exit_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
- e->proto = parse_protocol(argv[optind-1]);
+ e->proto = xtables_parse_protocol(argv[optind-1]);
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
exit_error(PARAMETER_PROBLEM,
exit_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
- e->proto = parse_protocol(argv[optind-1]);
+ e->proto = xtables_parse_protocol(argv[optind-1]);
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
exit_error(PARAMETER_PROBLEM,
*protocol = tolower(*protocol);
protocol = argv[optind-1];
- sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = parse_protocol(protocol);
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum =
+ xtables_parse_protocol(protocol);
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & XT_INV_PROTO))
/* Canonicalize into lower case */
for (p = optarg; *p != '\0'; ++p)
*p = tolower(*p);
- info->l4proto = parse_protocol(optarg);
+ info->l4proto = xtables_parse_protocol(optarg);
if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO))
exit_error(PARAMETER_PROBLEM, "conntrack: rule would "
#include <linux/netfilter/xt_time.h>
#include <xtables.h>
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*x))
enum { /* getopt "seen" bits */
F_DATE_START = 1 << 0,
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_MH
+# define IPPROTO_MH 135
+#endif
#ifndef IPPROTO_UDPLITE
#define IPPROTO_UDPLITE 136
#endif
bool completed;
};
+/**
+ * struct xtables_pprot -
+ *
+ * A few hardcoded protocols for 'all' and in case the user has no
+ * /etc/protocols.
+ */
+struct xtables_pprot {
+ const char *name;
+ u_int8_t num;
+};
+
enum xtables_tryload {
XTF_DONT_LOAD,
XTF_DURING_LOAD,
# define _init __attribute__((constructor)) _INIT
#endif
-/* Present in both iptables.c and ip6tables.c */
-extern u_int16_t parse_protocol(const char *s);
+extern const struct xtables_pprot xtables_chain_protos[];
+extern u_int16_t xtables_parse_protocol(const char *s);
#ifdef XTABLES_INTERNAL
+# ifndef ARRAY_SIZE
+# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+# endif
# include <xtables/internal.h>
#endif
.so_rev_target = IP6T_SO_GET_REVISION_TARGET,
};
-/* Primitive headers... */
-/* defined in netinet/in.h */
-#if 0
-#ifndef IPPROTO_ESP
-#define IPPROTO_ESP 50
-#endif
-#ifndef IPPROTO_AH
-#define IPPROTO_AH 51
-#endif
-#endif
-#ifndef IPPROTO_MH
-#define IPPROTO_MH 135
-#endif
-
-static const struct pprot chain_protos[] = {
- { "tcp", IPPROTO_TCP },
- { "udp", IPPROTO_UDP },
- { "udplite", IPPROTO_UDPLITE },
- { "icmpv6", IPPROTO_ICMPV6 },
- { "ipv6-icmp", IPPROTO_ICMPV6 },
- { "esp", IPPROTO_ESP },
- { "ah", IPPROTO_AH },
- { "ipv6-mh", IPPROTO_MH },
- { "mh", IPPROTO_MH },
- { "all", 0 },
-};
-
-static char *
+static const char *
proto_to_name(u_int8_t proto, int nolookup)
{
unsigned int i;
return pent->p_name;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto)
- return chain_protos[i].name;
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto)
+ return xtables_chain_protos[i].name;
return NULL;
}
unsigned int proto;
if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
- char *protoname = proto_to_name(proto, nolookup);
+ const char *protoname = proto_to_name(proto, nolookup);
if (protoname)
return xtables_find_match(protoname, tryload, matches);
return NULL;
}
-u_int16_t
-parse_protocol(const char *s)
-{
- unsigned int proto;
-
- if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) {
- struct protoent *pent;
-
- /* first deal with the special case of 'all' to prevent
- * people from being able to redefine 'all' in nsswitch
- * and/or provoke expensive [not working] ldap/nis/...
