) xtables_error(PARAMETER_PROBLEM, "too many addresses specified");
free(buffer);
switch (c) {
case '1':
if (*flags & IP6T_RT_TYP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-type' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
rtinfo->rt_type = parse_rt_num(argv[optind-1], "type");
break;
case '2':
if (*flags & IP6T_RT_SGS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-segsleft' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_rt_segsleft(argv[optind-1], rtinfo->segsleft);
break;
case '3':
if (*flags & IP6T_RT_LEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-len' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
rtinfo->hdrlen = parse_rt_num(argv[optind-1], "length");
break;
case '4':
if (*flags & IP6T_RT_RES)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-0-res' allowed");
if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"`--rt-type 0' required before `--rt-0-res'");
rtinfo->flags |= IP6T_RT_RES;
*flags |= IP6T_RT_RES;
break;
case '5':
if (*flags & IP6T_RT_FST)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-0-addrs' allowed");
if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"`--rt-type 0' required before `--rt-0-addrs'");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
" '!' not allowed with `--rt-0-addrs'");
rtinfo->addrnr = parse_addresses(argv[optind-1], rtinfo->addrs);
rtinfo->flags |= IP6T_RT_FST;
break;
case '6':
if (*flags & IP6T_RT_FST_NSTRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-0-not-strict' allowed");
if ( !(*flags & IP6T_RT_FST) )
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"`--rt-0-addr ...' required before `--rt-0-not-strict'");
rtinfo->flags |= IP6T_RT_FST_NSTRICT;
*flags |= IP6T_RT_FST_NSTRICT;
unsigned int i = 0;
if (strlen(mac) != ETH_ALEN*3-1)
- exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
+ xtables_error(PARAMETER_PROBLEM, "Bad mac address \"%s\"", mac);
for (i = 0; i < ETH_ALEN; i++) {
long number;
&& number <= 255)
macbuf[i] = number;
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad mac address `%s'", mac);
}
}
case '1':
cipinfo->flags |= CLUSTERIP_FLAG_NEW;
if (*flags & PARAM_NEW)
- exit_error(PARAMETER_PROBLEM, "Can only specify `--new' once\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify \"--new\" once\n");
*flags |= PARAM_NEW;
break;
case '2':
if (!(*flags & PARAM_NEW))
- exit_error(PARAMETER_PROBLEM, "Can only specify hashmode combined with `--new'\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify hashmode combined with \"--new\"\n");
if (*flags & PARAM_HMODE)
- exit_error(PARAMETER_PROBLEM, "Can only specify hashmode once\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify hashmode once\n");
if (!strcmp(optarg, "sourceip"))
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP;
else if (!strcmp(optarg, "sourceip-sourceport"))
else if (!strcmp(optarg, "sourceip-sourceport-destport"))
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT_DPT;
else
- exit_error(PARAMETER_PROBLEM, "Unknown hashmode `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Unknown hashmode \"%s\"\n",
optarg);
*flags |= PARAM_HMODE;
break;
case '3':
if (!(*flags & PARAM_NEW))
- exit_error(PARAMETER_PROBLEM, "Can only specify MAC combined with `--new'\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify MAC combined with \"--new\"\n");
if (*flags & PARAM_MAC)
- exit_error(PARAMETER_PROBLEM, "Can only specify MAC once\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify MAC once\n");
parse_mac(optarg, (char *)cipinfo->clustermac);
if (!(cipinfo->clustermac[0] & 0x01))
- exit_error(PARAMETER_PROBLEM, "MAC has to be a multicast ethernet address\n");
+ xtables_error(PARAMETER_PROBLEM, "MAC has to be a multicast ethernet address\n");
*flags |= PARAM_MAC;
break;
case '4':
if (!(*flags & PARAM_NEW))
- exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify node number combined with \"--new\"\n");
if (*flags & PARAM_TOTALNODE)
- exit_error(PARAMETER_PROBLEM, "Can only specify total node number once\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify total node number once\n");
if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES))
- exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg);
cipinfo->num_total_nodes = num;
*flags |= PARAM_TOTALNODE;
break;
case '5':
if (!(*flags & PARAM_NEW))
- exit_error(PARAMETER_PROBLEM, "Can only specify node number combined with `--new'\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify node number combined with \"--new\"\n");
if (*flags & PARAM_LOCALNODE)
- exit_error(PARAMETER_PROBLEM, "Can only specify local node number once\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify local node number once\n");
if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES))
- exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg);
cipinfo->num_local_nodes = 1;
cipinfo->local_nodes[0] = num;
*flags |= PARAM_LOCALNODE;
break;
case '6':
if (!(*flags & PARAM_NEW))
- exit_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with `--new'\n");
+ xtables_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with \"--new\"\n");
if (*flags & PARAM_HASHINIT)
- exit_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n");
+ xtables_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n");
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT_MAX))
- exit_error(PARAMETER_PROBLEM, "Unable to parse `%s'\n", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg);
cipinfo->hash_initval = num;
*flags |= PARAM_HASHINIT;
break;
== (PARAM_NEW|PARAM_HMODE|PARAM_MAC|PARAM_TOTALNODE|PARAM_LOCALNODE))
return;
- exit_error(PARAMETER_PROBLEM, "CLUSTERIP target: Invalid parameter combination\n");
+ xtables_error(PARAMETER_PROBLEM, "CLUSTERIP target: Invalid parameter combination\n");
}
static char *hashmode2str(enum clusterip_hashmode mode)
info = realloc(info, size);
if (!info)
- exit_error(OTHER_PROBLEM, "Out of memory\n");
+ xtables_error(OTHER_PROBLEM, "Out of memory\n");
info->t.u.target_size = size;
info->mr.range[info->mr.rangesize] = *range;
int port;
if (!portok)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
if (port <= 0 || port > 65535)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", colon+1);
error = strchr(colon+1, ':');
if (error)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid port:port syntax - use dash\n");
dash = strchr(colon, '-');
maxport = atoi(dash + 1);
if (maxport <= 0 || maxport > 65535)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
/* People are stupid. */
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port range `%s' funky\n", colon+1);
range.min.tcp.port = htons(port);
range.max.tcp.port = htons(maxport);
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range.min_ip = ip->s_addr;
if (dash) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
dash+1);
range.max_ip = ip->s_addr;
} else
switch (c) {
case '1':
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
if (*flags) {
if (!kernel_version)
get_kernel_version();
if (kernel_version > LINUX_VERSION(2, 6, 10))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Multiple --to-destination not supported");
}
*target = parse_to(optarg, portok, info);
static void DNAT_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must specify --to-destination");
}
switch (c) {
case 'F':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-tcp-remove ONCE!");
einfo->operation = IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR;
einfo->proto.tcp.ece = 0;
break;
case 'G':
if (*flags & IPT_ECN_OP_SET_CWR)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-tcp-cwr ONCE!");
if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Value out of range");
einfo->operation |= IPT_ECN_OP_SET_CWR;
einfo->proto.tcp.cwr = result;
break;
case 'H':
if (*flags & IPT_ECN_OP_SET_ECE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-tcp-ece ONCE!");
if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Value out of range");
einfo->operation |= IPT_ECN_OP_SET_ECE;
einfo->proto.tcp.ece = result;
break;
case '9':
if (*flags & IPT_ECN_OP_SET_IP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Only use --ecn-ip-ect ONCE!");
if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Value out of range");
einfo->operation |= IPT_ECN_OP_SET_IP;
einfo->ip_ect = result;
static void ECN_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN target: Parameter --ecn-tcp-remove is required");
}
if (strncasecmp(level, ipt_log_names[i].name,
strlen(level)) == 0) {
if (set++)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"log-level `%s' ambiguous",
level);
lev = ipt_log_names[i].level;
}
if (!set)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"log-level `%s' unknown", level);
}
switch (c) {
case '!':
if (*flags & IPT_LOG_OPT_LEVEL)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
loginfo->level = parse_level(optarg);
case '#':
if (*flags & IPT_LOG_OPT_PREFIX)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Maximum prefix length %u for --log-prefix",
(unsigned int)sizeof(loginfo->prefix) - 1);
if (strlen(optarg) == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"No prefix specified for --log-prefix");
if (strlen(optarg) != strlen(strtok(optarg, "\n")))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Newlines not allowed in --log-prefix");
strcpy(loginfo->prefix, optarg);
case '1':
if (*flags & IPT_LOG_OPT_TCPSEQ)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-tcp-sequence "
"twice");
case '2':
if (*flags & IPT_LOG_OPT_TCPOPT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-tcp-options twice");
loginfo->logflags |= IPT_LOG_TCPOPT;
case '3':
if (*flags & IPT_LOG_OPT_IPOPT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-ip-options twice");
loginfo->logflags |= IPT_LOG_IPOPT;
case '4':
if (*flags & IPT_LOG_OPT_UID)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --log-uid twice");
loginfo->logflags |= IPT_LOG_UID;
port = atoi(arg);
if (port <= 0 || port > 65535)
- exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg);
+ xtables_error(PARAMETER_PROBLEM, "Port \"%s\" not valid\n", arg);
dash = strchr(arg, '-');
if (!dash) {
maxport = atoi(dash + 1);
if (maxport == 0 || maxport > 65535)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
/* People are stupid. Present reader excepted. */
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port range `%s' funky\n", arg);
mr->range[0].min.tcp.port = htons(port);
mr->range[0].max.tcp.port = htons(maxport);
switch (c) {
case '1':
if (!portok)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
parse_ports(optarg, mr);
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range->min_ip = ip->s_addr;
if (slash) {
if (strchr(slash+1, '.')) {
ip = xtables_numeric_to_ipmask(slash+1);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
slash+1);
netmask = ip->s_addr;
}
else {
if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32))
- exit_error(PARAMETER_PROBLEM, "Bad netmask `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
slash+1);
netmask = bits2netmask(bits);
}
/* Don't allow /0 (/1 is probably insane, too) */
if (netmask == 0)
- exit_error(PARAMETER_PROBLEM, "Netmask needed\n");
+ xtables_error(PARAMETER_PROBLEM, "Netmask needed\n");
}
else
netmask = ~0;
if (range->min_ip & ~netmask) {
if (slash)
*slash = '/';
- exit_error(PARAMETER_PROBLEM, "Bad network address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
arg);
}
range->max_ip = range->min_ip | ~netmask;
switch (c) {
case '1':
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", NETMAP_opts[0].name);
parse_to(optarg, &mr->range[0]);
static void NETMAP_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
MODULENAME" needs --%s", NETMAP_opts[0].name);
}
mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
if (strchr(arg, '.'))
- exit_error(PARAMETER_PROBLEM, "IP address not permitted\n");
+ xtables_error(PARAMETER_PROBLEM, "IP address not permitted\n");
port = atoi(arg);
if (port == 0)
port = xtables_service_to_port(arg, NULL);
if (port == 0 || port > 65535)
- exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg);
+ xtables_error(PARAMETER_PROBLEM, "Port \"%s\" not valid\n", arg);
dash = strchr(arg, '-');
if (!dash) {
maxport = atoi(dash + 1);
if (maxport == 0 || maxport > 65535)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
/* People are stupid. */
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port range `%s' funky\n", arg);
mr->range[0].min.tcp.port = htons(port);
mr->range[0].max.tcp.port = htons(maxport);
switch (c) {
case '1':
if (!portok)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
parse_ports(optarg, mr);
switch(c) {
case '1':
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
|| strncasecmp("echoreply", optarg, strlen(optarg)) == 0)
fprintf(stderr, "--reject-with echo-reply no longer"
" supported\n");
- exit_error(PARAMETER_PROBLEM, "unknown reject type `%s'",optarg);
+ xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
default:
/* Fall through */
break;
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range->min_ip = ip->s_addr;
if (dash) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
dash+1);
}
range->max_ip = ip->s_addr;
if (dash)
if (range->min_ip > range->max_ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP range `%s-%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP range \"%s-%s\"\n",
arg, dash+1);
}
switch (c) {
case '1':
if (mr->rangesize == IPT_SAME_MAX_RANGE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Too many ranges specified, maximum "
"is %i ranges.\n",
IPT_SAME_MAX_RANGE);
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
parse_to(optarg, &mr->range[mr->rangesize]);
case '2':
if (*flags & IPT_SAME_OPT_NODST)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --nodst twice");
mr->info |= IPT_SAME_NODST;
static void SAME_check(unsigned int flags)
{
if (!(flags & IPT_SAME_OPT_TO))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"SAME needs --to");
}
struct ipt_set_info *info, const char *what)
{
if (info->flags[0])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--%s can be specified only once", what);
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", what);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--%s requires two args.", what);
if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"setname `%s' too long, max %d characters.",
argv[optind-1], IP_SET_MAXNAMELEN - 1);
static void SET_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must specify either `--add-set' or `--del-set'");
}
info = realloc(info, size);
if (!info)
- exit_error(OTHER_PROBLEM, "Out of memory\n");
+ xtables_error(OTHER_PROBLEM, "Out of memory\n");
info->t.u.target_size = size;
info->mr.range[info->mr.rangesize] = *range;
int port;
if (!portok)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
if (port <= 0 || port > 65535)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", colon+1);
error = strchr(colon+1, ':');
if (error)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid port:port syntax - use dash\n");
dash = strchr(colon, '-');
maxport = atoi(dash + 1);
if (maxport <= 0 || maxport > 65535)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port `%s' not valid\n", dash+1);
if (maxport < port)
/* People are stupid. */
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Port range `%s' funky\n", colon+1);
range.min.tcp.port = htons(port);
range.max.tcp.port = htons(maxport);
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
arg);
range.min_ip = ip->s_addr;
if (dash) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
dash+1);
range.max_ip = ip->s_addr;
} else
switch (c) {
case '1':
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-source");
if (*flags & IPT_SNAT_OPT_SOURCE) {
if (!kernel_version)
get_kernel_version();
if (kernel_version > LINUX_VERSION(2, 6, 10))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Multiple --to-source not supported");
}
*target = parse_to(optarg, portok, info);
static void SNAT_check(unsigned int flags)
{
if (!(flags & IPT_SNAT_OPT_SOURCE))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must specify --to-source");
}
unsigned int value;
if (*flags & IPT_TTL_USED) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify TTL option twice");
}
if (!optarg)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL: You must specify a value");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL: unexpected `!'");
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL: Expected value between 0 and 255");
switch (c) {
case '2':
if (value == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL: decreasing by 0?");
}
case '3':
if (value == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL: increasing by 0?");
}
static void TTL_check(unsigned int flags)
{
if (!(flags & IPT_TTL_USED))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL: You must specify an action");
}
switch (c) {
case '!':
if (*flags & IPT_LOG_OPT_NLGROUP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --ulog-nlgroup twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-nlgroup");
group_d = atoi(optarg);
if (group_d > 32 || group_d < 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--ulog-nlgroup has to be between 1 and 32");
loginfo->nl_group = (1 << (group_d - 1));
case '#':
if (*flags & IPT_LOG_OPT_PREFIX)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --ulog-prefix twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-prefix");
if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Maximum prefix length %u for --ulog-prefix",
(unsigned int)sizeof(loginfo->prefix) - 1);
if (strlen(optarg) == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"No prefix specified for --ulog-prefix");
if (strlen(optarg) != strlen(strtok(optarg, "\n")))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Newlines not allowed in --ulog-prefix");
strcpy(loginfo->prefix, optarg);
break;
case 'A':
if (*flags & IPT_LOG_OPT_CPRANGE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --ulog-cprange twice");
if (atoi(optarg) < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Negative copy range?");
loginfo->copy_range = atoi(optarg);
*flags |= IPT_LOG_OPT_CPRANGE;
break;
case 'B':
if (*flags & IPT_LOG_OPT_QTHRESHOLD)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --ulog-qthreshold twice");
if (atoi(optarg) < 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Negative or zero queue threshold ?");
if (atoi(optarg) > ULOG_MAX_QLEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Maximum queue length exceeded");
loginfo->qthreshold = atoi(optarg);
*flags |= IPT_LOG_OPT_QTHRESHOLD;
while ((comma = strchr(arg, ',')) != NULL) {
if (comma == arg || !parse_type(arg, comma-arg, mask))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: bad type `%s'", arg);
arg = comma + 1;
}
if (strlen(arg) == 0 || !parse_type(arg, strlen(arg), mask))
- exit_error(PARAMETER_PROBLEM, "addrtype: bad type `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "addrtype: bad type \"%s\"", arg);
}
#define IPT_ADDRTYPE_OPT_SRCTYPE 0x1
switch (c) {
case '1':
if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->source);
break;
case '2':
if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->dest);
switch (c) {
case '1':
if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->source);
break;
case '2':
if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->dest);
break;
case '3':
if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify limit-iface-in twice");
info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_IN;
*flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN;
break;
case '4':
if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify limit-iface-out twice");
info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_OUT;
*flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT;
static void addrtype_check_v0(unsigned int flags)
{
if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: you must specify --src-type or --dst-type");
}
static void addrtype_check_v1(unsigned int flags)
{
if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: you must specify --src-type or --dst-type");
if (flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN &&
flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"addrtype: you can't specify both --limit-iface-in "
"and --limit-iface-out");
}
spi = strtoul(spistr,&ep,0) ;
if ( spistr == ep ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"AH no valid digits in spi `%s'", spistr);
}
if ( spi == ULONG_MAX && errno == ERANGE ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"spi `%s' specified too big: would overflow", spistr);
}
if ( *spistr != '\0' && *ep != '\0' ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"AH error parsing spi `%s'", spistr);
}
return spi;
switch (c) {
case '1':
if (*flags & AH_SPI)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
switch (c) {
case 'F':
if (*flags & IPT_ECN_OP_MATCH_CWR)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->operation |= IPT_ECN_OP_MATCH_CWR;
case 'G':
if (*flags & IPT_ECN_OP_MATCH_ECE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->operation |= IPT_ECN_OP_MATCH_ECE;
case 'H':
if (*flags & IPT_ECN_OP_MATCH_IP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
*flags |= IPT_ECN_OP_MATCH_IP;
einfo->operation |= IPT_ECN_OP_MATCH_IP;
if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN match: Value out of range");
einfo->ip_ect = result;
break;
static void ecn_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ECN match: some option required");
}
if (strncasecmp(icmp_codes[i].name, icmptype, strlen(icmptype))
== 0) {
if (match != limit)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Ambiguous ICMP type `%s':"
" `%s' or `%s'?",
icmptype,
*slash = '\0';
if (!xtables_strtoui(buffer, NULL, &number, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid ICMP type `%s'\n", buffer);
*type = number;
if (slash) {
if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid ICMP code `%s'\n",
slash+1);
code[0] = code[1] = number;
switch (c) {
case '1':
if (*flags == 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"icmp match: only use --icmp-type once!");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_icmp(argv[optind-1], &icmpinfo->type,
return IPT_POLICY_MATCH_IN;
if (strcmp(s, "out") == 0)
return IPT_POLICY_MATCH_OUT;
- exit_error(PARAMETER_PROBLEM, "policy_match: invalid dir `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "policy_match: invalid dir \"%s\"", s);
}
static int parse_policy(char *s)
return IPT_POLICY_MATCH_NONE;
if (strcmp(s, "ipsec") == 0)
return 0;
- exit_error(PARAMETER_PROBLEM, "policy match: invalid policy `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "policy match: invalid policy \"%s\"", s);
}
static int parse_mode(char *s)
return IPT_POLICY_MODE_TRANSPORT;
if (strcmp(s, "tunnel") == 0)
return IPT_POLICY_MODE_TUNNEL;
- exit_error(PARAMETER_PROBLEM, "policy match: invalid mode `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "policy match: invalid mode \"%s\"", s);
}
static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
if (info->flags & (IPT_POLICY_MATCH_IN|IPT_POLICY_MATCH_OUT))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --dir option");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --dir option");
info->flags |= parse_direction(argv[optind-1]);
break;
case '2':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --policy option");
info->flags |= parse_policy(argv[optind-1]);
break;
case '3':
if (info->flags & IPT_POLICY_MATCH_STRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --strict option");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --strict option");
info->flags |= IPT_POLICY_MATCH_STRICT;
break;
case '4':
if (e->match.reqid)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --reqid option");
e->match.reqid = 1;
break;
case '5':
if (e->match.spi)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --spi option");
e->match.spi = 1;
break;
case '6':
if (e->match.saddr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
e->match.saddr = 1;
break;
case '7':
if (e->match.daddr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
xtables_ipparse_any(argv[optind-1], &addr, &mask, &naddr);
if (naddr > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: name resolves to multiple IPs");
e->match.daddr = 1;
break;
case '8':
if (e->match.proto)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
e->proto = xtables_parse_protocol(argv[optind-1]);
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: protocol must ah/esp/ipcomp");
e->match.proto = 1;
e->invert.proto = invert;
break;
case '9':
if (e->match.mode)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: double --mode option");
mode = parse_mode(argv[optind-1]);
break;
case 'a':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: can't invert --next option");
if (++info->len == IPT_POLICY_MAX_ELEM)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: maximum policy depth reached");