- * lookups */
- if (!strcmp(s, "all"))
- return 0;
-
- if ((pent = getprotobyname(s)))
- proto = pent->p_proto;
- else {
- unsigned int i;
- for (i = 0;
- i < sizeof(chain_protos)/sizeof(struct pprot);
- i++) {
- if (strcmp(s, chain_protos[i].name) == 0) {
- proto = chain_protos[i].num;
- break;
- }
- }
- if (i == sizeof(chain_protos)/sizeof(struct pprot))
- exit_error(PARAMETER_PROBLEM,
- "unknown protocol `%s' specified",
- s);
- }
- }
-
- return (u_int16_t)proto;
-}
-
/* These are invalid numbers as upper layer protocol */
static int is_exthdr(u_int16_t proto)
{
fputc(fw->ipv6.invflags & IP6T_INV_PROTO ? '!' : ' ', stdout);
{
- char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
+ const char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
if (pname)
printf(FMT("%-5s", "%s "), pname);
else
return;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto) {
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto) {
printf("-p %s%s ",
- invertstr, chain_protos[i].name);
+ invertstr, xtables_chain_protos[i].name);
return;
}
*protocol = tolower(*protocol);
protocol = argv[optind-1];
- fw.ipv6.proto = parse_protocol(protocol);
+ fw.ipv6.proto = xtables_parse_protocol(protocol);
fw.ipv6.flags |= IP6T_F_PROTO;
if (fw.ipv6.proto == 0
int kernel_version;
-/* A few hardcoded protocols for 'all' and in case the user has no
- /etc/protocols */
-struct pprot {
- char *name;
- u_int8_t num;
-};
-
struct afinfo afinfo = {
.family = NFPROTO_IPV4,
.libprefix = "libipt_",
#endif
#endif
-static const struct pprot chain_protos[] = {
- { "tcp", IPPROTO_TCP },
- { "udp", IPPROTO_UDP },
- { "udplite", IPPROTO_UDPLITE },
- { "icmp", IPPROTO_ICMP },
- { "esp", IPPROTO_ESP },
- { "ah", IPPROTO_AH },
- { "sctp", IPPROTO_SCTP },
- { "all", 0 },
-};
-
-static char *
+static const char *
proto_to_name(u_int8_t proto, int nolookup)
{
unsigned int i;
return pent->p_name;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto)
- return chain_protos[i].name;
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto)
+ return xtables_chain_protos[i].name;
return NULL;
}
unsigned int proto;
if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
- char *protoname = proto_to_name(proto, nolookup);
+ const char *protoname = proto_to_name(proto, nolookup);
if (protoname)
return xtables_find_match(protoname, tryload, matches);
return NULL;
}
-u_int16_t
-parse_protocol(const char *s)
-{
- unsigned int proto;
-
- if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) {
- struct protoent *pent;
-
- /* first deal with the special case of 'all' to prevent
- * people from being able to redefine 'all' in nsswitch
- * and/or provoke expensive [not working] ldap/nis/...
- * lookups */
- if (!strcmp(s, "all"))
- return 0;
-
- if ((pent = getprotobyname(s)))
- proto = pent->p_proto;
- else {
- unsigned int i;
- for (i = 0;
- i < sizeof(chain_protos)/sizeof(struct pprot);
- i++) {
- if (strcmp(s, chain_protos[i].name) == 0) {
- proto = chain_protos[i].num;
- break;
- }
- }
- if (i == sizeof(chain_protos)/sizeof(struct pprot))
- exit_error(PARAMETER_PROBLEM,
- "unknown protocol `%s' specified",
- s);
- }
- }
-
- return (u_int16_t)proto;
-}
-
/* Can't be zero. */
static int
parse_rulenumber(const char *rule)
fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout);
{
- char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
+ const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
if (pname)
printf(FMT("%-5s", "%s "), pname);
else
return;
}
- for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++)
- if (chain_protos[i].num == proto) {
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto) {
printf("-p %s%s ",
- invertstr, chain_protos[i].name);
+ invertstr, xtables_chain_protos[i].name);
return;
}
*protocol = tolower(*protocol);
protocol = argv[optind-1];
- fw.ip.proto = parse_protocol(protocol);
+ fw.ip.proto = xtables_parse_protocol(protocol);
if (fw.ip.proto == 0
&& (fw.ip.invflags & IPT_INV_PROTO))
#include <arpa/inet.h>
#include <xtables.h>
+#include <ip6tables.h>
#include <libiptc/libxtc.h>
#ifndef NO_SHARED_LIBS
}
return false;
}
+
+const struct xtables_pprot xtables_chain_protos[] = {
+ {"tcp", IPPROTO_TCP},
+ {"sctp", IPPROTO_SCTP},
+ {"udp", IPPROTO_UDP},
+ {"udplite", IPPROTO_UDPLITE},
+ {"icmp", IPPROTO_ICMP},
+ {"icmpv6", IPPROTO_ICMPV6},
+ {"ipv6-icmp", IPPROTO_ICMPV6},
+ {"esp", IPPROTO_ESP},
+ {"ah", IPPROTO_AH},
+ {"ipv6-mh", IPPROTO_MH},
+ {"mh", IPPROTO_MH},
+ {"all", 0},
+ {NULL},
+};
+
+u_int16_t
+xtables_parse_protocol(const char *s)
+{
+ unsigned int proto;
+
+ if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) {
+ struct protoent *pent;
+
+ /* first deal with the special case of 'all' to prevent
+ * people from being able to redefine 'all' in nsswitch
+ * and/or provoke expensive [not working] ldap/nis/...
+ * lookups */
+ if (!strcmp(s, "all"))
+ return 0;
+
+ if ((pent = getprotobyname(s)))
+ proto = pent->p_proto;
+ else {
+ unsigned int i;
+ for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
+ if (strcmp(s, xtables_chain_protos[i].name) == 0) {
+ proto = xtables_chain_protos[i].num;
+ break;
+ }
+ }
+ if (i == ARRAY_SIZE(xtables_chain_protos))
+ exit_error(PARAMETER_PROBLEM,
+ "unknown protocol `%s' specified",
+ s);
+ }
+ }
+
+ return proto;
+}
projects / thirdparty / iptables.git / commitdiff