break;
default:
int i;
if (info == NULL)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: no parameters given");
if (!(info->flags & (IPT_POLICY_MATCH_IN|IPT_POLICY_MATCH_OUT)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: neither --in nor --out specified");
if (info->flags & IPT_POLICY_MATCH_NONE) {
if (info->flags & IPT_POLICY_MATCH_STRICT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: policy none but --strict given");
if (info->len != 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: policy none but policy given");
} else
info->len++; /* increase len by 1, no --next after last element */
if (!(info->flags & IPT_POLICY_MATCH_STRICT) && info->len > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: multiple elements but no --strict");
for (i = 0; i < info->len; i++) {
if (info->flags & IPT_POLICY_MATCH_STRICT &&
!(e->match.reqid || e->match.spi || e->match.saddr ||
e->match.daddr || e->match.proto || e->match.mode))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: empty policy element");
if ((e->match.saddr || e->match.daddr)
&& ((e->mode == IPT_POLICY_MODE_TUNNEL && e->invert.mode) ||
(e->mode == IPT_POLICY_MODE_TRANSPORT && !e->invert.mode)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"policy match: --tunnel-src/--tunnel-dst "
"is only valid in tunnel mode");
}
else
realminfo->mask = 0xffffffff;
if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad realm value `%s'", optarg);
} else {
id = realm_name2id(optarg);
if (id == -1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Realm `%s' not found", optarg);
realminfo->id = id;
realminfo->mask = 0xffffffff;
static void realm_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"realm match: You must specify `--realm'");
}
switch (c) {
case '1': /* --set <set> <flag>[,<flag> */
if (info->flags[0])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--set can be specified only once");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-'
|| argv[optind][0] == '!')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--set requires two args.");
if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"setname `%s' too long, max %d characters.",
argv[optind-1], IP_SET_MAXNAMELEN - 1);
static void set_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must specify `--set' with proper arguments");
DEBUGP("final check OK\n");
}
else if (strncmp(ptr, "dst", 3) == 0)
info->flags[i++] |= IPSET_DST;
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must spefify (the comma separated list of) 'src' or 'dst'.");
}
if (tmp)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't follow bindings deeper than %i.",
IP_SET_MAX_BINDINGS - 1);
int sockfd = -1;
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (sockfd < 0)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Can't open socket to ipset.\n");
/* Send! */
return getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
req.set.name[IP_SET_MAXNAMELEN - 1] = '\0';
res = get_set_getsockopt(&req, &size);
if (res != 0)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Problem when communicating with ipset, errno=%d.\n",
errno);
if (size != sizeof(struct ip_set_req_get_set))
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Incorrect return size from kernel during ipset lookup, "
"(want %zu, got %zu)\n",
sizeof(struct ip_set_req_get_set), (size_t)size);
if (req.set.index == IP_SET_INVALID_ID)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Set %s doesn't exist.\n", setname);
info->index = req.set.index;
req.set.index = idx;
res = get_set_getsockopt(&req, &size);
if (res != 0)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Problem when communicating with ipset, errno=%d.\n",
errno);
if (size != sizeof(struct ip_set_req_get_set))
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Incorrect return size from kernel during ipset lookup, "
"(want %zu, got %zu)\n",
sizeof(struct ip_set_req_get_set), (size_t)size);
if (req.set.name[0] == '\0')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Set id %i in kernel doesn't exist.\n", idx);
strncpy(setname, req.set.name, IP_SET_MAXNAMELEN);
switch (c) {
case '2':
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ttl: Expected value between 0 and 255");
if (invert)
break;
case '3':
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ttl: Expected value between 0 and 255");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ttl: unexpected `!'");
info->mode = IPT_TTL_LT;
break;
case '4':
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ttl: Expected value between 0 and 255");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ttl: unexpected `!'");
info->mode = IPT_TTL_GT;
}
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify TTL option twice");
*flags = 1;
static void ttl_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TTL match: You must specify one of "
"`--ttl-eq', `--ttl-lt', `--ttl-gt");
}
switch (c) {
case '1':
if (CLASSIFY_string_to_priority(optarg, &clinfo->priority))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad class value `%s'", optarg);
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CLASSIFY: Can't specify --set-class twice");
*flags = 1;
break;
CLASSIFY_final_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CLASSIFY: Parameter --set-class is required");
}
markinfo->mask = strtoul(end+1, &end, 0);
if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --set-mark twice");
*flags = 1;
break;
case '2':
markinfo->mode = XT_CONNMARK_SAVE;
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --save-mark twice");
*flags = 1;
break;
case '3':
markinfo->mode = XT_CONNMARK_RESTORE;
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --restore-mark twice");
*flags = 1;
break;
case '4':
if (!*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --mask without a operation");
markinfo->mask = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MASK value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad MASK value \"%s\"", optarg);
break;
default:
return 0;
case 'n': /* --nfmask */
if (!(*flags & F_SR_MARK))
- exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
+ xtables_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
"or --restore-mark is required for "
"--nfmask");
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
case 'c': /* --ctmask */
if (!(*flags & F_SR_MARK))
- exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
+ xtables_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
"or --restore-mark is required for "
"--ctmask");
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
case 'm': /* --mask */
if (!(*flags & F_SR_MARK))
- exit_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
+ xtables_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
"or --restore-mark is required for "
"--mask");
if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
static void connmark_tg_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CONNMARK target: No operation specified");
}
switch (c) {
case '1':
if (*flags & CONNSECMARK_SAVE)
- exit_error(PARAMETER_PROBLEM, PFX
+ xtables_error(PARAMETER_PROBLEM, PFX
"Can't specify --save twice");
info->mode = CONNSECMARK_SAVE;
*flags |= CONNSECMARK_SAVE;
case '2':
if (*flags & CONNSECMARK_RESTORE)
- exit_error(PARAMETER_PROBLEM, PFX
+ xtables_error(PARAMETER_PROBLEM, PFX
"Can't specify --restore twice");
info->mode = CONNSECMARK_RESTORE;
*flags |= CONNSECMARK_RESTORE;
static void CONNSECMARK_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM, PFX "parameter required");
+ xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
if (flags == (CONNSECMARK_SAVE|CONNSECMARK_RESTORE))
- exit_error(PARAMETER_PROBLEM, PFX "only one flag of --save "
+ xtables_error(PARAMETER_PROBLEM, PFX "only one flag of --save "
"or --restore is allowed");
}
break;
default:
- exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
+ xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
}
}
unsigned int dscp;
if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid dscp `%s'\n", s);
if (dscp > XT_DSCP_MAX)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP `%d` out of range\n", dscp);
dinfo->dscp = dscp;
switch (c) {
case 'F':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP target: Only use --set-dscp ONCE!");
parse_dscp(optarg, dinfo);
*flags = 1;
break;
case 'G':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP target: Only use --set-dscp-class ONCE!");
parse_class(optarg, dinfo);
*flags = 1;
static void DSCP_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP target: Parameter --set-dscp is required");
}
switch (c) {
case '1':
if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
markinfo->mark = mark;
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"MARK target: Can't specify --set-mark twice");
*flags = 1;
break;
case '2':
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"MARK target: kernel too old for --and-mark");
case '3':
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"MARK target: kernel too old for --or-mark");
default:
return 0;
static void MARK_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"MARK target: Parameter --set/and/or-mark"
" is required");
}
}
if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
markinfo->mark = mark;
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"MARK target: Can't specify --set-mark twice");
*flags = 1;
static void mark_tg_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "MARK: One of the --set-xmark, "
+ xtables_error(PARAMETER_PROBLEM, "MARK: One of the --set-xmark, "
"--{and,or,xor,set}-mark options is required");
}
switch (c) {
case NFLOG_GROUP:
if (*flags & NFLOG_GROUP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --nflog-group twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --nflog-group");
n = atoi(optarg);
if (n < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--nflog-group can not be negative");
info->group = n;
break;
case NFLOG_PREFIX:
if (*flags & NFLOG_PREFIX)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --nflog-prefix twice");
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected `!' after --nflog-prefix");
length = strlen(optarg);
if (length == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"No prefix specified for --nflog-prefix");
if (length >= sizeof(info->prefix))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--nflog-prefix too long, max %Zu characters",
sizeof(info->prefix) - 1);
if (length != strlen(strtok(optarg, "\n")))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Newlines are not allowed in --nflog-prefix");
strcpy(info->prefix, optarg);
break;
case NFLOG_RANGE:
if (*flags & NFLOG_RANGE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --nflog-range twice");
n = atoi(optarg);
if (n < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid --nflog-range, must be >= 0");
info->len = n;
break;
case NFLOG_THRESHOLD:
if (*flags & NFLOG_THRESHOLD)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify --nflog-threshold twice");
n = atoi(optarg);
if (n < 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid --nflog-threshold, must be >= 1");
info->threshold = n;
break;
unsigned int num;
if (!xtables_strtoui(s, NULL, &num, 0, UINT16_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid queue number `%s'\n", s);
tinfo->queuenum = num & 0xffff;
switch (c) {
case 'F':
if (*flags)
- exit_error(PARAMETER_PROBLEM, "NFQUEUE target: "
+ xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
"Only use --queue-num ONCE!");
parse_num(optarg, tinfo);
break;
switch (c) {
case RATEEST_OPT_NAME:
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: can't specify --rateest-name twice");
*flags |= 1 << c;
case RATEEST_OPT_INTERVAL:
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: can't specify --rateest-interval twice");
*flags |= 1 << c;
if (RATEEST_get_time(&interval, optarg) < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: bad interval value `%s'", optarg);
break;
case RATEEST_OPT_EWMALOG:
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: can't specify --rateest-ewmalog twice");
*flags |= 1 << c;
if (RATEEST_get_time(&ewma_log, optarg) < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: bad ewmalog value `%s'", optarg);
break;
struct xt_rateest_target_info *info = RATEEST_info;
if (!(flags & (1 << RATEEST_OPT_NAME)))
- exit_error(PARAMETER_PROBLEM, "RATEEST: no name specified");
+ xtables_error(PARAMETER_PROBLEM, "RATEEST: no name specified");
if (!(flags & (1 << RATEEST_OPT_INTERVAL)))
- exit_error(PARAMETER_PROBLEM, "RATEEST: no interval specified");
+ xtables_error(PARAMETER_PROBLEM, "RATEEST: no interval specified");
if (!(flags & (1 << RATEEST_OPT_EWMALOG)))
- exit_error(PARAMETER_PROBLEM, "RATEEST: no ewmalog specified");
+ xtables_error(PARAMETER_PROBLEM, "RATEEST: no ewmalog specified");
for (info->interval = 0; info->interval <= 5; info->interval++) {
if (interval <= (1 << info->interval) * (TIME_UNITS_PER_SEC / 4))
}
if (info->interval > 5)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: interval value is too large");
info->interval -= 2;
info->ewma_log--;
if (info->ewma_log == 0 || info->ewma_log >= 31)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"RATEEST: ewmalog value is out of range");
}
switch (c) {
case '1':
if (*flags & SECMARK_MODE_SEL)
- exit_error(PARAMETER_PROBLEM, PFX
+ xtables_error(PARAMETER_PROBLEM, PFX
"Can't specify --selctx twice");
info->mode = SECMARK_MODE_SEL;
if (strlen(optarg) > SECMARK_SELCTX_MAX-1)
- exit_error(PARAMETER_PROBLEM, PFX
+ xtables_error(PARAMETER_PROBLEM, PFX
"Maximum length %u exceeded by --selctx"
" parameter (%zu)",
SECMARK_SELCTX_MAX-1, strlen(optarg));
static void SECMARK_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM, PFX "parameter required");
+ xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
}
static void print_secmark(struct xt_secmark_target_info *info)
break;
default:
- exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
+ xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
}
}
case '1':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TCPMSS target: Only one option may be specified");
if (!xtables_strtoui(optarg, NULL, &mssval,
0, UINT16_MAX - hdrsize))
- exit_error(PARAMETER_PROBLEM, "Bad TCPMSS value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad TCPMSS value \"%s\"", optarg);
mssinfo->mss = mssval;
*flags = 1;
case '2':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TCPMSS target: Only one option may be specified");
mssinfo->mss = XT_TCPMSS_CLAMP_PMTU;
*flags = 1;
static void TCPMSS_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TCPMSS target: At least one parameter is required");
}
if (option == 0 &&
!xtables_strtoui(arg, NULL, &option, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad TCP option value \"%s\"", arg);
if (option < 2)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Option value may not be 0 or 1");
if (tcpoptstrip_test_bit(info->strip_bmap, option))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Option \"%s\" already specified", arg);
tcpoptstrip_set_bit(info->strip_bmap, option);
switch (c) {
case 's':
if (*flags & FLAG_STRIP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You can specify --strip-options only once");
parse_list(info, optarg);
*flags |= FLAG_STRIP;
static void tcpoptstrip_tg_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TCPOPTSTRIP: --strip-options parameter required");
}
if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
if (tvm.mask != 0xFF)
- exit_error(PARAMETER_PROBLEM, "tos match: Your kernel "
+ xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel "
"is too old to support anything besides "
"/0xFF as a mask.");
info->tos = tvm.value;
static void tos_tg_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TOS: The --set-tos parameter is required");
}
static void tproxy_tg_check(unsigned int flags)
{
if (!(flags & PARAM_ONPORT))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"TPROXY target: Parameter --on-port is required");
}
int slen = strlen(s);
if (slen >= XT_MAX_COMMENT_LEN) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"COMMENT must be shorter than %i characters", XT_MAX_COMMENT_LEN);
}
strcpy((char *)info->comment, s);
case '1':
xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (invert) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Sorry, you can't have an inverted comment");
}
parse_comment(argv[optind-1], commentinfo);
static void comment_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"COMMENT match: You must specify `--comment'");
}
si->count.from = strtoul(arg,&colon,10);
if (*colon != ':')
- exit_error(PARAMETER_PROBLEM, "Bad range `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad range \"%s\"", arg);
si->count.to = strtoul(colon+1,&p,10);
if (p == colon+1) {
/* second number omited */
si->count.to = 0xffffffff;
}
if (si->count.from > si->count.to)
- exit_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
+ xtables_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
(unsigned long long)si->count.from,
(unsigned long long)si->count.to);
}
else if (!strcmp(optarg, "both"))
sinfo->direction = XT_CONNBYTES_DIR_BOTH;
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown --connbytes-dir `%s'", optarg);
*flags |= 2;
else if (!strcmp(optarg, "avgpkt"))
sinfo->what = XT_CONNBYTES_AVGPKT;
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown --connbytes-mode `%s'", optarg);
*flags |= 4;
break;
static void connbytes_check(unsigned int flags)
{
if (flags != 7)
- exit_error(PARAMETER_PROBLEM, "You must specify `--connbytes'"
+ xtables_error(PARAMETER_PROBLEM, "You must specify `--connbytes'"
"`--connbytes-dir' and `--connbytes-mode'");
}
switch (c) {
case 'A':
if (*flags & 0x1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--connlimit-above may be given only once");
*flags |= 0x1;
xtables_check_inverse(optarg, &invert, &optind, 0);
break;
case 'M':
if (*flags & 0x2)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--connlimit-mask may be given only once");
*flags |= 0x2;
i = strtoul(argv[optind-1], &err, 0);
if (family == NFPROTO_IPV6) {
if (i > 128 || *err != '\0')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--connlimit-mask must be between "
"0 and 128");
prefix_to_netmask(info->v6_mask, i);
} else {
if (i > 32 || *err != '\0')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--connlimit-mask must be between "
"0 and 32");
if (i == 0)
static void connlimit_check(unsigned int flags)
{
if (!(flags & 0x1))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must specify \"--connlimit-above\"");
}
markinfo->mask = strtoul(end+1, &end, 0);
if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
if (invert)
markinfo->invert = 1;
*flags = 1;
static void connmark_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"connmark: The --mark option is required");
}
while ((comma = strchr(arg, ',')) != NULL) {
if (comma == arg || !parse_state(arg, comma-arg, sinfo))
- exit_error(PARAMETER_PROBLEM, "Bad ctstate `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad ctstate \"%s\"", arg);
arg = comma+1;
}
if (!*arg)
- exit_error(PARAMETER_PROBLEM, "`--ctstate' requires a list of "
+ xtables_error(PARAMETER_PROBLEM, "\"--ctstate\" requires a list of "
"states with no spaces, e.g. "
"ESTABLISHED,RELATED");
if (strlen(arg) == 0 || !parse_state(arg, strlen(arg), sinfo))
- exit_error(PARAMETER_PROBLEM, "Bad ctstate `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad ctstate \"%s\"", arg);
}
static bool
while ((comma = strchr(arg, ',')) != NULL) {
if (comma == arg || !conntrack_ps_state(info, arg, comma - arg))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad ctstate \"%s\"", arg);
arg = comma + 1;
}
if (strlen(arg) == 0 || !conntrack_ps_state(info, arg, strlen(arg)))
- exit_error(PARAMETER_PROBLEM, "Bad ctstate \"%s\"", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad ctstate \"%s\"", arg);
}
static int
while ((comma = strchr(arg, ',')) != NULL) {
if (comma == arg || !parse_status(arg, comma-arg, sinfo))
- exit_error(PARAMETER_PROBLEM, "Bad ctstatus `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad ctstatus \"%s\"", arg);
arg = comma+1;
}
if (strlen(arg) == 0 || !parse_status(arg, strlen(arg), sinfo))
- exit_error(PARAMETER_PROBLEM, "Bad ctstatus `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad ctstatus \"%s\"", arg);
}
static bool
while ((comma = strchr(arg, ',')) != NULL) {
if (comma == arg || !conntrack_ps_status(info, arg, comma - arg))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad ctstatus \"%s\"", arg);
arg = comma + 1;
}
if (strlen(arg) == 0 || !conntrack_ps_status(info, arg, strlen(arg)))
- exit_error(PARAMETER_PROBLEM, "Bad ctstatus \"%s\"", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad ctstatus \"%s\"", arg);
}
static unsigned long
unsigned int len;
if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s);
+ xtables_error(PARAMETER_PROBLEM, "expire value invalid: \"%s\"\n", s);
else
return len;
}
free(buffer);
if (sinfo->expires_min > sinfo->expires_max)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"expire min. range value `%lu' greater than max. "
"range value `%lu'", sinfo->expires_min, sinfo->expires_max);
}
xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
if (min > max)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"expire min. range value \"%u\" greater than max. "
"range value \"%u\"", min, max);
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & XT_INV_PROTO))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
sinfo->flags |= XT_CONNTRACK_PROTO;
&sinfo->sipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
&sinfo->dipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
&sinfo->sipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
&sinfo->dipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
info->l4proto = xtables_parse_protocol(optarg);
if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO))
- exit_error(PARAMETER_PROBLEM, "conntrack: rule would "
+ xtables_error(PARAMETER_PROBLEM, "conntrack: rule would "
"never match protocol");
info->match_flags |= XT_CONNTRACK_PROTO;
xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in,
&naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->origsrc_addr.in, addr, sizeof(*addr));
xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in,
&naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->origdst_addr.in, addr, sizeof(*addr));
xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in,
&naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->replsrc_addr.in, addr, sizeof(*addr));
xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in,
&naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->repldst_addr.in, addr, sizeof(*addr));
xtables_ip6parse_any(optarg, &addr,
&info->origsrc_mask.in6, &naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->origsrc_addr.in6, addr, sizeof(*addr));
xtables_ip6parse_any(optarg, &addr,
&info->origdst_mask.in6, &naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->origdst_addr.in, addr, sizeof(*addr));
xtables_ip6parse_any(optarg, &addr,
&info->replsrc_mask.in6, &naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->replsrc_addr.in, addr, sizeof(*addr));
xtables_ip6parse_any(optarg, &addr,
&info->repldst_mask.in6, &naddrs);
if (naddrs > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if (naddrs == 1)
memcpy(&info->repldst_addr.in, addr, sizeof(*addr));
static void conntrack_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "conntrack: At least one option "
+ xtables_error(PARAMETER_PROBLEM, "conntrack: At least one option "
"is required");
}
ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF;
if (ports[0] > ports[1])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid portrange (min > max)");
}
free(buffer);
}
}
if (i == sizeof(dccp_pkt_types)/sizeof(char *))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown DCCP type `%s'", ptr);
}
unsigned int ret;
if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'",
+ xtables_error(PARAMETER_PROBLEM, "Bad DCCP option \"%s\"",
optstring);
return ret;
switch (c) {
case '1':
if (*flags & XT_DCCP_SRC_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_DCCP_SRC_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0);
case '2':
if (*flags & XT_DCCP_DEST_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_DCCP_DEST_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0);
case '3':
if (*flags & XT_DCCP_TYPE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--dccp-types' allowed");
einfo->flags |= XT_DCCP_TYPE;
xtables_check_inverse(optarg, &invert, &optind, 0);
case '4':
if (*flags & XT_DCCP_OPTION)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--dccp-option' allowed");
einfo->flags |= XT_DCCP_OPTION;
xtables_check_inverse(optarg, &invert, &optind, 0);
unsigned int dscp;
if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid dscp `%s'\n", s);
if (dscp > XT_DSCP_MAX)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP `%d` out of range\n", dscp);
dinfo->dscp = dscp;
switch (c) {
case 'F':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dscp(argv[optind-1], dinfo);
case 'G':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp-class ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_class(argv[optind - 1], dinfo);
static void dscp_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"DSCP match: Parameter --dscp is required");
}
spi = strtoul(spistr,&ep,0) ;
if ( spistr == ep ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ESP no valid digits in spi `%s'", spistr);
}
if ( spi == ULONG_MAX && errno == ERANGE ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"spi `%s' specified too big: would overflow", spistr);
}
if ( *spistr != '\0' && *ep != '\0' ) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ESP error parsing spi `%s'", spistr);
}
return spi;
spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
if (spis[0] > spis[1])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid ESP spi range: %s", spistring);
}
free(buffer);
switch (c) {
case '1':
if (*flags & ESP_SPI)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--espspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_esp_spis(argv[optind-1], espinfo->spis);
/* This would get mapped to infinite (1/day is minimum they
can specify, so we're ok at that end). */
if (r / mult > XT_HASHLIMIT_SCALE)
- exit_error(PARAMETER_PROBLEM, "Rate too fast `%s'\n", rate);
+ xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
*val = XT_HASHLIMIT_SCALE * mult / r;
return 1;
*flags & PARAM_LIMIT);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->cfg.avg))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
*flags |= PARAM_LIMIT;
break;
*flags & PARAM_BURST);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-burst `%s'", optarg);
r->cfg.burst = num;
*flags |= PARAM_BURST;
*flags & PARAM_SIZE);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-size: `%s'", optarg);
r->cfg.size = num;
*flags |= PARAM_SIZE;
*flags & PARAM_MAX);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-max: `%s'", optarg);
r->cfg.max = num;
*flags |= PARAM_MAX;
*flags & PARAM_GCINTERVAL);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-gcinterval: `%s'",
optarg);
/* FIXME: not HZ dependent!! */
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-expire: `%s'", optarg);
/* FIXME: not HZ dependent */
r->cfg.expire = num;
*flags & PARAM_MODE);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (parse_mode(&r->cfg.mode, optarg) < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-mode: `%s'\n", optarg);
*flags |= PARAM_MODE;
break;
*flags & PARAM_NAME);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (strlen(optarg) == 0)
- exit_error(PARAMETER_PROBLEM, "Zero-length name?");
+ xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(r->name, optarg, sizeof(r->name));
*flags |= PARAM_NAME;
break;
}
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"hashlimit does not support invert");
return 1;
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
if (strlen(optarg) == 0)
- exit_error(PARAMETER_PROBLEM, "Zero-length name?");
+ xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(info->name, optarg, sizeof(info->name));
info->name[sizeof(info->name)-1] = '\0';
*flags |= PARAM_NAME;
static void hashlimit_check(unsigned int flags)
{
if (!(flags & PARAM_LIMIT))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You have to specify --hashlimit");
if (!(flags & PARAM_MODE))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You have to specify --hashlimit-mode");
if (!(flags & PARAM_NAME))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You have to specify --hashlimit-name");
}
static void hashlimit_mt_check(unsigned int flags)
{
if (!(flags & PARAM_LIMIT))
- exit_error(PARAMETER_PROBLEM, "You have to specify "
+ xtables_error(PARAMETER_PROBLEM, "You have to specify "
"--hashlimit-upto or --hashlimit-above");
if (!(flags & PARAM_NAME))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You have to specify --hashlimit-name");
}
switch (c) {
case '1':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"helper match: Only use --helper ONCE!");
xtables_check_inverse(optarg, &invert, &invert, 0);
strncpy(info->name, optarg, 29);
static void helper_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"helper match: You must specify `--helper'");
}
ip = xtables_numeric_to_ipaddr(arg);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
arg);
range->min_ip = ip->s_addr;
if (dash != NULL) {
ip = xtables_numeric_to_ipaddr(dash+1);
if (!ip)
- exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
+ xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
dash+1);
range->max_ip = ip->s_addr;
} else {
switch (c) {
case '1':
if (*flags & IPRANGE_SRC)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"iprange match: Only use --src-range ONCE!");
*flags |= IPRANGE_SRC;
case '2':
if (*flags & IPRANGE_DST)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"iprange match: Only use --dst-range ONCE!");
*flags |= IPRANGE_DST;
static void iprange_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"iprange match: You must specify `--src-range' or `--dst-range'");
}
unsigned int len;
if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s);
+ xtables_error(PARAMETER_PROBLEM, "length invalid: \"%s\"\n", s);
else
return len;
}
free(buffer);
if (info->min > info->max)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"length min. range value `%u' greater than max. "
"range value `%u'", info->min, info->max);
switch (c) {
case '1':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
xtables_check_inverse(optarg, &invert, &optind, 0);
static void length_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"length: You must specify `--length'");
}
/* This would get mapped to infinite (1/day is minimum they
can specify, so we're ok at that end). */
if (r / mult > XT_LIMIT_SCALE)
- exit_error(PARAMETER_PROBLEM, "Rate too fast `%s'\n", rate);
+ xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
*val = XT_LIMIT_SCALE * mult / r;
return 1;
/* FIXME: handle overflow:
if (r->avg*r->burst/r->burst != r->avg)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Sorry: burst too large for that avg rate.\n");
*/
case '%':
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->avg))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
r->burst = num;
break;
}
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"limit does not support invert");
return 1;
unsigned int i = 0;
if (strlen(mac) != ETH_ALEN*3-1)
- exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
+ xtables_error(PARAMETER_PROBLEM, "Bad mac address \"%s\"", mac);
for (i = 0; i < ETH_ALEN; i++) {
long number;
&& number <= 255)
info->srcaddr[i] = number;
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad mac address `%s'", mac);
}
}
static void mac_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You must specify `--mac-source'");
}
} else
markinfo->mask = 0xffffffff;
if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
if (invert)
markinfo->invert = 1;
*flags = 1;
static void mark_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"mark match: The --mark option is required");
}
unsigned int i;
buffer = strdup(portstring);
- if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
+ if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
for (cp=buffer, i=0; cp && i<XT_MULTI_PORTS; cp=next,i++)
{
if (next) *next++='\0';
ports[i] = xtables_parse_port(cp, proto);
}
- if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified");
+ if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
free(buffer);
return i;
}
u_int16_t m;
buffer = strdup(portstring);
- if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
+ if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
for (i=0; i<XT_MULTI_PORTS; i++)
multiinfo->pflags[i] = 0;
range = strchr(cp, ':');
if (range) {
if (i == XT_MULTI_PORTS-1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"too many ports specified");
*range++ = '\0';
}
multiinfo->pflags[i] = 1;
multiinfo->ports[++i] = xtables_parse_port(range, proto);
if (multiinfo->ports[i-1] >= multiinfo->ports[i])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid portrange specified");
m <<= 1;
}
}
multiinfo->count = i;
- if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified");
+ if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
free(buffer);
}
char *proto;
if (invflags & XT_INV_PROTO)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
if ((proto = proto_to_name(pnum)) != NULL)
return proto;
else if (!pnum)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiport needs `-p tcp', `-p udp', `-p udplite', "
"`-p sctp' or `-p dccp'");
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
}
}
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiport does not support invert");
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiport can only have one option");
*flags = 1;
return 1;
multiinfo->invert = 1;
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiport can only have one option");
*flags = 1;
return 1;
static void multiport_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM, "multiport expection an option");
+ xtables_error(PARAMETER_PROBLEM, "multiport expection an option");
}
static char *
case 'c':
xtables_param_act(XTF_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM);
if (strlen(optarg) > sizeof(info->comm))
- exit_error(PARAMETER_PROBLEM, "owner match: command "
+ xtables_error(PARAMETER_PROBLEM, "owner match: command "
"\"%s\" too long, max. %zu characters",
optarg, sizeof(info->comm));
static void owner_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "owner: At least one of "
+ xtables_error(PARAMETER_PROBLEM, "owner: At least one of "
"--uid-owner, --gid-owner or --socket-exists "
"is required");
}
return 1;
multiple_use:
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple use of the same physdev option is not allowed");
}
static void physdev_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "PHYSDEV: no physdev option specified");
+ xtables_error(PARAMETER_PROBLEM, "PHYSDEV: no physdev option specified");
}
static void
}
}
- exit_error(PARAMETER_PROBLEM, "Bad packet type '%s'", pkttype);
+ xtables_error(PARAMETER_PROBLEM, "Bad packet type '%s'", pkttype);
}
static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags,
static void pkttype_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM, "You must specify `--pkt-type'");
+ xtables_error(PARAMETER_PROBLEM, "You must specify \"--pkt-type\"");
}
static void print_pkttype(struct xt_pkttype_info *info)
#endif
if (*quota == UINT64_MAX)
- exit_error(PARAMETER_PROBLEM, "quota invalid: '%s'\n", s);
+ xtables_error(PARAMETER_PROBLEM, "quota invalid: '%s'\n", s);
else
return 1;
}
switch (c) {
case '1':
if (xtables_check_inverse(optarg, &invert, NULL, 0))
- exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
+ xtables_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
if (!parse_quota(optarg, &info->quota))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"bad quota: '%s'", optarg);
break;
case OPT_RATEEST1:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest1 twice");
*flags |= 1 << c;
case OPT_RATEEST2:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest2 twice");
*flags |= 1 << c;
case OPT_RATEEST_BPS1:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest-bps1 twice");
*flags |= 1 << c;
break;
if (rateest_get_rate(&info->bps1, argv[optind]) < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: could not parse rate `%s'",
argv[optind]);
optind++;
case OPT_RATEEST_PPS1:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest-pps1 twice");
*flags |= 1 << c;
break;
if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: could not parse pps `%s'",
argv[optind]);
info->pps1 = val;
case OPT_RATEEST_BPS2:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest-bps2 twice");
*flags |= 1 << c;
break;
if (rateest_get_rate(&info->bps2, argv[optind]) < 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: could not parse rate `%s'",
argv[optind]);
optind++;
case OPT_RATEEST_PPS2:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest-pps2 twice");
*flags |= 1 << c;
break;
if (!xtables_strtoui(argv[optind], NULL, &val, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: could not parse pps `%s'",
argv[optind]);
info->pps2 = val;
case OPT_RATEEST_DELTA:
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-delta can't be inverted");
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify --rateest-delta twice");
*flags |= 1 << c;
xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify lt/gt/eq twice");
*flags |= 1 << c;
xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify lt/gt/eq twice");
*flags |= 1 << c;
xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify lt/gt/eq twice");
*flags |= 1 << c;
struct xt_rateest_match_info *info = rateest_info;
if (info == NULL)
- exit_error(PARAMETER_PROBLEM, "rateest match: "
+ xtables_error(PARAMETER_PROBLEM, "rateest match: "
"you need to specify some flags");
if (!(info->flags & XT_RATEEST_MATCH_REL))
info->flags |= XT_RATEEST_MATCH_ABS;
switch (c) {
case 201:
if (*flags & RECENT_CMDS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
xtables_check_inverse(optarg, &invert, &optind, 0);
case 202:
if (*flags & RECENT_CMDS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
xtables_check_inverse(optarg, &invert, &optind, 0);
case 203:
if (*flags & RECENT_CMDS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
xtables_check_inverse(optarg, &invert, &optind, 0);
case 206:
if (*flags & RECENT_CMDS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
xtables_check_inverse(optarg, &invert, &optind, 0);
static void recent_check(unsigned int flags)
{
if (!(flags & RECENT_CMDS))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"recent: you must specify one of `--set', `--rcheck' "
"`--update' or `--remove'");
if ((flags & XT_RECENT_TTL) &&
(flags & (XT_RECENT_SET | XT_RECENT_REMOVE)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"recent: --rttl may only be used with --rcheck or "
"--update");
}
ports[1] = cp[0] ? xtables_parse_port(cp, "sctp") : 0xFFFF;
if (ports[0] > ports[1])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid portrange (min > max)");
}
free(buffer);
}
if (*flag_count == XT_NUM_SCTP_FLAGS) {
- exit_error (PARAMETER_PROBLEM,
+ xtables_error (PARAMETER_PROBLEM,
"Number of chunk types with flags exceeds currently allowed limit."
"Increasing this limit involves changing IPT_NUM_SCTP_FLAGS and"
"recompiling both the kernel space and user space modules\n");
}
}
if (!found)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown sctp chunk `%s'", ptr);
if (chunk_flags) {
&(einfo->flag_count), i, bit,
isupper(chunk_flags[j]));
} else {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid flags for chunk type %d\n", i);
}
}
} else if (!strcasecmp(match_type, "ONLY")) {
einfo->chunk_match_type = SCTP_CHUNK_MATCH_ONLY;
} else {
- exit_error (PARAMETER_PROBLEM,
+ xtables_error (PARAMETER_PROBLEM,
"Match type has to be one of \"ALL\", \"ANY\" or \"ONLY\"");
}
switch (c) {
case '1':
if (*flags & XT_SCTP_SRC_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_SCTP_SRC_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0);
case '2':
if (*flags & XT_SCTP_DEST_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_SCTP_DEST_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0);
case '3':
if (*flags & XT_SCTP_CHUNK_TYPES)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--chunk-types' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--chunk-types requires two args");
einfo->flags |= XT_SCTP_CHUNK_TYPES;
while ((comma = strchr(arg, ',')) != NULL) {
if (comma == arg || !state_parse_state(arg, comma-arg, sinfo))
- exit_error(PARAMETER_PROBLEM, "Bad state `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg);
arg = comma+1;
}
if (!*arg)
- exit_error(PARAMETER_PROBLEM, "`--state' requires a list of "
+ xtables_error(PARAMETER_PROBLEM, "\"--state\" requires a list of "
"states with no spaces, e.g. "
"ESTABLISHED,RELATED");
if (strlen(arg) == 0 || !state_parse_state(arg, strlen(arg), sinfo))
- exit_error(PARAMETER_PROBLEM, "Bad state `%s'", arg);
+ xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg);
}
static int
static void state_final_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM, "You must specify `--state'");
+ xtables_error(PARAMETER_PROBLEM, "You must specify \"--state\"");
}
static void state_print_state(unsigned int statemask)
switch (c) {
case '1':
if (*flags & 0x1)
- exit_error(PARAMETER_PROBLEM, "double --mode");
+ xtables_error(PARAMETER_PROBLEM, "double --mode");
if (!strcmp(optarg, "random"))
info->mode = XT_STATISTIC_MODE_RANDOM;
else if (!strcmp(optarg, "nth"))
info->mode = XT_STATISTIC_MODE_NTH;
else
- exit_error(PARAMETER_PROBLEM, "Bad mode `%s'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad mode \"%s\"", optarg);
*flags |= 0x1;
break;
case '2':
if (*flags & 0x2)
- exit_error(PARAMETER_PROBLEM, "double --probability");
+ xtables_error(PARAMETER_PROBLEM, "double --probability");
prob = atof(optarg);
if (prob < 0 || prob > 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--probability must be between 0 and 1");
info->u.random.probability = 0x80000000 * prob;
*flags |= 0x2;
break;
case '3':
if (*flags & 0x4)
- exit_error(PARAMETER_PROBLEM, "double --every");
+ xtables_error(PARAMETER_PROBLEM, "double --every");
if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"cannot parse --every `%s'", optarg);
info->u.nth.every = val;
if (info->u.nth.every == 0)
- exit_error(PARAMETER_PROBLEM, "--every cannot be 0");
+ xtables_error(PARAMETER_PROBLEM, "--every cannot be 0");
info->u.nth.every--;
*flags |= 0x4;
break;
case '4':
if (*flags & 0x8)
- exit_error(PARAMETER_PROBLEM, "double --packet");
+ xtables_error(PARAMETER_PROBLEM, "double --packet");
if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"cannot parse --packet `%s'", optarg);
info->u.nth.packet = val;
*flags |= 0x8;
static void statistic_check(unsigned int flags)
{
if (!(flags & 0x1))
- exit_error(PARAMETER_PROBLEM, "no mode specified");
+ xtables_error(PARAMETER_PROBLEM, "no mode specified");
if ((flags & 0x2) && (flags & (0x4 | 0x8)))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"both nth and random parameters given");
if (flags & 0x2 && global_info->mode != XT_STATISTIC_MODE_RANDOM)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--probability can only be used in random mode");
if (flags & 0x4 && global_info->mode != XT_STATISTIC_MODE_NTH)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--every can only be used in nth mode");
if (flags & 0x8 && global_info->mode != XT_STATISTIC_MODE_NTH)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--packet can only be used in nth mode");
if ((flags & 0x8) && !(flags & 0x4))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--packet can only be used with --every");
/* at this point, info->u.nth.every have been decreased. */
if (global_info->u.nth.packet > global_info->u.nth.every)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"the --packet p must be 0 <= p <= n-1");
info->patlen = strlen(s);
return;
}
- exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
}
static void
strncpy(info->algo, s, XT_STRING_MAX_ALGO_NAME_SIZE);
return;
}
- exit_error(PARAMETER_PROBLEM, "ALGO too long `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "ALGO too long \"%s\"", s);
}
static void
slen = strlen(s);
if (slen == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"STRING must contain at least one char");
}
if (s[i] == '\\' && !hex_f) {
literal_f = 1;
} else if (s[i] == '\\') {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot include literals in hex data");
} else if (s[i] == '|') {
if (hex_f)
if (literal_f) {
if (i+1 >= slen) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad literal placement at end of string");
}
info->pattern[sindex] = s[i+1];
literal_f = 0;
} else if (hex_f) {
if (i+1 >= slen) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Odd number of hex digits");
}
if (i+2 >= slen) {
/* must end with a "|" */
- exit_error(PARAMETER_PROBLEM, "Invalid hex block");
+ xtables_error(PARAMETER_PROBLEM, "Invalid hex block");
}
if (! isxdigit(s[i])) /* check for valid hex char */
- exit_error(PARAMETER_PROBLEM, "Invalid hex char `%c'", s[i]);
+ xtables_error(PARAMETER_PROBLEM, "Invalid hex char '%c'", s[i]);
if (! isxdigit(s[i+1])) /* check for valid hex char */
- exit_error(PARAMETER_PROBLEM, "Invalid hex char `%c'", s[i+1]);
+ xtables_error(PARAMETER_PROBLEM, "Invalid hex char '%c'", s[i+1]);
hextmp[0] = s[i];
hextmp[1] = s[i+1];
hextmp[2] = '\0';
if (! sscanf(hextmp, "%x", &schar))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid hex char `%c'", s[i]);
info->pattern[sindex] = (char) schar;
if (s[i+2] == ' ')
i++;
}
if (sindex > XT_STRING_MAX_PATTERN_SIZE)
- exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s);
+ xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
sindex++;
}
info->patlen = sindex;
switch (c) {
case '1':
if (*flags & FROM)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple --from");
stringinfo->from_offset = atoi(optarg);
*flags |= FROM;
break;
case '2':
if (*flags & TO)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple --to");
stringinfo->to_offset = atoi(optarg);
*flags |= TO;
break;
case '3':
if (*flags & ALGO)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple --algo");
parse_algo(optarg, stringinfo);
*flags |= ALGO;
break;
case '4':
if (*flags & STRING)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple --string");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_string(argv[optind-1], stringinfo);
case '5':
if (*flags & STRING)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple --hex-string");
xtables_check_inverse(optarg, &invert, &optind, 0);
case '6':
if (revision == 0)
- exit_error(VERSION_PROBLEM,
+ xtables_error(VERSION_PROBLEM,
"Kernel doesn't support --icase");
stringinfo->u.v1.flags |= XT_STRING_FLAG_IGNORECASE;
static void string_check(unsigned int flags)
{
if (!(flags & STRING))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"STRING match: You must specify `--string' or "
"`--hex-string'");
if (!(flags & ALGO))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"STRING match: You must specify `--algo'");
}
ports[1] = cp[0] ? xtables_parse_port(cp, "tcp") : 0xFFFF;
if (ports[0] > ports[1])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid portrange (min > max)");
}
free(buffer);
}
}
if (i == sizeof(tcp_flag_names)/sizeof(struct tcp_flag_names))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown TCP flag `%s'", ptr);
}
unsigned int ret;
if (!xtables_strtoui(option, NULL, &ret, 1, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM, "Bad TCP option `%s'", option);
+ xtables_error(PARAMETER_PROBLEM, "Bad TCP option \"%s\"", option);
*result = ret;
}
switch (c) {
case '1':
if (*flags & TCP_SRC_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
case '2':
if (*flags & TCP_DST_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
case '3':
if (*flags & TCP_FLAGS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert);
case '4':
if (*flags & TCP_FLAGS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"--tcp-flags requires two args.");
parse_tcp_flags(tcpinfo, argv[optind-1], argv[optind],
case '5':
if (*flags & TCP_OPTION)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (!xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX))
return mssvaluenum;
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid mss `%s' specified", mssvalue);
}
switch (c) {
case '1':
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--mss' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_mssvalues(argv[optind-1],
static void tcpmss_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"tcpmss match: You must specify `--mss'");
}
if (ret >= 0)
return ret;
perror("mktime");
- exit_error(OTHER_PROBLEM, "mktime returned an error");
+ xtables_error(OTHER_PROBLEM, "mktime returned an error");
out:
- exit_error(PARAMETER_PROBLEM, "Invalid date \"%s\" specified. Should "
+ xtables_error(PARAMETER_PROBLEM, "Invalid date \"%s\" specified. Should "
"be YYYY[-MM[-DD[Thh[:mm[:ss]]]]]", os);
return -1;
}
return 60 * 60 * hour + 60 * minute + second;
out:
- exit_error(PARAMETER_PROBLEM, "invalid time \"%s\" specified, "
+ xtables_error(PARAMETER_PROBLEM, "invalid time \"%s\" specified, "
"should be hh:mm[:ss] format and within the boundaries", s);
return -1;
}
while (my_strseg(day, sizeof(day), &arg, ',') != NULL) {
i = strtoul(day, &err, 0);
if ((*err != ',' && *err != '\0') || i > 31)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s is not a valid day for --monthdays", day);
ret |= 1 << i;
}
i = strtoul(day, &err, 0);
if (*err == '\0') {
if (i == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"No, the week does NOT begin with Sunday.");
ret |= 1 << i;
continue;
}
if (!valid)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s is not a valid day specifier", day);
}
switch (c) {
case 'D': /* --datestart */
if (*flags & F_DATE_START)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --datestart twice");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected \"!\" with --datestart");
info->date_start = time_parse_date(optarg, false);
*flags |= F_DATE_START;
return 1;
case 'E': /* --datestop */
if (*flags & F_DATE_STOP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --datestop more than once");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unexpected \"!\" with --datestop");
info->date_stop = time_parse_date(optarg, true);
*flags |= F_DATE_STOP;
return 1;
case 'X': /* --timestart */
if (*flags & F_TIME_START)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --timestart more than once");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected \"!\" with --timestart");
info->daytime_start = time_parse_minutes(optarg);
*flags |= F_TIME_START;
return 1;
case 'Y': /* --timestop */
if (*flags & F_TIME_STOP)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --timestop more than once");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unexpected \"!\" with --timestop");
info->daytime_stop = time_parse_minutes(optarg);
*flags |= F_TIME_STOP;
return 1;
case 'l': /* --localtz */
if (*flags & F_TIMEZONE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can only specify exactly one of --localtz or --utc");
info->flags |= XT_TIME_LOCAL_TZ;
*flags |= F_TIMEZONE;
return 1;
case 'm': /* --monthdays */
if (*flags & F_MONTHDAYS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --monthdays more than once");
info->monthdays_match = time_parse_monthdays(optarg);
if (invert)
return 1;
case 'w': /* --weekdays */
if (*flags & F_WEEKDAYS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --weekdays more than once");
info->weekdays_match = time_parse_weekdays(optarg);
if (invert)
return 1;
case 'u': /* --utc */
if (*flags & F_TIMEZONE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can only specify exactly one of --localtz or --utc");
info->flags &= ~XT_TIME_LOCAL_TZ;
*flags |= F_TIMEZONE;
if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
if (tvm.mask != 0xFF)
- exit_error(PARAMETER_PROBLEM, "tos: Your kernel is "
+ xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is "
"too old to support anything besides /0xFF "
"as a mask.");
info->tos = tvm.value;
static void tos_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"tos: --tos parameter required");
}
errno = 0;
number = strtoul(*s, &end, 0);
if (end == *s)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %d: expected number", pos);
if (errno != 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %d: error reading number", pos);
*s = end;
return number;
if (*arg == '\0') {
/* end of argument found */
if (state == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: abrupt end of input after location specifier");
if (valind == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: test ended with no value specified");
ct->nnums = locind;
data->ntests = ++testind;
if (testind > XT_U32_MAXSIZE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: too many \"&&\"s",
(unsigned int)(arg - start));
return 1;
*/
if (*arg == '=') {
if (locind == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: "
"location spec missing",
(unsigned int)(arg - start));
ct->location[locind].nextop = XT_U32_AND;
} else if (*arg == '<') {
if (*++arg != '<')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: a second '<' was expected", (unsigned int)(arg - start));
ct->location[locind].nextop = XT_U32_LEFTSH;
} else if (*arg == '>') {
if (*++arg != '>')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: a second '>' was expected", (unsigned int)(arg - start));
ct->location[locind].nextop = XT_U32_RIGHTSH;
} else if (*arg == '@') {
ct->location[locind].nextop = XT_U32_AT;
} else {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: operator expected", (unsigned int)(arg - start));
}
++arg;
ct->location[locind].number =
parse_number(&arg, arg - start);
if (++locind > XT_U32_MAXSIZE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: too many operators", (unsigned int)(arg - start));
}
} else {
*/
if (*arg == '&') {
if (*++arg != '&')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: a second '&' was expected", (unsigned int)(arg - start));
if (valind == 0) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: value spec missing", (unsigned int)(arg - start));
} else {
ct->nnums = locind;
ct->nvalues = valind;
ct = &data->tests[++testind];
if (testind > XT_U32_MAXSIZE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: too many \"&&\"s", (unsigned int)(arg - start));
++arg;
state = 0;
} else { /* read value range */
if (valind > 0) { /* need , before number */
if (*arg != ',')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: expected \",\" or \"&&\"", (unsigned int)(arg - start));
++arg;
}
}
if (++valind > XT_U32_MAXSIZE)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: too many \",\"s", (unsigned int)(arg - start));
}
}
ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF;
if (ports[0] > ports[1])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid portrange (min > max)");
}
free(buffer);
switch (c) {
case '1':
if (*flags & UDP_SRC_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
case '2':
if (*flags & UDP_DST_PORTS)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
const char *p = end + 1;
if (!xtables_strtoui(p, &end, &value, 0, max))
- exit_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
+ xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
str);
tvm->mask = value;
}
if (*end != '\0')
- exit_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str);
+ xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str);
return true;
}
return true;
}
- exit_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", str);
+ xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", str);
return false;
}
int xtables_check_inverse(const char option[], int *invert,
int *my_optind, int argc);
extern struct xtables_globals *xt_params;
-#define exit_error xt_params->exit_err
+#define xtables_error (xt_params->exit_err)
extern void xtables_param_act(unsigned int, const char *, ...);
}
if (!handle) {
- exit_error(PARAMETER_PROBLEM, "%s: unable to initialize "
+ xtables_error(PARAMETER_PROBLEM, "%s: unable to initialize "
"table '%s'\n", ip6tables_globals.program_name,
tablename);
exit(1);
table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
ip6tables_globals.program_name,
line);
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
ip6tables_globals.program_name,
line);
if (noflush && ip6tc_is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
if (!ip6tc_flush_entries(chain, handle))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
if (!ip6tc_create_chain(chain, handle))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
strerror(errno));
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
ip6tables_globals.program_name,
line);
ctrs = strtok(NULL, " \t\n");
if (!ctrs || !parse_counters(ctrs, &count))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid policy counters "
"for chain '%s'\n", chain);
if (!ip6tc_set_policy(chain, policy, &count,
handle))
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
chain, policy, line,
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* check if table name specified */
if (!strncmp(param_buffer, "-t", 2)
|| !strncmp(param_buffer, "--table", 8)) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n", line);
exit(1);
param_buffer[param_len++] = *curchar;
if (param_len >= sizeof(param_buffer))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Parameter too long!");
}
}
procfile = fopen("/proc/net/ip6_tables_names", "r");
if (!procfile)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Unable to open /proc/net/ip6_tables_names: %s\n",
strerror(errno));
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Badly formed tablename `%s'\n",
tablename);
tablename[strlen(tablename) - 1] = '\0';
h = ip6tc_init(tablename);
if (!h)
- exit_error(OTHER_PROBLEM, "Can't initialize: %s\n",
+ xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
ip6tc_strerror(errno));
if (!show_binary) {
printf("# Completed on %s", ctime(&now));
} else {
/* Binary, huh? OK. */
- exit_error(OTHER_PROBLEM, "Binary NYI\n");
+ xtables_error(OTHER_PROBLEM, "Binary NYI\n");
}
ip6tc_free(h);
if (!(options & (1<<i))) {
if (commands_v_options[j][i] == '+')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You need to supply the `-%c' "
"option for this command\n",
optflags[i]);
}
}
if (legal == -1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Illegal option `-%c' with this command\n",
optflags[i]);
}
int invert)
{
if (invert)
- exit_error(PARAMETER_PROBLEM, "unexpected ! flag");
+ xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
if (*cmd & (~othercmds))
- exit_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
+ xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
*cmd |= newcmd;
}
unsigned int rulenum;
if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid rule number `%s'", rule);
return rulenum;
const char *ptr;
if (strlen(targetname) < 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid target name (too short)");
if (strlen(targetname)+1 > sizeof(ip6t_chainlabel))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid target name `%s' (%u chars max)",
targetname, (unsigned int)sizeof(ip6t_chainlabel)-1);
for (ptr = targetname; *ptr; ptr++)
if (isspace(*ptr))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid target name `%s'", targetname);
return targetname;
}
int invert)
{
if (*options & option)
- exit_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
+ xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
opt2char(option));
*options |= option;
for (i = 0; 1 << i != option; i++);
if (!inverse_for_options[i])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"cannot have ! before -%c",
opt2char(option));
*invflg |= inverse_for_options[i];
&& argv[optind][0] != '!')
rulenum = parse_rulenumber(argv[optind++]);
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires a rule number",
cmd2char(CMD_REPLACE));
break;
case 'N':
if (optarg && (*optarg == '-' || *optarg == '!'))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"chain name not allowed to start "
"with `%c'\n", *optarg);
if (xtables_find_target(optarg, XTF_TRY_LOAD))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"chain name may not clash "
"with target name\n");
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
&& argv[optind][0] != '!')
newname = argv[optind++];
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires old-chain-name and "
"new-chain-name",
cmd2char(CMD_RENAME_CHAIN));
&& argv[optind][0] != '!')
policy = argv[optind++];
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires a chain and a policy",
cmd2char(CMD_SET_POLICY));
break;
if (fw.ipv6.proto == 0
&& (fw.ipv6.invflags & IP6T_INV_PROTO))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
if (is_exthdr(fw.ipv6.proto)
target->extra_opts,
&target->option_offset);
if (opts == NULL)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"can't alloc memory!");
}
break;
size_t size;
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
case 't':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table");
*table = optarg;
break;
&& argv[optind][0] != '!')
bcnt = argv[optind++];
if (!bcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
if (sscanf(pcnt, "%llu", &cnt) != 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
fw.counters.pcnt = cnt;
if (sscanf(bcnt, "%llu", &cnt) != 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
fw.counters.bcnt = cnt;
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not"
" allowed");
invert = TRUE;
if (!m) {
if (c == '?') {
if (optopt) {
- exit_error(
+ xtables_error(
PARAMETER_PROBLEM,
"option `%s' "
"requires an "
"argument",
argv[optind-1]);
} else {
- exit_error(
+ xtables_error(
PARAMETER_PROBLEM,
"unknown option "
"`%s'",
argv[optind-1]);
}
}
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown arg `%s'", optarg);
}
}
/* Fix me: must put inverse options checking here --MN */
if (optind < argc)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unknown arguments found on commandline");
if (!command)
- exit_error(PARAMETER_PROBLEM, "no command specified");
+ xtables_error(PARAMETER_PROBLEM, "no command specified");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
if ((nsaddrs > 1 || ndaddrs > 1) &&
(fw.ipv6.invflags & (IP6T_INV_SRCIP | IP6T_INV_DSTIP)))
- exit_error(PARAMETER_PROBLEM, "! not allowed with multiple"
+ xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1))
- exit_error(PARAMETER_PROBLEM, "Replacement rule does not "
+ xtables_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
generic_opt_check(command, options);
if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"chain name `%s' too long (must be under %i chars)",
chain, IP6T_FUNCTION_MAXNAMELEN);
*handle = ip6tc_init(*table);
if (!*handle)
- exit_error(VERSION_PROBLEM,
+ xtables_error(VERSION_PROBLEM,
"can't initialize ip6tables table `%s': %s",
*table, ip6tc_strerror(errno));
|| strcmp(chain, "INPUT") == 0) {
/* -o not valid with incoming packets. */
if (options & OPT_VIANAMEOUT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
chain);
|| strcmp(chain, "OUTPUT") == 0) {
/* -i not valid with outgoing packets */
if (options & OPT_VIANAMEIN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
* chain. */
#ifdef IP6T_F_GOTO
if (fw.ipv6.flags & IP6T_F_GOTO)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"goto '%s' is not a chain\n", jumpto);
#endif
xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
}
if (!handle) {
- exit_error(PARAMETER_PROBLEM, "%s: unable to initialize "
+ xtables_error(PARAMETER_PROBLEM, "%s: unable to initialize "
"table '%s'\n", prog_name, tablename);
exit(1);
}
table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
prog_name, line);
exit(1);
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
prog_name, line);
exit(1);
if (noflush && iptc_is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
if (!iptc_flush_entries(chain, handle))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
if (!iptc_create_chain(chain, handle))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
strerror(errno));
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
prog_name, line);
exit(1);
ctrs = strtok(NULL, " \t\n");
if (!ctrs || !parse_counters(ctrs, &count))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"invalid policy counters "
"for chain '%s'\n", chain);
if (!iptc_set_policy(chain, policy, &count,
handle))
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
chain, policy, line,
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* check if table name specified */
if (!strncmp(param_buffer, "-t", 2)
|| !strncmp(param_buffer, "--table", 8)) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n", line);
exit(1);
param_buffer[param_len++] = *curchar;
if (param_len >= sizeof(param_buffer))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Parameter too long!");
}
}
procfile = fopen("/proc/net/ip_tables_names", "r");
if (!procfile)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Unable to open /proc/net/ip_tables_names: %s\n",
strerror(errno));
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"Badly formed tablename `%s'\n",
tablename);
tablename[strlen(tablename) - 1] = '\0';
h = iptc_init(tablename);
if (!h)
- exit_error(OTHER_PROBLEM, "Can't initialize: %s\n",
+ xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
iptc_strerror(errno));
if (!show_binary) {
printf("# Completed on %s", ctime(&now));
} else {
/* Binary, huh? OK. */
- exit_error(OTHER_PROBLEM, "Binary NYI\n");
+ xtables_error(OTHER_PROBLEM, "Binary NYI\n");
}
iptc_free(h);
saveChain(char *chain, char *policy, struct ipt_counters *ctr)
{
if (nextChain >= maxChains) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
prog_name, line);
exit(1);
table = strtok(buffer + 1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
prog_name, line);
exit(1);
chain = strtok(buffer + 1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
prog_name, line);
exit(1);
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
prog_name, line);
exit(1);
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer + 1, ":");
if (!pcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
if (!strncmp(param_buffer, "-t", 3)
|| !strncmp(param_buffer,
"--table", 8)) {
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n",
line);
if (!(options & (1<<i))) {
if (commands_v_options[j][i] == '+')
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"You need to supply the `-%c' "
"option for this command\n",
optflags[i]);
}
}
if (legal == -1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Illegal option `-%c' with this command\n",
optflags[i]);
}
int invert)
{
if (invert)
- exit_error(PARAMETER_PROBLEM, "unexpected ! flag");
+ xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
if (*cmd & (~othercmds))
- exit_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
+ xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
*cmd |= newcmd;
}
unsigned int rulenum;
if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid rule number `%s'", rule);
return rulenum;
const char *ptr;
if (strlen(targetname) < 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid target name (too short)");
if (strlen(targetname)+1 > sizeof(ipt_chainlabel))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid target name `%s' (%u chars max)",
targetname, (unsigned int)sizeof(ipt_chainlabel)-1);
for (ptr = targetname; *ptr; ptr++)
if (isspace(*ptr))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid target name `%s'", targetname);
return targetname;
}
int invert)
{
if (*options & option)
- exit_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
+ xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
opt2char(option));
*options |= option;
for (i = 0; 1 << i != option; i++);
if (!inverse_for_options[i])
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"cannot have ! before -%c",
opt2char(option));
*invflg |= inverse_for_options[i];
&& argv[optind][0] != '!')
rulenum = parse_rulenumber(argv[optind++]);
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires a rule number",
cmd2char(CMD_REPLACE));
break;
case 'N':
if (optarg && (*optarg == '-' || *optarg == '!'))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"chain name not allowed to start "
"with `%c'\n", *optarg);
if (xtables_find_target(optarg, XTF_TRY_LOAD))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"chain name may not clash "
"with target name\n");
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
&& argv[optind][0] != '!')
newname = argv[optind++];
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires old-chain-name and "
"new-chain-name",
cmd2char(CMD_RENAME_CHAIN));
&& argv[optind][0] != '!')
policy = argv[optind++];
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires a chain and a policy",
cmd2char(CMD_SET_POLICY));
break;
if (fw.ip.proto == 0
&& (fw.ip.invflags & IPT_INV_PROTO))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
break;
target->extra_opts,
&target->option_offset);
if (opts == NULL)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"can't alloc memory!");
}
break;
size_t size;
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
m->extra_opts,
&m->option_offset);
if (opts == NULL)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"can't alloc memory!");
}
}
case 't':
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table");
*table = optarg;
break;
&& argv[optind][0] != '!')
bcnt = argv[optind++];
if (!bcnt)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
if (sscanf(pcnt, "%llu", &cnt) != 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
fw.counters.pcnt = cnt;
if (sscanf(bcnt, "%llu", &cnt) != 1)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
fw.counters.bcnt = cnt;
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not"
" allowed");
invert = TRUE;
m->extra_opts,
&m->option_offset);
if (opts == NULL)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"can't alloc memory!");
optind--;
if (!m) {
if (c == '?') {
if (optopt) {
- exit_error(
+ xtables_error(
PARAMETER_PROBLEM,
"option `%s' "
"requires an "
"argument",
argv[optind-1]);
} else {
- exit_error(
+ xtables_error(
PARAMETER_PROBLEM,
"unknown option "
"`%s'",
argv[optind-1]);
}
}
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Unknown arg `%s'", optarg);
}
}
/* Fix me: must put inverse options checking here --MN */
if (optind < argc)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"unknown arguments found on commandline");
if (!command)
- exit_error(PARAMETER_PROBLEM, "no command specified");
+ xtables_error(PARAMETER_PROBLEM, "no command specified");
if (invert)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
if ((nsaddrs > 1 || ndaddrs > 1) &&
(fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP)))
- exit_error(PARAMETER_PROBLEM, "! not allowed with multiple"
+ xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1))
- exit_error(PARAMETER_PROBLEM, "Replacement rule does not "
+ xtables_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
generic_opt_check(command, options);
if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"chain name `%s' too long (must be under %i chars)",
chain, IPT_FUNCTION_MAXNAMELEN);
*handle = iptc_init(*table);
if (!*handle)
- exit_error(VERSION_PROBLEM,
+ xtables_error(VERSION_PROBLEM,
"can't initialize iptables table `%s': %s",
*table, iptc_strerror(errno));
|| strcmp(chain, "INPUT") == 0) {
/* -o not valid with incoming packets. */
if (options & OPT_VIANAMEOUT)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
chain);
|| strcmp(chain, "OUTPUT") == 0) {
/* -i not valid with outgoing packets */
if (options & OPT_VIANAMEIN)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
* chain. */
#ifdef IPT_F_GOTO
if (fw.ip.flags & IPT_F_GOTO)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"goto '%s' is not a chain\n", jumpto);
#endif
xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
projects / thirdparty / iptables.git / commitdiff
